search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
param: turn 'wide links' into a generated funcion
[Samba.git] / nsswitch / libwbclient / tests / wbclient.c
blob5bce0aead8853cc93771f8bd338e5cbee9e94d92
1 /*
2 Unix SMB/CIFS implementation.
3 SMB torture tester
4 Copyright (C) Guenther Deschner 2009-2010
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "lib/replace/replace.h"
21 #include "libcli/util/ntstatus.h"
22 #include "libcli/util/werror.h"
23 #include "lib/util/data_blob.h"
24 #include "lib/util/time.h"
25 #include "nsswitch/libwbclient/wbclient.h"
26 #include "torture/smbtorture.h"
27 #include "torture/winbind/proto.h"
28 #include "lib/util/util_net.h"
29 #include "lib/util/charset/charset.h"
30 #include "libcli/auth/libcli_auth.h"
31 #include "lib/param/param.h"
32 #include "lib/util/samba_util.h"
33 #include "lib/crypto/arcfour.h"
34 #include "auth/credentials/credentials.h"
35 #include "lib/cmdline/popt_common.h"
36
37 #define WBC_ERROR_EQUAL(x,y) (x == y)
38
39 #define torture_assert_wbc_equal(torture_ctx, got, expected, cmt, cmt_arg) \
40 do { wbcErr __got = got, __expected = expected; \
41 if (!WBC_ERROR_EQUAL(__got, __expected)) { \
42 torture_result(torture_ctx, TORTURE_FAIL, __location__": "#got" was %s, expected %s: " cmt, wbcErrorString(__got), wbcErrorString(__expected), cmt_arg); \
43 return false; \
44 } \
45 } while (0)
46
47 #define torture_assert_wbc_ok(torture_ctx,expr,cmt,cmt_arg) \
48 torture_assert_wbc_equal(torture_ctx,expr,WBC_ERR_SUCCESS,cmt,cmt_arg)
49
50 static bool test_wbc_ping(struct torture_context *tctx)
51 {
52 torture_assert_wbc_ok(tctx, wbcPing(),
53 "%s", "wbcPing failed");
54
55 return true;
56 }
57
58 static bool test_wbc_pingdc(struct torture_context *tctx)
59 {
60 struct wbcInterfaceDetails *details;
61
62 torture_assert_wbc_equal(tctx, wbcPingDc("random_string", NULL), WBC_ERR_DOMAIN_NOT_FOUND,
63 "%s", "wbcPingDc failed");
64 torture_assert_wbc_ok(tctx, wbcPingDc(NULL, NULL),
65 "%s", "wbcPingDc failed");
66
67 torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details),
68 "%s", "wbcInterfaceDetails failed");
69 torture_assert(tctx, details,
70 "wbcInterfaceDetails returned NULL pointer");
71 torture_assert(tctx, details->netbios_domain,
72 "wbcInterfaceDetails returned NULL netbios_domain");
73
74 torture_assert_wbc_ok(tctx, wbcPingDc(details->netbios_domain, NULL),
75 "wbcPingDc(%s) failed", details->netbios_domain);
76
77 torture_assert_wbc_ok(tctx, wbcPingDc("BUILTIN", NULL),
78 "%s", "wbcPingDc(BUILTIN) failed");
79
80 wbcFreeMemory(details);
81 return true;
82 }
83
84 static bool test_wbc_pingdc2(struct torture_context *tctx)
85 {
86 struct wbcInterfaceDetails *details;
87 char *name = NULL;
88
89 torture_assert_wbc_equal(tctx, wbcPingDc2("random_string", NULL, &name),
90 WBC_ERR_DOMAIN_NOT_FOUND, "%s",
91 "wbcPingDc2 failed");
92 torture_assert_wbc_ok(tctx, wbcPingDc2(NULL, NULL, &name), "%s",
93 "wbcPingDc2 failed");
94
95 wbcFreeMemory(name);
96
97 torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details),
98 "%s", "wbcInterfaceDetails failed");
99 torture_assert(tctx, details,
100 "wbcInterfaceDetails returned NULL pointer");
101 torture_assert(tctx, details->netbios_domain,
102 "wbcInterfaceDetails returned NULL netbios_domain");
103
104 torture_assert_wbc_ok(tctx, wbcPingDc2(details->netbios_domain, NULL, &name),
