Line data Source code
1 : /*
2 : * Unix SMB/CIFS implementation.
3 : * test suite for samr rpc operations
4 : *
5 : * Copyright (c) 2011 Andreas Schneider
6 : *
7 : * This program is free software; you can redistribute it and/or modify
8 : * it under the terms of the GNU General Public License as published by
9 : * the Free Software Foundation; either version 3 of the License, or
10 : * (at your option) any later version.
11 : *
12 : * This program is distributed in the hope that it will be useful,
13 : * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 : * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 : * GNU General Public License for more details.
16 : *
17 : * You should have received a copy of the GNU General Public License
18 : * along with this program. If not, see <http://www.gnu.org/licenses/>.
19 : */
20 :
21 : #include "includes.h"
22 : #include "param/param.h"
23 : #include "torture/torture.h"
24 : #include "librpc/gen_ndr/ndr_samr_c.h"
25 : #include "librpc/rpc/dcerpc_proto.h"
26 : #include "libcli/security/security.h"
27 : #include "torture/rpc/torture_rpc.h"
28 :
29 : #define TEST_ACCOUNT_NAME "guru"
30 :
31 : struct torture_user {
32 : const char *username;
33 : const char *password;
34 : const char *domain;
35 : uint32_t *builtin_memberships;
36 : uint32_t num_builtin_memberships;
37 : bool admin_rights;
38 : };
39 :
40 : struct torture_access_context {
41 : struct dcerpc_pipe *pipe;
42 : struct torture_user user;
43 : struct test_join *join;
44 : };
45 :
46 410 : static void init_lsa_String(struct lsa_String *name, const char *s)
47 : {
48 410 : name->string = s;
49 410 : }
50 :
51 100 : static bool test_samr_queryUserInfo(struct torture_context *tctx,
52 : struct dcerpc_binding_handle *b,
53 : struct policy_handle *user_handle)
54 : {
55 0 : struct samr_QueryUserInfo r;
56 0 : union samr_UserInfo *info;
57 0 : NTSTATUS status;
58 :
59 100 : r.in.level = UserGeneralInformation;
60 100 : r.in.user_handle = user_handle;
61 100 : r.out.info = &info;
62 :
63 100 : status = dcerpc_samr_QueryUserInfo_r(b,
64 : tctx,
65 : &r);
66 100 : torture_assert_ntstatus_ok(tctx, status, "queryUserInfo failed");
67 100 : torture_assert_ntstatus_ok(tctx, r.out.result, "queryUserInfo failed");
68 :
69 100 : return true;
70 : }
71 :
72 200 : static bool test_LookupName(struct dcerpc_binding_handle *b,
73 : struct torture_context *tctx,
74 : struct policy_handle *domain_handle,
75 : const char *name,
76 : uint32_t *rid)
77 : {
78 0 : NTSTATUS status;
79 0 : struct samr_LookupNames n;
80 0 : struct lsa_String sname[1];
81 0 : struct samr_Ids rids, types;
82 :
83 200 : init_lsa_String(&sname[0], name);
84 :
85 200 : n.in.domain_handle = domain_handle;
86 200 : n.in.num_names = 1;
87 200 : n.in.names = sname;
88 200 : n.out.rids = &rids;
89 200 : n.out.types = &types;
90 :
91 200 : status = dcerpc_samr_LookupNames_r(b, tctx, &n);
92 200 : if (!NT_STATUS_IS_OK(status)) {
93 0 : return false;
94 : }
95 200 : if (!NT_STATUS_IS_OK(n.out.result)) {
96 100 : return false;
97 : }
98 :
99 100 : *rid = n.out.rids->ids[0];
100 100 : return true;
101 : }
102 :
103 5 : static bool test_samr_CreateUser(struct torture_context *tctx,
104 : struct dcerpc_binding_handle *b,
105 : struct policy_handle *domain_handle,
106 : const char *name,
107 : struct policy_handle *user_handle)
108 : {
109 0 : struct lsa_String username;
110 0 : struct samr_CreateUser r;
111 5 : uint32_t rid = 0;
112 0 : NTSTATUS status;
113 :
114 5 : init_lsa_String(&username, name);
115 :
116 5 : r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
117 5 : r.in.domain_handle = domain_handle;
118 5 : r.in.account_name = &username;
119 5 : r.out.user_handle = user_handle;
