search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s4/test: Fix incorrect NTSTATUS comparison
[Samba.git] / source4 / torture / libnet / utils.c
blobdfc5923f2aa90b7b9a08db9f32df93640f10c290
1 /*
2 Unix SMB/CIFS implementation.
3 Test suite for libnet calls.
4
5 Copyright (C) Rafal Szczesniak 2007
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 /*
22 * These are more general use functions shared among the tests.
23 */
24
25 #include "includes.h"
26 #include "lib/cmdline/popt_common.h"
27 #include "torture/rpc/torture_rpc.h"
28 #include "libnet/libnet.h"
29 #include "librpc/gen_ndr/ndr_samr_c.h"
30 #include "torture/libnet/proto.h"
31 #include "lib/ldb_wrap.h"
32
33 /**
34 * Opens handle on Domain using SAMR
35 *
36 * @param _domain_handle [out] Ptr to storage to store Domain handle
37 * @param _dom_sid [out] If NULL, Domain SID won't be returned
38 * @return
39 */
40 bool test_domain_open(struct torture_context *tctx,
41 struct dcerpc_binding_handle *b,
42 struct lsa_String *domname,
43 TALLOC_CTX *mem_ctx,
44 struct policy_handle *_domain_handle,
45 struct dom_sid2 *_dom_sid)
46 {
47 struct policy_handle connect_handle;
48 struct policy_handle domain_handle;
49 struct samr_Connect r1;
50 struct samr_LookupDomain r2;
51 struct dom_sid2 *sid = NULL;
52 struct samr_OpenDomain r3;
53
54 torture_comment(tctx, "connecting\n");
55
56 r1.in.system_name = 0;
57 r1.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
58 r1.out.connect_handle = &connect_handle;
59
60 torture_assert_ntstatus_ok(tctx,
61 dcerpc_samr_Connect_r(b, mem_ctx, &r1),
62 "Connect failed");
63 torture_assert_ntstatus_ok(tctx, r1.out.result,
64 "Connect failed");
65
66 r2.in.connect_handle = &connect_handle;
67 r2.in.domain_name = domname;
68 r2.out.sid = &sid;
69
70 torture_comment(tctx, "domain lookup on %s\n", domname->string);
71
72 torture_assert_ntstatus_ok(tctx,
73 dcerpc_samr_LookupDomain_r(b, mem_ctx, &r2),
74 "LookupDomain failed");
75 torture_assert_ntstatus_ok(tctx, r2.out.result,
76 "LookupDomain failed");
77
78 r3.in.connect_handle = &connect_handle;
79 r3.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
80 r3.in.sid = *r2.out.sid;
81 r3.out.domain_handle = &domain_handle;
82
83 torture_comment(tctx, "opening domain %s\n", domname->string);
84
85 torture_assert_ntstatus_ok(tctx,
86 dcerpc_samr_OpenDomain_r(b, mem_ctx, &r3),
87 "OpenDomain failed");
88 torture_assert_ntstatus_ok(tctx, r3.out.result,
89 "OpenDomain failed");
90
91 *_domain_handle = domain_handle;
92
93 if (_dom_sid) {
94 *_dom_sid = **r2.out.sid;
95 }
96
97 /* Close connect_handle, we don't need it anymore */
98 test_samr_close_handle(tctx, b, mem_ctx, &connect_handle);
99
100 return true;
101 }
102
103
104 /**
105 * Find out user's samAccountName for given
106 * user RDN. We need samAccountName value
107 * when deleting users.
