search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
r19968: add some more notes about what's needed for becoming a ads dc
[Samba.git] / source / torture / rpc / testjoin.c
blob3f58b53e61504a6cf14d12505950b54610cb1fcd
1 /*
2 Unix SMB/CIFS implementation.
3
4 utility code to join/leave a domain
5
6 Copyright (C) Andrew Tridgell 2004
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
21 */
22
23 /*
24 this code is used by other torture modules to join/leave a domain
25 as either a member, bdc or thru a trust relationship
26 */
27
28 #include "includes.h"
29 #include "torture/torture.h"
30 #include "system/time.h"
31 #include "lib/crypto/crypto.h"
32 #include "libnet/libnet.h"
33 #include "lib/cmdline/popt_common.h"
34 #include "lib/ldb/include/ldb.h"
35 #include "librpc/gen_ndr/ndr_samr_c.h"
36
37 #include "libcli/auth/libcli_auth.h"
38 #include "torture/rpc/rpc.h"
39 #include "libcli/security/security.h"
40
41 struct test_join {
42 struct dcerpc_pipe *p;
43 struct policy_handle user_handle;
44 struct libnet_JoinDomain *libnet_r;
45 struct dom_sid *dom_sid;
46 struct dom_sid *user_sid;
47 };
48
49
50 static NTSTATUS DeleteUser_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
51 struct policy_handle *handle, const char *name)
52 {
53 NTSTATUS status;
54 struct samr_DeleteUser d;
55 struct policy_handle user_handle;
56 uint32_t rid;
57 struct samr_LookupNames n;
58 struct lsa_String sname;
59 struct samr_OpenUser r;
60
61 sname.string = name;
62
63 n.in.domain_handle = handle;
64 n.in.num_names = 1;
65 n.in.names = &sname;
66
67 status = dcerpc_samr_LookupNames(p, mem_ctx, &n);
68 if (NT_STATUS_IS_OK(status)) {
69 rid = n.out.rids.ids[0];
70 } else {
71 return status;
72 }
73
74 r.in.domain_handle = handle;
75 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
76 r.in.rid = rid;
77 r.out.user_handle = &user_handle;
78
79 status = dcerpc_samr_OpenUser(p, mem_ctx, &r);
80 if (!NT_STATUS_IS_OK(status)) {
81 printf("OpenUser(%s) failed - %s\n", name, nt_errstr(status));
82 return status;
83 }
84
85 d.in.user_handle = &user_handle;
86 d.out.user_handle = &user_handle;
87 status = dcerpc_samr_DeleteUser(p, mem_ctx, &d);
88 if (!NT_STATUS_IS_OK(status)) {
89 return status;
90 }
91
92 return NT_STATUS_OK;
93 }
94
95 /*
96 create a test user in the domain
97 an opaque pointer is returned. Pass it to torture_leave_domain()
98 when finished
99 */
100
101 struct test_join *torture_create_testuser(const char *username,
102 const char *domain,
103 uint16_t acct_type,
104 const char **random_password)
105 {
106 NTSTATUS status;
107 struct samr_Connect c;
108 struct samr_CreateUser2 r;
109 struct samr_OpenDomain o;
110 struct samr_LookupDomain l;
111 struct samr_GetUserPwInfo pwp;
112 struct samr_SetUserInfo s;
113 union samr_UserInfo u;
114 struct policy_handle handle;
115 struct policy_handle domain_handle;
116 uint32_t access_granted;
117 uint32_t rid;
118 DATA_BLOB session_key;
119 struct lsa_String name;
120
121 int policy_min_pw_len = 0;
122 struct test_join *join;
123 char *random_pw;
124
125 join = talloc(NULL, struct test_join);
126 if (join == NULL) {
127 return NULL;
128 }
129
