root/source4/torture/rpc/samba3rpc.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. torture_bind_authcontext
  2. bindtest
  3. torture_bind_samba3
  4. get_usr_handle
  5. create_user
  6. delete_user
  7. join3
  8. auth2
  9. schan
  10. leave
  11. torture_netlogon_samba3
  12. test_join3
  13. torture_samba3_sessionkey
  14. pipe_bind_smb
  15. name2sid
  16. whoami
  17. destroy_tree
  18. secondary_tcon
  19. torture_samba3_rpc_getusername
  20. test_NetShareGetInfo
  21. test_NetShareEnum
  22. torture_samba3_rpc_srvsvc
  23. torture_samba3_rpc_randomauth2
  24. get_sharesec
  25. set_sharesec
  26. try_tcon
  27. torture_samba3_rpc_sharesec
  28. torture_samba3_rpc_lsa
  29. get_servername
  30. find_printers
  31. enumprinters
  32. getprinterinfo
  33. torture_samba3_rpc_spoolss
  34. torture_samba3_rpc_wkssvc
  35. winreg_close
  36. enumvalues
  37. enumkeys
  38. test_Open3
  39. torture_samba3_rpc_winreg
  40. get_shareinfo
  41. get_hklm_handle
  42. torture_samba3_createshare
  43. torture_samba3_deleteshare
  44. torture_samba3_setconfig
  45. torture_samba3_regconfig

   1 /* 
   2    Unix SMB/CIFS implementation.
   3 
   4    dcerpc torture tests, designed to walk Samba3 code paths
   5 
   6    Copyright (C) Volker Lendecke 2006
   7 
   8    This program is free software; you can redistribute it and/or modify
   9    it under the terms of the GNU General Public License as published by
  10    the Free Software Foundation; either version 3 of the License, or
  11    (at your option) any later version.
  12    
  13    This program is distributed in the hope that it will be useful,
  14    but WITHOUT ANY WARRANTY; without even the implied warranty of
  15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16    GNU General Public License for more details.
  17    
  18    You should have received a copy of the GNU General Public License
  19    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  20 */
  21 
  22 #include "includes.h"
  23 #include "libcli/raw/libcliraw.h"
  24 #include "libcli/raw/raw_proto.h"
  25 #include "libcli/rap/rap.h"
  26 #include "torture/torture.h"
  27 #include "torture/util.h"
  28 #include "torture/rap/proto.h"
  29 #include "librpc/gen_ndr/ndr_lsa.h"
  30 #include "librpc/gen_ndr/ndr_lsa_c.h"
  31 #include "librpc/gen_ndr/ndr_samr.h"
  32 #include "librpc/gen_ndr/ndr_samr_c.h"
  33 #include "librpc/gen_ndr/ndr_netlogon.h"
  34 #include "librpc/gen_ndr/ndr_netlogon_c.h"
  35 #include "librpc/gen_ndr/ndr_srvsvc.h"
  36 #include "librpc/gen_ndr/ndr_srvsvc_c.h"
  37 #include "librpc/gen_ndr/ndr_spoolss.h"
  38 #include "librpc/gen_ndr/ndr_spoolss_c.h"
  39 #include "librpc/gen_ndr/ndr_winreg.h"
  40 #include "librpc/gen_ndr/ndr_winreg_c.h"
  41 #include "librpc/gen_ndr/ndr_wkssvc.h"
  42 #include "librpc/gen_ndr/ndr_wkssvc_c.h"
  43 #include "lib/cmdline/popt_common.h"
  44 #include "librpc/rpc/dcerpc.h"
  45 #include "torture/rpc/rpc.h"
  46 #include "libcli/libcli.h"
  47 #include "libcli/composite/composite.h"
  48 #include "libcli/smb_composite/smb_composite.h"
  49 #include "libcli/auth/libcli_auth.h"
  50 #include "../lib/crypto/crypto.h"
  51 #include "auth/ntlmssp/ntlmssp.h"
  52 #include "libcli/security/security.h"
  53 #include "param/param.h"
  54 #include "lib/registry/registry.h"
  55 #include "libcli/resolve/resolve.h"
  56 
  57 /*
  58  * This tests a RPC call using an invalid vuid
  59  */
  60 
  61 bool torture_bind_authcontext(struct torture_context *torture) 
     /* [<][>][^][v][top][bottom][index][help] */
  62 {
  63         TALLOC_CTX *mem_ctx;
  64         NTSTATUS status;
  65         bool ret = false;
  66         struct lsa_ObjectAttribute objectattr;
  67         struct lsa_OpenPolicy2 openpolicy;
  68         struct policy_handle handle;
  69         struct lsa_Close close_handle;
  70         struct smbcli_session *tmp;
  71         struct smbcli_session *session2;
  72         struct smbcli_state *cli;
  73         struct dcerpc_pipe *lsa_pipe;
  74         struct cli_credentials *anon_creds;
  75         struct smb_composite_sesssetup setup;
  76         struct smbcli_options options;
  77         struct smbcli_session_options session_options;
  78 
  79         mem_ctx = talloc_init("torture_bind_authcontext");
  80 
  81         if (mem_ctx == NULL) {
  82                 d_printf("talloc_init failed\n");
  83                 return false;
  84         }
  85 
  86         lp_smbcli_options(torture->lp_ctx, &options);
  87         lp_smbcli_session_options(torture->lp_ctx, &session_options);
  88 
  89         status = smbcli_full_connection(mem_ctx, &cli,
  90                                         torture_setting_string(torture, "host", NULL),
  91                                         lp_smb_ports(torture->lp_ctx),
  92                                         "IPC$", NULL, 
  93                                         lp_socket_options(torture->lp_ctx),
  94                                         cmdline_credentials,
  95                                         lp_resolve_context(torture->lp_ctx),
  96                                         torture->ev, &options, &session_options,
  97                                         lp_iconv_convenience(torture->lp_ctx),
  98                                         lp_gensec_settings(torture, torture->lp_ctx));
  99         if (!NT_STATUS_IS_OK(status)) {
 100                 d_printf("smbcli_full_connection failed: %s\n",
 101                          nt_errstr(status));
 102                 goto done;
 103         }
 104 
 105         lsa_pipe = dcerpc_pipe_init(mem_ctx, cli->transport->socket->event.ctx,
 106                                     lp_iconv_convenience(torture->lp_ctx));
 107         if (lsa_pipe == NULL) {
 108                 d_printf("dcerpc_pipe_init failed\n");
 109                 goto done;
 110         }
 111 
 112         status = dcerpc_pipe_open_smb(lsa_pipe, cli->tree, "\\lsarpc");
 113         if (!NT_STATUS_IS_OK(status)) {
 114                 d_printf("dcerpc_pipe_open_smb failed: %s\n",
 115                          nt_errstr(status));
 116                 goto done;
 117         }
 118 
 119         status = dcerpc_bind_auth_none(lsa_pipe, &ndr_table_lsarpc);
 120         if (!NT_STATUS_IS_OK(status)) {
 121                 d_printf("dcerpc_bind_auth_none failed: %s\n",
 122                          nt_errstr(status));
 123                 goto done;
 124         }
 125 
 126         openpolicy.in.system_name =talloc_asprintf(
 127                 mem_ctx, "\\\\%s", dcerpc_server_name(lsa_pipe));
 128         ZERO_STRUCT(objectattr);
 129         openpolicy.in.attr = &objectattr;
 130         openpolicy.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
 131         openpolicy.out.handle = &handle;
 132 
 133         status = dcerpc_lsa_OpenPolicy2(lsa_pipe, mem_ctx, &openpolicy);
 134 
 135         if (!NT_STATUS_IS_OK(status)) {
 136                 d_printf("dcerpc_lsa_OpenPolicy2 failed: %s\n",
 137                          nt_errstr(status));
 138                 goto done;
 139         }
 140 
 141         close_handle.in.handle = &handle;
 142         close_handle.out.handle = &handle;
 143 
 144         status = dcerpc_lsa_Close(lsa_pipe, mem_ctx, &close_handle);
 145         if (!NT_STATUS_IS_OK(status)) {
 146                 d_printf("dcerpc_lsa_Close failed: %s\n",
 147                          nt_errstr(status));
 148                 goto done;
 149         }
 150 
 151         session2 = smbcli_session_init(cli->transport, mem_ctx, false, session_options);
 152         if (session2 == NULL) {
 153                 d_printf("smbcli_session_init failed\n");
 154                 goto done;
 155         }
 156 
 157         if (!(anon_creds = cli_credentials_init_anon(mem_ctx))) {
 158                 d_printf("create_anon_creds failed\n");
 159                 goto done;
 160         }
 161 
 162         setup.in.sesskey = cli->transport->negotiate.sesskey;
 163         setup.in.capabilities = cli->transport->negotiate.capabilities;
 164         setup.in.workgroup = "";
 165         setup.in.credentials = anon_creds;
 166         setup.in.gensec_settings = lp_gensec_settings(torture, torture->lp_ctx);
 167 
 168         status = smb_composite_sesssetup(session2, &setup);
 169         if (!NT_STATUS_IS_OK(status)) {
 170                 d_printf("anon session setup failed: %s\n",
 171                          nt_errstr(status));
 172                 goto done;
 173         }
 174         session2->vuid = setup.out.vuid;
 175 
 176         tmp = cli->tree->session;
 177         cli->tree->session = session2;
 178 
 179         status = dcerpc_lsa_OpenPolicy2(lsa_pipe, mem_ctx, &openpolicy);
 180 
 181         cli->tree->session = tmp;
 182         talloc_free(lsa_pipe);
 183         lsa_pipe = NULL;
 184 
 185         if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_HANDLE)) {
 186                 d_printf("dcerpc_lsa_OpenPolicy2 with wrong vuid gave %s, "
 187                          "expected NT_STATUS_INVALID_HANDLE\n",
 188                          nt_errstr(status));
 189                 goto done;
 190         }
 191 
 192         ret = true;
 193  done:
 194         talloc_free(mem_ctx);
 195         return ret;
 196 }
 197 
 198 /*
 199  * Bind to lsa using a specific auth method
 200  */
 201 
 202 static bool bindtest(struct smbcli_state *cli,
     /* [<][>][^][v][top][bottom][index][help] */
 203                      struct cli_credentials *credentials,
 204                      struct loadparm_context *lp_ctx,
 205                      uint8_t auth_type, uint8_t auth_level)
 206 {
 207         TALLOC_CTX *mem_ctx;
 208         bool ret = false;
 209         NTSTATUS status;
 210 
 211         struct dcerpc_pipe *lsa_pipe;
 212         struct lsa_ObjectAttribute objectattr;
 213         struct lsa_OpenPolicy2 openpolicy;
 214         struct lsa_QueryInfoPolicy query;
 215         union lsa_PolicyInformation *info = NULL;
 216         struct policy_handle handle;
 217         struct lsa_Close close_handle;
 218 
 219         if ((mem_ctx = talloc_init("bindtest")) == NULL) {
 220                 d_printf("talloc_init failed\n");
 221                 return false;
 222         }
 223 
 224         lsa_pipe = dcerpc_pipe_init(mem_ctx,
 225                                     cli->transport->socket->event.ctx,
 226                                     lp_iconv_convenience(lp_ctx));
 227         if (lsa_pipe == NULL) {
 228                 d_printf("dcerpc_pipe_init failed\n");
 229                 goto done;
 230         }
 231 
 232         status = dcerpc_pipe_open_smb(lsa_pipe, cli->tree, "\\lsarpc");
 233         if (!NT_STATUS_IS_OK(status)) {
 234                 d_printf("dcerpc_pipe_open_smb failed: %s\n",
 235                          nt_errstr(status));
 236                 goto done;
 237         }
 238 
 239         status = dcerpc_bind_auth(lsa_pipe, &ndr_table_lsarpc,
 240                                   credentials, lp_gensec_settings(lp_ctx, lp_ctx), auth_type, auth_level,
 241                                   NULL);
 242         if (!NT_STATUS_IS_OK(status)) {
 243                 d_printf("dcerpc_bind_auth failed: %s\n", nt_errstr(status));
 244                 goto done;
 245         }
 246 
 247         openpolicy.in.system_name =talloc_asprintf(
 248                 mem_ctx, "\\\\%s", dcerpc_server_name(lsa_pipe));
 249         ZERO_STRUCT(objectattr);
 250         openpolicy.in.attr = &objectattr;
 251         openpolicy.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
 252         openpolicy.out.handle = &handle;
 253 
 254         status = dcerpc_lsa_OpenPolicy2(lsa_pipe, mem_ctx, &openpolicy);
 255 
 256         if (!NT_STATUS_IS_OK(status)) {
 257                 d_printf("dcerpc_lsa_OpenPolicy2 failed: %s\n",
 258                          nt_errstr(status));
 259                 goto done;
 260         }
 261 
 262         query.in.handle = &handle;
 263         query.in.level = LSA_POLICY_INFO_DOMAIN;
 264         query.out.info = &info;
 265 
 266         status = dcerpc_lsa_QueryInfoPolicy(lsa_pipe, mem_ctx, &query);
 267         if (!NT_STATUS_IS_OK(status)) {
 268                 d_printf("dcerpc_lsa_QueryInfoPolicy failed: %s\n",
 269                          nt_errstr(status));
 270                 goto done;
 271         }
 272 
 273         close_handle.in.handle = &handle;
