LCOV - code coverage report
Current view: top level - source4/torture/rpc - samba3rpc.c (source / functions) Hit Total Coverage
Test: coverage report for abartlet/fix-coverage dd10fb34 Lines: 1464 2131 68.7 %
Date: 2021-09-23 10:06:22 Functions: 48 64 75.0 %

          Line data    Source code
       1             : /*
       2             :    Unix SMB/CIFS implementation.
       3             : 
       4             :    dcerpc torture tests, designed to walk Samba3 code paths
       5             : 
       6             :    Copyright (C) Volker Lendecke 2006
       7             : 
       8             :    This program is free software; you can redistribute it and/or modify
       9             :    it under the terms of the GNU General Public License as published by
      10             :    the Free Software Foundation; either version 3 of the License, or
      11             :    (at your option) any later version.
      12             : 
      13             :    This program is distributed in the hope that it will be useful,
      14             :    but WITHOUT ANY WARRANTY; without even the implied warranty of
      15             :    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      16             :    GNU General Public License for more details.
      17             : 
      18             :    You should have received a copy of the GNU General Public License
      19             :    along with this program.  If not, see <http://www.gnu.org/licenses/>.
      20             : */
      21             : 
      22             : #include "includes.h"
      23             : #include "libcli/raw/libcliraw.h"
      24             : #include "libcli/raw/raw_proto.h"
      25             : #include "torture/util.h"
      26             : #include "libcli/rap/rap.h"
      27             : #include "librpc/gen_ndr/ndr_lsa_c.h"
      28             : #include "librpc/gen_ndr/ndr_samr_c.h"
      29             : #include "librpc/gen_ndr/ndr_netlogon_c.h"
      30             : #include "librpc/gen_ndr/ndr_srvsvc_c.h"
      31             : #include "librpc/gen_ndr/ndr_spoolss_c.h"
      32             : #include "librpc/gen_ndr/ndr_winreg_c.h"
      33             : #include "librpc/gen_ndr/ndr_wkssvc_c.h"
      34             : #include "librpc/gen_ndr/ndr_svcctl_c.h"
      35             : #include "lib/cmdline/cmdline.h"
      36             : #include "torture/rpc/torture_rpc.h"
      37             : #include "libcli/libcli.h"
      38             : #include "libcli/smb_composite/smb_composite.h"
      39             : #include "libcli/auth/libcli_auth.h"
      40             : #include "libcli/security/security.h"
      41             : #include "param/param.h"
      42             : #include "lib/registry/registry.h"
      43             : #include "libcli/resolve/resolve.h"
      44             : #include "torture/ndr/ndr.h"
      45             : #include "libcli/smb2/smb2.h"
      46             : #include "libcli/smb2/smb2_calls.h"
      47             : #include "librpc/rpc/dcerpc.h"
      48             : #include "librpc/rpc/dcerpc_proto.h"
      49             : #include "libcli/smb/smbXcli_base.h"
      50             : #include "source3/rpc_client/init_samr.h"
      51             : 
      52             : /*
      53             :  * open pipe and bind, given an IPC$ context
      54             :  */
      55             : 
      56         123 : static NTSTATUS pipe_bind_smb(struct torture_context *tctx,
      57             :                               TALLOC_CTX *mem_ctx,
      58             :                               struct smbcli_tree *tree,
      59             :                               const char *pipe_name,
      60             :                               const struct ndr_interface_table *iface,
      61             :                               struct dcerpc_pipe **p)
      62             : {
      63             :         struct dcerpc_pipe *result;
      64             :         NTSTATUS status;
      65             : 
      66         123 :         if (!(result = dcerpc_pipe_init(mem_ctx, tctx->ev))) {
      67           0 :                 return NT_STATUS_NO_MEMORY;
      68             :         }
      69             : 
      70         123 :         status = dcerpc_pipe_open_smb(result, tree, pipe_name);
      71         123 :         if (!NT_STATUS_IS_OK(status)) {
      72           0 :                 torture_comment(tctx, "dcerpc_pipe_open_smb failed: %s\n",
      73             :                          nt_errstr(status));
      74           0 :                 talloc_free(result);
      75           0 :                 return status;
      76             :         }
      77             : 
      78         123 :         status = dcerpc_bind_auth_none(result, iface);
      79         123 :         if (!NT_STATUS_IS_OK(status)) {
      80           0 :                 torture_comment(tctx, "dcerpc_bind_auth_none failed: %s\n", nt_errstr(status));
      81           0 :                 talloc_free(result);
      82           0 :                 return status;
      83             :         }
      84             : 
      85         123 :         *p = result;
      86         123 :         return NT_STATUS_OK;
      87             : }
      88             : 
      89          14 : static NTSTATUS pipe_bind_smb2(struct torture_context *tctx,
      90             :                                TALLOC_CTX *mem_ctx,
      91             :                                struct smb2_tree *tree,
      92             :                                const char *pipe_name,
      93             :                                const struct ndr_interface_table *iface,
      94             :                                struct dcerpc_pipe **p)
      95             : {
      96             :         struct dcerpc_pipe *result;
      97             :         NTSTATUS status;
      98             : 
      99          14 :         if (!(result = dcerpc_pipe_init(mem_ctx, tctx->ev))) {
     100           0 :                 return NT_STATUS_NO_MEMORY;
     101             :         }
     102             : 
     103          14 :         status = dcerpc_pipe_open_smb2(result, tree, pipe_name);
     104          14 :         if (!NT_STATUS_IS_OK(status)) {
     105           0 :                 torture_comment(tctx, "dcerpc_pipe_open_smb2 failed: %s\n",
     106             :                          nt_errstr(status));
     107           0 :                 talloc_free(result);
     108           0 :                 return status;
     109             :         }
     110             : 
     111          14 :         status = dcerpc_bind_auth_none(result, iface);
     112          14 :         if (!NT_STATUS_IS_OK(status)) {
     113          12 :                 torture_comment(tctx, "dcerpc_bind_auth_none failed: %s\n", nt_errstr(status));
     114          12 :                 talloc_free(result);
     115          12 :                 return status;
     116             :         }
     117             : 
     118           2 :         *p = result;
     119           2 :         return NT_STATUS_OK;
     120             : }
     121             : 
     122          32 : static NTSTATUS pipe_bind_smb_auth(struct torture_context *tctx,
     123             :                                    TALLOC_CTX *mem_ctx,
     124             :                                    struct smbcli_tree *tree,
     125             :                                    struct cli_credentials *creds,
     126             :                                    uint8_t auth_type,
     127             :                                    uint8_t auth_level,
     128             :                                    const char *pipe_name,
     129             :                                    const struct ndr_interface_table *iface,
     130             :                                    struct dcerpc_pipe **p)
     131             : {
     132             :         struct dcerpc_pipe *result;
     133             :         NTSTATUS status;
     134             : 
     135          32 :         if (!(result = dcerpc_pipe_init(mem_ctx, tctx->ev))) {
     136           0 :                 return NT_STATUS_NO_MEMORY;
     137             :         }
     138             : 
     139          32 :         status = dcerpc_pipe_open_smb(result, tree, pipe_name);
     140          32 :         if (!NT_STATUS_IS_OK(status)) {
     141           0 :                 torture_comment(tctx, "dcerpc_pipe_open_smb failed: %s\n",
     142             :                          nt_errstr(status));
     143           0 :                 talloc_free(result);
     144           0 :                 return status;
     145             :         }
     146             : 
     147          56 :         status = dcerpc_bind_auth(result, iface, creds,
     148          32 :                          lpcfg_gensec_settings(tctx->lp_ctx, tctx->lp_ctx),
     149             :                          auth_type, auth_level, NULL);
     150          32 :         if (!NT_STATUS_IS_OK(status)) {
     151           0 :                 torture_comment(tctx, "dcerpc_bind_auth failed: %s\n", nt_errstr(status));
     152           0 :                 talloc_free(result);
     153           0 :                 return status;
     154             :         }
     155             : 
     156          32 :         *p = result;
     157          32 :         return NT_STATUS_OK;
     158             : }
     159             : 
     160             : /*
     161             :  * This tests a RPC call using an invalid vuid
     162             :  */
     163             : 
     164          19 : bool torture_bind_authcontext(struct torture_context *torture)
     165             : {
     166             :         TALLOC_CTX *mem_ctx;
     167             :         NTSTATUS status;
     168          19 :         bool ret = false;
     169             :         struct lsa_ObjectAttribute objectattr;
     170             :         struct lsa_OpenPolicy2 openpolicy;
     171             :         struct policy_handle handle;
     172             :         struct lsa_Close close_handle;
     173             :         struct smbcli_session *tmp;
     174             :         uint16_t tmp_vuid;
     175             :         struct smbcli_session *session2;
     176             :         struct smbcli_state *cli;
     177             :         struct dcerpc_pipe *lsa_pipe;
     178             :         struct dcerpc_binding_handle *lsa_handle;
     179             :         struct cli_credentials *anon_creds;
     180             :         struct smb_composite_sesssetup setup;
     181             :         struct smbcli_options options;
     182             :         struct smbcli_session_options session_options;
     183             : 
     184          19 :         mem_ctx = talloc_init("torture_bind_authcontext");
     185             : 
     186          19 :         if (mem_ctx == NULL) {
     187           0 :                 torture_comment(torture, "talloc_init failed\n");
     188           0 :                 return false;
     189             :         }
     190             : 
     191          19 :         lpcfg_smbcli_options(torture->lp_ctx, &options);
     192          19 :         lpcfg_smbcli_session_options(torture->lp_ctx, &session_options);
     193             : 
     194          19 :         status = smbcli_full_connection(mem_ctx, &cli,
     195             :                                         torture_setting_string(torture, "host", NULL),
     196             :                                         lpcfg_smb_ports(torture->lp_ctx),
     197             :                                         "IPC$", NULL,
     198             :                                         lpcfg_socket_options(torture->lp_ctx),
     199             :                                         samba_cmdline_get_creds(),
     200             :                                         lpcfg_resolve_context(torture->lp_ctx),
     201             :                                         torture->ev, &options, &session_options,
     202             :                                         lpcfg_gensec_settings(torture, torture->lp_ctx));
     203          19 :         if (!NT_STATUS_IS_OK(status)) {
     204           0 :                 torture_comment(torture, "smbcli_full_connection failed: %s\n",
     205             :                          nt_errstr(status));
     206           0 :                 goto done;
     207             :         }
     208             : 
     209          19 :         status = pipe_bind_smb(torture, mem_ctx, cli->tree, "\\lsarpc",
     210             :                                &ndr_table_lsarpc, &lsa_pipe);
     211          19 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
     212             :                                         "pipe_bind_smb failed");
     213          19 :         lsa_handle = lsa_pipe->binding_handle;
     214             : 
     215          19 :         openpolicy.in.system_name =talloc_asprintf(
     216             :                 mem_ctx, "\\\\%s", dcerpc_server_name(lsa_pipe));
     217          19 :         ZERO_STRUCT(objectattr);
     218          19 :         openpolicy.in.attr = &objectattr;
     219          19 :         openpolicy.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
     220          19 :         openpolicy.out.handle = &handle;
     221             : 
     222          19 :         status = dcerpc_lsa_OpenPolicy2_r(lsa_handle, mem_ctx, &openpolicy);
     223             : 
     224          19 :         if (!NT_STATUS_IS_OK(status)) {
     225           0 :                 torture_comment(torture, "dcerpc_lsa_OpenPolicy2 failed: %s\n",
     226             :                          nt_errstr(status));
     227           0 :                 goto done;
     228             :         }
     229          19 :         if (!NT_STATUS_IS_OK(openpolicy.out.result)) {
     230           0 :                 torture_comment(torture, "dcerpc_lsa_OpenPolicy2 failed: %s\n",
     231             :                          nt_errstr(openpolicy.out.result));
     232           0 :                 goto done;
     233             :         }
     234             : 
     235          19 :         close_handle.in.handle = &handle;
     236          19 :         close_handle.out.handle = &handle;
     237             : 
     238          19 :         status = dcerpc_lsa_Close_r(lsa_handle, mem_ctx, &close_handle);
     239          19 :         if (!NT_STATUS_IS_OK(status)) {
     240           0 :                 torture_comment(torture, "dcerpc_lsa_Close failed: %s\n",
     241             :                          nt_errstr(status));
     242           0 :                 goto done;
     243             :         }
     244          19 :         if (!NT_STATUS_IS_OK(close_handle.out.result)) {
     245           0 :                 torture_comment(torture, "dcerpc_lsa_Close failed: %s\n",
     246             :                          nt_errstr(close_handle.out.result));
     247           0 :                 goto done;
     248             :         }
     249             : 
     250          19 :         session2 = smbcli_session_init(cli->transport, mem_ctx, false, session_options);
     251          19 :         if (session2 == NULL) {
     252           0 :                 torture_comment(torture, "smbcli_session_init failed\n");
     253           0 :                 goto done;
     254             :         }
     255             : 
     256          19 :         if (!(anon_creds = cli_credentials_init_anon(mem_ctx))) {
     257           0 :                 torture_comment(torture, "create_anon_creds failed\n");
     258           0 :                 goto done;
     259             :         }
     260             : 
     261          19 :         setup.in.sesskey = cli->transport->negotiate.sesskey;
     262          19 :         setup.in.capabilities = cli->transport->negotiate.capabilities;
     263          19 :         setup.in.workgroup = "";
     264          19 :         setup.in.credentials = anon_creds;
     265          19 :         setup.in.gensec_settings = lpcfg_gensec_settings(torture, torture->lp_ctx);
     266             : 
     267          19 :         status = smb_composite_sesssetup(session2, &setup);
     268          19 :         if (!NT_STATUS_IS_OK(status)) {
     269           0 :                 torture_comment(torture, "anon session setup failed: %s\n",
     270             :                          nt_errstr(status));
     271           0 :                 goto done;
     272             :         }
     273          19 :         session2->vuid = setup.out.vuid;
     274             : 
     275          19 :         tmp = cli->tree->session;
     276          19 :         tmp_vuid = smb1cli_session_current_id(tmp->smbXcli);
     277          19 :         smb1cli_session_set_id(tmp->smbXcli, session2->vuid);
     278          19 :         cli->tree->session = session2;
     279             : 
     280          19 :         status = dcerpc_lsa_OpenPolicy2_r(lsa_handle, mem_ctx, &openpolicy);
     281             : 
     282          19 :         torture_assert(torture, smbXcli_conn_is_connected(cli->transport->conn),
     283             :                        "smb still connected");
     284          19 :         torture_assert(torture, !dcerpc_binding_handle_is_connected(lsa_handle),
     285             :                        "dcerpc disonnected");
     286             : 
     287          19 :         if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_HANDLE)) {
     288           0 :                 torture_comment(torture, "dcerpc_lsa_OpenPolicy2 with wrong vuid gave %s, "
     289             :                          "expected NT_STATUS_CONNECTION_DISCONNECTED\n",
     290             :                          nt_errstr(status));
     291           0 :                 status = NT_STATUS_CONNECTION_DISCONNECTED;
     292             :         }
     293          19 :         if (NT_STATUS_EQUAL(status, NT_STATUS_IO_DEVICE_ERROR)) {
     294           0 :                 torture_comment(torture, "dcerpc_lsa_OpenPolicy2 with wrong vuid gave %s, "
     295             :                          "expected NT_STATUS_CONNECTION_DISCONNECTED\n",
     296             :                          nt_errstr(status));
     297           0 :                 status = NT_STATUS_CONNECTION_DISCONNECTED;
     298             :         }
     299             : 
     300          19 :         torture_assert_ntstatus_equal(torture, status, NT_STATUS_CONNECTION_DISCONNECTED,
     301             :                                       "lsa connection disconnected");
     302             : 
     303          19 :         smb1cli_session_set_id(tmp->smbXcli, tmp_vuid);
     304          19 :         cli->tree->session = tmp;
     305          19 :         talloc_free(lsa_pipe);
     306          19 :         lsa_pipe = NULL;
     307             : 
     308          19 :         ret = true;
     309          19 :  done:
     310          19 :         talloc_free(mem_ctx);
     311          19 :         return ret;
     312             : }
     313             : 
     314             : /*
     315             :  * Bind to lsa using a specific auth method
     316             :  */
     317             : 
     318          16 : static bool bindtest(struct torture_context *tctx,
     319             :                      struct smbcli_state *cli,
     320             :                      struct cli_credentials *credentials,
     321             :                      uint8_t auth_type, uint8_t auth_level)
     322             : {
     323             :         TALLOC_CTX *mem_ctx;
     324          16 :         bool ret = false;
     325             :         NTSTATUS status;
     326             : 
     327             :         struct dcerpc_pipe *lsa_pipe;
     328             :         struct dcerpc_binding_handle *lsa_handle;
     329             :         struct lsa_ObjectAttribute objectattr;
     330             :         struct lsa_OpenPolicy2 openpolicy;
     331             :         struct lsa_QueryInfoPolicy query;
     332          16 :         union lsa_PolicyInformation *info = NULL;
     333             :         struct policy_handle handle;
     334             :         struct lsa_Close close_handle;
     335             : 
     336          16 :         if ((mem_ctx = talloc_init("bindtest")) == NULL) {
     337           0 :                 torture_comment(tctx, "talloc_init failed\n");
     338           0 :                 return false;
     339             :         }
     340             : 
     341          16 :         status = pipe_bind_smb_auth(tctx, mem_ctx, cli->tree,
     342             :                                     credentials, auth_type, auth_level,
     343             :                                     "\\lsarpc", &ndr_table_lsarpc, &lsa_pipe);
     344          16 :         torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
     345             :                                         "pipe_bind_smb_auth failed");
     346          16 :         lsa_handle = lsa_pipe->binding_handle;
     347             : 
     348          16 :         openpolicy.in.system_name =talloc_asprintf(
     349             :                 mem_ctx, "\\\\%s", dcerpc_server_name(lsa_pipe));
     350          16 :         ZERO_STRUCT(objectattr);
     351          16 :         openpolicy.in.attr = &objectattr;
     352          16 :         openpolicy.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
     353          16 :         openpolicy.out.handle = &handle;
     354             : 
     355          16 :         status = dcerpc_lsa_OpenPolicy2_r(lsa_handle, mem_ctx, &openpolicy);
     356             : 
     357          16 :         if (!NT_STATUS_IS_OK(status)) {
     358           0 :                 torture_comment(tctx, "dcerpc_lsa_OpenPolicy2 failed: %s\n",
     359             :                          nt_errstr(status));
     360           0 :                 goto done;
     361             :         }
     362          16 :         if (!NT_STATUS_IS_OK(openpolicy.out.result)) {
     363           0 :                 torture_comment(tctx, "dcerpc_lsa_OpenPolicy2 failed: %s\n",
     364             :                          nt_errstr(openpolicy.out.result));
     365           0 :                 goto done;
     366             :         }
     367             : 
     368          16 :         query.in.handle = &handle;
     369          16 :         query.in.level = LSA_POLICY_INFO_DOMAIN;
     370          16 :         query.out.info = &info;
     371             : 
     372          16 :         status = dcerpc_lsa_QueryInfoPolicy_r(lsa_handle, mem_ctx, &query);
     373          16 :         if (!NT_STATUS_IS_OK(status)) {
     374           0 :                 torture_comment(tctx, "dcerpc_lsa_QueryInfoPolicy failed: %s\n",
     375             :                          nt_errstr(status));
     376           0 :                 goto done;
     377             :         }
     378          16 :         if (!NT_STATUS_IS_OK(query.out.result)) {
     379           0 :                 torture_comment(tctx, "dcerpc_lsa_QueryInfoPolicy failed: %s\n",
     380             :                          nt_errstr(query.out.result));
     381           0 :                 goto done;
     382             :         }
     383             : 
     384          16 :         close_handle.in.handle = &handle;
     385          16 :         close_handle.out.handle = &handle;
     386             : 
     387          16 :         status = dcerpc_lsa_Close_r(lsa_handle, mem_ctx, &close_handle);
     388          16 :         if (!NT_STATUS_IS_OK(status)) {
     389           0 :                 torture_comment(tctx, "dcerpc_lsa_Close failed: %s\n",
     390             :                          nt_errstr(status));
     391           0 :                 goto done;
     392             :         }
     393          16 :         if (!NT_STATUS_IS_OK(close_handle.out.result)) {
     394           0 :                 torture_comment(tctx, "dcerpc_lsa_Close failed: %s\n",
     395             :                          nt_errstr(close_handle.out.result));
     396           0 :                 goto done;
     397             :         }
     398             : 
     399             : 
     400          16 :         ret = true;
     401          16 :  done:
     402          16 :         talloc_free(mem_ctx);
     403          16 :         return ret;
     404             : }
     405             : 
     406             : /*
     407             :  * test authenticated RPC binds with the variants Samba3 does support
     408             :  */
     409             : 
     410           4 : static bool torture_bind_samba3(struct torture_context *torture)
     411             : {
     412             :         TALLOC_CTX *mem_ctx;
     413             :         NTSTATUS status;
     414           4 :         bool ret = false;
     415             :         struct smbcli_state *cli;
     416             :         struct smbcli_options options;
     417             :         struct smbcli_session_options session_options;
     418             : 
     419           4 :         mem_ctx = talloc_init("torture_bind_authcontext");
     420             : 
     421           4 :         if (mem_ctx == NULL) {
     422           0 :                 torture_comment(torture, "talloc_init failed\n");
     423           0 :                 return false;
     424             :         }
     425             : 
     426           4 :         lpcfg_smbcli_options(torture->lp_ctx, &options);
     427           4 :         lpcfg_smbcli_session_options(torture->lp_ctx, &session_options);
     428             : 
     429           4 :         status = smbcli_full_connection(mem_ctx, &cli,
     430             :                                         torture_setting_string(torture, "host", NULL),
     431             :                                         lpcfg_smb_ports(torture->lp_ctx),
     432             :                                         "IPC$", NULL,
     433             :                                         lpcfg_socket_options(torture->lp_ctx),
     434             :                                         samba_cmdline_get_creds(),
     435             :                                         lpcfg_resolve_context(torture->lp_ctx),
     436             :                                         torture->ev, &options, &session_options,
     437             :                                         lpcfg_gensec_settings(torture, torture->lp_ctx));
     438           4 :         if (!NT_STATUS_IS_OK(status)) {
     439           0 :                 torture_comment(torture, "smbcli_full_connection failed: %s\n",
     440             :                          nt_errstr(status));
     441           0 :                 goto done;
     442             :         }
     443             : 
     444           4 :         ret = true;
     445             : 
     446           4 :         ret &= bindtest(torture, cli, samba_cmdline_get_creds(),
     447             :                         DCERPC_AUTH_TYPE_NTLMSSP,
     448             :                         DCERPC_AUTH_LEVEL_INTEGRITY);
     449           4 :         ret &= bindtest(torture, cli, samba_cmdline_get_creds(),
     450             :                         DCERPC_AUTH_TYPE_NTLMSSP,
     451             :                         DCERPC_AUTH_LEVEL_PRIVACY);
     452           4 :         ret &= bindtest(torture, cli, samba_cmdline_get_creds(),
     453             :                         DCERPC_AUTH_TYPE_SPNEGO,
     454             :                         DCERPC_AUTH_LEVEL_INTEGRITY);
     455           4 :         ret &= bindtest(torture, cli, samba_cmdline_get_creds(),
     456             :                         DCERPC_AUTH_TYPE_SPNEGO,
     457             :                         DCERPC_AUTH_LEVEL_PRIVACY);
     458             : 
     459           4 :  done:
     460           4 :         talloc_free(mem_ctx);
     461           4 :         return ret;
     462             : }
     463             : 
     464             : /*
     465             :  * Lookup or create a user and return all necessary info
     466             :  */
     467             : 
     468          32 : static bool get_usr_handle(struct torture_context *tctx,
     469             :                            struct smbcli_state *cli,
     470             :                            TALLOC_CTX *mem_ctx,
     471             :                            struct cli_credentials *admin_creds,
     472             :                            uint8_t auth_type,
     473             :                            uint8_t auth_level,
     474             :                            const char *username,
     475             :                            char **domain,
     476             :                            struct dcerpc_pipe **result_pipe,
     477             :                            struct policy_handle **result_handle,
     478             :                            struct dom_sid **sid_p)
     479             : {
     480             :         struct dcerpc_pipe *samr_pipe;
     481             :         struct dcerpc_binding_handle *samr_handle;
     482             :         NTSTATUS status;
     483             :         struct policy_handle conn_handle;
     484             :         struct policy_handle domain_handle;
     485             :         struct policy_handle *user_handle;
     486             :         struct samr_Connect2 conn;
     487             :         struct samr_EnumDomains enumdom;
     488          32 :         uint32_t resume_handle = 0;
     489          32 :         uint32_t num_entries = 0;
     490          32 :         struct samr_SamArray *sam = NULL;
     491             :         struct samr_LookupDomain l;
     492          32 :         struct dom_sid2 *sid = NULL;
     493             :         int dom_idx;
     494             :         struct lsa_String domain_name;
     495             :         struct lsa_String user_name;
     496             :         struct samr_OpenDomain o;
     497             :         struct samr_CreateUser2 c;
     498             :         uint32_t user_rid,access_granted;
     499             : 
     500          32 :         if (admin_creds != NULL) {
     501           0 :                 status = pipe_bind_smb_auth(tctx, mem_ctx, cli->tree,
     502             :                                             admin_creds, auth_type, auth_level,
     503             :                                             "\\samr", &ndr_table_samr, &samr_pipe);
     504           0 :                 torture_assert_ntstatus_ok(tctx, status, "pipe_bind_smb_auth failed");
     505             :         } else {
     506             :                 /* We must have an authenticated SMB connection */
     507          32 :                 status = pipe_bind_smb(tctx, mem_ctx, cli->tree,
     508             :                                        "\\samr", &ndr_table_samr, &samr_pipe);
     509          32 :                 torture_assert_ntstatus_ok(tctx, status, "pipe_bind_smb_auth failed");
     510             :         }
     511             : #if 0
     512             :         samr_pipe->conn->flags |= DCERPC_DEBUG_PRINT_IN | DCERPC_DEBUG_PRINT_OUT;
     513             : #endif
     514          32 :         samr_handle = samr_pipe->binding_handle;
     515             : 
     516          32 :         conn.in.system_name = talloc_asprintf(
     517             :                 mem_ctx, "\\\\%s", dcerpc_server_name(samr_pipe));
     518          32 :         conn.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
     519          32 :         conn.out.connect_handle = &conn_handle;
     520             : 
     521          32 :         torture_assert_ntstatus_ok(tctx,
     522             :                 dcerpc_samr_Connect2_r(samr_handle, mem_ctx, &conn),
     523             :                 "samr_Connect2 failed");
     524          32 :         torture_assert_ntstatus_ok(tctx, conn.out.result,
     525             :                 "samr_Connect2 failed");
     526             : 
     527          32 :         enumdom.in.connect_handle = &conn_handle;
     528          32 :         enumdom.in.resume_handle = &resume_handle;
     529          32 :         enumdom.in.buf_size = (uint32_t)-1;
     530          32 :         enumdom.out.resume_handle = &resume_handle;
     531          32 :         enumdom.out.num_entries = &num_entries;
     532          32 :         enumdom.out.sam = &sam;
     533             : 
     534          32 :         torture_assert_ntstatus_ok(tctx,
     535             :                 dcerpc_samr_EnumDomains_r(samr_handle, mem_ctx, &enumdom),
     536             :                 "samr_EnumDomains failed");
     537          32 :         torture_assert_ntstatus_ok(tctx, enumdom.out.result,
     538             :                 "samr_EnumDomains failed");
     539             : 
     540          32 :         torture_assert_int_equal(tctx, *enumdom.out.num_entries, 2,
     541             :                 "samr_EnumDomains returned unexpected num_entries");
     542             : 
     543          56 :         dom_idx = strequal(sam->entries[0].name.string,
     544          32 :                            "builtin") ? 1:0;
     545             : 
     546          32 :         l.in.connect_handle = &conn_handle;
     547          32 :         domain_name.string = sam->entries[dom_idx].name.string;
     548          32 :         *domain = talloc_strdup(mem_ctx, domain_name.string);
     549          32 :         l.in.domain_name = &domain_name;
     550          32 :         l.out.sid = &sid;
     551             : 
     552          32 :         torture_assert_ntstatus_ok(tctx,
     553             :                 dcerpc_samr_LookupDomain_r(samr_handle, mem_ctx, &l),
     554             :                 "samr_LookupDomain failed");
     555          32 :         torture_assert_ntstatus_ok(tctx, l.out.result,
     556             :                 "samr_LookupDomain failed");
     557             : 
     558          32 :         o.in.connect_handle = &conn_handle;
     559          32 :         o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
     560          32 :         o.in.sid = *l.out.sid;
     561          32 :         o.out.domain_handle = &domain_handle;
     562             : 
     563          32 :         torture_assert_ntstatus_ok(tctx,
     564             :                 dcerpc_samr_OpenDomain_r(samr_handle, mem_ctx, &o),
     565             :                 "samr_OpenDomain failed");
     566          32 :         torture_assert_ntstatus_ok(tctx, o.out.result,
     567             :                 "samr_OpenDomain failed");
     568             : 
     569          32 :         c.in.domain_handle = &domain_handle;
     570          32 :         user_name.string = username;
     571          32 :         c.in.account_name = &user_name;
     572          32 :         c.in.acct_flags = ACB_NORMAL;
     573          32 :         c.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
     574          32 :         user_handle = talloc(mem_ctx, struct policy_handle);
     575          32 :         c.out.user_handle = user_handle;
     576          32 :         c.out.access_granted = &access_granted;
     577          32 :         c.out.rid = &user_rid;
     578             : 
     579          32 :         torture_assert_ntstatus_ok(tctx,
     580             :                 dcerpc_samr_CreateUser2_r(samr_handle, mem_ctx, &c),
     581             :                 "samr_CreateUser2 failed");
     582             : 
     583          32 :         if (NT_STATUS_EQUAL(c.out.result, NT_STATUS_USER_EXISTS)) {
     584             :                 struct samr_LookupNames ln;
     585             :                 struct samr_OpenUser ou;
     586             :                 struct samr_Ids rids, types;
     587             : 
     588          16 :                 ln.in.domain_handle = &domain_handle;
     589          16 :                 ln.in.num_names = 1;
     590          16 :                 ln.in.names = &user_name;
     591          16 :                 ln.out.rids = &rids;
     592          16 :                 ln.out.types = &types;
     593             : 
     594          16 :                 torture_assert_ntstatus_ok(tctx,
     595             :                         dcerpc_samr_LookupNames_r(samr_handle, mem_ctx, &ln),
     596             :                         "samr_LookupNames failed");
     597          16 :                 torture_assert_ntstatus_ok(tctx, ln.out.result,
     598             :                         "samr_LookupNames failed");
     599             : 
     600          16 :                 ou.in.domain_handle = &domain_handle;
     601          16 :                 ou.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
     602          16 :                 user_rid = ou.in.rid = ln.out.rids->ids[0];
     603          16 :                 ou.out.user_handle = user_handle;
     604             : 
     605          16 :                 torture_assert_ntstatus_ok(tctx,
     606             :                         dcerpc_samr_OpenUser_r(samr_handle, mem_ctx, &ou),
     607             :                         "samr_OpenUser failed");
     608          16 :                 status = ou.out.result;
     609             :         } else {
     610          16 :                 status = c.out.result;
     611             :         }
     612             : 
     613          32 :         torture_assert_ntstatus_ok(tctx, status,
     614             :                 "samr_CreateUser failed");
     615             : 
     616          32 :         *result_pipe = samr_pipe;
     617          32 :         *result_handle = user_handle;
     618          32 :         if (sid_p != NULL) {
     619           4 :                 *sid_p = dom_sid_add_rid(mem_ctx, *l.out.sid, user_rid);
     620             :         }
     621          32 :         return true;
     622             : 
     623             : }
     624             : 
