Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 : test suite for RAP sam operations
4 :
5 : Copyright (C) Guenther Deschner 2010-2011
6 :
7 : This program is free software; you can redistribute it and/or modify
8 : it under the terms of the GNU General Public License as published by
9 : the Free Software Foundation; either version 3 of the License, or
10 : (at your option) any later version.
11 :
12 : This program is distributed in the hope that it will be useful,
13 : but WITHOUT ANY WARRANTY; without even the implied warranty of
14 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 : GNU General Public License for more details.
16 :
17 : You should have received a copy of the GNU General Public License
18 : along with this program. If not, see <http://www.gnu.org/licenses/>.
19 : */
20 :
21 : #include "includes.h"
22 : #include "libcli/libcli.h"
23 : #include "torture/torture.h"
24 : #include "torture/util.h"
25 : #include "torture/smbtorture.h"
26 : #include "torture/util.h"
27 : #include "libcli/rap/rap.h"
28 : #include "torture/rap/proto.h"
29 : #include "../libcli/auth/libcli_auth.h"
30 : #include "torture/rpc/torture_rpc.h"
31 :
32 : #include <gnutls/gnutls.h>
33 : #include <gnutls/crypto.h>
34 :
35 : #define TEST_RAP_USER "torture_rap_user"
36 :
37 0 : static char *samr_rand_pass(TALLOC_CTX *mem_ctx, int min_len)
38 : {
39 0 : size_t len = MAX(8, min_len);
40 0 : char *s = generate_random_password(mem_ctx, len, len+6);
41 0 : printf("Generated password '%s'\n", s);
42 0 : return s;
43 : }
44 :
45 0 : static bool test_userpasswordset2_args(struct torture_context *tctx,
46 : struct smbcli_state *cli,
47 : const char *username,
48 : const char **password)
49 : {
50 : struct rap_NetUserPasswordSet2 r;
51 0 : char *newpass = samr_rand_pass(tctx, 8);
52 :
53 0 : ZERO_STRUCT(r);
54 :
55 0 : r.in.UserName = username;
56 :
57 0 : memcpy(r.in.OldPassword, *password, MIN(strlen(*password), 16));
58 0 : memcpy(r.in.NewPassword, newpass, MIN(strlen(newpass), 16));
59 0 : r.in.EncryptedPassword = 0;
60 0 : r.in.RealPasswordLength = strlen(newpass);
61 :
62 0 : torture_comment(tctx, "Testing rap_NetUserPasswordSet2(%s)\n", r.in.UserName);
63 :
64 0 : torture_assert_ntstatus_ok(tctx,
65 : smbcli_rap_netuserpasswordset2(cli->tree, tctx, &r),
66 : "smbcli_rap_netuserpasswordset2 failed");
67 0 : if (!W_ERROR_IS_OK(W_ERROR(r.out.status))) {
68 0 : torture_warning(tctx, "RAP NetUserPasswordSet2 gave: %s\n",
69 0 : win_errstr(W_ERROR(r.out.status)));
70 : } else {
71 0 : *password = newpass;
72 : }
73 :
74 0 : return true;
75 : }
76 :
77 0 : static bool test_userpasswordset2_crypt_args(struct torture_context *tctx,
78 : struct smbcli_state *cli,
79 : const char *username,
80 : const char **password)
81 : {
82 : struct rap_NetUserPasswordSet2 r;
83 0 : char *newpass = samr_rand_pass(tctx, 8);
84 :
85 0 : r.in.UserName = username;
86 :
87 0 : E_deshash(*password, r.in.OldPassword);