108 */
109 static bool _get_account_name_for_user_rdn(struct torture_context *tctx,
110 struct dcerpc_binding_handle *b,
111 const char *user_rdn,
112 TALLOC_CTX *mem_ctx,
113 const char **_account_name)
114 {
115 const char *url;
116 struct ldb_context *ldb;
117 TALLOC_CTX *tmp_ctx;
118 bool test_res = true;
119 struct dcerpc_pipe *p = talloc_get_type_abort(b->private_data, struct dcerpc_pipe);
120 int ldb_ret;
121 struct ldb_result *ldb_res;
122 const char *account_name = NULL;
123 static const char *attrs[] = {
124 "samAccountName",
125 NULL
126 };
127
128 tmp_ctx = talloc_new(tctx);
129 torture_assert(tctx, tmp_ctx != NULL, "Failed to create temporary mem context");
130
131 url = talloc_asprintf(tmp_ctx, "ldap://%s/", p->binding->target_hostname);
132 torture_assert_goto(tctx, url != NULL, test_res, done, "Failed to allocate URL for ldb");
133
134 ldb = ldb_wrap_connect(tmp_ctx,
135 tctx->ev, tctx->lp_ctx,
136 url, NULL, cmdline_credentials, 0);
137 torture_assert_goto(tctx, ldb != NULL, test_res, done, "Failed to make LDB connection");
138
139 ldb_ret = ldb_search(ldb, tmp_ctx, &ldb_res,
140 ldb_get_default_basedn(ldb), LDB_SCOPE_SUBTREE,
141 attrs,
142 "(&(objectClass=user)(name=%s))", user_rdn);
143 if (LDB_SUCCESS == ldb_ret && 1 == ldb_res->count) {
144 account_name = ldb_msg_find_attr_as_string(ldb_res->msgs[0], "samAccountName", NULL);
145 }
146
147 /* return user_rdn by default */
148 if (!account_name) {
149 account_name = user_rdn;
150 }
151
152 /* duplicate memory in parent context */
153 *_account_name = talloc_strdup(mem_ctx, account_name);
154
155 done:
156 talloc_free(tmp_ctx);
157 return test_res;
158 }
159
160 /**
161 * Removes user by RDN through SAMR interface.
162 *
163 * @param domain_handle [in] Domain handle
164 * @param name
165 * @return
166 */
167 bool test_user_cleanup(struct torture_context *tctx,
168 struct dcerpc_binding_handle *b,
169 TALLOC_CTX *mem_ctx, struct policy_handle *domain_handle,
170 const char *user_rdn)
171 {
172 struct samr_LookupNames r1;
173 struct samr_OpenUser r2;
174 struct samr_DeleteUser r3;
175 struct lsa_String names[2];
176 uint32_t rid;
177 struct policy_handle user_handle;
178 struct samr_Ids rids, types;
179 const char *account_name;
180
181 if (!_get_account_name_for_user_rdn(tctx, b, user_rdn, mem_ctx, &account_name)) {
182 torture_result(tctx, TORTURE_FAIL,
183 __location__": Failed to find samAccountName for %s", user_rdn);
184 return false;
185 }
186
187 names[0].string = account_name;
188
189 r1.in.domain_handle = domain_handle;
190 r1.in.num_names = 1;
191 r1.in.names = names;
192 r1.out.rids = &rids;
193 r1.out.types = &types;
194
195 torture_comment(tctx, "user account lookup '%s'\n", account_name);
196
197 torture_assert_ntstatus_ok(tctx,
198 dcerpc_samr_LookupNames_r(b, mem_ctx, &r1),
199 "LookupNames failed");
200 torture_assert_ntstatus_ok(tctx, r1.out.result,
201 "LookupNames failed");
202
203 rid = r1.out.rids->ids[0];
204
205 r2.in.domain_handle = domain_handle;
206 r2.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
207 r2.in.rid = rid;
208 r2.out.user_handle = &user_handle;
209
210 torture_comment(tctx, "opening user account\n");
211
212 torture_assert_ntstatus_ok(tctx,
213 dcerpc_samr_OpenUser_r(b, mem_ctx, &r2),
214 "OpenUser failed");
215 torture_assert_ntstatus_ok(tctx, r2.out.result,
216 "OpenUser failed");
217
218 r3.in.user_handle = &user_handle;
219 r3.out.user_handle = &user_handle;
220
