search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
librpc: Shorten dcerpc_binding_handle_call a bit
[Samba/gebeck_regimport.git] / source4 / torture / libnet / libnet_domain.c
blob142b6e9f617ee77ae1fa3a617cd3181aa9cf0771
1 /*
2 Unix SMB/CIFS implementation.
3 Test suite for libnet calls.
4
5 Copyright (C) Rafal Szczesniak 2006
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20
21
22 #include "includes.h"
23 #include "lib/cmdline/popt_common.h"
24 #include "libnet/libnet.h"
25 #include "librpc/gen_ndr/ndr_samr_c.h"
26 #include "librpc/gen_ndr/ndr_lsa_c.h"
27 #include "torture/rpc/torture_rpc.h"
28 #include "param/param.h"
29
30
31 static bool test_opendomain_samr(struct torture_context *tctx,
32 struct dcerpc_binding_handle *b, TALLOC_CTX *mem_ctx,
33 struct policy_handle *handle, struct lsa_String *domname,
34 uint32_t *access_mask, struct dom_sid **sid_p)
35 {
36 struct policy_handle h, domain_handle;
37 struct samr_Connect r1;
38 struct samr_LookupDomain r2;
39 struct dom_sid2 *sid = NULL;
40 struct samr_OpenDomain r3;
41
42 torture_comment(tctx, "connecting\n");
43
44 *access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
45
46 r1.in.system_name = 0;
47 r1.in.access_mask = *access_mask;
48 r1.out.connect_handle = &h;
49
50 torture_assert_ntstatus_ok(tctx,
51 dcerpc_samr_Connect_r(b, mem_ctx, &r1),
52 "Connect failed");
53 torture_assert_ntstatus_ok(tctx, r1.out.result,
54 "Connect failed");
55
56 r2.in.connect_handle = &h;
57 r2.in.domain_name = domname;
58 r2.out.sid = &sid;
59
60 torture_comment(tctx, "domain lookup on %s\n", domname->string);
61
62 torture_assert_ntstatus_ok(tctx,
63 dcerpc_samr_LookupDomain_r(b, mem_ctx, &r2),
64 "LookupDomain failed");
65 torture_assert_ntstatus_ok(tctx, r2.out.result,
66 "LookupDomain failed");
67
68 r3.in.connect_handle = &h;
69 r3.in.access_mask = *access_mask;
70 r3.in.sid = *sid_p = *r2.out.sid;
71 r3.out.domain_handle = &domain_handle;
72
73 torture_comment(tctx, "opening domain\n");
74
75 torture_assert_ntstatus_ok(tctx,
76 dcerpc_samr_OpenDomain_r(b, mem_ctx, &r3),
77 "OpenDomain failed");
78 torture_assert_ntstatus_ok(tctx, r3.out.result,
79 "OpenDomain failed");
80
81 *handle = domain_handle;
82
83 return true;
84 }
85
86
87 static bool test_opendomain_lsa(struct torture_context *tctx,
88 struct dcerpc_binding_handle *b, TALLOC_CTX *mem_ctx,
89 struct policy_handle *handle, struct lsa_String *domname,
90 uint32_t *access_mask)
91 {
92 struct lsa_OpenPolicy2 open;
93 struct lsa_ObjectAttribute attr;
94 struct lsa_QosInfo qos;
95
96 *access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
97
98 ZERO_STRUCT(attr);
99 ZERO_STRUCT(qos);
100
101 qos.len = 0;
102 qos.impersonation_level = 2;
103 qos.context_mode = 1;
104 qos.effective_only = 0;
105
106 attr.sec_qos = &qos;
107
108 open.in.system_name = domname->string;
109 open.in.attr = &attr;
110 open.in.access_mask = *access_mask;
111 open.out.handle = handle;
112
113 torture_assert_ntstatus_ok(tctx,
114 dcerpc_lsa_OpenPolicy2_r(b, mem_ctx, &open),
115 "OpenPolicy2 failed");
116 torture_assert_ntstatus_ok(tctx, open.out.result,
117 "OpenPolicy2 failed");
118
119 return true;
120 }
121
122 bool torture_domain_open_lsa(struct torture_context *torture)
123 {
124 NTSTATUS status;
125 bool ret = true;
126 struct libnet_context *ctx;
127 struct libnet_DomainOpen r;
128 struct lsa_Close lsa_close;
129 struct policy_handle h;
130 const char *domain_name;
131
132 /* we're accessing domain controller so the domain name should be
133 passed (it's going to be resolved to dc name and address) instead
134 of specific server name. */
135 domain_name = lpcfg_workgroup(torture->lp_ctx);
136
137 ctx = libnet_context_init(torture->ev, torture->lp_ctx);
138 if (ctx == NULL) {
139 torture_comment(torture, "failed to create libnet context\n");
140 return false;
141 }
142
143 ctx->cred = cmdline_credentials;
144
145 ZERO_STRUCT(r);
146 r.in.type = DOMAIN_LSA;
147 r.in.domain_name = domain_name;
148 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
149
150 status = libnet_DomainOpen(ctx, torture, &r);