 274         close_handle.out.handle = &handle;
 275 
 276         status = dcerpc_lsa_Close(lsa_pipe, mem_ctx, &close_handle);
 277         if (!NT_STATUS_IS_OK(status)) {
 278                 d_printf("dcerpc_lsa_Close failed: %s\n",
 279                          nt_errstr(status));
 280                 goto done;
 281         }
 282 
 283         ret = true;
 284  done:
 285         talloc_free(mem_ctx);
 286         return ret;
 287 }
 288 
 289 /*
 290  * test authenticated RPC binds with the variants Samba3 does support
 291  */
 292 
 293 bool torture_bind_samba3(struct torture_context *torture) 
     /* [<][>][^][v][top][bottom][index][help] */
 294 {
 295         TALLOC_CTX *mem_ctx;
 296         NTSTATUS status;
 297         bool ret = false;
 298         struct smbcli_state *cli;
 299         struct smbcli_options options;
 300         struct smbcli_session_options session_options;
 301 
 302         mem_ctx = talloc_init("torture_bind_authcontext");
 303 
 304         if (mem_ctx == NULL) {
 305                 d_printf("talloc_init failed\n");
 306                 return false;
 307         }
 308 
 309         lp_smbcli_options(torture->lp_ctx, &options);
 310         lp_smbcli_session_options(torture->lp_ctx, &session_options);
 311 
 312         status = smbcli_full_connection(mem_ctx, &cli,
 313                                         torture_setting_string(torture, "host", NULL),
 314                                         lp_smb_ports(torture->lp_ctx),
 315                                         "IPC$", NULL, 
 316                                         lp_socket_options(torture->lp_ctx),
 317                                         cmdline_credentials,
 318                                         lp_resolve_context(torture->lp_ctx),
 319                                         torture->ev, &options, &session_options,
 320                                         lp_iconv_convenience(torture->lp_ctx),
 321                                         lp_gensec_settings(torture, torture->lp_ctx));
 322         if (!NT_STATUS_IS_OK(status)) {
 323                 d_printf("smbcli_full_connection failed: %s\n",
 324                          nt_errstr(status));
 325                 goto done;
 326         }
 327 
 328         ret = true;
 329 
 330         ret &= bindtest(cli, cmdline_credentials, torture->lp_ctx, DCERPC_AUTH_TYPE_NTLMSSP,
 331                         DCERPC_AUTH_LEVEL_INTEGRITY);
 332         ret &= bindtest(cli, cmdline_credentials, torture->lp_ctx, DCERPC_AUTH_TYPE_NTLMSSP,
 333                         DCERPC_AUTH_LEVEL_PRIVACY);
 334         ret &= bindtest(cli, cmdline_credentials, torture->lp_ctx, DCERPC_AUTH_TYPE_SPNEGO,
 335                         DCERPC_AUTH_LEVEL_INTEGRITY);
 336         ret &= bindtest(cli, cmdline_credentials, torture->lp_ctx, DCERPC_AUTH_TYPE_SPNEGO,
 337                         DCERPC_AUTH_LEVEL_PRIVACY);
 338 
 339  done:
 340         talloc_free(mem_ctx);
 341         return ret;
 342 }
 343 
 344 /*
 345  * Lookup or create a user and return all necessary info
 346  */
 347 
 348 static NTSTATUS get_usr_handle(struct smbcli_state *cli,
     /* [<][>][^][v][top][bottom][index][help] */
 349                                TALLOC_CTX *mem_ctx,
 350                                struct loadparm_context *lp_ctx,
 351                                struct cli_credentials *admin_creds,
 352                                uint8_t auth_type,
 353                                uint8_t auth_level,
 354                                const char *username,
 355                                char **domain,
 356                                struct dcerpc_pipe **result_pipe,
 357                                struct policy_handle **result_handle,
 358                                struct dom_sid **sid_p)
 359 {
 360         struct dcerpc_pipe *samr_pipe;
 361         NTSTATUS status;
 362         struct policy_handle conn_handle;
 363         struct policy_handle domain_handle;
 364         struct policy_handle *user_handle;
 365         struct samr_Connect2 conn;
 366         struct samr_EnumDomains enumdom;
 367         uint32_t resume_handle = 0;
 368         uint32_t num_entries = 0;
 369         struct samr_SamArray *sam = NULL;
 370         struct samr_LookupDomain l;
 371         struct dom_sid2 *sid = NULL;
 372         int dom_idx;
 373         struct lsa_String domain_name;
 374         struct lsa_String user_name;
 375         struct samr_OpenDomain o;
 376         struct samr_CreateUser2 c;
 377         uint32_t user_rid,access_granted;
 378 
 379         samr_pipe = dcerpc_pipe_init(mem_ctx,
 380                                      cli->transport->socket->event.ctx,
 381                                      lp_iconv_convenience(lp_ctx));
 382         if (samr_pipe == NULL) {
 383                 d_printf("dcerpc_pipe_init failed\n");
 384                 status = NT_STATUS_NO_MEMORY;
 385                 goto fail;
 386         }
 387 
 388         status = dcerpc_pipe_open_smb(samr_pipe, cli->tree, "\\samr");
 389         if (!NT_STATUS_IS_OK(status)) {
 390                 d_printf("dcerpc_pipe_open_smb failed: %s\n",
 391                          nt_errstr(status));
 392                 goto fail;
 393         }
 394 
 395         if (admin_creds != NULL) {
 396                 status = dcerpc_bind_auth(samr_pipe, &ndr_table_samr,
 397                                           admin_creds, lp_gensec_settings(lp_ctx, lp_ctx), auth_type, auth_level,
 398                                           NULL);
 399                 if (!NT_STATUS_IS_OK(status)) {
 400                         d_printf("dcerpc_bind_auth failed: %s\n",
 401                                  nt_errstr(status));
 402                         goto fail;
 403                 }
 404         } else {
 405                 /* We must have an authenticated SMB connection */
 406                 status = dcerpc_bind_auth_none(samr_pipe, &ndr_table_samr);
 407                 if (!NT_STATUS_IS_OK(status)) {
 408                         d_printf("dcerpc_bind_auth_none failed: %s\n",
 409                                  nt_errstr(status));
 410                         goto fail;
 411                 }
 412         }
 413 
 414         conn.in.system_name = talloc_asprintf(
 415                 mem_ctx, "\\\\%s", dcerpc_server_name(samr_pipe));
 416         conn.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
 417         conn.out.connect_handle = &conn_handle;
 418 
 419         status = dcerpc_samr_Connect2(samr_pipe, mem_ctx, &conn);
 420         if (!NT_STATUS_IS_OK(status)) {
 421                 d_printf("samr_Connect2 failed: %s\n", nt_errstr(status));
 422                 goto fail;
 423         }
 424 
 425         enumdom.in.connect_handle = &conn_handle;
 426         enumdom.in.resume_handle = &resume_handle;
 427         enumdom.in.buf_size = (uint32_t)-1;
 428         enumdom.out.resume_handle = &resume_handle;
 429         enumdom.out.num_entries = &num_entries;
 430         enumdom.out.sam = &sam;
 431 
 432         status = dcerpc_samr_EnumDomains(samr_pipe, mem_ctx, &enumdom);
 433         if (!NT_STATUS_IS_OK(status)) {
 434                 d_printf("samr_EnumDomains failed: %s\n", nt_errstr(status));
 435                 goto fail;
 436         }
 437 
 438         if (*enumdom.out.num_entries != 2) {
 439                 d_printf("samr_EnumDomains returned %d entries, expected 2\n",
 440                          *enumdom.out.num_entries);
 441                 status = NT_STATUS_UNSUCCESSFUL;
 442                 goto fail;
 443         }
 444 
 445         dom_idx = strequal(sam->entries[0].name.string,
 446                            "builtin") ? 1:0;
 447 
 448         l.in.connect_handle = &conn_handle;
 449         domain_name.string = sam->entries[dom_idx].name.string;
 450         *domain = talloc_strdup(mem_ctx, domain_name.string);
 451         l.in.domain_name = &domain_name;
 452         l.out.sid = &sid;
 453 
 454         status = dcerpc_samr_LookupDomain(samr_pipe, mem_ctx, &l);
 455         if (!NT_STATUS_IS_OK(status)) {
 456                 d_printf("samr_LookupDomain failed: %s\n", nt_errstr(status));
 457                 goto fail;
 458         }
 459 
 460         o.in.connect_handle = &conn_handle;
 461         o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
 462         o.in.sid = *l.out.sid;
 463         o.out.domain_handle = &domain_handle;
 464 
 465         status = dcerpc_samr_OpenDomain(samr_pipe, mem_ctx, &o);
 466         if (!NT_STATUS_IS_OK(status)) {
 467                 d_printf("samr_OpenDomain failed: %s\n", nt_errstr(status));
 468                 goto fail;
 469         }
 470 
 471         c.in.domain_handle = &domain_handle;
 472         user_name.string = username;
 473         c.in.account_name = &user_name;
 474         c.in.acct_flags = ACB_NORMAL;
 475         c.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
 476         user_handle = talloc(mem_ctx, struct policy_handle);
 477         c.out.user_handle = user_handle;
 478         c.out.access_granted = &access_granted;
 479         c.out.rid = &user_rid;
 480 
 481         status = dcerpc_samr_CreateUser2(samr_pipe, mem_ctx, &c);
 482 
 483         if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
 484                 struct samr_LookupNames ln;
 485                 struct samr_OpenUser ou;
 486                 struct samr_Ids rids, types;
 487 
 488                 ln.in.domain_handle = &domain_handle;
 489                 ln.in.num_names = 1;
 490                 ln.in.names = &user_name;
 491                 ln.out.rids = &rids;
 492                 ln.out.types = &types;
 493 
 494                 status = dcerpc_samr_LookupNames(samr_pipe, mem_ctx, &ln);
 495                 if (!NT_STATUS_IS_OK(status)) {
 496                         d_printf("samr_LookupNames failed: %s\n",
 497                                  nt_errstr(status));
 498                         goto fail;
 499                 }
 500 
 501                 ou.in.domain_handle = &domain_handle;
 502                 ou.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
 503                 user_rid = ou.in.rid = ln.out.rids->ids[0];
 504                 ou.out.user_handle = user_handle;
 505 
 506                 status = dcerpc_samr_OpenUser(samr_pipe, mem_ctx, &ou);
 507                 if (!NT_STATUS_IS_OK(status)) {
 508                         d_printf("samr_OpenUser failed: %s\n",
 509                                  nt_errstr(status));
 510                         goto fail;
 511                 }
 512         }
 513 
 514         if (!NT_STATUS_IS_OK(status)) {
 515                 d_printf("samr_CreateUser failed: %s\n", nt_errstr(status));
 516                 goto fail;
 517         }
 518 
 519         *result_pipe = samr_pipe;
 520         *result_handle = user_handle;
 521         if (sid_p != NULL) {
 522                 *sid_p = dom_sid_add_rid(mem_ctx, *l.out.sid, user_rid);
 523         }
 524         return NT_STATUS_OK;
 525 
 526  fail:
 527         return status;
 528 }
 529 
 530 /*
 531  * Create a test user
 532  */
 533 
 534 static bool create_user(TALLOC_CTX *mem_ctx, struct smbcli_state *cli,
     /* [<][>][^][v][top][bottom][index][help] */
 535                         struct loadparm_context *lp_ctx,
 536                         struct cli_credentials *admin_creds,
 537                         const char *username, const char *password,
 538                         char **domain_name,
 539                         struct dom_sid **user_sid)
 540 {
 541         TALLOC_CTX *tmp_ctx;
 542         NTSTATUS status;
 543         struct dcerpc_pipe *samr_pipe;
 544         struct policy_handle *wks_handle;
 545         bool ret = false;
 546 
 547         if (!(tmp_ctx = talloc_new(mem_ctx))) {
 548                 d_printf("talloc_init failed\n");
 549                 return false;
 550         }
 551 
 552         status = get_usr_handle(cli, tmp_ctx, lp_ctx, admin_creds,
 553                                 DCERPC_AUTH_TYPE_NTLMSSP,
 554                                 DCERPC_AUTH_LEVEL_INTEGRITY,
 555                                 username, domain_name, &samr_pipe, &wks_handle,
 556                                 user_sid);
 557         if (!NT_STATUS_IS_OK(status)) {
 558                 d_printf("get_usr_handle failed: %s\n", nt_errstr(status));