105 "wbcPingDc2(%s) failed", details->netbios_domain);
106 wbcFreeMemory(name);
107
108 torture_assert_wbc_ok(tctx, wbcPingDc2("BUILTIN", NULL, &name),
109 "%s", "wbcPingDc2(BUILTIN) failed");
110 wbcFreeMemory(name);
111
112 wbcFreeMemory(details);
113
114 return true;
115 }
116
117 static bool test_wbc_library_details(struct torture_context *tctx)
118 {
119 struct wbcLibraryDetails *details;
120
121 torture_assert_wbc_ok(tctx, wbcLibraryDetails(&details),
122 "%s", "wbcLibraryDetails failed");
123 torture_assert(tctx, details,
124 "wbcLibraryDetails returned NULL pointer");
125
126 wbcFreeMemory(details);
127
128 return true;
129 }
130
131 static bool test_wbc_interface_details(struct torture_context *tctx)
132 {
133 struct wbcInterfaceDetails *details;
134
135 torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details),
136 "%s", "wbcInterfaceDetails failed");
137 torture_assert(tctx, details,
138 "wbcInterfaceDetails returned NULL pointer");
139
140 wbcFreeMemory(details);
141
142 return true;
143 }
144
145 static bool test_wbc_sidtypestring(struct torture_context *tctx)
146 {
147 torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_USE_NONE),
148 "SID_NONE", "SID_NONE failed");
149 torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_USER),
150 "SID_USER", "SID_USER failed");
151 torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_DOM_GRP),
152 "SID_DOM_GROUP", "SID_DOM_GROUP failed");
153 torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_DOMAIN),
154 "SID_DOMAIN", "SID_DOMAIN failed");
155 torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_ALIAS),
156 "SID_ALIAS", "SID_ALIAS failed");
157 torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_WKN_GRP),
158 "SID_WKN_GROUP", "SID_WKN_GROUP failed");
159 torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_DELETED),
160 "SID_DELETED", "SID_DELETED failed");
161 torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_INVALID),
162 "SID_INVALID", "SID_INVALID failed");
163 torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_UNKNOWN),
164 "SID_UNKNOWN", "SID_UNKNOWN failed");
165 torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_COMPUTER),
166 "SID_COMPUTER", "SID_COMPUTER failed");
167 return true;
168 }
169
170 static bool test_wbc_sidtostring(struct torture_context *tctx)
171 {
172 struct wbcDomainSid sid;
173 const char *sid_string = "S-1-5-32";
174 char *sid_string2;
175
176 torture_assert_wbc_ok(tctx, wbcStringToSid(sid_string, &sid),
177 "wbcStringToSid of %s failed", sid_string);
178 torture_assert_wbc_ok(tctx, wbcSidToString(&sid, &sid_string2),
179 "wbcSidToString of %s failed", sid_string);
180 torture_assert_str_equal(tctx, sid_string, sid_string2,
181 "sid strings differ");
182 wbcFreeMemory(sid_string2);
183
184 return true;
185 }
186
187 static bool test_wbc_guidtostring(struct torture_context *tctx)
188 {
189 struct wbcGuid guid;
190 const char *guid_string = "f7cf07b4-1487-45c7-824d-8b18cc580811";
191 char *guid_string2;
192
193 torture_assert_wbc_ok(tctx, wbcStringToGuid(guid_string, &guid),
194 "wbcStringToGuid of %s failed", guid_string);
195 torture_assert_wbc_ok(tctx, wbcGuidToString(&guid, &guid_string2),
196 "wbcGuidToString of %s failed", guid_string);
197 torture_assert_str_equal(tctx, guid_string, guid_string2,
198 "guid strings differ");
