2 Unix SMB/CIFS implementation.
4 Copyright (C) Guenther Deschner 2009-2010
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 #include "lib/replace/replace.h"
21 #include "libcli/util/ntstatus.h"
22 #include "libcli/util/werror.h"
23 #include "lib/util/data_blob.h"
24 #include "lib/util/time.h"
25 #include "libcli/resolve/resolve.h"
26 #include "nsswitch/libwbclient/wbclient.h"
27 #include "torture/smbtorture.h"
28 #include "torture/winbind/proto.h"
29 #include "lib/util/util_net.h"
30 #include "lib/util/charset/charset.h"
31 #include "libcli/auth/libcli_auth.h"
32 #include "lib/param/param.h"
33 #include "lib/util/samba_util.h"
34 #include "lib/crypto/arcfour.h"
35 #include "auth/credentials/credentials.h"
36 #include "lib/cmdline/popt_common.h"
38 #define WBC_ERROR_EQUAL(x,y) (x == y)
40 #define torture_assert_wbc_equal(torture_ctx, got, expected, cmt, cmt_arg) \
41 do { wbcErr __got = got, __expected = expected; \
42 if (!WBC_ERROR_EQUAL(__got, __expected)) { \
43 torture_result(torture_ctx, TORTURE_FAIL, __location__": "#got" was %s, expected %s: " cmt, wbcErrorString(__got), wbcErrorString(__expected), cmt_arg); \
48 #define torture_assert_wbc_ok(torture_ctx,expr,cmt,cmt_arg) \
49 torture_assert_wbc_equal(torture_ctx,expr,WBC_ERR_SUCCESS,cmt,cmt_arg)
51 #define torture_assert_wbc_equal_goto_fail(torture_ctx, got, expected, cmt, cmt_arg) \
52 do { wbcErr __got = got, __expected = expected; \
53 if (!WBC_ERROR_EQUAL(__got, __expected)) { \
54 torture_result(torture_ctx, TORTURE_FAIL, __location__": "#got" was %s, expected %s: " cmt, wbcErrorString(__got), wbcErrorString(__expected), cmt_arg); \
59 #define torture_assert_wbc_ok_goto_fail(torture_ctx,expr,cmt,cmt_arg) \
60 torture_assert_wbc_equal_goto_fail(torture_ctx,expr,WBC_ERR_SUCCESS,cmt,cmt_arg)
62 #define torture_assert_str_equal_goto_fail(torture_ctx,got,expected,cmt)\
63 do { const char *__got = (got), *__expected = (expected); \
64 if (strcmp(__got, __expected) != 0) { \
65 torture_result(torture_ctx, TORTURE_FAIL, \
66 __location__": "#got" was %s, expected %s: %s", \
67 __got, __expected, cmt); \
72 static bool test_wbc_ping(struct torture_context
*tctx
)
74 torture_assert_wbc_ok(tctx
, wbcPing(),
75 "%s", "wbcPing failed");
80 static bool test_wbc_pingdc(struct torture_context
*tctx
)
82 struct wbcInterfaceDetails
*details
= NULL
;
85 torture_assert_wbc_equal_goto_fail(tctx
,
86 wbcPingDc("random_string", NULL
),
87 WBC_ERR_DOMAIN_NOT_FOUND
,
90 torture_assert_wbc_ok_goto_fail(tctx
, wbcPingDc(NULL
, NULL
),
91 "%s", "wbcPingDc failed");
93 torture_assert_wbc_ok_goto_fail(tctx
, wbcInterfaceDetails(&details
),
94 "%s", "wbcInterfaceDetails failed");
95 torture_assert_goto(tctx
, details
, ret
, fail
,
96 "wbcInterfaceDetails returned NULL pointer");
97 torture_assert_goto(tctx
, details
->netbios_domain
, ret
, fail
,
98 "wbcInterfaceDetails returned NULL netbios_domain");
100 torture_assert_wbc_ok_goto_fail(tctx
,
101 wbcPingDc(details
->netbios_domain
, NULL
),
102 "wbcPingDc(%s) failed",
103 details
->netbios_domain
);
105 torture_assert_wbc_ok_goto_fail(tctx
,
106 wbcPingDc("BUILTIN", NULL
),
108 "wbcPingDc(BUILTIN) failed");
112 wbcFreeMemory(details
);
116 static bool test_wbc_pingdc2(struct torture_context
*tctx
)
118 struct wbcInterfaceDetails
*details
= NULL
;
122 torture_assert_wbc_equal_goto_fail(tctx
,
123 wbcPingDc2("random_string", NULL
, &name
),
124 WBC_ERR_DOMAIN_NOT_FOUND
,
126 "wbcPingDc2 failed");
127 torture_assert_wbc_ok_goto_fail(tctx
,
128 wbcPingDc2(NULL
, NULL
, &name
),
130 "wbcPingDc2 failed");
134 torture_assert_wbc_ok_goto_fail(tctx
,
135 wbcInterfaceDetails(&details
),