 559                 goto done;
 560         }
 561 
 562         {
 563                 struct samr_SetUserInfo2 sui2;
 564                 struct samr_SetUserInfo sui;
 565                 struct samr_QueryUserInfo qui;
 566                 union samr_UserInfo u_info;
 567                 union samr_UserInfo *info;
 568                 DATA_BLOB session_key;
 569 
 570 
 571                 ZERO_STRUCT(u_info);
 572                 encode_pw_buffer(u_info.info23.password.data, password,
 573                                  STR_UNICODE);
 574 
 575                 status = dcerpc_fetch_session_key(samr_pipe, &session_key);
 576                 if (!NT_STATUS_IS_OK(status)) {
 577                         d_printf("dcerpc_fetch_session_key failed\n");
 578                         goto done;
 579                 }
 580                 arcfour_crypt_blob(u_info.info23.password.data, 516,
 581                                    &session_key);
 582                 u_info.info23.info.password_expired = 0;
 583                 u_info.info23.info.fields_present = SAMR_FIELD_NT_PASSWORD_PRESENT |
 584                                                     SAMR_FIELD_LM_PASSWORD_PRESENT |
 585                                                     SAMR_FIELD_EXPIRED_FLAG;
 586                 sui2.in.user_handle = wks_handle;
 587                 sui2.in.info = &u_info;
 588                 sui2.in.level = 23;
 589 
 590                 status = dcerpc_samr_SetUserInfo2(samr_pipe, tmp_ctx, &sui2);
 591                 if (!NT_STATUS_IS_OK(status)) {
 592                         d_printf("samr_SetUserInfo(23) failed: %s\n",
 593                                  nt_errstr(status));
 594                         goto done;
 595                 }
 596 
 597                 u_info.info16.acct_flags = ACB_NORMAL;
 598                 sui.in.user_handle = wks_handle;
 599                 sui.in.info = &u_info;
 600                 sui.in.level = 16;
 601 
 602                 status = dcerpc_samr_SetUserInfo(samr_pipe, tmp_ctx, &sui);
 603                 if (!NT_STATUS_IS_OK(status)) {
 604                         d_printf("samr_SetUserInfo(16) failed\n");
 605                         goto done;
 606                 }
 607 
 608                 qui.in.user_handle = wks_handle;
 609                 qui.in.level = 21;
 610                 qui.out.info = &info;
 611 
 612                 status = dcerpc_samr_QueryUserInfo(samr_pipe, tmp_ctx, &qui);
 613                 if (!NT_STATUS_IS_OK(status)) {
 614                         d_printf("samr_QueryUserInfo(21) failed\n");
 615                         goto done;
 616                 }
 617 
 618                 info->info21.allow_password_change = 0;
 619                 info->info21.force_password_change = 0;
 620                 info->info21.account_name.string = NULL;
 621                 info->info21.rid = 0;
 622                 info->info21.acct_expiry = 0;
 623                 info->info21.fields_present = 0x81827fa; /* copy usrmgr.exe */
 624 
 625                 u_info.info21 = info->info21;
 626                 sui.in.user_handle = wks_handle;
 627                 sui.in.info = &u_info;
 628                 sui.in.level = 21;
 629 
 630                 status = dcerpc_samr_SetUserInfo(samr_pipe, tmp_ctx, &sui);
 631                 if (!NT_STATUS_IS_OK(status)) {
 632                         d_printf("samr_SetUserInfo(21) failed\n");
 633                         goto done;
 634                 }
 635         }
 636 
 637         *domain_name= talloc_steal(mem_ctx, *domain_name);
 638         *user_sid = talloc_steal(mem_ctx, *user_sid);
 639         ret = true;
 640  done:
 641         talloc_free(tmp_ctx);
 642         return ret;
 643 }
 644 
 645 /*
 646  * Delete a test user
 647  */
 648 
 649 static bool delete_user(struct smbcli_state *cli,
     /* [<][>][^][v][top][bottom][index][help] */
 650                         struct loadparm_context *lp_ctx,
 651                         struct cli_credentials *admin_creds,
 652                         const char *username)
 653 {
 654         TALLOC_CTX *mem_ctx;
 655         NTSTATUS status;
 656         char *dom_name;
 657         struct dcerpc_pipe *samr_pipe;
 658         struct policy_handle *user_handle;
 659         bool ret = false;
 660 
 661         if ((mem_ctx = talloc_init("leave")) == NULL) {
 662                 d_printf("talloc_init failed\n");
 663                 return false;
 664         }
 665 
 666         status = get_usr_handle(cli, mem_ctx, lp_ctx, admin_creds,
 667                                 DCERPC_AUTH_TYPE_NTLMSSP,
 668                                 DCERPC_AUTH_LEVEL_INTEGRITY,
 669                                 username, &dom_name, &samr_pipe,
 670                                 &user_handle, NULL);
 671 
 672         if (!NT_STATUS_IS_OK(status)) {
 673                 d_printf("get_wks_handle failed: %s\n", nt_errstr(status));
 674                 goto done;
 675         }
 676 
 677         {
 678                 struct samr_DeleteUser d;
 679 
 680                 d.in.user_handle = user_handle;
 681                 d.out.user_handle = user_handle;
 682 
 683                 status = dcerpc_samr_DeleteUser(samr_pipe, mem_ctx, &d);
 684                 if (!NT_STATUS_IS_OK(status)) {
 685                         d_printf("samr_DeleteUser failed %s\n", nt_errstr(status));
 686                         goto done;
 687                 }
 688         }
 689 
 690         ret = true;
 691 
 692  done:
 693         talloc_free(mem_ctx);
 694         return ret;
 695 }
 696 
 697 /*
 698  * Do a Samba3-style join
 699  */
 700 
 701 static bool join3(struct smbcli_state *cli,
     /* [<][>][^][v][top][bottom][index][help] */
 702                   struct loadparm_context *lp_ctx,
 703                   bool use_level25,
 704                   struct cli_credentials *admin_creds,
 705                   struct cli_credentials *wks_creds)
 706 {
 707         TALLOC_CTX *mem_ctx;
 708         NTSTATUS status;
 709         char *dom_name;
 710         struct dcerpc_pipe *samr_pipe;
 711         struct policy_handle *wks_handle;
 712         bool ret = false;
 713         NTTIME last_password_change;
 714 
 715         if ((mem_ctx = talloc_init("join3")) == NULL) {
 716                 d_printf("talloc_init failed\n");
 717                 return false;
 718         }
 719 
 720         status = get_usr_handle(
 721                 cli, mem_ctx, lp_ctx, admin_creds,
 722                 DCERPC_AUTH_TYPE_NTLMSSP,
 723                 DCERPC_AUTH_LEVEL_PRIVACY,
 724                 talloc_asprintf(mem_ctx, "%s$",
 725                                 cli_credentials_get_workstation(wks_creds)),
 726                 &dom_name, &samr_pipe, &wks_handle, NULL);
 727 
 728         if (!NT_STATUS_IS_OK(status)) {
 729                 d_printf("get_wks_handle failed: %s\n", nt_errstr(status));
 730                 goto done;
 731         }
 732 
 733         {
 734                 struct samr_QueryUserInfo q;
 735                 union samr_UserInfo *info;
 736 
 737                 q.in.user_handle = wks_handle;
 738                 q.in.level = 21;
 739                 q.out.info = &info;
 740 
 741                 status = dcerpc_samr_QueryUserInfo(samr_pipe, mem_ctx, &q);
 742                 if (!NT_STATUS_IS_OK(status)) {
 743                         d_printf("(%s) QueryUserInfo failed: %s\n",
 744                                   __location__, nt_errstr(status));
 745                         goto done;
 746                 }
 747 
 748                 last_password_change = info->info21.last_password_change;
 749         }
 750 
 751         cli_credentials_set_domain(wks_creds, dom_name, CRED_SPECIFIED);
 752 
 753         if (use_level25) {
 754                 struct samr_SetUserInfo2 sui2;
 755                 union samr_UserInfo u_info;
 756                 struct samr_UserInfo21 *i21 = &u_info.info25.info;
 757                 DATA_BLOB session_key;
 758                 DATA_BLOB confounded_session_key = data_blob_talloc(
 759                         mem_ctx, NULL, 16);
 760                 struct MD5Context ctx;
 761                 uint8_t confounder[16];
 762 
 763                 ZERO_STRUCT(u_info);
 764 
 765                 i21->full_name.string = talloc_asprintf(
 766                         mem_ctx, "%s$",
 767                         cli_credentials_get_workstation(wks_creds));
 768                 i21->acct_flags = ACB_WSTRUST;
 769                 i21->fields_present = SAMR_FIELD_FULL_NAME |
 770                         SAMR_FIELD_ACCT_FLAGS | SAMR_FIELD_NT_PASSWORD_PRESENT;
 771                 /* this would break the test result expectations
 772                 i21->fields_present |= SAMR_FIELD_EXPIRED_FLAG;
 773                 i21->password_expired = 1;
 774                 */
 775 
 776                 encode_pw_buffer(u_info.info25.password.data,
 777                                  cli_credentials_get_password(wks_creds),
 778                                  STR_UNICODE);
 779                 status = dcerpc_fetch_session_key(samr_pipe, &session_key);
 780                 if (!NT_STATUS_IS_OK(status)) {
 781                         d_printf("dcerpc_fetch_session_key failed: %s\n",
 782                                  nt_errstr(status));
 783                         goto done;
 784                 }
 785                 generate_random_buffer((uint8_t *)confounder, 16);
 786 
 787                 MD5Init(&ctx);
 788                 MD5Update(&ctx, confounder, 16);
 789                 MD5Update(&ctx, session_key.data, session_key.length);
 790                 MD5Final(confounded_session_key.data, &ctx);
 791 
 792                 arcfour_crypt_blob(u_info.info25.password.data, 516,
 793                                    &confounded_session_key);
 794                 memcpy(&u_info.info25.password.data[516], confounder, 16);
 795 
 796                 sui2.in.user_handle = wks_handle;
 797                 sui2.in.level = 25;
 798                 sui2.in.info = &u_info;
 799 
 800                 status = dcerpc_samr_SetUserInfo2(samr_pipe, mem_ctx, &sui2);
 801                 if (!NT_STATUS_IS_OK(status)) {
 802                         d_printf("samr_SetUserInfo2(25) failed: %s\n",
 803                                  nt_errstr(status));
 804                         goto done;
 805                 }
 806         } else {
 807                 struct samr_SetUserInfo2 sui2;
 808                 struct samr_SetUserInfo sui;
 809                 union samr_UserInfo u_info;
 810                 DATA_BLOB session_key;
 811 
 812                 encode_pw_buffer(u_info.info24.password.data,
 813                                  cli_credentials_get_password(wks_creds),
 814                                  STR_UNICODE);
 815                 /* just to make this test pass */
 816                 u_info.info24.password_expired = 1;
 817 
 818                 status = dcerpc_fetch_session_key(samr_pipe, &session_key);
 819                 if (!NT_STATUS_IS_OK(status)) {
 820                         d_printf("dcerpc_fetch_session_key failed\n");
 821                         goto done;
 822                 }
 823                 arcfour_crypt_blob(u_info.info24.password.data, 516,
 824                                    &session_key);
 825                 sui2.in.user_handle = wks_handle;
 826                 sui2.in.info = &u_info;
 827                 sui2.in.level = 24;
 828 
 829                 status = dcerpc_samr_SetUserInfo2(samr_pipe, mem_ctx, &sui2);
 830                 if (!NT_STATUS_IS_OK(status)) {
 831                         d_printf("samr_SetUserInfo(24) failed: %s\n",
 832                                  nt_errstr(status));
 833                         goto done;
 834                 }
 835 
 836                 u_info.info16.acct_flags = ACB_WSTRUST;
 837                 sui.in.user_handle = wks_handle;
 838                 sui.in.info = &u_info;
 839                 sui.in.level = 16;
 840 
 841                 status = dcerpc_samr_SetUserInfo(samr_pipe, mem_ctx, &sui);
 842                 if (!NT_STATUS_IS_OK(status)) {
 843                         d_printf("samr_SetUserInfo(16) failed\n");
 844                         goto done;
 845                 }
 846         }
 847 
 848         {
 849                 struct samr_QueryUserInfo q;