221 torture_comment(tctx, "deleting user account\n");
222
223 torture_assert_ntstatus_ok(tctx,
224 dcerpc_samr_DeleteUser_r(b, mem_ctx, &r3),
225 "DeleteUser failed");
226 torture_assert_ntstatus_ok(tctx, r3.out.result,
227 "DeleteUser failed");
228
229 return true;
230 }
231
232
233 /**
234 * Creates new user using SAMR
235 *
236 * @param name [in] Username for user to create
237 * @param rid [out] If NULL, User's RID is not returned
238 */
239 bool test_user_create(struct torture_context *tctx,
240 struct dcerpc_binding_handle *b,
241 TALLOC_CTX *mem_ctx,
242 struct policy_handle *domain_handle,
243 const char *name,
244 uint32_t *rid)
245 {
246 struct policy_handle user_handle;
247 struct lsa_String username;
248 struct samr_CreateUser r;
249 uint32_t user_rid;
250
251 username.string = name;
252
253 r.in.domain_handle = domain_handle;
254 r.in.account_name = &username;
255 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
256 r.out.user_handle = &user_handle;
257 r.out.rid = &user_rid;
258
259 torture_comment(tctx, "creating user '%s'\n", username.string);
260
261 torture_assert_ntstatus_ok(tctx,
262 dcerpc_samr_CreateUser_r(b, mem_ctx, &r),
263 "CreateUser RPC call failed");
264 if (!NT_STATUS_IS_OK(r.out.result)) {
265 torture_comment(tctx, "CreateUser failed - %s\n", nt_errstr(r.out.result));
266
267 if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_USER_EXISTS)) {
268 torture_comment(tctx,
269 "User (%s) already exists - "
270 "attempting to delete and recreate account again\n",
271 username.string);
272 if (!test_user_cleanup(tctx, b, mem_ctx, domain_handle, username.string)) {
273 return false;
274 }
275
276 torture_comment(tctx, "creating user account\n");
277
278 torture_assert_ntstatus_ok(tctx,
279 dcerpc_samr_CreateUser_r(b, mem_ctx, &r),
280 "CreateUser RPC call failed");
281 torture_assert_ntstatus_ok(tctx, r.out.result,
282 "CreateUser failed");
283
284 return true;
285 }
286 return false;
287 }
288
289 torture_comment(tctx, "closing user '%s'\n", username.string);
290
291 if (!test_samr_close_handle(tctx, b, mem_ctx, &user_handle)) {
292 return false;
293 }
294
295 /* return user RID only if requested */
296 if (rid) {
297 *rid = user_rid;
298 }
299
300 return true;
301 }
302
303
304 bool test_group_cleanup(struct torture_context *tctx,
305 struct dcerpc_binding_handle *b, TALLOC_CTX *mem_ctx,
306 struct policy_handle *domain_handle,
307 const char *name)
308 {
309 struct samr_LookupNames r1;
310 struct samr_OpenGroup r2;
311 struct samr_DeleteDomainGroup r3;
312 struct lsa_String names[2];
313 uint32_t rid;
314 struct policy_handle group_handle;
315 struct samr_Ids rids, types;
316
317 names[0].string = name;
318
319 r1.in.domain_handle = domain_handle;
320 r1.in.num_names = 1;
321 r1.in.names = names;
322 r1.out.rids = &rids;
323 r1.out.types = &types;
324
325 torture_comment(tctx, "group account lookup '%s'\n", name);
326
327 torture_assert_ntstatus_ok(tctx,
328 dcerpc_samr_LookupNames_r(b, mem_ctx, &r1),
329 "LookupNames failed");
330 torture_assert_ntstatus_ok(tctx, r1.out.result,
331 "LookupNames failed");
332
333 rid = r1.out.rids->ids[0];
334
335 r2.in.domain_handle = domain_handle;
336 r2.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
337 r2.in.rid = rid;
338 r2.out.group_handle = &group_handle;
339
340 torture_comment(tctx, "opening group account\n");
341
342 torture_assert_ntstatus_ok(tctx,
343 dcerpc_samr_OpenGroup_r(b, mem_ctx, &r2),
344 "OpenGroup failed");