88 0 : E_deshash(newpass, r.in.NewPassword);
89 :
90 0 : r.in.RealPasswordLength = strlen(newpass);
91 0 : r.in.EncryptedPassword = 1;
92 :
93 0 : torture_comment(tctx, "Testing rap_NetUserPasswordSet2(%s)\n", r.in.UserName);
94 :
95 0 : torture_assert_ntstatus_ok(tctx,
96 : smbcli_rap_netuserpasswordset2(cli->tree, tctx, &r),
97 : "smbcli_rap_netuserpasswordset2 failed");
98 0 : if (!W_ERROR_IS_OK(W_ERROR(r.out.status))) {
99 0 : torture_warning(tctx, "RAP NetUserPasswordSet2 gave: %s\n",
100 0 : win_errstr(W_ERROR(r.out.status)));
101 : } else {
102 0 : *password = newpass;
103 : }
104 :
105 0 : return true;
106 : }
107 :
108 0 : static bool test_userpasswordset2(struct torture_context *tctx,
109 : struct smbcli_state *cli)
110 : {
111 : struct test_join *join_ctx;
112 : const char *password;
113 0 : bool ret = true;
114 :
115 0 : join_ctx = torture_create_testuser_max_pwlen(tctx, TEST_RAP_USER,
116 : torture_setting_string(tctx, "workgroup", NULL),
117 : ACB_NORMAL,
118 : &password, 14);
119 0 : if (join_ctx == NULL) {
120 0 : torture_fail(tctx, "failed to create user\n");
121 : }
122 :
123 0 : ret &= test_userpasswordset2_args(tctx, cli, TEST_RAP_USER, &password);
124 0 : ret &= test_userpasswordset2_crypt_args(tctx, cli, TEST_RAP_USER, &password);
125 :
126 0 : torture_leave_domain(tctx, join_ctx);
127 :
128 0 : return ret;
129 : }
130 :
131 0 : static bool test_oemchangepassword_args(struct torture_context *tctx,
132 : struct smbcli_state *cli,
133 : const char *username,
134 : const char **password)
135 : {
136 : struct rap_NetOEMChangePassword r;
137 :
138 0 : const char *oldpass = *password;
139 0 : char *newpass = samr_rand_pass(tctx, 9);
140 : uint8_t old_pw_hash[16];
141 : uint8_t new_pw_hash[16];
142 0 : gnutls_cipher_hd_t cipher_hnd = NULL;
143 0 : gnutls_datum_t pw_key = {
144 : .data = old_pw_hash,
145 : .size = sizeof(old_pw_hash),
146 : };
147 :
148 0 : r.in.UserName = username;
149 :
150 0 : E_deshash(oldpass, old_pw_hash);
151 0 : E_deshash(newpass, new_pw_hash);
152 :
153 0 : encode_pw_buffer(r.in.crypt_password, newpass, STR_ASCII);
154 :
155 0 : gnutls_cipher_init(&cipher_hnd,
156 : GNUTLS_CIPHER_ARCFOUR_128,
157 : &pw_key,
158 : NULL);
159 0 : gnutls_cipher_encrypt(cipher_hnd,
160 : r.in.crypt_password,
161 : 516);
162 0 : gnutls_cipher_deinit(cipher_hnd);
163 0 : E_old_pw_hash(new_pw_hash, old_pw_hash, r.in.password_hash);
164 :
165 0 : torture_comment(tctx, "Testing rap_NetOEMChangePassword(%s)\n", r.in.UserName);
166 :
167 0 : torture_assert_ntstatus_ok(tctx,
168 : smbcli_rap_netoemchangepassword(cli->tree, tctx, &r),
169 : "smbcli_rap_netoemchangepassword failed");
170 0 : if (!W_ERROR_IS_OK(W_ERROR(r.out.status))) {
171 0 : torture_warning(tctx, "RAP NetOEMChangePassword gave: %s\n",
172 0 : win_errstr(W_ERROR(r.out.status)));
173 : } else {
174 0 : *password = newpass;
175 : }
176 :
177 0 : return true;
178 : }
179 :
180 0 : static bool test_oemchangepassword(struct torture_context *tctx,