     625             : /*
     626             :  * Create a test user
     627             :  */
     628             : 
     629           4 : static bool create_user(struct torture_context *tctx,
     630             :                         TALLOC_CTX *mem_ctx, struct smbcli_state *cli,
     631             :                         struct cli_credentials *admin_creds,
     632             :                         const char *username, const char *password,
     633             :                         char **domain_name,
     634             :                         struct dom_sid **user_sid)
     635             : {
     636             :         TALLOC_CTX *tmp_ctx;
     637             :         NTSTATUS status;
     638             :         struct dcerpc_pipe *samr_pipe;
     639             :         struct dcerpc_binding_handle *samr_handle;
     640             :         struct policy_handle *wks_handle;
     641           4 :         bool ret = false;
     642             : 
     643           4 :         if (!(tmp_ctx = talloc_new(mem_ctx))) {
     644           0 :                 torture_comment(tctx, "talloc_init failed\n");
     645           0 :                 return false;
     646             :         }
     647             : 
     648           4 :         ret = get_usr_handle(tctx, cli, tmp_ctx, admin_creds,
     649             :                              DCERPC_AUTH_TYPE_NTLMSSP,
     650             :                              DCERPC_AUTH_LEVEL_INTEGRITY,
     651             :                              username, domain_name, &samr_pipe, &wks_handle,
     652             :                              user_sid);
     653           4 :         if (ret == false) {
     654           0 :                 torture_comment(tctx, "get_usr_handle failed\n");
     655           0 :                 goto done;
     656             :         }
     657           4 :         samr_handle = samr_pipe->binding_handle;
     658             : 
     659             :         {
     660             :                 struct samr_SetUserInfo2 sui2;
     661             :                 struct samr_SetUserInfo sui;
     662             :                 struct samr_QueryUserInfo qui;
     663             :                 union samr_UserInfo u_info;
     664             :                 union samr_UserInfo *info;
     665             :                 DATA_BLOB session_key;
     666             : 
     667           4 :                 ZERO_STRUCT(u_info);
     668           4 :                 encode_pw_buffer(u_info.info23.password.data, password,
     669             :                                  STR_UNICODE);
     670             : 
     671           4 :                 status = dcerpc_fetch_session_key(samr_pipe, &session_key);
     672           4 :                 if (!NT_STATUS_IS_OK(status)) {
     673           0 :                         torture_comment(tctx, "dcerpc_fetch_session_key failed\n");
     674           0 :                         goto done;
     675             :                 }
     676             : 
     677           4 :                 status = init_samr_CryptPassword(password,
     678             :                                                  &session_key,
     679             :                                                  &u_info.info23.password);
     680           4 :                 if (!NT_STATUS_IS_OK(status)) {
     681           0 :                         torture_comment(tctx, "init_samr_CryptPassword failed\n");
     682           0 :                         goto done;
     683             :                 }
     684             : 
     685           4 :                 u_info.info23.info.password_expired = 0;
     686           4 :                 u_info.info23.info.fields_present = SAMR_FIELD_NT_PASSWORD_PRESENT |
     687             :                                                     SAMR_FIELD_LM_PASSWORD_PRESENT |
     688             :                                                     SAMR_FIELD_EXPIRED_FLAG;
     689           4 :                 sui2.in.user_handle = wks_handle;
     690           4 :                 sui2.in.info = &u_info;
     691           4 :                 sui2.in.level = 23;
     692             : 
     693           4 :                 status = dcerpc_samr_SetUserInfo2_r(samr_handle, tmp_ctx, &sui2);
     694           4 :                 if (!NT_STATUS_IS_OK(status)) {
     695           0 :                         torture_comment(tctx, "samr_SetUserInfo(23) failed: %s\n",
     696             :                                  nt_errstr(status));
     697           0 :                         goto done;
     698             :                 }
     699           4 :                 if (!NT_STATUS_IS_OK(sui2.out.result)) {
     700           0 :                         torture_comment(tctx, "samr_SetUserInfo(23) failed: %s\n",
     701             :                                  nt_errstr(sui2.out.result));
     702           0 :                         goto done;
     703             :                 }
     704             : 
     705           4 :                 u_info.info16.acct_flags = ACB_NORMAL;
     706           4 :                 sui.in.user_handle = wks_handle;
     707           4 :                 sui.in.info = &u_info;
     708           4 :                 sui.in.level = 16;
     709             : 
     710           4 :                 status = dcerpc_samr_SetUserInfo_r(samr_handle, tmp_ctx, &sui);
     711           4 :                 if (!NT_STATUS_IS_OK(status) || !NT_STATUS_IS_OK(sui.out.result)) {
     712           0 :                         torture_comment(tctx, "samr_SetUserInfo(16) failed\n");
     713           0 :                         goto done;
     714             :                 }
     715             : 
     716           4 :                 qui.in.user_handle = wks_handle;
     717           4 :                 qui.in.level = 21;
     718           4 :                 qui.out.info = &info;
     719             : 
     720           4 :                 status = dcerpc_samr_QueryUserInfo_r(samr_handle, tmp_ctx, &qui);
     721           4 :                 if (!NT_STATUS_IS_OK(status) || !NT_STATUS_IS_OK(qui.out.result)) {
     722           0 :                         torture_comment(tctx, "samr_QueryUserInfo(21) failed\n");
     723           0 :                         goto done;
     724             :                 }
     725             : 
     726           4 :                 info->info21.allow_password_change = 0;
     727           4 :                 info->info21.force_password_change = 0;
     728           4 :                 info->info21.account_name.string = NULL;
     729           4 :                 info->info21.rid = 0;
     730           4 :                 info->info21.acct_expiry = 0;
     731           4 :                 info->info21.fields_present = 0x81827fa; /* copy usrmgr.exe */
     732             : 
     733           4 :                 u_info.info21 = info->info21;
     734           4 :                 sui.in.user_handle = wks_handle;
     735           4 :                 sui.in.info = &u_info;
     736           4 :                 sui.in.level = 21;
     737             : 
     738           4 :                 status = dcerpc_samr_SetUserInfo_r(samr_handle, tmp_ctx, &sui);
     739           4 :                 if (!NT_STATUS_IS_OK(status) || !NT_STATUS_IS_OK(sui.out.result)) {
     740           0 :                         torture_comment(tctx, "samr_SetUserInfo(21) failed\n");
     741           0 :                         goto done;
     742             :                 }
     743             :         }
     744             : 
     745           4 :         *domain_name= talloc_steal(mem_ctx, *domain_name);
     746           4 :         *user_sid = talloc_steal(mem_ctx, *user_sid);
     747           4 :         ret = true;
     748           4 :  done:
     749           4 :         talloc_free(tmp_ctx);
     750           4 :         return ret;
     751             : }
     752             : 
     753             : /*
     754             :  * Delete a test user
     755             :  */
     756             : 
     757          16 : static bool delete_user(struct torture_context *tctx,
     758             :                         struct smbcli_state *cli,
     759             :                         struct cli_credentials *admin_creds,
     760             :                         const char *username)
     761             : {
     762             :         TALLOC_CTX *mem_ctx;
     763             :         NTSTATUS status;
     764             :         char *dom_name;
     765             :         struct dcerpc_pipe *samr_pipe;
     766             :         struct dcerpc_binding_handle *samr_handle;
     767             :         struct policy_handle *user_handle;
     768          16 :         bool ret = false;
     769             : 
     770          16 :         if ((mem_ctx = talloc_init("leave")) == NULL) {
     771           0 :                 torture_comment(tctx, "talloc_init failed\n");
     772           0 :                 return false;
     773             :         }
     774             : 
     775          16 :         ret = get_usr_handle(tctx, cli, mem_ctx, admin_creds,
     776             :                              DCERPC_AUTH_TYPE_NTLMSSP,
     777             :                              DCERPC_AUTH_LEVEL_INTEGRITY,
     778             :                              username, &dom_name, &samr_pipe,
     779             :                              &user_handle, NULL);
     780          16 :         if (ret == false) {
     781           0 :                 torture_comment(tctx, "get_wks_handle failed\n");
     782           0 :                 goto done;
     783             :         }
     784          16 :         samr_handle = samr_pipe->binding_handle;
     785             : 
     786             :         {
     787             :                 struct samr_DeleteUser d;
     788             : 
     789          16 :                 d.in.user_handle = user_handle;
     790          16 :                 d.out.user_handle = user_handle;
     791             : 
     792          16 :                 status = dcerpc_samr_DeleteUser_r(samr_handle, mem_ctx, &d);
     793          16 :                 if (!NT_STATUS_IS_OK(status)) {
     794           0 :                         torture_comment(tctx, "samr_DeleteUser failed %s\n", nt_errstr(status));
     795           0 :                         goto done;
     796             :                 }
     797          16 :                 if (!NT_STATUS_IS_OK(d.out.result)) {
     798           0 :                         torture_comment(tctx, "samr_DeleteUser failed %s\n", nt_errstr(d.out.result));
     799           0 :                         goto done;
     800             :                 }
     801             : 
     802             :         }
     803             : 
     804          16 :         ret = true;
     805             : 
     806          16 :  done:
     807          16 :         talloc_free(mem_ctx);
     808          16 :         return ret;
     809             : }
     810             : 
     811             : /*
     812             :  * Do a Samba3-style join
     813             :  */
     814             : 
     815          12 : static bool join3(struct torture_context *tctx,
     816             :                   struct smbcli_state *cli,
     817             :                   bool use_level25,
     818             :                   struct cli_credentials *admin_creds,
     819             :                   struct cli_credentials *wks_creds)
     820             : {
     821             :         TALLOC_CTX *mem_ctx;
     822             :         NTSTATUS status;
     823             :         char *dom_name;
     824             :         struct dcerpc_pipe *samr_pipe;
     825             :         struct dcerpc_binding_handle *samr_handle;
     826             :         struct policy_handle *wks_handle;
     827          12 :         bool ret = false;
     828             :         NTTIME last_password_change;
     829             : 
     830          12 :         if ((mem_ctx = talloc_init("join3")) == NULL) {
     831           0 :                 torture_comment(tctx, "talloc_init failed\n");
     832           0 :                 return false;
     833             :         }
     834             : 
     835          12 :         ret = get_usr_handle(
     836             :                 tctx, cli, mem_ctx, admin_creds,
     837             :                 DCERPC_AUTH_TYPE_NTLMSSP,
     838             :                 DCERPC_AUTH_LEVEL_PRIVACY,
     839          12 :                 talloc_asprintf(mem_ctx, "%s$",
     840             :                                 cli_credentials_get_workstation(wks_creds)),
     841             :                 &dom_name, &samr_pipe, &wks_handle, NULL);
     842          12 :         if (ret == false) {
     843           0 :                 torture_comment(tctx, "get_wks_handle failed\n");
     844           0 :                 goto done;
     845             :         }
     846          12 :         samr_handle = samr_pipe->binding_handle;
     847          12 :         ret = false;
     848             :         {
     849             :                 struct samr_QueryUserInfo q;
     850             :                 union samr_UserInfo *info;
     851             : 
     852          12 :                 q.in.user_handle = wks_handle;
     853          12 :                 q.in.level = 21;
     854          12 :                 q.out.info = &info;
     855             : 
     856          12 :                 status = dcerpc_samr_QueryUserInfo_r(samr_handle, mem_ctx, &q);
     857          12 :                 if (!NT_STATUS_IS_OK(status)) {
     858           0 :                         torture_warning(tctx, "QueryUserInfo failed: %s\n",
     859             :                                   nt_errstr(status));
     860           0 :                         goto done;
     861             :                 }
     862          12 :                 if (!NT_STATUS_IS_OK(q.out.result)) {
     863           0 :                         torture_warning(tctx, "QueryUserInfo failed: %s\n",
     864             :                                   nt_errstr(q.out.result));
     865           0 :                         goto done;
     866             :                 }
     867             : 
     868             : 
     869          12 :                 last_password_change = info->info21.last_password_change;
     870             :         }
     871             : 
     872          12 :         cli_credentials_set_domain(wks_creds, dom_name, CRED_SPECIFIED);
     873             : 
     874          12 :         if (use_level25) {
     875             :                 struct samr_SetUserInfo2 sui2;
     876             :                 union samr_UserInfo u_info;
     877           4 :                 struct samr_UserInfo21 *i21 = &u_info.info25.info;
     878             :                 DATA_BLOB session_key;
     879             : 
     880           4 :                 ZERO_STRUCT(u_info);
     881             : 
     882           4 :                 i21->full_name.string = talloc_asprintf(
     883             :                         mem_ctx, "%s$",
     884             :                         cli_credentials_get_workstation(wks_creds));
     885           4 :                 i21->acct_flags = ACB_WSTRUST;
     886           4 :                 i21->fields_present = SAMR_FIELD_FULL_NAME |
     887             :                         SAMR_FIELD_ACCT_FLAGS | SAMR_FIELD_NT_PASSWORD_PRESENT;
     888             :                 /* this would break the test result expectations
     889             :                 i21->fields_present |= SAMR_FIELD_EXPIRED_FLAG;
     890             :                 i21->password_expired = 1;
     891             :                 */
     892             : 
     893           4 :                 status = dcerpc_fetch_session_key(samr_pipe, &session_key);
     894           4 :                 if (!NT_STATUS_IS_OK(status)) {
     895           0 :                         torture_comment(tctx, "dcerpc_fetch_session_key failed: %s\n",
     896             :                                  nt_errstr(status));
     897           0 :                         goto done;
     898             :                 }
     899             : 
     900           4 :                 status = init_samr_CryptPasswordEx(cli_credentials_get_password(wks_creds),
     901             :                                                    &session_key,
     902             :                                                    &u_info.info25.password);
     903             : 
     904           4 :                 sui2.in.user_handle = wks_handle;
     905           4 :                 sui2.in.level = 25;
     906           4 :                 sui2.in.info = &u_info;
     907             : 
     908           4 :                 status = dcerpc_samr_SetUserInfo2_r(samr_handle, mem_ctx, &sui2);
     909           4 :                 if (!NT_STATUS_IS_OK(status)) {
     910           0 :                         torture_comment(tctx, "samr_SetUserInfo2(25) failed: %s\n",
     911             :                                  nt_errstr(status));
     912           0 :                         goto done;
     913             :                 }
     914           4 :                 if (!NT_STATUS_IS_OK(sui2.out.result)) {
     915           0 :                         torture_comment(tctx, "samr_SetUserInfo2(25) failed: %s\n",
     916             :                                  nt_errstr(sui2.out.result));
     917           0 :                         goto done;
     918             :                 }
     919             :         } else {
     920             :                 struct samr_SetUserInfo2 sui2;
     921             :                 struct samr_SetUserInfo sui;
     922             :                 union samr_UserInfo u_info;
     923             :                 DATA_BLOB session_key;
     924             : 
     925           8 :                 encode_pw_buffer(u_info.info24.password.data,
     926             :                                  cli_credentials_get_password(wks_creds),
     927             :                                  STR_UNICODE);
     928             :                 /* just to make this test pass */
     929           8 :                 u_info.info24.password_expired = 1;
     930             : 
     931           8 :                 status = dcerpc_fetch_session_key(samr_pipe, &session_key);
     932           8 :                 if (!NT_STATUS_IS_OK(status)) {
     933           0 :                         torture_comment(tctx, "dcerpc_fetch_session_key failed\n");
     934           0 :                         goto done;
     935             :                 }
     936             : 
     937           8 :                 status = init_samr_CryptPassword(cli_credentials_get_password(wks_creds),
     938             :                                                  &session_key,
     939             :                                                  &u_info.info24.password);
     940             : 
     941           8 :                 sui2.in.user_handle = wks_handle;
     942           8 :                 sui2.in.info = &u_info;
     943           8 :                 sui2.in.level = 24;
     944             : 
     945           8 :                 status = dcerpc_samr_SetUserInfo2_r(samr_handle, mem_ctx, &sui2);
     946           8 :                 if (!NT_STATUS_IS_OK(status)) {
     947           0 :                         torture_comment(tctx, "samr_SetUserInfo(24) failed: %s\n",
     948             :                                  nt_errstr(status));
     949           0 :                         goto done;
     950             :                 }
     951           8 :                 if (!NT_STATUS_IS_OK(sui2.out.result)) {
     952           0 :                         torture_comment(tctx, "samr_SetUserInfo(24) failed: %s\n",
     953             :                                  nt_errstr(sui2.out.result));
     954           0 :                         goto done;
     955             :                 }
     956             : 
     957           8 :                 u_info.info16.acct_flags = ACB_WSTRUST;
     958           8 :                 sui.in.user_handle = wks_handle;
     959           8 :                 sui.in.info = &u_info;
     960           8 :                 sui.in.level = 16;
     961             : 
     962           8 :                 status = dcerpc_samr_SetUserInfo_r(samr_handle, mem_ctx, &sui);
     963           8 :                 if (!NT_STATUS_IS_OK(status) || !NT_STATUS_IS_OK(sui.out.result)) {
     964           0 :                         torture_comment(tctx, "samr_SetUserInfo(16) failed\n");
     965           0 :                         goto done;
     966             :                 }
     967             :         }
     968             : 
     969             :         {
     970             :                 struct samr_QueryUserInfo q;
     971             :                 union samr_UserInfo *info;
     972             : 
     973          12 :                 q.in.user_handle = wks_handle;
     974          12 :                 q.in.level = 21;
     975          12 :                 q.out.info = &info;
     976             : 
     977          12 :                 status = dcerpc_samr_QueryUserInfo_r(samr_handle, mem_ctx, &q);
     978          12 :                 if (!NT_STATUS_IS_OK(status)) {
     979           0 :                         torture_warning(tctx, "QueryUserInfo failed: %s\n",
     980             :                                   nt_errstr(status));
     981           0 :                         goto done;
     982             :                 }
     983          12 :                 if (!NT_STATUS_IS_OK(q.out.result)) {
     984           0 :                         torture_warning(tctx, "QueryUserInfo failed: %s\n",
     985             :                                   nt_errstr(q.out.result));
     986           0 :                         goto done;
     987             :                 }
     988             : 
     989          12 :                 if (use_level25) {
     990           4 :                         if (last_password_change
     991           4 :                             == info->info21.last_password_change) {
     992           0 :                                 torture_warning(tctx, "last_password_change unchanged "
     993             :                                          "during join, level25 must change "
     994             :                                          "it\n");
     995           0 :                                 goto done;
     996             :                         }
     997             :                 }
     998             :                 else {
     999           8 :                         if (last_password_change
    1000           8 :                             != info->info21.last_password_change) {
    1001           0 :                                 torture_warning(tctx, "last_password_change changed "
    1002             :                                          "during join, level24 doesn't "
    1003             :                                          "change it\n");
    1004           0 :                                 goto done;
    1005             :                         }
    1006             :                 }
    1007             :         }
    1008             : 
    1009          12 :         ret = true;
    1010             : 
    1011          12 :  done:
    1012          12 :         talloc_free(mem_ctx);
    1013          12 :         return ret;
    1014             : }
    1015             : 
    1016             : /*
    1017             :  * Do a ReqChallenge/Auth2 and get the wks creds
    1018             :  */
    1019             : 
    1020          16 : static bool auth2(struct torture_context *tctx,
    1021             :                   struct smbcli_state *cli,
    1022             :                   struct cli_credentials *wks_cred)
    1023             : {
    1024             :         TALLOC_CTX *mem_ctx;
    1025             :         struct dcerpc_pipe *net_pipe;
    1026             :         struct dcerpc_binding_handle *net_handle;
    1027          16 :         bool result = false;
    1028             :         NTSTATUS status;
    1029             :         struct netr_ServerReqChallenge r;
    1030             :         struct netr_Credential netr_cli_creds;
    1031             :         struct netr_Credential netr_srv_creds;
    1032             :         uint32_t negotiate_flags;
    1033             :         struct netr_ServerAuthenticate2 a;
    1034             :         struct netlogon_creds_CredentialState *creds_state;
    1035             :         struct netr_Credential netr_cred;
    1036             :         struct samr_Password mach_pw;
    1037             : 
    1038          16 :         mem_ctx = talloc_new(NULL);
    1039          16 :         if (mem_ctx == NULL) {
    1040           0 :                 torture_comment(tctx, "talloc_new failed\n");
    1041           0 :                 return false;
    1042             :         }
    1043             : 
    1044          16 :         status = pipe_bind_smb(tctx, mem_ctx, cli->tree, "\\netlogon",
    1045             :                                &ndr_table_netlogon, &net_pipe);
    1046          16 :         torture_assert_ntstatus_ok_goto(tctx, status, result, done,
    1047             :                                         "pipe_bind_smb failed");
    1048          16 :         net_handle = net_pipe->binding_handle;
    1049             : 
    1050          16 :         r.in.computer_name = cli_credentials_get_workstation(wks_cred);
    1051          16 :         r.in.server_name = talloc_asprintf(
    1052             :                 mem_ctx, "\\\\%s", dcerpc_server_name(net_pipe));
    1053          16 :         if (r.in.server_name == NULL) {
    1054           0 :                 torture_comment(tctx, "talloc_asprintf failed\n");
    1055           0 :                 goto done;
    1056             :         }
    1057          16 :         generate_random_buffer(netr_cli_creds.data,
    1058             :                                sizeof(netr_cli_creds.data));
    1059          16 :         r.in.credentials = &netr_cli_creds;
    1060          16 :         r.out.return_credentials = &netr_srv_creds;
    1061             : 
    1062          16 :         status = dcerpc_netr_ServerReqChallenge_r(net_handle, mem_ctx, &r);
    1063          16 :         if (!NT_STATUS_IS_OK(status)) {
    1064           0 :                 torture_comment(tctx, "netr_ServerReqChallenge failed: %s\n",
    1065             :                          nt_errstr(status));
    1066           0 :                 goto done;
    1067             :         }
    1068          16 :         if (!NT_STATUS_IS_OK(r.out.result)) {
    1069           0 :                 torture_comment(tctx, "netr_ServerReqChallenge failed: %s\n",
    1070             :                          nt_errstr(r.out.result));
    1071           0 :                 goto done;
    1072             :         }
    1073             : 
    1074          16 :         negotiate_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
    1075          16 :         E_md4hash(cli_credentials_get_password(wks_cred), mach_pw.hash);
    1076             : 
    1077          16 :         a.in.server_name = talloc_asprintf(
    1078             :                 mem_ctx, "\\\\%s", dcerpc_server_name(net_pipe));
    1079          16 :         a.in.account_name = talloc_asprintf(
    1080             :                 mem_ctx, "%s$", cli_credentials_get_workstation(wks_cred));
    1081          16 :         a.in.computer_name = cli_credentials_get_workstation(wks_cred);
    1082          16 :         a.in.secure_channel_type = SEC_CHAN_WKSTA;
    1083          16 :         a.in.negotiate_flags = &negotiate_flags;
    1084          16 :         a.out.negotiate_flags = &negotiate_flags;
    1085          16 :         a.in.credentials = &netr_cred;
    1086          16 :         a.out.return_credentials = &netr_cred;
    1087             : 
    1088          28 :         creds_state = netlogon_creds_client_init(mem_ctx,
    1089             :                                                  a.in.account_name,
    1090             :                                                  a.in.computer_name,
    1091          16 :                                                  a.in.secure_channel_type,
    1092          16 :                                                  r.in.credentials,
    1093          16 :                                                  r.out.return_credentials, &mach_pw,
    1094             :                                                  &netr_cred, negotiate_flags);
    1095          16 :         torture_assert(tctx, (creds_state != NULL), "memory allocation failed");
    1096             : 
    1097          16 :         status = dcerpc_netr_ServerAuthenticate2_r(net_handle, mem_ctx, &a);
    1098          16 :         if (!NT_STATUS_IS_OK(status)) {
    1099           0 :                 torture_comment(tctx, "netr_ServerServerAuthenticate2 failed: %s\n",
    1100             :                          nt_errstr(status));
    1101           0 :                 goto done;
    1102             :         }
    1103          16 :         if (!NT_STATUS_IS_OK(a.out.result)) {
    1104           0 :                 torture_comment(tctx, "netr_ServerServerAuthenticate2 failed: %s\n",
    1105             :                          nt_errstr(a.out.result));
    1106           0 :                 goto done;
    1107             :         }
    1108             : 
    1109          16 :         if (!netlogon_creds_client_check(creds_state, a.out.return_credentials)) {
    1110           0 :                 torture_comment(tctx, "creds_client_check failed\n");
    1111           0 :                 goto done;
    1112             :         }
    1113             : 
    1114          16 :         cli_credentials_set_netlogon_creds(wks_cred, creds_state);
    1115             : 
    1116          16 :         result = true;
    1117             : 
    1118          16 :  done:
    1119          16 :         talloc_free(mem_ctx);
    1120          16 :         return result;
    1121             : }
    1122             : 
    1123             : /*
    1124             :  * Do a couple of schannel protected Netlogon ops: Interactive and Network
    1125             :  * login, and change the wks password
    1126             :  */
    1127             : 
    1128          16 : static bool schan(struct torture_context *tctx,
    1129             :                   struct smbcli_state *cli,
    1130             :                   struct cli_credentials *wks_creds,
    1131             :                   struct cli_credentials *user_creds)
    1132             : {
    1133             :         TALLOC_CTX *mem_ctx;
    1134             :         NTSTATUS status;
    1135          16 :         bool ret = false;
    1136             :         struct dcerpc_pipe *net_pipe;
    1137             :         struct dcerpc_binding_handle *net_handle;
    1138             :         int i;
    1139             : 
    1140          16 :         mem_ctx = talloc_new(NULL);
    1141          16 :         if (mem_ctx == NULL) {
    1142           0 :                 torture_comment(tctx, "talloc_new failed\n");
    1143           0 :                 return false;
    1144             :         }
    1145             : 
    1146             : #if 1
    1147          16 :         status = pipe_bind_smb_auth(tctx, mem_ctx, cli->tree,
    1148             :                                     wks_creds,
    1149             :                                     DCERPC_AUTH_TYPE_SCHANNEL,
    1150             :                                     DCERPC_AUTH_LEVEL_PRIVACY,
    1151             :                                     "\\netlogon", &ndr_table_netlogon, &net_pipe);
    1152          16 :         torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
    1153             :                                         "pipe_bind_smb_auth failed");
    1154          16 :         net_pipe->conn->flags |= (DCERPC_SIGN | DCERPC_SEAL);
    1155             : #else
    1156             :         status = pipe_bind_smb(tctx, mem_ctx, cli->tree,
    1157             :                                "\\netlogon", &ndr_table_netlogon, &net_pipe);
    1158             :         torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
    1159             :                                         "pipe_bind_smb failed");
    1160             : #endif
    1161             : #if 0
    1162             :         net_pipe->conn->flags |= DCERPC_DEBUG_PRINT_IN |
    1163             :                 DCERPC_DEBUG_PRINT_OUT;
    1164             : #endif
    1165          16 :         net_handle = net_pipe->binding_handle;
    1166             : 
    1167             : 
    1168          84 :         for (i=2; i<4; i++) {
    1169             :                 int flags;
    1170             :                 DATA_BLOB chal, nt_resp, lm_resp, names_blob;
    1171             :                 struct netlogon_creds_CredentialState *creds_state;
    1172             :                 struct netr_Authenticator netr_auth, netr_auth2;
    1173             :                 struct netr_NetworkInfo ninfo;
    1174             :                 struct netr_PasswordInfo pinfo;
    1175             :                 struct netr_LogonSamLogon r;
    1176             :                 union netr_LogonLevel logon;
    1177             :                 union netr_Validation validation;
    1178             :                 uint8_t authoritative;
    1179             :                 struct netr_Authenticator return_authenticator;
    1180             : 
    1181          32 :                 flags = CLI_CRED_LANMAN_AUTH | CLI_CRED_NTLM_AUTH |
    1182             :                         CLI_CRED_NTLMv2_AUTH;
    1183             : 
    1184          32 :                 chal = data_blob_talloc(mem_ctx, NULL, 8);
    1185          32 :                 if (chal.data == NULL) {
    1186           0 :                         torture_comment(tctx, "data_blob_talloc failed\n");
    1187           0 :                         goto done;
    1188             :                 }
    1189             : 
    1190          32 :                 generate_random_buffer(chal.data, chal.length);
    1191          32 :                 names_blob = NTLMv2_generate_names_blob(
    1192             :                         mem_ctx,
    1193             :                         cli_credentials_get_workstation(wks_creds),
    1194             :                         cli_credentials_get_domain(wks_creds));
    1195          32 :                 status = cli_credentials_get_ntlm_response(
    1196             :                         user_creds, mem_ctx, &flags, chal, NULL, names_blob,
    1197             :                         &lm_resp, &nt_resp, NULL, NULL);
    1198          32 :                 if (!NT_STATUS_IS_OK(status)) {
    1199           0 :                         torture_comment(tctx, "cli_credentials_get_ntlm_response failed:"
    1200             :                                  " %s\n", nt_errstr(status));
    1201           0 :                         goto done;
    1202             :                 }
    1203             : 
    1204          32 :                 creds_state = cli_credentials_get_netlogon_creds(wks_creds);
    1205          32 :                 netlogon_creds_client_authenticator(creds_state, &netr_auth);
    1206             : 
    1207          32 :                 ninfo.identity_info.account_name.string =
    1208          32 :                         cli_credentials_get_username(user_creds);
    1209          32 :                 ninfo.identity_info.domain_name.string =
    1210          32 :                         cli_credentials_get_domain(user_creds);
    1211          32 :                 ninfo.identity_info.parameter_control = 0;
    1212          32 :                 ninfo.identity_info.logon_id = 0;
    1213          32 :                 ninfo.identity_info.workstation.string =
    1214          32 :                         cli_credentials_get_workstation(user_creds);
    1215          32 :                 memcpy(ninfo.challenge, chal.data, sizeof(ninfo.challenge));
    1216          32 :                 ninfo.nt.length = nt_resp.length;
    1217          32 :                 ninfo.nt.data = nt_resp.data;
    1218          32 :                 ninfo.lm.length = lm_resp.length;
    1219          32 :                 ninfo.lm.data = lm_resp.data;
    1220             : 
    1221          32 :                 logon.network = &ninfo;
    1222             : 
    1223          32 :                 r.in.server_name = talloc_asprintf(
    1224             :                         mem_ctx, "\\\\%s", dcerpc_server_name(net_pipe));
    1225          32 :                 ZERO_STRUCT(netr_auth2);
    1226          32 :                 r.in.computer_name =
    1227          32 :                         cli_credentials_get_workstation(wks_creds);
    1228          32 :                 r.in.credential = &netr_auth;
    1229          32 :                 r.in.return_authenticator = &netr_auth2;
    1230          32 :                 r.in.logon_level = NetlogonNetworkInformation;
    1231          32 :                 r.in.validation_level = i;
    1232          32 :                 r.in.logon = &logon;
    1233          32 :                 r.out.validation = &validation;
    1234          32 :                 r.out.authoritative = &authoritative;
    1235          32 :                 r.out.return_authenticator = &return_authenticator;
    1236             : 
    1237          32 :                 status = dcerpc_netr_LogonSamLogon_r(net_handle, mem_ctx, &r);
    1238          32 :                 if (!NT_STATUS_IS_OK(status)) {
