Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 : SMB torture tester
4 : Copyright (C) Guenther Deschner 2009-2010
5 :
6 : This program is free software; you can redistribute it and/or modify
7 : it under the terms of the GNU General Public License as published by
8 : the Free Software Foundation; either version 3 of the License, or
9 : (at your option) any later version.
10 :
11 : This program is distributed in the hope that it will be useful,
12 : but WITHOUT ANY WARRANTY; without even the implied warranty of
13 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 : GNU General Public License for more details.
15 :
16 : You should have received a copy of the GNU General Public License
17 : along with this program. If not, see <http://www.gnu.org/licenses/>.
18 : */
19 :
20 : #include "source3/include/includes.h"
21 : #include "lib/replace/replace.h"
22 : #include "libcli/util/ntstatus.h"
23 : #include "libcli/util/werror.h"
24 : #include "lib/util/data_blob.h"
25 : #include "lib/util/time.h"
26 : #include "libcli/resolve/resolve.h"
27 : #include "nsswitch/libwbclient/wbclient.h"
28 : #include "nsswitch/winbind_client.h"
29 : #include "torture/smbtorture.h"
30 : #include "torture/winbind/proto.h"
31 : #include "lib/util/util_net.h"
32 : #include "lib/util/charset/charset.h"
33 : #include "libcli/auth/libcli_auth.h"
34 : #include "lib/param/param.h"
35 : #include "lib/util/samba_util.h"
36 : #include "auth/credentials/credentials.h"
37 : #include "lib/cmdline/cmdline.h"
38 : #include "winbindd.h"
39 :
40 : #include <gnutls/gnutls.h>
41 : #include <gnutls/crypto.h>
42 :
43 : #define WBC_ERROR_EQUAL(x,y) (x == y)
44 :
45 : #define torture_assert_wbc_equal(torture_ctx, got, expected, cmt, cmt_arg) \
46 : do { wbcErr __got = got, __expected = expected; \
47 : if (!WBC_ERROR_EQUAL(__got, __expected)) { \
48 : torture_result(torture_ctx, TORTURE_FAIL, __location__": "#got" was %s, expected %s: " cmt, wbcErrorString(__got), wbcErrorString(__expected), cmt_arg); \
49 : return false; \
50 : } \
51 : } while (0)
52 :
53 : #define torture_assert_wbc_ok(torture_ctx,expr,cmt,cmt_arg) \
54 : torture_assert_wbc_equal(torture_ctx,expr,WBC_ERR_SUCCESS,cmt,cmt_arg)
55 :
56 : #define torture_assert_wbc_equal_goto_fail(torture_ctx, got, expected, cmt, cmt_arg) \
57 : do { wbcErr __got = got, __expected = expected; \
58 : if (!WBC_ERROR_EQUAL(__got, __expected)) { \
59 : torture_result(torture_ctx, TORTURE_FAIL, __location__": "#got" was %s, expected %s: " cmt, wbcErrorString(__got), wbcErrorString(__expected), cmt_arg); \
60 : goto fail; \
61 : } \
62 : } while (0)
63 :
64 : #define torture_assert_wbc_ok_goto_fail(torture_ctx,expr,cmt,cmt_arg) \
65 : torture_assert_wbc_equal_goto_fail(torture_ctx,expr,WBC_ERR_SUCCESS,cmt,cmt_arg)
66 :
67 : #define torture_assert_str_equal_goto_fail(torture_ctx,got,expected,cmt)\
68 : do { const char *__got = (got), *__expected = (expected); \
69 : if (strcmp(__got, __expected) != 0) { \
70 : torture_result(torture_ctx, TORTURE_FAIL, \
71 : __location__": "#got" was %s, expected %s: %s", \
72 : __got, __expected, cmt); \
73 : goto fail;; \
74 : } \
75 : } while(0)
76 :
77 2 : static bool test_wbc_ping(struct torture_context *tctx)
78 : {
79 2 : torture_assert_wbc_ok(tctx, wbcPing(),
80 : "%s", "wbcPing failed");
81 :
82 2 : return true;
83 : }
84 :
85 2 : static bool test_wbc_pingdc(struct torture_context *tctx)
86 : {
87 2 : struct wbcInterfaceDetails *details = NULL;
88 2 : wbcErr ret = false;
89 :
90 2 : torture_assert_wbc_equal_goto_fail(tctx,
91 : wbcPingDc("random_string", NULL),
92 : WBC_ERR_DOMAIN_NOT_FOUND,
93 : "%s",
94 : "wbcPingDc failed");
95 2 : torture_assert_wbc_ok_goto_fail(tctx, wbcPingDc(NULL, NULL),
96 : "%s", "wbcPingDc failed");
97 :
98 2 : torture_assert_wbc_ok_goto_fail(tctx, wbcInterfaceDetails(&details),
99 : "%s", "wbcInterfaceDetails failed");
100 2 : torture_assert_goto(tctx, details, ret, fail,
101 : "wbcInterfaceDetails returned NULL pointer");
102 2 : torture_assert_goto(tctx, details->netbios_domain, ret, fail,
103 : "wbcInterfaceDetails returned NULL netbios_domain");
104 :
105 2 : torture_assert_wbc_ok_goto_fail(tctx,
106 : wbcPingDc(details->netbios_domain, NULL),
107 : "wbcPingDc(%s) failed",
108 : details->netbios_domain);
109 :
110 2 : torture_assert_wbc_ok_goto_fail(tctx,
111 : wbcPingDc("BUILTIN", NULL),
112 : "%s",
113 : "wbcPingDc(BUILTIN) failed");
114 :
115 2 : ret = true;
116 2 : fail:
117 2 : wbcFreeMemory(details);
118 2 : return ret;
119 : }
120 :
121 2 : static bool test_wbc_pingdc2(struct torture_context *tctx)
122 : {
123 2 : struct wbcInterfaceDetails *details = NULL;
124 2 : char *name = NULL;
125 2 : wbcErr ret = false;
126 :
127 2 : torture_assert_wbc_equal_goto_fail(tctx,
128 : wbcPingDc2("random_string", NULL, &name),
129 : WBC_ERR_DOMAIN_NOT_FOUND,
130 : "%s",
131 : "wbcPingDc2 failed");
132 2 : torture_assert_wbc_ok_goto_fail(tctx,
133 : wbcPingDc2(NULL, NULL, &name),
134 : "%s",
135 : "wbcPingDc2 failed");
136 2 : wbcFreeMemory(name);
137 2 : name = NULL;
138 :
139 2 : torture_assert_wbc_ok_goto_fail(tctx,
