search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s4/test-libnet: Refactor test_user_create() little bit to:
[Samba.git] / source4 / torture / libnet / utils.c
blobb4b2374acf035d0b4f9261408a126db24216b8ab
1 /*
2 Unix SMB/CIFS implementation.
3 Test suite for libnet calls.
4
5 Copyright (C) Rafal Szczesniak 2007
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 /*
22 * These are more general use functions shared among the tests.
23 */
24
25 #include "includes.h"
26 #include "lib/cmdline/popt_common.h"
27 #include "torture/rpc/torture_rpc.h"
28 #include "libnet/libnet.h"
29 #include "librpc/gen_ndr/ndr_samr_c.h"
30 #include "librpc/gen_ndr/ndr_lsa_c.h"
31 #include "torture/libnet/proto.h"
32 #include "lib/ldb_wrap.h"
33
34 /**
35 * Opens handle on Domain using SAMR
36 *
37 * @param _domain_handle [out] Ptr to storage to store Domain handle
38 * @param _dom_sid [out] If NULL, Domain SID won't be returned
39 */
40 bool test_domain_open(struct torture_context *tctx,
41 struct dcerpc_binding_handle *b,
42 struct lsa_String *domname,
43 TALLOC_CTX *mem_ctx,
44 struct policy_handle *_domain_handle,
45 struct dom_sid2 *_dom_sid)
46 {
47 struct policy_handle connect_handle;
48 struct policy_handle domain_handle;
49 struct samr_Connect r1;
50 struct samr_LookupDomain r2;
51 struct dom_sid2 *sid = NULL;
52 struct samr_OpenDomain r3;
53
54 torture_comment(tctx, "connecting\n");
55
56 r1.in.system_name = 0;
57 r1.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
58 r1.out.connect_handle = &connect_handle;
59
60 torture_assert_ntstatus_ok(tctx,
61 dcerpc_samr_Connect_r(b, mem_ctx, &r1),
62 "Connect failed");
63 torture_assert_ntstatus_ok(tctx, r1.out.result,
64 "Connect failed");
65
66 r2.in.connect_handle = &connect_handle;
67 r2.in.domain_name = domname;
68 r2.out.sid = &sid;
69
70 torture_comment(tctx, "domain lookup on %s\n", domname->string);
71
72 torture_assert_ntstatus_ok(tctx,
73 dcerpc_samr_LookupDomain_r(b, mem_ctx, &r2),
74 "LookupDomain failed");
75 torture_assert_ntstatus_ok(tctx, r2.out.result,
76 "LookupDomain failed");
77
78 r3.in.connect_handle = &connect_handle;
79 r3.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
80 r3.in.sid = *r2.out.sid;
81 r3.out.domain_handle = &domain_handle;
82
83 torture_comment(tctx, "opening domain %s\n", domname->string);
84
85 torture_assert_ntstatus_ok(tctx,
86 dcerpc_samr_OpenDomain_r(b, mem_ctx, &r3),
87 "OpenDomain failed");
88 torture_assert_ntstatus_ok(tctx, r3.out.result,
89 "OpenDomain failed");
90
91 *_domain_handle = domain_handle;
92
93 if (_dom_sid) {
94 *_dom_sid = **r2.out.sid;
95 }
96
97 /* Close connect_handle, we don't need it anymore */
98 test_samr_close_handle(tctx, b, mem_ctx, &connect_handle);
99
100 return true;
101 }
102
103
104 /**
105 * Find out user's samAccountName for given
106 * user RDN. We need samAccountName value
107 * when deleting users.