151 if (!NT_STATUS_IS_OK(status)) {
152 torture_comment(torture, "failed to open domain on lsa service: %s\n", nt_errstr(status));
153 ret = false;
154 goto done;
155 }
156
157 ZERO_STRUCT(lsa_close);
158 lsa_close.in.handle = &ctx->lsa.handle;
159 lsa_close.out.handle = &h;
160
161 torture_assert_ntstatus_ok(torture,
162 dcerpc_lsa_Close_r(ctx->lsa.pipe->binding_handle, ctx, &lsa_close),
163 "failed to close domain on lsa service");
164 torture_assert_ntstatus_ok(torture, lsa_close.out.result,
165 "failed to close domain on lsa service");
166
167 done:
168 talloc_free(ctx);
169 return ret;
170 }
171
172
173 bool torture_domain_close_lsa(struct torture_context *torture)
174 {
175 bool ret = true;
176 NTSTATUS status;
177 TALLOC_CTX *mem_ctx=NULL;
178 struct libnet_context *ctx;
179 struct lsa_String domain_name;
180 struct dcerpc_binding *binding;
181 uint32_t access_mask;
182 struct policy_handle h;
183 struct dcerpc_pipe *p;
184 struct libnet_DomainClose r;
185
186 status = torture_rpc_binding(torture, &binding);
187 if (!NT_STATUS_IS_OK(status)) {
188 return false;
189 }
190
191 ctx = libnet_context_init(torture->ev, torture->lp_ctx);
192 if (ctx == NULL) {
193 torture_comment(torture, "failed to create libnet context\n");
194 ret = false;
195 goto done;
196 }
197
198 ctx->cred = cmdline_credentials;
199
200 mem_ctx = talloc_init("torture_domain_close_lsa");
201 status = dcerpc_pipe_connect_b(mem_ctx, &p, binding, &ndr_table_lsarpc,
202 cmdline_credentials, torture->ev, torture->lp_ctx);
203 if (!NT_STATUS_IS_OK(status)) {
204 torture_comment(torture, "failed to connect to server: %s\n", nt_errstr(status));
205 ret = false;
206 goto done;
207 }
208
209 domain_name.string = lpcfg_workgroup(torture->lp_ctx);
210
211 if (!test_opendomain_lsa(torture, p->binding_handle, torture, &h, &domain_name, &access_mask)) {
212 torture_comment(torture, "failed to open domain on lsa service\n");
213 ret = false;
214 goto done;
215 }
216
217 ctx->lsa.pipe = p;
218 ctx->lsa.name = domain_name.string;
219 ctx->lsa.access_mask = access_mask;
220 ctx->lsa.handle = h;
221 /* we have to use pipe's event context, otherwise the call will
222 hang indefinitely */
223 ctx->event_ctx = p->conn->event_ctx;
224
225 ZERO_STRUCT(r);
226 r.in.type = DOMAIN_LSA;
227 r.in.domain_name = domain_name.string;
228
229 status = libnet_DomainClose(ctx, mem_ctx, &r);
230 if (!NT_STATUS_IS_OK(status)) {
231 ret = false;
232 goto done;
233 }
234
235 done:
236 talloc_free(mem_ctx);
237 talloc_free(ctx);
238 return ret;
239 }
240
241
242 bool torture_domain_open_samr(struct torture_context *torture)
243 {
244 NTSTATUS status;
245 struct libnet_context *ctx;
246 TALLOC_CTX *mem_ctx;
247 struct policy_handle domain_handle, handle;
248 struct libnet_DomainOpen io;
249 struct samr_Close r;
250 const char *domain_name;
251 bool ret = true;
252
253 mem_ctx = talloc_init("test_domainopen_lsa");
254
255 ctx = libnet_context_init(torture->ev, torture->lp_ctx);
256 ctx->cred = cmdline_credentials;
257
258 /* we're accessing domain controller so the domain name should be
259 passed (it's going to be resolved to dc name and address) instead
260 of specific server name. */
261 domain_name = lpcfg_workgroup(torture->lp_ctx);
262
263 /*
264 * Testing synchronous version
265 */
266 torture_comment(torture, "opening domain\n");
267
268 io.in.type = DOMAIN_SAMR;
269 io.in.domain_name = domain_name;
270 io.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
271
272 status = libnet_DomainOpen(ctx, mem_ctx, &io);
273 if (!NT_STATUS_IS_OK(status)) {
274 torture_comment(torture, "Composite domain open failed for domain '%s' - %s\n",
275 domain_name, nt_errstr(status));
276 ret = false;
277 goto done;
278 }
279
280 domain_handle = ctx->samr.handle;
281
282 r.in.handle = &domain_handle;
283 r.out.handle = &handle;
284
285 torture_comment(torture, "closing domain handle\n");
286
287 torture_assert_ntstatus_ok(torture,
288 dcerpc_samr_Close_r(ctx->samr.pipe->binding_handle, mem_ctx, &r),
289 "Close failed");
290 torture_assert_ntstatus_ok(torture, r.out.result,