137 "wbcInterfaceDetails failed");
138 torture_assert_goto(tctx
,
142 "wbcInterfaceDetails returned NULL pointer");
143 torture_assert_goto(tctx
,
144 details
->netbios_domain
,
147 "wbcInterfaceDetails returned NULL netbios_domain");
149 torture_assert_wbc_ok_goto_fail(tctx
,
150 wbcPingDc2(details
->netbios_domain
, NULL
, &name
),
151 "wbcPingDc2(%s) failed",
152 details
->netbios_domain
);
156 torture_assert_wbc_ok_goto_fail(tctx
,
157 wbcPingDc2("BUILTIN", NULL
, &name
),
159 "wbcPingDc2(BUILTIN) failed");
164 wbcFreeMemory(details
);
169 static bool test_wbc_library_details(struct torture_context
*tctx
)
171 struct wbcLibraryDetails
*details
;
173 torture_assert_wbc_ok(tctx
, wbcLibraryDetails(&details
),
174 "%s", "wbcLibraryDetails failed");
175 torture_assert(tctx
, details
,
176 "wbcLibraryDetails returned NULL pointer");
178 wbcFreeMemory(details
);
183 static bool test_wbc_interface_details(struct torture_context
*tctx
)
185 struct wbcInterfaceDetails
*details
;
187 torture_assert_wbc_ok(tctx
, wbcInterfaceDetails(&details
),
188 "%s", "wbcInterfaceDetails failed");
189 torture_assert(tctx
, details
,
190 "wbcInterfaceDetails returned NULL pointer");
192 wbcFreeMemory(details
);
197 static bool test_wbc_sidtypestring(struct torture_context
*tctx
)
199 torture_assert_str_equal(tctx
, wbcSidTypeString(WBC_SID_NAME_USE_NONE
),
200 "SID_NONE", "SID_NONE failed");
201 torture_assert_str_equal(tctx
, wbcSidTypeString(WBC_SID_NAME_USER
),
202 "SID_USER", "SID_USER failed");
203 torture_assert_str_equal(tctx
, wbcSidTypeString(WBC_SID_NAME_DOM_GRP
),
204 "SID_DOM_GROUP", "SID_DOM_GROUP failed");
205 torture_assert_str_equal(tctx
, wbcSidTypeString(WBC_SID_NAME_DOMAIN
),
206 "SID_DOMAIN", "SID_DOMAIN failed");
207 torture_assert_str_equal(tctx
, wbcSidTypeString(WBC_SID_NAME_ALIAS
),
208 "SID_ALIAS", "SID_ALIAS failed");
209 torture_assert_str_equal(tctx
, wbcSidTypeString(WBC_SID_NAME_WKN_GRP
),
210 "SID_WKN_GROUP", "SID_WKN_GROUP failed");
211 torture_assert_str_equal(tctx
, wbcSidTypeString(WBC_SID_NAME_DELETED
),
212 "SID_DELETED", "SID_DELETED failed");
213 torture_assert_str_equal(tctx
, wbcSidTypeString(WBC_SID_NAME_INVALID
),
214 "SID_INVALID", "SID_INVALID failed");
215 torture_assert_str_equal(tctx
, wbcSidTypeString(WBC_SID_NAME_UNKNOWN
),
216 "SID_UNKNOWN", "SID_UNKNOWN failed");
217 torture_assert_str_equal(tctx
, wbcSidTypeString(WBC_SID_NAME_COMPUTER
),
218 "SID_COMPUTER", "SID_COMPUTER failed");
219 torture_assert_str_equal(tctx
, wbcSidTypeString(WBC_SID_NAME_LABEL
),
220 "SID_LABEL", "SID_LABEL failed");
224 static bool test_wbc_sidtostring(struct torture_context
*tctx
)
226 struct wbcDomainSid sid
;
227 const char *sid_string
= "S-1-5-32";
230 torture_assert_wbc_ok(tctx
, wbcStringToSid(sid_string
, &sid
),
231 "wbcStringToSid of %s failed", sid_string
);
232 torture_assert_wbc_ok(tctx
, wbcSidToString(&sid
, &sid_string2
),
233 "wbcSidToString of %s failed", sid_string
);
234 torture_assert_str_equal(tctx
, sid_string
, sid_string2
,
235 "sid strings differ");
236 wbcFreeMemory(sid_string2
);
241 static bool test_wbc_guidtostring(struct torture_context
*tctx
)
244 const char *guid_string
= "f7cf07b4-1487-45c7-824d-8b18cc580811";
247 torture_assert_wbc_ok(tctx
, wbcStringToGuid(guid_string
, &guid
),
248 "wbcStringToGuid of %s failed", guid_string
);
249 torture_assert_wbc_ok(tctx
, wbcGuidToString(&guid
, &guid_string2
),
250 "wbcGuidToString of %s failed", guid_string
);
251 torture_assert_str_equal(tctx
, guid_string
, guid_string2
,
252 "guid strings differ");
253 wbcFreeMemory(guid_string2
);
258 static bool test_wbc_domain_info(struct torture_context
*tctx
)
