release/src-rt-6.x.4708/router/samba-3.5.8/source4/torture/libnet/libnet_group.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    Test suite for libnet calls.
   4
   5    Copyright (C) Rafal Szczesniak  2007
   6
   7    This program is free software; you can redistribute it and/or modify
   8    it under the terms of the GNU General Public License as published by
   9    the Free Software Foundation; either version 3 of the License, or
  10    (at your option) any later version.
  11
  12    This program is distributed in the hope that it will be useful,
  13    but WITHOUT ANY WARRANTY; without even the implied warranty of
  14    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15    GNU General Public License for more details.
  16
  17    You should have received a copy of the GNU General Public License
  18    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  19 */
  20
  21
  22 #include "includes.h"
  23 #include "lib/cmdline/popt_common.h"
  24 #include "libnet/libnet.h"
  25 #include "librpc/gen_ndr/ndr_samr_c.h"
  26 #include "librpc/gen_ndr/ndr_lsa_c.h"
  27 #include "torture/torture.h"
  28 #include "torture/rpc/rpc.h"
  29 #include "param/param.h"
  30
  31
  32 #define TEST_GROUPNAME  "libnetgrouptest"
  33
  34
  35 static bool test_cleanup(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
  36                          struct policy_handle *domain_handle, const char *groupname)
  37 {
  38         NTSTATUS status;
  39         struct samr_LookupNames r1;
  40         struct samr_OpenGroup r2;
  41         struct samr_DeleteDomainGroup r3;
  42         struct lsa_String names[2];
  43         uint32_t rid;
  44         struct policy_handle group_handle;
  45         struct samr_Ids rids, types;
  46
  47         names[0].string = groupname;
  48
  49         r1.in.domain_handle  = domain_handle;
  50         r1.in.num_names      = 1;
  51         r1.in.names          = names;
  52         r1.out.rids          = &rids;
  53         r1.out.types         = &types;
  54
  55         printf("group account lookup '%s'\n", groupname);
  56
  57         status = dcerpc_samr_LookupNames(p, mem_ctx, &r1);
  58         if (!NT_STATUS_IS_OK(status)) {
  59                 printf("LookupNames failed - %s\n", nt_errstr(status));
  60                 return false;
  61         }
  62
  63         rid = r1.out.rids->ids[0];
  64
  65         r2.in.domain_handle  = domain_handle;
  66         r2.in.access_mask    = SEC_FLAG_MAXIMUM_ALLOWED;
  67         r2.in.rid            = rid;
  68         r2.out.group_handle  = &group_handle;
  69
  70         printf("opening group account\n");
  71
  72         status = dcerpc_samr_OpenGroup(p, mem_ctx, &r2);
  73         if (!NT_STATUS_IS_OK(status)) {
  74                 printf("OpenGroup failed - %s\n", nt_errstr(status));
  75                 return false;
  76         }
  77
  78         r3.in.group_handle  = &group_handle;
  79         r3.out.group_handle = &group_handle;
  80
  81         printf("deleting group account\n");
  82
  83         status = dcerpc_samr_DeleteDomainGroup(p, mem_ctx, &r3);
  84         if (!NT_STATUS_IS_OK(status)) {
  85                 printf("DeleteGroup failed - %s\n", nt_errstr(status));
  86                 return false;
  87         }
  88
  89         return true;
  90 }
  91
  92
  93 static bool test_creategroup(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
  94                              struct policy_handle *handle, const char *name)
  95 {
  96         NTSTATUS status;
  97         struct lsa_String groupname;
  98         struct samr_CreateDomainGroup r;
  99         struct policy_handle group_handle;
 100         uint32_t group_rid;
 101
 102         groupname.string = name;
 103
 104         r.in.domain_handle  = handle;
 105         r.in.name           = &groupname;
 106         r.in.access_mask    = SEC_FLAG_MAXIMUM_ALLOWED;
 107         r.out.group_handle  = &group_handle;
 108         r.out.rid           = &group_rid;
 109
 110         printf("creating group account %s\n", name);
 111
 112         status = dcerpc_samr_CreateDomainGroup(p, mem_ctx, &r);
 113         if (!NT_STATUS_IS_OK(status)) {
 114                 printf("CreateGroup failed - %s\n", nt_errstr(status));
 115
 116                 if (NT_STATUS_EQUAL(status, NT_STATUS_GROUP_EXISTS)) {
 117                         printf("Group (%s) already exists - attempting to delete and recreate group again\n", name);
 118                         if (!test_cleanup(p, mem_ctx, handle, TEST_GROUPNAME)) {
 119                                 return false;
 120                         }
 121
 122                         printf("creating group account\n");
 123