120 5 : r.out.rid = &rid;
121 :
122 5 : status = dcerpc_samr_CreateUser_r(b, tctx, &r);
123 5 : torture_assert_ntstatus_ok(tctx, status, "CreateUser failed");
124 :
125 5 : return NT_STATUS_IS_OK(r.out.result);
126 : }
127 :
128 200 : static bool test_samr_OpenUser(struct torture_context *tctx,
129 : struct dcerpc_binding_handle *b,
130 : struct policy_handle *domain_handle,
131 : const char *name,
132 : struct policy_handle *user_handle,
133 : bool expected)
134 : {
135 0 : struct samr_OpenUser r;
136 200 : uint32_t rid = 0;
137 0 : NTSTATUS status;
138 0 : bool ok;
139 :
140 200 : ok = test_LookupName(b, tctx, domain_handle, name, &rid);
141 200 : if (!ok && expected) {
142 100 : torture_comment(tctx, " - lookup name for %s failed\n", name);
143 100 : return true;
144 100 : } else if (!ok) {
145 0 : return false;
146 : }
147 :
148 100 : r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
149 100 : r.in.domain_handle = domain_handle;
150 100 : r.in.rid = rid;
151 100 : r.out.user_handle = user_handle;
152 :
153 100 : status = dcerpc_samr_OpenUser_r(b, tctx, &r);
154 100 : torture_assert_ntstatus_ok(tctx, status, "OpenUser failed");
155 100 : torture_assert_ntstatus_ok(tctx, r.out.result, "OpenUser failed");
156 :
157 100 : return true;
158 : }
159 :
160 205 : static bool test_samr_openDomain(struct torture_context *tctx,
161 : struct dcerpc_binding_handle *b,
162 : struct policy_handle *connect_handle,
163 : const char *domain,
164 : struct policy_handle *domain_handle)
165 : {
166 0 : struct samr_LookupDomain r;
167 0 : struct samr_OpenDomain r2;
168 0 : struct lsa_String n;
169 0 : struct dom_sid *sid;
170 0 : NTSTATUS status;
171 :
172 205 : r.in.connect_handle = connect_handle;
173 205 : init_lsa_String(&n, domain);
174 205 : r.in.domain_name = &n;
175 205 : r.out.sid = &sid;
176 :
177 205 : status = dcerpc_samr_LookupDomain_r(b, tctx, &r);
178 205 : torture_assert_ntstatus_ok(tctx, status, "LookupDomain failed");
179 205 : torture_assert_ntstatus_ok(tctx, r.out.result, "LookupDomain failed");
180 :
181 205 : r2.in.connect_handle = connect_handle;
182 205 : r2.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
183 205 : r2.in.sid = sid;
184 205 : r2.out.domain_handle = domain_handle;
185 :
186 205 : status = dcerpc_samr_OpenDomain_r(b, tctx, &r2);
187 205 : torture_assert_ntstatus_ok(tctx, status, "OpenDomain failed");
188 205 : torture_assert_ntstatus_ok(tctx, r2.out.result, "OpenDomain failed");
189 :
190 205 : return true;
191 : }
192 :
193 205 : static bool test_samr_Connect(struct torture_context *tctx,
194 : struct dcerpc_binding_handle *b,
195 : struct policy_handle *connect_handle)
196 : {
197 0 : struct samr_Connect r;
198 0 : NTSTATUS status;
199 :
200 205 : r.in.system_name = 0;
201 205 : r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
202 205 : r.out.connect_handle = connect_handle;
203 :
204 205 : status = dcerpc_samr_Connect_r(b, tctx, &r);
205 205 : torture_assert_ntstatus_ok(tctx, status, "SAMR connect failed");
206 205 : torture_assert_ntstatus_ok(tctx, r.out.result, "SAMR connect failed");
207 :
208 205 : return true;
209 : }
210 :
211 5 : static bool test_samr_create_user(struct torture_context *tctx,
212 : struct torture_access_context *t,
213 : const char *name)
214 : {
215 5 : struct dcerpc_binding_handle *b = t->pipe->binding_handle;
216 0 : struct policy_handle connect_handle;
217 0 : struct policy_handle domain_handle;
218 0 : struct policy_handle user_handle;
219 5 : bool ok = false;
220 :
221 5 : torture_comment(tctx, "Connecting to SAMR\n");
222 5 : ZERO_STRUCT(connect_handle);
223 5 : ok = test_samr_Connect(tctx, b, &connect_handle);