181 : struct smbcli_state *cli)
182 : {
183 :
184 : struct test_join *join_ctx;
185 : const char *password;
186 : bool ret;
187 :
188 0 : join_ctx = torture_create_testuser_max_pwlen(tctx, TEST_RAP_USER,
189 : torture_setting_string(tctx, "workgroup", NULL),
190 : ACB_NORMAL,
191 : &password, 14);
192 0 : if (join_ctx == NULL) {
193 0 : torture_fail(tctx, "failed to create user\n");
194 : }
195 :
196 0 : ret = test_oemchangepassword_args(tctx, cli, TEST_RAP_USER, &password);
197 :
198 0 : torture_leave_domain(tctx, join_ctx);
199 :
200 0 : return ret;
201 : }
202 :
203 0 : static bool test_usergetinfo_byname(struct torture_context *tctx,
204 : struct smbcli_state *cli,
205 : const char *UserName)
206 : {
207 : struct rap_NetUserGetInfo r;
208 : int i;
209 0 : uint16_t levels[] = { 0, 1, 2, 10, 11 };
210 :
211 0 : for (i=0; i < ARRAY_SIZE(levels); i++) {
212 :
213 0 : r.in.UserName = UserName;
214 0 : r.in.level = levels[i];
215 0 : r.in.bufsize = 8192;
216 :
217 0 : torture_comment(tctx,
218 0 : "Testing rap_NetUserGetInfo(%s) level %d\n", r.in.UserName, r.in.level);
219 :
220 0 : torture_assert_ntstatus_ok(tctx,
221 : smbcli_rap_netusergetinfo(cli->tree, tctx, &r),
222 : "smbcli_rap_netusergetinfo failed");
223 0 : torture_assert_werr_ok(tctx, W_ERROR(r.out.status),
224 : "smbcli_rap_netusergetinfo failed");
225 : }
226 :
227 0 : return true;
228 : }
229 :
230 0 : static bool test_usergetinfo(struct torture_context *tctx,
231 : struct smbcli_state *cli)
232 : {
233 :
234 : struct test_join *join_ctx;
235 : const char *password;
236 : bool ret;
237 :
238 0 : join_ctx = torture_create_testuser_max_pwlen(tctx, TEST_RAP_USER,
239 : torture_setting_string(tctx, "workgroup", NULL),
240 : ACB_NORMAL,
241 : &password, 14);
242 0 : if (join_ctx == NULL) {
243 0 : torture_fail(tctx, "failed to create user\n");
244 : }
245 :
246 0 : ret = test_usergetinfo_byname(tctx, cli, TEST_RAP_USER);
247 :
248 0 : torture_leave_domain(tctx, join_ctx);
249 :
250 0 : return ret;
251 : }
252 :
253 0 : static bool test_useradd(struct torture_context *tctx,
254 : struct smbcli_state *cli)
255 : {
256 :
257 : struct rap_NetUserAdd r;
258 : struct rap_NetUserInfo1 info1;
259 : int i;
260 0 : uint16_t levels[] = { 1 };
261 0 : const char *username = TEST_RAP_USER;
262 :
263 0 : for (i=0; i < ARRAY_SIZE(levels); i++) {
264 :
265 : const char *pwd;
266 :
267 0 : pwd = generate_random_password(tctx, 9, 16);
268 :
269 0 : r.in.level = levels[i];
270 0 : r.in.bufsize = 0xffff;
271 0 : r.in.pwdlength = strlen(pwd);
272 0 : r.in.unknown = 0;
273 :
274 0 : switch (r.in.level) {
275 0 : case 1:
276 0 : ZERO_STRUCT(info1);
277 :
278 0 : info1.Name = username;
279 0 : memcpy(info1.Password, pwd, MIN(strlen(pwd), 16));
280 0 : info1.Priv = USER_PRIV_USER;
281 0 : info1.Flags = 0x21;
282 0 : info1.HomeDir = "home_dir";
283 0 : info1.Comment = "comment";
284 0 : info1.ScriptPath = "logon_script";
285 :