108 */
109 static bool _get_account_name_for_user_rdn(struct torture_context *tctx,
110 struct dcerpc_binding_handle *b,
111 const char *user_rdn,
112 TALLOC_CTX *mem_ctx,
113 const char **_account_name)
114 {
115 const char *url;
116 struct ldb_context *ldb;
117 TALLOC_CTX *tmp_ctx;
118 bool test_res = true;
119 struct dcerpc_pipe *p = talloc_get_type_abort(b->private_data, struct dcerpc_pipe);
120 int ldb_ret;
121 struct ldb_result *ldb_res;
122 const char *account_name = NULL;
123 static const char *attrs[] = {
124 "samAccountName",
125 NULL
126 };
127
128 tmp_ctx = talloc_new(tctx);
129 torture_assert(tctx, tmp_ctx != NULL, "Failed to create temporary mem context");
130
131 url = talloc_asprintf(tmp_ctx, "ldap://%s/", p->binding->target_hostname);
132 torture_assert_goto(tctx, url != NULL, test_res, done, "Failed to allocate URL for ldb");
133
134 ldb = ldb_wrap_connect(tmp_ctx,
135 tctx->ev, tctx->lp_ctx,
136 url, NULL, cmdline_credentials, 0);
137 torture_assert_goto(tctx, ldb != NULL, test_res, done, "Failed to make LDB connection");
138
139 ldb_ret = ldb_search(ldb, tmp_ctx, &ldb_res,
140 ldb_get_default_basedn(ldb), LDB_SCOPE_SUBTREE,
141 attrs,
142 "(&(objectClass=user)(name=%s))", user_rdn);
143 if (LDB_SUCCESS == ldb_ret && 1 == ldb_res->count) {
144 account_name = ldb_msg_find_attr_as_string(ldb_res->msgs[0], "samAccountName", NULL);
145 }
146
147 /* return user_rdn by default */
148 if (!account_name) {
149 account_name = user_rdn;
150 }
151
152 /* duplicate memory in parent context */
153 *_account_name = talloc_strdup(mem_ctx, account_name);
154
155 done:
156 talloc_free(tmp_ctx);
157 return test_res;
158 }
159
160 /**
161 * Removes user by RDN through SAMR interface.
162 *
163 * @param domain_handle [in] Domain handle
164 * @param user_rdn [in] User's RDN in ldap database
165 */
166 bool test_user_cleanup(struct torture_context *tctx,
167 struct dcerpc_binding_handle *b,
168 TALLOC_CTX *mem_ctx, struct policy_handle *domain_handle,
169 const char *user_rdn)
170 {
171 struct samr_LookupNames r1;
172 struct samr_OpenUser r2;
173 struct samr_DeleteUser r3;
174 struct lsa_String names[2];
175 uint32_t rid;
176 struct policy_handle user_handle;
177 struct samr_Ids rids, types;
178 const char *account_name;
179
180 if (!_get_account_name_for_user_rdn(tctx, b, user_rdn, mem_ctx, &account_name)) {
181 torture_result(tctx, TORTURE_FAIL,
182 __location__": Failed to find samAccountName for %s", user_rdn);
183 return false;
184 }
185
186 names[0].string = account_name;
187
188 r1.in.domain_handle = domain_handle;
189 r1.in.num_names = 1;
190 r1.in.names = names;
191 r1.out.rids = &rids;
192 r1.out.types = &types;
193
194 torture_comment(tctx, "user account lookup '%s'\n", account_name);
195
196 torture_assert_ntstatus_ok(tctx,
197 dcerpc_samr_LookupNames_r(b, mem_ctx, &r1),
198 "LookupNames failed");
199 torture_assert_ntstatus_ok(tctx, r1.out.result,
200 "LookupNames failed");
201
202 rid = r1.out.rids->ids[0];
203
204 r2.in.domain_handle = domain_handle;
205 r2.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
206 r2.in.rid = rid;
207 r2.out.user_handle = &user_handle;
208
209 torture_comment(tctx, "opening user account\n");
210
211 torture_assert_ntstatus_ok(tctx,
212 dcerpc_samr_OpenUser_r(b, mem_ctx, &r2),
213 "OpenUser failed");
214 torture_assert_ntstatus_ok(tctx, r2.out.result,
215 "OpenUser failed");
216
217 r3.in.user_handle = &user_handle;
218 r3.out.user_handle = &user_handle;
219
220 torture_comment(tctx, "deleting user account\n");