199 wbcFreeMemory(guid_string2);
200
201 return true;
202 }
203
204 static bool test_wbc_domain_info(struct torture_context *tctx)
205 {
206 struct wbcDomainInfo *info;
207 struct wbcInterfaceDetails *details;
208
209 torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details),
210 "%s", "wbcInterfaceDetails failed");
211 torture_assert_wbc_ok(
212 tctx, wbcDomainInfo(details->netbios_domain, &info),
213 "%s", "wbcDomainInfo failed");
214 wbcFreeMemory(details);
215
216 torture_assert(tctx, info,
217 "wbcDomainInfo returned NULL pointer");
218 wbcFreeMemory(info);
219
220 return true;
221 }
222
223 static bool test_wbc_users(struct torture_context *tctx)
224 {
225 const char *domain_name = NULL;
226 uint32_t num_users;
227 const char **users;
228 int i;
229 struct wbcInterfaceDetails *details;
230
231 torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details),
232 "%s", "wbcInterfaceDetails failed");
233
234 domain_name = talloc_strdup(tctx, details->netbios_domain);
235 wbcFreeMemory(details);
236
237 torture_assert_wbc_ok(tctx, wbcListUsers(domain_name, &num_users, &users),
238 "%s", "wbcListUsers failed");
239 torture_assert(tctx, !(num_users > 0 && !users),
240 "wbcListUsers returned invalid results");
241
242 for (i=0; i < MIN(num_users,100); i++) {
243
244 struct wbcDomainSid sid, *sids;
245 enum wbcSidType name_type;
246 char *domain;
247 char *name;
248 char *sid_string;
249 uint32_t num_sids;
250
251 torture_assert_wbc_ok(tctx, wbcLookupName(domain_name, users[i], &sid, &name_type),
252 "wbcLookupName of %s failed", users[i]);
253 torture_assert_int_equal(tctx, name_type, WBC_SID_NAME_USER,
254 "wbcLookupName expected WBC_SID_NAME_USER");
255 wbcSidToString(&sid, &sid_string);
256 torture_assert_wbc_ok(tctx, wbcLookupSid(&sid, &domain, &name, &name_type),
257 "wbcLookupSid of %s failed", sid_string);
258 torture_assert_int_equal(tctx, name_type, WBC_SID_NAME_USER,
259 "wbcLookupSid of expected WBC_SID_NAME_USER");
260 torture_assert(tctx, name,
261 "wbcLookupSid returned no name");
262 wbcFreeMemory(domain);
263 wbcFreeMemory(name);
264 torture_assert_wbc_ok(tctx, wbcLookupUserSids(&sid, true, &num_sids, &sids),
265 "wbcLookupUserSids of %s failed", sid_string);
266 torture_assert_wbc_ok(
267 tctx, wbcGetDisplayName(&sid, &domain, &name,
268 &name_type),
269 "wbcGetDisplayName of %s failed", sid_string);
270 wbcFreeMemory(domain);
271 wbcFreeMemory(name);
272 wbcFreeMemory(sids);
273 wbcFreeMemory(sid_string);
274 }
275 wbcFreeMemory(users);
276
277 return true;
278 }
279
280 static bool test_wbc_groups(struct torture_context *tctx)
281 {
282 const char *domain_name = NULL;
283 uint32_t num_groups;
284 const char **groups;
285 int i;
286 struct wbcInterfaceDetails *details;
287
288 torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details),
289 "%s", "wbcInterfaceDetails failed");
290
291 domain_name = talloc_strdup(tctx, details->netbios_domain);
292 wbcFreeMemory(details);
293
294 torture_assert_wbc_ok(tctx, wbcListGroups(domain_name, &num_groups, &groups),
295 "wbcListGroups in %s failed", domain_name);
296 torture_assert(tctx, !(num_groups > 0 && !groups),
297 "wbcListGroups returned invalid results");
298
299 for (i=0; i < MIN(num_groups,100); i++) {
300
301 struct wbcDomainSid sid;
302 enum wbcSidType name_type;
303 char *domain;
304 char *name;
305 char *sid_string;