 850                 union samr_UserInfo *info;
 851 
 852                 q.in.user_handle = wks_handle;
 853                 q.in.level = 21;
 854                 q.out.info = &info;
 855 
 856                 status = dcerpc_samr_QueryUserInfo(samr_pipe, mem_ctx, &q);
 857                 if (!NT_STATUS_IS_OK(status)) {
 858                         d_printf("(%s) QueryUserInfo failed: %s\n",
 859                                   __location__, nt_errstr(status));
 860                         goto done;
 861                 }
 862 
 863                 if (use_level25) {
 864                         if (last_password_change
 865                             == info->info21.last_password_change) {
 866                                 d_printf("(%s) last_password_change unchanged "
 867                                          "during join, level25 must change "
 868                                          "it\n", __location__);
 869                                 goto done;
 870                         }
 871                 }
 872                 else {
 873                         if (last_password_change
 874                             != info->info21.last_password_change) {
 875                                 d_printf("(%s) last_password_change changed "
 876                                          "during join, level24 doesn't "
 877                                          "change it\n", __location__);
 878                                 goto done;
 879                         }
 880                 }
 881         }
 882 
 883         ret = true;
 884 
 885  done:
 886         talloc_free(mem_ctx);
 887         return ret;
 888 }
 889 
 890 /*
 891  * Do a ReqChallenge/Auth2 and get the wks creds
 892  */
 893 
 894 static bool auth2(struct smbcli_state *cli,
     /* [<][>][^][v][top][bottom][index][help] */
 895                   struct loadparm_context *lp_ctx,
 896                   struct cli_credentials *wks_cred)
 897 {
 898         TALLOC_CTX *mem_ctx;
 899         struct dcerpc_pipe *net_pipe;
 900         bool result = false;
 901         NTSTATUS status;
 902         struct netr_ServerReqChallenge r;
 903         struct netr_Credential netr_cli_creds;
 904         struct netr_Credential netr_srv_creds;
 905         uint32_t negotiate_flags;
 906         struct netr_ServerAuthenticate2 a;
 907         struct creds_CredentialState *creds_state;
 908         struct netr_Credential netr_cred;
 909         struct samr_Password mach_pw;
 910 
 911         mem_ctx = talloc_new(NULL);
 912         if (mem_ctx == NULL) {
 913                 d_printf("talloc_new failed\n");
 914                 return false;
 915         }
 916 
 917         net_pipe = dcerpc_pipe_init(mem_ctx,
 918                                     cli->transport->socket->event.ctx,
 919                                     lp_iconv_convenience(lp_ctx));
 920         if (net_pipe == NULL) {
 921                 d_printf("dcerpc_pipe_init failed\n");
 922                 goto done;
 923         }
 924 
 925         status = dcerpc_pipe_open_smb(net_pipe, cli->tree, "\\netlogon");
 926         if (!NT_STATUS_IS_OK(status)) {
 927                 d_printf("dcerpc_pipe_open_smb failed: %s\n",
 928                          nt_errstr(status));
 929                 goto done;
 930         }
 931 
 932         status = dcerpc_bind_auth_none(net_pipe, &ndr_table_netlogon);
 933         if (!NT_STATUS_IS_OK(status)) {
 934                 d_printf("dcerpc_bind_auth_none failed: %s\n",
 935                          nt_errstr(status));
 936                 goto done;
 937         }
 938 
 939         r.in.computer_name = cli_credentials_get_workstation(wks_cred);
 940         r.in.server_name = talloc_asprintf(
 941                 mem_ctx, "\\\\%s", dcerpc_server_name(net_pipe));
 942         if (r.in.server_name == NULL) {
 943                 d_printf("talloc_asprintf failed\n");
 944                 goto done;
 945         }
 946         generate_random_buffer(netr_cli_creds.data,
 947                                sizeof(netr_cli_creds.data));
 948         r.in.credentials = &netr_cli_creds;
 949         r.out.return_credentials = &netr_srv_creds;
 950 
 951         status = dcerpc_netr_ServerReqChallenge(net_pipe, mem_ctx, &r);
 952         if (!NT_STATUS_IS_OK(status)) {
 953                 d_printf("netr_ServerReqChallenge failed: %s\n",
 954                          nt_errstr(status));
 955                 goto done;
 956         }
 957 
 958         negotiate_flags = NETLOGON_NEG_AUTH2_FLAGS;
 959         E_md4hash(cli_credentials_get_password(wks_cred), mach_pw.hash);
 960 
 961         creds_state = talloc(mem_ctx, struct creds_CredentialState);
 962         creds_client_init(creds_state, r.in.credentials,
 963                           r.out.return_credentials, &mach_pw,
 964                           &netr_cred, negotiate_flags);
 965 
 966         a.in.server_name = talloc_asprintf(
 967                 mem_ctx, "\\\\%s", dcerpc_server_name(net_pipe));
 968         a.in.account_name = talloc_asprintf(
 969                 mem_ctx, "%s$", cli_credentials_get_workstation(wks_cred));
 970         a.in.computer_name = cli_credentials_get_workstation(wks_cred);
 971         a.in.secure_channel_type = SEC_CHAN_WKSTA;
 972         a.in.negotiate_flags = &negotiate_flags;
 973         a.out.negotiate_flags = &negotiate_flags;
 974         a.in.credentials = &netr_cred;
 975         a.out.return_credentials = &netr_cred;
 976 
 977         status = dcerpc_netr_ServerAuthenticate2(net_pipe, mem_ctx, &a);
 978         if (!NT_STATUS_IS_OK(status)) {
 979                 d_printf("netr_ServerServerAuthenticate2 failed: %s\n",
 980                          nt_errstr(status));
 981                 goto done;
 982         }
 983 
 984         if (!creds_client_check(creds_state, a.out.return_credentials)) {
 985                 d_printf("creds_client_check failed\n");
 986                 goto done;
 987         }
 988 
 989         cli_credentials_set_netlogon_creds(wks_cred, creds_state);
 990 
 991         result = true;
 992 
 993  done:
 994         talloc_free(mem_ctx);
 995         return result;
 996 }
 997 
 998 /*
 999  * Do a couple of schannel protected Netlogon ops: Interactive and Network
1000  * login, and change the wks password
1001  */
1002 
1003 static bool schan(struct smbcli_state *cli,
     /* [<][>][^][v][top][bottom][index][help] */
1004                   struct loadparm_context *lp_ctx,
1005                   struct cli_credentials *wks_creds,
1006                   struct cli_credentials *user_creds)
1007 {
1008         TALLOC_CTX *mem_ctx;
1009         NTSTATUS status;
1010         bool ret = false;
1011         struct dcerpc_pipe *net_pipe;
1012         int i;
1013         
1014         mem_ctx = talloc_new(NULL);
1015         if (mem_ctx == NULL) {
1016                 d_printf("talloc_new failed\n");
1017                 return false;
1018         }
1019 
1020         net_pipe = dcerpc_pipe_init(mem_ctx,
1021                                     cli->transport->socket->event.ctx,
1022                                     lp_iconv_convenience(lp_ctx));
1023         if (net_pipe == NULL) {
1024                 d_printf("dcerpc_pipe_init failed\n");
1025                 goto done;
1026         }
1027 
1028         status = dcerpc_pipe_open_smb(net_pipe, cli->tree, "\\netlogon");
1029         if (!NT_STATUS_IS_OK(status)) {
1030                 d_printf("dcerpc_pipe_open_smb failed: %s\n",
1031                          nt_errstr(status));
1032                 goto done;
1033         }
1034 
1035 #if 0
1036         net_pipe->conn->flags |= DCERPC_DEBUG_PRINT_IN |
1037                 DCERPC_DEBUG_PRINT_OUT;
1038 #endif
1039 #if 1
1040         net_pipe->conn->flags |= (DCERPC_SIGN | DCERPC_SEAL);
1041         status = dcerpc_bind_auth(net_pipe, &ndr_table_netlogon,
1042                                   wks_creds, lp_gensec_settings(lp_ctx, lp_ctx), DCERPC_AUTH_TYPE_SCHANNEL,
1043                                   DCERPC_AUTH_LEVEL_PRIVACY,
1044                                   NULL);
1045 #else
1046         status = dcerpc_bind_auth_none(net_pipe, &ndr_table_netlogon);
1047 #endif
1048         if (!NT_STATUS_IS_OK(status)) {
1049                 d_printf("schannel bind failed: %s\n", nt_errstr(status));
1050                 goto done;
1051         }
1052 
1053 
1054         for (i=2; i<4; i++) {
1055                 int flags;
1056                 DATA_BLOB chal, nt_resp, lm_resp, names_blob, session_key;
1057                 struct creds_CredentialState *creds_state;
1058                 struct netr_Authenticator netr_auth, netr_auth2;
1059                 struct netr_NetworkInfo ninfo;
1060                 struct netr_PasswordInfo pinfo;
1061                 struct netr_LogonSamLogon r;
1062                 union netr_LogonLevel logon;
1063                 union netr_Validation validation;
1064                 uint8_t authoritative;
1065                 struct netr_Authenticator return_authenticator;
1066 
1067                 flags = CLI_CRED_LANMAN_AUTH | CLI_CRED_NTLM_AUTH |
1068                         CLI_CRED_NTLMv2_AUTH;
1069 
1070                 chal = data_blob_talloc(mem_ctx, NULL, 8);
1071                 if (chal.data == NULL) {
1072                         d_printf("data_blob_talloc failed\n");
1073                         goto done;
1074                 }
1075 
1076                 generate_random_buffer(chal.data, chal.length);
1077                 names_blob = NTLMv2_generate_names_blob(
1078                         mem_ctx, 
1079                         cli_credentials_get_workstation(user_creds),
1080                         cli_credentials_get_domain(user_creds));
1081                 status = cli_credentials_get_ntlm_response(
1082                         user_creds, mem_ctx, &flags, chal, names_blob,
1083                         &lm_resp, &nt_resp, NULL, NULL);
1084                 if (!NT_STATUS_IS_OK(status)) {
1085                         d_printf("cli_credentials_get_ntlm_response failed:"
1086                                  " %s\n", nt_errstr(status));
1087                         goto done;
1088                 }
1089 
1090                 creds_state = cli_credentials_get_netlogon_creds(wks_creds);
1091                 creds_client_authenticator(creds_state, &netr_auth);
1092 
1093                 ninfo.identity_info.account_name.string =
1094                         cli_credentials_get_username(user_creds);
1095                 ninfo.identity_info.domain_name.string =
1096                         cli_credentials_get_domain(user_creds);
1097                 ninfo.identity_info.parameter_control = 0;
1098                 ninfo.identity_info.logon_id_low = 0;
1099                 ninfo.identity_info.logon_id_high = 0;
1100                 ninfo.identity_info.workstation.string =
1101                         cli_credentials_get_workstation(user_creds);
1102                 memcpy(ninfo.challenge, chal.data, sizeof(ninfo.challenge));
1103                 ninfo.nt.length = nt_resp.length;
1104                 ninfo.nt.data = nt_resp.data;
1105                 ninfo.lm.length = lm_resp.length;
1106                 ninfo.lm.data = lm_resp.data;
1107 
1108                 logon.network = &ninfo;
1109 
1110                 r.in.server_name = talloc_asprintf(
1111                         mem_ctx, "\\\\%s", dcerpc_server_name(net_pipe));
1112                 ZERO_STRUCT(netr_auth2);
1113                 r.in.computer_name =
1114                         cli_credentials_get_workstation(wks_creds);
1115                 r.in.credential = &netr_auth;
1116                 r.in.return_authenticator = &netr_auth2;
1117                 r.in.logon_level = 2;
1118                 r.in.validation_level = i;
1119                 r.in.logon = &logon;
1120                 r.out.validation = &validation;
1121                 r.out.authoritative = &authoritative;
1122                 r.out.return_authenticator = &return_authenticator;
1123 
1124                 status = dcerpc_netr_LogonSamLogon(net_pipe, mem_ctx, &r);
1125                 if (!NT_STATUS_IS_OK(status)) {
1126                         d_printf("netr_LogonSamLogon failed: %s\n",
1127                                  nt_errstr(status));
1128                         goto done;
1129                 }
1130 
1131                 if ((r.out.return_authenticator == NULL) ||
