search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3-lsa: Fix static list of luids in our privileges implementation.
[Samba/ekacnet.git] / source4 / torture / rap / sam.c
blob144abaabf2c5787c10f31e1230e2b622eef34aab
1 /*
2 Unix SMB/CIFS implementation.
3 test suite for RAP sam operations
4
5 Copyright (C) Guenther Deschner 2010
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include "includes.h"
22 #include "libcli/libcli.h"
23 #include "torture/torture.h"
24 #include "torture/util.h"
25 #include "torture/smbtorture.h"
26 #include "torture/util.h"
27 #include "../librpc/gen_ndr/rap.h"
28 #include "torture/rap/proto.h"
29 #include "param/param.h"
30 #include "../lib/crypto/crypto.h"
31 #include "../libcli/auth/libcli_auth.h"
32 #include "torture/rpc/torture_rpc.h"
33
34 #define TEST_RAP_USER "torture_rap_user"
35
36 static char *samr_rand_pass(TALLOC_CTX *mem_ctx, int min_len)
37 {
38 size_t len = MAX(8, min_len);
39 char *s = generate_random_password(mem_ctx, len, len+6);
40 printf("Generated password '%s'\n", s);
41 return s;
42 }
43
44 static bool test_userpasswordset2_args(struct torture_context *tctx,
45 struct smbcli_state *cli,
46 const char *username,
47 const char **password)
48 {
49 struct rap_NetUserPasswordSet2 r;
50 char *newpass = samr_rand_pass(tctx, 8);
51
52 ZERO_STRUCT(r);
53
54 r.in.UserName = username;
55
56 memcpy(r.in.OldPassword, *password, MIN(strlen(*password), 16));
57 memcpy(r.in.NewPassword, newpass, MIN(strlen(newpass), 16));
58 r.in.EncryptedPassword = 0;
59 r.in.RealPasswordLength = strlen(newpass);
60
61 torture_comment(tctx, "Testing rap_NetUserPasswordSet2(%s)\n", r.in.UserName);
62
63 torture_assert_ntstatus_ok(tctx,
64 smbcli_rap_netuserpasswordset2(cli->tree, lp_iconv_convenience(tctx->lp_ctx), tctx, &r),
65 "smbcli_rap_netuserpasswordset2 failed");
66 if (!W_ERROR_IS_OK(W_ERROR(r.out.status))) {
67 torture_warning(tctx, "RAP NetUserPasswordSet2 gave: %s\n",
68 win_errstr(W_ERROR(r.out.status)));
69 } else {
70 *password = newpass;
71 }
72
73 return true;
74 }
75
76 static bool test_userpasswordset2_crypt_args(struct torture_context *tctx,
77 struct smbcli_state *cli,
78 const char *username,
79 const char **password)
80 {
81 struct rap_NetUserPasswordSet2 r;
82 char *newpass = samr_rand_pass(tctx, 8);
83
84 r.in.UserName = username;
85
86 E_deshash(*password, r.in.OldPassword);
87 E_deshash(newpass, r.in.NewPassword);
88
89 r.in.RealPasswordLength = strlen(newpass);
90 r.in.EncryptedPassword = 1;
91
92 torture_comment(tctx, "Testing rap_NetUserPasswordSet2(%s)\n", r.in.UserName);
93
94 torture_assert_ntstatus_ok(tctx,
95 smbcli_rap_netuserpasswordset2(cli->tree, lp_iconv_convenience(tctx->lp_ctx), tctx, &r),
96 "smbcli_rap_netuserpasswordset2 failed");
97 if (!W_ERROR_IS_OK(W_ERROR(r.out.status))) {
98 torture_warning(tctx, "RAP NetUserPasswordSet2 gave: %s\n",
99 win_errstr(W_ERROR(r.out.status)));
100 } else {
101 *password = newpass;
102 }
103
104 return true;
105 }
106
107 static bool test_userpasswordset2(struct torture_context *tctx,
108 struct smbcli_state *cli)
109 {
110 struct test_join *join_ctx;
111 const char *password;
112 bool ret = true;
113
114 join_ctx = torture_create_testuser_max_pwlen(tctx, TEST_RAP_USER,
115 torture_setting_string(tctx, "workgroup", NULL),
116 ACB_NORMAL,
117 &password, 14);
118 if (join_ctx == NULL) {
119 torture_fail(tctx, "failed to create user\n");
120 }
121
122 ret &= test_userpasswordset2_args(tctx, cli, TEST_RAP_USER, &password);
123 ret &= test_userpasswordset2_crypt_args(tctx, cli, TEST_RAP_USER, &password);