140 : wbcInterfaceDetails(&details),
141 : "%s",
142 : "wbcInterfaceDetails failed");
143 2 : torture_assert_goto(tctx,
144 : details,
145 : ret,
146 : fail,
147 : "wbcInterfaceDetails returned NULL pointer");
148 2 : torture_assert_goto(tctx,
149 : details->netbios_domain,
150 : ret,
151 : fail,
152 : "wbcInterfaceDetails returned NULL netbios_domain");
153 :
154 2 : torture_assert_wbc_ok_goto_fail(tctx,
155 : wbcPingDc2(details->netbios_domain, NULL, &name),
156 : "wbcPingDc2(%s) failed",
157 : details->netbios_domain);
158 2 : wbcFreeMemory(name);
159 2 : name = NULL;
160 :
161 2 : torture_assert_wbc_ok_goto_fail(tctx,
162 : wbcPingDc2("BUILTIN", NULL, &name),
163 : "%s",
164 : "wbcPingDc2(BUILTIN) failed");
165 :
166 2 : ret = true;
167 2 : fail:
168 2 : wbcFreeMemory(name);
169 2 : wbcFreeMemory(details);
170 :
171 2 : return ret;
172 : }
173 :
174 2 : static bool test_wbc_library_details(struct torture_context *tctx)
175 : {
176 : struct wbcLibraryDetails *details;
177 :
178 2 : torture_assert_wbc_ok(tctx, wbcLibraryDetails(&details),
179 : "%s", "wbcLibraryDetails failed");
180 2 : torture_assert(tctx, details,
181 : "wbcLibraryDetails returned NULL pointer");
182 :
183 2 : wbcFreeMemory(details);
184 :
185 2 : return true;
186 : }
187 :
188 2 : static bool test_wbc_interface_details(struct torture_context *tctx)
189 : {
190 : struct wbcInterfaceDetails *details;
191 :
192 2 : torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details),
193 : "%s", "wbcInterfaceDetails failed");
194 2 : torture_assert(tctx, details,
195 : "wbcInterfaceDetails returned NULL pointer");
196 :
197 2 : wbcFreeMemory(details);
198 :
199 2 : return true;
200 : }
201 :
202 2 : static bool test_wbc_sidtypestring(struct torture_context *tctx)
203 : {
204 2 : torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_USE_NONE),
205 : "SID_NONE", "SID_NONE failed");
206 2 : torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_USER),
207 : "SID_USER", "SID_USER failed");
208 2 : torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_DOM_GRP),
209 : "SID_DOM_GROUP", "SID_DOM_GROUP failed");
210 2 : torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_DOMAIN),
211 : "SID_DOMAIN", "SID_DOMAIN failed");
212 2 : torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_ALIAS),
213 : "SID_ALIAS", "SID_ALIAS failed");
214 2 : torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_WKN_GRP),
215 : "SID_WKN_GROUP", "SID_WKN_GROUP failed");
216 2 : torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_DELETED),
217 : "SID_DELETED", "SID_DELETED failed");
218 2 : torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_INVALID),
219 : "SID_INVALID", "SID_INVALID failed");
220 2 : torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_UNKNOWN),
221 : "SID_UNKNOWN", "SID_UNKNOWN failed");
222 2 : torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_COMPUTER),
223 : "SID_COMPUTER", "SID_COMPUTER failed");
224 2 : torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_LABEL),
225 : "SID_LABEL", "SID_LABEL failed");
226 2 : return true;
227 : }
228 :
229 2 : static bool test_wbc_sidtostring(struct torture_context *tctx)
230 : {
231 : struct wbcDomainSid sid;
232 2 : const char *sid_string = "S-1-5-32";
233 : char *sid_string2;
234 :
235 2 : torture_assert_wbc_ok(tctx, wbcStringToSid(sid_string, &sid),
236 : "wbcStringToSid of %s failed", sid_string);
237 2 : torture_assert_wbc_ok(tctx, wbcSidToString(&sid, &sid_string2),
238 : "wbcSidToString of %s failed", sid_string);
239 2 : torture_assert_str_equal(tctx, sid_string, sid_string2,
240 : "sid strings differ");
241 2 : wbcFreeMemory(sid_string2);
242 :
243 2 : return true;
244 : }
245 :
246 2 : static bool test_wbc_guidtostring(struct torture_context *tctx)
247 : {
248 : struct wbcGuid guid;
249 2 : const char *guid_string = "f7cf07b4-1487-45c7-824d-8b18cc580811";
250 : char *guid_string2;
251 :
252 2 : torture_assert_wbc_ok(tctx, wbcStringToGuid(guid_string, &guid),
253 : "wbcStringToGuid of %s failed", guid_string);
254 2 : torture_assert_wbc_ok(tctx, wbcGuidToString(&guid, &guid_string2),
255 : "wbcGuidToString of %s failed", guid_string);
256 2 : torture_assert_str_equal(tctx, guid_string, guid_string2,
257 : "guid strings differ");
258 2 : wbcFreeMemory(guid_string2);
259 :
260 2 : return true;
261 : }
262 :
263 2 : static bool test_wbc_domain_info(struct torture_context *tctx)
264 : {
265 2 : struct wbcDomainInfo *info = NULL;
266 2 : struct wbcInterfaceDetails *details = NULL;
267 2 : wbcErr ret = false;
268 :
269 2 : torture_assert_wbc_ok_goto_fail(tctx,
270 : wbcInterfaceDetails(&details),
271 : "%s",
272 : "wbcInterfaceDetails failed");
273 2 : torture_assert_wbc_ok_goto_fail(tctx,
274 : wbcDomainInfo(details->netbios_domain, &info),
275 : "%s",
276 : "wbcDomainInfo failed");
277 :
278 2 : torture_assert_goto(tctx,
279 : info,
280 : ret,
281 : fail,
282 : "wbcDomainInfo returned NULL pointer");
283 :
284 2 : ret = true;
285 2 : fail:
286 2 : wbcFreeMemory(details);
287 2 : wbcFreeMemory(info);
288 :
289 2 : return ret;
290 : }
291 :