1132                     (!creds_client_check(creds_state,
1133                                          &r.out.return_authenticator->cred))) {
1134                         d_printf("Credentials check failed!\n");
1135                         goto done;
1136                 }
1137 
1138                 creds_client_authenticator(creds_state, &netr_auth);
1139 
1140                 pinfo.identity_info = ninfo.identity_info;
1141                 ZERO_STRUCT(pinfo.lmpassword.hash);
1142                 E_md4hash(cli_credentials_get_password(user_creds),
1143                           pinfo.ntpassword.hash);
1144                 session_key = data_blob_talloc(mem_ctx,
1145                                                creds_state->session_key, 16);
1146                 arcfour_crypt_blob(pinfo.ntpassword.hash,
1147                                    sizeof(pinfo.ntpassword.hash),
1148                                    &session_key);
1149 
1150                 logon.password = &pinfo;
1151 
1152                 r.in.logon_level = 1;
1153                 r.in.logon = &logon;
1154                 r.out.return_authenticator = &return_authenticator;
1155 
1156                 status = dcerpc_netr_LogonSamLogon(net_pipe, mem_ctx, &r);
1157                 if (!NT_STATUS_IS_OK(status)) {
1158                         d_printf("netr_LogonSamLogon failed: %s\n",
1159                                  nt_errstr(status));
1160                         goto done;
1161                 }
1162 
1163                 if ((r.out.return_authenticator == NULL) ||
1164                     (!creds_client_check(creds_state,
1165                                          &r.out.return_authenticator->cred))) {
1166                         d_printf("Credentials check failed!\n");
1167                         goto done;
1168                 }
1169         }
1170 
1171         {
1172                 struct netr_ServerPasswordSet s;
1173                 char *password = generate_random_str(wks_creds, 8);
1174                 struct creds_CredentialState *creds_state;
1175                 struct netr_Authenticator credential, return_authenticator;
1176                 struct samr_Password new_password;
1177 
1178                 s.in.server_name = talloc_asprintf(
1179                         mem_ctx, "\\\\%s", dcerpc_server_name(net_pipe));
1180                 s.in.computer_name = cli_credentials_get_workstation(wks_creds);
1181                 s.in.account_name = talloc_asprintf(
1182                         mem_ctx, "%s$", s.in.computer_name);
1183                 s.in.secure_channel_type = SEC_CHAN_WKSTA;
1184                 s.in.credential = &credential;
1185                 s.in.new_password = &new_password;
1186                 s.out.return_authenticator = &return_authenticator;
1187 
1188                 E_md4hash(password, new_password.hash);
1189 
1190                 creds_state = cli_credentials_get_netlogon_creds(wks_creds);
1191                 creds_des_encrypt(creds_state, &new_password);
1192                 creds_client_authenticator(creds_state, &credential);
1193 
1194                 status = dcerpc_netr_ServerPasswordSet(net_pipe, mem_ctx, &s);
1195                 if (!NT_STATUS_IS_OK(status)) {
1196                         printf("ServerPasswordSet - %s\n", nt_errstr(status));
1197                         goto done;
1198                 }
1199 
1200                 if (!creds_client_check(creds_state,
1201                                         &s.out.return_authenticator->cred)) {
1202                         printf("Credential chaining failed\n");
1203                 }
1204 
1205                 cli_credentials_set_password(wks_creds, password,
1206                                              CRED_SPECIFIED);
1207         }
1208 
1209         ret = true;
1210  done:
1211         talloc_free(mem_ctx);
1212         return ret;
1213 }
1214 
1215 /*
1216  * Delete the wks account again
1217  */
1218 
1219 static bool leave(struct smbcli_state *cli,
     /* [<][>][^][v][top][bottom][index][help] */
1220                   struct loadparm_context *lp_ctx,
1221                   struct cli_credentials *admin_creds,
1222                   struct cli_credentials *wks_creds)
1223 {
1224         char *wks_name = talloc_asprintf(
1225                 NULL, "%s$", cli_credentials_get_workstation(wks_creds));
1226         bool ret;
1227 
1228         ret = delete_user(cli, lp_ctx, admin_creds, wks_name);
1229         talloc_free(wks_name);
1230         return ret;
1231 }
1232 
1233 /*
1234  * Test the Samba3 DC code a bit. Join, do some schan netlogon ops, leave
1235  */
1236 
1237 bool torture_netlogon_samba3(struct torture_context *torture)
     /* [<][>][^][v][top][bottom][index][help] */
1238 {
1239         TALLOC_CTX *mem_ctx;
1240         NTSTATUS status;
1241         bool ret = false;
1242         struct smbcli_state *cli;
1243         struct cli_credentials *anon_creds;
1244         struct cli_credentials *wks_creds;
1245         const char *wks_name;
1246         int i;
1247         struct smbcli_options options;
1248         struct smbcli_session_options session_options;
1249 
1250         wks_name = torture_setting_string(torture, "wksname", NULL);
1251         if (wks_name == NULL) {
1252                 wks_name = get_myname(torture);
1253         }
1254 
1255         mem_ctx = talloc_init("torture_netlogon_samba3");
1256 
1257         if (mem_ctx == NULL) {
1258                 d_printf("talloc_init failed\n");
1259                 return false;
1260         }
1261 
1262         if (!(anon_creds = cli_credentials_init_anon(mem_ctx))) {
1263                 d_printf("create_anon_creds failed\n");
1264                 goto done;
1265         }
1266 
1267         lp_smbcli_options(torture->lp_ctx, &options);
1268         lp_smbcli_session_options(torture->lp_ctx, &session_options);
1269 
1270         status = smbcli_full_connection(mem_ctx, &cli,
1271                                         torture_setting_string(torture, "host", NULL),
1272                                         lp_smb_ports(torture->lp_ctx),
1273                                         "IPC$", NULL, 
1274                                         lp_socket_options(torture->lp_ctx),
1275                                         anon_creds, 
1276                                         lp_resolve_context(torture->lp_ctx),
1277                                         torture->ev, &options, &session_options,
1278                                         lp_iconv_convenience(torture->lp_ctx),
1279                                         lp_gensec_settings(torture, torture->lp_ctx));
1280         if (!NT_STATUS_IS_OK(status)) {
1281                 d_printf("smbcli_full_connection failed: %s\n",
1282                          nt_errstr(status));
1283                 goto done;
1284         }
1285 
1286         wks_creds = cli_credentials_init(mem_ctx);
1287         if (wks_creds == NULL) {
1288                 d_printf("cli_credentials_init failed\n");
1289                 goto done;
1290         }
1291 
1292         cli_credentials_set_conf(wks_creds, torture->lp_ctx);
1293         cli_credentials_set_secure_channel_type(wks_creds, SEC_CHAN_WKSTA);
1294         cli_credentials_set_username(wks_creds, wks_name, CRED_SPECIFIED);
1295         cli_credentials_set_workstation(wks_creds, wks_name, CRED_SPECIFIED);
1296         cli_credentials_set_password(wks_creds,
1297                                      generate_random_str(wks_creds, 8),
1298                                      CRED_SPECIFIED);
1299 
1300         if (!join3(cli, torture->lp_ctx, false, cmdline_credentials, wks_creds)) {
1301                 d_printf("join failed\n");
1302                 goto done;
1303         }
1304 
1305         cli_credentials_set_domain(
1306                 cmdline_credentials, cli_credentials_get_domain(wks_creds),
1307                 CRED_SPECIFIED);
1308 
1309         for (i=0; i<2; i++) {
1310 
1311                 /* Do this more than once, the routine "schan" changes
1312                  * the workstation password using the netlogon
1313                  * password change routine */
1314 
1315                 int j;
1316 
1317                 if (!auth2(cli, torture->lp_ctx, wks_creds)) {
1318                         d_printf("auth2 failed\n");
1319                         goto done;
1320                 }
1321 
1322                 for (j=0; j<2; j++) {
1323                         if (!schan(cli, torture->lp_ctx, wks_creds, cmdline_credentials)) {
1324                                 d_printf("schan failed\n");
1325                                 goto done;
1326                         }
1327                 }
1328         }
1329 
1330         if (!leave(cli, torture->lp_ctx, cmdline_credentials, wks_creds)) {
1331                 d_printf("leave failed\n");
1332                 goto done;
1333         }
1334 
1335         ret = true;
1336 
1337  done:
1338         talloc_free(mem_ctx);
1339         return ret;
1340 }
1341 
1342 /*
1343  * Do a simple join, testjoin and leave using specified smb and samr
1344  * credentials
1345  */
1346 
1347 static bool test_join3(struct torture_context *tctx,
     /* [<][>][^][v][top][bottom][index][help] */
1348                        bool use_level25,
1349                        struct cli_credentials *smb_creds,
1350                        struct cli_credentials *samr_creds,
1351                        const char *wks_name)
1352 {
1353         NTSTATUS status;
1354         bool ret = false;
1355         struct smbcli_state *cli;
1356         struct cli_credentials *wks_creds;
1357         struct smbcli_options options;
1358         struct smbcli_session_options session_options;
1359 
1360         lp_smbcli_options(tctx->lp_ctx, &options);
1361         lp_smbcli_session_options(tctx->lp_ctx, &session_options);
1362 
1363         status = smbcli_full_connection(tctx, &cli,
1364                                         torture_setting_string(tctx, "host", NULL),
1365                                         lp_smb_ports(tctx->lp_ctx),
1366                                         "IPC$", NULL, lp_socket_options(tctx->lp_ctx),
1367                                         smb_creds, lp_resolve_context(tctx->lp_ctx),
1368                                         tctx->ev, &options, &session_options,
1369                                         lp_iconv_convenience(tctx->lp_ctx),
1370                                         lp_gensec_settings(tctx, tctx->lp_ctx));
1371         if (!NT_STATUS_IS_OK(status)) {
1372                 d_printf("smbcli_full_connection failed: %s\n",
1373                          nt_errstr(status));
1374                 goto done;
1375         }
1376 
1377         wks_creds = cli_credentials_init(cli);
1378         if (wks_creds == NULL) {
1379                 d_printf("cli_credentials_init failed\n");
1380                 goto done;
1381         }
1382 
1383         cli_credentials_set_conf(wks_creds, tctx->lp_ctx);
1384         cli_credentials_set_secure_channel_type(wks_creds, SEC_CHAN_WKSTA);
1385         cli_credentials_set_username(wks_creds, wks_name, CRED_SPECIFIED);
1386         cli_credentials_set_workstation(wks_creds, wks_name, CRED_SPECIFIED);
1387         cli_credentials_set_password(wks_creds,
1388                                      generate_random_str(wks_creds, 8),
1389                                      CRED_SPECIFIED);
1390 
1391         if (!join3(cli, tctx->lp_ctx, use_level25, samr_creds, wks_creds)) {
1392                 d_printf("join failed\n");
1393                 goto done;
1394         }
1395 
1396         cli_credentials_set_domain(
1397                 cmdline_credentials, cli_credentials_get_domain(wks_creds),
1398                 CRED_SPECIFIED);
1399 
1400         if (!auth2(cli, tctx->lp_ctx, wks_creds)) {
1401                 d_printf("auth2 failed\n");
1402                 goto done;
1403         }
1404 
1405         if (!leave(cli, tctx->lp_ctx, samr_creds, wks_creds)) {
1406                 d_printf("leave failed\n");
1407                 goto done;
1408         }
1409 
1410         talloc_free(cli);
1411 
1412         ret = true;
1413 
1414  done:
1415         return ret;
1416 }
1417 
1418 /*
1419  * Test the different session key variants. Do it by joining, this uses the
1420  * session key in the setpassword routine. Test the join by doing the auth2.