    1239           0 :                         torture_comment(tctx, "netr_LogonSamLogon failed: %s\n",
    1240             :                                  nt_errstr(status));
    1241           0 :                         goto done;
    1242             :                 }
    1243          32 :                 if (!NT_STATUS_IS_OK(r.out.result)) {
    1244           0 :                         torture_comment(tctx, "netr_LogonSamLogon failed: %s\n",
    1245             :                                  nt_errstr(r.out.result));
    1246           0 :                         goto done;
    1247             :                 }
    1248             : 
    1249          56 :                 if ((r.out.return_authenticator == NULL) ||
    1250          32 :                     (!netlogon_creds_client_check(creds_state,
    1251          32 :                                          &r.out.return_authenticator->cred))) {
    1252           0 :                         torture_comment(tctx, "Credentials check failed!\n");
    1253           0 :                         goto done;
    1254             :                 }
    1255             : 
    1256          32 :                 netlogon_creds_client_authenticator(creds_state, &netr_auth);
    1257             : 
    1258          32 :                 pinfo.identity_info = ninfo.identity_info;
    1259          32 :                 ZERO_STRUCT(pinfo.lmpassword.hash);
    1260          32 :                 E_md4hash(cli_credentials_get_password(user_creds),
    1261             :                           pinfo.ntpassword.hash);
    1262             : 
    1263          32 :                 netlogon_creds_arcfour_crypt(creds_state, pinfo.ntpassword.hash, 16);
    1264             : 
    1265          32 :                 logon.password = &pinfo;
    1266             : 
    1267          32 :                 r.in.logon_level = NetlogonInteractiveInformation;
    1268          32 :                 r.in.logon = &logon;
    1269          32 :                 r.out.return_authenticator = &return_authenticator;
    1270             : 
    1271          32 :                 status = dcerpc_netr_LogonSamLogon_r(net_handle, mem_ctx, &r);
    1272          32 :                 if (!NT_STATUS_IS_OK(status)) {
    1273           0 :                         torture_comment(tctx, "netr_LogonSamLogon failed: %s\n",
    1274             :                                  nt_errstr(status));
    1275           0 :                         goto done;
    1276             :                 }
    1277          32 :                 if (!NT_STATUS_IS_OK(r.out.result)) {
    1278           0 :                         torture_comment(tctx, "netr_LogonSamLogon failed: %s\n",
    1279             :                                  nt_errstr(r.out.result));
    1280           0 :                         goto done;
    1281             :                 }
    1282             : 
    1283          56 :                 if ((r.out.return_authenticator == NULL) ||
    1284          32 :                     (!netlogon_creds_client_check(creds_state,
    1285          32 :                                          &r.out.return_authenticator->cred))) {
    1286           0 :                         torture_comment(tctx, "Credentials check failed!\n");
    1287           0 :                         goto done;
    1288             :                 }
    1289             :         }
    1290             : 
    1291             :         {
    1292             :                 struct netr_ServerPasswordSet s;
    1293          16 :                 char *password = generate_random_password(wks_creds, 8, 255);
    1294             :                 struct netlogon_creds_CredentialState *creds_state;
    1295             :                 struct netr_Authenticator credential, return_authenticator;
    1296             :                 struct samr_Password new_password;
    1297             : 
    1298          16 :                 s.in.server_name = talloc_asprintf(
    1299             :                         mem_ctx, "\\\\%s", dcerpc_server_name(net_pipe));
    1300          16 :                 s.in.computer_name = cli_credentials_get_workstation(wks_creds);
    1301          16 :                 s.in.account_name = talloc_asprintf(
    1302             :                         mem_ctx, "%s$", s.in.computer_name);
    1303          16 :                 s.in.secure_channel_type = SEC_CHAN_WKSTA;
    1304          16 :                 s.in.credential = &credential;
    1305          16 :                 s.in.new_password = &new_password;
    1306          16 :                 s.out.return_authenticator = &return_authenticator;
    1307             : 
    1308          16 :                 E_md4hash(password, new_password.hash);
    1309             : 
    1310          16 :                 creds_state = cli_credentials_get_netlogon_creds(wks_creds);
    1311          16 :                 netlogon_creds_des_encrypt(creds_state, &new_password);
    1312          16 :                 netlogon_creds_client_authenticator(creds_state, &credential);
    1313             : 
    1314          16 :                 status = dcerpc_netr_ServerPasswordSet_r(net_handle, mem_ctx, &s);
    1315          16 :                 if (!NT_STATUS_IS_OK(status)) {
    1316           0 :                         torture_comment(tctx, "ServerPasswordSet - %s\n", nt_errstr(status));
    1317           0 :                         goto done;
    1318             :                 }
    1319          16 :                 if (!NT_STATUS_IS_OK(s.out.result)) {
    1320           0 :                         torture_comment(tctx, "ServerPasswordSet - %s\n", nt_errstr(s.out.result));
    1321           0 :                         goto done;
    1322             :                 }
    1323             : 
    1324          16 :                 if (!netlogon_creds_client_check(creds_state,
    1325          16 :                                                  &s.out.return_authenticator->cred)) {
    1326           0 :                         torture_comment(tctx, "Credential chaining failed\n");
    1327             :                 }
    1328             : 
    1329          16 :                 cli_credentials_set_password(wks_creds, password,
    1330             :                                              CRED_SPECIFIED);
    1331             :         }
    1332             : 
    1333          16 :         ret = true;
    1334          16 :  done:
    1335          16 :         talloc_free(mem_ctx);
    1336          16 :         return ret;
    1337             : }
    1338             : 
    1339             : /*
    1340             :  * Delete the wks account again
    1341             :  */
    1342             : 
    1343          12 : static bool leave(struct torture_context *tctx,
    1344             :                   struct smbcli_state *cli,
    1345             :                   struct cli_credentials *admin_creds,
    1346             :                   struct cli_credentials *wks_creds)
    1347             : {
    1348          12 :         char *wks_name = talloc_asprintf(
    1349             :                 NULL, "%s$", cli_credentials_get_workstation(wks_creds));
    1350             :         bool ret;
    1351             : 
    1352          12 :         ret = delete_user(tctx, cli, admin_creds, wks_name);
    1353          12 :         talloc_free(wks_name);
    1354          12 :         return ret;
    1355             : }
    1356             : 
    1357             : /*
    1358             :  * Test the Samba3 DC code a bit. Join, do some schan netlogon ops, leave
    1359             :  */
    1360             : 
    1361           4 : static bool torture_netlogon_samba3(struct torture_context *torture)
    1362             : {
    1363             :         NTSTATUS status;
    1364             :         struct smbcli_state *cli;
    1365             :         struct cli_credentials *wks_creds;
    1366             :         const char *wks_name;
    1367             :         int i;
    1368             :         struct smbcli_options options;
    1369             :         struct smbcli_session_options session_options;
    1370             : 
    1371           4 :         wks_name = torture_setting_string(torture, "wksname", NULL);
    1372           4 :         torture_assert(torture, wks_name != NULL, "wksname not set");
    1373             : 
    1374           4 :         lpcfg_smbcli_options(torture->lp_ctx, &options);
    1375           4 :         lpcfg_smbcli_session_options(torture->lp_ctx, &session_options);
    1376             : 
    1377           4 :         status = smbcli_full_connection(torture, &cli,
    1378             :                                         torture_setting_string(torture, "host", NULL),
    1379             :                                         lpcfg_smb_ports(torture->lp_ctx),
    1380             :                                         "IPC$", NULL,
    1381             :                                         lpcfg_socket_options(torture->lp_ctx),
    1382             :                                         samba_cmdline_get_creds(),
    1383             :                                         lpcfg_resolve_context(torture->lp_ctx),
    1384             :                                         torture->ev, &options, &session_options,
    1385             :                                         lpcfg_gensec_settings(torture, torture->lp_ctx));
    1386           4 :         torture_assert_ntstatus_ok(torture, status, "smbcli_full_connection failed\n");
    1387             : 
    1388           4 :         wks_creds = cli_credentials_init(torture);
    1389           4 :         if (wks_creds == NULL) {
    1390           0 :                 torture_fail(torture, "cli_credentials_init failed\n");
    1391             :         }
    1392             : 
    1393           4 :         cli_credentials_set_conf(wks_creds, torture->lp_ctx);
    1394           4 :         cli_credentials_set_secure_channel_type(wks_creds, SEC_CHAN_WKSTA);
    1395           4 :         cli_credentials_set_username(wks_creds, wks_name, CRED_SPECIFIED);
    1396           4 :         cli_credentials_set_workstation(wks_creds, wks_name, CRED_SPECIFIED);
    1397           4 :         cli_credentials_set_password(wks_creds,
    1398           4 :                                      generate_random_password(wks_creds, 8, 255),
    1399             :                                      CRED_SPECIFIED);
    1400             : 
    1401           4 :         torture_assert(torture,
    1402             :                 join3(torture, cli, false, NULL, wks_creds),
    1403             :                 "join failed");
    1404             : 
    1405           4 :         cli_credentials_set_domain(
    1406             :                 samba_cmdline_get_creds(),
    1407             :                 cli_credentials_get_domain(wks_creds),
    1408             :                 CRED_SPECIFIED);
    1409             : 
    1410          12 :         for (i=0; i<2; i++) {
    1411             : 
    1412             :                 /* Do this more than once, the routine "schan" changes
    1413             :                  * the workstation password using the netlogon
    1414             :                  * password change routine */
    1415             : 
    1416             :                 int j;
    1417             : 
    1418           8 :                 torture_assert(torture,
    1419             :                         auth2(torture, cli, wks_creds),
    1420             :                         "auth2 failed");
    1421             : 
    1422          24 :                 for (j=0; j<2; j++) {
    1423          16 :                         torture_assert(torture,
    1424             :                                 schan(torture, cli, wks_creds,
    1425             :                                 samba_cmdline_get_creds()),
    1426             :                                 "schan failed");
    1427             :                 }
    1428             :         }
    1429             : 
    1430           4 :         torture_assert(torture,
    1431             :                 leave(torture, cli, NULL, wks_creds),
    1432             :                 "leave failed");
    1433             : 
    1434           4 :         return true;
    1435             : }
    1436             : 
    1437             : /*
    1438             :  * Do a simple join, testjoin and leave using specified smb and samr
    1439             :  * credentials
    1440             :  */
    1441             : 
    1442           8 : static bool test_join3(struct torture_context *tctx,
    1443             :                        bool use_level25,
    1444             :                        struct cli_credentials *smb_creds,
    1445             :                        struct cli_credentials *samr_creds,
    1446             :                        const char *wks_name)
    1447             : {
    1448             :         NTSTATUS status;
    1449             :         struct smbcli_state *cli;
    1450             :         struct cli_credentials *wks_creds;
    1451             :         struct smbcli_options options;
    1452             :         struct smbcli_session_options session_options;
    1453             : 
    1454           8 :         lpcfg_smbcli_options(tctx->lp_ctx, &options);
    1455           8 :         lpcfg_smbcli_session_options(tctx->lp_ctx, &session_options);
    1456             : 
    1457           8 :         status = smbcli_full_connection(tctx, &cli,
    1458             :                                         torture_setting_string(tctx, "host", NULL),
    1459             :                                         lpcfg_smb_ports(tctx->lp_ctx),
    1460             :                                         "IPC$", NULL, lpcfg_socket_options(tctx->lp_ctx),
    1461             :                                         smb_creds, lpcfg_resolve_context(tctx->lp_ctx),
    1462             :                                         tctx->ev, &options, &session_options,
    1463             :                                         lpcfg_gensec_settings(tctx, tctx->lp_ctx));
    1464           8 :         torture_assert_ntstatus_ok(tctx, status,
    1465             :                 "smbcli_full_connection failed");
    1466             : 
    1467           8 :         wks_creds = cli_credentials_init(cli);
    1468           8 :         torture_assert(tctx, wks_creds, "cli_credentials_init failed");
    1469             : 
    1470           8 :         cli_credentials_set_conf(wks_creds, tctx->lp_ctx);
    1471           8 :         cli_credentials_set_secure_channel_type(wks_creds, SEC_CHAN_WKSTA);
    1472           8 :         cli_credentials_set_username(wks_creds, wks_name, CRED_SPECIFIED);
    1473           8 :         cli_credentials_set_workstation(wks_creds, wks_name, CRED_SPECIFIED);
    1474           8 :         cli_credentials_set_password(wks_creds,
    1475           8 :                                      generate_random_password(wks_creds, 8, 255),
    1476             :                                      CRED_SPECIFIED);
    1477             : 
    1478           8 :         torture_assert(tctx,
    1479             :                 join3(tctx, cli, use_level25, samr_creds, wks_creds),
    1480             :                 "join failed");
    1481             : 
    1482           8 :         cli_credentials_set_domain(
    1483             :                 samba_cmdline_get_creds(),
    1484             :                 cli_credentials_get_domain(wks_creds),
    1485             :                 CRED_SPECIFIED);
    1486             : 
    1487           8 :         torture_assert(tctx,
    1488             :                 auth2(tctx, cli, wks_creds),
    1489             :                 "auth2 failed");
    1490             : 
    1491           8 :         torture_assert(tctx,
    1492             :                 leave(tctx, cli, samr_creds, wks_creds),
    1493             :                 "leave failed");
    1494             : 
    1495           8 :         talloc_free(cli);
    1496             : 
    1497           8 :         return true;
    1498             : }
    1499             : 
    1500             : /*
    1501             :  * Test the different session key variants. Do it by joining, this uses the
    1502             :  * session key in the setpassword routine. Test the join by doing the auth2.
    1503             :  */
    1504             : 
    1505           4 : static bool torture_samba3_sessionkey(struct torture_context *torture)
    1506             : {
    1507             :         struct cli_credentials *anon_creds;
    1508             :         const char *wks_name;
    1509             : 
    1510             : 
    1511           4 :         wks_name = torture_setting_string(torture, "wksname", NULL);
    1512           4 :         torture_assert(torture, wks_name != NULL, "wksname not set");
    1513             : 
    1514           4 :         if (!(anon_creds = cli_credentials_init_anon(torture))) {
    1515           0 :                 torture_fail(torture, "create_anon_creds failed\n");
    1516             :         }
    1517             : 
    1518           4 :         cli_credentials_set_workstation(anon_creds, wks_name, CRED_SPECIFIED);
    1519             : 
    1520             : 
    1521           4 :         if (!torture_setting_bool(torture, "samba3", false)) {
    1522             : 
    1523             :                 /* Samba3 in the build farm right now does this happily. Need
    1524             :                  * to fix :-) */
    1525             : 
    1526           0 :                 if (test_join3(torture, false, anon_creds, NULL, wks_name)) {
    1527           0 :                         torture_fail(torture, "join using anonymous bind on an anonymous smb "
    1528             :                                  "connection succeeded -- HUH??\n");
    1529             :                 }
    1530             :         }
    1531             : 
    1532           4 :         torture_assert(torture,
    1533             :                 test_join3(torture, false, samba_cmdline_get_creds(),
    1534             :                 NULL, wks_name),
    1535             :                 "join using anonymous bind on an authenticated smb connection failed");
    1536             : 
    1537             :         /*
    1538             :          * The following two are tests for setuserinfolevel 25
    1539             :          */
    1540             : 
    1541           4 :         torture_assert(torture,
    1542             :                 test_join3(torture, true, samba_cmdline_get_creds(),
    1543             :                 NULL, wks_name),
    1544             :                 "join using anonymous bind on an authenticated smb connection failed");
    1545             : 
    1546           4 :         return true;
    1547             : }
    1548             : 
    1549             : /*
    1550             :  * Sane wrapper around lsa_LookupNames
    1551             :  */
    1552             : 
    1553          20 : static struct dom_sid *name2sid(struct torture_context *tctx,
    1554             :                                 TALLOC_CTX *mem_ctx,
    1555             :                                 struct dcerpc_pipe *p,
    1556             :                                 const char *name,
    1557             :                                 const char *domain)
    1558             : {
    1559             :         struct lsa_ObjectAttribute attr;
    1560             :         struct lsa_QosInfo qos;
    1561             :         struct lsa_OpenPolicy2 r;
    1562             :         struct lsa_Close c;
    1563             :         NTSTATUS status;
    1564             :         struct policy_handle handle;
    1565             :         struct lsa_LookupNames l;
    1566             :         struct lsa_TransSidArray sids;
    1567          20 :         struct lsa_RefDomainList *domains = NULL;
    1568             :         struct lsa_String lsa_name;
    1569          20 :         uint32_t count = 0;
    1570             :         struct dom_sid *result;
    1571             :         TALLOC_CTX *tmp_ctx;
    1572          20 :         struct dcerpc_binding_handle *b = p->binding_handle;
    1573             : 
    1574          20 :         if (!(tmp_ctx = talloc_new(mem_ctx))) {
    1575           0 :                 return NULL;
    1576             :         }
    1577             : 
    1578          20 :         qos.len = 0;
    1579          20 :         qos.impersonation_level = 2;
    1580          20 :         qos.context_mode = 1;
    1581          20 :         qos.effective_only = 0;
    1582             : 
    1583          20 :         attr.len = 0;
    1584          20 :         attr.root_dir = NULL;
    1585          20 :         attr.object_name = NULL;
    1586          20 :         attr.attributes = 0;
    1587          20 :         attr.sec_desc = NULL;
    1588          20 :         attr.sec_qos = &qos;
    1589             : 
    1590          20 :         r.in.system_name = "\\";
    1591          20 :         r.in.attr = &attr;
    1592          20 :         r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
    1593          20 :         r.out.handle = &handle;
    1594             : 
    1595          20 :         status = dcerpc_lsa_OpenPolicy2_r(b, tmp_ctx, &r);
    1596          20 :         if (!NT_STATUS_IS_OK(status)) {
    1597           0 :                 torture_comment(tctx, "OpenPolicy2 failed - %s\n", nt_errstr(status));
    1598           0 :                 talloc_free(tmp_ctx);
    1599           0 :                 return NULL;
    1600             :         }
    1601          20 :         if (!NT_STATUS_IS_OK(r.out.result)) {
    1602           0 :                 torture_comment(tctx, "OpenPolicy2 failed - %s\n", nt_errstr(r.out.result));
    1603           0 :                 talloc_free(tmp_ctx);
    1604           0 :                 return NULL;
    1605             :         }
    1606             : 
    1607          20 :         sids.count = 0;
    1608          20 :         sids.sids = NULL;
    1609             : 
    1610          20 :         lsa_name.string = talloc_asprintf(tmp_ctx, "%s\\%s", domain, name);
    1611             : 
    1612          20 :         l.in.handle = &handle;
    1613          20 :         l.in.num_names = 1;
    1614          20 :         l.in.names = &lsa_name;
    1615          20 :         l.in.sids = &sids;
    1616          20 :         l.in.level = 1;
    1617          20 :         l.in.count = &count;
    1618          20 :         l.out.count = &count;
    1619          20 :         l.out.sids = &sids;
    1620          20 :         l.out.domains = &domains;
    1621             : 
    1622          20 :         status = dcerpc_lsa_LookupNames_r(b, tmp_ctx, &l);
    1623          20 :         if (!NT_STATUS_IS_OK(status)) {
    1624           0 :                 torture_comment(tctx, "LookupNames of %s failed - %s\n", lsa_name.string,
    1625             :                        nt_errstr(status));
    1626           0 :                 talloc_free(tmp_ctx);
    1627           0 :                 return NULL;
    1628             :         }
    1629          20 :         if (!NT_STATUS_IS_OK(l.out.result)) {
    1630           0 :                 torture_comment(tctx, "LookupNames of %s failed - %s\n", lsa_name.string,
    1631             :                        nt_errstr(l.out.result));
    1632           0 :                 talloc_free(tmp_ctx);
    1633           0 :                 return NULL;
    1634             :         }
    1635             : 
    1636          20 :         result = dom_sid_add_rid(mem_ctx, domains->domains[0].sid,
    1637          20 :                                  l.out.sids->sids[0].rid);
    1638             : 
    1639          20 :         c.in.handle = &handle;
    1640          20 :         c.out.handle = &handle;
    1641             : 
    1642          20 :         status = dcerpc_lsa_Close_r(b, tmp_ctx, &c);
    1643          20 :         if (!NT_STATUS_IS_OK(status)) {
    1644           0 :                 torture_comment(tctx, "dcerpc_lsa_Close failed - %s\n", nt_errstr(status));
    1645           0 :                 talloc_free(tmp_ctx);
    1646           0 :                 return NULL;
    1647             :         }
    1648          20 :         if (!NT_STATUS_IS_OK(c.out.result)) {
    1649           0 :                 torture_comment(tctx, "dcerpc_lsa_Close failed - %s\n", nt_errstr(c.out.result));
    1650           0 :                 talloc_free(tmp_ctx);
    1651           0 :                 return NULL;
    1652             :         }
    1653             : 
    1654          20 :         talloc_free(tmp_ctx);
    1655          20 :         return result;
    1656             : }
    1657             : 
    1658             : /*
    1659             :  * Find out the user SID on this connection
    1660             :  */
    1661             : 
    1662          20 : static struct dom_sid *whoami(struct torture_context *tctx,
    1663             :                               TALLOC_CTX *mem_ctx,
    1664             :                               struct smbcli_tree *tree)
    1665             : {
    1666             :         struct dcerpc_pipe *lsa;
    1667             :         struct dcerpc_binding_handle *lsa_handle;
    1668             :         struct lsa_GetUserName r;
    1669             :         NTSTATUS status;
    1670          20 :         struct lsa_String *authority_name_p = NULL;
    1671          20 :         struct lsa_String *account_name_p = NULL;
    1672             :         struct dom_sid *result;
    1673             : 
    1674          20 :         status = pipe_bind_smb(tctx, mem_ctx, tree, "\\pipe\\lsarpc",
    1675             :                                &ndr_table_lsarpc, &lsa);
    1676          20 :         if (!NT_STATUS_IS_OK(status)) {
    1677           0 :                 torture_warning(tctx, "Could not bind to LSA: %s\n",
    1678             :                          nt_errstr(status));
    1679           0 :                 return NULL;
    1680             :         }
    1681          20 :         lsa_handle = lsa->binding_handle;
    1682             : 
    1683          20 :         r.in.system_name = "\\";
    1684          20 :         r.in.account_name = &account_name_p;
    1685          20 :         r.in.authority_name = &authority_name_p;
    1686          20 :         r.out.account_name = &account_name_p;
    1687             : 
    1688          20 :         status = dcerpc_lsa_GetUserName_r(lsa_handle, mem_ctx, &r);
    1689             : 
    1690          20 :         authority_name_p = *r.out.authority_name;
    1691             : 
    1692          20 :         if (!NT_STATUS_IS_OK(status)) {
    1693           0 :                 torture_warning(tctx, "GetUserName failed - %s\n",
    1694             :                        nt_errstr(status));
    1695           0 :                 talloc_free(lsa);
    1696           0 :                 return NULL;
    1697             :         }
    1698          20 :         if (!NT_STATUS_IS_OK(r.out.result)) {
    1699           0 :                 torture_warning(tctx, "GetUserName failed - %s\n",
    1700             :                        nt_errstr(r.out.result));
    1701           0 :                 talloc_free(lsa);
    1702           0 :                 return NULL;
    1703             :         }
    1704             : 
    1705          20 :         result = name2sid(tctx, mem_ctx, lsa, account_name_p->string,
    1706          20 :                           authority_name_p->string);
    1707             : 
    1708          20 :         talloc_free(lsa);
    1709          20 :         return result;
    1710             : }
    1711             : 
    1712          52 : static int destroy_tree(struct smbcli_tree *tree)
    1713             : {
    1714          52 :         smb_tree_disconnect(tree);
    1715          52 :         return 0;
    1716             : }
    1717             : 
    1718             : /*
    1719             :  * Do a tcon, given a session
    1720             :  */
    1721             : 
    1722          56 : static NTSTATUS secondary_tcon(struct torture_context *tctx,
    1723             :                                TALLOC_CTX *mem_ctx,
    1724             :                                struct smbcli_session *session,
    1725             :                                const char *sharename,
    1726             :                                struct smbcli_tree **res)
    1727             : {
    1728             :         struct smbcli_tree *result;
    1729             :         TALLOC_CTX *tmp_ctx;
    1730             :         union smb_tcon tcon;
    1731             :         NTSTATUS status;
    1732             : 
    1733          56 :         if (!(tmp_ctx = talloc_new(mem_ctx))) {
    1734           0 :                 return NT_STATUS_NO_MEMORY;
    1735             :         }
    1736             : 
    1737          56 :         if (!(result = smbcli_tree_init(session, mem_ctx, false))) {
    1738           0 :                 talloc_free(tmp_ctx);
    1739           0 :                 return NT_STATUS_NO_MEMORY;
    1740             :         }
    1741             : 
    1742          56 :         tcon.generic.level = RAW_TCON_TCONX;
    1743          56 :         tcon.tconx.in.flags = TCONX_FLAG_EXTENDED_RESPONSE;
    1744          56 :         tcon.tconx.in.flags |= TCONX_FLAG_EXTENDED_SIGNATURES;
    1745          56 :         tcon.tconx.in.password = data_blob(NULL, 0);
    1746          56 :         tcon.tconx.in.path = sharename;
    1747          56 :         tcon.tconx.in.device = "?????";
    1748             : 
    1749          56 :         status = smb_raw_tcon(result, tmp_ctx, &tcon);
    1750          56 :         if (!NT_STATUS_IS_OK(status)) {
    1751           4 :                 torture_warning(tctx, "smb_raw_tcon failed: %s\n",
    1752             :                          nt_errstr(status));
    1753           4 :                 talloc_free(tmp_ctx);
    1754           4 :                 return status;
    1755             :         }
    1756             : 
    1757          52 :         result->tid = tcon.tconx.out.tid;
    1758             : 
    1759          52 :         if (tcon.tconx.out.options & SMB_EXTENDED_SIGNATURES) {
    1760           4 :                 smb1cli_session_protect_session_key(result->session->smbXcli);
    1761             :         }
    1762             : 
    1763          52 :         result = talloc_steal(mem_ctx, result);
    1764          52 :         talloc_set_destructor(result, destroy_tree);
    1765          52 :         talloc_free(tmp_ctx);
    1766          52 :         *res = result;
    1767          52 :         return NT_STATUS_OK;
    1768             : }
    1769             : 
    1770             : /*
    1771             :  * Test the getusername behaviour
    1772             :  */
    1773             : 
    1774           4 : static bool torture_samba3_rpc_getusername(struct torture_context *torture)
    1775             : {
    1776             :         NTSTATUS status;
    1777             :         struct smbcli_state *cli;
    1778           4 :         bool ret = true;
    1779             :         struct dom_sid *user_sid;
    1780             :         struct dom_sid *created_sid;
    1781             :         struct cli_credentials *anon_creds;
    1782             :         struct cli_credentials *user_creds;
    1783             :         char *domain_name;
    1784             :         struct smbcli_options options;
    1785             :         struct smbcli_session_options session_options;
    1786             : 
    1787           4 :         lpcfg_smbcli_options(torture->lp_ctx, &options);
    1788           4 :         lpcfg_smbcli_session_options(torture->lp_ctx, &session_options);
    1789             : 
    1790           4 :         if (!(anon_creds = cli_credentials_init_anon(torture))) {
    1791           0 :                 torture_fail(torture, "create_anon_creds failed\n");
    1792             :         }
    1793             : 
    1794           4 :         status = smbcli_full_connection(
    1795             :                 torture, &cli, torture_setting_string(torture, "host", NULL),
    1796             :                 lpcfg_smb_ports(torture->lp_ctx), "IPC$", NULL,
    1797             :                 lpcfg_socket_options(torture->lp_ctx), anon_creds,
    1798             :                 lpcfg_resolve_context(torture->lp_ctx),
    1799             :                 torture->ev, &options, &session_options,
    1800             :                 lpcfg_gensec_settings(torture, torture->lp_ctx));
    1801           4 :         torture_assert_ntstatus_ok(torture, status, "anon smbcli_full_connection failed\n");
    1802             : 
    1803           4 :         if (!(user_sid = whoami(torture, torture, cli->tree))) {
    1804           0 :                 torture_fail(torture, "whoami on anon connection failed\n");
    1805             :         }
    1806             : 
    1807           4 :         torture_assert_sid_equal(torture, user_sid, dom_sid_parse_talloc(torture, "s-1-5-7"),
    1808             :                 "Anon lsa_GetUserName returned unexpected SID");
    1809             : 
    1810           4 :         talloc_free(cli);
    1811             : 
    1812           4 :         status = smbcli_full_connection(
    1813             :                 torture, &cli, torture_setting_string(torture, "host", NULL),
    1814             :                 lpcfg_smb_ports(torture->lp_ctx),
    1815             :                 "IPC$", NULL, lpcfg_socket_options(torture->lp_ctx),
    1816             :                 samba_cmdline_get_creds(),
    1817             :                 lpcfg_resolve_context(torture->lp_ctx), torture->ev, &options,
    1818             :                 &session_options, lpcfg_gensec_settings(torture, torture->lp_ctx));
    1819           4 :         torture_assert_ntstatus_ok(torture, status, "smbcli_full_connection failed\n");
    1820             : 
    1821           4 :         if (!(user_sid = whoami(torture, torture, cli->tree))) {
    1822           0 :                 torture_fail(torture, "whoami on auth'ed connection failed\n");
    1823             :         }
    1824             : 
    1825           4 :         if (!(user_creds = cli_credentials_init(torture))) {
    1826           0 :                 torture_fail(torture, "cli_credentials_init failed\n");
    1827             :         }
    1828             : 
    1829           4 :         cli_credentials_set_conf(user_creds, torture->lp_ctx);
    1830           4 :         cli_credentials_set_username(user_creds, "torture_username",
    1831             :                                      CRED_SPECIFIED);
    1832           4 :         cli_credentials_set_password(user_creds,
    1833           4 :                                      generate_random_password(user_creds, 8, 255),
    1834             :                                      CRED_SPECIFIED);
    1835             : 
    1836           4 :         if (!create_user(torture, torture, cli, NULL,
    1837             :                          cli_credentials_get_username(user_creds),
    1838             :                          cli_credentials_get_password(user_creds),
    1839             :                          &domain_name, &created_sid)) {
    1840           0 :                 torture_fail(torture, "create_user failed\n");
    1841             :         }
    1842             : 
    1843           4 :         cli_credentials_set_domain(user_creds, domain_name,
    1844             :                                    CRED_SPECIFIED);
    1845             : 
    1846             :         {
    1847             :                 struct smbcli_session *session2;
    1848             :                 struct smb_composite_sesssetup setup;
    1849             :                 struct smbcli_tree *tree;
    1850             : 
    1851           4 :                 session2 = smbcli_session_init(cli->transport, torture, false, session_options);
    1852           4 :                 if (session2 == NULL) {
    1853           0 :                         torture_fail(torture, "smbcli_session_init failed\n");
    1854             :                 }
    1855             : 
    1856           4 :                 setup.in.sesskey = cli->transport->negotiate.sesskey;
    1857           4 :                 setup.in.capabilities = cli->transport->negotiate.capabilities;
    1858           4 :                 setup.in.workgroup = "";
    1859           4 :                 setup.in.credentials = user_creds;
    1860           4 :                 setup.in.gensec_settings = lpcfg_gensec_settings(torture, torture->lp_ctx);
    1861             : 
    1862           4 :                 status = smb_composite_sesssetup(session2, &setup);
    1863           4 :                 torture_assert_ntstatus_ok(torture, status, "session setup with new user failed");
    1864             : 
    1865           4 :                 session2->vuid = setup.out.vuid;
    1866             : 
    1867           4 :                 if (!NT_STATUS_IS_OK(secondary_tcon(torture, torture, session2,
    1868             :                                                     "IPC$", &tree))) {
    1869           0 :                         torture_fail(torture, "secondary_tcon failed\n");
    1870             :                 }
    1871             : 
    1872           4 :                 if (!(user_sid = whoami(torture, torture, tree))) {
    1873           0 :                         torture_fail_goto(torture, del, "whoami on user connection failed\n");
    1874             :                         ret = false;
    1875             :                         goto del;
    1876             :                 }