291 "Close failed");
292
293 done:
294 talloc_free(mem_ctx);
295 talloc_free(ctx);
296
297 return ret;
298 }
299
300
301 bool torture_domain_close_samr(struct torture_context *torture)
302 {
303 bool ret = true;
304 NTSTATUS status;
305 TALLOC_CTX *mem_ctx = NULL;
306 struct libnet_context *ctx;
307 struct lsa_String domain_name;
308 struct dcerpc_binding *binding;
309 uint32_t access_mask;
310 struct policy_handle h;
311 struct dcerpc_pipe *p;
312 struct libnet_DomainClose r;
313 struct dom_sid *sid;
314
315 status = torture_rpc_binding(torture, &binding);
316 if (!NT_STATUS_IS_OK(status)) {
317 return false;
318 }
319
320 ctx = libnet_context_init(torture->ev, torture->lp_ctx);
321 if (ctx == NULL) {
322 torture_comment(torture, "failed to create libnet context\n");
323 ret = false;
324 goto done;
325 }
326
327 ctx->cred = cmdline_credentials;
328
329 mem_ctx = talloc_init("torture_domain_close_samr");
330 status = dcerpc_pipe_connect_b(mem_ctx, &p, binding, &ndr_table_samr,
331 ctx->cred, torture->ev, torture->lp_ctx);
332 if (!NT_STATUS_IS_OK(status)) {
333 torture_comment(torture, "failed to connect to server: %s\n", nt_errstr(status));
334 ret = false;
335 goto done;
336 }
337
338 domain_name.string = talloc_strdup(mem_ctx, lpcfg_workgroup(torture->lp_ctx));
339
340 if (!test_opendomain_samr(torture, p->binding_handle, torture, &h, &domain_name, &access_mask, &sid)) {
341 torture_comment(torture, "failed to open domain on samr service\n");
342 ret = false;
343 goto done;
344 }
345
346 ctx->samr.pipe = p;
347 ctx->samr.name = talloc_steal(ctx, domain_name.string);
348 ctx->samr.access_mask = access_mask;
349 ctx->samr.handle = h;
350 ctx->samr.sid = talloc_steal(ctx, sid);
351 /* we have to use pipe's event context, otherwise the call will
352 hang indefinitely - this wouldn't be the case if pipe was opened
353 by means of libnet call */
354 ctx->event_ctx = p->conn->event_ctx;
355
356 ZERO_STRUCT(r);
357 r.in.type = DOMAIN_SAMR;
358 r.in.domain_name = domain_name.string;
359
360 status = libnet_DomainClose(ctx, mem_ctx, &r);
361 if (!NT_STATUS_IS_OK(status)) {
362 ret = false;
363 goto done;
364 }
365
366 done:
367 talloc_free(mem_ctx);
368 talloc_free(ctx);
369 return ret;
370 }
371
372
373 bool torture_domain_list(struct torture_context *torture)
374 {
375 bool ret = true;
376 NTSTATUS status;
377 TALLOC_CTX *mem_ctx = NULL;
378 struct dcerpc_binding *binding;
379 struct libnet_context *ctx;
380 struct libnet_DomainList r;
381 int i;
382
383 status = torture_rpc_binding(torture, &binding);
384 if (!NT_STATUS_IS_OK(status)) {
385 return false;
386 }
387
388 ctx = libnet_context_init(torture->ev, torture->lp_ctx);
389 if (ctx == NULL) {
390 torture_comment(torture, "failed to create libnet context\n");
391 ret = false;
392 goto done;
393 }
394
395 ctx->cred = cmdline_credentials;
396
397 mem_ctx = talloc_init("torture_domain_close_samr");
398
399 /*
400 * querying the domain list using default buffer size
401 */
402
403 ZERO_STRUCT(r);
404 r.in.hostname = binding->host;
405
406 status = libnet_DomainList(ctx, mem_ctx, &r);
407 if (!NT_STATUS_IS_OK(status)) {
408 ret = false;
409 goto done;
410 }
411
412 torture_comment(torture, "Received list or domains (everything in one piece):\n");
413
414 for (i = 0; i < r.out.count; i++) {
415 torture_comment(torture, "Name[%d]: %s\n", i, r.out.domains[i].name);
416 }
417
418 /*
419 * querying the domain list using specified (much smaller) buffer size
420 */
421
422 ctx->samr.buf_size = 32;
423
424 ZERO_STRUCT(r);
425 r.in.hostname = binding->host;
426
427 status = libnet_DomainList(ctx, mem_ctx, &r);
428 if (!NT_STATUS_IS_OK(status)) {
429 ret = false;
430 goto done;
431 }
432
433 torture_comment(torture, "Received list or domains (collected in more than one round):\n");
434
435 for (i = 0; i < r.out.count; i++) {
436 torture_comment(torture, "Name[%d]: %s\n", i, r.out.domains[i].name);
437 }
438
439 done:
440 torture_comment(torture, "\nStatus: %s\n", nt_errstr(status));
441
442 talloc_free(mem_ctx);
443 talloc_free(ctx);
444 return ret;
445 }
reg import