130 ZERO_STRUCTP(join);
131
132 printf("Connecting to SAMR\n");
133
134 status = torture_rpc_connection(join,
135 &join->p,
136 &dcerpc_table_samr);
137 if (!NT_STATUS_IS_OK(status)) {
138 return NULL;
139 }
140
141 c.in.system_name = NULL;
142 c.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
143 c.out.connect_handle = &handle;
144
145 status = dcerpc_samr_Connect(join->p, join, &c);
146 if (!NT_STATUS_IS_OK(status)) {
147 const char *errstr = nt_errstr(status);
148 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
149 errstr = dcerpc_errstr(join, join->p->last_fault_code);
150 }
151 printf("samr_Connect failed - %s\n", errstr);
152 return NULL;
153 }
154
155 printf("Opening domain %s\n", domain);
156
157 name.string = domain;
158 l.in.connect_handle = &handle;
159 l.in.domain_name = &name;
160
161 status = dcerpc_samr_LookupDomain(join->p, join, &l);
162 if (!NT_STATUS_IS_OK(status)) {
163 printf("LookupDomain failed - %s\n", nt_errstr(status));
164 goto failed;
165 }
166
167 talloc_steal(join, l.out.sid);
168 join->dom_sid = l.out.sid;
169
170 o.in.connect_handle = &handle;
171 o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
172 o.in.sid = l.out.sid;
173 o.out.domain_handle = &domain_handle;
174
175 status = dcerpc_samr_OpenDomain(join->p, join, &o);
176 if (!NT_STATUS_IS_OK(status)) {
177 printf("OpenDomain failed - %s\n", nt_errstr(status));
178 goto failed;
179 }
180
181 printf("Creating account %s\n", username);
182
183 again:
184 name.string = username;
185 r.in.domain_handle = &domain_handle;
186 r.in.account_name = &name;
187 r.in.acct_flags = acct_type;
188 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
189 r.out.user_handle = &join->user_handle;
190 r.out.access_granted = &access_granted;
191 r.out.rid = &rid;
192
193 status = dcerpc_samr_CreateUser2(join->p, join, &r);
194
195 if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
196 status = DeleteUser_byname(join->p, join, &domain_handle, name.string);
197 if (NT_STATUS_IS_OK(status)) {
198 goto again;
199 }
200 }
201
202 if (!NT_STATUS_IS_OK(status)) {
203 printf("CreateUser2 failed - %s\n", nt_errstr(status));
204 goto failed;
205 }
206
207 join->user_sid = dom_sid_add_rid(join, join->dom_sid, rid);
208
209 pwp.in.user_handle = &join->user_handle;
210
211 status = dcerpc_samr_GetUserPwInfo(join->p, join, &pwp);
212 if (NT_STATUS_IS_OK(status)) {
213 policy_min_pw_len = pwp.out.info.min_password_length;
214 }
215
216 random_pw = generate_random_str(join, MAX(8, policy_min_pw_len));
217
218 printf("Setting account password '%s'\n", random_pw);
219
220 s.in.user_handle = &join->user_handle;
221 s.in.info = &u;
222 s.in.level = 24;
223
224 encode_pw_buffer(u.info24.password.data, random_pw, STR_UNICODE);
225 u.info24.pw_len = strlen(random_pw);
226
227 status = dcerpc_fetch_session_key(join->p, &session_key);
228 if (!NT_STATUS_IS_OK(status)) {
229 printf("SetUserInfo level %u - no session key - %s\n",
230 s.in.level, nt_errstr(status));
231 torture_leave_domain(join);
232 goto failed;
233 }
234
235 arcfour_crypt_blob(u.info24.password.data, 516, &session_key);
236
237 status = dcerpc_samr_SetUserInfo(join->p, join, &s);