292 2 : static bool test_wbc_users(struct torture_context *tctx)
293 : {
294 2 : const char *domain_name = NULL;
295 : uint32_t num_users;
296 2 : const char **users = NULL;
297 : uint32_t i;
298 2 : struct wbcInterfaceDetails *details = NULL;
299 2 : struct wbcDomainSid *sids = NULL;
300 2 : char *domain = NULL;
301 2 : char *name = NULL;
302 2 : char *sid_string = NULL;
303 2 : wbcErr ret = false;
304 : char separator;
305 :
306 2 : torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details),
307 : "%s", "wbcInterfaceDetails failed");
308 :
309 2 : domain_name = talloc_strdup(tctx, details->netbios_domain);
310 2 : torture_assert_goto(tctx,
311 : domain_name != NULL,
312 : ret,
313 : fail,
314 : "Failed to allocate domain_name");
315 2 : separator = details->winbind_separator;
316 2 : wbcFreeMemory(details);
317 2 : details = NULL;
318 :
319 2 : torture_assert_wbc_ok_goto_fail(tctx,
320 : wbcListUsers(domain_name, &num_users, &users),
321 : "%s",
322 : "wbcListUsers failed");
323 2 : torture_assert_goto(tctx,
324 : !(num_users > 0 && !users),
325 : ret,
326 : fail,
327 : "wbcListUsers returned invalid results");
328 :
329 36 : for (i = 0; i < MIN(num_users, 100); i++) {
330 : struct wbcDomainSid sid;
331 : enum wbcSidType name_type;
332 : uint32_t num_sids;
333 : const char *user;
334 : char *c;
335 :
336 22 : c = strchr(users[i], separator);
337 :
338 22 : if (c == NULL) {
339 : /*
340 : * NT4 DC
341 : * user name does not contain DOMAIN SEPARATOR prefix.
342 : */
343 :
344 0 : user = users[i];
345 : } else {
346 : /*
347 : * AD DC
348 : * user name starts with DOMAIN SEPARATOR prefix.
349 : */
350 : const char *dom;
351 :
352 22 : *c = '\0';
353 22 : dom = users[i];
354 22 : user = c + 1;
355 :
356 22 : torture_assert_str_equal_goto(tctx, dom, domain_name,
357 : ret, fail, "Domain part "
358 : "of user name does not "
359 : "match domain name.\n");
360 : }
361 :
362 22 : torture_assert_wbc_ok_goto_fail(tctx,
363 : wbcLookupName(domain_name, user,
364 : &sid, &name_type),
365 : "wbcLookupName of %s failed",
366 : users[i]);
367 22 : torture_assert_int_equal_goto(tctx,
368 : name_type, WBC_SID_NAME_USER,
369 : ret,
370 : fail,
371 : "wbcLookupName expected WBC_SID_NAME_USER");
372 22 : wbcSidToString(&sid, &sid_string);
373 22 : torture_assert_wbc_ok_goto_fail(tctx,
374 : wbcLookupSid(&sid,
375 : &domain,
376 : &name,
377 : &name_type),
378 : "wbcLookupSid of %s failed",
379 : sid_string);
380 22 : torture_assert_int_equal_goto(tctx,
381 : name_type, WBC_SID_NAME_USER,
382 : ret,
383 : fail,
384 : "wbcLookupSid of expected WBC_SID_NAME_USER");
385 22 : torture_assert_goto(tctx,
386 : name,
387 : ret,
388 : fail,
389 : "wbcLookupSid returned no name");
390 22 : wbcFreeMemory(domain);
391 22 : domain = NULL;
392 22 : wbcFreeMemory(name);
393 22 : name = NULL;
394 :
395 22 : torture_assert_wbc_ok_goto_fail(tctx,
396 : wbcLookupUserSids(&sid, true, &num_sids, &sids),
397 : "wbcLookupUserSids of %s failed", sid_string);
398 22 : torture_assert_wbc_ok_goto_fail(tctx,
399 : wbcGetDisplayName(&sid,
400 : &domain,
401 : &name,
402 : &name_type),
403 : "wbcGetDisplayName of %s failed",
404 : sid_string);
405 22 : wbcFreeMemory(domain);
406 22 : domain = NULL;
407 22 : wbcFreeMemory(name);
408 22 : name = NULL;
409 22 : wbcFreeMemory(sids);
410 22 : sids = NULL;
411 22 : wbcFreeMemory(sid_string);
412 22 : sid_string = NULL;
413 : }
414 :
415 2 : ret = true;
416 2 : fail:
417 2 : wbcFreeMemory(details);
418 2 : wbcFreeMemory(users);
419 2 : wbcFreeMemory(domain);
420 2 : wbcFreeMemory(name);
421 2 : wbcFreeMemory(sids);
422 2 : wbcFreeMemory(sid_string);
423 :
424 2 : return ret;
425 : }
426 :
427 2 : static bool test_wbc_groups(struct torture_context *tctx)
428 : {
429 2 : wbcErr ret = false;
430 2 : const char *domain_name = NULL;
431 : uint32_t num_groups;
432 2 : const char **groups = NULL;
433 : uint32_t i;
434 2 : struct wbcInterfaceDetails *details = NULL;
435 2 : char *domain = NULL;
436 2 : char *name = NULL;
437 2 : char *sid_string = NULL;
438 : char separator;
439 :
440 2 : torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details),
441 : "%s", "wbcInterfaceDetails failed");
442 :
443 2 : domain_name = talloc_strdup(tctx, details->netbios_domain);
444 2 : torture_assert_goto(tctx,
445 : domain_name != NULL,
446 : ret,
447 : fail,
448 : "Failed to allocate domain_name");
449 2 : separator = details->winbind_separator;
450 2 : wbcFreeMemory(details);
451 2 : details = NULL;
452 :
453 2 : torture_assert_wbc_ok_goto_fail(tctx,
454 : wbcListGroups(domain_name, &num_groups, &groups),
455 : "wbcListGroups in %s failed",
456 : domain_name);
457 2 : torture_assert_goto(tctx,
458 : !(num_groups > 0 && !groups),
459 : ret,
460 : fail,
461 : "wbcListGroups returned invalid results");
462 :
463 60 : for (i=0; i < MIN(num_groups,100); i++) {
464 : struct wbcDomainSid sid;
465 : enum wbcSidType name_type;
466 : const char *group;
467 : char *c;
468 :
469 38 : c = strchr(groups[i], separator);
470 :
471 38 : if (c == NULL) {
472 : /*
473 : * NT4 DC
474 : * group name does not contain DOMAIN SEPARATOR prefix.