306
307 torture_assert_wbc_ok(tctx, wbcLookupName(domain_name, groups[i], &sid, &name_type),
308 "wbcLookupName for %s failed", domain_name);
309 wbcSidToString(&sid, &sid_string);
310 torture_assert_wbc_ok(tctx, wbcLookupSid(&sid, &domain, &name, &name_type),
311 "wbcLookupSid of %s failed", sid_string);
312 wbcFreeMemory(sid_string);
313 torture_assert(tctx, name,
314 "wbcLookupSid returned no name");
315 }
316 wbcFreeMemory(groups);
317
318 return true;
319 }
320
321 static bool test_wbc_trusts(struct torture_context *tctx)
322 {
323 struct wbcDomainInfo *domains;
324 size_t num_domains;
325 int i;
326
327 torture_assert_wbc_ok(tctx, wbcListTrusts(&domains, &num_domains),
328 "%s", "wbcListTrusts failed");
329 torture_assert(tctx, !(num_domains > 0 && !domains),
330 "wbcListTrusts returned invalid results");
331
332 for (i=0; i < MIN(num_domains,100); i++) {
333
334 struct wbcAuthErrorInfo *error;
335 /*
336 struct wbcDomainSid sid;
337 enum wbcSidType name_type;
338 char *domain;
339 char *name;
340 */
341 torture_assert_wbc_ok(tctx, wbcCheckTrustCredentials(domains[i].short_name, &error),
342 "%s", "wbcCheckTrustCredentials failed");
343 /*
344 torture_assert_wbc_ok(tctx, wbcLookupName(domains[i].short_name, NULL, &sid, &name_type),
345 "wbcLookupName failed");
346 torture_assert_int_equal(tctx, name_type, WBC_SID_NAME_DOMAIN,
347 "wbcLookupName expected WBC_SID_NAME_DOMAIN");
348 torture_assert_wbc_ok(tctx, wbcLookupSid(&sid, &domain, &name, &name_type),
349 "wbcLookupSid failed");
350 torture_assert_int_equal(tctx, name_type, WBC_SID_NAME_DOMAIN,
351 "wbcLookupSid expected WBC_SID_NAME_DOMAIN");
352 torture_assert(tctx, name,
353 "wbcLookupSid returned no name");
354 */
355 }
356 wbcFreeMemory(domains);
357
358 return true;
359 }
360
361 static bool test_wbc_lookupdc(struct torture_context *tctx)
362 {
363 const char *domain_name = NULL;
364 struct wbcInterfaceDetails *details;
365 struct wbcDomainControllerInfo *dc_info;
366
367 torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details),
368 "%s", "wbcInterfaceDetails failed");
369
370 domain_name = talloc_strdup(tctx, details->netbios_domain);
371 wbcFreeMemory(details);
372
373 torture_assert_wbc_ok(tctx, wbcLookupDomainController(domain_name, 0, &dc_info),
374 "wbcLookupDomainController for %s failed", domain_name);
375 wbcFreeMemory(dc_info);
376
377 return true;
378 }
379
380 static bool test_wbc_lookupdcex(struct torture_context *tctx)
381 {
382 const char *domain_name = NULL;
383 struct wbcInterfaceDetails *details;
384 struct wbcDomainControllerInfoEx *dc_info;
385
386 torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details),
387 "%s", "wbcInterfaceDetails failed");
388
389 domain_name = talloc_strdup(tctx, details->netbios_domain);
390 wbcFreeMemory(details);
391
392 torture_assert_wbc_ok(tctx, wbcLookupDomainControllerEx(domain_name, NULL, NULL, 0, &dc_info),
393 "wbcLookupDomainControllerEx for %s failed", domain_name);
394 wbcFreeMemory(dc_info);
395
396 return true;
397 }
398
399 static bool test_wbc_resolve_winsbyname(struct torture_context *tctx)
400 {
401 const char *name;
402 char *ip;
403 wbcErr ret;
404
405 name = torture_setting_string(tctx, "host", NULL);
406
407 ret = wbcResolveWinsByName(name, &ip);
408
409 if (is_ipaddress(name)) {
410 torture_assert_wbc_equal(tctx, ret, WBC_ERR_DOMAIN_NOT_FOUND, "wbcResolveWinsByName of %s failed", name);
