Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 : SMB torture tester - winbind struct based protocol
4 : Copyright (C) Stefan Metzmacher 2007
5 : Copyright (C) Michael Adam 2007
6 :
7 : This program is free software; you can redistribute it and/or modify
8 : it under the terms of the GNU General Public License as published by
9 : the Free Software Foundation; either version 3 of the License, or
10 : (at your option) any later version.
11 :
12 : This program is distributed in the hope that it will be useful,
13 : but WITHOUT ANY WARRANTY; without even the implied warranty of
14 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 : GNU General Public License for more details.
16 :
17 : You should have received a copy of the GNU General Public License
18 : along with this program. If not, see <http://www.gnu.org/licenses/>.
19 : */
20 :
21 : #include "includes.h"
22 : #include "torture/torture.h"
23 : #include "nsswitch/libwbclient/wbclient.h"
24 : #include "nsswitch/winbind_nss_config.h"
25 : #include "nsswitch/winbind_struct_protocol.h"
26 : #include "nsswitch/libwbclient/wbclient_internal.h"
27 : #include "libcli/security/security.h"
28 : #include "librpc/gen_ndr/netlogon.h"
29 : #include "param/param.h"
30 : #include "../libcli/auth/pam_errors.h"
31 : #include "torture/winbind/proto.h"
32 : #include "lib/util/string_wrappers.h"
33 :
34 : #define DO_STRUCT_REQ_REP_EXT(op,req,rep,expected,strict,warnaction,cmt) do { \
35 : const char *__cmt = (cmt); \
36 : wbcErr __wbc_status = WBC_ERR_UNKNOWN_FAILURE; \
37 : NSS_STATUS __got, __expected = (expected); \
38 : __wbc_status = wbcRequestResponse(NULL, op, req, rep); \
39 : switch (__wbc_status) { \
40 : case WBC_ERR_SUCCESS: \
41 : __got = NSS_STATUS_SUCCESS; \
42 : break; \
43 : case WBC_ERR_WINBIND_NOT_AVAILABLE: \
44 : __got = NSS_STATUS_UNAVAIL; \
45 : break; \
46 : case WBC_ERR_DOMAIN_NOT_FOUND: \
47 : __got = NSS_STATUS_NOTFOUND; \
48 : break; \
49 : default: \
50 : torture_result(torture, TORTURE_FAIL, \
51 : __location__ ": " __STRING(op) \
52 : " returned unmapped %s, expected nss %d%s%s", \
53 : wbcErrorString(__wbc_status), __expected, \
54 : (__cmt) ? ": " : "", \
55 : (__cmt) ? (__cmt) : ""); \
56 : return false; \
57 : } \
58 : if (__got != __expected) { \
59 : if (strict) { \
60 : torture_result(torture, TORTURE_FAIL, \
61 : __location__ ": " __STRING(op) \
62 : " returned %s, got %d , expected %d%s%s", \
63 : wbcErrorString(__wbc_status), __got, __expected, \
64 : (__cmt) ? ": " : "", \
65 : (__cmt) ? (__cmt) : ""); \
66 : return false; \
67 : } else { \
68 : torture_warning(torture, \
69 : __location__ ": " __STRING(op) \
70 : " returned %s, got %d , expected %d%s%s", \
71 : wbcErrorString(__wbc_status), __got, __expected, \
72 : (__cmt) ? ": " : "", \
73 : (__cmt) ? (__cmt) : ""); \
74 : warnaction; \
75 : } \
76 : } \
77 : } while(0)
78 :
79 : #undef _STRUCT_NOOP
80 : #define _STRUCT_NOOP do {} while(0);
81 : #define DO_STRUCT_REQ_REP(op,req,rep) do { \
82 : DO_STRUCT_REQ_REP_EXT(op,req,rep,NSS_STATUS_SUCCESS,true, _STRUCT_NOOP, NULL); \
83 : } while (0)
84 :
85 2 : static bool torture_winbind_struct_interface_version(struct torture_context *torture)
86 : {
87 : struct winbindd_request req;
88 : struct winbindd_response rep;
89 :
90 2 : ZERO_STRUCT(req);
91 2 : ZERO_STRUCT(rep);
92 :
93 2 : torture_comment(torture, "Running WINBINDD_INTERFACE_VERSION (struct based)\n");
94 :
95 2 : DO_STRUCT_REQ_REP(WINBINDD_INTERFACE_VERSION, &req, &rep);
96 :
97 2 : torture_assert_int_equal(torture,
98 : rep.data.interface_version,
99 : WINBIND_INTERFACE_VERSION,
100 : "winbind server and client doesn't match");
101 :
102 2 : return true;
103 : }
104 :
105 2 : static bool torture_winbind_struct_ping(struct torture_context *torture)
106 : {
107 2 : struct timeval tv = timeval_current();
108 2 : int timelimit = torture_setting_int(torture, "timelimit", 5);
109 2 : uint32_t total = 0;
110 :
111 2 : torture_comment(torture,
112 : "Running WINBINDD_PING (struct based) for %d seconds\n",
113 : timelimit);
114 :
115 42569 : while (timeval_elapsed(&tv) < timelimit) {
116 42566 : DO_STRUCT_REQ_REP(WINBINDD_PING, NULL, NULL);
117 42566 : total++;
118 : }
119 :
120 3 : torture_comment(torture,
121 : "%u (%.1f/s) WINBINDD_PING (struct based)\n",
122 2 : total, total / timeval_elapsed(&tv));
123 :
124 2 : return true;
125 : }
126 :
127 :
128 52 : static char winbind_separator(struct torture_context *torture)
129 : {
130 : struct winbindd_response rep;
131 :
132 52 : ZERO_STRUCT(rep);
133 :
134 52 : DO_STRUCT_REQ_REP(WINBINDD_INFO, NULL, &rep);
135 :
136 52 : return rep.data.info.winbind_separator;
137 : }
138 :