224 5 : torture_assert(tctx, ok, "Unable to connect to domain");
225 :
226 5 : torture_comment(tctx, "Opening domain %s\n", t->user.domain);
227 5 : ZERO_STRUCT(domain_handle);
228 5 : ok = test_samr_openDomain(tctx,
229 : b,
230 : &connect_handle,
231 : t->user.domain,
232 : &domain_handle);
233 5 : torture_assert(tctx, ok, "Unable to open to domain");
234 :
235 5 : torture_comment(tctx, "Creating account %s\n", name);
236 5 : ZERO_STRUCT(user_handle);
237 5 : ok = test_samr_CreateUser(tctx,
238 : b,
239 : &domain_handle,
240 : name,
241 : &user_handle);
242 :
243 : /* We don't check ok with torture macros here because the
244 : * caller might be looking for failure */
245 5 : test_samr_handle_Close(b, tctx, &domain_handle);
246 5 : test_samr_handle_Close(b, tctx, &connect_handle);
247 :
248 5 : return ok;
249 : }
250 :
251 200 : static bool test_samr_userinfo_getinfo(struct torture_context *tctx,
252 : struct dcerpc_pipe *p,
253 : bool expected)
254 : {
255 0 : const char *name;
256 200 : struct dcerpc_pipe *p2 = NULL;
257 0 : struct dcerpc_binding_handle *b;
258 0 : struct policy_handle connect_handle;
259 0 : struct policy_handle domain_handle;
260 0 : struct policy_handle user_handle;
261 0 : NTSTATUS status;
262 200 : uint32_t i = 0;
263 0 : bool ok;
264 :
265 200 : status = torture_rpc_connection(tctx, &p2, &ndr_table_samr);
266 200 : torture_assert_ntstatus_ok(tctx, status,
267 : "Creating secondary connection failed");
268 200 : b = p2->binding_handle;
269 :
270 200 : torture_comment(tctx, " - 2nd connect\n");
271 : /* connect */
272 200 : ZERO_STRUCT(connect_handle);
273 200 : ok = test_samr_Connect(tctx, b, &connect_handle);
274 200 : torture_assert(tctx, ok, "Unable to connect to domain");
275 :
276 200 : torture_comment(tctx, " - 2nd open domain\n");
277 : /* open domain */
278 200 : ZERO_STRUCT(domain_handle);
279 200 : ok = test_samr_openDomain(tctx,
280 : b,
281 : &connect_handle,
282 : torture_setting_string(tctx, "workgroup",
283 : lpcfg_workgroup(tctx->lp_ctx)),
284 : &domain_handle);
285 200 : torture_assert(tctx, ok, "Unable to open to domain");
286 :
287 : /* create user */
288 200 : name = talloc_asprintf(tctx,
289 : "%s%04d",
290 : TEST_ACCOUNT_NAME,
291 : i);
292 :
293 200 : torture_comment(tctx, " - 2nd open user\n");
294 200 : ZERO_STRUCT(user_handle);
295 200 : ok = test_samr_OpenUser(tctx,
296 : b,
297 : &domain_handle,
298 : name,
299 : &user_handle,
300 : expected);
301 200 : torture_assert(tctx, ok, "Unable to open user");
302 :
303 200 : if (!expected) {
304 100 : torture_comment(tctx, " - 2nd query user\n");
305 100 : ok = test_samr_queryUserInfo(tctx, b, &user_handle);
306 100 : torture_assert(tctx, ok, "Unable to query user");
307 :
308 100 : test_samr_handle_Close(b, tctx, &user_handle);
309 : }
310 :
311 200 : test_samr_handle_Close(b, tctx, &domain_handle);
312 200 : test_samr_handle_Close(b, tctx, &connect_handle);
313 :
314 200 : talloc_free(p2);
315 :
316 200 : return true;
317 : }
318 :
319 : #define NUM_RUNS 20
320 5 : static bool torture_rpc_samr_caching(struct torture_context *tctx,
321 : struct dcerpc_pipe *p)
322 : {
323 0 : struct test_join *join;
324 5 : const char *password = NULL;
325 0 : const char *name;
326 0 : NTSTATUS status;
327 5 : uint32_t i = 0;
328 0 : bool ok;
329 :
330 5 : torture_comment(tctx, ">>> Testing User Info Caching\n");
331 :
332 : /* create user */
333 5 : name = talloc_asprintf(tctx,
334 : "%s%04d",
335 : TEST_ACCOUNT_NAME,
336 : i);
337 :
338 5 : torture_comment(tctx, "- Creating user %s\n", name);
339 :
340 5 : join = torture_create_testuser(tctx,
341 : name,
342 : torture_setting_string(tctx, "workgroup",
343 : lpcfg_workgroup(tctx->lp_ctx)),
344 : ACB_NORMAL,
345 : &password);