238 if (!NT_STATUS_IS_OK(status)) {
239 printf("SetUserInfo failed - %s\n", nt_errstr(status));
240 goto failed;
241 }
242
243 ZERO_STRUCT(u);
244 s.in.user_handle = &join->user_handle;
245 s.in.info = &u;
246 s.in.level = 21;
247
248 u.info21.acct_flags = acct_type;
249 u.info21.fields_present = SAMR_FIELD_ACCT_FLAGS | SAMR_FIELD_DESCRIPTION | SAMR_FIELD_COMMENT | SAMR_FIELD_FULL_NAME;
250
251 u.info21.comment.string = talloc_asprintf(join,
252 "Tortured by Samba4: %s",
253 timestring(join, time(NULL)));
254
255 u.info21.full_name.string = talloc_asprintf(join,
256 "Torture account for Samba4: %s",
257 timestring(join, time(NULL)));
258
259 u.info21.description.string = talloc_asprintf(join,
260 "Samba4 torture account created by host %s: %s",
261 lp_netbios_name(), timestring(join, time(NULL)));
262
263 printf("Resetting ACB flags, force pw change time\n");
264
265 status = dcerpc_samr_SetUserInfo(join->p, join, &s);
266 if (!NT_STATUS_IS_OK(status)) {
267 printf("SetUserInfo failed - %s\n", nt_errstr(status));
268 goto failed;
269 }
270
271 if (random_password) {
272 *random_password = random_pw;
273 }
274
275 return join;
276
277 failed:
278 torture_leave_domain(join);
279 return NULL;
280 }
281
282
283 _PUBLIC_ struct test_join *torture_join_domain(const char *machine_name,
284 uint32_t acct_flags,
285 struct cli_credentials **machine_credentials)
286 {
287 NTSTATUS status;
288 struct libnet_context *libnet_ctx;
289 struct libnet_JoinDomain *libnet_r;
290 struct test_join *tj;
291 struct samr_SetUserInfo s;
292 union samr_UserInfo u;
293
294 tj = talloc(NULL, struct test_join);
295 if (!tj) return NULL;
296
297 libnet_r = talloc(tj, struct libnet_JoinDomain);
298 if (!libnet_r) {
299 talloc_free(tj);
300 return NULL;
301 }
302
303 libnet_ctx = libnet_context_init(NULL);
304 if (!libnet_ctx) {
305 talloc_free(tj);
306 return NULL;
307 }
308
309 tj->libnet_r = libnet_r;
310
311 libnet_ctx->cred = cmdline_credentials;
312 libnet_r->in.binding = lp_parm_string(-1, "torture", "binding");
313 if (!libnet_r->in.binding) {
314 libnet_r->in.binding = talloc_asprintf(libnet_r, "ncacn_np:%s", lp_parm_string(-1, "torture", "host"));
315 }
316 libnet_r->in.level = LIBNET_JOINDOMAIN_SPECIFIED;
317 libnet_r->in.netbios_name = machine_name;
318 libnet_r->in.account_name = talloc_asprintf(libnet_r, "%s$", machine_name);
319 if (!libnet_r->in.account_name) {
320 talloc_free(tj);
321 return NULL;
322 }
323
324 libnet_r->in.acct_type = acct_flags;
325 libnet_r->in.recreate_account = True;
326
327 status = libnet_JoinDomain(libnet_ctx, libnet_r, libnet_r);
328 if (!NT_STATUS_IS_OK(status)) {
329 if (libnet_r->out.error_string) {
330 DEBUG(0, ("Domain join failed - %s\n", libnet_r->out.error_string));
331 } else {
332 DEBUG(0, ("Domain join failed - %s\n", nt_errstr(status)));
333 }
334 talloc_free(tj);
335 return NULL;
336 }
337 tj->p = libnet_r->out.samr_pipe;
338 tj->user_handle = *libnet_r->out.user_handle;
339 tj->dom_sid = libnet_r->out.domain_sid;
340 talloc_steal(tj, libnet_r->out.domain_sid);
341
342 ZERO_STRUCT(u);
343 s.in.user_handle = &tj->user_handle;
344 s.in.info = &u;
345 s.in.level = 21;