475 : */
476 :
477 0 : group = groups[i];
478 : } else {
479 : /*
480 : * AD DC
481 : * group name starts with DOMAIN SEPARATOR prefix.
482 : */
483 : const char *dom;
484 :
485 :
486 38 : *c = '\0';
487 38 : dom = groups[i];
488 38 : group = c + 1;
489 :
490 38 : torture_assert_str_equal_goto(tctx, dom, domain_name,
491 : ret, fail, "Domain part "
492 : "of group name does not "
493 : "match domain name.\n");
494 : }
495 :
496 38 : torture_assert_wbc_ok_goto_fail(tctx,
497 : wbcLookupName(domain_name,
498 : group,
499 : &sid,
500 : &name_type),
501 : "wbcLookupName for %s failed",
502 : domain_name);
503 38 : wbcSidToString(&sid, &sid_string);
504 38 : torture_assert_wbc_ok_goto_fail(tctx,
505 : wbcLookupSid(&sid,
506 : &domain,
507 : &name,
508 : &name_type),
509 : "wbcLookupSid of %s failed",
510 : sid_string);
511 38 : torture_assert_goto(tctx,
512 : name,
513 : ret,
514 : fail,
515 : "wbcLookupSid returned no name");
516 :
517 38 : wbcFreeMemory(domain);
518 38 : domain = NULL;
519 38 : wbcFreeMemory(name);
520 38 : name = NULL;
521 38 : wbcFreeMemory(sid_string);
522 38 : sid_string = NULL;
523 : }
524 :
525 2 : ret = true;
526 2 : fail:
527 2 : wbcFreeMemory(details);
528 2 : wbcFreeMemory(groups);
529 2 : wbcFreeMemory(domain);
530 2 : wbcFreeMemory(name);
531 2 : wbcFreeMemory(sid_string);
532 :
533 2 : return ret;
534 : }
535 :
536 2 : static bool test_wbc_trusts(struct torture_context *tctx)
537 : {
538 2 : struct wbcDomainInfo *domains = NULL;
539 2 : struct wbcAuthErrorInfo *error = NULL;
540 : size_t num_domains;
541 : uint32_t i;
542 2 : wbcErr ret = false;
543 :
544 2 : torture_assert_wbc_ok_goto_fail(tctx,
545 : wbcListTrusts(&domains, &num_domains),
546 : "%s",
547 : "wbcListTrusts failed");
548 2 : torture_assert_goto(tctx,
549 : !(num_domains > 0 && !domains),
550 : ret,
551 : fail,
552 : "wbcListTrusts returned invalid results");
553 :
554 8 : for (i=0; i < MIN(num_domains,100); i++) {
555 :
556 : /*
557 : struct wbcDomainSid sid;
558 : enum wbcSidType name_type;
559 : char *domain;
560 : char *name;
561 : */
562 6 : torture_assert_wbc_ok_goto_fail(tctx,
563 : wbcCheckTrustCredentials(domains[i].short_name,
564 : &error),
565 : "%s",
566 : "wbcCheckTrustCredentials failed");
567 : /*
568 : torture_assert_wbc_ok(tctx, wbcLookupName(domains[i].short_name, NULL, &sid, &name_type),
569 : "wbcLookupName failed");
570 : torture_assert_int_equal(tctx, name_type, WBC_SID_NAME_DOMAIN,
571 : "wbcLookupName expected WBC_SID_NAME_DOMAIN");
572 : torture_assert_wbc_ok(tctx, wbcLookupSid(&sid, &domain, &name, &name_type),
573 : "wbcLookupSid failed");
574 : torture_assert_int_equal(tctx, name_type, WBC_SID_NAME_DOMAIN,
575 : "wbcLookupSid expected WBC_SID_NAME_DOMAIN");
576 : torture_assert(tctx, name,
577 : "wbcLookupSid returned no name");
578 : */
579 6 : wbcFreeMemory(error);
580 6 : error = NULL;
581 : }
582 :
583 2 : ret = true;
584 2 : fail:
585 2 : wbcFreeMemory(domains);
586 2 : wbcFreeMemory(error);
587 :
588 2 : return ret;
589 : }
590 :
591 2 : static bool test_wbc_lookupdc(struct torture_context *tctx)
592 : {
593 2 : const char *domain_name = NULL;
594 : struct wbcInterfaceDetails *details;
595 : struct wbcDomainControllerInfo *dc_info;
596 :
597 2 : torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details),
598 : "%s", "wbcInterfaceDetails failed");
599 :
600 2 : domain_name = talloc_strdup(tctx, details->netbios_domain);
601 2 : wbcFreeMemory(details);
602 :
603 2 : torture_assert_wbc_ok(tctx, wbcLookupDomainController(domain_name, 0, &dc_info),
604 : "wbcLookupDomainController for %s failed", domain_name);
605 2 : wbcFreeMemory(dc_info);
606 :
607 2 : return true;
608 : }
609 :
610 2 : static bool test_wbc_lookupdcex(struct torture_context *tctx)
611 : {
612 2 : const char *domain_name = NULL;
613 : struct wbcInterfaceDetails *details;
614 : struct wbcDomainControllerInfoEx *dc_info;
615 :
616 2 : torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details),
617 : "%s", "wbcInterfaceDetails failed");
618 :
619 2 : domain_name = talloc_strdup(tctx, details->netbios_domain);
620 2 : wbcFreeMemory(details);
621 :
622 2 : torture_assert_wbc_ok(tctx, wbcLookupDomainControllerEx(domain_name, NULL, NULL, 0, &dc_info),
623 : "wbcLookupDomainControllerEx for %s failed", domain_name);
624 2 : wbcFreeMemory(dc_info);
625 :
626 2 : return true;
627 : }
628 :
629 2 : static bool test_wbc_resolve_winsbyname(struct torture_context *tctx)
630 : {
631 : const char *name;
632 : char *ip;
633 : wbcErr ret;
634 :