139 2 : static bool torture_winbind_struct_info(struct torture_context *torture)
140 : {
141 : struct winbindd_response rep;
142 : const char *separator;
143 :
144 2 : ZERO_STRUCT(rep);
145 :
146 2 : torture_comment(torture, "Running WINBINDD_INFO (struct based)\n");
147 :
148 2 : DO_STRUCT_REQ_REP(WINBINDD_INFO, NULL, &rep);
149 :
150 2 : separator = torture_setting_string(torture,
151 : "winbindd_separator",
152 : lpcfg_winbind_separator(torture->lp_ctx));
153 :
154 2 : torture_assert_int_equal(torture,
155 : rep.data.info.winbind_separator,
156 : *separator,
157 : "winbind separator doesn't match");
158 :
159 2 : torture_comment(torture, "Samba Version '%s'\n",
160 : rep.data.info.samba_version);
161 :
162 2 : return true;
163 : }
164 :
165 2 : static bool torture_winbind_struct_priv_pipe_dir(struct torture_context *torture)
166 : {
167 : struct winbindd_response rep;
168 : const char *got_dir;
169 :
170 2 : ZERO_STRUCT(rep);
171 :
172 2 : torture_comment(torture, "Running WINBINDD_PRIV_PIPE_DIR (struct based)\n");
173 :
174 2 : DO_STRUCT_REQ_REP(WINBINDD_PRIV_PIPE_DIR, NULL, &rep);
175 :
176 2 : got_dir = (const char *)rep.extra_data.data;
177 :
178 2 : torture_assert(torture, got_dir, "NULL WINBINDD_PRIV_PIPE_DIR\n");
179 :
180 2 : SAFE_FREE(rep.extra_data.data);
181 2 : return true;
182 : }
183 :
184 2 : static bool torture_winbind_struct_netbios_name(struct torture_context *torture)
185 : {
186 : struct winbindd_response rep;
187 : const char *expected;
188 :
189 2 : ZERO_STRUCT(rep);
190 :
191 2 : torture_comment(torture, "Running WINBINDD_NETBIOS_NAME (struct based)\n");
192 :
193 2 : DO_STRUCT_REQ_REP(WINBINDD_NETBIOS_NAME, NULL, &rep);
194 :
195 2 : expected = torture_setting_string(torture,
196 : "winbindd_netbios_name",
197 : lpcfg_netbios_name(torture->lp_ctx));
198 2 : expected = strupper_talloc(torture, expected);
199 :
200 2 : torture_assert_str_equal(torture,
201 : rep.data.netbios_name, expected,
202 : "winbindd's netbios name doesn't match");
203 :
204 2 : return true;
205 : }
206 :
207 4 : static bool get_winbind_domain(struct torture_context *torture, char **domain)
208 : {
209 : struct winbindd_response rep;
210 :
211 4 : ZERO_STRUCT(rep);
212 :
213 4 : DO_STRUCT_REQ_REP(WINBINDD_DOMAIN_NAME, NULL, &rep);
214 :
215 4 : *domain = talloc_strdup(torture, rep.data.domain_name);
216 4 : torture_assert(torture, domain, "talloc error");
217 :
218 4 : return true;
219 : }
220 :
221 2 : static bool torture_winbind_struct_domain_name(struct torture_context *torture)
222 : {
223 : const char *expected;
224 : char *domain;
225 :
226 2 : torture_comment(torture, "Running WINBINDD_DOMAIN_NAME (struct based)\n");
227 :
228 2 : expected = torture_setting_string(torture,
229 : "winbindd_netbios_domain",
230 : lpcfg_workgroup(torture->lp_ctx));
231 :
232 2 : get_winbind_domain(torture, &domain);
233 :
234 2 : torture_assert_str_equal(torture, domain, expected,
235 : "winbindd's netbios domain doesn't match");
236 :
237 2 : return true;
238 : }
239 :
240 2 : static bool torture_winbind_struct_check_machacc(struct torture_context *torture)
241 : {
242 : bool ok;
243 2 : bool strict = torture_setting_bool(torture, "strict mode", false);
244 : struct winbindd_response rep;
245 :
246 2 : ZERO_STRUCT(rep);
247 :
248 2 : torture_comment(torture, "Running WINBINDD_CHECK_MACHACC (struct based)\n");
249 :
250 2 : ok = true;
251 2 : DO_STRUCT_REQ_REP_EXT(WINBINDD_CHECK_MACHACC, NULL, &rep,
252 : NSS_STATUS_SUCCESS, strict, ok = false,
253 : "WINBINDD_CHECK_MACHACC");
254 :
255 2 : if (!ok) {
256 0 : torture_assert(torture,
257 : strlen(rep.data.auth.nt_status_string)>0,
258 : "Failed with empty nt_status_string");
259 :
260 0 : torture_warning(torture,"%s:%s:%s:%d\n",
261 0 : nt_errstr(NT_STATUS(rep.data.auth.nt_status)),
262 : rep.data.auth.nt_status_string,
263 : rep.data.auth.error_string,
264 : rep.data.auth.pam_error);
265 0 : return true;
266 : }
267 :
268 2 : torture_assert_ntstatus_ok(torture,
269 : NT_STATUS(rep.data.auth.nt_status),
270 : "WINBINDD_CHECK_MACHACC ok: nt_status");
271 :
272 2 : torture_assert_str_equal(torture,
273 : rep.data.auth.nt_status_string,
274 : nt_errstr(NT_STATUS_OK),
275 : "WINBINDD_CHECK_MACHACC ok:nt_status_string");
276 :
277 2 : torture_assert_str_equal(torture,
278 : rep.data.auth.error_string,
279 : get_friendly_nt_error_msg(NT_STATUS_OK),
280 : "WINBINDD_CHECK_MACHACC ok: error_string");
281 :
282 2 : torture_assert_int_equal(torture,
283 : rep.data.auth.pam_error,
284 : nt_status_to_pam(NT_STATUS_OK),
285 : "WINBINDD_CHECK_MACHACC ok: pam_error");
286 :
287 2 : return true;
288 : }
289 :
290 : struct torture_trust_domain {
291 : const char *netbios_name;