260 struct wbcDomainInfo
*info
= NULL
;
261 struct wbcInterfaceDetails
*details
= NULL
;
264 torture_assert_wbc_ok_goto_fail(tctx
,
265 wbcInterfaceDetails(&details
),
267 "wbcInterfaceDetails failed");
268 torture_assert_wbc_ok_goto_fail(tctx
,
269 wbcDomainInfo(details
->netbios_domain
, &info
),
271 "wbcDomainInfo failed");
273 torture_assert_goto(tctx
,
277 "wbcDomainInfo returned NULL pointer");
281 wbcFreeMemory(details
);
287 static bool test_wbc_users(struct torture_context
*tctx
)
289 const char *domain_name
= NULL
;
291 const char **users
= NULL
;
293 struct wbcInterfaceDetails
*details
= NULL
;
294 struct wbcDomainSid
*sids
= NULL
;
297 char *sid_string
= NULL
;
301 torture_assert_wbc_ok(tctx
, wbcInterfaceDetails(&details
),
302 "%s", "wbcInterfaceDetails failed");
304 domain_name
= talloc_strdup(tctx
, details
->netbios_domain
);
305 torture_assert_goto(tctx
,
309 "Failed to allocate domain_name");
310 separator
= details
->winbind_separator
;
311 wbcFreeMemory(details
);
314 torture_assert_wbc_ok_goto_fail(tctx
,
315 wbcListUsers(domain_name
, &num_users
, &users
),
317 "wbcListUsers failed");
318 torture_assert_goto(tctx
,
319 !(num_users
> 0 && !users
),
322 "wbcListUsers returned invalid results");
324 for (i
= 0; i
< MIN(num_users
, 100); i
++) {
325 struct wbcDomainSid sid
;
326 enum wbcSidType name_type
;
331 c
= strchr(users
[i
], separator
);
336 * user name does not contain DOMAIN SEPARATOR prefix.
343 * user name starts with DOMAIN SEPARATOR prefix.
351 torture_assert_str_equal_goto(tctx
, dom
, domain_name
,
352 ret
, fail
, "Domain part "
353 "of user name does not "
354 "match domain name.\n");
357 torture_assert_wbc_ok_goto_fail(tctx
,
358 wbcLookupName(domain_name
, user
,
360 "wbcLookupName of %s failed",
362 torture_assert_int_equal_goto(tctx
,
363 name_type
, WBC_SID_NAME_USER
,
366 "wbcLookupName expected WBC_SID_NAME_USER");
367 wbcSidToString(&sid
, &sid_string
);
368 torture_assert_wbc_ok_goto_fail(tctx
,
373 "wbcLookupSid of %s failed",
375 torture_assert_int_equal_goto(tctx
,
376 name_type
, WBC_SID_NAME_USER
,
379 "wbcLookupSid of expected WBC_SID_NAME_USER");
380 torture_assert_goto(tctx
,
384 "wbcLookupSid returned no name");
385 wbcFreeMemory(domain
);
390 torture_assert_wbc_ok_goto_fail(tctx
,
391 wbcLookupUserSids(&sid
, true, &num_sids
, &sids
),
392 "wbcLookupUserSids of %s failed", sid_string
);
393 torture_assert_wbc_ok_goto_fail(tctx
,
394 wbcGetDisplayName(&sid
,
398 "wbcGetDisplayName of %s failed",
400 wbcFreeMemory(domain
);
406 wbcFreeMemory(sid_string
);
412 wbcFreeMemory(details
);
413 wbcFreeMemory(users
);
414 wbcFreeMemory(domain
);
417 wbcFreeMemory(sid_string
);
422 static bool test_wbc_groups(struct torture_context
*tctx
)
425 const char *domain_name
= NULL
;
427 const char **groups
= NULL
;
429 struct wbcInterfaceDetails
*details
= NULL
;
432 char *sid_string
= NULL
;
435 torture_assert_wbc_ok(tctx
, wbcInterfaceDetails(&details
),
436 "%s", "wbcInterfaceDetails failed");
438 domain_name
= talloc_strdup(tctx
, details
->netbios_domain
);
439 torture_assert_goto(tctx
,
443 "Failed to allocate domain_name");
444 separator
= details
->winbind_separator
;
445 wbcFreeMemory(details
);
448 torture_assert_wbc_ok_goto_fail(tctx
,
449 wbcListGroups(domain_name
, &num_groups
, &groups
),
450 "wbcListGroups in %s failed",
452 torture_assert_goto(tctx
,
453 !(num_groups
> 0 && !groups
),
456 "wbcListGroups returned invalid results");
458 for (i
=0; i
< MIN(num_groups
,100); i
++) {
459 struct wbcDomainSid sid
;
460 enum wbcSidType name_type
;
464 c
= strchr(groups
[i
], separator
);
469 * group name does not contain DOMAIN SEPARATOR prefix.