635 2 : name = torture_setting_string(tctx, "host", NULL);
636 :
637 2 : torture_comment(tctx, "test-WinsByName: host='%s'\n", name);
638 :
639 2 : ret = wbcResolveWinsByName(name, &ip);
640 :
641 2 : if (is_ipaddress(name)) {
642 0 : torture_assert_wbc_equal(tctx, ret, WBC_ERR_DOMAIN_NOT_FOUND, "wbcResolveWinsByName of %s failed", name);
643 : } else {
644 2 : torture_assert_wbc_ok(tctx, ret, "wbcResolveWinsByName for %s failed", name);
645 : }
646 :
647 2 : return true;
648 : }
649 :
650 2 : static bool test_wbc_resolve_winsbyip(struct torture_context *tctx)
651 : {
652 : const char *ip;
653 : const char *host;
654 : struct nbt_name nbt_name;
655 : char *name;
656 : wbcErr ret;
657 : NTSTATUS status;
658 :
659 2 : host = torture_setting_string(tctx, "host", NULL);
660 :
661 2 : torture_comment(tctx, "test-WinsByIp: host='%s'\n", host);
662 :
663 2 : make_nbt_name_server(&nbt_name, host);
664 :
665 2 : status = resolve_name_ex(lpcfg_resolve_context(tctx->lp_ctx),
666 : 0, 0, &nbt_name, tctx, &ip, tctx->ev);
667 2 : torture_assert_ntstatus_ok(tctx, status,
668 : talloc_asprintf(tctx,"Failed to resolve %s: %s",
669 : nbt_name.name, nt_errstr(status)));
670 :
671 2 : torture_comment(tctx, "test-WinsByIp: ip='%s'\n", ip);
672 :
673 2 : ret = wbcResolveWinsByIP(ip, &name);
674 :
675 2 : torture_assert_wbc_ok(tctx, ret, "wbcResolveWinsByIP for %s failed", ip);
676 :
677 2 : wbcFreeMemory(name);
678 :
679 2 : return true;
680 : }
681 :
682 2 : static bool test_wbc_lookup_rids(struct torture_context *tctx)
683 : {
684 : struct wbcDomainSid builtin;
685 2 : uint32_t rids[2] = { 544, 545 };
686 2 : const char *domain_name = NULL;
687 2 : const char **names = NULL;
688 : enum wbcSidType *types;
689 2 : wbcErr ret = false;
690 :
691 2 : wbcStringToSid("S-1-5-32", &builtin);
692 :
693 2 : ret = wbcLookupRids(&builtin, 2, rids, &domain_name, &names,
694 : &types);
695 2 : torture_assert_wbc_ok_goto_fail(
696 : tctx, ret, "%s", "wbcLookupRids for 544 and 545 failed");
697 :
698 2 : torture_assert_str_equal(
699 : tctx, names[0], "Administrators",
700 : "S-1-5-32-544 not mapped to 'Administrators'");
701 2 : torture_assert_str_equal_goto_fail(
702 : tctx, names[1], "Users", "S-1-5-32-545 not mapped to 'Users'");
703 :
704 2 : ret = true;
705 2 : fail:
706 2 : wbcFreeMemory(discard_const_p(char ,domain_name));
707 2 : wbcFreeMemory(names);
708 2 : wbcFreeMemory(types);
709 2 : return ret;
710 : }
711 :
712 2 : static bool test_wbc_get_sidaliases(struct torture_context *tctx)
713 : {
714 : struct wbcDomainSid builtin;
715 2 : struct wbcDomainInfo *info = NULL;
716 2 : struct wbcInterfaceDetails *details = NULL;
717 : struct wbcDomainSid sids[2];
718 2 : uint32_t *rids = NULL;
719 : uint32_t num_rids;
720 2 : wbcErr ret = false;
721 :
722 2 : torture_assert_wbc_ok_goto_fail(tctx,
723 : wbcInterfaceDetails(&details),
724 : "%s",
725 : "wbcInterfaceDetails failed");
726 2 : torture_assert_wbc_ok_goto_fail(tctx,
727 : wbcDomainInfo(details->netbios_domain, &info),
728 : "wbcDomainInfo of %s failed",
729 : details->netbios_domain);
730 :
731 2 : sids[0] = info->sid;
732 2 : sids[0].sub_auths[sids[0].num_auths++] = 500;
733 2 : sids[1] = info->sid;
734 2 : sids[1].sub_auths[sids[1].num_auths++] = 512;
735 :
736 2 : torture_assert_wbc_ok_goto_fail(tctx,
737 : wbcStringToSid("S-1-5-32", &builtin),
738 : "wbcStringToSid of %s failed",
739 : "S-1-5-32");
740 :
741 2 : ret = wbcGetSidAliases(&builtin, sids, 2, &rids, &num_rids);
742 2 : torture_assert_wbc_ok_goto_fail(tctx,
743 : ret,
744 : "%s",
745 : "wbcGetSidAliases failed");
746 :
747 2 : ret = true;
748 2 : fail:
749 2 : wbcFreeMemory(details);
750 2 : wbcFreeMemory(info);
751 2 : wbcFreeMemory(rids);
752 2 : return ret;
753 : }
754 :
755 6 : static bool test_wbc_authenticate_user_int(struct torture_context *tctx,
756 : const char *correct_password)
757 : {
758 : struct wbcAuthUserParams params;
759 6 : struct wbcAuthUserInfo *info = NULL;
760 6 : struct wbcAuthErrorInfo *error = NULL;
761 : wbcErr ret;
762 6 : struct cli_credentials *creds = samba_cmdline_get_creds();
763 :
764 6 : ret = wbcAuthenticateUser(cli_credentials_get_username(
765 : creds), correct_password);
766 6 : torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
767 : "wbcAuthenticateUser of %s failed",
768 : cli_credentials_get_username(creds));
769 :
770 6 : ZERO_STRUCT(params);
771 6 : params.account_name =
772 6 : cli_credentials_get_username(creds);
773 6 : params.level = WBC_AUTH_USER_LEVEL_PLAIN;
774 6 : params.password.plaintext = correct_password;
775 :