345 torture_assert_ntstatus_ok(tctx, r2.out.result,
346 "OpenGroup failed");
347
348 r3.in.group_handle = &group_handle;
349 r3.out.group_handle = &group_handle;
350
351 torture_comment(tctx, "deleting group account\n");
352
353 torture_assert_ntstatus_ok(tctx,
354 dcerpc_samr_DeleteDomainGroup_r(b, mem_ctx, &r3),
355 "DeleteGroup failed");
356 torture_assert_ntstatus_ok(tctx, r3.out.result,
357 "DeleteGroup failed");
358
359 return true;
360 }
361
362
363 bool test_group_create(struct torture_context *tctx,
364 struct dcerpc_binding_handle *b, TALLOC_CTX *mem_ctx,
365 struct policy_handle *handle, const char *name,
366 uint32_t *rid)
367 {
368 struct lsa_String groupname;
369 struct samr_CreateDomainGroup r;
370 struct policy_handle group_handle;
371
372 groupname.string = name;
373
374 r.in.domain_handle = handle;
375 r.in.name = &groupname;
376 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
377 r.out.group_handle = &group_handle;
378 r.out.rid = rid;
379
380 torture_comment(tctx, "creating group account %s\n", name);
381
382 torture_assert_ntstatus_ok(tctx,
383 dcerpc_samr_CreateDomainGroup_r(b, mem_ctx, &r),
384 "CreateGroup failed");
385 if (!NT_STATUS_IS_OK(r.out.result)) {
386 torture_comment(tctx, "CreateGroup failed - %s\n", nt_errstr(r.out.result));
387
388 if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_GROUP_EXISTS)) {
389 torture_comment(tctx, "Group (%s) already exists - attempting to delete and recreate group again\n", name);
390 if (!test_group_cleanup(tctx, b, mem_ctx, handle, name)) {
391 return false;
392 }
393
394 torture_comment(tctx, "creating group account\n");
395
396 torture_assert_ntstatus_ok(tctx,
397 dcerpc_samr_CreateDomainGroup_r(b, mem_ctx, &r),
398 "CreateGroup failed");
399 torture_assert_ntstatus_ok(tctx, r.out.result,
400 "CreateGroup failed");
401
402 return true;
403 }
404 return false;
405 }
406
407 return true;
408 }
409
410 /**
411 * Closes SAMR handle obtained from Connect, Open User/Domain, etc
412 */
413 bool test_samr_close_handle(struct torture_context *tctx,
414 struct dcerpc_binding_handle *b,
415 TALLOC_CTX *mem_ctx,
416 struct policy_handle *samr_handle)
417 {
418 struct samr_Close r;
419
420 r.in.handle = samr_handle;
421 r.out.handle = samr_handle;
422
423 torture_assert_ntstatus_ok(tctx,
424 dcerpc_samr_Close_r(b, mem_ctx, &r),
425 "Close SAMR handle RPC call failed");
426 torture_assert_ntstatus_ok(tctx, r.out.result,
427 "Close SAMR handle failed");
428
429 return true;
430 }
431
432
433 void msg_handler(struct monitor_msg *m)
434 {
435 struct msg_rpc_open_user *msg_open;
436 struct msg_rpc_query_user *msg_query;
437 struct msg_rpc_close_user *msg_close;
438 struct msg_rpc_create_user *msg_create;
439
440 switch (m->type) {
441 case mon_SamrOpenUser:
442 msg_open = (struct msg_rpc_open_user*)m->data;
443 printf("monitor_msg: user opened (rid=%d, access_mask=0x%08x)\n",
444 msg_open->rid, msg_open->access_mask);
445 break;
446 case mon_SamrQueryUser:
447 msg_query = (struct msg_rpc_query_user*)m->data;
448 printf("monitor_msg: user queried (level=%d)\n", msg_query->level);
449 break;
450 case mon_SamrCloseUser:
451 msg_close = (struct msg_rpc_close_user*)m->data;
452 printf("monitor_msg: user closed (rid=%d)\n", msg_close->rid);
453 break;
454 case mon_SamrCreateUser:
455 msg_create = (struct msg_rpc_create_user*)m->data;
456 printf("monitor_msg: user created (rid=%d)\n", msg_create->rid);
457 break;
458 }
459 }
Samba GIT mirror