221
222 torture_assert_ntstatus_ok(tctx,
223 dcerpc_samr_DeleteUser_r(b, mem_ctx, &r3),
224 "DeleteUser failed");
225 torture_assert_ntstatus_ok(tctx, r3.out.result,
226 "DeleteUser failed");
227
228 return true;
229 }
230
231
232 /**
233 * Creates new user using SAMR
234 *
235 * @param name [in] Username for user to create
236 * @param rid [out] If NULL, User's RID is not returned
237 */
238 bool test_user_create(struct torture_context *tctx,
239 struct dcerpc_binding_handle *b,
240 TALLOC_CTX *mem_ctx,
241 struct policy_handle *domain_handle,
242 const char *name,
243 uint32_t *rid)
244 {
245 struct policy_handle user_handle;
246 struct lsa_String username;
247 struct samr_CreateUser r;
248 uint32_t user_rid;
249
250 username.string = name;
251
252 r.in.domain_handle = domain_handle;
253 r.in.account_name = &username;
254 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
255 r.out.user_handle = &user_handle;
256 /* return user's RID only if requested */
257 r.out.rid = rid ? rid : &user_rid;
258
259 torture_comment(tctx, "creating user '%s'\n", username.string);
260
261 torture_assert_ntstatus_ok(tctx,
262 dcerpc_samr_CreateUser_r(b, mem_ctx, &r),
263 "CreateUser RPC call failed");
264 if (!NT_STATUS_IS_OK(r.out.result)) {
265 torture_comment(tctx, "CreateUser failed - %s\n", nt_errstr(r.out.result));
266
267 if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_USER_EXISTS)) {
268 torture_comment(tctx,
269 "User (%s) already exists - "
270 "attempting to delete and recreate account again\n",
271 username.string);
272 if (!test_user_cleanup(tctx, b, mem_ctx, domain_handle, username.string)) {
273 return false;
274 }
275
276 torture_comment(tctx, "creating user account\n");
277
278 torture_assert_ntstatus_ok(tctx,
279 dcerpc_samr_CreateUser_r(b, mem_ctx, &r),
280 "CreateUser RPC call failed");
281 torture_assert_ntstatus_ok(tctx, r.out.result,
282 "CreateUser failed");
283
284 /* be nice and close opened handles */
285 test_samr_close_handle(tctx, b, mem_ctx, &user_handle);
286
287 return true;
288 }
289 return false;
290 }
291
292 /* be nice and close opened handles */
293 test_samr_close_handle(tctx, b, mem_ctx, &user_handle);
294
295 return true;
296 }
297
298
299 /**
300 * Deletes a Group using SAMR interface
301 */
302 bool test_group_cleanup(struct torture_context *tctx,
303 struct dcerpc_binding_handle *b, TALLOC_CTX *mem_ctx,
304 struct policy_handle *domain_handle,
305 const char *name)
306 {
307 struct samr_LookupNames r1;
308 struct samr_OpenGroup r2;
309 struct samr_DeleteDomainGroup r3;
310 struct lsa_String names[2];
311 uint32_t rid;
312 struct policy_handle group_handle;
313 struct samr_Ids rids, types;
314
315 names[0].string = name;
316
317 r1.in.domain_handle = domain_handle;
318 r1.in.num_names = 1;
319 r1.in.names = names;
320 r1.out.rids = &rids;
321 r1.out.types = &types;
322
323 torture_comment(tctx, "group account lookup '%s'\n", name);
324
325 torture_assert_ntstatus_ok(tctx,
326 dcerpc_samr_LookupNames_r(b, mem_ctx, &r1),
327 "LookupNames failed");
328 torture_assert_ntstatus_ok(tctx, r1.out.result,
329 "LookupNames failed");
330
331 rid = r1.out.rids->ids[0];
332
333 r2.in.domain_handle = domain_handle;
334 r2.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
335 r2.in.rid = rid;
336 r2.out.group_handle = &group_handle;
337
338 torture_comment(tctx, "opening group account\n");
339
340 torture_assert_ntstatus_ok(tctx,
341 dcerpc_samr_OpenGroup_r(b, mem_ctx, &r2),