286 0 : r.in.info.info1 = info1;
287 0 : break;
288 : }
289 :
290 0 : torture_comment(tctx,
291 0 : "Testing rap_NetUserAdd(%s) level %d\n", username, r.in.level);
292 :
293 0 : torture_assert_ntstatus_ok(tctx,
294 : smbcli_rap_netuseradd(cli->tree, tctx, &r),
295 : "smbcli_rap_netuseradd failed");
296 0 : torture_assert_werr_ok(tctx, W_ERROR(r.out.status),
297 : "smbcli_rap_netuseradd failed");
298 :
299 0 : torture_assert_ntstatus_ok(tctx,
300 : smbcli_rap_netuseradd(cli->tree, tctx, &r),
301 : "2nd smbcli_rap_netuseradd failed");
302 0 : torture_assert_werr_equal(tctx, W_ERROR(r.out.status), WERR_NERR_USEREXISTS,
303 : "2nd smbcli_rap_netuseradd failed");
304 :
305 : {
306 : struct rap_NetUserDelete d;
307 :
308 0 : d.in.UserName = username;
309 :
310 0 : smbcli_rap_netuserdelete(cli->tree, tctx, &d);
311 : }
312 : }
313 :
314 0 : return true;
315 : }
316 :
317 0 : static bool test_userdelete(struct torture_context *tctx,
318 : struct smbcli_state *cli)
319 : {
320 :
321 : struct rap_NetUserDelete r;
322 :
323 : {
324 : struct rap_NetUserAdd a;
325 : const char *pwd;
326 :
327 0 : ZERO_STRUCT(a.in.info.info1);
328 :
329 0 : pwd = generate_random_password(tctx, 9, 16);
330 :
331 0 : a.in.level = 1;
332 0 : a.in.bufsize = 0xffff;
333 0 : a.in.pwdlength = strlen(pwd);
334 0 : a.in.unknown = 0;
335 0 : a.in.info.info1.Name = TEST_RAP_USER;
336 0 : a.in.info.info1.Priv = USER_PRIV_USER;
337 :
338 0 : memcpy(a.in.info.info1.Password, pwd, MIN(strlen(pwd), 16));
339 :
340 0 : torture_assert_ntstatus_ok(tctx,
341 : smbcli_rap_netuseradd(cli->tree, tctx, &a),
342 : "smbcli_rap_netuseradd failed");
343 : }
344 :
345 0 : r.in.UserName = TEST_RAP_USER;
346 :
347 0 : torture_comment(tctx,
348 : "Testing rap_NetUserDelete(%s)\n", r.in.UserName);
349 :
350 0 : torture_assert_ntstatus_ok(tctx,
351 : smbcli_rap_netuserdelete(cli->tree, tctx, &r),
352 : "smbcli_rap_netuserdelete failed");
353 0 : torture_assert_werr_ok(tctx, W_ERROR(r.out.status),
354 : "smbcli_rap_netuserdelete failed");
355 :
356 0 : torture_assert_ntstatus_ok(tctx,
357 : smbcli_rap_netuserdelete(cli->tree, tctx, &r),
358 : "2nd smbcli_rap_netuserdelete failed");
359 0 : torture_assert_werr_equal(tctx, W_ERROR(r.out.status), WERR_NERR_USERNOTFOUND,
360 : "2nd smbcli_rap_netuserdelete failed");
361 :
362 0 : return true;
363 : }
364 :
365 964 : struct torture_suite *torture_rap_sam(TALLOC_CTX *mem_ctx)
366 : {
367 964 : struct torture_suite *suite = torture_suite_create(mem_ctx, "sam");
368 :
369 964 : torture_suite_add_1smb_test(suite, "userpasswordset2", test_userpasswordset2);
370 964 : torture_suite_add_1smb_test(suite, "oemchangepassword", test_oemchangepassword);
371 964 : torture_suite_add_1smb_test(suite, "usergetinfo", test_usergetinfo);
372 964 : torture_suite_add_1smb_test(suite, "useradd", test_useradd);
373 964 : torture_suite_add_1smb_test(suite, "userdelete", test_userdelete);
374 :
375 964 : return suite;
376 : }
|