346
347 u.info21.fields_present = SAMR_FIELD_DESCRIPTION | SAMR_FIELD_COMMENT | SAMR_FIELD_FULL_NAME;
348 u.info21.comment.string = talloc_asprintf(tj,
349 "Tortured by Samba4: %s",
350 timestring(tj, time(NULL)));
351 u.info21.full_name.string = talloc_asprintf(tj,
352 "Torture account for Samba4: %s",
353 timestring(tj, time(NULL)));
354
355 u.info21.description.string = talloc_asprintf(tj,
356 "Samba4 torture account created by host %s: %s",
357 lp_netbios_name(), timestring(tj, time(NULL)));
358
359 status = dcerpc_samr_SetUserInfo(tj->p, tj, &s);
360 if (!NT_STATUS_IS_OK(status)) {
361 printf("SetUserInfo (non-critical) failed - %s\n", nt_errstr(status));
362 }
363
364 *machine_credentials = cli_credentials_init(tj);
365 cli_credentials_set_conf(*machine_credentials);
366 cli_credentials_set_workstation(*machine_credentials, machine_name, CRED_SPECIFIED);
367 cli_credentials_set_domain(*machine_credentials, libnet_r->out.domain_name, CRED_SPECIFIED);
368 if (libnet_r->out.realm) {
369 cli_credentials_set_realm(*machine_credentials, libnet_r->out.realm, CRED_SPECIFIED);
370 }
371 cli_credentials_set_username(*machine_credentials, libnet_r->in.account_name, CRED_SPECIFIED);
372 cli_credentials_set_password(*machine_credentials, libnet_r->out.join_password, CRED_SPECIFIED);
373 if (acct_flags & ACB_SVRTRUST) {
374 cli_credentials_set_secure_channel_type(*machine_credentials,
375 SEC_CHAN_BDC);
376 } else if (acct_flags & ACB_WSTRUST) {
377 cli_credentials_set_secure_channel_type(*machine_credentials,
378 SEC_CHAN_WKSTA);
379 } else {
380 DEBUG(0, ("Invalid account type specificed to torture_join_domain\n"));
381 talloc_free(*machine_credentials);
382 return NULL;
383 }
384
385 return tj;
386 }
387
388 struct dcerpc_pipe *torture_join_samr_pipe(struct test_join *join)
389 {
390 return join->p;
391 }
392
393 struct policy_handle *torture_join_samr_user_policy(struct test_join *join)
394 {
395 return &join->user_handle;
396 }
397
398 NTSTATUS torture_leave_ads_domain(TALLOC_CTX *mem_ctx, struct libnet_JoinDomain *libnet_r)
399 {
400 int rtn;
401 TALLOC_CTX *tmp_ctx;
402
403 struct ldb_dn *server_dn;
404 struct ldb_context *ldb_ctx;
405
406 char *remote_ldb_url;
407
408 /* Check if we are a domain controller. If not, exit. */
409 if (!libnet_r->out.server_dn_str) {
410 return NT_STATUS_OK;
411 }
412
413 tmp_ctx = talloc_named(mem_ctx, 0, "torture_leave temporary context");
414 if (!tmp_ctx) {
415 libnet_r->out.error_string = NULL;
416 return NT_STATUS_NO_MEMORY;
417 }
418
419 ldb_ctx = ldb_init(tmp_ctx);
420 if (!ldb_ctx) {
421 libnet_r->out.error_string = NULL;
422 talloc_free(tmp_ctx);
423 return NT_STATUS_NO_MEMORY;
424 }
425
426 /* Remove CN=Servers,... entry from the AD. */
427 server_dn = ldb_dn_new(tmp_ctx, ldb_ctx, libnet_r->out.server_dn_str);
428 if (! ldb_dn_validate(server_dn)) {
429 libnet_r->out.error_string = NULL;
430 talloc_free(tmp_ctx);
431 return NT_STATUS_NO_MEMORY;
432 }
433
434 remote_ldb_url = talloc_asprintf(tmp_ctx, "ldap://%s", libnet_r->out.samr_binding->host);
435 if (!remote_ldb_url) {
436 libnet_r->out.error_string = NULL;
437 talloc_free(tmp_ctx);