342 "OpenGroup failed");
343 torture_assert_ntstatus_ok(tctx, r2.out.result,
344 "OpenGroup failed");
345
346 r3.in.group_handle = &group_handle;
347 r3.out.group_handle = &group_handle;
348
349 torture_comment(tctx, "deleting group account\n");
350
351 torture_assert_ntstatus_ok(tctx,
352 dcerpc_samr_DeleteDomainGroup_r(b, mem_ctx, &r3),
353 "DeleteGroup failed");
354 torture_assert_ntstatus_ok(tctx, r3.out.result,
355 "DeleteGroup failed");
356
357 return true;
358 }
359
360
361 /**
362 * Creates a Group object using SAMR interface
363 *
364 * @param group_name [in] Name of the group to create
365 * @param rid [out] RID of group created. May be NULL in
366 * which case RID is not required by caller
367 */
368 bool test_group_create(struct torture_context *tctx,
369 struct dcerpc_binding_handle *b, TALLOC_CTX *mem_ctx,
370 struct policy_handle *handle, const char *name,
371 uint32_t *rid)
372 {
373 uint32_t group_rid;
374 struct lsa_String groupname;
375 struct samr_CreateDomainGroup r;
376 struct policy_handle group_handle;
377
378 groupname.string = name;
379
380 r.in.domain_handle = handle;
381 r.in.name = &groupname;
382 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
383 r.out.group_handle = &group_handle;
384 /* use local variable in case caller
385 * don't care about the group RID */
386 r.out.rid = rid ? rid : &group_rid;
387
388 torture_comment(tctx, "creating group account %s\n", name);
389
390 torture_assert_ntstatus_ok(tctx,
391 dcerpc_samr_CreateDomainGroup_r(b, mem_ctx, &r),
392 "CreateGroup failed");
393 if (!NT_STATUS_IS_OK(r.out.result)) {
394 torture_comment(tctx, "CreateGroup failed - %s\n", nt_errstr(r.out.result));
395
396 if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_GROUP_EXISTS)) {
397 torture_comment(tctx, "Group (%s) already exists - attempting to delete and recreate group again\n", name);
398 if (!test_group_cleanup(tctx, b, mem_ctx, handle, name)) {
399 return false;
400 }
401
402 torture_comment(tctx, "creating group account\n");
403
404 torture_assert_ntstatus_ok(tctx,
405 dcerpc_samr_CreateDomainGroup_r(b, mem_ctx, &r),
406 "CreateGroup failed");
407 torture_assert_ntstatus_ok(tctx, r.out.result,
408 "CreateGroup failed");
409
410 return true;
411 }
412 return false;
413 }
414
415 return true;
416 }
417
418 /**
419 * Closes SAMR handle obtained from Connect, Open User/Domain, etc
420 */
421 bool test_samr_close_handle(struct torture_context *tctx,
422 struct dcerpc_binding_handle *b,
423 TALLOC_CTX *mem_ctx,
424 struct policy_handle *samr_handle)
425 {
426 struct samr_Close r;
427
428 r.in.handle = samr_handle;
429 r.out.handle = samr_handle;
430
431 torture_assert_ntstatus_ok(tctx,
432 dcerpc_samr_Close_r(b, mem_ctx, &r),
433 "Close SAMR handle RPC call failed");
434 torture_assert_ntstatus_ok(tctx, r.out.result,
435 "Close SAMR handle failed");
436
437 return true;
438 }
439
440 /**
441 * Closes LSA handle obtained from Connect, Open Group, etc
442 */
443 bool test_lsa_close_handle(struct torture_context *tctx,
444 struct dcerpc_binding_handle *b,
445 TALLOC_CTX *mem_ctx,
446 struct policy_handle *lsa_handle)
447 {
448 struct lsa_Close r;
449
450 r.in.handle = lsa_handle;
451 r.out.handle = lsa_handle;
452
453 torture_assert_ntstatus_ok(tctx,
454 dcerpc_lsa_Close_r(b, mem_ctx, &r),
455 "Close LSA handle RPC call failed");
456 torture_assert_ntstatus_ok(tctx, r.out.result,
457 "Close LSA handle failed");
458
459 return true;
460 }
461
462 /**
463 * Create and initialize libnet_context Context.