 124                         status = dcerpc_samr_CreateDomainGroup(p, mem_ctx, &r);
 125                         if (!NT_STATUS_IS_OK(status)) {
 126                                 printf("CreateGroup failed - %s\n", nt_errstr(status));
 127                                 return false;
 128                         }
 129                         return true;
 130                 }
 131                 return false;
 132         }
 133
 134         return true;
 135 }
 136
 137
 138 static bool test_opendomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
 139                             struct policy_handle *handle, struct lsa_String *domname)
 140 {
 141         NTSTATUS status;
 142         struct policy_handle h, domain_handle;
 143         struct samr_Connect r1;
 144         struct samr_LookupDomain r2;
 145         struct dom_sid2 *sid = NULL;
 146         struct samr_OpenDomain r3;
 147
 148         printf("connecting\n");
 149
 150         r1.in.system_name = 0;
 151         r1.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
 152         r1.out.connect_handle = &h;
 153
 154         status = dcerpc_samr_Connect(p, mem_ctx, &r1);
 155         if (!NT_STATUS_IS_OK(status)) {
 156                 printf("Connect failed - %s\n", nt_errstr(status));
 157                 return false;
 158         }
 159
 160         r2.in.connect_handle = &h;
 161         r2.in.domain_name = domname;
 162         r2.out.sid = &sid;
 163
 164         printf("domain lookup on %s\n", domname->string);
 165
 166         status = dcerpc_samr_LookupDomain(p, mem_ctx, &r2);
 167         if (!NT_STATUS_IS_OK(status)) {
 168                 printf("LookupDomain failed - %s\n", nt_errstr(status));
 169                 return false;
 170         }
 171
 172         r3.in.connect_handle = &h;
 173         r3.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
 174         r3.in.sid = *r2.out.sid;
 175         r3.out.domain_handle = &domain_handle;
 176
 177         printf("opening domain\n");
 178
 179         status = dcerpc_samr_OpenDomain(p, mem_ctx, &r3);
 180         if (!NT_STATUS_IS_OK(status)) {
 181                 printf("OpenDomain failed - %s\n", nt_errstr(status));
 182                 return false;
 183         } else {
 184                 *handle = domain_handle;
 185         }
 186
 187         return true;
 188 }
 189
 190
 191 static bool test_samr_close(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
 192                             struct policy_handle *domain_handle)
 193 {
 194         NTSTATUS status;
 195         struct samr_Close r;
 196
 197         r.in.handle = domain_handle;
 198         r.out.handle = domain_handle;
 199
 200         status = dcerpc_samr_Close(p, mem_ctx, &r);
 201         if (!NT_STATUS_IS_OK(status)) {
 202                 printf("Close samr domain failed - %s\n", nt_errstr(status));
 203                 return false;
 204         }
 205
 206         return true;
 207 }
 208
 209
 210 static bool test_lsa_close(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
 211                            struct policy_handle *domain_handle)
 212 {
 213         NTSTATUS status;
 214         struct lsa_Close r;
 215
 216         r.in.handle = domain_handle;
 217         r.out.handle = domain_handle;
 218
 219         status = dcerpc_lsa_Close(p, mem_ctx, &r);
 220         if (!NT_STATUS_IS_OK(status)) {
 221                 printf("Close lsa domain failed - %s\n", nt_errstr(status));
 222                 return false;
 223         }
 224
 225         return true;
 226 }
 227
 228
 229 bool torture_groupinfo_api(struct torture_context *torture)
 230 {
 231         const char *name = TEST_GROUPNAME;
 232         bool ret = true;
 233         NTSTATUS status;
 234         TALLOC_CTX *mem_ctx = NULL, *prep_mem_ctx;
 235         struct libnet_context *ctx;
 236         struct dcerpc_pipe *p;
 237         struct policy_handle h;
 238         struct lsa_String domain_name;
 239         struct libnet_GroupInfo req;
 240
 241         prep_mem_ctx = talloc_init("prepare torture group info");
 242
 243         ctx = libnet_context_init(torture->ev, torture->lp_ctx);
 244         ctx->cred = cmdline_credentials;
 245
 246         status = torture_rpc_connection(torture,
 247                                         &p,
 248                                         &ndr_table_samr);
 249         if (!NT_STATUS_IS_OK(status)) {
 250                 return false;
 251         }
 252
 253         domain_name.string = lp_workgroup(torture->lp_ctx);
 254         if (!test_opendomain(p, prep_mem_ctx, &h, &domain_name)) {
 255                 ret = false;
 256                 goto done;
 257         }
 258
 259         if (!test_creategroup(p, prep_mem_ctx, &h, name)) {