411 } else {
412 torture_assert_wbc_ok(tctx, ret, "wbcResolveWinsByName for %s failed", name);
413 }
414
415 return true;
416 }
417
418 static bool test_wbc_resolve_winsbyip(struct torture_context *tctx)
419 {
420 const char *ip;
421 char *name;
422 wbcErr ret;
423
424 ip = torture_setting_string(tctx, "host", NULL);
425
426 ret = wbcResolveWinsByIP(ip, &name);
427
428 torture_assert_wbc_ok(tctx, ret, "wbcResolveWinsByIP for %s failed", ip);
429
430 wbcFreeMemory(name);
431
432 return true;
433 }
434
435 static bool test_wbc_lookup_rids(struct torture_context *tctx)
436 {
437 struct wbcDomainSid builtin;
438 uint32_t rids[2] = { 544, 545 };
439 const char *domain_name, **names;
440 enum wbcSidType *types;
441 wbcErr ret;
442
443 wbcStringToSid("S-1-5-32", &builtin);
444
445 ret = wbcLookupRids(&builtin, 2, rids, &domain_name, &names,
446 &types);
447 torture_assert_wbc_ok(tctx, ret, "%s", "wbcLookupRids for 544 and 545 failed");
448
449 torture_assert_str_equal(
450 tctx, names[0], "Administrators",
451 "S-1-5-32-544 not mapped to 'Administrators'");
452 torture_assert_str_equal(
453 tctx, names[1], "Users", "S-1-5-32-545 not mapped to 'Users'");
454
455 wbcFreeMemory(discard_const_p(char ,domain_name));
456 wbcFreeMemory(names);
457 wbcFreeMemory(types);
458
459 return true;
460 }
461
462 static bool test_wbc_get_sidaliases(struct torture_context *tctx)
463 {
464 struct wbcDomainSid builtin;
465 struct wbcDomainInfo *info;
466 struct wbcInterfaceDetails *details;
467 struct wbcDomainSid sids[2];
468 uint32_t *rids;
469 uint32_t num_rids;
470 wbcErr ret;
471
472 torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details),
473 "%s", "wbcInterfaceDetails failed");
474 torture_assert_wbc_ok(
475 tctx, wbcDomainInfo(details->netbios_domain, &info),
476 "wbcDomainInfo of %s failed", details->netbios_domain);
477 wbcFreeMemory(details);
478
479 sids[0] = info->sid;
480 sids[0].sub_auths[sids[0].num_auths++] = 500;
481 sids[1] = info->sid;
482 sids[1].sub_auths[sids[1].num_auths++] = 512;
483 wbcFreeMemory(info);
484
485 torture_assert_wbc_ok(
486 tctx, wbcStringToSid("S-1-5-32", &builtin),
487 "wbcStringToSid of %s failed", "S-1-5-32");
488
489 ret = wbcGetSidAliases(&builtin, sids, 2, &rids, &num_rids);
490 torture_assert_wbc_ok(tctx, ret, "%s", "wbcGetSidAliases failed");
491
492 wbcFreeMemory(rids);
493
494 return true;
495 }
496
497 static bool test_wbc_authenticate_user_int(struct torture_context *tctx,
498 const char *correct_password)
499 {
500 struct wbcAuthUserParams params;
501 struct wbcAuthUserInfo *info = NULL;
502 struct wbcAuthErrorInfo *error = NULL;
503 wbcErr ret;
504
505 ret = wbcAuthenticateUser(cli_credentials_get_username(cmdline_credentials), correct_password);
506 torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
507 "wbcAuthenticateUser of %s failed",
508 cli_credentials_get_username(cmdline_credentials));
509
510 ZERO_STRUCT(params);
511 params.account_name = cli_credentials_get_username(cmdline_credentials);
512 params.level = WBC_AUTH_USER_LEVEL_PLAIN;
513 params.password.plaintext = correct_password;
514
515 ret = wbcAuthenticateUserEx(&params, &info, &error);
516 torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
517 "wbcAuthenticateUserEx of %s failed", params.account_name);
518 wbcFreeMemory(info);