1421  */
1422 
1423 bool torture_samba3_sessionkey(struct torture_context *torture)
     /* [<][>][^][v][top][bottom][index][help] */
1424 {
1425         bool ret = false;
1426         struct cli_credentials *anon_creds;
1427         const char *wks_name;
1428 
1429         wks_name = torture_setting_string(torture, "wksname", get_myname(torture));
1430 
1431         if (!(anon_creds = cli_credentials_init_anon(torture))) {
1432                 d_printf("create_anon_creds failed\n");
1433                 goto done;
1434         }
1435 
1436         cli_credentials_set_workstation(anon_creds, wks_name, CRED_SPECIFIED);
1437 
1438         ret = true;
1439 
1440         if (!torture_setting_bool(torture, "samba3", false)) {
1441 
1442                 /* Samba3 in the build farm right now does this happily. Need
1443                  * to fix :-) */
1444 
1445                 if (test_join3(torture, false, anon_creds, NULL, wks_name)) {
1446                         d_printf("join using anonymous bind on an anonymous smb "
1447                                  "connection succeeded -- HUH??\n");
1448                         ret = false;
1449                 }
1450         }
1451 
1452         if (!test_join3(torture, false, anon_creds, cmdline_credentials,
1453                         wks_name)) {
1454                 d_printf("join using ntlmssp bind on an anonymous smb "
1455                          "connection failed\n");
1456                 ret = false;
1457         }
1458 
1459         if (!test_join3(torture, false, cmdline_credentials, NULL, wks_name)) {
1460                 d_printf("join using anonymous bind on an authenticated smb "
1461                          "connection failed\n");
1462                 ret = false;
1463         }
1464 
1465         if (!test_join3(torture, false, cmdline_credentials,
1466                         cmdline_credentials,
1467                         wks_name)) {
1468                 d_printf("join using ntlmssp bind on an authenticated smb "
1469                          "connection failed\n");
1470                 ret = false;
1471         }
1472 
1473         /*
1474          * The following two are tests for setuserinfolevel 25
1475          */
1476 
1477         if (!test_join3(torture, true, anon_creds, cmdline_credentials,
1478                         wks_name)) {
1479                 d_printf("join using ntlmssp bind on an anonymous smb "
1480                          "connection failed\n");
1481                 ret = false;
1482         }
1483 
1484         if (!test_join3(torture, true, cmdline_credentials, NULL, wks_name)) {
1485                 d_printf("join using anonymous bind on an authenticated smb "
1486                          "connection failed\n");
1487                 ret = false;
1488         }
1489 
1490  done:
1491 
1492         return ret;
1493 }
1494 
1495 /*
1496  * open pipe and bind, given an IPC$ context
1497  */
1498 
1499 static NTSTATUS pipe_bind_smb(TALLOC_CTX *mem_ctx,
     /* [<][>][^][v][top][bottom][index][help] */
1500                               struct loadparm_context *lp_ctx,
1501                               struct smbcli_tree *tree,
1502                               const char *pipe_name,
1503                               const struct ndr_interface_table *iface,
1504                               struct dcerpc_pipe **p)
1505 {
1506         struct dcerpc_pipe *result;
1507         NTSTATUS status;
1508 
1509         if (!(result = dcerpc_pipe_init(
1510                       mem_ctx, tree->session->transport->socket->event.ctx, 
1511                       lp_iconv_convenience(lp_ctx)))) {
1512                 return NT_STATUS_NO_MEMORY;
1513         }
1514 
1515         status = dcerpc_pipe_open_smb(result, tree, pipe_name);
1516         if (!NT_STATUS_IS_OK(status)) {
1517                 d_printf("dcerpc_pipe_open_smb failed: %s\n",
1518                          nt_errstr(status));
1519                 talloc_free(result);
1520                 return status;
1521         }
1522 
1523         status = dcerpc_bind_auth_none(result, iface);
1524         if (!NT_STATUS_IS_OK(status)) {
1525                 d_printf("schannel bind failed: %s\n", nt_errstr(status));
1526                 talloc_free(result);
1527                 return status;
1528         }
1529 
1530         *p = result;
1531         return NT_STATUS_OK;
1532 }
1533 
1534 /*
1535  * Sane wrapper around lsa_LookupNames
1536  */
1537 
1538 static struct dom_sid *name2sid(TALLOC_CTX *mem_ctx,
     /* [<][>][^][v][top][bottom][index][help] */
1539                                 struct dcerpc_pipe *p,
1540                                 const char *name,
1541                                 const char *domain)
1542 {
1543         struct lsa_ObjectAttribute attr;
1544         struct lsa_QosInfo qos;
1545         struct lsa_OpenPolicy2 r;
1546         struct lsa_Close c;
1547         NTSTATUS status;
1548         struct policy_handle handle;
1549         struct lsa_LookupNames l;
1550         struct lsa_TransSidArray sids;
1551         struct lsa_RefDomainList *domains = NULL;
1552         struct lsa_String lsa_name;
1553         uint32_t count = 0;
1554         struct dom_sid *result;
1555         TALLOC_CTX *tmp_ctx;
1556 
1557         if (!(tmp_ctx = talloc_new(mem_ctx))) {
1558                 return NULL;
1559         }
1560 
1561         qos.len = 0;
1562         qos.impersonation_level = 2;
1563         qos.context_mode = 1;
1564         qos.effective_only = 0;
1565 
1566         attr.len = 0;
1567         attr.root_dir = NULL;
1568         attr.object_name = NULL;
1569         attr.attributes = 0;
1570         attr.sec_desc = NULL;
1571         attr.sec_qos = &qos;
1572 
1573         r.in.system_name = "\\";
1574         r.in.attr = &attr;
1575         r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
1576         r.out.handle = &handle;
1577 
1578         status = dcerpc_lsa_OpenPolicy2(p, tmp_ctx, &r);
1579         if (!NT_STATUS_IS_OK(status)) {
1580                 printf("OpenPolicy2 failed - %s\n", nt_errstr(status));
1581                 talloc_free(tmp_ctx);
1582                 return NULL;
1583         }
1584 
1585         sids.count = 0;
1586         sids.sids = NULL;
1587 
1588         lsa_name.string = talloc_asprintf(tmp_ctx, "%s\\%s", domain, name);
1589 
1590         l.in.handle = &handle;
1591         l.in.num_names = 1;
1592         l.in.names = &lsa_name;
1593         l.in.sids = &sids;
1594         l.in.level = 1;
1595         l.in.count = &count;
1596         l.out.count = &count;
1597         l.out.sids = &sids;
1598         l.out.domains = &domains;
1599 
1600         status = dcerpc_lsa_LookupNames(p, tmp_ctx, &l);
1601         if (!NT_STATUS_IS_OK(status)) {
1602                 printf("LookupNames of %s failed - %s\n", lsa_name.string, 
1603                        nt_errstr(status));
1604                 talloc_free(tmp_ctx);
1605                 return NULL;
1606         }
1607 
1608         result = dom_sid_add_rid(mem_ctx, domains->domains[0].sid,
1609                                  l.out.sids->sids[0].rid);
1610 
1611         c.in.handle = &handle;
1612         c.out.handle = &handle;
1613 
1614         status = dcerpc_lsa_Close(p, tmp_ctx, &c);
1615         if (!NT_STATUS_IS_OK(status)) {
1616                 printf("dcerpc_lsa_Close failed - %s\n", nt_errstr(status));
1617                 talloc_free(tmp_ctx);
1618                 return NULL;
1619         }
1620         
1621         talloc_free(tmp_ctx);
1622         return result;
1623 }
1624 
1625 /*
1626  * Find out the user SID on this connection
1627  */
1628 
1629 static struct dom_sid *whoami(TALLOC_CTX *mem_ctx, 
     /* [<][>][^][v][top][bottom][index][help] */
1630                               struct loadparm_context *lp_ctx, 
1631                               struct smbcli_tree *tree)
1632 {
1633         struct dcerpc_pipe *lsa;
1634         struct lsa_GetUserName r;
1635         NTSTATUS status;
1636         struct lsa_String *authority_name_p = NULL;
1637         struct lsa_String *account_name_p = NULL;
1638         struct dom_sid *result;
1639 
1640         status = pipe_bind_smb(mem_ctx, lp_ctx, tree, "\\pipe\\lsarpc",
1641                                &ndr_table_lsarpc, &lsa);
1642         if (!NT_STATUS_IS_OK(status)) {
1643                 d_printf("(%s) Could not bind to LSA: %s\n",
1644                          __location__, nt_errstr(status));
1645                 return NULL;
1646         }
1647 
1648         r.in.system_name = "\\";
1649         r.in.account_name = &account_name_p;
1650         r.in.authority_name = &authority_name_p;
1651         r.out.account_name = &account_name_p;
1652 
1653         status = dcerpc_lsa_GetUserName(lsa, mem_ctx, &r);
1654 
1655         authority_name_p = *r.out.authority_name;
1656 
1657         if (!NT_STATUS_IS_OK(status)) {
1658                 printf("(%s) GetUserName failed - %s\n",
1659                        __location__, nt_errstr(status));
1660                 talloc_free(lsa);
1661                 return NULL;
1662         }
1663 
1664         result = name2sid(mem_ctx, lsa, account_name_p->string,
1665                           authority_name_p->string);
1666 
1667         talloc_free(lsa);
1668         return result;
1669 }
1670 
1671 static int destroy_tree(struct smbcli_tree *tree)
     /* [<][>][^][v][top][bottom][index][help] */
1672 {
1673         smb_tree_disconnect(tree);
1674         return 0;
1675 }
1676 
1677 /*
1678  * Do a tcon, given a session
1679  */
1680 
1681 NTSTATUS secondary_tcon(TALLOC_CTX *mem_ctx,
     /* [<][>][^][v][top][bottom][index][help] */
1682                         struct smbcli_session *session,
1683                         const char *sharename,
1684                         struct smbcli_tree **res)
1685 {
1686         struct smbcli_tree *result;
1687         TALLOC_CTX *tmp_ctx;
1688         union smb_tcon tcon;
1689         NTSTATUS status;
1690 
1691         if (!(tmp_ctx = talloc_new(mem_ctx))) {
1692                 return NT_STATUS_NO_MEMORY;
1693         }
1694 
1695         if (!(result = smbcli_tree_init(session, mem_ctx, false))) {
1696                 talloc_free(tmp_ctx);
1697                 return NT_STATUS_NO_MEMORY;
1698         }
1699 
1700         tcon.generic.level = RAW_TCON_TCONX;
1701         tcon.tconx.in.flags = 0;
1702         tcon.tconx.in.password = data_blob(NULL, 0);
1703         tcon.tconx.in.path = sharename;
1704         tcon.tconx.in.device = "?????";
1705 
1706         status = smb_raw_tcon(result, tmp_ctx, &tcon);
1707         if (!NT_STATUS_IS_OK(status)) {
1708                 d_printf("(%s) smb_raw_tcon failed: %s\n", __location__,