476 * group name starts with DOMAIN SEPARATOR prefix.
485 torture_assert_str_equal_goto(tctx
, dom
, domain_name
,
486 ret
, fail
, "Domain part "
487 "of group name does not "
488 "match domain name.\n");
491 torture_assert_wbc_ok_goto_fail(tctx
,
492 wbcLookupName(domain_name
,
496 "wbcLookupName for %s failed",
498 wbcSidToString(&sid
, &sid_string
);
499 torture_assert_wbc_ok_goto_fail(tctx
,
504 "wbcLookupSid of %s failed",
506 torture_assert_goto(tctx
,
510 "wbcLookupSid returned no name");
512 wbcFreeMemory(domain
);
516 wbcFreeMemory(sid_string
);
522 wbcFreeMemory(details
);
523 wbcFreeMemory(groups
);
524 wbcFreeMemory(domain
);
526 wbcFreeMemory(sid_string
);
531 static bool test_wbc_trusts(struct torture_context
*tctx
)
533 struct wbcDomainInfo
*domains
= NULL
;
534 struct wbcAuthErrorInfo
*error
= NULL
;
539 torture_assert_wbc_ok_goto_fail(tctx
,
540 wbcListTrusts(&domains
, &num_domains
),
542 "wbcListTrusts failed");
543 torture_assert_goto(tctx
,
544 !(num_domains
> 0 && !domains
),
547 "wbcListTrusts returned invalid results");
549 for (i
=0; i
< MIN(num_domains
,100); i
++) {
552 struct wbcDomainSid sid;
553 enum wbcSidType name_type;
557 torture_assert_wbc_ok_goto_fail(tctx
,
558 wbcCheckTrustCredentials(domains
[i
].short_name
,
561 "wbcCheckTrustCredentials failed");
563 torture_assert_wbc_ok(tctx, wbcLookupName(domains[i].short_name, NULL, &sid, &name_type),
564 "wbcLookupName failed");
565 torture_assert_int_equal(tctx, name_type, WBC_SID_NAME_DOMAIN,
566 "wbcLookupName expected WBC_SID_NAME_DOMAIN");
567 torture_assert_wbc_ok(tctx, wbcLookupSid(&sid, &domain, &name, &name_type),
568 "wbcLookupSid failed");
569 torture_assert_int_equal(tctx, name_type, WBC_SID_NAME_DOMAIN,
570 "wbcLookupSid expected WBC_SID_NAME_DOMAIN");
571 torture_assert(tctx, name,
572 "wbcLookupSid returned no name");
574 wbcFreeMemory(error
);
580 wbcFreeMemory(domains
);
581 wbcFreeMemory(error
);
586 static bool test_wbc_lookupdc(struct torture_context
*tctx
)
588 const char *domain_name
= NULL
;
589 struct wbcInterfaceDetails
*details
;
590 struct wbcDomainControllerInfo
*dc_info
;
592 torture_assert_wbc_ok(tctx
, wbcInterfaceDetails(&details
),
593 "%s", "wbcInterfaceDetails failed");
595 domain_name
= talloc_strdup(tctx
, details
->netbios_domain
);
596 wbcFreeMemory(details
);
598 torture_assert_wbc_ok(tctx
, wbcLookupDomainController(domain_name
, 0, &dc_info
),
599 "wbcLookupDomainController for %s failed", domain_name
);
600 wbcFreeMemory(dc_info
);
605 static bool test_wbc_lookupdcex(struct torture_context
*tctx
)
607 const char *domain_name
= NULL
;
608 struct wbcInterfaceDetails
*details
;
609 struct wbcDomainControllerInfoEx
*dc_info
;
611 torture_assert_wbc_ok(tctx
, wbcInterfaceDetails(&details
),
612 "%s", "wbcInterfaceDetails failed");
614 domain_name
= talloc_strdup(tctx
, details
->netbios_domain
);
615 wbcFreeMemory(details
);
617 torture_assert_wbc_ok(tctx
, wbcLookupDomainControllerEx(domain_name
, NULL
, NULL
, 0, &dc_info
),
618 "wbcLookupDomainControllerEx for %s failed", domain_name
);
619 wbcFreeMemory(dc_info
);
624 static bool test_wbc_resolve_winsbyname(struct torture_context
*tctx
)
630 name
= torture_setting_string(tctx
, "host", NULL
);
632 torture_comment(tctx
, "test-WinsByName: host='%s'\n", name
);
634 ret