292 : const char *dns_name;
293 : struct dom_sid *sid;
294 : };
295 :
296 10 : static bool get_trusted_domains(struct torture_context *torture,
297 : struct torture_trust_domain **_d)
298 : {
299 : struct winbindd_request req;
300 : struct winbindd_response rep;
301 10 : struct torture_trust_domain *d = NULL;
302 10 : uint32_t dcount = 0;
303 : char line[256];
304 : const char *extra_data;
305 :
306 10 : ZERO_STRUCT(req);
307 10 : ZERO_STRUCT(rep);
308 :
309 10 : DO_STRUCT_REQ_REP(WINBINDD_LIST_TRUSTDOM, &req, &rep);
310 :
311 10 : extra_data = (char *)rep.extra_data.data;
312 10 : torture_assert(torture, extra_data != NULL,
313 : "Trust list was NULL: the list of trusted domain "
314 : "should be returned, with at least 2 entries "
315 : "(BUILTIN, and the local domain)");
316 :
317 65 : while (next_token(&extra_data, line, "\n", sizeof(line))) {
318 : char *p, *lp;
319 :
320 50 : d = talloc_realloc(torture, d,
321 : struct torture_trust_domain,
322 : dcount + 2);
323 50 : ZERO_STRUCT(d[dcount+1]);
324 :
325 50 : lp = line;
326 50 : p = strchr(lp, '\\');
327 50 : torture_assert(torture, p, "missing 1st '\\' in line");
328 50 : *p = 0;
329 50 : d[dcount].netbios_name = talloc_strdup(d, lp);
330 50 : torture_assert(torture, strlen(d[dcount].netbios_name) > 0,
331 : "empty netbios_name");
332 :
333 50 : lp = p+1;
334 50 : p = strchr(lp, '\\');
335 50 : torture_assert(torture, p, "missing 2nd '\\' in line");
336 50 : *p = 0;
337 50 : d[dcount].dns_name = talloc_strdup(d, lp);
338 : /* it's ok to have an empty dns_name */
339 :
340 50 : lp = p+1;
341 50 : d[dcount].sid = dom_sid_parse_talloc(d, lp);
342 50 : torture_assert(torture, d[dcount].sid,
343 : "failed to parse sid");
344 :
345 50 : dcount++;
346 : }
347 10 : SAFE_FREE(rep.extra_data.data);
348 :
349 10 : torture_assert(torture, dcount >= 2,
350 : "The list of trusted domain should contain 2 entries "
351 : "(BUILTIN, and the local domain)");
352 :
353 10 : *_d = d;
354 10 : return true;
355 : }
356 :
357 2 : static bool torture_winbind_struct_list_trustdom(struct torture_context *torture)
358 : {
359 : struct winbindd_request req;
360 : struct winbindd_response rep;
361 : char *list1;
362 : char *list2;
363 : bool ok;
364 2 : struct torture_trust_domain *listd = NULL;
365 : uint32_t i;
366 :
367 2 : torture_comment(torture, "Running WINBINDD_LIST_TRUSTDOM (struct based)\n");
368 :
369 2 : ZERO_STRUCT(req);
370 2 : ZERO_STRUCT(rep);
371 :
372 2 : req.data.list_all_domains = false;
373 :
374 2 : DO_STRUCT_REQ_REP(WINBINDD_LIST_TRUSTDOM, &req, &rep);
375 :
376 2 : list1 = (char *)rep.extra_data.data;
377 :
378 2 : torture_comment(torture, "%s\n", list1);
379 :
380 2 : ZERO_STRUCT(req);
381 2 : ZERO_STRUCT(rep);
382 :
383 2 : req.data.list_all_domains = true;
384 :
385 2 : DO_STRUCT_REQ_REP(WINBINDD_LIST_TRUSTDOM, &req, &rep);
386 :
387 2 : list2 = (char *)rep.extra_data.data;
388 :
389 : /*
390 : * The list_all_domains parameter should be ignored
391 : */
392 2 : torture_assert_str_equal(torture, list2, list1, "list_all_domains not ignored");
393 :
394 2 : SAFE_FREE(list1);
395 2 : SAFE_FREE(list2);
396 :
397 2 : ok = get_trusted_domains(torture, &listd);
398 2 : torture_assert(torture, ok, "failed to get trust list");
399 :
400 12 : for (i=0; listd && listd[i].netbios_name; i++) {
401 10 : if (i == 0) {
402 : struct dom_sid *builtin_sid;
403 :
404 2 : builtin_sid = dom_sid_parse_talloc(torture, SID_BUILTIN);
405 :
406 2 : torture_assert_str_equal(torture,
407 : listd[i].netbios_name,
408 : NAME_BUILTIN,
409 : "first domain should be 'BUILTIN'");
410 :
411 2 : torture_assert_str_equal(torture,
412 : listd[i].dns_name,
413 : "",
414 : "BUILTIN domain should not have a dns name");
415 :
416 2 : ok = dom_sid_equal(builtin_sid,
417 2 : listd[i].sid);
418 2 : torture_assert(torture, ok, "BUILTIN domain should have S-1-5-32");
419 :
420 2 : continue;
421 : }
422 :
423 : /*
424 : * TODO: verify the content of the 2nd and 3rd (in member server mode)
425 : * domain entries
426 : */
427 : }
428 :
429 2 : return true;
430 : }
431 :
432 2 : static bool torture_winbind_struct_domain_info(struct torture_context *torture)
433 : {
434 : bool ok;
435 2 : struct torture_trust_domain *listd = NULL;
436 : uint32_t i;
437 :
438 2 : torture_comment(torture, "Running WINBINDD_DOMAIN_INFO (struct based)\n");
439 :
440 2 : ok = get_trusted_domains(torture, &listd);
441 2 : torture_assert(torture, ok, "failed to get trust list");
442 :
443 12 : for (i=0; listd && listd[i].netbios_name; i++) {
444 25 : torture_comment(torture, "LIST[%u] '%s' => '%s' [%s]\n",
445 : (unsigned)i,
446 10 : listd[i].netbios_name,
447 10 : listd[i].dns_name,
448 10 : dom_sid_string(torture, listd[i].sid));