1709                          nt_errstr(status));
1710                 talloc_free(tmp_ctx);
1711                 return status;
1712         }
1713 
1714         result->tid = tcon.tconx.out.tid;
1715         result = talloc_steal(mem_ctx, result);
1716         talloc_set_destructor(result, destroy_tree);
1717         talloc_free(tmp_ctx);
1718         *res = result;
1719         return NT_STATUS_OK;
1720 }
1721 
1722 /*
1723  * Test the getusername behaviour
1724  */
1725 
1726 bool torture_samba3_rpc_getusername(struct torture_context *torture)
     /* [<][>][^][v][top][bottom][index][help] */
1727 {
1728         NTSTATUS status;
1729         struct smbcli_state *cli;
1730         TALLOC_CTX *mem_ctx;
1731         bool ret = true;
1732         struct dom_sid *user_sid;
1733         struct dom_sid *created_sid;
1734         struct cli_credentials *anon_creds;
1735         struct cli_credentials *user_creds;
1736         char *domain_name;
1737         struct smbcli_options options;
1738         struct smbcli_session_options session_options;
1739 
1740         if (!(mem_ctx = talloc_new(torture))) {
1741                 return false;
1742         }
1743 
1744         lp_smbcli_options(torture->lp_ctx, &options);
1745         lp_smbcli_session_options(torture->lp_ctx, &session_options);
1746 
1747         status = smbcli_full_connection(
1748                 mem_ctx, &cli, torture_setting_string(torture, "host", NULL),
1749                 lp_smb_ports(torture->lp_ctx),
1750                 "IPC$", NULL, lp_socket_options(torture->lp_ctx), cmdline_credentials, 
1751                 lp_resolve_context(torture->lp_ctx),
1752                 torture->ev, &options, &session_options,
1753                 lp_iconv_convenience(torture->lp_ctx),
1754                 lp_gensec_settings(torture, torture->lp_ctx));
1755         if (!NT_STATUS_IS_OK(status)) {
1756                 d_printf("(%s) smbcli_full_connection failed: %s\n",
1757                          __location__, nt_errstr(status));
1758                 ret = false;
1759                 goto done;
1760         }
1761 
1762         if (!(user_sid = whoami(mem_ctx, torture->lp_ctx, cli->tree))) {
1763                 d_printf("(%s) whoami on auth'ed connection failed\n",
1764                          __location__);
1765                 ret = false;
1766         }
1767 
1768         talloc_free(cli);
1769 
1770         if (!(anon_creds = cli_credentials_init_anon(mem_ctx))) {
1771                 d_printf("(%s) create_anon_creds failed\n", __location__);
1772                 ret = false;
1773                 goto done;
1774         }
1775 
1776         status = smbcli_full_connection(
1777                 mem_ctx, &cli, torture_setting_string(torture, "host", NULL),
1778                 lp_smb_ports(torture->lp_ctx), "IPC$", NULL, 
1779                 lp_socket_options(torture->lp_ctx), anon_creds, 
1780                 lp_resolve_context(torture->lp_ctx),
1781                 torture->ev, &options, &session_options,
1782                 lp_iconv_convenience(torture->lp_ctx),
1783                 lp_gensec_settings(torture, torture->lp_ctx));
1784         if (!NT_STATUS_IS_OK(status)) {
1785                 d_printf("(%s) anon smbcli_full_connection failed: %s\n",
1786                          __location__, nt_errstr(status));
1787                 ret = false;
1788                 goto done;
1789         }
1790 
1791         if (!(user_sid = whoami(mem_ctx, torture->lp_ctx, cli->tree))) {
1792                 d_printf("(%s) whoami on anon connection failed\n",
1793                          __location__);
1794                 ret = false;
1795                 goto done;
1796         }
1797 
1798         if (!dom_sid_equal(user_sid,
1799                            dom_sid_parse_talloc(mem_ctx, "s-1-5-7"))) {
1800                 d_printf("(%s) Anon lsa_GetUserName returned %s, expected "
1801                          "S-1-5-7", __location__,
1802                          dom_sid_string(mem_ctx, user_sid));
1803                 ret = false;
1804         }
1805 
1806         if (!(user_creds = cli_credentials_init(mem_ctx))) {
1807                 d_printf("(%s) cli_credentials_init failed\n", __location__);
1808                 ret = false;
1809                 goto done;
1810         }
1811 
1812         cli_credentials_set_conf(user_creds, torture->lp_ctx);
1813         cli_credentials_set_username(user_creds, "torture_username",
1814                                      CRED_SPECIFIED);
1815         cli_credentials_set_password(user_creds,
1816                                      generate_random_str(user_creds, 8),
1817                                      CRED_SPECIFIED);
1818 
1819         if (!create_user(mem_ctx, cli, torture->lp_ctx, cmdline_credentials,
1820                          cli_credentials_get_username(user_creds),
1821                          cli_credentials_get_password(user_creds),
1822                          &domain_name, &created_sid)) {
1823                 d_printf("(%s) create_user failed\n", __location__);
1824                 ret = false;
1825                 goto done;
1826         }
1827 
1828         cli_credentials_set_domain(user_creds, domain_name,
1829                                    CRED_SPECIFIED);
1830 
1831         {
1832                 struct smbcli_session *session2;
1833                 struct smb_composite_sesssetup setup;
1834                 struct smbcli_tree *tree;
1835 
1836                 session2 = smbcli_session_init(cli->transport, mem_ctx, false, session_options);
1837                 if (session2 == NULL) {
1838                         d_printf("(%s) smbcli_session_init failed\n",
1839                                  __location__);
1840                         goto done;
1841                 }
1842 
1843                 setup.in.sesskey = cli->transport->negotiate.sesskey;
1844                 setup.in.capabilities = cli->transport->negotiate.capabilities;
1845                 setup.in.workgroup = "";
1846                 setup.in.credentials = user_creds;
1847                 setup.in.gensec_settings = lp_gensec_settings(torture, torture->lp_ctx);
1848 
1849                 status = smb_composite_sesssetup(session2, &setup);
1850                 if (!NT_STATUS_IS_OK(status)) {
1851                         d_printf("(%s) session setup with new user failed: "
1852                                  "%s\n", __location__, nt_errstr(status));
1853                         ret = false;
1854                         goto done;
1855                 }
1856                 session2->vuid = setup.out.vuid;
1857 
1858                 if (!NT_STATUS_IS_OK(secondary_tcon(mem_ctx, session2,
1859                                                     "IPC$", &tree))) {
1860                         d_printf("(%s) secondary_tcon failed\n",
1861                                  __location__);
1862                         ret = false;
1863                         goto done;
1864                 }
1865 
1866                 if (!(user_sid = whoami(mem_ctx, torture->lp_ctx, tree))) {
1867                         d_printf("(%s) whoami on user connection failed\n",
1868                                  __location__);
1869                         ret = false;
1870                         goto del;
1871                 }
1872 
1873                 talloc_free(tree);
1874         }
1875 
1876         d_printf("Created %s, found %s\n",
1877                  dom_sid_string(mem_ctx, created_sid),
1878                  dom_sid_string(mem_ctx, user_sid));
1879 
1880         if (!dom_sid_equal(created_sid, user_sid)) {
1881                 ret = false;
1882         }
1883 
1884  del:
1885         if (!delete_user(cli, torture->lp_ctx, 
1886                          cmdline_credentials,
1887                          cli_credentials_get_username(user_creds))) {
1888                 d_printf("(%s) delete_user failed\n", __location__);
1889                 ret = false;
1890         }
1891 
1892  done:
1893         talloc_free(mem_ctx);
1894         return ret;
1895 }
1896 
1897 static bool test_NetShareGetInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
     /* [<][>][^][v][top][bottom][index][help] */
1898                                  const char *sharename)
1899 {
1900         NTSTATUS status;
1901         struct srvsvc_NetShareGetInfo r;
1902         union srvsvc_NetShareInfo info;
1903         uint32_t levels[] = { 0, 1, 2, 501, 502, 1004, 1005, 1006, 1007, 1501 };
1904         int i;
1905         bool ret = true;
1906 
1907         r.in.server_unc = talloc_asprintf(mem_ctx, "\\\\%s",
1908                                           dcerpc_server_name(p));
1909         r.in.share_name = sharename;
1910         r.out.info = &info;
1911 
1912         for (i=0;i<ARRAY_SIZE(levels);i++) {
1913                 r.in.level = levels[i];
1914 
1915                 printf("testing NetShareGetInfo level %u on share '%s'\n", 
1916                        r.in.level, r.in.share_name);
1917 
1918                 status = dcerpc_srvsvc_NetShareGetInfo(p, mem_ctx, &r);
1919                 if (!NT_STATUS_IS_OK(status)) {
1920                         printf("NetShareGetInfo level %u on share '%s' failed"
1921                                " - %s\n", r.in.level, r.in.share_name,
1922                                nt_errstr(status));
1923                         ret = false;
1924                         continue;
1925                 }
1926                 if (!W_ERROR_IS_OK(r.out.result)) {
1927                         printf("NetShareGetInfo level %u on share '%s' failed "
1928                                "- %s\n", r.in.level, r.in.share_name,
1929                                win_errstr(r.out.result));
1930                         ret = false;
1931                         continue;
1932                 }
1933         }
1934 
1935         return ret;
1936 }
1937 
1938 static bool test_NetShareEnum(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
     /* [<][>][^][v][top][bottom][index][help] */
1939                               const char **one_sharename)
1940 {
1941         NTSTATUS status;
1942         struct srvsvc_NetShareEnum r;
1943         struct srvsvc_NetShareInfoCtr info_ctr;
1944         struct srvsvc_NetShareCtr0 c0;
1945         struct srvsvc_NetShareCtr1 c1;
1946         struct srvsvc_NetShareCtr2 c2;
1947         struct srvsvc_NetShareCtr501 c501;
1948         struct srvsvc_NetShareCtr502 c502;
1949         struct srvsvc_NetShareCtr1004 c1004;
1950         struct srvsvc_NetShareCtr1005 c1005;
1951         struct srvsvc_NetShareCtr1006 c1006;
1952         struct srvsvc_NetShareCtr1007 c1007;
1953         uint32_t totalentries = 0;
1954         uint32_t levels[] = { 0, 1, 2, 501, 502, 1004, 1005, 1006, 1007 };