= wbcResolveWinsByName(name
, &ip
);
636 if (is_ipaddress(name
)) {
637 torture_assert_wbc_equal(tctx
, ret
, WBC_ERR_DOMAIN_NOT_FOUND
, "wbcResolveWinsByName of %s failed", name
);
639 torture_assert_wbc_ok(tctx
, ret
, "wbcResolveWinsByName for %s failed", name
);
645 static bool test_wbc_resolve_winsbyip(struct torture_context
*tctx
)
649 struct nbt_name nbt_name
;
654 host
= torture_setting_string(tctx
, "host", NULL
);
656 torture_comment(tctx
, "test-WinsByIp: host='%s'\n", host
);
658 make_nbt_name_server(&nbt_name
, host
);
660 status
= resolve_name_ex(lpcfg_resolve_context(tctx
->lp_ctx
),
661 0, 0, &nbt_name
, tctx
, &ip
, tctx
->ev
);
662 torture_assert_ntstatus_ok(tctx
, status
,
663 talloc_asprintf(tctx
,"Failed to resolve %s: %s",
664 nbt_name
.name
, nt_errstr(status
)));
666 torture_comment(tctx
, "test-WinsByIp: ip='%s'\n", ip
);
668 ret
= wbcResolveWinsByIP(ip
, &name
);
670 torture_assert_wbc_ok(tctx
, ret
, "wbcResolveWinsByIP for %s failed", ip
);
677 static bool test_wbc_lookup_rids(struct torture_context
*tctx
)
679 struct wbcDomainSid builtin
;
680 uint32_t rids
[2] = { 544, 545 };
681 const char *domain_name
= NULL
;
682 const char **names
= NULL
;
683 enum wbcSidType
*types
;
686 wbcStringToSid("S-1-5-32", &builtin
);
688 ret
= wbcLookupRids(&builtin
, 2, rids
, &domain_name
, &names
,
690 torture_assert_wbc_ok_goto_fail(
691 tctx
, ret
, "%s", "wbcLookupRids for 544 and 545 failed");
693 torture_assert_str_equal(
694 tctx
, names
[0], "Administrators",
695 "S-1-5-32-544 not mapped to 'Administrators'");
696 torture_assert_str_equal_goto_fail(
697 tctx
, names
[1], "Users", "S-1-5-32-545 not mapped to 'Users'");
701 wbcFreeMemory(discard_const_p(char ,domain_name
));
702 wbcFreeMemory(names
);
703 wbcFreeMemory(types
);
707 static bool test_wbc_get_sidaliases(struct torture_context
*tctx
)
709 struct wbcDomainSid builtin
;
710 struct wbcDomainInfo
*info
= NULL
;
711 struct wbcInterfaceDetails
*details
= NULL
;
712 struct wbcDomainSid sids
[2];
713 uint32_t *rids
= NULL
;
717 torture_assert_wbc_ok_goto_fail(tctx
,
718 wbcInterfaceDetails(&details
),
720 "wbcInterfaceDetails failed");
721 torture_assert_wbc_ok_goto_fail(tctx
,
722 wbcDomainInfo(details
->netbios_domain
, &info
),
723 "wbcDomainInfo of %s failed",
724 details
->netbios_domain
);
727 sids
[0].sub_auths
[sids
[0].num_auths
++] = 500;
729 sids
[1].sub_auths
[sids
[1].num_auths
++] = 512;
731 torture_assert_wbc_ok_goto_fail(tctx
,
732 wbcStringToSid("S-1-5-32", &builtin
),
733 "wbcStringToSid of %s failed",
736 ret
= wbcGetSidAliases(&builtin
, sids
, 2, &rids
, &num_rids
);
737 torture_assert_wbc_ok_goto_fail(tctx
,
740 "wbcGetSidAliases failed");
744 wbcFreeMemory(details
);
750 static bool test_wbc_authenticate_user_int(struct torture_context
*tctx
,
751 const char *correct_password
)
753 struct wbcAuthUserParams params
;
754 struct wbcAuthUserInfo
*info
= NULL
;
755 struct wbcAuthErrorInfo
*error
= NULL
;
758 ret
= wbcAuthenticateUser(cli_credentials_get_username(
759 popt_get_cmdline_credentials()), correct_password
);
760 torture_assert_wbc_equal(tctx
, ret
, WBC_ERR_SUCCESS
,
761 "wbcAuthenticateUser of %s failed",
762 cli_credentials_get_username(popt_get_cmdline_credentials()));
765 params
.account_name
=
766 cli_credentials_get_username(popt_get_cmdline_credentials());