449 : }
450 :
451 9 : for (i=0; listd && listd[i].netbios_name; i++) {
452 : struct winbindd_request req;
453 : struct winbindd_response rep;
454 : struct dom_sid *sid;
455 6 : char *flagstr = talloc_strdup(torture," ");
456 :
457 6 : ZERO_STRUCT(req);
458 6 : ZERO_STRUCT(rep);
459 :
460 6 : fstrcpy(req.domain_name, listd[i].netbios_name);
461 :
462 8 : DO_STRUCT_REQ_REP(WINBINDD_DOMAIN_INFO, &req, &rep);
463 :
464 6 : if (rep.data.domain_info.primary) {
465 2 : flagstr = talloc_strdup_append(flagstr, "PR ");
466 : }
467 :
468 6 : if (rep.data.domain_info.active_directory) {
469 2 : torture_assert(torture,
470 : strlen(rep.data.domain_info.alt_name)>0,
471 : "Active Directory without DNS name");
472 2 : flagstr = talloc_strdup_append(flagstr, "AD ");
473 : }
474 :
475 6 : if (rep.data.domain_info.native_mode) {
476 2 : torture_assert(torture,
477 : rep.data.domain_info.active_directory,
478 : "Native-Mode, but no Active Directory");
479 2 : flagstr = talloc_strdup_append(flagstr, "NA ");
480 : }
481 :
482 6 : torture_comment(torture, "DOMAIN[%u] '%s' => '%s' [%s] [%s]\n",
483 : (unsigned)i,
484 : rep.data.domain_info.name,
485 : rep.data.domain_info.alt_name,
486 : flagstr,
487 : rep.data.domain_info.sid);
488 :
489 6 : sid = dom_sid_parse_talloc(torture, rep.data.domain_info.sid);
490 6 : torture_assert(torture, sid, "Failed to parse SID");
491 :
492 6 : ok = dom_sid_equal(listd[i].sid, sid);
493 6 : torture_assert(torture, ok, talloc_asprintf(torture, "SID's doesn't match [%s] != [%s]",
494 : dom_sid_string(torture, listd[i].sid),
495 : dom_sid_string(torture, sid)));
496 :
497 6 : torture_assert_str_equal(torture,
498 : rep.data.domain_info.name,
499 : listd[i].netbios_name,
500 : "Netbios domain name doesn't match");
501 :
502 6 : torture_assert_str_equal(torture,
503 : rep.data.domain_info.alt_name,
504 : listd[i].dns_name,
505 : "DNS domain name doesn't match");
506 : }
507 :
508 0 : return true;
509 : }
510 :
511 2 : static bool torture_winbind_struct_getdcname(struct torture_context *torture)
512 : {
513 : bool ok;
514 2 : bool strict = torture_setting_bool(torture, "strict mode", false);
515 2 : const char *domain_name = torture_setting_string(torture,
516 : "winbindd_netbios_domain",
517 : lpcfg_workgroup(torture->lp_ctx));
518 2 : struct torture_trust_domain *listd = NULL;
519 2 : uint32_t i, count = 0;
520 :
521 2 : torture_comment(torture, "Running WINBINDD_GETDCNAME (struct based)\n");
522 :
523 2 : ok = get_trusted_domains(torture, &listd);
524 2 : torture_assert(torture, ok, "failed to get trust list");
525 :
526 4 : for (i=0; listd && listd[i].netbios_name; i++) {
527 : struct winbindd_request req;
528 : struct winbindd_response rep;
529 :
530 : /* getdcname is not expected to work on "BUILTIN" or our own
531 : * domain */
532 6 : if (strequal(listd[i].netbios_name, "BUILTIN") ||
533 2 : strequal(listd[i].netbios_name, domain_name)) {
534 3 : continue;
535 : }
536 :
537 2 : ZERO_STRUCT(req);
538 2 : ZERO_STRUCT(rep);
539 :
540 2 : fstrcpy(req.domain_name, listd[i].netbios_name);
541 :
542 2 : ok = true;
543 3 : DO_STRUCT_REQ_REP_EXT(WINBINDD_GETDCNAME, &req, &rep,
544 : NSS_STATUS_SUCCESS,
545 : (i <2 || strict), ok = false,
546 : talloc_asprintf(torture, "DOMAIN '%s'",
547 : req.domain_name));
548 0 : if (!ok) continue;
549 :
550 : /* TODO: check rep.data.dc_name; */
551 0 : torture_comment(torture, "DOMAIN '%s' => DCNAME '%s'\n",
552 : req.domain_name, rep.data.dc_name);
553 0 : count++;
554 : }
555 :
556 0 : if (strict) {
557 0 : torture_assert(torture, count > 0,
558 : "WiNBINDD_GETDCNAME was not tested");
559 : }
560 0 : return true;
561 : }
562 :
563 2 : static bool torture_winbind_struct_dsgetdcname(struct torture_context *torture)
564 : {
565 : bool ok;
566 2 : bool strict = torture_setting_bool(torture, "strict mode", false);
567 2 : struct torture_trust_domain *listd = NULL;
568 : uint32_t i;
569 2 : uint32_t count = 0;
570 :
571 2 : torture_comment(torture, "Running WINBINDD_DSGETDCNAME (struct based)\n");
572 :
573 2 : ok = get_trusted_domains(torture, &listd);
574 2 : torture_assert(torture, ok, "failed to get trust list");
575 :
576 12 : for (i=0; listd && listd[i].netbios_name; i++) {
577 : struct winbindd_request req;
578 : struct winbindd_response rep;
579 :
580 10 : ZERO_STRUCT(req);
581 10 : ZERO_STRUCT(rep);
582 :
583 18 : if (strlen(listd[i].dns_name) == 0) continue;
584 :
585 : /*
586 : * TODO: remove this and let winbindd give no dns name
587 : * for NT4 domains
588 : */
589 6 : if (strcmp(listd[i].dns_name, listd[i].netbios_name) == 0) {
590 0 : continue;
591 : }
592 :
593 6 : fstrcpy(req.domain_name, listd[i].dns_name);