346 5 : torture_assert(tctx, join, "failed to join domain");
347 :
348 5 : torture_comment(tctx, "- Query user information\n");
349 105 : for (i = 0; i < NUM_RUNS; i++) {
350 100 : ok = test_samr_userinfo_getinfo(tctx, p, false);
351 100 : torture_assert(tctx, ok, "test_samr_userinfo_getinfo failed");
352 : }
353 :
354 5 : torture_comment(tctx, "- Delete user\n");
355 5 : status = torture_delete_testuser(tctx,
356 : join,
357 : name);
358 5 : torture_assert_ntstatus_ok(tctx, status, "DeleteUser failed");
359 :
360 5 : torture_comment(tctx, "- Try to query user information again (should fail)\n");
361 105 : for (i = 0; i < NUM_RUNS; i++) {
362 100 : ok = test_samr_userinfo_getinfo(tctx,
363 : p,
364 : true);
365 100 : torture_assert(tctx, ok, "test_samr_userinfo_getinfo failed");
366 : }
367 :
368 5 : return true;
369 : }
370 : #undef NUM_RUNS
371 :
372 0 : static bool torture_rpc_samr_access_setup_membership(struct torture_context *tctx,
373 : struct dcerpc_pipe *p,
374 : uint32_t num_members,
375 : uint32_t *members,
376 : struct dom_sid *user_sid)
377 : {
378 0 : struct dcerpc_binding_handle *b = p->binding_handle;
379 0 : struct policy_handle connect_handle, domain_handle;
380 0 : int i;
381 :
382 0 : torture_comment(tctx,
383 : "Setting up BUILTIN membership for %s\n",
384 : dom_sid_string(tctx, user_sid));
385 :
386 0 : for (i=0; i < num_members; i++) {
387 0 : torture_comment(tctx, "adding user to S-1-5-32-%d\n", members[i]);
388 : }
389 :
390 : /* connect */
391 : {
392 0 : struct samr_Connect2 r;
393 0 : r.in.system_name = "";
394 0 : r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
395 0 : ZERO_STRUCT(connect_handle);
396 0 : r.out.connect_handle = &connect_handle;
397 :
398 0 : torture_assert_ntstatus_ok(tctx,
399 : dcerpc_samr_Connect2_r(b, tctx, &r),
400 : "samr_Connect2 failed");
401 0 : torture_assert_ntstatus_ok(tctx, r.out.result,
402 : "samr_Connect2 failed");
403 : }
404 :
405 : /* open domain */
406 : {
407 0 : struct samr_OpenDomain r;
408 0 : r.in.connect_handle = &connect_handle;
409 0 : r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
410 0 : r.in.sid = dom_sid_parse_talloc(tctx, "S-1-5-32");
411 0 : ZERO_STRUCT(domain_handle);
412 0 : r.out.domain_handle = &domain_handle;
413 :
414 0 : torture_assert_ntstatus_ok(tctx,
415 : dcerpc_samr_OpenDomain_r(b, tctx, &r),
416 : "samr_OpenDomain failed");
417 0 : torture_assert_ntstatus_ok(tctx, r.out.result,
418 : "samr_OpenDomain failed");
419 : }
420 :
421 0 : for (i = 0; i < num_members; i++) {
422 :
423 0 : struct policy_handle alias_handle;
424 :
425 : /* open alias */
426 : {
427 0 : struct samr_OpenAlias r;
428 0 : r.in.domain_handle = &domain_handle;
429 0 : r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
430 0 : r.in.rid = members[i];
431 0 : ZERO_STRUCT(alias_handle);
432 0 : r.out.alias_handle = &alias_handle;
433 :
434 0 : torture_assert_ntstatus_ok(tctx,
435 : dcerpc_samr_OpenAlias_r(b, tctx, &r),
436 : "samr_OpenAlias failed");
437 0 : torture_assert_ntstatus_ok(tctx, r.out.result,
438 : "samr_OpenAlias failed");
439 : }
440 :
441 : /* add alias member */
442 : {
443 0 : struct samr_AddAliasMember r;
444 0 : ZERO_STRUCT(alias_handle);
445 0 : r.in.alias_handle = &alias_handle;
446 0 : r.in.sid = user_sid;
447 :
448 0 : torture_assert_ntstatus_ok(tctx,
449 : dcerpc_samr_AddAliasMember_r(b, tctx, &r),
450 : "samr_AddAliasMember failed");
451 0 : torture_assert_ntstatus_ok(tctx, r.out.result,
452 : "samr_AddAliasMember failed");
453 : }
454 :
455 0 : test_samr_handle_Close(b, tctx, &alias_handle);
456 : }
457 :
458 0 : test_samr_handle_Close(b, tctx, &domain_handle);
459 0 : test_samr_handle_Close(b, tctx, &connect_handle);