767 params
.level
= WBC_AUTH_USER_LEVEL_PLAIN
;
768 params
.password
.plaintext
= correct_password
;
770 ret
= wbcAuthenticateUserEx(¶ms
, &info
, &error
);
771 torture_assert_wbc_equal(tctx
, ret
, WBC_ERR_SUCCESS
,
772 "wbcAuthenticateUserEx of %s failed", params
.account_name
);
776 wbcFreeMemory(error
);
779 params
.password
.plaintext
= "wrong";
780 ret
= wbcAuthenticateUserEx(¶ms
, &info
, &error
);
781 torture_assert_wbc_equal(tctx
, ret
, WBC_ERR_AUTH_ERROR
,
782 "wbcAuthenticateUserEx for %s succeeded where it "
783 "should have failed", params
.account_name
);
787 wbcFreeMemory(error
);
793 static bool test_wbc_authenticate_user(struct torture_context
*tctx
)
795 return test_wbc_authenticate_user_int(tctx
,
796 cli_credentials_get_password(popt_get_cmdline_credentials()));
799 static bool test_wbc_change_password(struct torture_context
*tctx
)
802 const char *oldpass
=
803 cli_credentials_get_password(popt_get_cmdline_credentials());
804 const char *newpass
= "Koo8irei%$";
806 struct samr_CryptPassword new_nt_password
;
807 struct samr_CryptPassword new_lm_password
;
808 struct samr_Password old_nt_hash_enc
;
809 struct samr_Password old_lanman_hash_enc
;
811 uint8_t old_nt_hash
[16];
812 uint8_t old_lanman_hash
[16];
813 uint8_t new_nt_hash
[16];
814 uint8_t new_lanman_hash
[16];
816 struct wbcChangePasswordParams params
;
818 if (oldpass
== NULL
) {
820 "skipping wbcChangeUserPassword test as old password cannot be retrieved\n");
825 E_md4hash(oldpass
, old_nt_hash
);
826 E_md4hash(newpass
, new_nt_hash
);
828 if (lpcfg_client_lanman_auth(tctx
->lp_ctx
) &&
829 E_deshash(newpass
, new_lanman_hash
) &&
830 E_deshash(oldpass
, old_lanman_hash
)) {
832 /* E_deshash returns false for 'long' passwords (> 14
833 DOS chars). This allows us to match Win2k, which
834 does not store a LM hash for these passwords (which
835 would reduce the effective password length to 14) */
837 encode_pw_buffer(new_lm_password
.data
, newpass
, STR_UNICODE
);
838 arcfour_crypt(new_lm_password
.data
, old_nt_hash
, 516);
839 E_old_pw_hash(new_nt_hash
, old_lanman_hash
,
840 old_lanman_hash_enc
.hash
);
842 params
.old_password
.response
.old_lm_hash_enc_length
=
843 sizeof(old_lanman_hash_enc
.hash
);
844 params
.old_password
.response
.old_lm_hash_enc_data
=
845 old_lanman_hash_enc
.hash
;
846 params
.new_password
.response
.lm_length
=
847 sizeof(new_lm_password
.data
);
848 params
.new_password
.response
.lm_data
=
849 new_lm_password
.data
;
851 ZERO_STRUCT(new_lm_password
);
852 ZERO_STRUCT(old_lanman_hash_enc
);
855 encode_pw_buffer(new_nt_password
.data
, newpass
, STR_UNICODE
);
857 arcfour_crypt(new_nt_password
.data
, old_nt_hash
, 516);
858 E_old_pw_hash(new_nt_hash
, old_nt_hash
, old_nt_hash_enc
.hash
);
860 params
.old_password
.response
.old_nt_hash_enc_length
=
861 sizeof(old_nt_hash_enc
.hash
);
862 params
.old_password
.response
.old_nt_hash_enc_data
=
863 old_nt_hash_enc
.hash
;
864 params
.new_password
.response
.nt_length
= sizeof(new_nt_password
.data
);
865 params
.new_password
.response
.nt_data
= new_nt_password
.data
;
867 params
.level
= WBC_CHANGE_PASSWORD_LEVEL_RESPONSE
;
868 params
.account_name
=
869 cli_credentials_get_username(popt_get_cmdline_credentials());
871 cli_credentials_get_domain(popt_get_cmdline_credentials());