594 :
595 : /* TODO: test more flag combinations */
596 6 : req.flags = DS_DIRECTORY_SERVICE_REQUIRED;
597 :
598 6 : ok = true;
599 6 : DO_STRUCT_REQ_REP_EXT(WINBINDD_DSGETDCNAME, &req, &rep,
600 : NSS_STATUS_SUCCESS,
601 : strict, ok = false,
602 : talloc_asprintf(torture, "DOMAIN '%s'",
603 : req.domain_name));
604 6 : if (!ok) continue;
605 :
606 : /* TODO: check rep.data.dc_name; */
607 0 : torture_comment(torture, "DOMAIN '%s' => DCNAME '%s'\n",
608 : req.domain_name, rep.data.dc_name);
609 :
610 0 : count++;
611 : }
612 :
613 2 : if (count == 0) {
614 2 : torture_warning(torture, "WINBINDD_DSGETDCNAME"
615 : " was not tested with %d non-AD domains",
616 : i);
617 : }
618 :
619 2 : if (strict) {
620 0 : torture_assert(torture, count > 0,
621 : "WiNBINDD_DSGETDCNAME was not tested");
622 : }
623 :
624 2 : return true;
625 : }
626 :
627 4 : static bool get_user_list(struct torture_context *torture, char ***users)
628 : {
629 : struct winbindd_request req;
630 : struct winbindd_response rep;
631 4 : char **u = NULL;
632 : uint32_t count;
633 : char name[256];
634 : const char *extra_data;
635 :
636 4 : ZERO_STRUCT(req);
637 4 : ZERO_STRUCT(rep);
638 :
639 4 : DO_STRUCT_REQ_REP(WINBINDD_LIST_USERS, &req, &rep);
640 :
641 4 : extra_data = (char *)rep.extra_data.data;
642 4 : torture_assert(torture, extra_data, "NULL extra data");
643 :
644 54 : for(count = 0;
645 100 : next_token(&extra_data, name, ",", sizeof(name));
646 96 : count++)
647 : {
648 96 : u = talloc_realloc(torture, u, char *, count + 2);
649 96 : u[count+1] = NULL;
650 96 : u[count] = talloc_strdup(u, name);
651 : }
652 :
653 4 : SAFE_FREE(rep.extra_data.data);
654 :
655 4 : *users = u;
656 4 : return true;
657 : }
658 :
659 2 : static bool torture_winbind_struct_list_users(struct torture_context *torture)
660 : {
661 : char **users;
662 : uint32_t count;
663 : bool ok;
664 :
665 2 : torture_comment(torture, "Running WINBINDD_LIST_USERS (struct based)\n");
666 :
667 2 : ok = get_user_list(torture, &users);
668 2 : torture_assert(torture, ok, "failed to get user list");
669 :
670 26 : for (count = 0; users[count]; count++) { }
671 :
672 2 : torture_comment(torture, "got %d users\n", count);
673 :
674 2 : return true;
675 : }
676 :
677 4 : static bool get_group_list(struct torture_context *torture,
678 : unsigned int *num_entries,
679 : char ***groups)
680 : {
681 : struct winbindd_request req;
682 : struct winbindd_response rep;
683 4 : char **g = NULL;
684 : uint32_t count;
685 : char name[256];
686 : const char *extra_data;
687 :
688 4 : ZERO_STRUCT(req);
689 4 : ZERO_STRUCT(rep);
690 :
691 4 : DO_STRUCT_REQ_REP(WINBINDD_LIST_GROUPS, &req, &rep);
692 4 : extra_data = (char *)rep.extra_data.data;
693 :
694 4 : *num_entries = rep.data.num_entries;
695 :
696 4 : if (*num_entries == 0) {
697 0 : torture_assert(torture, extra_data == NULL,
698 : "extra data is null for >0 reported entries\n");
699 0 : *groups = NULL;
700 0 : return true;
701 : }
702 :
703 4 : torture_assert(torture, extra_data, "NULL extra data");
704 :
705 46 : for(count = 0;
706 84 : next_token(&extra_data, name, ",", sizeof(name));
707 80 : count++)
708 : {
709 80 : g = talloc_realloc(torture, g, char *, count + 2);
710 80 : g[count+1] = NULL;
711 80 : g[count] = talloc_strdup(g, name);
712 : }
713 :
714 4 : SAFE_FREE(rep.extra_data.data);
715 :
716 4 : torture_assert_int_equal(torture, *num_entries, count,
717 : "Wrong number of group entries reported.");
718 :
719 4 : *groups = g;
720 4 : return true;
721 : }
722 :
723 2 : static bool torture_winbind_struct_list_groups(struct torture_context *torture)
724 : {
725 : char **groups;
726 : uint32_t count;
727 : bool ok;
728 :
729 2 : torture_comment(torture, "Running WINBINDD_LIST_GROUPS (struct based)\n");
730 :
731 2 : ok = get_group_list(torture, &count, &groups);
732 2 : torture_assert(torture, ok, "failed to get group list");
733 :
734 2 : torture_comment(torture, "got %d groups\n", count);
735 :
736 2 : return true;
737 : }
738 :
739 : struct torture_domain_sequence {
740 : const char *netbios_name;
741 : uint32_t seq;
742 : };
743 :
744 2 : static bool get_sequence_numbers(struct torture_context *torture,
745 : struct torture_domain_sequence **seqs)
746 : {
747 : struct winbindd_request req;
748 : struct winbindd_response rep;
749 : const char *extra_data;
750 : char line[256];
751 2 : uint32_t count = 0;
752 2 : struct torture_domain_sequence *s = NULL;
753 :
754 2 : ZERO_STRUCT(req);
755 2 : ZERO_STRUCT(rep);
756 :
757 2 : DO_STRUCT_REQ_REP(WINBINDD_SHOW_SEQUENCE, &req, &rep);
758 :
759 2 : extra_data = (char *)rep.extra_data.data;
760 2 : torture_assert(torture, extra_data, "NULL sequence list");