464 * Use this function in cases where we need to have SAMR and LSA pipes
465 * of libnet_context to be connected before executing any other
466 * libnet call
467 *
468 * @param rpc_connect [in] Connects SAMR and LSA pipes
469 */
470 bool test_libnet_context_init(struct torture_context *tctx,
471 bool rpc_connect,
472 struct libnet_context **_net_ctx)
473 {
474 NTSTATUS status;
475 bool bret = true;
476 struct libnet_context *net_ctx;
477
478 net_ctx = libnet_context_init(tctx->ev, tctx->lp_ctx);
479 torture_assert(tctx, net_ctx != NULL, "Failed to create libnet_context");
480
481 /* Use command line credentials for testing */
482 net_ctx->cred = cmdline_credentials;
483
484 if (rpc_connect) {
485 /* connect SAMR pipe */
486 status = torture_rpc_connection(tctx,
487 &net_ctx->samr.pipe,
488 &ndr_table_samr);
489 torture_assert_ntstatus_ok_goto(tctx, status, bret, done,
490 "Failed to connect SAMR pipe");
491
492 net_ctx->samr.samr_handle = net_ctx->samr.pipe->binding_handle;
493
494 /* connect LSARPC pipe */
495 status = torture_rpc_connection(tctx,
496 &net_ctx->lsa.pipe,
497 &ndr_table_lsarpc);
498 torture_assert_ntstatus_ok_goto(tctx, status, bret, done,
499 "Failed to connect LSA pipe");
500
501 net_ctx->lsa.lsa_handle = net_ctx->lsa.pipe->binding_handle;
502 }
503
504 *_net_ctx = net_ctx;
505
506 done:
507 if (!bret) {
508 /* a previous call has failed,
509 * clean up memory before exit */
510 talloc_free(net_ctx);
511 }
512 return bret;
513 }
514
515
516 void msg_handler(struct monitor_msg *m)
517 {
518 struct msg_rpc_open_user *msg_open;
519 struct msg_rpc_query_user *msg_query;
520 struct msg_rpc_close_user *msg_close;
521 struct msg_rpc_create_user *msg_create;
522
523 switch (m->type) {
524 case mon_SamrOpenUser:
525 msg_open = (struct msg_rpc_open_user*)m->data;
526 printf("monitor_msg: user opened (rid=%d, access_mask=0x%08x)\n",
527 msg_open->rid, msg_open->access_mask);
528 break;
529 case mon_SamrQueryUser:
530 msg_query = (struct msg_rpc_query_user*)m->data;
531 printf("monitor_msg: user queried (level=%d)\n", msg_query->level);
532 break;
533 case mon_SamrCloseUser:
534 msg_close = (struct msg_rpc_close_user*)m->data;
535 printf("monitor_msg: user closed (rid=%d)\n", msg_close->rid);
536 break;
537 case mon_SamrCreateUser:
538 msg_create = (struct msg_rpc_create_user*)m->data;
539 printf("monitor_msg: user created (rid=%d)\n", msg_create->rid);
540 break;
541 }
542 }
Samba GIT mirror