    1877             : 
    1878           4 :                 talloc_free(tree);
    1879             :         }
    1880             : 
    1881           4 :         torture_comment(torture, "Created %s, found %s\n",
    1882             :                  dom_sid_string(torture, created_sid),
    1883             :                  dom_sid_string(torture, user_sid));
    1884             : 
    1885           4 :         if (!dom_sid_equal(created_sid, user_sid)) {
    1886           0 :                 ret = false;
    1887             :         }
    1888             : 
    1889           7 :  del:
    1890           4 :         if (!delete_user(torture, cli,
    1891             :                          NULL,
    1892             :                          cli_credentials_get_username(user_creds))) {
    1893           0 :                 torture_fail(torture, "delete_user failed\n");
    1894             :         }
    1895             : 
    1896           4 :         return ret;
    1897             : }
    1898             : 
    1899           4 : static bool test_NetShareGetInfo(struct torture_context *tctx,
    1900             :                                  struct dcerpc_pipe *p,
    1901             :                                  const char *sharename)
    1902             : {
    1903             :         NTSTATUS status;
    1904             :         struct srvsvc_NetShareGetInfo r;
    1905             :         union srvsvc_NetShareInfo info;
    1906           4 :         uint32_t levels[] = { 0, 1, 2, 501, 502, 1004, 1005, 1006, 1007, 1501 };
    1907             :         int i;
    1908           4 :         bool ret = true;
    1909           4 :         struct dcerpc_binding_handle *b = p->binding_handle;
    1910             : 
    1911           4 :         r.in.server_unc = talloc_asprintf(tctx, "\\\\%s",
    1912             :                                           dcerpc_server_name(p));
    1913           4 :         r.in.share_name = sharename;
    1914           4 :         r.out.info = &info;
    1915             : 
    1916          44 :         for (i=0;i<ARRAY_SIZE(levels);i++) {
    1917          40 :                 r.in.level = levels[i];
    1918             : 
    1919          40 :                 torture_comment(tctx, "Testing NetShareGetInfo level %u on share '%s'\n",
    1920             :                        r.in.level, r.in.share_name);
    1921             : 
    1922          40 :                 status = dcerpc_srvsvc_NetShareGetInfo_r(b, tctx, &r);
    1923          40 :                 if (!NT_STATUS_IS_OK(status)) {
    1924           0 :                         torture_warning(tctx, "NetShareGetInfo level %u on share '%s' failed"
    1925             :                                " - %s\n", r.in.level, r.in.share_name,
    1926             :                                nt_errstr(status));
    1927           0 :                         ret = false;
    1928           0 :                         continue;
    1929             :                 }
    1930          40 :                 if (!W_ERROR_IS_OK(r.out.result)) {
    1931           0 :                         torture_warning(tctx, "NetShareGetInfo level %u on share '%s' failed "
    1932             :                                "- %s\n", r.in.level, r.in.share_name,
    1933             :                                win_errstr(r.out.result));
    1934           0 :                         ret = false;
    1935           0 :                         continue;
    1936             :                 }
    1937             :         }
    1938             : 
    1939           4 :         return ret;
    1940             : }
    1941             : 
    1942           4 : static bool test_NetShareEnum(struct torture_context *tctx,
    1943             :                               struct dcerpc_pipe *p,
    1944             :                               const char **one_sharename)
    1945             : {
    1946             :         NTSTATUS status;
    1947             :         struct srvsvc_NetShareEnum r;
    1948             :         struct srvsvc_NetShareInfoCtr info_ctr;
    1949             :         struct srvsvc_NetShareCtr0 c0;
    1950             :         struct srvsvc_NetShareCtr1 c1;
    1951             :         struct srvsvc_NetShareCtr2 c2;
    1952             :         struct srvsvc_NetShareCtr501 c501;
    1953             :         struct srvsvc_NetShareCtr502 c502;
    1954             :         struct srvsvc_NetShareCtr1004 c1004;
    1955             :         struct srvsvc_NetShareCtr1005 c1005;
    1956             :         struct srvsvc_NetShareCtr1006 c1006;
    1957             :         struct srvsvc_NetShareCtr1007 c1007;
    1958           4 :         uint32_t totalentries = 0;
    1959           4 :         uint32_t levels[] = { 0, 1, 2, 501, 502, 1004, 1005, 1006, 1007 };
    1960             :         int i;
    1961           4 :         bool ret = true;
    1962           4 :         struct dcerpc_binding_handle *b = p->binding_handle;
    1963             : 
    1964           4 :         ZERO_STRUCT(info_ctr);
    1965             : 
    1966           4 :         r.in.server_unc = talloc_asprintf(tctx,"\\\\%s",dcerpc_server_name(p));
    1967           4 :         r.in.info_ctr = &info_ctr;
    1968           4 :         r.in.max_buffer = (uint32_t)-1;
    1969           4 :         r.in.resume_handle = NULL;
    1970           4 :         r.out.totalentries = &totalentries;
    1971           4 :         r.out.info_ctr = &info_ctr;
    1972             : 
    1973          40 :         for (i=0;i<ARRAY_SIZE(levels);i++) {
    1974          36 :                 info_ctr.level = levels[i];
    1975             : 
    1976          36 :                 switch (info_ctr.level) {
    1977           4 :                 case 0:
    1978           4 :                         ZERO_STRUCT(c0);
    1979           4 :                         info_ctr.ctr.ctr0 = &c0;
    1980           4 :                         break;
    1981           4 :                 case 1:
    1982           4 :                         ZERO_STRUCT(c1);
    1983           4 :                         info_ctr.ctr.ctr1 = &c1;
    1984           4 :                         break;
    1985           4 :                 case 2:
    1986           4 :                         ZERO_STRUCT(c2);
    1987           4 :                         info_ctr.ctr.ctr2 = &c2;
    1988           4 :                         break;
    1989           4 :                 case 501:
    1990           4 :                         ZERO_STRUCT(c501);
    1991           4 :                         info_ctr.ctr.ctr501 = &c501;
    1992           4 :                         break;
    1993           4 :                 case 502:
    1994           4 :                         ZERO_STRUCT(c502);
    1995           4 :                         info_ctr.ctr.ctr502 = &c502;
    1996           4 :                         break;
    1997           4 :                 case 1004:
    1998           4 :                         ZERO_STRUCT(c1004);
    1999           4 :                         info_ctr.ctr.ctr1004 = &c1004;
    2000           4 :                         break;
    2001           4 :                 case 1005:
    2002           4 :                         ZERO_STRUCT(c1005);
    2003           4 :                         info_ctr.ctr.ctr1005 = &c1005;
    2004           4 :                         break;
    2005           4 :                 case 1006:
    2006           4 :                         ZERO_STRUCT(c1006);
    2007           4 :                         info_ctr.ctr.ctr1006 = &c1006;
    2008           4 :                         break;
    2009           4 :                 case 1007:
    2010           4 :                         ZERO_STRUCT(c1007);
    2011           4 :                         info_ctr.ctr.ctr1007 = &c1007;
    2012           4 :                         break;
    2013             :                 }
    2014             : 
    2015          36 :                 torture_comment(tctx, "Testing NetShareEnum level %u\n", info_ctr.level);
    2016             : 
    2017          36 :                 status = dcerpc_srvsvc_NetShareEnum_r(b, tctx, &r);
    2018          36 :                 if (!NT_STATUS_IS_OK(status)) {
    2019           0 :                         torture_warning(tctx, "NetShareEnum level %u failed - %s\n",
    2020             :                                info_ctr.level, nt_errstr(status));
    2021           0 :                         ret = false;
    2022           0 :                         continue;
    2023             :                 }
    2024          36 :                 if (!W_ERROR_IS_OK(r.out.result)) {
    2025           0 :                         torture_warning(tctx, "NetShareEnum level %u failed - %s\n",
    2026             :                                info_ctr.level, win_errstr(r.out.result));
    2027           0 :                         continue;
    2028             :                 }
    2029          36 :                 if (info_ctr.level == 0) {
    2030           4 :                         struct srvsvc_NetShareCtr0 *ctr = r.out.info_ctr->ctr.ctr0;
    2031           4 :                         if (ctr->count > 0) {
    2032           4 :                                 *one_sharename = ctr->array[0].name;
    2033             :                         }
    2034             :                 }
    2035             :         }
    2036             : 
    2037           4 :         return ret;
    2038             : }
    2039             : 
    2040           4 : static bool torture_samba3_rpc_srvsvc(struct torture_context *torture)
    2041             : {
    2042             :         struct dcerpc_pipe *p;
    2043           4 :         const char *sharename = NULL;
    2044           4 :         bool ret = true;
    2045             : 
    2046           4 :         torture_assert_ntstatus_ok(torture,
    2047             :                 torture_rpc_connection(torture, &p, &ndr_table_srvsvc),
    2048             :                 "failed to open srvsvc");
    2049             : 
    2050           4 :         ret &= test_NetShareEnum(torture, p, &sharename);
    2051           4 :         if (sharename == NULL) {
    2052           0 :                 torture_comment(torture, "did not get sharename\n");
    2053             :         } else {
    2054           4 :                 ret &= test_NetShareGetInfo(torture, p, sharename);
    2055             :         }
    2056             : 
    2057           4 :         return ret;
    2058             : }
    2059             : 
    2060             : /*
    2061             :  * Do a ReqChallenge/Auth2 with a random wks name, make sure it returns
    2062             :  * NT_STATUS_NO_SAM_ACCOUNT
    2063             :  */
    2064             : 
    2065           0 : static bool torture_samba3_rpc_randomauth2(struct torture_context *torture)
    2066             : {
    2067             :         TALLOC_CTX *mem_ctx;
    2068             :         struct dcerpc_pipe *net_pipe;
    2069             :         struct dcerpc_binding_handle *net_handle;
    2070             :         char *wksname;
    2071           0 :         bool result = false;
    2072             :         NTSTATUS status;
    2073             :         struct netr_ServerReqChallenge r;
    2074             :         struct netr_Credential netr_cli_creds;
    2075             :         struct netr_Credential netr_srv_creds;
    2076             :         uint32_t negotiate_flags;
    2077             :         struct netr_ServerAuthenticate2 a;
    2078             :         struct netlogon_creds_CredentialState *creds_state;
    2079             :         struct netr_Credential netr_cred;
    2080             :         struct samr_Password mach_pw;
    2081             :         struct smbcli_state *cli;
    2082             : 
    2083           0 :         if (!(mem_ctx = talloc_new(torture))) {
    2084           0 :                 torture_comment(torture, "talloc_new failed\n");
    2085           0 :                 return false;
    2086             :         }
    2087             : 
    2088           0 :         if (!(wksname = generate_random_str_list(
    2089             :                       mem_ctx, 14, "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"))) {
    2090           0 :                 torture_comment(torture, "generate_random_str_list failed\n");
    2091           0 :                 goto done;
    2092             :         }
    2093             : 
    2094           0 :         if (!(torture_open_connection_share(
    2095             :                       mem_ctx, &cli,
    2096             :                       torture, torture_setting_string(torture, "host", NULL),
    2097             :                       "IPC$", torture->ev))) {
    2098           0 :                 torture_comment(torture, "IPC$ connection failed\n");
    2099           0 :                 goto done;
    2100             :         }
    2101             : 
    2102           0 :         status = pipe_bind_smb(torture, mem_ctx, cli->tree, "\\netlogon",
    2103             :                                &ndr_table_netlogon, &net_pipe);
    2104           0 :         torture_assert_ntstatus_ok_goto(torture, status, result, done,
    2105             :                                         "pipe_bind_smb failed");
    2106           0 :         net_handle = net_pipe->binding_handle;
    2107             : 
    2108           0 :         r.in.computer_name = wksname;
    2109           0 :         r.in.server_name = talloc_asprintf(
    2110             :                 mem_ctx, "\\\\%s", dcerpc_server_name(net_pipe));
    2111           0 :         if (r.in.server_name == NULL) {
    2112           0 :                 torture_comment(torture, "talloc_asprintf failed\n");
    2113           0 :                 goto done;
    2114             :         }
    2115           0 :         generate_random_buffer(netr_cli_creds.data,
    2116             :                                sizeof(netr_cli_creds.data));
    2117           0 :         r.in.credentials = &netr_cli_creds;
    2118           0 :         r.out.return_credentials = &netr_srv_creds;
    2119             : 
    2120           0 :         status = dcerpc_netr_ServerReqChallenge_r(net_handle, mem_ctx, &r);
    2121           0 :         if (!NT_STATUS_IS_OK(status)) {
    2122           0 :                 torture_comment(torture, "netr_ServerReqChallenge failed: %s\n",
    2123             :                          nt_errstr(status));
    2124           0 :                 goto done;
    2125             :         }
    2126           0 :         if (!NT_STATUS_IS_OK(r.out.result)) {
    2127           0 :                 torture_comment(torture, "netr_ServerReqChallenge failed: %s\n",
    2128             :                          nt_errstr(r.out.result));
    2129           0 :                 goto done;
    2130             :         }
    2131             : 
    2132           0 :         negotiate_flags = NETLOGON_NEG_AUTH2_FLAGS;
    2133           0 :         E_md4hash("foobar", mach_pw.hash);
    2134             : 
    2135           0 :         a.in.server_name = talloc_asprintf(
    2136             :                 mem_ctx, "\\\\%s", dcerpc_server_name(net_pipe));
    2137           0 :         a.in.account_name = talloc_asprintf(
    2138             :                 mem_ctx, "%s$", wksname);
    2139           0 :         a.in.computer_name = wksname;
    2140           0 :         a.in.secure_channel_type = SEC_CHAN_WKSTA;
    2141           0 :         a.in.negotiate_flags = &negotiate_flags;
    2142           0 :         a.out.negotiate_flags = &negotiate_flags;
    2143           0 :         a.in.credentials = &netr_cred;
    2144           0 :         a.out.return_credentials = &netr_cred;
    2145             : 
    2146           0 :         creds_state = netlogon_creds_client_init(mem_ctx,
    2147             :                                                  a.in.account_name,
    2148             :                                                  a.in.computer_name,
    2149           0 :                                                  a.in.secure_channel_type,
    2150           0 :                                                  r.in.credentials,
    2151           0 :                                                  r.out.return_credentials, &mach_pw,
    2152             :                                                  &netr_cred, negotiate_flags);
    2153           0 :         torture_assert(torture, (creds_state != NULL), "memory allocation failed");
    2154             : 
    2155           0 :         status = dcerpc_netr_ServerAuthenticate2_r(net_handle, mem_ctx, &a);
    2156           0 :         if (!NT_STATUS_IS_OK(status)) {
    2157           0 :                 goto done;
    2158             :         }
    2159           0 :         if (!NT_STATUS_EQUAL(a.out.result, NT_STATUS_NO_TRUST_SAM_ACCOUNT)) {
    2160           0 :                 torture_comment(torture, "dcerpc_netr_ServerAuthenticate2 returned %s, "
    2161             :                          "expected NT_STATUS_NO_TRUST_SAM_ACCOUNT\n",
    2162             :                          nt_errstr(a.out.result));
    2163           0 :                 goto done;
    2164             :         }
    2165             : 
    2166           0 :         result = true;
    2167           0 :  done:
    2168           0 :         talloc_free(mem_ctx);
    2169           0 :         return result;
    2170             : }
    2171             : 
    2172           4 : static struct security_descriptor *get_sharesec(struct torture_context *tctx,
    2173             :                                                 TALLOC_CTX *mem_ctx,
    2174             :                                                 struct smbcli_session *sess,
    2175             :                                                 const char *sharename)
    2176             : {
    2177             :         struct smbcli_tree *tree;
    2178             :         TALLOC_CTX *tmp_ctx;
    2179             :         struct dcerpc_pipe *p;
    2180             :         struct dcerpc_binding_handle *b;
    2181             :         NTSTATUS status;
    2182             :         struct srvsvc_NetShareGetInfo r;
    2183             :         union srvsvc_NetShareInfo info;
    2184             :         struct security_descriptor *result;
    2185             : 
    2186           4 :         if (!(tmp_ctx = talloc_new(mem_ctx))) {
    2187           0 :                 torture_comment(tctx, "talloc_new failed\n");
    2188           0 :                 return NULL;
    2189             :         }
    2190             : 
    2191           4 :         if (!NT_STATUS_IS_OK(secondary_tcon(tctx, tmp_ctx, sess, "IPC$", &tree))) {
    2192           0 :                 torture_comment(tctx, "secondary_tcon failed\n");
    2193           0 :                 talloc_free(tmp_ctx);
    2194           0 :                 return NULL;
    2195             :         }
    2196             : 
    2197           4 :         status = pipe_bind_smb(tctx, mem_ctx, tree, "\\pipe\\srvsvc",
    2198             :                                &ndr_table_srvsvc, &p);
    2199           4 :         if (!NT_STATUS_IS_OK(status)) {
    2200           0 :                 torture_warning(tctx, "could not bind to srvsvc pipe: %s\n",
    2201             :                          nt_errstr(status));
    2202           0 :                 talloc_free(tmp_ctx);
    2203           0 :                 return NULL;
    2204             :         }
    2205           4 :         b = p->binding_handle;
    2206             : 
    2207             : #if 0
    2208             :         p->conn->flags |= DCERPC_DEBUG_PRINT_IN | DCERPC_DEBUG_PRINT_OUT;
    2209             : #endif
    2210             : 
    2211           4 :         r.in.server_unc = talloc_asprintf(tmp_ctx, "\\\\%s",
    2212             :                                           dcerpc_server_name(p));
    2213           4 :         r.in.share_name = sharename;
    2214           4 :         r.in.level = 502;
    2215           4 :         r.out.info = &info;
    2216             : 
    2217           4 :         status = dcerpc_srvsvc_NetShareGetInfo_r(b, tmp_ctx, &r);
    2218           4 :         if (!NT_STATUS_IS_OK(status)) {
    2219           0 :                 torture_comment(tctx, "srvsvc_NetShareGetInfo failed: %s\n",
    2220             :                          nt_errstr(status));
    2221           0 :                 talloc_free(tmp_ctx);
    2222           0 :                 return NULL;
    2223             :         }
    2224           4 :         if (!W_ERROR_IS_OK(r.out.result)) {
    2225           0 :                 torture_comment(tctx, "srvsvc_NetShareGetInfo failed: %s\n",
    2226             :                          win_errstr(r.out.result));
    2227           0 :                 talloc_free(tmp_ctx);
    2228           0 :                 return NULL;
    2229             :         }
    2230             : 
    2231           4 :         result = talloc_steal(mem_ctx, info.info502->sd_buf.sd);
    2232           4 :         talloc_free(tmp_ctx);
    2233           4 :         return result;
    2234             : }
    2235             : 
    2236          24 : static NTSTATUS set_sharesec(struct torture_context *tctx,
    2237             :                              TALLOC_CTX *mem_ctx,
    2238             :                              struct smbcli_session *sess,
    2239             :                              const char *sharename,
    2240             :                              struct security_descriptor *sd)
    2241             : {
    2242             :         struct smbcli_tree *tree;
    2243             :         TALLOC_CTX *tmp_ctx;
    2244             :         struct dcerpc_pipe *p;
    2245             :         struct dcerpc_binding_handle *b;
    2246             :         NTSTATUS status;
    2247             :         struct sec_desc_buf i;
    2248             :         struct srvsvc_NetShareSetInfo r;
    2249             :         union srvsvc_NetShareInfo info;
    2250          24 :         uint32_t error = 0;
    2251             : 
    2252          24 :         if (!(tmp_ctx = talloc_new(mem_ctx))) {
    2253           0 :                 torture_comment(tctx, "talloc_new failed\n");
    2254           0 :                 return NT_STATUS_NO_MEMORY;
    2255             :         }
    2256             : 
    2257          24 :         if (!NT_STATUS_IS_OK(secondary_tcon(tctx, tmp_ctx, sess, "IPC$", &tree))) {
    2258           0 :                 torture_comment(tctx, "secondary_tcon failed\n");
    2259           0 :                 talloc_free(tmp_ctx);
    2260           0 :                 return NT_STATUS_UNSUCCESSFUL;
    2261             :         }
    2262             : 
    2263          24 :         status = pipe_bind_smb(tctx, mem_ctx, tree, "\\pipe\\srvsvc",
    2264             :                                &ndr_table_srvsvc, &p);
    2265          24 :         if (!NT_STATUS_IS_OK(status)) {
    2266           0 :                 torture_warning(tctx, "could not bind to srvsvc pipe: %s\n",
    2267             :                          nt_errstr(status));
    2268           0 :                 talloc_free(tmp_ctx);
    2269           0 :                 return NT_STATUS_UNSUCCESSFUL;
    2270             :         }
    2271          24 :         b = p->binding_handle;
    2272             : 
    2273             : #if 0
    2274             :         p->conn->flags |= DCERPC_DEBUG_PRINT_IN | DCERPC_DEBUG_PRINT_OUT;
    2275             : #endif
    2276             : 
    2277          24 :         r.in.server_unc = talloc_asprintf(tmp_ctx, "\\\\%s",
    2278             :                                           dcerpc_server_name(p));
    2279          24 :         r.in.share_name = sharename;
    2280          24 :         r.in.level = 1501;
    2281          24 :         i.sd = sd;
    2282          24 :         info.info1501 = &i;
    2283          24 :         r.in.info = &info;
    2284          24 :         r.in.parm_error = &error;
    2285             : 
    2286          24 :         status = dcerpc_srvsvc_NetShareSetInfo_r(b, tmp_ctx, &r);
    2287          24 :         if (!NT_STATUS_IS_OK(status)) {
    2288           0 :                 torture_comment(tctx, "srvsvc_NetShareSetInfo failed: %s\n",
    2289             :                          nt_errstr(status));
    2290             :         }
    2291          24 :         if (!W_ERROR_IS_OK(r.out.result)) {
    2292           0 :                 torture_comment(tctx, "srvsvc_NetShareSetInfo failed: %s\n",
    2293             :                         win_errstr(r.out.result));
    2294           0 :                 status = werror_to_ntstatus(r.out.result);
    2295             :         }
    2296          24 :         talloc_free(tmp_ctx);
    2297          24 :         return status;
    2298             : }
    2299             : 
    2300          12 : bool try_tcon(struct torture_context *tctx,
    2301             :               TALLOC_CTX *mem_ctx,
    2302             :               struct security_descriptor *orig_sd,
    2303             :               struct smbcli_session *session,
    2304             :               const char *sharename, const struct dom_sid *user_sid,
    2305             :               unsigned int access_mask, NTSTATUS expected_tcon,
    2306             :               NTSTATUS expected_mkdir)
    2307             : {
    2308             :         TALLOC_CTX *tmp_ctx;
    2309             :         struct smbcli_tree *rmdir_tree, *tree;
    2310             :         struct dom_sid *domain_sid;
    2311             :         uint32_t rid;
    2312             :         struct security_descriptor *sd;
    2313             :         NTSTATUS status;
    2314          12 :         bool ret = true;
    2315             : 
    2316          12 :         if (!(tmp_ctx = talloc_new(mem_ctx))) {
    2317           0 :                 torture_comment(tctx, "talloc_new failed\n");
    2318           0 :                 return false;
    2319             :         }
    2320             : 
    2321          12 :         status = secondary_tcon(tctx, tmp_ctx, session, sharename, &rmdir_tree);
    2322          12 :         if (!NT_STATUS_IS_OK(status)) {
    2323           0 :                 torture_comment(tctx, "first tcon to delete dir failed\n");
    2324           0 :                 talloc_free(tmp_ctx);
    2325           0 :                 return false;
    2326             :         }
    2327             : 
    2328          12 :         smbcli_rmdir(rmdir_tree, "sharesec_testdir");
    2329             : 
    2330          12 :         if (!NT_STATUS_IS_OK(dom_sid_split_rid(tmp_ctx, user_sid,
    2331             :                                                &domain_sid, &rid))) {
    2332           0 :                 torture_comment(tctx, "dom_sid_split_rid failed\n");
    2333           0 :                 talloc_free(tmp_ctx);
    2334           0 :                 return false;
    2335             :         }
    2336             : 
    2337          24 :         sd = security_descriptor_dacl_create(
    2338             :                 tmp_ctx, 0, "S-1-5-32-544",
    2339          12 :                 dom_sid_string(mem_ctx, dom_sid_add_rid(mem_ctx, domain_sid,
    2340             :                                                         DOMAIN_RID_USERS)),
    2341             :                 dom_sid_string(mem_ctx, user_sid),
    2342             :                 SEC_ACE_TYPE_ACCESS_ALLOWED, access_mask, 0, NULL);
    2343          12 :         if (sd == NULL) {
    2344           0 :                 torture_comment(tctx, "security_descriptor_dacl_create failed\n");
    2345           0 :                 talloc_free(tmp_ctx);
    2346           0 :                 return false;
    2347             :         }
    2348             : 
    2349          12 :         status = set_sharesec(tctx, mem_ctx, session, sharename, sd);
    2350          12 :         if (!NT_STATUS_IS_OK(status)) {
    2351           0 :                 torture_comment(tctx, "custom set_sharesec failed: %s\n",
    2352             :                          nt_errstr(status));
    2353           0 :                 talloc_free(tmp_ctx);
    2354           0 :                 return false;
    2355             :         }
    2356             : 
    2357          12 :         status = secondary_tcon(tctx, tmp_ctx, session, sharename, &tree);
    2358          12 :         if (!NT_STATUS_EQUAL(status, expected_tcon)) {
    2359           0 :                 torture_comment(tctx, "Expected %s, got %s\n", nt_errstr(expected_tcon),
    2360             :                          nt_errstr(status));
    2361           0 :                 ret = false;
    2362           0 :                 goto done;
    2363             :         }
    2364             : 
    2365          12 :         if (!NT_STATUS_IS_OK(status)) {
    2366             :                 /* An expected non-access, no point in trying to write */
    2367           4 :                 goto done;
    2368             :         }
    2369             : 
    2370           8 :         status = smbcli_mkdir(tree, "sharesec_testdir");
    2371           8 :         if (!NT_STATUS_EQUAL(status, expected_mkdir)) {
    2372           0 :                 torture_warning(tctx, "Expected %s, got %s\n",
    2373             :                          nt_errstr(expected_mkdir), nt_errstr(status));
    2374           0 :                 ret = false;
    2375             :         }
    2376             : 
    2377          17 :  done:
    2378          12 :         smbcli_rmdir(rmdir_tree, "sharesec_testdir");
    2379             : 
    2380          12 :         status = set_sharesec(tctx, mem_ctx, session, sharename, orig_sd);
    2381          12 :         if (!NT_STATUS_IS_OK(status)) {
    2382           0 :                 torture_comment(tctx, "custom set_sharesec failed: %s\n",
    2383             :                          nt_errstr(status));
    2384           0 :                 talloc_free(tmp_ctx);
    2385           0 :                 return false;
    2386             :         }
    2387             : 
    2388          12 :         talloc_free(tmp_ctx);
    2389          12 :         return ret;
    2390             : }
    2391             : 
    2392           4 : static bool torture_samba3_rpc_sharesec(struct torture_context *torture)
    2393             : {
    2394           4 :         struct smbcli_state *cli = NULL;
    2395           4 :         struct security_descriptor *sd = NULL;
    2396           4 :         struct dom_sid *user_sid = NULL;
    2397           4 :         const char *testuser_passwd = NULL;
    2398           4 :         struct cli_credentials *test_credentials = NULL;
    2399             :         struct smbcli_options options;
    2400             :         struct smbcli_session_options session_options;
    2401             :         NTSTATUS status;
    2402           4 :         struct test_join *tj = NULL;
    2403           4 :         struct dcerpc_pipe *lsa_pipe = NULL;
    2404             :         const char *priv_array[1];
    2405             : 
    2406             :         /* Create a new user. The normal user has SeBackup and SeRestore
    2407             :            privs so we can't lock them out with a share security descriptor. */
    2408           4 :         tj = torture_create_testuser(torture,
    2409             :                                         "sharesec_user",
    2410             :                                         torture_setting_string(torture, "workgroup", NULL),
    2411             :                                         ACB_NORMAL,
    2412             :                                         &testuser_passwd);
    2413           4 :         if (!tj) {
    2414           0 :                 torture_fail(torture, "Creating sharesec_user failed\n");
    2415             :         }
    2416             : 
    2417             :         /* Give them SeDiskOperatorPrivilege but no other privs. */
    2418           4 :         status = torture_rpc_connection(torture, &lsa_pipe, &ndr_table_lsarpc);
    2419           4 :         if (!NT_STATUS_IS_OK(status)) {
    2420           0 :                 torture_delete_testuser(torture, tj, "sharesec_user");
    2421           0 :                 talloc_free(tj);
    2422           0 :                 torture_fail(torture, "Error connecting to LSA pipe");
    2423             :         }
    2424             : 
    2425           4 :         priv_array[0] = "SeDiskOperatorPrivilege";
    2426           4 :         if (!torture_setup_privs(torture,
    2427             :                                 lsa_pipe,
    2428             :                                 1,
    2429             :                                 priv_array,
    2430             :                                 torture_join_user_sid(tj))) {
    2431           0 :                 talloc_free(lsa_pipe);
    2432           0 :                 torture_delete_testuser(torture, tj, "sharesec_user");
    2433           0 :                 talloc_free(tj);
    2434           0 :                 torture_fail(torture, "Failed to setup privs\n");
    2435             :         }
    2436           4 :         talloc_free(lsa_pipe);
    2437             : 
    2438           4 :         test_credentials = cli_credentials_init(torture);
    2439           4 :         cli_credentials_set_workstation(test_credentials, "localhost", CRED_SPECIFIED);
    2440           4 :         cli_credentials_set_domain(test_credentials, lpcfg_workgroup(torture->lp_ctx),
    2441             :                         CRED_SPECIFIED);
    2442           4 :         cli_credentials_set_username(test_credentials, "sharesec_user", CRED_SPECIFIED);
    2443           4 :         cli_credentials_set_password(test_credentials, testuser_passwd, CRED_SPECIFIED);
    2444             : 
    2445           4 :         ZERO_STRUCT(options);
    2446           4 :         ZERO_STRUCT(session_options);
    2447           4 :         lpcfg_smbcli_options(torture->lp_ctx, &options);
    2448           4 :         lpcfg_smbcli_session_options(torture->lp_ctx, &session_options);
    2449             : 
    2450           4 :         status = smbcli_full_connection(torture,
    2451             :                                         &cli,
    2452             :                                         torture_setting_string(torture, "host", NULL),
    2453             :                                         lpcfg_smb_ports(torture->lp_ctx),
    2454             :                                         "IPC$",
    2455             :                                         NULL,
    2456             :                                         lpcfg_socket_options(torture->lp_ctx),
    2457             :                                         test_credentials,
    2458             :                                         lpcfg_resolve_context(torture->lp_ctx),
    2459             :                                         torture->ev,
    2460             :                                         &options,
    2461             :                                         &session_options,
    2462             :                                         lpcfg_gensec_settings(torture, torture->lp_ctx));
    2463           4 :         if (!NT_STATUS_IS_OK(status)) {
    2464           0 :                 talloc_free(cli);
    2465           0 :                 torture_delete_testuser(torture, tj, "sharesec_user");
    2466           0 :                 talloc_free(tj);
    2467           0 :                 torture_fail(torture, "Failed to open connection\n");
    2468             :         }
    2469             : 
    2470           4 :         if (!(user_sid = whoami(torture, torture, cli->tree))) {
    2471           0 :                 talloc_free(cli);
    2472           0 :                 torture_delete_testuser(torture, tj, "sharesec_user");
    2473           0 :                 talloc_free(tj);
    2474           0 :                 torture_fail(torture, "whoami failed\n");
    2475             :         }
    2476             : 
    2477           4 :         sd = get_sharesec(torture, torture, cli->session,
    2478             :                           torture_setting_string(torture, "share", NULL));
    2479             : 
    2480           4 :         if (!try_tcon(torture, torture, sd, cli->session,
    2481             :                         torture_setting_string(torture, "share", NULL),
    2482           4 :                         user_sid, 0, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK)) {
    2483           0 :                 talloc_free(cli);
    2484           0 :                 torture_delete_testuser(torture, tj, "sharesec_user");
    2485           0 :                 talloc_free(tj);
    2486           0 :                 torture_fail(torture, "failed to test tcon with 0 access_mask");
    2487             :         }
    2488             : 
    2489           4 :         if (!try_tcon(torture, torture, sd, cli->session,
    2490             :                         torture_setting_string(torture, "share", NULL),
    2491           4 :                         user_sid, SEC_FILE_READ_DATA, NT_STATUS_OK,
    2492           4 :                         NT_STATUS_MEDIA_WRITE_PROTECTED)) {
    2493           0 :                 talloc_free(cli);
    2494           0 :                 torture_delete_testuser(torture, tj, "sharesec_user");
    2495           0 :                 talloc_free(tj);
    2496           0 :                 torture_fail(torture, "failed to test tcon with SEC_FILE_READ_DATA access_mask");
    2497             :         }
    2498             : 
    2499             :         /* sharesec_user doesn't have any rights on the underlying file system.