519 info = NULL;
520
521 wbcFreeMemory(error);
522 error = NULL;
523
524 params.password.plaintext = "wrong";
525 ret = wbcAuthenticateUserEx(&params, &info, &error);
526 torture_assert_wbc_equal(tctx, ret, WBC_ERR_AUTH_ERROR,
527 "wbcAuthenticateUserEx for %s succeeded where it "
528 "should have failed", params.account_name);
529 wbcFreeMemory(info);
530 info = NULL;
531
532 wbcFreeMemory(error);
533 error = NULL;
534
535 return true;
536 }
537
538 static bool test_wbc_authenticate_user(struct torture_context *tctx)
539 {
540 return test_wbc_authenticate_user_int(tctx, cli_credentials_get_password(cmdline_credentials));
541 }
542
543 static bool test_wbc_change_password(struct torture_context *tctx)
544 {
545 wbcErr ret;
546 const char *oldpass = cli_credentials_get_password(cmdline_credentials);
547 const char *newpass = "Koo8irei%$";
548
549 struct samr_CryptPassword new_nt_password;
550 struct samr_CryptPassword new_lm_password;
551 struct samr_Password old_nt_hash_enc;
552 struct samr_Password old_lanman_hash_enc;
553
554 uint8_t old_nt_hash[16];
555 uint8_t old_lanman_hash[16];
556 uint8_t new_nt_hash[16];
557 uint8_t new_lanman_hash[16];
558
559 struct wbcChangePasswordParams params;
560
561 if (oldpass == NULL) {
562 torture_skip(tctx,
563 "skipping wbcChangeUserPassword test as old password cannot be retrieved\n");
564 }
565
566 ZERO_STRUCT(params);
567
568 E_md4hash(oldpass, old_nt_hash);
569 E_md4hash(newpass, new_nt_hash);
570
571 if (lpcfg_client_lanman_auth(tctx->lp_ctx) &&
572 E_deshash(newpass, new_lanman_hash) &&
573 E_deshash(oldpass, old_lanman_hash)) {
574
575 /* E_deshash returns false for 'long' passwords (> 14
576 DOS chars). This allows us to match Win2k, which
577 does not store a LM hash for these passwords (which
578 would reduce the effective password length to 14) */
579
580 encode_pw_buffer(new_lm_password.data, newpass, STR_UNICODE);
581 arcfour_crypt(new_lm_password.data, old_nt_hash, 516);
582 E_old_pw_hash(new_nt_hash, old_lanman_hash,
583 old_lanman_hash_enc.hash);
584
585 params.old_password.response.old_lm_hash_enc_length =
586 sizeof(old_lanman_hash_enc.hash);
587 params.old_password.response.old_lm_hash_enc_data =
588 old_lanman_hash_enc.hash;
589 params.new_password.response.lm_length =
590 sizeof(new_lm_password.data);
591 params.new_password.response.lm_data =
592 new_lm_password.data;
593 } else {
594 ZERO_STRUCT(new_lm_password);
595 ZERO_STRUCT(old_lanman_hash_enc);
596 }
597
598 encode_pw_buffer(new_nt_password.data, newpass, STR_UNICODE);
599
600 arcfour_crypt(new_nt_password.data, old_nt_hash, 516);
601 E_old_pw_hash(new_nt_hash, old_nt_hash, old_nt_hash_enc.hash);
602
603 params.old_password.response.old_nt_hash_enc_length =
604 sizeof(old_nt_hash_enc.hash);
605 params.old_password.response.old_nt_hash_enc_data =
606 old_nt_hash_enc.hash;
607 params.new_password.response.nt_length = sizeof(new_nt_password.data);
608 params.new_password.response.nt_data = new_nt_password.data;
609
610 params.level = WBC_CHANGE_PASSWORD_LEVEL_RESPONSE;
611 params.account_name = cli_credentials_get_username(cmdline_credentials);
612 params.domain_name = cli_credentials_get_domain(cmdline_credentials);
613
614 ret = wbcChangeUserPasswordEx(&params, NULL, NULL, NULL);
615 torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