776 6 : ret = wbcAuthenticateUserEx(¶ms, &info, &error);
777 6 : torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
778 : "wbcAuthenticateUserEx of %s failed", params.account_name);
779 6 : wbcFreeMemory(info);
780 6 : info = NULL;
781 :
782 6 : wbcFreeMemory(error);
783 6 : error = NULL;
784 :
785 6 : params.password.plaintext = "wrong";
786 6 : ret = wbcAuthenticateUserEx(¶ms, &info, &error);
787 6 : torture_assert_wbc_equal(tctx, ret, WBC_ERR_AUTH_ERROR,
788 : "wbcAuthenticateUserEx for %s succeeded where it "
789 : "should have failed", params.account_name);
790 6 : wbcFreeMemory(info);
791 6 : info = NULL;
792 :
793 6 : wbcFreeMemory(error);
794 6 : error = NULL;
795 :
796 6 : return true;
797 : }
798 :
799 2 : static bool test_wbc_authenticate_user(struct torture_context *tctx)
800 : {
801 2 : struct cli_credentials *creds = samba_cmdline_get_creds();
802 :
803 2 : return test_wbc_authenticate_user_int(tctx,
804 : cli_credentials_get_password(creds));
805 : }
806 :
807 2 : static bool test_wbc_change_password(struct torture_context *tctx)
808 : {
809 : wbcErr ret;
810 2 : struct cli_credentials *creds = samba_cmdline_get_creds();
811 1 : const char *oldpass =
812 1 : cli_credentials_get_password(creds);
813 2 : const char *newpass = "Koo8irei%$";
814 :
815 : struct samr_CryptPassword new_nt_password;
816 : struct samr_CryptPassword new_lm_password;
817 : struct samr_Password old_nt_hash_enc;
818 : struct samr_Password old_lanman_hash_enc;
819 :
820 2 : gnutls_cipher_hd_t cipher_hnd = NULL;
821 :
822 : uint8_t old_nt_hash[16];
823 : uint8_t old_lanman_hash[16];
824 : uint8_t new_nt_hash[16];
825 : uint8_t new_lanman_hash[16];
826 2 : gnutls_datum_t old_nt_key = {
827 : .data = old_nt_hash,
828 : .size = sizeof(old_nt_hash),
829 : };
830 :
831 : struct wbcChangePasswordParams params;
832 :
833 2 : if (oldpass == NULL) {
834 0 : torture_skip(tctx,
835 : "skipping wbcChangeUserPassword test as old password cannot be retrieved\n");
836 : }
837 :
838 2 : ZERO_STRUCT(params);
839 :
840 2 : E_md4hash(oldpass, old_nt_hash);
841 2 : E_md4hash(newpass, new_nt_hash);
842 :
843 2 : if (lpcfg_client_lanman_auth(tctx->lp_ctx) &&
844 0 : E_deshash(newpass, new_lanman_hash) &&
845 0 : E_deshash(oldpass, old_lanman_hash)) {
846 :
847 : /* E_deshash returns false for 'long' passwords (> 14
848 : DOS chars). This allows us to match Win2k, which
849 : does not store a LM hash for these passwords (which
850 : would reduce the effective password length to 14) */
851 :
852 0 : encode_pw_buffer(new_lm_password.data, newpass, STR_UNICODE);
853 :
854 0 : gnutls_cipher_init(&cipher_hnd,
855 : GNUTLS_CIPHER_ARCFOUR_128,
856 : &old_nt_key,
857 : NULL);
858 0 : gnutls_cipher_encrypt(cipher_hnd,
859 : new_lm_password.data,
860 : 516);
861 0 : gnutls_cipher_deinit(cipher_hnd);
862 :
863 0 : E_old_pw_hash(new_nt_hash, old_lanman_hash,
864 : old_lanman_hash_enc.hash);
865 :
866 0 : params.old_password.response.old_lm_hash_enc_length =
867 : sizeof(old_lanman_hash_enc.hash);
868 0 : params.old_password.response.old_lm_hash_enc_data =
869 : old_lanman_hash_enc.hash;
870 0 : params.new_password.response.lm_length =
871 : sizeof(new_lm_password.data);
872 0 : params.new_password.response.lm_data =
873 : new_lm_password.data;
874 : } else {
875 2 : ZERO_STRUCT(new_lm_password);
876 2 : ZERO_STRUCT(old_lanman_hash_enc);
877 : }
878 :
879 2 : encode_pw_buffer(new_nt_password.data, newpass, STR_UNICODE);
880 :
881 2 : gnutls_cipher_init(&cipher_hnd,
882 : GNUTLS_CIPHER_ARCFOUR_128,
883 : &old_nt_key,
884 : NULL);
885 2 : gnutls_cipher_encrypt(cipher_hnd,
886 : new_nt_password.data,
887 : 516);
888 2 : gnutls_cipher_deinit(cipher_hnd);
889 :
890 2 : E_old_pw_hash(new_nt_hash, old_nt_hash, old_nt_hash_enc.hash);
891 :
892 2 : params.old_password.response.old_nt_hash_enc_length =
893 : sizeof(old_nt_hash_enc.hash);
894 2 : params.old_password.response.old_nt_hash_enc_data =
895 : old_nt_hash_enc.hash;
896 2 : params.new_password.response.nt_length = sizeof(new_nt_password.data);
897 2 : params.new_password.response.nt_data = new_nt_password.data;
898 :
899 2 : params.level = WBC_CHANGE_PASSWORD_LEVEL_RESPONSE;
900 2 : params.account_name =
901 2 : cli_credentials_get_username(creds);
902 2 : params.domain_name =
903 2 : cli_credentials_get_domain(creds);
904 :
905 2 : ret = wbcChangeUserPasswordEx(¶ms, NULL, NULL, NULL);
906 2 : torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
907 : "wbcChangeUserPassword for %s failed", params.account_name);
908 :