    2500             :            Go back to the normal user. */
    2501             : 
    2502           4 :         talloc_free(cli);
    2503           4 :         cli = NULL;
    2504           4 :         torture_delete_testuser(torture, tj, "sharesec_user");
    2505           4 :         talloc_free(tj);
    2506           4 :         tj = NULL;
    2507             : 
    2508           4 :         if (!(torture_open_connection_share(
    2509             :                       torture, &cli, torture, torture_setting_string(torture, "host", NULL),
    2510             :                       "IPC$", torture->ev))) {
    2511           0 :                 torture_fail(torture, "IPC$ connection failed\n");
    2512             :         }
    2513             : 
    2514           4 :         if (!(user_sid = whoami(torture, torture, cli->tree))) {
    2515           0 :                 torture_fail(torture, "whoami failed\n");
    2516             :         }
    2517           4 :         torture_assert(torture, try_tcon(
    2518             :                         torture, torture, sd, cli->session,
    2519             :                         torture_setting_string(torture, "share", NULL),
    2520             :                         user_sid, SEC_FILE_ALL, NT_STATUS_OK, NT_STATUS_OK),
    2521             :                         "failed to test tcon with SEC_FILE_ALL access_mask");
    2522             : 
    2523           4 :         return true;
    2524             : }
    2525             : 
    2526           0 : static bool torture_samba3_rpc_lsa(struct torture_context *torture)
    2527             : {
    2528             :         struct dcerpc_pipe *p;
    2529             :         struct dcerpc_binding_handle *b;
    2530             :         struct policy_handle lsa_handle;
    2531             : 
    2532           0 :         torture_assert_ntstatus_ok(torture,
    2533             :                 torture_rpc_connection(torture, &p, &ndr_table_lsarpc),
    2534             :                 "failed to setup lsarpc");
    2535             : 
    2536           0 :         b = p->binding_handle;
    2537             : 
    2538             :         {
    2539             :                 struct lsa_ObjectAttribute attr;
    2540             :                 struct lsa_OpenPolicy2 o;
    2541           0 :                 o.in.system_name = talloc_asprintf(
    2542             :                         torture, "\\\\%s", dcerpc_server_name(p));
    2543           0 :                 ZERO_STRUCT(attr);
    2544           0 :                 o.in.attr = &attr;
    2545           0 :                 o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
    2546           0 :                 o.out.handle = &lsa_handle;
    2547             : 
    2548           0 :                 torture_assert_ntstatus_ok(torture,
    2549             :                         dcerpc_lsa_OpenPolicy2_r(b, torture, &o),
    2550             :                         "dcerpc_lsa_OpenPolicy2 failed");
    2551           0 :                 torture_assert_ntstatus_ok(torture, o.out.result,
    2552             :                         "dcerpc_lsa_OpenPolicy2 failed");
    2553             :         }
    2554             : 
    2555             :         {
    2556             :                 int i;
    2557           0 :                 int levels[] = { 2,3,5,6 };
    2558             : 
    2559           0 :                 for (i=0; i<ARRAY_SIZE(levels); i++) {
    2560             :                         struct lsa_QueryInfoPolicy r;
    2561           0 :                         union lsa_PolicyInformation *info = NULL;
    2562           0 :                         r.in.handle = &lsa_handle;
    2563           0 :                         r.in.level = levels[i];
    2564           0 :                         r.out.info = &info;
    2565             : 
    2566           0 :                         torture_assert_ntstatus_ok(torture,
    2567             :                                 dcerpc_lsa_QueryInfoPolicy_r(b, torture, &r),
    2568             :                                 talloc_asprintf(torture, "dcerpc_lsa_QueryInfoPolicy level %d failed", levels[i]));
    2569           0 :                         torture_assert_ntstatus_ok(torture, r.out.result,
    2570             :                                 talloc_asprintf(torture, "dcerpc_lsa_QueryInfoPolicy level %d failed", levels[i]));
    2571             :                 }
    2572             :         }
    2573             : 
    2574           0 :         return true;
    2575             : }
    2576             : 
    2577           8 : static NTSTATUS get_servername(TALLOC_CTX *mem_ctx, struct smbcli_tree *tree,
    2578             :                                char **name)
    2579             : {
    2580             :         struct rap_WserverGetInfo r;
    2581             :         NTSTATUS status;
    2582             :         char servername[17];
    2583             :         size_t converted_size;
    2584             : 
    2585           8 :         r.in.level = 0;
    2586           8 :         r.in.bufsize = 0xffff;
    2587             : 
    2588           8 :         status = smbcli_rap_netservergetinfo(tree, mem_ctx, &r);
    2589           8 :         if (!NT_STATUS_IS_OK(status)) {
    2590           0 :                 return status;
    2591             :         }
    2592             : 
    2593           8 :         memcpy(servername, r.out.info.info0.name, 16);
    2594           8 :         servername[16] = '\0';
    2595             : 
    2596           8 :         if (!pull_ascii_talloc(mem_ctx, name, servername, &converted_size)) {
    2597           0 :                 return NT_STATUS_NO_MEMORY;
    2598             :         }
    2599             : 
    2600           8 :         return NT_STATUS_OK;
    2601             : }
    2602             : 
    2603           8 : static bool rap_get_servername(struct torture_context *tctx,
    2604             :                                char **servername)
    2605             : {
    2606             :         struct smbcli_state *cli;
    2607             : 
    2608           8 :         torture_assert(tctx,
    2609             :                 torture_open_connection_share(tctx, &cli, tctx, torture_setting_string(tctx, "host", NULL),
    2610             :                                               "IPC$", tctx->ev),
    2611             :                 "IPC$ connection failed");
    2612             : 
    2613           8 :         torture_assert_ntstatus_ok(tctx,
    2614             :                 get_servername(tctx, cli->tree, servername),
    2615             :                 "get_servername failed");
    2616             : 
    2617           8 :         talloc_free(cli);
    2618             : 
    2619           8 :         return true;
    2620             : }
    2621             : 
    2622           4 : static bool find_printers(struct torture_context *tctx,
    2623             :                           struct dcerpc_pipe *p,
    2624             :                           const char ***printers,
    2625             :                           size_t *num_printers)
    2626             : {
    2627             :         struct srvsvc_NetShareEnum r;
    2628             :         struct srvsvc_NetShareInfoCtr info_ctr;
    2629             :         struct srvsvc_NetShareCtr1 c1_in;
    2630             :         struct srvsvc_NetShareCtr1 *c1;
    2631           4 :         uint32_t totalentries = 0;
    2632             :         int i;
    2633           4 :         struct dcerpc_binding_handle *b = p->binding_handle;
    2634             : 
    2635           4 :         ZERO_STRUCT(c1_in);
    2636           4 :         info_ctr.level = 1;
    2637           4 :         info_ctr.ctr.ctr1 = &c1_in;
    2638             : 
    2639           4 :         r.in.server_unc = talloc_asprintf(
    2640             :                 tctx, "\\\\%s", dcerpc_server_name(p));
    2641           4 :         r.in.info_ctr = &info_ctr;
    2642           4 :         r.in.max_buffer = (uint32_t)-1;
    2643           4 :         r.in.resume_handle = NULL;
    2644           4 :         r.out.totalentries = &totalentries;
    2645           4 :         r.out.info_ctr = &info_ctr;
    2646             : 
    2647           4 :         torture_assert_ntstatus_ok(tctx,
    2648             :                 dcerpc_srvsvc_NetShareEnum_r(b, tctx, &r),
    2649             :                 "NetShareEnum level 1 failed");
    2650           4 :         torture_assert_werr_ok(tctx, r.out.result,
    2651             :                 "NetShareEnum level 1 failed");
    2652             : 
    2653           4 :         *printers = NULL;
    2654           4 :         *num_printers = 0;
    2655           4 :         c1 = r.out.info_ctr->ctr.ctr1;
    2656         226 :         for (i=0; i<c1->count; i++) {
    2657         222 :                 if (c1->array[i].type != STYPE_PRINTQ) {
    2658         202 :                         continue;
    2659             :                 }
    2660          20 :                 if (!add_string_to_array(tctx, c1->array[i].name,
    2661             :                                          printers, num_printers)) {
    2662           0 :                         return false;
    2663             :                 }
    2664             :         }
    2665             : 
    2666           4 :         return true;
    2667             : }
    2668             : 
    2669           8 : static bool enumprinters(struct torture_context *tctx,
    2670             :                          struct dcerpc_binding_handle *b,
    2671             :                          const char *servername, int level, int *num_printers)
    2672             : {
    2673             :         struct spoolss_EnumPrinters r;
    2674             :         DATA_BLOB blob;
    2675             :         uint32_t needed;
    2676             :         uint32_t count;
    2677             :         union spoolss_PrinterInfo *info;
    2678             : 
    2679           8 :         r.in.flags = PRINTER_ENUM_LOCAL;
    2680           8 :         r.in.server = talloc_asprintf(tctx, "\\\\%s", servername);
    2681           8 :         r.in.level = level;
    2682           8 :         r.in.buffer = NULL;
    2683           8 :         r.in.offered = 0;
    2684           8 :         r.out.needed = &needed;
    2685           8 :         r.out.count = &count;
    2686           8 :         r.out.info = &info;
    2687             : 
    2688           8 :         torture_assert_ntstatus_ok(tctx,
    2689             :                 dcerpc_spoolss_EnumPrinters_r(b, tctx, &r),
    2690             :                 "dcerpc_spoolss_EnumPrinters failed");
    2691           8 :         torture_assert_werr_equal(tctx, r.out.result, WERR_INSUFFICIENT_BUFFER,
    2692             :                 "EnumPrinters unexpected return code should be WERR_INSUFFICIENT_BUFFER");
    2693             : 
    2694           8 :         blob = data_blob_talloc_zero(tctx, needed);
    2695           8 :         if (blob.data == NULL) {
    2696           0 :                 return false;
    2697             :         }
    2698             : 
    2699           8 :         r.in.buffer = &blob;
    2700           8 :         r.in.offered = needed;
    2701             : 
    2702           8 :         torture_assert_ntstatus_ok(tctx,
    2703             :                 dcerpc_spoolss_EnumPrinters_r(b, tctx, &r),
    2704             :                 "dcerpc_spoolss_EnumPrinters failed");
    2705           8 :         torture_assert_werr_ok(tctx, r.out.result,
    2706             :                 "dcerpc_spoolss_EnumPrinters failed");
    2707             : 
    2708           8 :         *num_printers = count;
    2709             : 
    2710           8 :         return true;
    2711             : }
    2712             : 
    2713          32 : static bool getprinterinfo(struct torture_context *tctx,
    2714             :                            struct dcerpc_binding_handle *b,
    2715             :                            struct policy_handle *handle, int level,
    2716             :                            union spoolss_PrinterInfo **res)
    2717             : {
    2718             :         struct spoolss_GetPrinter r;
    2719             :         DATA_BLOB blob;
    2720             :         uint32_t needed;
    2721             : 
    2722          32 :         r.in.handle = handle;
    2723          32 :         r.in.level = level;
    2724          32 :         r.in.buffer = NULL;
    2725          32 :         r.in.offered = 0;
    2726          32 :         r.out.needed = &needed;
    2727             : 
    2728          32 :         torture_assert_ntstatus_ok(tctx,
    2729             :                 dcerpc_spoolss_GetPrinter_r(b, tctx, &r),
    2730             :                 "dcerpc_spoolss_GetPrinter failed");
    2731          32 :         torture_assert_werr_equal(tctx, r.out.result, WERR_INSUFFICIENT_BUFFER,
    2732             :                 "GetPrinter unexpected return code should be WERR_INSUFFICIENT_BUFFER");
    2733             : 
    2734          32 :         r.in.handle = handle;
    2735          32 :         r.in.level = level;
    2736          32 :         blob = data_blob_talloc_zero(tctx, needed);
    2737          32 :         if (blob.data == NULL) {
    2738           0 :                 return false;
    2739             :         }
    2740          32 :         r.in.buffer = &blob;
    2741          32 :         r.in.offered = needed;
    2742             : 
    2743          32 :         torture_assert_ntstatus_ok(tctx,
    2744             :                 dcerpc_spoolss_GetPrinter_r(b, tctx, &r),
    2745             :                 "dcerpc_spoolss_GetPrinter failed");
    2746          32 :         torture_assert_werr_ok(tctx, r.out.result,
    2747             :                 "dcerpc_spoolss_GetPrinter failed");
    2748             : 
    2749          32 :         if (res != NULL) {
    2750           0 :                 *res = talloc_steal(tctx, r.out.info);
    2751             :         }
    2752             : 
    2753          32 :         return true;
    2754             : }
    2755             : 
    2756           4 : static bool torture_samba3_rpc_spoolss(struct torture_context *torture)
    2757             : {
    2758             :         struct dcerpc_pipe *p, *p2;
    2759             :         struct dcerpc_binding_handle *b;
    2760             :         struct policy_handle server_handle, printer_handle;
    2761             :         const char **printers;
    2762             :         size_t num_printers;
    2763             :         struct spoolss_UserLevel1 userlevel1;
    2764             :         char *servername;
    2765             : 
    2766           4 :         torture_assert(torture,
    2767             :                 rap_get_servername(torture, &servername),
    2768             :                 "failed to rap servername");
    2769             : 
    2770           4 :         torture_assert_ntstatus_ok(torture,
    2771             :                 torture_rpc_connection(torture, &p2, &ndr_table_srvsvc),
    2772             :                 "failed to setup srvsvc");
    2773             : 
    2774           4 :         torture_assert(torture,
    2775             :                 find_printers(torture, p2, &printers, &num_printers),
    2776             :                 "failed to find printers via srvsvc");
    2777             : 
    2778           4 :         talloc_free(p2);
    2779             : 
    2780           4 :         if (num_printers == 0) {
    2781           0 :                 torture_skip(torture, "Did not find printers\n");
    2782             :                 return true;
    2783             :         }
    2784             : 
    2785           4 :         torture_assert_ntstatus_ok(torture,
    2786             :                 torture_rpc_connection(torture, &p, &ndr_table_spoolss),
    2787             :                 "failed to setup spoolss");
    2788             : 
    2789           4 :         b = p->binding_handle;
    2790             : 
    2791           4 :         ZERO_STRUCT(userlevel1);
    2792           4 :         userlevel1.client = talloc_asprintf(
    2793             :                 torture, "\\\\%s", lpcfg_netbios_name(torture->lp_ctx));
    2794           4 :         userlevel1.user = cli_credentials_get_username(
    2795             :                                 samba_cmdline_get_creds());
    2796           4 :         userlevel1.build = 2600;
    2797           4 :         userlevel1.major = 3;
    2798           4 :         userlevel1.minor = 0;
    2799           4 :         userlevel1.processor = 0;
    2800             : 
    2801             :         {
    2802             :                 struct spoolss_OpenPrinterEx r;
    2803             : 
    2804           4 :                 ZERO_STRUCT(r);
    2805           4 :                 r.in.printername = talloc_asprintf(torture, "\\\\%s",
    2806             :                                                    servername);
    2807           4 :                 r.in.datatype = NULL;
    2808           4 :                 r.in.access_mask = 0;
    2809           4 :                 r.in.userlevel_ctr.level = 1;
    2810           4 :                 r.in.userlevel_ctr.user_info.level1 = &userlevel1;
    2811           4 :                 r.out.handle = &server_handle;
    2812             : 
    2813           4 :                 torture_assert_ntstatus_ok(torture,
    2814             :                         dcerpc_spoolss_OpenPrinterEx_r(b, torture, &r),
    2815             :                         "dcerpc_spoolss_OpenPrinterEx failed");
    2816           4 :                 torture_assert_werr_ok(torture, r.out.result,
    2817             :                         "dcerpc_spoolss_OpenPrinterEx failed");
    2818             :         }
    2819             : 
    2820             :         {
    2821             :                 struct spoolss_ClosePrinter r;
    2822             : 
    2823           4 :                 r.in.handle = &server_handle;
    2824           4 :                 r.out.handle = &server_handle;
    2825             : 
    2826           4 :                 torture_assert_ntstatus_ok(torture,
    2827             :                         dcerpc_spoolss_ClosePrinter_r(b, torture, &r),
    2828             :                         "dcerpc_spoolss_ClosePrinter failed");
    2829           4 :                 torture_assert_werr_ok(torture, r.out.result,
    2830             :                         "dcerpc_spoolss_ClosePrinter failed");
    2831             :         }
    2832             : 
    2833             :         {
    2834             :                 struct spoolss_OpenPrinterEx r;
    2835             : 
    2836           4 :                 ZERO_STRUCT(r);
    2837           4 :                 r.in.printername = talloc_asprintf(
    2838             :                         torture, "\\\\%s\\%s", servername, printers[0]);
    2839           4 :                 r.in.datatype = NULL;
    2840           4 :                 r.in.access_mask = 0;
    2841           4 :                 r.in.userlevel_ctr.level = 1;
    2842           4 :                 r.in.userlevel_ctr.user_info.level1 = &userlevel1;
    2843           4 :                 r.out.handle = &printer_handle;
    2844             : 
    2845           4 :                 torture_assert_ntstatus_ok(torture,
    2846             :                         dcerpc_spoolss_OpenPrinterEx_r(b, torture, &r),
    2847             :                         "dcerpc_spoolss_OpenPrinterEx failed");
    2848           4 :                 torture_assert_werr_ok(torture, r.out.result,
    2849             :                         "dcerpc_spoolss_OpenPrinterEx failed");
    2850             :         }
    2851             : 
    2852             :         {
    2853             :                 int i;
    2854             : 
    2855          36 :                 for (i=0; i<8; i++) {
    2856          32 :                         torture_assert(torture,
    2857             :                                 getprinterinfo(torture, b, &printer_handle, i, NULL),
    2858             :                                 talloc_asprintf(torture, "getprinterinfo %d failed", i));
    2859             :                 }
    2860             :         }
    2861             : 
    2862             :         {
    2863             :                 struct spoolss_ClosePrinter r;
    2864             : 
    2865           4 :                 r.in.handle = &printer_handle;
    2866           4 :                 r.out.handle = &printer_handle;
    2867             : 
    2868           4 :                 torture_assert_ntstatus_ok(torture,
    2869             :                         dcerpc_spoolss_ClosePrinter_r(b, torture, &r),
    2870             :                         "dcerpc_spoolss_ClosePrinter failed");
    2871           4 :                 torture_assert_werr_ok(torture, r.out.result,
    2872             :                         "dcerpc_spoolss_ClosePrinter failed");
    2873             :         }
    2874             : 
    2875             :         {
    2876             :                 int num_enumerated;
    2877             : 
    2878           4 :                 torture_assert(torture,
    2879             :                         enumprinters(torture, b, servername, 1, &num_enumerated),
    2880             :                         "enumprinters failed");
    2881             : 
    2882           4 :                 torture_assert_int_equal(torture, num_printers, num_enumerated,
    2883             :                         "netshareenum / enumprinters lvl 1 numprinter mismatch");
    2884             :         }
    2885             : 
    2886             :         {
    2887             :                 int num_enumerated;
    2888             : 
    2889           4 :                 torture_assert(torture,
    2890             :                         enumprinters(torture, b, servername, 2, &num_enumerated),
    2891             :                         "enumprinters failed");
    2892             : 
    2893           4 :                 torture_assert_int_equal(torture, num_printers, num_enumerated,
    2894             :                         "netshareenum / enumprinters lvl 2 numprinter mismatch");
    2895             :         }
    2896             : 
    2897           4 :         return true;
    2898             : }
    2899             : 
    2900           4 : static bool torture_samba3_rpc_wkssvc(struct torture_context *torture)
    2901             : {
    2902             :         struct dcerpc_pipe *p;
    2903             :         struct dcerpc_binding_handle *b;
    2904             :         char *servername;
    2905             : 
    2906           4 :         torture_assert(torture,
    2907             :                 rap_get_servername(torture, &servername),
    2908             :                 "failed to rap servername");
    2909             : 
    2910           4 :         torture_assert_ntstatus_ok(torture,
    2911             :                 torture_rpc_connection(torture, &p, &ndr_table_wkssvc),
    2912             :                 "failed to setup wkssvc");
    2913             : 
    2914           4 :         b = p->binding_handle;
    2915             : 
    2916             :         {
    2917             :                 struct wkssvc_NetWkstaInfo100 wks100;
    2918             :                 union wkssvc_NetWkstaInfo info;
    2919             :                 struct wkssvc_NetWkstaGetInfo r;
    2920             : 
    2921           4 :                 r.in.server_name = "\\foo";
    2922           4 :                 r.in.level = 100;
    2923           4 :                 info.info100 = &wks100;
    2924           4 :                 r.out.info = &info;
    2925             : 
    2926           4 :                 torture_assert_ntstatus_ok(torture,
    2927             :                         dcerpc_wkssvc_NetWkstaGetInfo_r(b, torture, &r),
    2928             :                         "dcerpc_wkssvc_NetWksGetInfo failed");
    2929           4 :                 torture_assert_werr_ok(torture, r.out.result,
    2930             :                         "dcerpc_wkssvc_NetWksGetInfo failed");
    2931             : 
    2932           4 :                 torture_assert_str_equal(torture, servername, r.out.info->info100->server_name,
    2933             :                         "servername RAP / DCERPC inconsistency");
    2934             :         }
    2935             : 
    2936           4 :         return true;
    2937             : }
    2938             : 
    2939         300 : static bool winreg_close(struct torture_context *tctx,
    2940             :                          struct dcerpc_binding_handle *b,
    2941             :                          struct policy_handle *handle)
    2942             : {
    2943             :         struct winreg_CloseKey c;
    2944             : 
    2945         300 :         c.in.handle = c.out.handle = handle;
    2946             : 
    2947         300 :         torture_assert_ntstatus_ok(tctx,
    2948             :                 dcerpc_winreg_CloseKey_r(b, tctx, &c),
    2949             :                 "winreg_CloseKey failed");
    2950         300 :         torture_assert_werr_ok(tctx, c.out.result,
    2951             :                 "winreg_CloseKey failed");
    2952             : 
    2953         300 :         return true;
    2954             : }
    2955             : 
    2956         296 : static bool enumvalues(struct torture_context *tctx,
    2957             :                        struct dcerpc_binding_handle *b,
    2958             :                        struct policy_handle *handle)
    2959             : {
    2960         296 :         uint32_t enum_index = 0;
    2961             : 
    2962         932 :         while (1) {
    2963             :                 struct winreg_EnumValue r;
    2964             :                 struct winreg_ValNameBuf name;
    2965        1228 :                 enum winreg_Type type = 0;
    2966             :                 uint8_t buf8[1024];
    2967             :                 NTSTATUS status;
    2968             :                 uint32_t size, length;
    2969             : 
    2970        1228 :                 ZERO_STRUCT(buf8);
    2971        1228 :                 r.in.handle = handle;
    2972        1228 :                 r.in.enum_index = enum_index;
    2973        1228 :                 name.name = "";
    2974        1228 :                 name.size = 1024;
    2975        1228 :                 r.in.name = r.out.name = &name;
    2976        1228 :                 size = 1024;
    2977        1228 :                 length = 5;
    2978        1228 :                 r.in.type = &type;
    2979        1228 :                 r.in.value = buf8;
    2980        1228 :                 r.in.size = &size;
    2981        1228 :                 r.in.length = &length;
    2982             : 
    2983        1228 :                 status = dcerpc_winreg_EnumValue_r(b, tctx, &r);
    2984        1228 :                 if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(r.out.result)) {
    2985         568 :                         return true;
    2986             :                 }
    2987         932 :                 enum_index += 1;
    2988             :         }
    2989             : }
    2990             : 
    2991         300 : static bool enumkeys(struct torture_context *tctx,
    2992             :                      struct dcerpc_binding_handle *b,
    2993             :                      struct policy_handle *handle,
    2994             :                      int depth)
    2995             : {
    2996             :         struct winreg_EnumKey r;
    2997             :         struct winreg_StringBuf kclass, name;
    2998             :         NTSTATUS status;
    2999         300 :         NTTIME t = 0;
    3000             : 
    3001         300 :         if (depth <= 0) {
    3002         248 :                 return true;
    3003             :         }
    3004             : 
    3005          52 :         kclass.name   = "";
    3006          52 :         kclass.size   = 1024;
    3007             : 
    3008          52 :         r.in.handle = handle;
    3009          52 :         r.in.enum_index = 0;
    3010          52 :         r.in.name = &name;
    3011          52 :         r.in.keyclass = &kclass;
    3012          52 :         r.out.name = &name;
    3013          52 :         r.in.last_changed_time = &t;
    3014             : 
    3015         296 :         do {
    3016             :                 struct winreg_OpenKey o;
    3017             :                 struct policy_handle key_handle;
    3018             :                 int i;
    3019             : 
    3020         348 :                 name.name = NULL;
    3021         348 :                 name.size = 1024;
    3022             : 
    3023         348 :                 status = dcerpc_winreg_EnumKey_r(b, tctx, &r);
    3024         348 :                 if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(r.out.result)) {
    3025             :                         /* We're done enumerating */
    3026          91 :                         return true;
    3027             :                 }
    3028             : 
    3029        2880 :                 for (i=0; i<10-depth; i++) {
    3030        2584 :                         torture_comment(tctx, " ");
    3031             :                 }
    3032         296 :                 torture_comment(tctx, "%s\n", r.out.name->name);
    3033             : 
    3034         296 :                 o.in.parent_handle = handle;
    3035         296 :                 o.in.keyname.name = r.out.name->name;
    3036         296 :                 o.in.options = 0;