124
125 torture_leave_domain(tctx, join_ctx);
126
127 return ret;
128 }
129
130 static bool test_oemchangepassword_args(struct torture_context *tctx,
131 struct smbcli_state *cli,
132 const char *username,
133 const char **password)
134 {
135 struct rap_NetOEMChangePassword r;
136
137 const char *oldpass = *password;
138 char *newpass = samr_rand_pass(tctx, 9);
139 uint8_t old_pw_hash[16];
140 uint8_t new_pw_hash[16];
141
142 r.in.UserName = username;
143
144 E_deshash(oldpass, old_pw_hash);
145 E_deshash(newpass, new_pw_hash);
146
147 encode_pw_buffer(r.in.crypt_password, newpass, STR_ASCII);
148 arcfour_crypt(r.in.crypt_password, old_pw_hash, 516);
149 E_old_pw_hash(new_pw_hash, old_pw_hash, r.in.password_hash);
150
151 torture_comment(tctx, "Testing rap_NetOEMChangePassword(%s)\n", r.in.UserName);
152
153 torture_assert_ntstatus_ok(tctx,
154 smbcli_rap_netoemchangepassword(cli->tree, lp_iconv_convenience(tctx->lp_ctx), tctx, &r),
155 "smbcli_rap_netoemchangepassword failed");
156 if (!W_ERROR_IS_OK(W_ERROR(r.out.status))) {
157 torture_warning(tctx, "RAP NetOEMChangePassword gave: %s\n",
158 win_errstr(W_ERROR(r.out.status)));
159 } else {
160 *password = newpass;
161 }
162
163 return true;
164 }
165
166 static bool test_oemchangepassword(struct torture_context *tctx,
167 struct smbcli_state *cli)
168 {
169
170 struct test_join *join_ctx;
171 const char *password;
172 bool ret;
173
174 join_ctx = torture_create_testuser_max_pwlen(tctx, TEST_RAP_USER,
175 torture_setting_string(tctx, "workgroup", NULL),
176 ACB_NORMAL,
177 &password, 14);
178 if (join_ctx == NULL) {
179 torture_fail(tctx, "failed to create user\n");
180 }
181
182 ret = test_oemchangepassword_args(tctx, cli, TEST_RAP_USER, &password);
183
184 torture_leave_domain(tctx, join_ctx);
185
186 return ret;
187 }
188
189 static bool test_usergetinfo_byname(struct torture_context *tctx,
190 struct smbcli_state *cli,
191 const char *UserName)
192 {
193 struct rap_NetUserGetInfo r;
194 int i;
195 uint16_t levels[] = { 0, 1, 2, 10, 11 };
196
197 for (i=0; i < ARRAY_SIZE(levels); i++) {
198
199 r.in.UserName = UserName;
200 r.in.level = levels[i];
201 r.in.bufsize = 8192;
202
203 torture_comment(tctx,
204 "Testing rap_NetUserGetInfo(%s) level %d\n", r.in.UserName, r.in.level);
205
206 torture_assert_ntstatus_ok(tctx,
207 smbcli_rap_netusergetinfo(cli->tree, tctx, &r),
208 "smbcli_rap_netusergetinfo failed");
209 torture_assert_werr_ok(tctx, W_ERROR(r.out.status),
210 "smbcli_rap_netusergetinfo failed");
211 }
212
213 return true;
214 }
215
216 static bool test_usergetinfo(struct torture_context *tctx,
217 struct smbcli_state *cli)
218 {
219
220 struct test_join *join_ctx;
221 const char *password;
222 bool ret;
223
224 join_ctx = torture_create_testuser_max_pwlen(tctx, TEST_RAP_USER,
225 torture_setting_string(tctx, "workgroup", NULL),
226 ACB_NORMAL,
227 &password, 14);
228 if (join_ctx == NULL) {
229 torture_fail(tctx, "failed to create user\n");
230 }
231
232 ret = test_usergetinfo_byname(tctx, cli, TEST_RAP_USER);
233
234 torture_leave_domain(tctx, join_ctx);
235
236 return ret;
237 }
238
239 struct torture_suite *torture_rap_sam(TALLOC_CTX *mem_ctx)
240 {
241 struct torture_suite *suite = torture_suite_create(mem_ctx, "SAM");
242
243 torture_suite_add_1smb_test(suite, "userpasswordset2", test_userpasswordset2);
244 torture_suite_add_1smb_test(suite, "oemchangepassword", test_oemchangepassword);
245 torture_suite_add_1smb_test(suite, "usergetinfo", test_usergetinfo);
246
247 return suite;
248 }