2
Unix SMB/CIFS implementation.
3
test suite for RAP sam operations
5
Copyright (C) Guenther Deschner 2010-2011
7
This program is free software; you can redistribute it and/or modify
8
it under the terms of the GNU General Public License as published by
9
the Free Software Foundation; either version 3 of the License, or
10
(at your option) any later version.
12
This program is distributed in the hope that it will be useful,
13
but WITHOUT ANY WARRANTY; without even the implied warranty of
14
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15
GNU General Public License for more details.
17
You should have received a copy of the GNU General Public License
18
along with this program. If not, see <http://www.gnu.org/licenses/>.
22
#include "libcli/libcli.h"
23
#include "torture/torture.h"
24
#include "torture/util.h"
25
#include "torture/smbtorture.h"
26
#include "torture/util.h"
27
#include "libcli/rap/rap.h"
28
#include "torture/rap/proto.h"
29
#include "../lib/crypto/crypto.h"
30
#include "../libcli/auth/libcli_auth.h"
31
#include "torture/rpc/torture_rpc.h"
33
#define TEST_RAP_USER "torture_rap_user"
35
static char *samr_rand_pass(TALLOC_CTX *mem_ctx, int min_len)
37
size_t len = MAX(8, min_len);
38
char *s = generate_random_password(mem_ctx, len, len+6);
39
printf("Generated password '%s'\n", s);
43
static bool test_userpasswordset2_args(struct torture_context *tctx,
44
struct smbcli_state *cli,
46
const char **password)
48
struct rap_NetUserPasswordSet2 r;
49
char *newpass = samr_rand_pass(tctx, 8);
53
r.in.UserName = username;
55
memcpy(r.in.OldPassword, *password, MIN(strlen(*password), 16));
56
memcpy(r.in.NewPassword, newpass, MIN(strlen(newpass), 16));
57
r.in.EncryptedPassword = 0;
58
r.in.RealPasswordLength = strlen(newpass);
60
torture_comment(tctx, "Testing rap_NetUserPasswordSet2(%s)\n", r.in.UserName);
62
torture_assert_ntstatus_ok(tctx,
63
smbcli_rap_netuserpasswordset2(cli->tree, tctx, &r),
64
"smbcli_rap_netuserpasswordset2 failed");
65
if (!W_ERROR_IS_OK(W_ERROR(r.out.status))) {
66
torture_warning(tctx, "RAP NetUserPasswordSet2 gave: %s\n",
67
win_errstr(W_ERROR(r.out.status)));
75
static bool test_userpasswordset2_crypt_args(struct torture_context *tctx,
76
struct smbcli_state *cli,
78
const char **password)
80
struct rap_NetUserPasswordSet2 r;
81
char *newpass = samr_rand_pass(tctx, 8);
83
r.in.UserName = username;
85
E_deshash(*password, r.in.OldPassword);
86
E_deshash(newpass, r.in.NewPassword);
88
r.in.RealPasswordLength = strlen(newpass);
89
r.in.EncryptedPassword = 1;
91
torture_comment(tctx, "Testing rap_NetUserPasswordSet2(%s)\n", r.in.UserName);
93
torture_assert_ntstatus_ok(tctx,
94
smbcli_rap_netuserpasswordset2(cli->tree, tctx, &r),
95
"smbcli_rap_netuserpasswordset2 failed");
96
if (!W_ERROR_IS_OK(W_ERROR(r.out.status))) {
97
torture_warning(tctx, "RAP NetUserPasswordSet2 gave: %s\n",
98
win_errstr(W_ERROR(r.out.status)));
106
static bool test_userpasswordset2(struct torture_context *tctx,
107
struct smbcli_state *cli)
109