761 :
762 13 : while (next_token(&extra_data, line, "\n", sizeof(line))) {
763 : char *p, *lp;
764 : uint32_t seq;
765 :
766 10 : s = talloc_realloc(torture, s, struct torture_domain_sequence,
767 : count + 2);
768 10 : ZERO_STRUCT(s[count+1]);
769 :
770 10 : lp = line;
771 10 : p = strchr(lp, ' ');
772 10 : torture_assert(torture, p, "invalid line format");
773 10 : *p = 0;
774 10 : s[count].netbios_name = talloc_strdup(s, lp);
775 :
776 10 : lp = p+1;
777 10 : torture_assert(torture, strncmp(lp, ": ", 2) == 0,
778 : "invalid line format");
779 10 : lp += 2;
780 10 : if (strcmp(lp, "DISCONNECTED") == 0) {
781 0 : seq = (uint32_t)-1;
782 : } else {
783 10 : seq = (uint32_t)strtol(lp, &p, 10);
784 10 : torture_assert(torture, (*p == '\0'),
785 : "invalid line format");
786 10 : torture_assert(torture, (seq != (uint32_t)-1),
787 : "sequence number -1 encountered");
788 : }
789 10 : s[count].seq = seq;
790 :
791 10 : count++;
792 : }
793 2 : SAFE_FREE(rep.extra_data.data);
794 :
795 2 : torture_assert(torture, count >= 2, "The list of domain sequence "
796 : "numbers should contain 2 entries");
797 :
798 2 : *seqs = s;
799 2 : return true;
800 : }
801 :
802 2 : static bool torture_winbind_struct_show_sequence(struct torture_context *torture)
803 : {
804 : bool ok;
805 : uint32_t i;
806 2 : struct torture_trust_domain *domlist = NULL;
807 2 : struct torture_domain_sequence *s = NULL;
808 :
809 2 : torture_comment(torture, "Running WINBINDD_SHOW_SEQUENCE (struct based)\n");
810 :
811 2 : ok = get_sequence_numbers(torture, &s);
812 2 : torture_assert(torture, ok, "failed to get list of sequence numbers");
813 :
814 2 : ok = get_trusted_domains(torture, &domlist);
815 2 : torture_assert(torture, ok, "failed to get trust list");
816 :
817 18 : for (i=0; domlist[i].netbios_name; i++) {
818 : struct winbindd_request req;
819 : struct winbindd_response rep;
820 : uint32_t seq;
821 :
822 10 : torture_assert(torture, s[i].netbios_name,
823 : "more domains received in second run");
824 10 : torture_assert_str_equal(torture, domlist[i].netbios_name,
825 : s[i].netbios_name,
826 : "inconsistent order of domain lists");
827 :
828 10 : ZERO_STRUCT(req);
829 10 : ZERO_STRUCT(rep);
830 10 : fstrcpy(req.domain_name, domlist[i].netbios_name);
831 :
832 10 : ok = true;
833 10 : DO_STRUCT_REQ_REP_EXT(WINBINDD_SHOW_SEQUENCE, &req, &rep,
834 : NSS_STATUS_SUCCESS,
835 : false, ok = false,
836 : "WINBINDD_SHOW_SEQUENCE");
837 10 : if (ok == false) {
838 0 : torture_warning(torture,
839 : "WINBINDD_SHOW_SEQUENCE on "
840 : "domain %s failed\n",
841 : req.domain_name);
842 :
843 : /*
844 : * Only fail for the first two domain that we
845 : * check specially below, otherwise we fail on
846 : * trusts generated by the LSA torture test
847 : * that do not really exist.
848 : */
849 0 : if (i > 1) {
850 : /*
851 : * Do not confirm the sequence numbers
852 : * below
853 : */
854 0 : return true;
855 : }
856 :
857 0 : torture_comment(torture,
858 : "Full trust list for "
859 : "WINBINDD_SHOW_SEQUENCE "
860 : "test was:\n");
861 0 : for (i=0; domlist[i].netbios_name; i++) {
862 0 : torture_comment(torture,
863 : "%s\n",
864 0 : domlist[i].netbios_name);
865 : }
866 :
867 0 : return false;
868 : }
869 :
870 10 : seq = rep.data.sequence_number;
871 :
872 10 : if (i == 0) {
873 2 : torture_assert(torture, (seq != (uint32_t)-1),
874 : "BUILTIN domain disconnected");
875 8 : } else if (i == 1) {
876 2 : torture_assert(torture, (seq != (uint32_t)-1),
877 : "local domain disconnected");
878 : }
879 :
880 :
881 10 : if (seq == (uint32_t)-1) {
882 0 : torture_comment(torture, " * %s : DISCONNECTED\n",
883 : req.domain_name);
884 : } else {
885 10 : torture_comment(torture, " * %s : %d\n",
886 : req.domain_name, seq);
887 : }
888 10 : torture_assert(torture, (seq >= s[i].seq),
889 : "illegal sequence number encountered");
890 : }
891 :
892 2 : return true;
893 : }
894 :
895 2 : static bool torture_winbind_struct_setpwent(struct torture_context *torture)
896 : {
897 : struct winbindd_request req;
898 : struct winbindd_response rep;
899 :
900 2 : torture_comment(torture, "Running WINBINDD_SETPWENT (struct based)\n");
901 :
902 2 : ZERO_STRUCT(req);
903 2 : ZERO_STRUCT(rep);
904 :
905 2 : DO_STRUCT_REQ_REP(WINBINDD_SETPWENT, &req, &rep);
906 :
907 2 : return true;
908 : }
909 :
910 2 : static bool torture_winbind_struct_getpwent(struct torture_context *torture)
911 : {
912 : struct winbindd_request req;
913 : struct winbindd_response rep;
914 : struct winbindd_pw *pwent;
915 :
916 2 : torture_comment(torture, "Running WINBINDD_GETPWENT (struct based)\n");
917 :
918 2 : torture_comment(torture, " - Running WINBINDD_SETPWENT first\n");