    3037         296 :                 o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
    3038         296 :                 o.out.handle = &key_handle;
    3039             : 
    3040         296 :                 status = dcerpc_winreg_OpenKey_r(b, tctx, &o);
    3041         296 :                 if (NT_STATUS_IS_OK(status) && W_ERROR_IS_OK(o.out.result)) {
    3042         296 :                         enumkeys(tctx, b, &key_handle, depth-1);
    3043         296 :                         enumvalues(tctx, b, &key_handle);
    3044         296 :                         torture_assert(tctx, winreg_close(tctx, b, &key_handle), "");
    3045             :                 }
    3046             : 
    3047         296 :                 r.in.enum_index += 1;
    3048             :         } while(true);
    3049             : 
    3050             :         return true;
    3051             : }
    3052             : 
    3053             : typedef NTSTATUS (*winreg_open_fn)(struct dcerpc_binding_handle *, TALLOC_CTX *, void *);
    3054             : 
    3055           4 : static bool test_Open3(struct torture_context *tctx,
    3056             :                        struct dcerpc_binding_handle *b,
    3057             :                        const char *name, winreg_open_fn open_fn)
    3058             : {
    3059             :         struct policy_handle handle;
    3060             :         struct winreg_OpenHKLM r;
    3061             : 
    3062           4 :         r.in.system_name = 0;
    3063           4 :         r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
    3064           4 :         r.out.handle = &handle;
    3065             : 
    3066           4 :         torture_assert_ntstatus_ok(tctx,
    3067             :                 open_fn(b, tctx, &r),
    3068             :                 talloc_asprintf(tctx, "%s failed", name));
    3069           4 :         torture_assert_werr_ok(tctx, r.out.result,
    3070             :                 talloc_asprintf(tctx, "%s failed", name));
    3071             : 
    3072           4 :         enumkeys(tctx, b, &handle, 4);
    3073             : 
    3074           4 :         torture_assert(tctx,
    3075             :                 winreg_close(tctx, b, &handle),
    3076             :                 "dcerpc_CloseKey failed");
    3077             : 
    3078           4 :         return true;
    3079             : }
    3080             : 
    3081           4 : static bool torture_samba3_rpc_winreg(struct torture_context *torture)
    3082             : {
    3083             :         struct dcerpc_pipe *p;
    3084             :         struct dcerpc_binding_handle *b;
    3085           4 :         bool ret = true;
    3086             :         struct {
    3087             :                 const char *name;
    3088             :                 winreg_open_fn fn;
    3089           4 :         } open_fns[] = {
    3090             :                 {"OpenHKLM", (winreg_open_fn)dcerpc_winreg_OpenHKLM_r },
    3091             :                 {"OpenHKU",  (winreg_open_fn)dcerpc_winreg_OpenHKU_r },
    3092             :                 {"OpenHKPD", (winreg_open_fn)dcerpc_winreg_OpenHKPD_r },
    3093             :                 {"OpenHKPT", (winreg_open_fn)dcerpc_winreg_OpenHKPT_r },
    3094             :                 {"OpenHKCR", (winreg_open_fn)dcerpc_winreg_OpenHKCR_r }};
    3095             : #if 0
    3096             :         int i;
    3097             : #endif
    3098             : 
    3099           4 :         torture_assert_ntstatus_ok(torture,
    3100             :                 torture_rpc_connection(torture, &p, &ndr_table_winreg),
    3101             :                 "failed to setup winreg");
    3102             : 
    3103           4 :         b = p->binding_handle;
    3104             : 
    3105             : #if 1
    3106           4 :         ret = test_Open3(torture, b, open_fns[0].name, open_fns[0].fn);
    3107             : #else
    3108             :         for (i = 0; i < ARRAY_SIZE(open_fns); i++) {
    3109             :                 if (!test_Open3(torture, b, open_fns[i].name, open_fns[i].fn))
    3110             :                         ret = false;
    3111             :         }
    3112             : #endif
    3113           4 :         return ret;
    3114             : }
    3115             : 
    3116           0 : static bool get_shareinfo(struct torture_context *tctx,
    3117             :                           struct dcerpc_binding_handle *b,
    3118             :                           const char *servername,
    3119             :                           const char *share,
    3120             :                           struct srvsvc_NetShareInfo502 **info502)
    3121             : {
    3122             :         struct srvsvc_NetShareGetInfo r;
    3123             :         union srvsvc_NetShareInfo info;
    3124             : 
    3125           0 :         r.in.server_unc = talloc_asprintf(tctx, "\\\\%s", servername);
    3126           0 :         r.in.share_name = share;
    3127           0 :         r.in.level = 502;
    3128           0 :         r.out.info = &info;
    3129             : 
    3130           0 :         torture_assert_ntstatus_ok(tctx,
    3131             :                 dcerpc_srvsvc_NetShareGetInfo_r(b, tctx, &r),
    3132             :                 "srvsvc_NetShareGetInfo failed");
    3133           0 :         torture_assert_werr_ok(tctx, r.out.result,
    3134             :                 "srvsvc_NetShareGetInfo failed");
    3135             : 
    3136           0 :         *info502 = talloc_move(tctx, &info.info502);
    3137             : 
    3138           0 :         return true;
    3139             : }
    3140             : 
    3141             : /*
    3142             :  * Get us a handle on HKLM\
    3143             :  */
    3144             : 
    3145           0 : static bool get_hklm_handle(struct torture_context *tctx,
    3146             :                             struct dcerpc_binding_handle *b,
    3147             :                             struct policy_handle *handle)
    3148             : {
    3149             :         struct winreg_OpenHKLM r;
    3150             :         struct policy_handle result;
    3151             : 
    3152           0 :         r.in.system_name = 0;
    3153           0 :         r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
    3154           0 :         r.out.handle = &result;
    3155             : 
    3156           0 :         torture_assert_ntstatus_ok(tctx,
    3157             :                 dcerpc_winreg_OpenHKLM_r(b, tctx, &r),
    3158             :                 "OpenHKLM failed");
    3159           0 :         torture_assert_werr_ok(tctx, r.out.result,
    3160             :                 "OpenHKLM failed");
    3161             : 
    3162           0 :         *handle = result;
    3163             : 
    3164           0 :         return true;
    3165             : }
    3166             : 
    3167           0 : static bool torture_samba3_createshare(struct torture_context *tctx,
    3168             :                                        struct dcerpc_binding_handle *b,
    3169             :                                        const char *sharename)
    3170             : {
    3171             :         struct policy_handle hklm;
    3172             :         struct policy_handle new_handle;
    3173             :         struct winreg_CreateKey c;
    3174             :         struct winreg_CloseKey cl;
    3175           0 :         enum winreg_CreateAction action_taken = REG_ACTION_NONE;
    3176             : 
    3177           0 :         ZERO_STRUCT(c);
    3178           0 :         ZERO_STRUCT(cl);
    3179           0 :         ZERO_STRUCT(hklm);
    3180           0 :         ZERO_STRUCT(new_handle);
    3181             : 
    3182           0 :         c.in.handle = &hklm;
    3183           0 :         c.in.name.name = talloc_asprintf(
    3184             :                 tctx, "software\\samba\\smbconf\\%s", sharename);
    3185           0 :         torture_assert(tctx, c.in.name.name, "talloc_asprintf failed");
    3186             : 
    3187           0 :         c.in.keyclass.name = "";
    3188           0 :         c.in.options = 0;
    3189           0 :         c.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
    3190           0 :         c.in.secdesc = NULL;
    3191           0 :         c.in.action_taken = &action_taken;
    3192           0 :         c.out.new_handle = &new_handle;
    3193           0 :         c.out.action_taken = &action_taken;
    3194             : 
    3195           0 :         torture_assert_ntstatus_ok(tctx,
    3196             :                 dcerpc_winreg_CreateKey_r(b, tctx, &c),
    3197             :                 "OpenKey failed");
    3198           0 :         torture_assert_werr_ok(tctx, c.out.result,
    3199             :                 "OpenKey failed");
    3200             : 
    3201           0 :         cl.in.handle = &new_handle;
    3202           0 :         cl.out.handle = &new_handle;
    3203             : 
    3204           0 :         torture_assert_ntstatus_ok(tctx,
    3205             :                 dcerpc_winreg_CloseKey_r(b, tctx, &cl),
    3206             :                 "CloseKey failed");
    3207           0 :         torture_assert_werr_ok(tctx, cl.out.result,
    3208             :                 "CloseKey failed");
    3209             : 
    3210           0 :         return true;
    3211             : }
    3212             : 
    3213           0 : static bool torture_samba3_deleteshare(struct torture_context *tctx,
    3214             :                                        struct dcerpc_binding_handle *b,
    3215             :                                        const char *sharename)
    3216             : {
    3217             :         struct policy_handle hklm;
    3218             :         struct winreg_DeleteKey d;
    3219             : 
    3220           0 :         torture_assert(tctx,
    3221             :                 get_hklm_handle(tctx, b, &hklm),
    3222             :                 "get_hklm_handle failed");
    3223             : 
    3224           0 :         d.in.handle = &hklm;
    3225           0 :         d.in.key.name = talloc_asprintf(
    3226             :                 tctx, "software\\samba\\smbconf\\%s", sharename);
    3227           0 :         torture_assert(tctx, d.in.key.name, "talloc_asprintf failed");
    3228             : 
    3229           0 :         torture_assert_ntstatus_ok(tctx,
    3230             :                 dcerpc_winreg_DeleteKey_r(b, tctx, &d),
    3231             :                 "DeleteKey failed");
    3232           0 :         torture_assert_werr_ok(tctx, d.out.result,
    3233             :                 "DeleteKey failed");
    3234             : 
    3235           0 :         return true;
    3236             : }
    3237             : 
    3238           0 : static bool torture_samba3_setconfig(struct torture_context *tctx,
    3239             :                                      struct dcerpc_binding_handle *b,
    3240             :                                      const char *sharename,
    3241             :                                      const char *parameter,
    3242             :                                      const char *value)
    3243             : {
    3244             :         struct policy_handle hklm, key_handle;
    3245             :         struct winreg_OpenKey o;
    3246             :         struct winreg_SetValue s;
    3247             :         uint32_t type;
    3248             :         DATA_BLOB val;
    3249             : 
    3250           0 :         torture_assert(tctx,
    3251             :                 get_hklm_handle(tctx, b, &hklm),
    3252             :                 "get_hklm_handle failed");
    3253             : 
    3254           0 :         o.in.parent_handle = &hklm;
    3255           0 :         o.in.keyname.name = talloc_asprintf(
    3256             :                 tctx, "software\\samba\\smbconf\\%s", sharename);
    3257           0 :         torture_assert(tctx, o.in.keyname.name, "talloc_asprintf failed");
    3258             : 
    3259           0 :         o.in.options = 0;
    3260           0 :         o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
    3261           0 :         o.out.handle = &key_handle;
    3262             : 
    3263           0 :         torture_assert_ntstatus_ok(tctx,
    3264             :                 dcerpc_winreg_OpenKey_r(b, tctx, &o),
    3265             :                 "OpenKey failed");
    3266           0 :         torture_assert_werr_ok(tctx, o.out.result,
    3267             :                 "OpenKey failed");
    3268             : 
    3269           0 :         torture_assert(tctx,
    3270             :                 reg_string_to_val(tctx, "REG_SZ", value, &type, &val),
    3271             :                 "reg_string_to_val failed");
    3272             : 
    3273           0 :         s.in.handle = &key_handle;
    3274           0 :         s.in.name.name = parameter;
    3275           0 :         s.in.type = type;
    3276           0 :         s.in.data = val.data;
    3277           0 :         s.in.size = val.length;
    3278             : 
    3279           0 :         torture_assert_ntstatus_ok(tctx,
    3280             :                 dcerpc_winreg_SetValue_r(b, tctx, &s),
    3281             :                 "SetValue failed");
    3282           0 :         torture_assert_werr_ok(tctx, s.out.result,
    3283             :                 "SetValue failed");
    3284             : 
    3285           0 :         return true;
    3286             : }
    3287             : 
    3288           0 : static bool torture_samba3_regconfig(struct torture_context *torture)
    3289             : {
    3290           0 :         struct srvsvc_NetShareInfo502 *i = NULL;
    3291           0 :         const char *comment = "Dummer Kommentar";
    3292             :         struct dcerpc_pipe *srvsvc_pipe, *winreg_pipe;
    3293             : 
    3294           0 :         torture_assert_ntstatus_ok(torture,
    3295             :                 torture_rpc_connection(torture, &srvsvc_pipe, &ndr_table_srvsvc),
    3296             :                 "failed to setup srvsvc");
    3297             : 
    3298           0 :         torture_assert_ntstatus_ok(torture,
    3299             :                 torture_rpc_connection(torture, &winreg_pipe, &ndr_table_winreg),
    3300             :                 "failed to setup winreg");
    3301             : 
    3302           0 :         torture_assert(torture,
    3303             :                 torture_samba3_createshare(torture, winreg_pipe->binding_handle, "blubber"),
    3304             :                 "torture_samba3_createshare failed");
    3305             : 
    3306           0 :         torture_assert(torture,
    3307             :                 torture_samba3_setconfig(torture, winreg_pipe->binding_handle, "blubber", "comment", comment),
    3308             :                 "torture_samba3_setconfig failed");
    3309             : 
    3310           0 :         torture_assert(torture,
    3311             :                 get_shareinfo(torture, srvsvc_pipe->binding_handle, dcerpc_server_name(srvsvc_pipe), "blubber", &i),
    3312             :                 "get_shareinfo failed");
    3313             : 
    3314           0 :         torture_assert_str_equal(torture, comment, i->comment,
    3315             :                 "got unexpected comment");
    3316             : 
    3317           0 :         torture_assert(torture,
    3318             :                 torture_samba3_deleteshare(torture, winreg_pipe->binding_handle, "blubber"),
    3319             :                 "torture_samba3_deleteshare failed");
    3320             : 
    3321           0 :         return true;
    3322             : }
    3323             : 
    3324             : /*
    3325             :  * Test that even with a result of 0 rids the array is returned as a
    3326             :  * non-NULL pointer. Yes, XP does notice.
    3327             :  */
    3328             : 
    3329           4 : bool torture_samba3_getaliasmembership_0(struct torture_context *torture)
    3330             : {
    3331             :         struct dcerpc_pipe *p;
    3332             :         struct dcerpc_binding_handle *b;
    3333             :         struct samr_Connect2 c;
    3334             :         struct samr_OpenDomain o;
    3335             :         struct dom_sid sid;
    3336             :         struct lsa_SidPtr ptr;
    3337             :         struct lsa_SidArray sids;
    3338             :         struct samr_GetAliasMembership g;
    3339             :         struct samr_Ids rids;
    3340             :         struct policy_handle samr, domain;
    3341             : 
    3342           4 :         torture_assert_ntstatus_ok(torture,
    3343             :                 torture_rpc_connection(torture, &p, &ndr_table_samr),
    3344             :                 "failed to setup samr");
    3345             : 
    3346           4 :         b = p->binding_handle;
    3347             : 
    3348           4 :         c.in.system_name = NULL;
    3349           4 :         c.in.access_mask = SAMR_ACCESS_LOOKUP_DOMAIN;
    3350           4 :         c.out.connect_handle = &samr;
    3351           4 :         torture_assert_ntstatus_ok(torture,
    3352             :                 dcerpc_samr_Connect2_r(b, torture, &c),
    3353             :                 "");
    3354           4 :         torture_assert_ntstatus_ok(torture, c.out.result,
    3355             :                 "");
    3356           4 :         dom_sid_parse("S-1-5-32", &sid);
    3357           4 :         o.in.connect_handle = &samr;
    3358           4 :         o.in.access_mask = SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS;
    3359           4 :         o.in.sid = &sid;
    3360           4 :         o.out.domain_handle = &domain;
    3361           4 :         torture_assert_ntstatus_ok(torture,
    3362             :                 dcerpc_samr_OpenDomain_r(b, torture, &o),
    3363             :                 "");
    3364           4 :         torture_assert_ntstatus_ok(torture, o.out.result,
    3365             :                 "");
    3366           4 :         dom_sid_parse("S-1-2-3-4-5", &sid);
    3367           4 :         ptr.sid = &sid;
    3368           4 :         sids.num_sids = 1;
    3369           4 :         sids.sids = &ptr;
    3370           4 :         g.in.domain_handle = &domain;
    3371           4 :         g.in.sids = &sids;
    3372           4 :         g.out.rids = &rids;
    3373           4 :         torture_assert_ntstatus_ok(torture,
    3374             :                 dcerpc_samr_GetAliasMembership_r(b, torture, &g),
    3375             :                 "");
    3376           4 :         torture_assert_ntstatus_ok(torture, g.out.result,
    3377             :                 "");
    3378           4 :         if (rids.ids == NULL) {
    3379             :                 /* This is the piece to test here */
    3380           0 :                 torture_fail(torture,
    3381             :                         "torture_samba3_getaliasmembership_0: "
    3382             :                         "Server returns NULL rids array\n");
    3383             :         }
    3384             : 
    3385           4 :         return true;
    3386             : }
    3387             : 
    3388             : /**
    3389             :  * Test smb reauthentication while rpc pipe is in use.
    3390             :  */
    3391           4 : static bool torture_rpc_smb_reauth1(struct torture_context *torture)
    3392             : {
    3393             :         TALLOC_CTX *mem_ctx;
    3394             :         NTSTATUS status;
    3395           4 :         bool ret = false;
    3396             :         struct smbcli_state *cli;
    3397             :         struct smbcli_options options;
    3398             :         struct smbcli_session_options session_options;
    3399             : 
    3400             :         struct dcerpc_pipe *lsa_pipe;
    3401             :         struct dcerpc_binding_handle *lsa_handle;
    3402             :         struct lsa_GetUserName r;
    3403           4 :         struct lsa_String *authority_name_p = NULL;
    3404           4 :         char *authority_name_saved = NULL;
    3405           4 :         struct lsa_String *account_name_p = NULL;
    3406           4 :         char *account_name_saved = NULL;
    3407           4 :         struct cli_credentials *anon_creds = NULL;
    3408             :         struct smb_composite_sesssetup io;
    3409             : 
    3410           4 :         mem_ctx = talloc_init("torture_samba3_reauth");
    3411           4 :         torture_assert(torture, (mem_ctx != NULL), "talloc_init failed");
    3412             : 
    3413           4 :         lpcfg_smbcli_options(torture->lp_ctx, &options);
    3414           4 :         lpcfg_smbcli_session_options(torture->lp_ctx, &session_options);
    3415             : 
    3416           4 :         status = smbcli_full_connection(mem_ctx, &cli,
    3417             :                                         torture_setting_string(torture, "host", NULL),
    3418             :                                         lpcfg_smb_ports(torture->lp_ctx),
    3419             :                                         "IPC$", NULL,
    3420             :                                         lpcfg_socket_options(torture->lp_ctx),
    3421             :                                         samba_cmdline_get_creds(),
    3422             :                                         lpcfg_resolve_context(torture->lp_ctx),
    3423             :                                         torture->ev, &options, &session_options,
    3424             :                                         lpcfg_gensec_settings(torture, torture->lp_ctx));
    3425           4 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    3426             :                                         "smbcli_full_connection failed");
    3427             : 
    3428           4 :         status = pipe_bind_smb(torture, mem_ctx, cli->tree, "\\lsarpc",
    3429             :                                &ndr_table_lsarpc, &lsa_pipe);
    3430           4 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    3431             :                                         "pipe_bind_smb failed");
    3432           4 :         lsa_handle = lsa_pipe->binding_handle;
    3433             : 
    3434             :         /* lsa getusername */
    3435             : 
    3436           4 :         ZERO_STRUCT(r);
    3437           4 :         r.in.system_name = "\\";
    3438           4 :         r.in.account_name = &account_name_p;
    3439           4 :         r.in.authority_name = &authority_name_p;
    3440           4 :         r.out.account_name = &account_name_p;
    3441             : 
    3442           4 :         status = dcerpc_lsa_GetUserName_r(lsa_handle, mem_ctx, &r);
    3443             : 
    3444           4 :         authority_name_p = *r.out.authority_name;
    3445             : 
    3446           4 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    3447             :                                         "GetUserName failed");
    3448           4 :         torture_assert_ntstatus_ok_goto(torture, r.out.result, ret, done,
    3449             :                                         "GetUserName failed");
    3450             : 
    3451           7 :         torture_comment(torture, "lsa_GetUserName gave '%s\\%s'\n",
    3452           4 :                         authority_name_p->string,
    3453           4 :                         account_name_p->string);
    3454             : 
    3455           4 :         account_name_saved = talloc_strdup(mem_ctx, account_name_p->string);
    3456           4 :         torture_assert_goto(torture, (account_name_saved != NULL), ret, done,
    3457             :                             "talloc failed");
    3458           4 :         authority_name_saved = talloc_strdup(mem_ctx, authority_name_p->string);
    3459           4 :         torture_assert_goto(torture, (authority_name_saved != NULL), ret, done,
    3460             :                             "talloc failed");
    3461             : 
    3462             :         /* smb re-authenticate as anonymous */
    3463             : 
    3464           4 :         anon_creds = cli_credentials_init_anon(mem_ctx);
    3465             : 
    3466           4 :         ZERO_STRUCT(io);
    3467           4 :         io.in.sesskey         = cli->transport->negotiate.sesskey;
    3468           4 :         io.in.capabilities    = cli->transport->negotiate.capabilities;
    3469           4 :         io.in.credentials     = anon_creds;
    3470           4 :         io.in.workgroup       = lpcfg_workgroup(torture->lp_ctx);
    3471           4 :         io.in.gensec_settings = lpcfg_gensec_settings(torture, torture->lp_ctx);
    3472             : 
    3473           4 :         status = smb_composite_sesssetup(cli->session, &io);
    3474           4 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    3475             :                                         "session reauth to anon failed");
    3476             : 
    3477             :         /* re-do lsa getusername after reauth */
    3478             : 
    3479           4 :         TALLOC_FREE(authority_name_p);
    3480           4 :         TALLOC_FREE(account_name_p);
    3481           4 :         ZERO_STRUCT(r);
    3482           4 :         r.in.system_name = "\\";
    3483           4 :         r.in.account_name = &account_name_p;
    3484           4 :         r.in.authority_name = &authority_name_p;
    3485           4 :         r.out.account_name = &account_name_p;
    3486             : 
    3487           4 :         status = dcerpc_lsa_GetUserName_r(lsa_handle, mem_ctx, &r);
    3488             : 
    3489           4 :         authority_name_p = *r.out.authority_name;
    3490             : 
    3491           4 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    3492             :                                         "GetUserName failed");
    3493           4 :         torture_assert_ntstatus_ok_goto(torture, r.out.result, ret, done,
    3494             :                                         "GetUserName failed");
    3495             : 
    3496           4 :         torture_assert_goto(torture, (strcmp(authority_name_p->string, authority_name_saved) == 0),
    3497             :                             ret, done, "authority_name not equal after reauth to anon");
    3498           4 :         torture_assert_goto(torture, (strcmp(account_name_p->string, account_name_saved) == 0),
    3499             :                             ret, done, "account_name not equal after reauth to anon");
    3500             : 
    3501             :         /* smb re-auth again to the original user */
    3502             : 
    3503           4 :         ZERO_STRUCT(io);
    3504           4 :         io.in.sesskey         = cli->transport->negotiate.sesskey;
    3505           4 :         io.in.capabilities    = cli->transport->negotiate.capabilities;
    3506           4 :         io.in.credentials     = samba_cmdline_get_creds();
    3507           4 :         io.in.workgroup       = lpcfg_workgroup(torture->lp_ctx);
    3508           4 :         io.in.gensec_settings = lpcfg_gensec_settings(torture, torture->lp_ctx);
    3509             : 
    3510           4 :         status = smb_composite_sesssetup(cli->session, &io);
    3511           4 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    3512             :                                         "session reauth to anon failed");
    3513             : 
    3514             :         /* re-do lsa getusername */
    3515             : 
    3516           4 :         TALLOC_FREE(authority_name_p);
    3517           4 :         TALLOC_FREE(account_name_p);
    3518           4 :         ZERO_STRUCT(r);
    3519           4 :         r.in.system_name = "\\";
    3520           4 :         r.in.account_name = &account_name_p;
    3521           4 :         r.in.authority_name = &authority_name_p;
    3522           4 :         r.out.account_name = &account_name_p;
    3523             : 
    3524           4 :         status = dcerpc_lsa_GetUserName_r(lsa_handle, mem_ctx, &r);
    3525             : 
    3526           4 :         authority_name_p = *r.out.authority_name;
    3527             : 
    3528           4 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    3529             :                                         "GetUserName failed");
    3530           4 :         torture_assert_ntstatus_ok_goto(torture, r.out.result, ret, done,
    3531             :                                         "GetUserName failed");
    3532             : 
    3533           4 :         torture_assert_goto(torture, (strcmp(authority_name_p->string, authority_name_saved) == 0),
    3534             :                             ret, done, "authority_name not equal after reauth to anon");
    3535           4 :         torture_assert_goto(torture, (strcmp(account_name_p->string, account_name_saved) == 0),
    3536             :                             ret, done, "account_name not equal after reauth to anon");
    3537             : 
    3538           4 :         ret = true;
    3539             : 
    3540           4 : done:
    3541           4 :         talloc_free(mem_ctx);
    3542           4 :         return ret;
    3543             : }
    3544             : 
    3545             : /**
    3546             :  * Test smb reauthentication while rpc pipe is in use.
    3547             :  * Open a second lsa bind after reauth to anon.
    3548             :  * Do lsa getusername on that second bind.