909 2 : if (!test_wbc_authenticate_user_int(tctx, newpass)) {
910 0 : return false;
911 : }
912 :
913 2 : ret = wbcChangeUserPassword(
914 : cli_credentials_get_username(creds),
915 : newpass,
916 : cli_credentials_get_password(creds));
917 2 : torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
918 : "wbcChangeUserPassword for %s failed", params.account_name);
919 :
920 2 : return test_wbc_authenticate_user_int(tctx,
921 : cli_credentials_get_password(creds));
922 : }
923 :
924 2 : static bool test_wbc_logon_user(struct torture_context *tctx)
925 : {
926 : struct wbcLogonUserParams params;
927 2 : struct wbcLogonUserInfo *info = NULL;
928 2 : struct wbcAuthErrorInfo *error = NULL;
929 2 : struct wbcUserPasswordPolicyInfo *policy = NULL;
930 : struct wbcInterfaceDetails *iface;
931 : struct wbcDomainSid sid;
932 : enum wbcSidType sidtype;
933 : char *sidstr;
934 : wbcErr ret;
935 2 : struct cli_credentials *creds = samba_cmdline_get_creds();
936 2 : uint32_t i, flags = 0;
937 2 : const char *expected_unix_username = NULL;
938 2 : const char *unix_username = NULL;
939 :
940 2 : ZERO_STRUCT(params);
941 :
942 2 : ret = wbcLogonUser(¶ms, &info, &error, &policy);
943 2 : torture_assert_wbc_equal(tctx, ret, WBC_ERR_INVALID_PARAM,
944 : "%s", "wbcLogonUser succeeded for NULL where it should "
945 : "have failed");
946 :
947 2 : params.username =
948 2 : cli_credentials_get_username(creds);
949 2 : params.password =
950 2 : cli_credentials_get_password(creds);
951 :
952 2 : ret = wbcAddNamedBlob(¶ms.num_blobs, ¶ms.blobs,
953 : "foo", 0, discard_const_p(uint8_t, "bar"), 4);
954 2 : torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
955 : "%s", "wbcAddNamedBlob failed");
956 :
957 2 : ret = wbcLogonUser(¶ms, &info, &error, &policy);
958 2 : torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
959 : "wbcLogonUser for %s failed", params.username);
960 2 : wbcFreeMemory(info); info = NULL;
961 2 : wbcFreeMemory(error); error = NULL;
962 2 : wbcFreeMemory(policy); policy = NULL;
963 :
964 2 : params.password = "wrong";
965 :
966 2 : ret = wbcLogonUser(¶ms, &info, &error, &policy);
967 2 : torture_assert_wbc_equal(tctx, ret, WBC_ERR_AUTH_ERROR,
968 : "wbcLogonUser for %s should have failed with "
969 : "WBC_ERR_AUTH_ERROR", params.username);
970 2 : wbcFreeMemory(info); info = NULL;
971 2 : wbcFreeMemory(error); error = NULL;
972 2 : wbcFreeMemory(policy); policy = NULL;
973 :
974 2 : ret = wbcAddNamedBlob(¶ms.num_blobs, ¶ms.blobs,
975 : "membership_of", 0,
976 : discard_const_p(uint8_t, "S-1-2-3-4"),
977 : strlen("S-1-2-3-4")+1);
978 2 : torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
979 : "%s", "wbcAddNamedBlob failed");
980 2 : params.password =
981 2 : cli_credentials_get_password(creds);
982 2 : ret = wbcLogonUser(¶ms, &info, &error, &policy);
983 2 : torture_assert_wbc_equal(tctx, ret, WBC_ERR_AUTH_ERROR,
984 : "wbcLogonUser for %s should have failed with "
985 : "WBC_ERR_AUTH_ERROR", params.username);
986 2 : wbcFreeMemory(info); info = NULL;
987 2 : wbcFreeMemory(error); error = NULL;
988 2 : wbcFreeMemory(policy); policy = NULL;
989 2 : wbcFreeMemory(params.blobs);
990 2 : params.blobs = NULL; params.num_blobs = 0;
991 :
992 2 : ret = wbcInterfaceDetails(&iface);
993 2 : torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
994 : "%s", "wbcInterfaceDetails failed");
995 :
996 2 : ret = wbcLookupName(iface->netbios_domain,
997 : cli_credentials_get_username(creds),
998 : &sid,
999 : &sidtype);
1000 2 : wbcFreeMemory(iface);
1001 2 : torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
1002 : "wbcLookupName for %s failed",
1003 : cli_credentials_get_username(creds));
1004 :
1005 2 : ret = wbcSidToString(&sid, &sidstr);
1006 2 : torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
1007 : "%s", "wbcSidToString failed");
1008 :
1009 2 : ret = wbcAddNamedBlob(¶ms.num_blobs, ¶ms.blobs,
1010 : "membership_of", 0,
1011 2 : (uint8_t *)sidstr, strlen(sidstr)+1);
1012 2 : torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
1013 : "%s", "wbcAddNamedBlob failed");
1014 2 : wbcFreeMemory(sidstr);
1015 2 : params.password =
1016 2 : cli_credentials_get_password(creds);
1017 2 : ret = wbcLogonUser(¶ms, &info, &error, &policy);
1018 2 : torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
1019 : "wbcLogonUser for %s failed", params.username);
1020 2 : wbcFreeMemory(info); info = NULL;
1021 2 : wbcFreeMemory(error); error = NULL;
1022 2 : wbcFreeMemory(policy); policy = NULL;
1023 2 : wbcFreeMemory(params.blobs);
1024 2 : params.blobs = NULL; params.num_blobs = 0;