 260                 ret = false;
 261                 goto done;
 262         }
 263
 264         mem_ctx = talloc_init("torture group info");
 265
 266         ZERO_STRUCT(req);
 267
 268         req.in.domain_name = domain_name.string;
 269         req.in.level = GROUP_INFO_BY_NAME;
 270         req.in.data.group_name = name;
 271
 272         status = libnet_GroupInfo(ctx, mem_ctx, &req);
 273         if (!NT_STATUS_IS_OK(status)) {
 274                 printf("libnet_GroupInfo call failed: %s\n", nt_errstr(status));
 275                 ret = false;
 276                 goto done;
 277         }
 278
 279         if (!test_cleanup(ctx->samr.pipe, mem_ctx, &ctx->samr.handle, TEST_GROUPNAME)) {
 280                 printf("cleanup failed\n");
 281                 ret = false;
 282                 goto done;
 283         }
 284
 285         if (!test_samr_close(ctx->samr.pipe, mem_ctx, &ctx->samr.handle)) {
 286                 printf("domain close failed\n");
 287                 ret = false;
 288         }
 289
 290         talloc_free(ctx);
 291
 292 done:
 293         talloc_free(mem_ctx);
 294         return ret;
 295 }
 296
 297
 298 bool torture_grouplist(struct torture_context *torture)
 299 {
 300         bool ret = true;
 301         NTSTATUS status;
 302         TALLOC_CTX *mem_ctx = NULL;
 303         struct libnet_context *ctx;
 304         struct lsa_String domain_name;
 305         struct libnet_GroupList req;
 306         int i;
 307
 308         ctx = libnet_context_init(torture->ev, torture->lp_ctx);
 309         ctx->cred = cmdline_credentials;
 310
 311         domain_name.string = lp_workgroup(torture->lp_ctx);
 312         mem_ctx = talloc_init("torture group list");
 313
 314         ZERO_STRUCT(req);
 315
 316         printf("listing group accounts:\n");
 317
 318         do {
 319                 req.in.domain_name  = domain_name.string;
 320                 req.in.page_size    = 128;
 321                 req.in.resume_index = req.out.resume_index;
 322
 323                 status = libnet_GroupList(ctx, mem_ctx, &req);
 324                 if (!NT_STATUS_IS_OK(status) &&
 325                     !NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) break;
 326
 327                 for (i = 0; i < req.out.count; i++) {
 328                         printf("\tgroup: %s, sid=%s\n",
 329                                req.out.groups[i].groupname, req.out.groups[i].sid);
 330                 }
 331
 332         } while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES));
 333
 334         if (!(NT_STATUS_IS_OK(status) ||
 335               NT_STATUS_EQUAL(status, NT_STATUS_NO_MORE_ENTRIES))) {
 336                 printf("libnet_GroupList call failed: %s\n", nt_errstr(status));
 337                 ret = false;
 338                 goto done;
 339         }
 340
 341         if (!test_samr_close(ctx->samr.pipe, mem_ctx, &ctx->samr.handle)) {
 342                 printf("domain close failed\n");
 343                 ret = false;
 344         }
 345
 346         if (!test_lsa_close(ctx->lsa.pipe, mem_ctx, &ctx->lsa.handle)) {
 347                 printf("lsa domain close failed\n");
 348                 ret = false;
 349         }
 350
 351         talloc_free(ctx);
 352
 353 done:
 354         talloc_free(mem_ctx);
 355         return ret;
 356 }
 357
 358
 359 bool torture_creategroup(struct torture_context *torture)
 360 {
 361         bool ret = true;
 362         NTSTATUS status;
 363         TALLOC_CTX *mem_ctx = NULL;
 364         struct libnet_context *ctx;
 365         struct libnet_CreateGroup req;
 366
 367         mem_ctx = talloc_init("test_creategroup");
 368
 369         ctx = libnet_context_init(torture->ev, torture->lp_ctx);
 370         ctx->cred = cmdline_credentials;
 371
 372         req.in.group_name = TEST_GROUPNAME;
 373         req.in.domain_name = lp_workgroup(torture->lp_ctx);
 374         req.out.error_string = NULL;
 375
 376         status = libnet_CreateGroup(ctx, mem_ctx, &req);
 377         if (!NT_STATUS_IS_OK(status)) {
 378                 printf("libnet_CreateGroup call failed: %s\n", nt_errstr(status));
 379                 ret = false;
 380                 goto done;
 381         }
 382
 383         if (!test_cleanup(ctx->samr.pipe, mem_ctx, &ctx->samr.handle, TEST_GROUPNAME)) {
 384                 printf("cleanup failed\n");
 385                 ret = false;
 386                 goto done;
 387         }
 388
 389         if (!test_samr_close(ctx->samr.pipe, mem_ctx, &ctx->samr.handle)) {
 390                 printf("domain close failed\n");
 391                 ret = false;
 392         }
 393
 394 done:
 395         talloc_free(ctx);
 396         talloc_free(mem_ctx);
 397         return ret;
 398 }