873 ret
= wbcChangeUserPasswordEx(¶ms
, NULL
, NULL
, NULL
);
874 torture_assert_wbc_equal(tctx
, ret
, WBC_ERR_SUCCESS
,
875 "wbcChangeUserPassword for %s failed", params
.account_name
);
877 if (!test_wbc_authenticate_user_int(tctx
, newpass
)) {
881 ret
= wbcChangeUserPassword(
882 cli_credentials_get_username(popt_get_cmdline_credentials()),
884 cli_credentials_get_password(popt_get_cmdline_credentials()));
885 torture_assert_wbc_equal(tctx
, ret
, WBC_ERR_SUCCESS
,
886 "wbcChangeUserPassword for %s failed", params
.account_name
);
888 return test_wbc_authenticate_user_int(tctx
,
889 cli_credentials_get_password(popt_get_cmdline_credentials()));
892 static bool test_wbc_logon_user(struct torture_context
*tctx
)
894 struct wbcLogonUserParams params
;
895 struct wbcLogonUserInfo
*info
= NULL
;
896 struct wbcAuthErrorInfo
*error
= NULL
;
897 struct wbcUserPasswordPolicyInfo
*policy
= NULL
;
898 struct wbcInterfaceDetails
*iface
;
899 struct wbcDomainSid sid
;
900 enum wbcSidType sidtype
;
906 ret
= wbcLogonUser(¶ms
, &info
, &error
, &policy
);
907 torture_assert_wbc_equal(tctx
, ret
, WBC_ERR_INVALID_PARAM
,
908 "%s", "wbcLogonUser succeeded for NULL where it should "
912 cli_credentials_get_username(popt_get_cmdline_credentials());
914 cli_credentials_get_password(popt_get_cmdline_credentials());
916 ret
= wbcAddNamedBlob(¶ms
.num_blobs
, ¶ms
.blobs
,
917 "foo", 0, discard_const_p(uint8_t, "bar"), 4);
918 torture_assert_wbc_equal(tctx
, ret
, WBC_ERR_SUCCESS
,
919 "%s", "wbcAddNamedBlob failed");
921 ret
= wbcLogonUser(¶ms
, &info
, &error
, &policy
);
922 torture_assert_wbc_equal(tctx
, ret
, WBC_ERR_SUCCESS
,
923 "wbcLogonUser for %s failed", params
.username
);
924 wbcFreeMemory(info
); info
= NULL
;
925 wbcFreeMemory(error
); error
= NULL
;
926 wbcFreeMemory(policy
); policy
= NULL
;
928 params
.password
= "wrong";
930 ret
= wbcLogonUser(¶ms
, &info
, &error
, &policy
);
931 torture_assert_wbc_equal(tctx
, ret
, WBC_ERR_AUTH_ERROR
,
932 "wbcLogonUser for %s should have failed with "
933 "WBC_ERR_AUTH_ERROR", params
.username
);
934 wbcFreeMemory(info
); info
= NULL
;
935 wbcFreeMemory(error
); error
= NULL
;
936 wbcFreeMemory(policy
); policy
= NULL
;
938 ret
= wbcAddNamedBlob(¶ms
.num_blobs
, ¶ms
.blobs
,
940 discard_const_p(uint8_t, "S-1-2-3-4"),
941 strlen("S-1-2-3-4")+1);
942 torture_assert_wbc_equal(tctx
, ret
, WBC_ERR_SUCCESS
,
943 "%s", "wbcAddNamedBlob failed");
945 cli_credentials_get_password(popt_get_cmdline_credentials());
946 ret
= wbcLogonUser(¶ms
, &info
, &error
, &policy
);
947 torture_assert_wbc_equal(tctx
, ret
, WBC_ERR_AUTH_ERROR
,
948 "wbcLogonUser for %s should have failed with "
949 "WBC_ERR_AUTH_ERROR", params
.username
);
950 wbcFreeMemory(info
); info
= NULL
;
951 wbcFreeMemory(error
); error
= NULL
;
952 wbcFreeMemory(policy
); policy
= NULL
;
953 wbcFreeMemory(params
.blobs
);
954 params
.blobs
= NULL
; params
.num_blobs
= 0;
956 ret
= wbcInterfaceDetails(&iface
);
957 torture_assert_wbc_equal(tctx
, ret
, WBC_ERR_SUCCESS
,
958 "%s", "wbcInterfaceDetails failed");
960 ret
= wbcLookupName(iface
->netbios_domain
,
961 cli_credentials_get_username(popt_get_cmdline_credentials()),
964 wbcFreeMemory(iface
);
965 torture_assert_wbc_equal(tctx
, ret
, WBC_ERR_SUCCESS
,