struct test_join *join_ctx;
110
const char *password;
113
join_ctx = torture_create_testuser_max_pwlen(tctx, TEST_RAP_USER,
114
torture_setting_string(tctx, "workgroup", NULL),
117
if (join_ctx == NULL) {
118
torture_fail(tctx, "failed to create user\n");
121
ret &= test_userpasswordset2_args(tctx, cli, TEST_RAP_USER, &password);
122
ret &= test_userpasswordset2_crypt_args(tctx, cli, TEST_RAP_USER, &password);
124
torture_leave_domain(tctx, join_ctx);
129
static bool test_oemchangepassword_args(struct torture_context *tctx,
130
struct smbcli_state *cli,
131
const char *username,
132
const char **password)
134
struct rap_NetOEMChangePassword r;
136
const char *oldpass = *password;
137
char *newpass = samr_rand_pass(tctx, 9);
138
uint8_t old_pw_hash[16];
139
uint8_t new_pw_hash[16];
141
r.in.UserName = username;
143
E_deshash(oldpass, old_pw_hash);
144
E_deshash(newpass, new_pw_hash);
146
encode_pw_buffer(r.in.crypt_password, newpass, STR_ASCII);
147
arcfour_crypt(r.in.crypt_password, old_pw_hash, 516);
148
E_old_pw_hash(new_pw_hash, old_pw_hash, r.in.password_hash);
150
torture_comment(tctx, "Testing rap_NetOEMChangePassword(%s)\n", r.in.UserName);
152
torture_assert_ntstatus_ok(tctx,
153
smbcli_rap_netoemchangepassword(cli->tree, tctx, &r),
154
"smbcli_rap_netoemchangepassword failed");
155
if (!W_ERROR_IS_OK(W_ERROR(r.out.status))) {
156
torture_warning(tctx, "RAP NetOEMChangePassword gave: %s\n",
157
win_errstr(W_ERROR(r.out.status)));
165
static bool test_oemchangepassword(struct torture_context *tctx,
166
struct smbcli_state *cli)
169
struct test_join *join_ctx;
170
const char *password;
173
join_ctx = torture_create_testuser_max_pwlen(tctx, TEST_RAP_USER,
174
torture_setting_string(tctx, "workgroup", NULL),
177
if (join_ctx == NULL) {
178
torture_fail(tctx, "failed to create user\n");
181
ret = test_oemchangepassword_args(tctx, cli, TEST_RAP_USER, &password);
183
torture_leave_domain(tctx, join_ctx);
188
static bool test_usergetinfo_byname(struct torture_context *tctx,
189
struct smbcli_state *cli,
190
const char *UserName)
192
struct rap_NetUserGetInfo r;
194
uint16_t levels[] = { 0, 1, 2, 10, 11 };
196
for (i=0; i < ARRAY_SIZE(levels); i++) {
198
r.in.UserName = UserName;
199
r.in.level = levels[i];
202
torture_comment(tctx,
203
"Testing rap_NetUserGetInfo(%s) level %d\n", r.in.UserName, r.in.level);
205
torture_assert_ntstatus_ok(tctx,
206
smbcli_rap_netusergetinfo(cli->tree, tctx, &r),
207
"smbcli_rap_netusergetinfo failed");
208
torture_assert_werr_ok(tctx, W_ERROR(r.out.status),
209
"smbcli_rap_netusergetinfo failed");
215
static bool test_usergetinfo(struct torture_context *tctx,
216
struct smbcli_state *cli)
219
struct test_join *join_ctx;
220
const char *password;
223
join_ctx = torture_create_testuser_max_pwlen(tctx, TEST_RAP_USER,
224
torture_setting_string(tctx, "workgroup", NULL),
227
if (join_ctx == NULL) {
228
torture_fail(tctx, "failed to create user\n");
231
ret = test_usergetinfo_byname(tctx, cli, TEST_RAP_USER);
233
torture_leave_domain(tctx, join_ctx);