919 2 : ZERO_STRUCT(req);
920 2 : ZERO_STRUCT(rep);
921 2 : DO_STRUCT_REQ_REP(WINBINDD_SETPWENT, &req, &rep);
922 :
923 2 : torture_comment(torture, " - Running WINBINDD_GETPWENT now\n");
924 2 : ZERO_STRUCT(req);
925 2 : ZERO_STRUCT(rep);
926 2 : req.data.num_entries = 1;
927 2 : if (torture_setting_bool(torture, "samba3", false)) {
928 0 : DO_STRUCT_REQ_REP_EXT(WINBINDD_GETPWENT, &req, &rep,
929 : NSS_STATUS_SUCCESS, false, _STRUCT_NOOP,
930 : NULL);
931 : } else {
932 2 : DO_STRUCT_REQ_REP(WINBINDD_GETPWENT, &req, &rep);
933 : }
934 2 : pwent = (struct winbindd_pw *)rep.extra_data.data;
935 2 : if (!torture_setting_bool(torture, "samba3", false)) {
936 2 : torture_assert(torture, (pwent != NULL), "NULL pwent");
937 : }
938 2 : if (pwent) {
939 3 : torture_comment(torture, "name: %s, uid: %d, gid: %d, shell: %s\n",
940 2 : pwent->pw_name, pwent->pw_uid, pwent->pw_gid,
941 2 : pwent->pw_shell);
942 : }
943 :
944 2 : return true;
945 : }
946 :
947 2 : static bool torture_winbind_struct_endpwent(struct torture_context *torture)
948 : {
949 : struct winbindd_request req;
950 : struct winbindd_response rep;
951 :
952 2 : torture_comment(torture, "Running WINBINDD_ENDPWENT (struct based)\n");
953 :
954 2 : ZERO_STRUCT(req);
955 2 : ZERO_STRUCT(rep);
956 :
957 2 : DO_STRUCT_REQ_REP(WINBINDD_ENDPWENT, &req, &rep);
958 :
959 2 : return true;
960 : }
961 :
962 : /* Copy of parse_domain_user from winbindd_util.c. Parse a string of the
963 : form DOMAIN/user into a domain and a user */
964 :
965 28 : static bool parse_domain_user(struct torture_context *torture,
966 : const char *domuser, fstring domain,
967 : fstring user)
968 : {
969 28 : char *p = strchr(domuser, winbind_separator(torture));
970 28 : char *dom = NULL;
971 :
972 28 : if (!p) {
973 : /* Maybe it was a UPN? */
974 0 : if ((p = strchr(domuser, '@')) != NULL) {
975 0 : fstrcpy(domain, "");
976 0 : fstrcpy(user, domuser);
977 0 : return true;
978 : }
979 :
980 0 : fstrcpy(user, domuser);
981 0 : get_winbind_domain(torture, &dom);
982 0 : fstrcpy(domain, dom);
983 0 : return true;
984 : }
985 :
986 28 : fstrcpy(user, p+1);
987 28 : fstrcpy(domain, domuser);
988 28 : domain[PTR_DIFF(p, domuser)] = 0;
989 :
990 28 : return true;
991 : }
992 :
993 4 : static bool lookup_name_sid_list(struct torture_context *torture, char **list)
994 : {
995 : uint32_t count;
996 :
997 42 : for (count = 0; list[count]; count++) {
998 : struct winbindd_request req;
999 : struct winbindd_response rep;
1000 : char *sid;
1001 : char *name;
1002 28 : const char *domain_name = torture_setting_string(torture,
1003 : "winbindd_domain_without_prefix",
1004 : NULL);
1005 :
1006 28 : ZERO_STRUCT(req);
1007 28 : ZERO_STRUCT(rep);
1008 :
1009 28 : parse_domain_user(torture, list[count], req.data.name.dom_name,
1010 : req.data.name.name);
1011 :
1012 32 : DO_STRUCT_REQ_REP(WINBINDD_LOOKUPNAME, &req, &rep);
1013 :
1014 28 : sid = talloc_strdup(torture, rep.data.sid.sid);
1015 :
1016 28 : ZERO_STRUCT(req);
1017 28 : ZERO_STRUCT(rep);
1018 :
1019 28 : fstrcpy(req.data.sid, sid);
1020 :
1021 28 : DO_STRUCT_REQ_REP(WINBINDD_LOOKUPSID, &req, &rep);
1022 :
1023 56 : if (domain_name != NULL &&
1024 28 : strequal(rep.data.name.dom_name, domain_name))
1025 : {
1026 4 : name = talloc_asprintf(torture, "%s",
1027 : rep.data.name.name);
1028 : } else {
1029 24 : name = talloc_asprintf(torture, "%s%c%s",
1030 : rep.data.name.dom_name,
1031 24 : winbind_separator(torture),
1032 : rep.data.name.name);
1033 : }
1034 :
1035 28 : torture_assert_casestr_equal(torture, list[count], name,
1036 : "LOOKUP_SID after LOOKUP_NAME != id");
1037 :
1038 : #if 0
1039 : torture_comment(torture, " %s -> %s -> %s\n", list[count],
1040 : sid, name);
1041 : #endif
1042 :
1043 24 : talloc_free(sid);
1044 24 : talloc_free(name);
1045 : }
1046 :
1047 0 : return true;
1048 : }
1049 :
1050 4 : static bool name_is_in_list(const char *name, char **list)
1051 : {
1052 : uint32_t count;
1053 :
1054 92 : for (count = 0; list && list[count]; count++) {
1055 88 : if (strequal(name, list[count])) {
1056 0 : return true;
1057 : }
1058 : }
1059 4 : return false;
1060 : }
1061 :
1062 2 : static bool torture_winbind_struct_lookup_name_sid(struct torture_context *torture)
1063 : {
1064 : struct winbindd_request req;
1065 : struct winbindd_response rep;
1066 2 : const char *invalid_sid = "S-0-0-7";
1067 2 : char *domain = NULL;
1068 2 : const char *invalid_user = "noone";
1069 : char *invalid_name;
1070 2 : bool strict = torture_setting_bool(torture, "strict mode", false);
1071 : char **users;
1072 : char **groups;
1073 : uint32_t count, num_groups;
1074 : bool ok;
1075 :