1025 :
1026 : /* Test WBFLAG_PAM_UNIX_NAME */
1027 2 : params.username = cli_credentials_get_username(creds);
1028 2 : params.password = cli_credentials_get_password(creds);
1029 2 : flags = WBFLAG_PAM_UNIX_NAME;
1030 :
1031 2 : torture_assert(tctx,
1032 : lp_load_global(lpcfg_configfile(tctx->lp_ctx)),
1033 : "lp_load_global() failed\n");
1034 2 : expected_unix_username = fill_domain_username_talloc(tctx,
1035 : cli_credentials_get_domain(creds),
1036 : cli_credentials_get_username(creds),
1037 : true);
1038 :
1039 2 : ret = wbcAddNamedBlob(¶ms.num_blobs, ¶ms.blobs, "flags", 0,
1040 : (uint8_t *)&flags, sizeof(flags));
1041 2 : torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
1042 : "%s", "wbcAddNamedBlob failed");
1043 :
1044 2 : ret = wbcLogonUser(¶ms, &info, &error, &policy);
1045 2 : torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
1046 : "wbcLogonUser for %s failed",
1047 : params.username);
1048 :
1049 4 : for (unix_username=NULL, i=0; i<info->num_blobs; i++) {
1050 2 : torture_comment(tctx, "Found named blob '%s'\n", info->blobs[i].name);
1051 2 : if (strequal(info->blobs[i].name, "unix_username")) {
1052 2 : unix_username = (const char *)info->blobs[i].blob.data;
1053 : }
1054 : }
1055 2 : torture_assert_not_null(tctx, unix_username,
1056 : "wbcLogonUserInfo does not have unix_username blob\n");
1057 2 : torture_assert_str_equal(tctx, unix_username,
1058 : expected_unix_username,
1059 : "Unexpected unix_username");
1060 2 : wbcFreeMemory(info); info = NULL;
1061 2 : wbcFreeMemory(error); error = NULL;
1062 2 : wbcFreeMemory(policy); policy = NULL;
1063 2 : wbcFreeMemory(params.blobs);
1064 2 : params.blobs = NULL; params.num_blobs = 0;
1065 :
1066 2 : return true;
1067 : }
1068 :
1069 2 : static bool test_wbc_getgroups(struct torture_context *tctx)
1070 : {
1071 : wbcErr ret;
1072 : uint32_t num_groups;
1073 : gid_t *groups;
1074 2 : struct cli_credentials *creds = samba_cmdline_get_creds();
1075 :
1076 2 : ret = wbcGetGroups(
1077 : cli_credentials_get_username(creds),
1078 : &num_groups,
1079 : &groups);
1080 2 : torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
1081 : "wbcGetGroups for %s failed",
1082 : cli_credentials_get_username(creds));
1083 2 : wbcFreeMemory(groups);
1084 2 : return true;
1085 : }
1086 :
1087 964 : struct torture_suite *torture_wbclient(TALLOC_CTX *ctx)
1088 : {
1089 964 : struct torture_suite *suite = torture_suite_create(ctx, "wbclient");
1090 :
1091 964 : torture_suite_add_simple_test(suite, "wbcPing", test_wbc_ping);
1092 964 : torture_suite_add_simple_test(suite, "wbcPingDc", test_wbc_pingdc);
1093 964 : torture_suite_add_simple_test(suite, "wbcPingDc2", test_wbc_pingdc2);
1094 964 : torture_suite_add_simple_test(suite, "wbcLibraryDetails", test_wbc_library_details);
1095 964 : torture_suite_add_simple_test(suite, "wbcInterfaceDetails", test_wbc_interface_details);
1096 964 : torture_suite_add_simple_test(suite, "wbcSidTypeString", test_wbc_sidtypestring);
1097 964 : torture_suite_add_simple_test(suite, "wbcSidToString", test_wbc_sidtostring);
1098 964 : torture_suite_add_simple_test(suite, "wbcGuidToString", test_wbc_guidtostring);
1099 964 : torture_suite_add_simple_test(suite, "wbcDomainInfo", test_wbc_domain_info);
1100 964 : torture_suite_add_simple_test(suite, "wbcListUsers", test_wbc_users);
1101 964 : torture_suite_add_simple_test(suite, "wbcListGroups", test_wbc_groups);
1102 964 : torture_suite_add_simple_test(suite, "wbcListTrusts", test_wbc_trusts);
1103 964 : torture_suite_add_simple_test(suite, "wbcLookupDomainController", test_wbc_lookupdc);
1104 964 : torture_suite_add_simple_test(suite, "wbcLookupDomainControllerEx", test_wbc_lookupdcex);
1105 964 : torture_suite_add_simple_test(suite, "wbcResolveWinsByName", test_wbc_resolve_winsbyname);
1106 964 : torture_suite_add_simple_test(suite, "wbcResolveWinsByIP", test_wbc_resolve_winsbyip);
1107 964 : torture_suite_add_simple_test(suite, "wbcLookupRids",
1108 : test_wbc_lookup_rids);
1109 964 : torture_suite_add_simple_test(suite, "wbcGetSidAliases",
1110 : test_wbc_get_sidaliases);
1111 964 : torture_suite_add_simple_test(suite, "wbcAuthenticateUser",
1112 : test_wbc_authenticate_user);
1113 964 : torture_suite_add_simple_test(suite, "wbcLogonUser",
1114 : test_wbc_logon_user);
1115 964 : torture_suite_add_simple_test(suite, "wbcChangeUserPassword",
1116 : test_wbc_change_password);
1117 964 : torture_suite_add_simple_test(suite, "wbcGetGroups",
1118 : test_wbc_getgroups);
1119 :
1120 964 : return suite;
1121 : }
|