966 "wbcLookupName for %s failed",
967 cli_credentials_get_username(popt_get_cmdline_credentials()));
969 ret
= wbcSidToString(&sid
, &sidstr
);
970 torture_assert_wbc_equal(tctx
, ret
, WBC_ERR_SUCCESS
,
971 "%s", "wbcSidToString failed");
973 ret
= wbcAddNamedBlob(¶ms
.num_blobs
, ¶ms
.blobs
,
975 (uint8_t *)sidstr
, strlen(sidstr
)+1);
976 torture_assert_wbc_equal(tctx
, ret
, WBC_ERR_SUCCESS
,
977 "%s", "wbcAddNamedBlob failed");
978 wbcFreeMemory(sidstr
);
980 cli_credentials_get_password(popt_get_cmdline_credentials());
981 ret
= wbcLogonUser(¶ms
, &info
, &error
, &policy
);
982 torture_assert_wbc_equal(tctx
, ret
, WBC_ERR_SUCCESS
,
983 "wbcLogonUser for %s failed", params
.username
);
984 wbcFreeMemory(info
); info
= NULL
;
985 wbcFreeMemory(error
); error
= NULL
;
986 wbcFreeMemory(policy
); policy
= NULL
;
987 wbcFreeMemory(params
.blobs
);
988 params
.blobs
= NULL
; params
.num_blobs
= 0;
993 static bool test_wbc_getgroups(struct torture_context
*tctx
)
1000 cli_credentials_get_username(popt_get_cmdline_credentials()),
1003 torture_assert_wbc_equal(tctx
, ret
, WBC_ERR_SUCCESS
,
1004 "wbcGetGroups for %s failed",
1005 cli_credentials_get_username(popt_get_cmdline_credentials()));
1006 wbcFreeMemory(groups
);
1010 struct torture_suite
*torture_wbclient(TALLOC_CTX
*ctx
)
1012 struct torture_suite
*suite
= torture_suite_create(ctx
, "wbclient");
1014 torture_suite_add_simple_test(suite
, "wbcPing", test_wbc_ping
);
1015 torture_suite_add_simple_test(suite
, "wbcPingDc", test_wbc_pingdc
);
1016 torture_suite_add_simple_test(suite
, "wbcPingDc2", test_wbc_pingdc2
);
1017 torture_suite_add_simple_test(suite
, "wbcLibraryDetails", test_wbc_library_details
);
1018 torture_suite_add_simple_test(suite
, "wbcInterfaceDetails", test_wbc_interface_details
);
1019 torture_suite_add_simple_test(suite
, "wbcSidTypeString", test_wbc_sidtypestring
);
1020 torture_suite_add_simple_test(suite
, "wbcSidToString", test_wbc_sidtostring
);
1021 torture_suite_add_simple_test(suite
, "wbcGuidToString", test_wbc_guidtostring
);
1022 torture_suite_add_simple_test(suite
, "wbcDomainInfo", test_wbc_domain_info
);
1023 torture_suite_add_simple_test(suite
, "wbcListUsers", test_wbc_users
);
1024 torture_suite_add_simple_test(suite
, "wbcListGroups", test_wbc_groups
);
1025 torture_suite_add_simple_test(suite
, "wbcListTrusts", test_wbc_trusts
);
1026 torture_suite_add_simple_test(suite
, "wbcLookupDomainController", test_wbc_lookupdc
);
1027 torture_suite_add_simple_test(suite
, "wbcLookupDomainControllerEx", test_wbc_lookupdcex
);
1028 torture_suite_add_simple_test(suite
, "wbcResolveWinsByName", test_wbc_resolve_winsbyname
);
1029 torture_suite_add_simple_test(suite
, "wbcResolveWinsByIP", test_wbc_resolve_winsbyip
);
1030 torture_suite_add_simple_test(suite
, "wbcLookupRids",
1031 test_wbc_lookup_rids
);
1032 torture_suite_add_simple_test(suite
, "wbcGetSidAliases",
1033 test_wbc_get_sidaliases
);
1034 torture_suite_add_simple_test(suite
, "wbcAuthenticateUser",
1035 test_wbc_authenticate_user
);
1036 torture_suite_add_simple_test(suite
, "wbcLogonUser",
1037 test_wbc_logon_user
);
1038 torture_suite_add_simple_test(suite
, "wbcChangeUserPassword",
1039 test_wbc_change_password
);
1040 torture_suite_add_simple_test(suite
, "wbcGetGroups",
1041 test_wbc_getgroups
);