1076 2 : torture_comment(torture, "Running WINBINDD_LOOKUP_NAME_SID (struct based)\n");
1077 :
1078 2 : ok = get_user_list(torture, &users);
1079 2 : torture_assert(torture, ok, "failed to retrieve list of users");
1080 2 : lookup_name_sid_list(torture, users);
1081 :
1082 2 : ok = get_group_list(torture, &num_groups, &groups);
1083 2 : torture_assert(torture, ok, "failed to retrieve list of groups");
1084 2 : if (num_groups > 0) {
1085 2 : lookup_name_sid_list(torture, groups);
1086 : }
1087 :
1088 2 : ZERO_STRUCT(req);
1089 2 : ZERO_STRUCT(rep);
1090 :
1091 2 : fstrcpy(req.data.sid, invalid_sid);
1092 :
1093 2 : ok = true;
1094 2 : DO_STRUCT_REQ_REP_EXT(WINBINDD_LOOKUPSID, &req, &rep,
1095 : NSS_STATUS_NOTFOUND,
1096 : strict,
1097 : ok=false,
1098 : talloc_asprintf(torture,
1099 : "invalid sid %s was resolved",
1100 : invalid_sid));
1101 :
1102 2 : ZERO_STRUCT(req);
1103 2 : ZERO_STRUCT(rep);
1104 :
1105 : /* try to find an invalid name... */
1106 :
1107 2 : count = 0;
1108 2 : get_winbind_domain(torture, &domain);
1109 : do {
1110 2 : count++;
1111 2 : invalid_name = talloc_asprintf(torture, "%s/%s%u",
1112 : domain,
1113 : invalid_user, count);
1114 4 : } while(name_is_in_list(invalid_name, users) ||
1115 2 : name_is_in_list(invalid_name, groups));
1116 :
1117 2 : fstrcpy(req.data.name.dom_name, domain);
1118 2 : fstrcpy(req.data.name.name,
1119 : talloc_asprintf(torture, "%s%u", invalid_user,
1120 : count));
1121 :
1122 2 : ok = true;
1123 2 : DO_STRUCT_REQ_REP_EXT(WINBINDD_LOOKUPNAME, &req, &rep,
1124 : NSS_STATUS_NOTFOUND,
1125 : strict,
1126 : ok=false,
1127 : talloc_asprintf(torture,
1128 : "invalid name %s was resolved",
1129 : invalid_name));
1130 :
1131 2 : talloc_free(users);
1132 2 : talloc_free(groups);
1133 :
1134 2 : return true;
1135 : }
1136 :
1137 2 : static bool torture_winbind_struct_lookup_sids_invalid(
1138 : struct torture_context *torture)
1139 : {
1140 2 : struct winbindd_request req = {0};
1141 2 : struct winbindd_response rep = {0};
1142 2 : bool strict = torture_setting_bool(torture, "strict mode", false);
1143 : bool ok;
1144 :
1145 2 : torture_comment(torture,
1146 : "Running WINBINDD_LOOKUP_SIDS (struct based)\n");
1147 :
1148 2 : ok = true;
1149 2 : DO_STRUCT_REQ_REP_EXT(WINBINDD_LOOKUPSIDS, &req, &rep,
1150 : NSS_STATUS_NOTFOUND,
1151 : strict,
1152 : ok=false,
1153 : talloc_asprintf(
1154 : torture,
1155 : "invalid lookupsids succeeded"));
1156 :
1157 2 : return ok;
1158 : }
1159 :
1160 964 : struct torture_suite *torture_winbind_struct_init(TALLOC_CTX *ctx)
1161 : {
1162 964 : struct torture_suite *suite = torture_suite_create(ctx, "struct");
1163 :
1164 964 : torture_suite_add_simple_test(suite, "interface_version", torture_winbind_struct_interface_version);
1165 964 : torture_suite_add_simple_test(suite, "ping", torture_winbind_struct_ping);
1166 964 : torture_suite_add_simple_test(suite, "info", torture_winbind_struct_info);
1167 964 : torture_suite_add_simple_test(suite, "priv_pipe_dir", torture_winbind_struct_priv_pipe_dir);
1168 964 : torture_suite_add_simple_test(suite, "netbios_name", torture_winbind_struct_netbios_name);
1169 964 : torture_suite_add_simple_test(suite, "domain_name", torture_winbind_struct_domain_name);
1170 964 : torture_suite_add_simple_test(suite, "check_machacc", torture_winbind_struct_check_machacc);
1171 964 : torture_suite_add_simple_test(suite, "list_trustdom", torture_winbind_struct_list_trustdom);
1172 964 : torture_suite_add_simple_test(suite, "domain_info", torture_winbind_struct_domain_info);
1173 964 : torture_suite_add_simple_test(suite, "getdcname", torture_winbind_struct_getdcname);
1174 964 : torture_suite_add_simple_test(suite, "dsgetdcname", torture_winbind_struct_dsgetdcname);
1175 964 : torture_suite_add_simple_test(suite, "list_users", torture_winbind_struct_list_users);
1176 964 : torture_suite_add_simple_test(suite, "list_groups", torture_winbind_struct_list_groups);
1177 964 : torture_suite_add_simple_test(suite, "show_sequence", torture_winbind_struct_show_sequence);
1178 964 : torture_suite_add_simple_test(suite, "setpwent", torture_winbind_struct_setpwent);
1179 964 : torture_suite_add_simple_test(suite, "getpwent", torture_winbind_struct_getpwent);
1180 964 : torture_suite_add_simple_test(suite, "endpwent", torture_winbind_struct_endpwent);
1181 964 : torture_suite_add_simple_test(suite, "lookup_name_sid", torture_winbind_struct_lookup_name_sid);
1182 964 : torture_suite_add_simple_test(
1183 : suite,
1184 : "lookup_sids_invalid",
1185 : torture_winbind_struct_lookup_sids_invalid);
1186 :
1187 964 : suite->description = talloc_strdup(suite, "WINBIND - struct based protocol tests");
1188 :
1189 964 : return suite;
1190 : }
|