    3549             :  */
    3550           4 : static bool torture_rpc_smb_reauth2(struct torture_context *torture)
    3551             : {
    3552             :         TALLOC_CTX *mem_ctx;
    3553             :         NTSTATUS status;
    3554           4 :         bool ret = false;
    3555             :         struct smbcli_state *cli;
    3556             :         struct smbcli_options options;
    3557             :         struct smbcli_session_options session_options;
    3558             : 
    3559             :         struct dcerpc_pipe *lsa_pipe;
    3560             :         struct dcerpc_binding_handle *lsa_handle;
    3561             :         struct lsa_GetUserName r;
    3562           4 :         struct lsa_String *authority_name_p = NULL;
    3563           4 :         char *authority_name_saved = NULL;
    3564           4 :         struct lsa_String *account_name_p = NULL;
    3565           4 :         char *account_name_saved = NULL;
    3566           4 :         struct cli_credentials *anon_creds = NULL;
    3567             :         struct smb_composite_sesssetup io;
    3568             : 
    3569           4 :         mem_ctx = talloc_init("torture_samba3_reauth");
    3570           4 :         torture_assert(torture, (mem_ctx != NULL), "talloc_init failed");
    3571             : 
    3572           4 :         lpcfg_smbcli_options(torture->lp_ctx, &options);
    3573           4 :         lpcfg_smbcli_session_options(torture->lp_ctx, &session_options);
    3574             : 
    3575           4 :         status = smbcli_full_connection(mem_ctx, &cli,
    3576             :                                         torture_setting_string(torture, "host", NULL),
    3577             :                                         lpcfg_smb_ports(torture->lp_ctx),
    3578             :                                         "IPC$", NULL,
    3579             :                                         lpcfg_socket_options(torture->lp_ctx),
    3580             :                                         samba_cmdline_get_creds(),
    3581             :                                         lpcfg_resolve_context(torture->lp_ctx),
    3582             :                                         torture->ev, &options, &session_options,
    3583             :                                         lpcfg_gensec_settings(torture, torture->lp_ctx));
    3584           4 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    3585             :                                         "smbcli_full_connection failed");
    3586             : 
    3587             :         /* smb re-authenticate as anonymous */
    3588             : 
    3589           4 :         anon_creds = cli_credentials_init_anon(mem_ctx);
    3590             : 
    3591           4 :         ZERO_STRUCT(io);
    3592           4 :         io.in.sesskey         = cli->transport->negotiate.sesskey;
    3593           4 :         io.in.capabilities    = cli->transport->negotiate.capabilities;
    3594           4 :         io.in.credentials     = anon_creds;
    3595           4 :         io.in.workgroup       = lpcfg_workgroup(torture->lp_ctx);
    3596           4 :         io.in.gensec_settings = lpcfg_gensec_settings(torture, torture->lp_ctx);
    3597             : 
    3598           4 :         status = smb_composite_sesssetup(cli->session, &io);
    3599           4 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    3600             :                                         "session reauth to anon failed");
    3601             : 
    3602             :         /* open the lsa pipe */
    3603             : 
    3604           4 :         status = pipe_bind_smb(torture, mem_ctx, cli->tree, "\\lsarpc",
    3605             :                                &ndr_table_lsarpc, &lsa_pipe);
    3606           4 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    3607             :                                         "pipe_bind_smb failed");
    3608           4 :         lsa_handle = lsa_pipe->binding_handle;
    3609             : 
    3610             :         /* lsa getusername */
    3611             : 
    3612           4 :         ZERO_STRUCT(r);
    3613           4 :         r.in.system_name = "\\";
    3614           4 :         r.in.account_name = &account_name_p;
    3615           4 :         r.in.authority_name = &authority_name_p;
    3616           4 :         r.out.account_name = &account_name_p;
    3617             : 
    3618           4 :         status = dcerpc_lsa_GetUserName_r(lsa_handle, mem_ctx, &r);
    3619             : 
    3620           4 :         authority_name_p = *r.out.authority_name;
    3621             : 
    3622           4 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    3623             :                                         "GetUserName failed");
    3624           4 :         torture_assert_ntstatus_ok_goto(torture, r.out.result, ret, done,
    3625             :                                         "GetUserName failed");
    3626             : 
    3627           7 :         torture_comment(torture, "lsa_GetUserName gave '%s\\%s'\n",
    3628           4 :                         authority_name_p->string,
    3629           4 :                         account_name_p->string);
    3630             : 
    3631           4 :         account_name_saved = talloc_strdup(mem_ctx, account_name_p->string);
    3632           4 :         torture_assert_goto(torture, (account_name_saved != NULL), ret, done,
    3633             :                             "talloc failed");
    3634           4 :         authority_name_saved = talloc_strdup(mem_ctx, authority_name_p->string);
    3635           4 :         torture_assert_goto(torture, (authority_name_saved != NULL), ret, done,
    3636             :                             "talloc failed");
    3637             : 
    3638             :         /* smb re-auth again to the original user */
    3639             : 
    3640           4 :         ZERO_STRUCT(io);
    3641           4 :         io.in.sesskey         = cli->transport->negotiate.sesskey;
    3642           4 :         io.in.capabilities    = cli->transport->negotiate.capabilities;
    3643           4 :         io.in.credentials     = samba_cmdline_get_creds();
    3644           4 :         io.in.workgroup       = lpcfg_workgroup(torture->lp_ctx);
    3645           4 :         io.in.gensec_settings = lpcfg_gensec_settings(torture, torture->lp_ctx);
    3646             : 
    3647           4 :         status = smb_composite_sesssetup(cli->session, &io);
    3648           4 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    3649             :                                         "session reauth to anon failed");
    3650             : 
    3651             :         /* re-do lsa getusername after reauth */
    3652             : 
    3653           4 :         TALLOC_FREE(authority_name_p);
    3654           4 :         TALLOC_FREE(account_name_p);
    3655           4 :         ZERO_STRUCT(r);
    3656           4 :         r.in.system_name = "\\";
    3657           4 :         r.in.account_name = &account_name_p;
    3658           4 :         r.in.authority_name = &authority_name_p;
    3659           4 :         r.out.account_name = &account_name_p;
    3660             : 
    3661           4 :         status = dcerpc_lsa_GetUserName_r(lsa_handle, mem_ctx, &r);
    3662             : 
    3663           4 :         authority_name_p = *r.out.authority_name;
    3664             : 
    3665           4 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    3666             :                                         "GetUserName failed");
    3667           4 :         torture_assert_ntstatus_ok_goto(torture, r.out.result, ret, done,
    3668             :                                         "GetUserName failed");
    3669             : 
    3670           4 :         torture_assert_goto(torture, (strcmp(authority_name_p->string, authority_name_saved) == 0),
    3671             :                             ret, done, "authority_name not equal after reauth to anon");
    3672           4 :         torture_assert_goto(torture, (strcmp(account_name_p->string, account_name_saved) == 0),
    3673             :                             ret, done, "account_name not equal after reauth to anon");
    3674             : 
    3675           4 :         ret = true;
    3676             : 
    3677           4 : done:
    3678           4 :         talloc_free(mem_ctx);
    3679           4 :         return ret;
    3680             : }
    3681             : 
    3682             : /**
    3683             :  * Test smb2 reauthentication while rpc pipe is in use.
    3684             :  */
    3685           0 : static bool torture_rpc_smb2_reauth1(struct torture_context *torture)
    3686             : {
    3687             :         TALLOC_CTX *mem_ctx;
    3688             :         NTSTATUS status;
    3689           0 :         bool ret = false;
    3690             :         struct smbcli_options options;
    3691             : 
    3692             :         struct dcerpc_pipe *lsa_pipe;
    3693             :         struct dcerpc_binding_handle *lsa_handle;
    3694             :         struct lsa_GetUserName r;
    3695           0 :         struct lsa_String *authority_name_p = NULL;
    3696           0 :         char *authority_name_saved = NULL;
    3697           0 :         struct lsa_String *account_name_p = NULL;
    3698           0 :         char *account_name_saved = NULL;
    3699           0 :         struct cli_credentials *anon_creds = NULL;
    3700           0 :         const char *host = torture_setting_string(torture, "host", NULL);
    3701             :         struct smb2_tree *tree;
    3702             : 
    3703           0 :         mem_ctx = talloc_init("torture_samba3_reauth");
    3704           0 :         torture_assert(torture, (mem_ctx != NULL), "talloc_init failed");
    3705             : 
    3706           0 :         lpcfg_smbcli_options(torture->lp_ctx, &options);
    3707             : 
    3708           0 :         status = smb2_connect(mem_ctx,
    3709             :                               host,
    3710             :                               lpcfg_smb_ports(torture->lp_ctx),
    3711             :                               "IPC$",
    3712             :                               lpcfg_resolve_context(torture->lp_ctx),
    3713             :                               samba_cmdline_get_creds(),
    3714             :                               &tree,
    3715             :                               torture->ev,
    3716             :                               &options,
    3717             :                               lpcfg_socket_options(torture->lp_ctx),
    3718             :                               lpcfg_gensec_settings(torture, torture->lp_ctx)
    3719             :                               );
    3720           0 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    3721             :                                         "smb2_connect failed");
    3722             : 
    3723           0 :         status = pipe_bind_smb2(torture, mem_ctx, tree, "lsarpc",
    3724             :                                 &ndr_table_lsarpc, &lsa_pipe);
    3725           0 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    3726             :                                         "pipe_bind_smb2 failed");
    3727           0 :         lsa_handle = lsa_pipe->binding_handle;
    3728             : 
    3729             :         /* lsa getusername */
    3730             : 
    3731           0 :         ZERO_STRUCT(r);
    3732           0 :         r.in.system_name = "\\";
    3733           0 :         r.in.account_name = &account_name_p;
    3734           0 :         r.in.authority_name = &authority_name_p;
    3735           0 :         r.out.account_name = &account_name_p;
    3736             : 
    3737           0 :         status = dcerpc_lsa_GetUserName_r(lsa_handle, mem_ctx, &r);
    3738             : 
    3739           0 :         authority_name_p = *r.out.authority_name;
    3740             : 
    3741           0 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    3742             :                                         "GetUserName failed");
    3743           0 :         torture_assert_ntstatus_ok_goto(torture, r.out.result, ret, done,
    3744             :                                         "GetUserName failed");
    3745             : 
    3746           0 :         torture_comment(torture, "lsa_GetUserName gave '%s\\%s'\n",
    3747           0 :                         authority_name_p->string,
    3748           0 :                         account_name_p->string);
    3749             : 
    3750           0 :         account_name_saved = talloc_strdup(mem_ctx, account_name_p->string);
    3751           0 :         torture_assert_goto(torture, (account_name_saved != NULL), ret, done,
    3752             :                             "talloc failed");
    3753           0 :         authority_name_saved = talloc_strdup(mem_ctx, authority_name_p->string);
    3754           0 :         torture_assert_goto(torture, (authority_name_saved != NULL), ret, done,
    3755             :                             "talloc failed");
    3756             : 
    3757             :         /* smb re-authenticate as anonymous */
    3758             : 
    3759           0 :         anon_creds = cli_credentials_init_anon(mem_ctx);
    3760             : 
    3761           0 :         status = smb2_session_setup_spnego(tree->session,
    3762             :                                            anon_creds,
    3763             :                                            0 /* previous_session_id */);
    3764           0 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    3765             :                                         "session reauth to anon failed");
    3766             : 
    3767             :         /* re-do lsa getusername after reauth */
    3768             : 
    3769           0 :         TALLOC_FREE(authority_name_p);
    3770           0 :         TALLOC_FREE(account_name_p);
    3771           0 :         ZERO_STRUCT(r);
    3772           0 :         r.in.system_name = "\\";
    3773           0 :         r.in.account_name = &account_name_p;
    3774           0 :         r.in.authority_name = &authority_name_p;
    3775           0 :         r.out.account_name = &account_name_p;
    3776             : 
    3777           0 :         status = dcerpc_lsa_GetUserName_r(lsa_handle, mem_ctx, &r);
    3778             : 
    3779           0 :         authority_name_p = *r.out.authority_name;
    3780             : 
    3781           0 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    3782             :                                         "GetUserName failed");
    3783           0 :         torture_assert_ntstatus_ok_goto(torture, r.out.result, ret, done,
    3784             :                                         "GetUserName failed");
    3785             : 
    3786           0 :         torture_assert_goto(torture, (strcmp(authority_name_p->string, authority_name_saved) == 0),
    3787             :                             ret, done, "authority_name not equal after reauth to anon");
    3788           0 :         torture_assert_goto(torture, (strcmp(account_name_p->string, account_name_saved) == 0),
    3789             :                             ret, done, "account_name not equal after reauth to anon");
    3790             : 
    3791             :         /* smb re-auth again to the original user */
    3792             : 
    3793           0 :         status = smb2_session_setup_spnego(tree->session,
    3794             :                                            samba_cmdline_get_creds(),
    3795             :                                            0 /* previous_session_id */);
    3796           0 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    3797             :                                         "session reauth to anon failed");
    3798             : 
    3799             :         /* re-do lsa getusername */
    3800             : 
    3801           0 :         TALLOC_FREE(authority_name_p);
    3802           0 :         TALLOC_FREE(account_name_p);
    3803           0 :         ZERO_STRUCT(r);
    3804           0 :         r.in.system_name = "\\";
    3805           0 :         r.in.account_name = &account_name_p;
    3806           0 :         r.in.authority_name = &authority_name_p;
    3807           0 :         r.out.account_name = &account_name_p;
    3808             : 
    3809           0 :         status = dcerpc_lsa_GetUserName_r(lsa_handle, mem_ctx, &r);
    3810             : 
    3811           0 :         authority_name_p = *r.out.authority_name;
    3812             : 
    3813           0 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    3814             :                                         "GetUserName failed");
    3815           0 :         torture_assert_ntstatus_ok_goto(torture, r.out.result, ret, done,
    3816             :                                         "GetUserName failed");
    3817             : 
    3818           0 :         torture_assert_goto(torture, (strcmp(authority_name_p->string, authority_name_saved) == 0),
    3819             :                             ret, done, "authority_name not equal after reauth to anon");
    3820           0 :         torture_assert_goto(torture, (strcmp(account_name_p->string, account_name_saved) == 0),
    3821             :                             ret, done, "account_name not equal after reauth to anon");
    3822             : 
    3823           0 :         ret = true;
    3824             : 
    3825           0 : done:
    3826           0 :         talloc_free(mem_ctx);
    3827           0 :         return ret;
    3828             : }
    3829             : 
    3830             : /**
    3831             :  * Test smb2 reauthentication while rpc pipe is in use.
    3832             :  * Open a second lsa bind after reauth to anon.
    3833             :  * Do lsa getusername on that second bind.
    3834             :  */
    3835           0 : static bool torture_rpc_smb2_reauth2(struct torture_context *torture)
    3836             : {
    3837             :         TALLOC_CTX *mem_ctx;
    3838             :         NTSTATUS status;
    3839           0 :         bool ret = false;
    3840             :         struct smbcli_options options;
    3841             : 
    3842             :         struct dcerpc_pipe *lsa_pipe;
    3843             :         struct dcerpc_binding_handle *lsa_handle;
    3844             :         struct lsa_GetUserName r;
    3845           0 :         struct lsa_String *authority_name_p = NULL;
    3846           0 :         char *authority_name_saved = NULL;
    3847           0 :         struct lsa_String *account_name_p = NULL;
    3848           0 :         char *account_name_saved = NULL;
    3849           0 :         struct cli_credentials *anon_creds = NULL;
    3850           0 :         const char *host = torture_setting_string(torture, "host", NULL);
    3851             :         struct smb2_tree *tree;
    3852             : 
    3853           0 :         mem_ctx = talloc_init("torture_samba3_reauth");
    3854           0 :         torture_assert(torture, (mem_ctx != NULL), "talloc_init failed");
    3855             : 
    3856           0 :         lpcfg_smbcli_options(torture->lp_ctx, &options);
    3857             : 
    3858           0 :         status = smb2_connect(mem_ctx,
    3859             :                               host,
    3860             :                               lpcfg_smb_ports(torture->lp_ctx),
    3861             :                               "IPC$",
    3862             :                               lpcfg_resolve_context(torture->lp_ctx),
    3863             :                               samba_cmdline_get_creds(),
    3864             :                               &tree,
    3865             :                               torture->ev,
    3866             :                               &options,
    3867             :                               lpcfg_socket_options(torture->lp_ctx),
    3868             :                               lpcfg_gensec_settings(torture, torture->lp_ctx)
    3869             :                               );
    3870           0 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    3871             :                                         "smb2_connect failed");
    3872             : 
    3873             :         /* smb re-authenticate as anonymous */
    3874             : 
    3875           0 :         anon_creds = cli_credentials_init_anon(mem_ctx);
    3876             : 
    3877           0 :         status = smb2_session_setup_spnego(tree->session,
    3878             :                                            anon_creds,
    3879             :                                            0 /* previous_session_id */);
    3880           0 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    3881             :                                         "session reauth to anon failed");
    3882             : 
    3883             :         /* open the lsa pipe */
    3884             : 
    3885           0 :         status = pipe_bind_smb2(torture, mem_ctx, tree, "lsarpc",
    3886             :                                 &ndr_table_lsarpc, &lsa_pipe);
    3887           0 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    3888             :                                         "pipe_bind_smb2 failed");
    3889           0 :         lsa_handle = lsa_pipe->binding_handle;
    3890             : 
    3891             :         /* lsa getusername */
    3892             : 
    3893           0 :         ZERO_STRUCT(r);
    3894           0 :         r.in.system_name = "\\";
    3895           0 :         r.in.account_name = &account_name_p;
    3896           0 :         r.in.authority_name = &authority_name_p;
    3897           0 :         r.out.account_name = &account_name_p;
    3898             : 
    3899           0 :         status = dcerpc_lsa_GetUserName_r(lsa_handle, mem_ctx, &r);
    3900             : 
    3901           0 :         authority_name_p = *r.out.authority_name;
    3902             : 
    3903           0 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    3904             :                                         "GetUserName failed");
    3905           0 :         torture_assert_ntstatus_ok_goto(torture, r.out.result, ret, done,
    3906             :                                         "GetUserName failed");
    3907             : 
    3908           0 :         torture_comment(torture, "lsa_GetUserName gave '%s\\%s'\n",
    3909           0 :                         authority_name_p->string,
    3910           0 :                         account_name_p->string);
    3911             : 
    3912           0 :         account_name_saved = talloc_strdup(mem_ctx, account_name_p->string);
    3913           0 :         torture_assert_goto(torture, (account_name_saved != NULL), ret, done,
    3914             :                             "talloc failed");
    3915           0 :         authority_name_saved = talloc_strdup(mem_ctx, authority_name_p->string);
    3916           0 :         torture_assert_goto(torture, (authority_name_saved != NULL), ret, done,
    3917             :                             "talloc failed");
    3918             : 
    3919             :         /* smb re-auth again to the original user */
    3920             : 
    3921           0 :         status = smb2_session_setup_spnego(tree->session,
    3922             :                                            samba_cmdline_get_creds(),
    3923             :                                            0 /* previous_session_id */);
    3924           0 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    3925             :                                         "session reauth to anon failed");
    3926             : 
    3927             :         /* re-do lsa getusername */
    3928             : 
    3929           0 :         TALLOC_FREE(authority_name_p);
    3930           0 :         TALLOC_FREE(account_name_p);
    3931           0 :         ZERO_STRUCT(r);
    3932           0 :         r.in.system_name = "\\";
    3933           0 :         r.in.account_name = &account_name_p;
    3934           0 :         r.in.authority_name = &authority_name_p;
    3935           0 :         r.out.account_name = &account_name_p;
    3936             : 
    3937           0 :         status = dcerpc_lsa_GetUserName_r(lsa_handle, mem_ctx, &r);
    3938             : 
    3939           0 :         authority_name_p = *r.out.authority_name;
    3940             : 
    3941           0 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    3942             :                                         "GetUserName failed");
    3943           0 :         torture_assert_ntstatus_ok_goto(torture, r.out.result, ret, done,
    3944             :                                         "GetUserName failed");
    3945             : 
    3946           0 :         torture_assert_goto(torture, (strcmp(authority_name_p->string, authority_name_saved) == 0),
    3947             :                             ret, done, "authority_name not equal after reauth to anon");
    3948           0 :         torture_assert_goto(torture, (strcmp(account_name_p->string, account_name_saved) == 0),
    3949             :                             ret, done, "account_name not equal after reauth to anon");
    3950             : 
    3951           0 :         ret = true;
    3952             : 
    3953           0 : done:
    3954           0 :         talloc_free(mem_ctx);
    3955           0 :         return ret;
    3956             : }
    3957             : 
    3958           4 : static bool torture_rpc_smb1_pipe_name(struct torture_context *torture)
    3959             : {
    3960             :         TALLOC_CTX *mem_ctx;
    3961             :         NTSTATUS status;
    3962           4 :         bool ret = false;
    3963             :         struct smbcli_state *cli;
    3964             :         struct smbcli_options options;
    3965             :         struct smbcli_session_options session_options;
    3966             :         union smb_open io;
    3967             :         union smb_close cl;
    3968             :         uint16_t fnum;
    3969             : 
    3970           4 :         mem_ctx = talloc_init("torture_samba3_smb1_pipe_name");
    3971           4 :         torture_assert(torture, (mem_ctx != NULL), "talloc_init failed");
    3972             : 
    3973           4 :         lpcfg_smbcli_options(torture->lp_ctx, &options);
    3974           4 :         lpcfg_smbcli_session_options(torture->lp_ctx, &session_options);
    3975             : 
    3976           4 :         status = smbcli_full_connection(mem_ctx, &cli,
    3977             :                                         torture_setting_string(torture, "host", NULL),
    3978             :                                         lpcfg_smb_ports(torture->lp_ctx),
    3979             :                                         "IPC$", NULL,
    3980             :                                         lpcfg_socket_options(torture->lp_ctx),
    3981             :                                         samba_cmdline_get_creds(),
    3982             :                                         lpcfg_resolve_context(torture->lp_ctx),
    3983             :                                         torture->ev, &options, &session_options,
    3984             :                                         lpcfg_gensec_settings(torture, torture->lp_ctx));
    3985           4 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    3986             :                                         "smbcli_full_connection failed");
    3987             : 
    3988           4 :         ZERO_STRUCT(io);
    3989           4 :         io.generic.level = RAW_OPEN_NTCREATEX;
    3990           4 :         io.ntcreatex.in.access_mask = DESIRED_ACCESS_PIPE;
    3991           4 :         io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
    3992             :                                        NTCREATEX_SHARE_ACCESS_WRITE;
    3993           4 :         io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
    3994           4 :         io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_IMPERSONATION;
    3995           4 :         io.ntcreatex.in.security_flags = 0;
    3996             : 
    3997           4 :         io.ntcreatex.in.fname = "__none__";
    3998           4 :         status = smb_raw_open(cli->tree, torture, &io);
    3999           4 :         torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
    4000             :                                            ret, done,
    4001             :                                            "smb_raw_open for '__none__'");
    4002             : 
    4003           4 :         io.ntcreatex.in.fname = "pipe\\srvsvc";
    4004           4 :         status = smb_raw_open(cli->tree, torture, &io);
    4005           4 :         torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
    4006             :                                            ret, done,
    4007             :                                            "smb_raw_open for 'pipe\\srvsvc'");
    4008             : 
    4009           4 :         io.ntcreatex.in.fname = "\\pipe\\srvsvc";
    4010           4 :         status = smb_raw_open(cli->tree, torture, &io);
    4011           4 :         torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
    4012             :                                            ret, done,
    4013             :                                            "smb_raw_open for '\\pipe\\srvsvc'");
    4014             : 
    4015           4 :         io.ntcreatex.in.fname = "srvsvc";
    4016           4 :         status = smb_raw_open(cli->tree, torture, &io);
    4017           4 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    4018             :                                         "smb2_create failed for 'srvsvc'");
    4019           4 :         fnum = io.ntcreatex.out.file.fnum;
    4020           4 :         ZERO_STRUCT(cl);
    4021           4 :         cl.generic.level = RAW_CLOSE_CLOSE;
    4022           4 :         cl.close.in.file.fnum = fnum;
    4023           4 :         status = smb_raw_close(cli->tree, &cl);
    4024           4 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    4025             :                                         "smb_raw_close failed");
    4026             : 
    4027           4 :         io.ntcreatex.in.fname = "\\srvsvc";
    4028           4 :         status = smb_raw_open(cli->tree, torture, &io);
    4029           4 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    4030             :                                         "smb2_create failed for '\\srvsvc'");
    4031           4 :         fnum = io.ntcreatex.out.file.fnum;
    4032           4 :         ZERO_STRUCT(cl);
    4033           4 :         cl.generic.level = RAW_CLOSE_CLOSE;
    4034           4 :         cl.close.in.file.fnum = fnum;
    4035           4 :         status = smb_raw_close(cli->tree, &cl);
    4036           4 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    4037             :                                         "smb_raw_close failed");
    4038             : 
    4039           4 :         io.ntcreatex.in.fname = "\\\\\\\\\\srvsvc";
    4040           4 :         status = smb_raw_open(cli->tree, torture, &io);
    4041           4 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    4042             :                                         "smb2_create failed for '\\\\\\\\\\srvsvc'");
    4043           4 :         fnum = io.ntcreatex.out.file.fnum;
    4044           4 :         ZERO_STRUCT(cl);
    4045           4 :         cl.generic.level = RAW_CLOSE_CLOSE;
    4046           4 :         cl.close.in.file.fnum = fnum;
    4047           4 :         status = smb_raw_close(cli->tree, &cl);
    4048           4 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    4049             :                                         "smb_raw_close failed");
    4050             : 
    4051           4 :         ZERO_STRUCT(io);
    4052           4 :         io.generic.level = RAW_OPEN_NTTRANS_CREATE;
    4053           4 :         io.nttrans.in.access_mask = DESIRED_ACCESS_PIPE;
    4054           4 :         io.nttrans.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
    4055             :                                        NTCREATEX_SHARE_ACCESS_WRITE;
    4056           4 :         io.nttrans.in.open_disposition = NTCREATEX_DISP_OPEN;
    4057           4 :         io.nttrans.in.impersonation = NTCREATEX_IMPERSONATION_IMPERSONATION;
    4058           4 :         io.nttrans.in.security_flags = 0;
    4059             : 
    4060           4 :         io.nttrans.in.fname = "__none__";
    4061           4 :         status = smb_raw_open(cli->tree, torture, &io);
    4062           4 :         torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
    4063             :                                            ret, done,
    4064             :                                            "smb_raw_open for '__none__'");
    4065             : 
    4066           4 :         io.nttrans.in.fname = "pipe\\srvsvc";
    4067           4 :         status = smb_raw_open(cli->tree, torture, &io);
    4068           4 :         torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
    4069             :                                            ret, done,
    4070             :                                            "smb_raw_open for 'pipe\\srvsvc'");
    4071             : 
    4072           4 :         io.nttrans.in.fname = "\\pipe\\srvsvc";
    4073           4 :         status = smb_raw_open(cli->tree, torture, &io);
    4074           4 :         torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
    4075             :                                            ret, done,
    4076             :                                            "smb_raw_open for '\\pipe\\srvsvc'");
    4077             : 
    4078           4 :         io.nttrans.in.fname = "srvsvc";
    4079           4 :         status = smb_raw_open(cli->tree, torture, &io);
    4080           4 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    4081             :                                         "smb2_create failed for 'srvsvc'");
    4082           4 :         fnum = io.nttrans.out.file.fnum;
    4083           4 :         ZERO_STRUCT(cl);
    4084           4 :         cl.generic.level = RAW_CLOSE_CLOSE;
    4085           4 :         cl.close.in.file.fnum = fnum;
    4086           4 :         status = smb_raw_close(cli->tree, &cl);
    4087           4 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    4088             :                                         "smb_raw_close failed");
    4089             : 
    4090           4 :         io.nttrans.in.fname = "\\srvsvc";
    4091           4 :         status = smb_raw_open(cli->tree, torture, &io);
    4092           4 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    4093             :                                         "smb2_create failed for '\\srvsvc'");
    4094           4 :         fnum = io.nttrans.out.file.fnum;
    4095           4 :         ZERO_STRUCT(cl);
    4096           4 :         cl.generic.level = RAW_CLOSE_CLOSE;
    4097           4 :         cl.close.in.file.fnum = fnum;
    4098           4 :         status = smb_raw_close(cli->tree, &cl);
    4099           4 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    4100             :                                         "smb_raw_close failed");
    4101             : 
    4102           4 :         io.nttrans.in.fname = "\\\\\\\\\\srvsvc";
    4103           4 :         status = smb_raw_open(cli->tree, torture, &io);
    4104           4 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    4105             :                                         "smb2_create failed for '\\\\\\\\\\srvsvc'");
    4106           4 :         fnum = io.nttrans.out.file.fnum;
    4107           4 :         ZERO_STRUCT(cl);
    4108           4 :         cl.generic.level = RAW_CLOSE_CLOSE;
    4109           4 :         cl.close.in.file.fnum = fnum;
    4110           4 :         status = smb_raw_close(cli->tree, &cl);
    4111           4 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    4112             :                                         "smb_raw_close failed");
    4113             : 
    4114           4 :         ZERO_STRUCT(io);
    4115           4 :         io.generic.level = RAW_OPEN_OPENX;
    4116           4 :         io.openx.in.open_mode = OPENX_MODE_ACCESS_RDWR;
    4117           4 :         io.openx.in.open_func = OPENX_OPEN_FUNC_OPEN;
    4118             : 
    4119           4 :         io.openx.in.fname = "__none__";
    4120           4 :         status = smb_raw_open(cli->tree, torture, &io);
    4121           4 :         torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_PATH_SYNTAX_BAD,
    4122             :                                            ret, done,
    4123             :                                            "smb_raw_open for '__none__'");
    4124             : 
    4125           4 :         io.openx.in.fname = "srvsvc";
    4126           4 :         status = smb_raw_open(cli->tree, torture, &io);