616 "wbcChangeUserPassword for %s failed", params.account_name);
617
618 if (!test_wbc_authenticate_user_int(tctx, newpass)) {
619 return false;
620 }
621
622 ret = wbcChangeUserPassword(cli_credentials_get_username(cmdline_credentials), newpass,
623 cli_credentials_get_password(cmdline_credentials));
624 torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
625 "wbcChangeUserPassword for %s failed", params.account_name);
626
627 return test_wbc_authenticate_user_int(tctx, cli_credentials_get_password(cmdline_credentials));
628 }
629
630 static bool test_wbc_logon_user(struct torture_context *tctx)
631 {
632 struct wbcLogonUserParams params;
633 struct wbcLogonUserInfo *info = NULL;
634 struct wbcAuthErrorInfo *error = NULL;
635 struct wbcUserPasswordPolicyInfo *policy = NULL;
636 struct wbcInterfaceDetails *iface;
637 struct wbcDomainSid sid;
638 enum wbcSidType sidtype;
639 char *sidstr;
640 wbcErr ret;
641
642 ZERO_STRUCT(params);
643
644 ret = wbcLogonUser(&params, &info, &error, &policy);
645 torture_assert_wbc_equal(tctx, ret, WBC_ERR_INVALID_PARAM,
646 "%s", "wbcLogonUser succeeded for NULL where it should "
647 "have failed");
648
649 params.username = cli_credentials_get_username(cmdline_credentials);
650 params.password = cli_credentials_get_password(cmdline_credentials);
651
652 ret = wbcAddNamedBlob(&params.num_blobs, &params.blobs,
653 "foo", 0, discard_const_p(uint8_t, "bar"), 4);
654 torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
655 "%s", "wbcAddNamedBlob failed");
656
657 ret = wbcLogonUser(&params, &info, &error, &policy);
658 torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
659 "wbcLogonUser for %s failed", params.username);
660 wbcFreeMemory(info); info = NULL;
661 wbcFreeMemory(error); error = NULL;
662 wbcFreeMemory(policy); policy = NULL;
663
664 params.password = "wrong";
665
666 ret = wbcLogonUser(&params, &info, &error, &policy);
667 torture_assert_wbc_equal(tctx, ret, WBC_ERR_AUTH_ERROR,
668 "wbcLogonUser for %s should have failed with "
669 "WBC_ERR_AUTH_ERROR", params.username);
670 wbcFreeMemory(info); info = NULL;
671 wbcFreeMemory(error); error = NULL;
672 wbcFreeMemory(policy); policy = NULL;
673
674 ret = wbcAddNamedBlob(&params.num_blobs, &params.blobs,
675 "membership_of", 0,
676 discard_const_p(uint8_t, "S-1-2-3-4"),
677 strlen("S-1-2-3-4")+1);
678 torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
679 "%s", "wbcAddNamedBlob failed");
680 params.password = cli_credentials_get_password(cmdline_credentials);
681 ret = wbcLogonUser(&params, &info, &error, &policy);
682 torture_assert_wbc_equal(tctx, ret, WBC_ERR_AUTH_ERROR,
683 "wbcLogonUser for %s should have failed with "
684 "WBC_ERR_AUTH_ERROR", params.username);
685 wbcFreeMemory(info); info = NULL;
686 wbcFreeMemory(error); error = NULL;
687 wbcFreeMemory(policy); policy = NULL;
688 wbcFreeMemory(params.blobs);
689 params.blobs = NULL; params.num_blobs = 0;
690
691 ret = wbcInterfaceDetails(&iface);
692 torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
693 "%s", "wbcInterfaceDetails failed");
694
695 ret = wbcLookupName(iface->netbios_domain, cli_credentials_get_username(cmdline_credentials), &sid,
696 &sidtype);
697 wbcFreeMemory(iface);
698 torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
699 "wbcLookupName for %s failed", cli_credentials_get_username(cmdline_credentials));
700