438 return NT_STATUS_NO_MEMORY;
439 }
440
441 ldb_set_opaque(ldb_ctx, "credentials", cmdline_credentials);
442
443 rtn = ldb_connect(ldb_ctx, remote_ldb_url, 0, NULL);
444 if (rtn != 0) {
445 libnet_r->out.error_string = NULL;
446 talloc_free(tmp_ctx);
447 return NT_STATUS_UNSUCCESSFUL;
448 }
449
450 rtn = ldb_delete(ldb_ctx, server_dn);
451 if (rtn != 0) {
452 libnet_r->out.error_string = NULL;
453 talloc_free(tmp_ctx);
454 return NT_STATUS_UNSUCCESSFUL;
455 }
456
457 DEBUG(0, ("%s removed successfully.\n", libnet_r->out.server_dn_str));
458
459 talloc_free(tmp_ctx);
460 return NT_STATUS_OK;
461 }
462
463 /*
464 leave the domain, deleting the machine acct
465 */
466
467 _PUBLIC_ void torture_leave_domain(struct test_join *join)
468 {
469 struct samr_DeleteUser d;
470 NTSTATUS status;
471
472 if (!join) {
473 return;
474 }
475 d.in.user_handle = &join->user_handle;
476 d.out.user_handle = &join->user_handle;
477
478 /* Delete machine account */
479 status = dcerpc_samr_DeleteUser(join->p, join, &d);
480 if (!NT_STATUS_IS_OK(status)) {
481 printf("Delete of machine account failed\n");
482 } else {
483 printf("Delete of machine account was successful.\n");
484 }
485
486 if (join->libnet_r) {
487 status = torture_leave_ads_domain(join, join->libnet_r);
488 }
489
490 talloc_free(join);
491 }
492
493 /*
494 return the dom sid for a test join
495 */
496 _PUBLIC_ const struct dom_sid *torture_join_sid(struct test_join *join)
497 {
498 return join->dom_sid;
499 }
500
501 const struct dom_sid *torture_join_user_sid(struct test_join *join)
502 {
503 return join->user_sid;
504 }
505
506
507 struct test_join_ads_dc {
508 struct test_join *join;
509 };
510
511 struct test_join_ads_dc *torture_join_domain_ads_dc(const char *machine_name,
512 const char *domain,
513 struct cli_credentials **machine_credentials)
514 {
515 struct test_join_ads_dc *join;
516
517 join = talloc(NULL, struct test_join_ads_dc);
518 if (join == NULL) {
519 return NULL;
520 }
521
522 join->join = torture_join_domain(machine_name,
523 ACB_SVRTRUST,
524 machine_credentials);
525
526 if (!join->join) {
527 return NULL;
528 }
529
530 /* W2K: modify userAccountControl from 4096 to 532480 */
531
532 /* W2K: modify RDN to OU=Domain Controllers and skip the $ from server name */
533
534 /* ask objectVersion of Schema Partition */
535
536 /* ask rIDManagerReferenz of the Domain Partition */
537
538 /* ask fsMORoleOwner of the RID-Manager$ object
539 * returns CN=NTDS Settings,CN=<DC>,CN=Servers,CN=Default-First-Site-Name, ...
540 */
541
542 /* ask for dnsHostName of CN=<DC>,CN=Servers,CN=Default-First-Site-Name, ... */
543
544 /* ask for objectGUID of CN=NTDS Settings,CN=<DC>,CN=Servers,CN=Default-First-Site-Name, ... */
545
546 /* ask for * of CN=Default-First-Site-Name, ... */
547
548 /* search (&(|(objectClass=user)(objectClass=computer))(sAMAccountName=<machine_name>$)) in Domain Partition
549 * attributes : distinguishedName, userAccountControl
550 */
551
552 /* ask * for CN=<machine_name>,CN=Servers,CN=Default-First-Site-Name,...
553 * should fail with noSuchObject
554 */
555
556 /* add CN=<machine_name>,CN=Servers,CN=Default-First-Site-Name,...