238
static bool test_useradd(struct torture_context *tctx,
239
struct smbcli_state *cli)
242
struct rap_NetUserAdd r;
243
struct rap_NetUserInfo1 info1;
245
uint16_t levels[] = { 1 };
246
const char *username = TEST_RAP_USER;
248
for (i=0; i < ARRAY_SIZE(levels); i++) {
252
pwd = generate_random_password(tctx, 9, 16);
254
r.in.level = levels[i];
255
r.in.bufsize = 0xffff;
256
r.in.pwdlength = strlen(pwd);
259
switch (r.in.level) {
263
info1.Name = username;
264
memcpy(info1.Password, pwd, MIN(strlen(pwd), 16));
265
info1.Priv = USER_PRIV_USER;
267
info1.HomeDir = "home_dir";
268
info1.Comment = "comment";
269
info1.ScriptPath = "logon_script";
271
r.in.info.info1 = info1;
275
torture_comment(tctx,
276
"Testing rap_NetUserAdd(%s) level %d\n", username, r.in.level);
278
torture_assert_ntstatus_ok(tctx,
279
smbcli_rap_netuseradd(cli->tree, tctx, &r),
280
"smbcli_rap_netuseradd failed");
281
torture_assert_werr_ok(tctx, W_ERROR(r.out.status),
282
"smbcli_rap_netuseradd failed");
284
torture_assert_ntstatus_ok(tctx,
285
smbcli_rap_netuseradd(cli->tree, tctx, &r),
286
"2nd smbcli_rap_netuseradd failed");
287
torture_assert_werr_equal(tctx, W_ERROR(r.out.status), WERR_USEREXISTS,
288
"2nd smbcli_rap_netuseradd failed");
291
struct rap_NetUserDelete d;
293
d.in.UserName = username;
295
smbcli_rap_netuserdelete(cli->tree, tctx, &d);
302
static bool test_userdelete(struct torture_context *tctx,
303
struct smbcli_state *cli)
306
struct rap_NetUserDelete r;
309
struct rap_NetUserAdd a;
312
ZERO_STRUCT(a.in.info.info1);
314
pwd = generate_random_password(tctx, 9, 16);
317
a.in.bufsize = 0xffff;
318
a.in.pwdlength = strlen(pwd);
320
a.in.info.info1.Name = TEST_RAP_USER;
321
a.in.info.info1.Priv = USER_PRIV_USER;
323
memcpy(a.in.info.info1.Password, pwd, MIN(strlen(pwd), 16));
325
torture_assert_ntstatus_ok(tctx,
326
smbcli_rap_netuseradd(cli->tree, tctx, &a),
327
"smbcli_rap_netuseradd failed");
330
r.in.UserName = TEST_RAP_USER;
332
torture_comment(tctx,
333
"Testing rap_NetUserDelete(%s)\n", r.in.UserName);
335
torture_assert_ntstatus_ok(tctx,
336
smbcli_rap_netuserdelete(cli->tree, tctx, &r),
337
"smbcli_rap_netuserdelete failed");
338
torture_assert_werr_ok(tctx, W_ERROR(r.out.status),
339
"smbcli_rap_netuserdelete failed");
341
torture_assert_ntstatus_ok(tctx,
342
smbcli_rap_netuserdelete(cli->tree, tctx, &r),
343
"2nd smbcli_rap_netuserdelete failed");
344
torture_assert_werr_equal(tctx, W_ERROR(r.out.status), WERR_USER_NOT_FOUND,
345
"2nd smbcli_rap_netuserdelete failed");
350
struct torture_suite *torture_rap_sam(TALLOC_CTX *mem_ctx)
352
struct torture_suite *suite = torture_suite_create(mem_ctx, "sam");
354
torture_suite_add_1smb_test(suite, "userpasswordset2", test_userpasswordset2);
355
torture_suite_add_1smb_test(suite, "oemchangepassword", test_oemchangepassword);
356
torture_suite_add_1smb_test(suite, "usergetinfo", test_usergetinfo);
357
torture_suite_add_1smb_test(suite, "useradd", test_useradd);
358
torture_suite_add_1smb_test(suite, "userdelete", test_userdelete);