701 ret = wbcSidToString(&sid, &sidstr);
702 torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
703 "%s", "wbcSidToString failed");
704
705 ret = wbcAddNamedBlob(&params.num_blobs, &params.blobs,
706 "membership_of", 0,
707 (uint8_t *)sidstr, strlen(sidstr)+1);
708 torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
709 "%s", "wbcAddNamedBlob failed");
710 wbcFreeMemory(sidstr);
711 params.password = cli_credentials_get_password(cmdline_credentials);
712 ret = wbcLogonUser(&params, &info, &error, &policy);
713 torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
714 "wbcLogonUser for %s failed", params.username);
715 wbcFreeMemory(info); info = NULL;
716 wbcFreeMemory(error); error = NULL;
717 wbcFreeMemory(policy); policy = NULL;
718 wbcFreeMemory(params.blobs);
719 params.blobs = NULL; params.num_blobs = 0;
720
721 return true;
722 }
723
724 static bool test_wbc_getgroups(struct torture_context *tctx)
725 {
726 wbcErr ret;
727 uint32_t num_groups;
728 gid_t *groups;
729
730 ret = wbcGetGroups(cli_credentials_get_username(cmdline_credentials), &num_groups, &groups);
731 torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
732 "wbcGetGroups for %s failed", cli_credentials_get_username(cmdline_credentials));
733 wbcFreeMemory(groups);
734 return true;
735 }
736
737 struct torture_suite *torture_wbclient(void)
738 {
739 struct torture_suite *suite = torture_suite_create(talloc_autofree_context(), "wbclient");
740
741 torture_suite_add_simple_test(suite, "wbcPing", test_wbc_ping);
742 torture_suite_add_simple_test(suite, "wbcPingDc", test_wbc_pingdc);
743 torture_suite_add_simple_test(suite, "wbcPingDc2", test_wbc_pingdc2);
744 torture_suite_add_simple_test(suite, "wbcLibraryDetails", test_wbc_library_details);
745 torture_suite_add_simple_test(suite, "wbcInterfaceDetails", test_wbc_interface_details);
746 torture_suite_add_simple_test(suite, "wbcSidTypeString", test_wbc_sidtypestring);
747 torture_suite_add_simple_test(suite, "wbcSidToString", test_wbc_sidtostring);
748 torture_suite_add_simple_test(suite, "wbcGuidToString", test_wbc_guidtostring);
749 torture_suite_add_simple_test(suite, "wbcDomainInfo", test_wbc_domain_info);
750 torture_suite_add_simple_test(suite, "wbcListUsers", test_wbc_users);
751 torture_suite_add_simple_test(suite, "wbcListGroups", test_wbc_groups);
752 torture_suite_add_simple_test(suite, "wbcListTrusts", test_wbc_trusts);
753 torture_suite_add_simple_test(suite, "wbcLookupDomainController", test_wbc_lookupdc);
754 torture_suite_add_simple_test(suite, "wbcLookupDomainControllerEx", test_wbc_lookupdcex);
755 torture_suite_add_simple_test(suite, "wbcResolveWinsByName", test_wbc_resolve_winsbyname);
756 torture_suite_add_simple_test(suite, "wbcResolveWinsByIP", test_wbc_resolve_winsbyip);
757 torture_suite_add_simple_test(suite, "wbcLookupRids",
758 test_wbc_lookup_rids);
759 torture_suite_add_simple_test(suite, "wbcGetSidAliases",
760 test_wbc_get_sidaliases);
761 torture_suite_add_simple_test(suite, "wbcAuthenticateUser",
762 test_wbc_authenticate_user);
763 torture_suite_add_simple_test(suite, "wbcLogonUser",
764 test_wbc_logon_user);
765 torture_suite_add_simple_test(suite, "wbcChangeUserPassword",
766 test_wbc_change_password);
767 torture_suite_add_simple_test(suite, "wbcGetGroups",
768 test_wbc_getgroups);
769
770 return suite;
771 }
Samba GIT mirror