557 *
558 * objectClass = server
559 * systemFlags = 50000000
560 * serverReferenz = CN=<machine_name>,OU=Domain Controllers,...
561 */
562
563 /* ask for * of CN=NTDS Settings,CN=<machine_name>,CN=Servers,CN=Default-First-Site-Name, ...
564 * should fail with noSuchObject
565 */
566
567 /* search for (ncname=<domain_nc>) in CN=Partitions,CN=Configuration,...
568 * attributes: ncName, dnsRoot
569 */
570
571 /* modify add CN=<machine_name>,CN=Servers,CN=Default-First-Site-Name,...
572 * serverReferenz = CN=<machine_name>,OU=Domain Controllers,...
573 * should fail with attributeOrValueExists
574 */
575
576 /* modify replace CN=<machine_name>,CN=Servers,CN=Default-First-Site-Name,...
577 * serverReferenz = CN=<machine_name>,OU=Domain Controllers,...
578 */
579
580 /* DsAddEntry to create the CN=NTDS Settings,CN=<machine_name>,CN=Servers,CN=Default-First-Site-Name, ...
581 *
582 */
583
584 /* replicate CN=Schema,CN=Configuration,...
585 * using DRSUAPI_DS_BIND_GUID_W2K3 ("6afab99c-6e26-464a-975f-f58f105218bc")
586 *
587 */
588
589 /* replicate CN=Configuration,...
590 * using DRSUAPI_DS_BIND_GUID_W2K3 ("6afab99c-6e26-464a-975f-f58f105218bc")
591 *
592 */
593
594 /* W2K3: modify userAccountControl from 4096 to 532480 */
595
596 /* W2K3: modify RDN to OU=Domain Controllers and skip the $ from server name */
597
598 /* replicate Domain Partition
599 * using DRSUAPI_DS_BIND_GUID_W2K3 ("6afab99c-6e26-464a-975f-f58f105218bc")
600 *
601 */
602
603 /* call DsReplicaUpdateRefs() for all partitions like this:
604 * req1: struct drsuapi_DsReplicaUpdateRefsRequest1
605 * naming_context : *
606 * naming_context: struct drsuapi_DsReplicaObjectIdentifier
607 * __ndr_size : 0x000000ae (174)
608 * __ndr_size_sid : 0x00000000 (0)
609 * guid : 00000000-0000-0000-0000-000000000000
610 * sid : S-0-0
611 * dn : 'CN=Schema,CN=Configuration,DC=w2k3,DC=vmnet1,DC=vm,DC=base'
612 * dest_dsa_dns_name : *
613 * dest_dsa_dns_name : '4a0df188-a0b8-47ea-bbe5-e614723f16dd._msdcs.w2k3.vmnet1.vm.base'
614 * dest_dsa_guid : 4a0df188-a0b8-47ea-bbe5-e614723f16dd
615 * options : 0x0000001c (28)
616 * 0: DRSUAPI_DS_REPLICA_UPDATE_ASYNCHRONOUS_OPERATION
617 * 0: DRSUAPI_DS_REPLICA_UPDATE_WRITEABLE
618 * 1: DRSUAPI_DS_REPLICA_UPDATE_ADD_REFERENCE
619 * 1: DRSUAPI_DS_REPLICA_UPDATE_DELETE_REFERENCE
620 * 1: DRSUAPI_DS_REPLICA_UPDATE_0x00000010
621 *
622 * 4a0df188-a0b8-47ea-bbe5-e614723f16dd is the objectGUID the DsAddEntry() returned for the
623 * CN=NTDS Settings,CN=<machine_name>,CN=Servers,CN=Default-First-Site-Name, ...
624 */
625
626 return join;
627 }
628
629 void torture_leave_domain_ads_dc(struct test_join_ads_dc *join)
630 {
631
632 if (join->join) {
633 torture_leave_domain(join->join);
634 }
635
636 talloc_free(join);
637 }
Samba GIT mirror