    4127           4 :         torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_PATH_SYNTAX_BAD,
    4128             :                                            ret, done,
    4129             :                                            "smb_raw_open for 'srvsvc'");
    4130             : 
    4131           4 :         io.openx.in.fname = "\\srvsvc";
    4132           4 :         status = smb_raw_open(cli->tree, torture, &io);
    4133           4 :         torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_PATH_SYNTAX_BAD,
    4134             :                                            ret, done,
    4135             :                                            "smb_raw_open for '\\srvsvc'");
    4136             : 
    4137           4 :         io.openx.in.fname = "\\pipesrvsvc";
    4138           4 :         status = smb_raw_open(cli->tree, torture, &io);
    4139           4 :         torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_PATH_SYNTAX_BAD,
    4140             :                                            ret, done,
    4141             :                                            "smb_raw_open for '\\pipesrvsvc'");
    4142             : 
    4143           4 :         io.openx.in.fname = "pipe\\__none__";
    4144           4 :         status = smb_raw_open(cli->tree, torture, &io);
    4145           4 :         torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
    4146             :                                            ret, done,
    4147             :                                            "smb_raw_open for 'pipe\\__none__'");
    4148             : 
    4149           4 :         io.openx.in.fname = "\\pipe\\__none__";
    4150           4 :         status = smb_raw_open(cli->tree, torture, &io);
    4151           4 :         torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
    4152             :                                            ret, done,
    4153             :                                            "smb_raw_open for '\\pipe\\__none__'");
    4154             : 
    4155           4 :         io.openx.in.fname = "pipe\\srvsvc";
    4156           4 :         status = smb_raw_open(cli->tree, torture, &io);
    4157           4 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    4158             :                                         "smb2_create failed for 'pipe\\srvsvc'");
    4159           4 :         fnum = io.openx.out.file.fnum;
    4160           4 :         ZERO_STRUCT(cl);
    4161           4 :         cl.generic.level = RAW_CLOSE_CLOSE;
    4162           4 :         cl.close.in.file.fnum = fnum;
    4163           4 :         status = smb_raw_close(cli->tree, &cl);
    4164           4 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    4165             :                                         "smb_raw_close failed");
    4166             : 
    4167           4 :         io.openx.in.fname = "\\pipe\\srvsvc";
    4168           4 :         status = smb_raw_open(cli->tree, torture, &io);
    4169           4 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    4170             :                                         "smb2_create failed for '\\pipe\\srvsvc'");
    4171           4 :         fnum = io.openx.out.file.fnum;
    4172           4 :         ZERO_STRUCT(cl);
    4173           4 :         cl.generic.level = RAW_CLOSE_CLOSE;
    4174           4 :         cl.close.in.file.fnum = fnum;
    4175           4 :         status = smb_raw_close(cli->tree, &cl);
    4176           4 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    4177             :                                         "smb_raw_close failed");
    4178             : 
    4179           4 :         io.openx.in.fname = "\\\\\\\\\\pipe\\srvsvc";
    4180           4 :         status = smb_raw_open(cli->tree, torture, &io);
    4181           4 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    4182             :                                         "smb2_create failed for '\\\\\\\\\\pipe\\srvsvc'");
    4183           4 :         fnum = io.openx.out.file.fnum;
    4184           4 :         ZERO_STRUCT(cl);
    4185           4 :         cl.generic.level = RAW_CLOSE_CLOSE;
    4186           4 :         cl.close.in.file.fnum = fnum;
    4187           4 :         status = smb_raw_close(cli->tree, &cl);
    4188           4 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    4189             :                                         "smb_raw_close failed");
    4190             : 
    4191           4 :         io.openx.in.fname = "\\\\\\\\\\pipe\\\\\\\\\\srvsvc";
    4192           4 :         status = smb_raw_open(cli->tree, torture, &io);
    4193           4 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    4194             :                                         "smb2_create failed for '\\\\\\\\\\pipe\\\\\\\\\\srvsvc'");
    4195           4 :         fnum = io.openx.out.file.fnum;
    4196           4 :         ZERO_STRUCT(cl);
    4197           4 :         cl.generic.level = RAW_CLOSE_CLOSE;
    4198           4 :         cl.close.in.file.fnum = fnum;
    4199           4 :         status = smb_raw_close(cli->tree, &cl);
    4200           4 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    4201             :                                         "smb_raw_close failed");
    4202           4 :         ret = true;
    4203             : 
    4204           4 : done:
    4205           4 :         talloc_free(mem_ctx);
    4206           4 :         return ret;
    4207             : }
    4208             : 
    4209           4 : static bool torture_rpc_smb2_pipe_name(struct torture_context *torture)
    4210             : {
    4211             :         TALLOC_CTX *mem_ctx;
    4212             :         NTSTATUS status;
    4213           4 :         bool ret = false;
    4214             :         struct smbcli_options options;
    4215           4 :         const char *host = torture_setting_string(torture, "host", NULL);
    4216             :         struct smb2_tree *tree;
    4217             :         struct smb2_handle h;
    4218             :         struct smb2_create io;
    4219             : 
    4220           4 :         mem_ctx = talloc_init("torture_samba3_smb2_pipe_name");
    4221           4 :         torture_assert(torture, (mem_ctx != NULL), "talloc_init failed");
    4222             : 
    4223           4 :         lpcfg_smbcli_options(torture->lp_ctx, &options);
    4224             : 
    4225           4 :         status = smb2_connect(mem_ctx,
    4226             :                               host,
    4227             :                               lpcfg_smb_ports(torture->lp_ctx),
    4228             :                               "IPC$",
    4229             :                               lpcfg_resolve_context(torture->lp_ctx),
    4230             :                               samba_cmdline_get_creds(),
    4231             :                               &tree,
    4232             :                               torture->ev,
    4233             :                               &options,
    4234             :                               lpcfg_socket_options(torture->lp_ctx),
    4235             :                               lpcfg_gensec_settings(torture, torture->lp_ctx)
    4236             :                               );
    4237           4 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    4238             :                                         "smb2_connect failed");
    4239             : 
    4240           4 :         ZERO_STRUCT(io);
    4241           4 :         io.in.oplock_level = 0;
    4242           4 :         io.in.desired_access = DESIRED_ACCESS_PIPE;
    4243           4 :         io.in.impersonation_level = SMB2_IMPERSONATION_IMPERSONATION;
    4244           4 :         io.in.file_attributes = 0;
    4245           4 :         io.in.create_disposition = NTCREATEX_DISP_OPEN;
    4246           4 :         io.in.share_access =
    4247             :                 NTCREATEX_SHARE_ACCESS_READ|
    4248             :                 NTCREATEX_SHARE_ACCESS_WRITE;
    4249           4 :         io.in.create_options = 0;
    4250             : 
    4251           4 :         io.in.fname = "__none__";
    4252           4 :         status = smb2_create(tree, tree, &io);
    4253           4 :         torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
    4254             :                                            ret, done,
    4255             :                                            "smb2_create for '__none__'");
    4256             : 
    4257           4 :         io.in.fname = "\\srvsvc";
    4258           4 :         status = smb2_create(tree, tree, &io);
    4259           4 :         torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
    4260             :                                            ret, done,
    4261             :                                            "smb2_create for '\\srvsvc'");
    4262             : 
    4263           4 :         io.in.fname = "\\pipe\\srvsvc";
    4264           4 :         status = smb2_create(tree, tree, &io);
    4265           4 :         torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
    4266             :                                            ret, done,
    4267             :                                            "smb2_create for '\\pipe\\srvsvc'");
    4268             : 
    4269           4 :         io.in.fname = "pipe\\srvsvc";
    4270           4 :         status = smb2_create(tree, tree, &io);
    4271           4 :         torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
    4272             :                                            ret, done,
    4273             :                                            "smb2_create for 'pipe\\srvsvc'");
    4274             : 
    4275           4 :         io.in.fname = "srvsvc";
    4276           4 :         status = smb2_create(tree, tree, &io);
    4277           4 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    4278             :                                         "smb2_create failed for 'srvsvc'");
    4279             : 
    4280           4 :         h = io.out.file.handle;
    4281             : 
    4282           4 :         status = smb2_util_close(tree, h);
    4283           4 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    4284             :                                         "smb2_util_close failed");
    4285             : 
    4286           4 :         ret = true;
    4287           4 : done:
    4288           4 :         talloc_free(mem_ctx);
    4289           4 :         return ret;
    4290             : }
    4291             : 
    4292             : /**
    4293             :  * Test behaviour of a waiting read call on a pipe when
    4294             :  * the pipe handle is closed:
    4295             :  * - open a pipe via smb2
    4296             :  * - trigger a read which hangs since there is nothing to read
    4297             :  * - close the pipe file handle
    4298             :  * - wait for the read to return and check the status
    4299             :  *   (STATUS_PIPE_BROKEN)
    4300             :  */
    4301           0 : static bool torture_rpc_smb2_pipe_read_close(struct torture_context *torture)
    4302             : {
    4303             :         TALLOC_CTX *mem_ctx;
    4304             :         NTSTATUS status;
    4305           0 :         bool ret = false;
    4306             :         struct smbcli_options options;
    4307           0 :         const char *host = torture_setting_string(torture, "host", NULL);
    4308             :         struct smb2_tree *tree;
    4309             :         struct smb2_handle h;
    4310             :         struct smb2_request *smb2req;
    4311             :         struct smb2_create io;
    4312             :         struct smb2_read rd;
    4313             : 
    4314           0 :         mem_ctx = talloc_init("torture_samba3_pipe_read_close");
    4315           0 :         torture_assert(torture, (mem_ctx != NULL), "talloc_init failed");
    4316             : 
    4317           0 :         lpcfg_smbcli_options(torture->lp_ctx, &options);
    4318             : 
    4319           0 :         status = smb2_connect(mem_ctx,
    4320             :                               host,
    4321             :                               lpcfg_smb_ports(torture->lp_ctx),
    4322             :                               "IPC$",
    4323             :                               lpcfg_resolve_context(torture->lp_ctx),
    4324             :                               samba_cmdline_get_creds(),
    4325             :                               &tree,
    4326             :                               torture->ev,
    4327             :                               &options,
    4328             :                               lpcfg_socket_options(torture->lp_ctx),
    4329             :                               lpcfg_gensec_settings(torture, torture->lp_ctx)
    4330             :                               );
    4331           0 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    4332             :                                         "smb2_connect failed");
    4333             : 
    4334           0 :         ZERO_STRUCT(io);
    4335           0 :         io.in.oplock_level = 0;
    4336           0 :         io.in.desired_access = DESIRED_ACCESS_PIPE;
    4337           0 :         io.in.impersonation_level = SMB2_IMPERSONATION_IMPERSONATION;
    4338           0 :         io.in.file_attributes = 0;
    4339           0 :         io.in.create_disposition = NTCREATEX_DISP_OPEN;
    4340           0 :         io.in.share_access =
    4341             :                 NTCREATEX_SHARE_ACCESS_READ|
    4342             :                 NTCREATEX_SHARE_ACCESS_WRITE;
    4343           0 :         io.in.create_options = 0;
    4344           0 :         io.in.fname = "lsarpc";
    4345             : 
    4346           0 :         status = smb2_create(tree, tree, &io);
    4347           0 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    4348             :                                         "smb2_create failed for 'lsarpc'");
    4349             : 
    4350           0 :         h = io.out.file.handle;
    4351             : 
    4352           0 :         ZERO_STRUCT(rd);
    4353           0 :         rd.in.file.handle = h;
    4354           0 :         rd.in.length = 1024;
    4355           0 :         rd.in.offset = 0;
    4356           0 :         rd.in.min_count = 0;
    4357             : 
    4358           0 :         smb2req = smb2_read_send(tree, &rd);
    4359           0 :         torture_assert_goto(torture, (smb2req != NULL), ret, done,
    4360             :                             "smb2_read_send failed");
    4361             : 
    4362           0 :         status = smb2_util_close(tree, h);
    4363           0 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    4364             :                                         "smb2_util_close failed");
    4365             : 
    4366           0 :         status = smb2_read_recv(smb2req, mem_ctx, &rd);
    4367           0 :         torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_PIPE_BROKEN, ret, done,
    4368             :                                            "smb2_read_recv: unexpected return code");
    4369             : 
    4370           0 :         ret = true;
    4371           0 : done:
    4372           0 :         talloc_free(mem_ctx);
    4373           0 :         return ret;
    4374             : }
    4375             : 
    4376             : /**
    4377             :  * Test behaviour of a waiting read call on a pipe when
    4378             :  * the tree is disconnected.
    4379             :  * - open a pipe via smb2
    4380             :  * - trigger a read which hangs since there is nothing to read
    4381             :  * - do a tree disconnect
    4382             :  * - wait for the read to return and check the status
    4383             :  *   (STATUS_PIPE_BROKEN)
    4384             :  */
    4385           0 : static bool torture_rpc_smb2_pipe_read_tdis(struct torture_context *torture)
    4386             : {
    4387             :         TALLOC_CTX *mem_ctx;
    4388             :         NTSTATUS status;
    4389           0 :         bool ret = false;
    4390             :         struct smbcli_options options;
    4391           0 :         const char *host = torture_setting_string(torture, "host", NULL);
    4392             :         struct smb2_tree *tree;
    4393             :         struct smb2_handle h;
    4394             :         struct smb2_request *smb2req;
    4395             :         struct smb2_create io;
    4396             :         struct smb2_read rd;
    4397             : 
    4398           0 :         mem_ctx = talloc_init("torture_samba3_pipe_read_tdis");
    4399           0 :         torture_assert(torture, (mem_ctx != NULL), "talloc_init failed");
    4400             : 
    4401           0 :         lpcfg_smbcli_options(torture->lp_ctx, &options);
    4402             : 
    4403           0 :         status = smb2_connect(mem_ctx,
    4404             :                               host,
    4405             :                               lpcfg_smb_ports(torture->lp_ctx),
    4406             :                               "IPC$",
    4407             :                               lpcfg_resolve_context(torture->lp_ctx),
    4408             :                               samba_cmdline_get_creds(),
    4409             :                               &tree,
    4410             :                               torture->ev,
    4411             :                               &options,
    4412             :                               lpcfg_socket_options(torture->lp_ctx),
    4413             :                               lpcfg_gensec_settings(torture, torture->lp_ctx)
    4414             :                               );
    4415           0 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    4416             :                                         "smb2_connect failed");
    4417             : 
    4418           0 :         ZERO_STRUCT(io);
    4419           0 :         io.in.oplock_level = 0;
    4420           0 :         io.in.desired_access = DESIRED_ACCESS_PIPE;
    4421           0 :         io.in.impersonation_level = SMB2_IMPERSONATION_IMPERSONATION;
    4422           0 :         io.in.file_attributes = 0;
    4423           0 :         io.in.create_disposition = NTCREATEX_DISP_OPEN;
    4424           0 :         io.in.share_access =
    4425             :                 NTCREATEX_SHARE_ACCESS_READ|
    4426             :                 NTCREATEX_SHARE_ACCESS_WRITE;
    4427           0 :         io.in.create_options = 0;
    4428           0 :         io.in.fname = "lsarpc";
    4429             : 
    4430           0 :         status = smb2_create(tree, tree, &io);
    4431           0 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    4432             :                                         "smb2_create failed for 'lsarpc'");
    4433             : 
    4434           0 :         h = io.out.file.handle;
    4435             : 
    4436           0 :         ZERO_STRUCT(rd);
    4437           0 :         rd.in.file.handle = h;
    4438           0 :         rd.in.length = 1024;
    4439           0 :         rd.in.offset = 0;
    4440           0 :         rd.in.min_count = 0;
    4441             : 
    4442           0 :         smb2req = smb2_read_send(tree, &rd);
    4443           0 :         torture_assert_goto(torture, (smb2req != NULL), ret, done,
    4444             :                             "smb2_read_send failed");
    4445             : 
    4446           0 :         status = smb2_tdis(tree);
    4447           0 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    4448             :                                         "smb2_tdis failed");
    4449             : 
    4450           0 :         status = smb2_read_recv(smb2req, mem_ctx, &rd);
    4451           0 :         torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_PIPE_BROKEN, ret, done,
    4452             :                                            "smb2_read_recv: unexpected return code");
    4453             : 
    4454           0 :         ret = true;
    4455           0 : done:
    4456           0 :         talloc_free(mem_ctx);
    4457           0 :         return ret;
    4458             : }
    4459             : 
    4460             : /**
    4461             :  * Test behaviour of a waiting read call on a pipe when
    4462             :  * the user logs off
    4463             :  * - open a pipe via smb2
    4464             :  * - trigger a read which hangs since there is nothing to read
    4465             :  * - do a logoff
    4466             :  * - wait for the read to return and check the status
    4467             :  *   (STATUS_PIPE_BROKEN)
    4468             :  */
    4469           0 : static bool torture_rpc_smb2_pipe_read_logoff(struct torture_context *torture)
    4470             : {
    4471             :         TALLOC_CTX *mem_ctx;
    4472             :         NTSTATUS status;
    4473           0 :         bool ret = false;
    4474             :         struct smbcli_options options;
    4475           0 :         const char *host = torture_setting_string(torture, "host", NULL);
    4476             :         struct smb2_tree *tree;
    4477             :         struct smb2_handle h;
    4478             :         struct smb2_request *smb2req;
    4479             :         struct smb2_create io;
    4480             :         struct smb2_read rd;
    4481             : 
    4482           0 :         mem_ctx = talloc_init("torture_samba3_pipe_read_tdis");
    4483           0 :         torture_assert(torture, (mem_ctx != NULL), "talloc_init failed");
    4484             : 
    4485           0 :         lpcfg_smbcli_options(torture->lp_ctx, &options);
    4486             : 
    4487           0 :         status = smb2_connect(mem_ctx,
    4488             :                               host,
    4489             :                               lpcfg_smb_ports(torture->lp_ctx),
    4490             :                               "IPC$",
    4491             :                               lpcfg_resolve_context(torture->lp_ctx),
    4492             :                               samba_cmdline_get_creds(),
    4493             :                               &tree,
    4494             :                               torture->ev,
    4495             :                               &options,
    4496             :                               lpcfg_socket_options(torture->lp_ctx),
    4497             :                               lpcfg_gensec_settings(torture, torture->lp_ctx)
    4498             :                               );
    4499           0 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    4500             :                                         "smb2_connect failed");
    4501             : 
    4502           0 :         ZERO_STRUCT(io);
    4503           0 :         io.in.oplock_level = 0;
    4504           0 :         io.in.desired_access = DESIRED_ACCESS_PIPE;
    4505           0 :         io.in.impersonation_level = SMB2_IMPERSONATION_IMPERSONATION;
    4506           0 :         io.in.file_attributes = 0;
    4507           0 :         io.in.create_disposition = NTCREATEX_DISP_OPEN;
    4508           0 :         io.in.share_access =
    4509             :                 NTCREATEX_SHARE_ACCESS_READ|
    4510             :                 NTCREATEX_SHARE_ACCESS_WRITE;
    4511           0 :         io.in.create_options = 0;
    4512           0 :         io.in.fname = "lsarpc";
    4513             : 
    4514           0 :         status = smb2_create(tree, tree, &io);
    4515           0 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    4516             :                                         "smb2_create failed for 'lsarpc'");
    4517             : 
    4518           0 :         h = io.out.file.handle;
    4519             : 
    4520           0 :         ZERO_STRUCT(rd);
    4521           0 :         rd.in.file.handle = h;
    4522           0 :         rd.in.length = 1024;
    4523           0 :         rd.in.offset = 0;
    4524           0 :         rd.in.min_count = 0;
    4525             : 
    4526           0 :         smb2req = smb2_read_send(tree, &rd);
    4527           0 :         torture_assert_goto(torture, (smb2req != NULL), ret, done,
    4528             :                             "smb2_read_send failed");
    4529             : 
    4530           0 :         status = smb2_logoff(tree->session);
    4531           0 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    4532             :                                         "smb2_logoff failed");
    4533             : 
    4534           0 :         status = smb2_read_recv(smb2req, mem_ctx, &rd);
    4535           0 :         torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_PIPE_BROKEN, ret, done,
    4536             :                                            "smb2_read_recv: unexpected return code");
    4537             : 
    4538           0 :         ret = true;
    4539           0 : done:
    4540           0 :         talloc_free(mem_ctx);
    4541           0 :         return ret;
    4542             : }
    4543             : 
    4544           2 : static bool torture_rpc_lsa_over_netlogon(struct torture_context *torture)
    4545             : {
    4546             :         TALLOC_CTX *mem_ctx;
    4547             :         NTSTATUS status;
    4548           2 :         bool ret = false;
    4549             :         struct smbcli_options options;
    4550             :         struct smb2_tree *tree;
    4551             :         struct dcerpc_pipe *netlogon_pipe;
    4552             :         struct dcerpc_binding_handle *lsa_handle;
    4553             :         struct lsa_ObjectAttribute attr;
    4554             :         struct lsa_QosInfo qos;
    4555             :         struct lsa_OpenPolicy2 o;
    4556             :         struct policy_handle handle;
    4557             : 
    4558           2 :         torture_comment(torture, "Testing if we can access LSA server over "
    4559             :                         "\\\\pipe\\netlogon rather than \\\\pipe\\lsarpc\n");
    4560             : 
    4561           2 :         mem_ctx = talloc_init("torture_samba3_rpc_lsa_over_netlogon");
    4562           2 :         torture_assert(torture, (mem_ctx != NULL), "talloc_init failed");
    4563             : 
    4564           2 :         lpcfg_smbcli_options(torture->lp_ctx, &options);
    4565             : 
    4566           2 :         status = smb2_connect(mem_ctx,
    4567             :                               torture_setting_string(torture, "host", NULL),
    4568             :                               lpcfg_smb_ports(torture->lp_ctx),
    4569             :                               "IPC$",
    4570             :                               lpcfg_resolve_context(torture->lp_ctx),
    4571             :                               samba_cmdline_get_creds(),
    4572             :                               &tree,
    4573             :                               torture->ev,
    4574             :                               &options,
    4575             :                               lpcfg_socket_options(torture->lp_ctx),
    4576             :                               lpcfg_gensec_settings(torture, torture->lp_ctx)
    4577             :                               );
    4578           2 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    4579             :                                         "smb2_connect failed");
    4580             : 
    4581           2 :         status = pipe_bind_smb2(torture, mem_ctx, tree, "netlogon",
    4582             :                                 &ndr_table_lsarpc, &netlogon_pipe);
    4583           2 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    4584             :                                         "pipe_bind_smb2 failed");
    4585           2 :         lsa_handle = netlogon_pipe->binding_handle;
    4586             : 
    4587           2 :         qos.len = 0;
    4588           2 :         qos.impersonation_level = 2;
    4589           2 :         qos.context_mode = 1;
    4590           2 :         qos.effective_only = 0;
    4591             : 
    4592           2 :         attr.len = 0;
    4593           2 :         attr.root_dir = NULL;
    4594           2 :         attr.object_name = NULL;
    4595           2 :         attr.attributes = 0;
    4596           2 :         attr.sec_desc = NULL;
    4597           2 :         attr.sec_qos = &qos;
    4598             : 
    4599           2 :         o.in.system_name = "\\";
    4600           2 :         o.in.attr = &attr;
    4601           2 :         o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
    4602           2 :         o.out.handle = &handle;
    4603             : 
    4604           2 :         torture_assert_ntstatus_ok(torture,
    4605             :                         dcerpc_lsa_OpenPolicy2_r(lsa_handle, torture, &o),
    4606             :                         "OpenPolicy2 failed");
    4607           2 :         torture_assert_ntstatus_ok(torture,
    4608             :                                    o.out.result,
    4609             :                                    "OpenPolicy2 failed");
    4610             : 
    4611           2 :         ret = true;
    4612           2 :  done:
    4613           2 :         talloc_free(mem_ctx);
    4614           2 :         return ret;
    4615             : }
    4616             : 
    4617           4 : static bool torture_rpc_pipes_supported_interfaces(
    4618             :                                         struct torture_context *torture)
    4619             : {
    4620             :         TALLOC_CTX *mem_ctx;
    4621             :         NTSTATUS status;
    4622           4 :         bool ret = false;
    4623             :         struct smbcli_options options;
    4624             :         struct smb2_tree *tree;
    4625             :         struct dcerpc_pipe *pipe1;
    4626             :         struct dcerpc_pipe *pipe2;
    4627             :         struct dcerpc_pipe *pipe3;
    4628             : 
    4629           4 :         torture_comment(torture, "Testing only appropiate interfaces are "
    4630             :                         "available in smb pipes\n");
    4631             : 
    4632           4 :         mem_ctx = talloc_init("torture_samba3_rpc_pipes_supported_interfaces");
    4633           4 :         torture_assert(torture, (mem_ctx != NULL), "talloc_init failed");
    4634             : 
    4635           4 :         lpcfg_smbcli_options(torture->lp_ctx, &options);
    4636             : 
    4637           4 :         status = smb2_connect(mem_ctx,
    4638             :                               torture_setting_string(torture, "host", NULL),
    4639             :                               lpcfg_smb_ports(torture->lp_ctx),
    4640             :                               "IPC$",
    4641             :                               lpcfg_resolve_context(torture->lp_ctx),
    4642             :                               samba_cmdline_get_creds(),
    4643             :                               &tree,
    4644             :                               torture->ev,
    4645             :                               &options,
    4646             :                               lpcfg_socket_options(torture->lp_ctx),
    4647             :                               lpcfg_gensec_settings(torture, torture->lp_ctx)
    4648             :                               );
    4649           4 :         torture_assert_ntstatus_ok_goto(torture, status, ret, done,
    4650             :                                         "smb2_connect failed");
    4651             : 
    4652             :         /* Test embedded services pipes. The svcctl interface is
    4653             :          * not available if we open the winreg pipe. */
    4654           4 :         status = pipe_bind_smb2(torture, mem_ctx, tree, "winreg",
    4655             :                                 &ndr_table_svcctl, &pipe1);
    4656           4 :         torture_assert_ntstatus_equal(torture,
    4657             :                         status,
    4658             :                         NT_STATUS_RPC_UNSUPPORTED_NAME_SYNTAX,
    4659             :                         "svcctl interface not supported in winreg pipe");
    4660             : 
    4661             :         /* Test it is not possible to bind to S4 server provided services */
    4662           4 :         status = pipe_bind_smb2(torture, mem_ctx, tree, "srvsvc",
    4663             :                                 &ndr_table_samr, &pipe2);
    4664           4 :         torture_assert_ntstatus_equal(torture,
    4665             :                         status,
    4666             :                         NT_STATUS_RPC_UNSUPPORTED_NAME_SYNTAX,
    4667             :                         "samr interface not supported in srvsvc pipe");
    4668             : 
    4669             :         /* Test pipes in forked daemons like lsassd. The lsarpc interface is
    4670             :          * not available if we open the SAMR pipe. */
    4671           4 :         status = pipe_bind_smb2(torture, mem_ctx, tree, "samr",
    4672             :                                 &ndr_table_lsarpc, &pipe3);
    4673           4 :         torture_assert_ntstatus_equal(torture,
    4674             :                         status,
    4675             :                         NT_STATUS_RPC_UNSUPPORTED_NAME_SYNTAX,
    4676             :                         "lsarpc interface not supported in samr pipe");
    4677             : 
    4678           4 :         ret = true;
    4679           4 :  done:
    4680           4 :         talloc_free(mem_ctx);
    4681           4 :         return ret;
    4682             : }
    4683             : 
    4684        2355 : struct torture_suite *torture_rpc_samba3(TALLOC_CTX *mem_ctx)
    4685             : {
    4686        2355 :         struct torture_suite *suite = torture_suite_create(mem_ctx, "samba3");
    4687             : 
    4688        2355 :         torture_suite_add_simple_test(suite, "bind", torture_bind_samba3);
    4689        2355 :         torture_suite_add_simple_test(suite, "netlogon", torture_netlogon_samba3);
    4690        2355 :         torture_suite_add_simple_test(suite, "sessionkey", torture_samba3_sessionkey);
    4691        2355 :         torture_suite_add_simple_test(suite, "srvsvc", torture_samba3_rpc_srvsvc);
    4692        2355 :         torture_suite_add_simple_test(suite, "sharesec", torture_samba3_rpc_sharesec);
    4693        2355 :         torture_suite_add_simple_test(suite, "getusername", torture_samba3_rpc_getusername);
    4694        2355 :         torture_suite_add_simple_test(suite, "randomauth2", torture_samba3_rpc_randomauth2);
    4695        2355 :         torture_suite_add_simple_test(suite, "lsa", torture_samba3_rpc_lsa);
    4696        2355 :         torture_suite_add_simple_test(suite, "spoolss", torture_samba3_rpc_spoolss);
    4697        2355 :         torture_suite_add_simple_test(suite, "wkssvc", torture_samba3_rpc_wkssvc);
    4698        2355 :         torture_suite_add_simple_test(suite, "winreg", torture_samba3_rpc_winreg);
    4699        2355 :         torture_suite_add_simple_test(suite, "getaliasmembership-0", torture_samba3_getaliasmembership_0);
    4700        2355 :         torture_suite_add_simple_test(suite, "regconfig", torture_samba3_regconfig);
    4701        2355 :         torture_suite_add_simple_test(suite, "smb-reauth1", torture_rpc_smb_reauth1);
    4702        2355 :         torture_suite_add_simple_test(suite, "smb-reauth2", torture_rpc_smb_reauth2);
    4703        2355 :         torture_suite_add_simple_test(suite, "smb2-reauth1", torture_rpc_smb2_reauth1);
    4704        2355 :         torture_suite_add_simple_test(suite, "smb2-reauth2", torture_rpc_smb2_reauth2);
    4705        2355 :         torture_suite_add_simple_test(suite, "smb1-pipe-name", torture_rpc_smb1_pipe_name);
    4706        2355 :         torture_suite_add_simple_test(suite, "smb2-pipe-name", torture_rpc_smb2_pipe_name);
    4707        2355 :         torture_suite_add_simple_test(suite, "smb2-pipe-read-close", torture_rpc_smb2_pipe_read_close);
    4708        2355 :         torture_suite_add_simple_test(suite, "smb2-pipe-read-tdis", torture_rpc_smb2_pipe_read_tdis);
    4709        2355 :         torture_suite_add_simple_test(suite, "smb2-pipe-read-logoff", torture_rpc_smb2_pipe_read_logoff);
    4710        2355 :         torture_suite_add_simple_test(suite,
    4711             :                                       "lsa_over_netlogon",
    4712             :                                       torture_rpc_lsa_over_netlogon);
    4713        2355 :         torture_suite_add_simple_test(suite,
    4714             :                                       "pipes_supported_interfaces",
    4715             :                                       torture_rpc_pipes_supported_interfaces);
    4716             : 
    4717        2355 :         suite->description = talloc_strdup(suite, "samba3 DCERPC interface tests");
    4718             : 
    4719        2355 :         return suite;
    4720             : }

Generated by: LCOV version 1.13