460 :
461 0 : return true;
462 : }
463 :
464 5 : static bool torture_rpc_samr_access_setup(struct torture_context *tctx,
465 : struct dcerpc_pipe *p,
466 : struct torture_access_context *t)
467 : {
468 5 : const char *binding = torture_setting_string(tctx, "binding", NULL);
469 0 : struct cli_credentials *test_credentials;
470 0 : struct test_join *join;
471 0 : struct dom_sid *test_sid;
472 0 : struct dcerpc_pipe *samr_pipe;
473 :
474 5 : t->user.domain = torture_setting_string(tctx, "workgroup",
475 : lpcfg_workgroup(tctx->lp_ctx)),
476 :
477 5 : join = torture_create_testuser(tctx,
478 : t->user.username,
479 : t->user.domain,
480 : ACB_NORMAL,
481 : &t->user.password);
482 5 : torture_assert(tctx, join, "failed to join domain");
483 5 : t->join = join;
484 :
485 5 : test_credentials = cli_credentials_init(tctx);
486 :
487 5 : cli_credentials_set_workstation(test_credentials,
488 : "localhost",
489 : CRED_SPECIFIED);
490 5 : cli_credentials_set_domain(test_credentials,
491 : torture_setting_string(tctx, "workgroup",
492 : lpcfg_workgroup(tctx->lp_ctx)),
493 : CRED_SPECIFIED);
494 5 : cli_credentials_set_username(test_credentials,
495 : t->user.username,
496 : CRED_SPECIFIED);
497 5 : cli_credentials_set_password(test_credentials,
498 : t->user.password,
499 : CRED_SPECIFIED);
500 5 : test_sid = discard_const_p(struct dom_sid,
501 : torture_join_user_sid(t->join));
502 :
503 5 : if (t->user.num_builtin_memberships) {
504 0 : torture_assert(tctx,
505 : torture_rpc_samr_access_setup_membership(tctx,
506 : p,
507 : t->user.num_builtin_memberships,
508 : t->user.builtin_memberships,
509 : test_sid),
510 : "failed to setup membership");
511 : }
512 :
513 5 : torture_assert_ntstatus_ok(tctx,
514 : dcerpc_pipe_connect(tctx,
515 : &samr_pipe,
516 : binding,
517 : &ndr_table_samr,
518 : test_credentials,
519 : tctx->ev,
520 : tctx->lp_ctx),
521 : "Error connecting to server");
522 :
523 5 : t->pipe = samr_pipe;
524 :
525 5 : return true;
526 : }
527 :
528 5 : static bool torture_rpc_samr_access(struct torture_context *tctx,
529 : struct dcerpc_pipe *p)
530 : {
531 0 : struct torture_access_context *t;
532 0 : const char *testuser;
533 0 : bool ok;
534 :
535 5 : torture_comment(tctx, "Testing non-privileged user access\n");
536 :
537 5 : t = talloc_zero(tctx, struct torture_access_context);
538 5 : torture_assert(tctx, t, "talloc failed");
539 :
540 5 : t->user.username = talloc_asprintf(t, "%s%04d", TEST_ACCOUNT_NAME, 100);
541 :
542 5 : torture_comment(tctx, "*** Setting up non-privleged user\n"
543 : "***\n");
544 :
545 5 : ok = torture_rpc_samr_access_setup(tctx, p, t);
546 5 : torture_assert(tctx, ok, "torture_rpc_samr_access_setup failed");
547 :
548 5 : testuser = talloc_asprintf(t, "%s%04d", TEST_ACCOUNT_NAME, 200);
549 :
550 5 : torture_comment(tctx, "*** Try to create user (%s) as non-privileged "
551 : "user - should fail\n"
552 : "***\n", testuser);
553 :
554 5 : ok = test_samr_create_user(tctx, t, testuser);
555 :
556 5 : torture_assert(tctx, ok == false, "*** Creating user was successful but it should fail");
557 :
558 5 : return true;
559 : }
560 :
561 2338 : struct torture_suite *torture_rpc_samr_priv(TALLOC_CTX *mem_ctx)
562 : {
563 125 : struct torture_suite *suite =
564 2338 : torture_suite_create(mem_ctx, "samr.priv");
565 125 : struct torture_rpc_tcase *tcase;
566 :
567 2338 : tcase = torture_suite_add_rpc_iface_tcase(suite,
568 : "samr",
569 : &ndr_table_samr);
570 :
571 2338 : torture_rpc_tcase_add_test(tcase,
572 : "caching",
573 : torture_rpc_samr_caching);
574 :
575 2338 : torture_rpc_tcase_add_test(tcase,
576 : "access",
577 : torture_rpc_samr_access);
578 :
579 2338 : return suite;
580 : }
|