1955         int i;
1956         bool ret = true;
1957 
1958         ZERO_STRUCT(info_ctr);
1959 
1960         r.in.server_unc = talloc_asprintf(mem_ctx,"\\\\%s",dcerpc_server_name(p));
1961         r.in.info_ctr = &info_ctr;
1962         r.in.max_buffer = (uint32_t)-1;
1963         r.in.resume_handle = NULL;
1964         r.out.totalentries = &totalentries;
1965         r.out.info_ctr = &info_ctr;
1966 
1967         for (i=0;i<ARRAY_SIZE(levels);i++) {
1968                 info_ctr.level = levels[i];
1969 
1970                 switch (info_ctr.level) {
1971                 case 0:
1972                         ZERO_STRUCT(c0);
1973                         info_ctr.ctr.ctr0 = &c0;
1974                         break;
1975                 case 1:
1976                         ZERO_STRUCT(c1);
1977                         info_ctr.ctr.ctr1 = &c1;
1978                         break;
1979                 case 2:
1980                         ZERO_STRUCT(c2);
1981                         info_ctr.ctr.ctr2 = &c2;
1982                         break;
1983                 case 501:
1984                         ZERO_STRUCT(c501);
1985                         info_ctr.ctr.ctr501 = &c501;
1986                         break;
1987                 case 502:
1988                         ZERO_STRUCT(c502);
1989                         info_ctr.ctr.ctr502 = &c502;
1990                         break;
1991                 case 1004:
1992                         ZERO_STRUCT(c1004);
1993                         info_ctr.ctr.ctr1004 = &c1004;
1994                         break;
1995                 case 1005:
1996                         ZERO_STRUCT(c1005);
1997                         info_ctr.ctr.ctr1005 = &c1005;
1998                         break;
1999                 case 1006:
2000                         ZERO_STRUCT(c1006);
2001                         info_ctr.ctr.ctr1006 = &c1006;
2002                         break;
2003                 case 1007:
2004                         ZERO_STRUCT(c1007);
2005                         info_ctr.ctr.ctr1007 = &c1007;
2006                         break;
2007                 }
2008 
2009                 printf("testing NetShareEnum level %u\n", info_ctr.level);
2010                 status = dcerpc_srvsvc_NetShareEnum(p, mem_ctx, &r);
2011                 if (!NT_STATUS_IS_OK(status)) {
2012                         printf("NetShareEnum level %u failed - %s\n",
2013                                info_ctr.level, nt_errstr(status));
2014                         ret = false;
2015                         continue;
2016                 }
2017                 if (!W_ERROR_IS_OK(r.out.result)) {
2018                         printf("NetShareEnum level %u failed - %s\n",
2019                                info_ctr.level, win_errstr(r.out.result));
2020                         continue;
2021                 }
2022                 if (info_ctr.level == 0) {
2023                         struct srvsvc_NetShareCtr0 *ctr = r.out.info_ctr->ctr.ctr0;
2024                         if (ctr->count > 0) {
2025                                 *one_sharename = ctr->array[0].name;
2026                         }
2027                 }
2028         }
2029 
2030         return ret;
2031 }
2032 
2033 bool torture_samba3_rpc_srvsvc(struct torture_context *torture)
     /* [<][>][^][v][top][bottom][index][help] */
2034 {
2035         struct dcerpc_pipe *p;
2036         TALLOC_CTX *mem_ctx;
2037         bool ret = true;
2038         const char *sharename = NULL;
2039         struct smbcli_state *cli;
2040         NTSTATUS status;
2041 
2042         if (!(mem_ctx = talloc_new(torture))) {
2043                 return false;
2044         }
2045 
2046         if (!(torture_open_connection_share(
2047                       mem_ctx, &cli, torture, torture_setting_string(torture, "host", NULL),
2048                       "IPC$", torture->ev))) {
2049                 talloc_free(mem_ctx);
2050                 return false;
2051         }
2052 
2053         status = pipe_bind_smb(mem_ctx, torture->lp_ctx, cli->tree, 
2054                                "\\pipe\\srvsvc", &ndr_table_srvsvc, &p);
2055         if (!NT_STATUS_IS_OK(status)) {
2056                 d_printf("(%s) could not bind to srvsvc pipe: %s\n",
2057                          __location__, nt_errstr(status));
2058                 ret = false;
2059                 goto done;
2060         }
2061 
2062         ret &= test_NetShareEnum(p, mem_ctx, &sharename);
2063         if (sharename == NULL) {
2064                 printf("did not get sharename\n");
2065         } else {
2066                 ret &= test_NetShareGetInfo(p, mem_ctx, sharename);
2067         }
2068 
2069  done:
2070         talloc_free(mem_ctx);
2071         return ret;
2072 }
2073 
2074 /*
2075  * Do a ReqChallenge/Auth2 with a random wks name, make sure it returns
2076  * NT_STATUS_NO_SAM_ACCOUNT
2077  */
2078 
2079 bool torture_samba3_rpc_randomauth2(struct torture_context *torture)
     /* [<][>][^][v][top][bottom][index][help] */
2080 {
2081         TALLOC_CTX *mem_ctx;
2082         struct dcerpc_pipe *net_pipe;
2083         char *wksname;
2084         bool result = false;
2085         NTSTATUS status;
2086         struct netr_ServerReqChallenge r;
2087         struct netr_Credential netr_cli_creds;
2088         struct netr_Credential netr_srv_creds;
2089         uint32_t negotiate_flags;
2090         struct netr_ServerAuthenticate2 a;
2091         struct creds_CredentialState *creds_state;
2092         struct netr_Credential netr_cred;
2093         struct samr_Password mach_pw;
2094         struct smbcli_state *cli;
2095 
2096         if (!(mem_ctx = talloc_new(torture))) {
2097                 d_printf("talloc_new failed\n");
2098                 return false;
2099         }
2100 
2101         if (!(wksname = generate_random_str_list(
2102                       mem_ctx, 14, "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"))) {
2103                 d_printf("generate_random_str_list failed\n");
2104                 goto done;
2105         }
2106 
2107         if (!(torture_open_connection_share(
2108                       mem_ctx, &cli,
2109                       torture, torture_setting_string(torture, "host", NULL),
2110                       "IPC$", torture->ev))) {
2111                 d_printf("IPC$ connection failed\n");
2112                 goto done;
2113         }
2114 
2115         if (!(net_pipe = dcerpc_pipe_init(
2116                       mem_ctx, cli->transport->socket->event.ctx,
2117                       lp_iconv_convenience(torture->lp_ctx)))) {
2118                 d_printf("dcerpc_pipe_init failed\n");
2119                 goto done;
2120         }
2121 
2122         status = dcerpc_pipe_open_smb(net_pipe, cli->tree, "\\netlogon");
2123         if (!NT_STATUS_IS_OK(status)) {
2124                 d_printf("dcerpc_pipe_open_smb failed: %s\n",
2125                          nt_errstr(status));
2126                 goto done;
2127         }
2128 
2129         status = dcerpc_bind_auth_none(net_pipe, &ndr_table_netlogon);
2130         if (!NT_STATUS_IS_OK(status)) {
2131                 d_printf("dcerpc_bind_auth_none failed: %s\n",
2132                          nt_errstr(status));
2133                 goto done;
2134         }
2135 
2136         r.in.computer_name = wksname;
2137         r.in.server_name = talloc_asprintf(
2138                 mem_ctx, "\\\\%s", dcerpc_server_name(net_pipe));
2139         if (r.in.server_name == NULL) {
2140                 d_printf("talloc_asprintf failed\n");
2141                 goto done;
2142         }
2143         generate_random_buffer(netr_cli_creds.data,
2144                                sizeof(netr_cli_creds.data));
2145         r.in.credentials = &netr_cli_creds;
2146         r.out.return_credentials = &netr_srv_creds;
2147 
2148         status = dcerpc_netr_ServerReqChallenge(net_pipe, mem_ctx, &r);
2149         if (!NT_STATUS_IS_OK(status)) {
2150                 d_printf("netr_ServerReqChallenge failed: %s\n",
2151                          nt_errstr(status));
2152                 goto done;
2153         }
2154 
2155         negotiate_flags = NETLOGON_NEG_AUTH2_FLAGS;
2156         E_md4hash("foobar", mach_pw.hash);
2157 
2158         creds_state = talloc(mem_ctx, struct creds_CredentialState);
2159         creds_client_init(creds_state, r.in.credentials,
2160                           r.out.return_credentials, &mach_pw,
2161                           &netr_cred, negotiate_flags);
2162 
2163         a.in.server_name = talloc_asprintf(
2164                 mem_ctx, "\\\\%s", dcerpc_server_name(net_pipe));
2165         a.in.account_name = talloc_asprintf(
2166                 mem_ctx, "%s$", wksname);
2167         a.in.computer_name = wksname;
2168         a.in.secure_channel_type = SEC_CHAN_WKSTA;
2169         a.in.negotiate_flags = &negotiate_flags;
2170         a.out.negotiate_flags = &negotiate_flags;
2171         a.in.credentials = &netr_cred;
2172         a.out.return_credentials = &netr_cred;
2173 
2174         status = dcerpc_netr_ServerAuthenticate2(net_pipe, mem_ctx, &a);
2175 
2176         if (!NT_STATUS_EQUAL(status, NT_STATUS_NO_TRUST_SAM_ACCOUNT)) {
2177                 d_printf("dcerpc_netr_ServerAuthenticate2 returned %s, "
2178                          "expected NT_STATUS_NO_TRUST_SAM_ACCOUNT\n",
2179                          nt_errstr(status));
2180                 goto done;
2181         }
2182 
2183         result = true;
2184  done:
2185         talloc_free(mem_ctx);
2186         return result;
2187 }
2188 
2189 static struct security_descriptor *get_sharesec(TALLOC_CTX *mem_ctx,
     /* [<][>][^][v][top][bottom][index][help] */
2190                                                 struct loadparm_context *lp_ctx,
2191                                                 struct smbcli_session *sess,
2192                                                 const char *sharename)
2193 {
2194         struct smbcli_tree *tree;
2195         TALLOC_CTX *tmp_ctx;
2196         struct dcerpc_pipe *p;
2197         NTSTATUS status;
2198         struct srvsvc_NetShareGetInfo r;
2199         union srvsvc_NetShareInfo info;
2200         struct security_descriptor *result;
2201 
2202         if (!(tmp_ctx = talloc_new(mem_ctx))) {
2203                 d_printf("talloc_new failed\n");
2204                 return NULL;
2205         }
2206 
2207         if (!NT_STATUS_IS_OK(secondary_tcon(tmp_ctx, sess, "IPC$", &tree))) {
2208                 d_printf("secondary_tcon failed\n");
2209                 talloc_free(tmp_ctx);
2210                 return NULL;
2211         }
2212 
2213         status = pipe_bind_smb(mem_ctx, lp_ctx, tree, "\\pipe\\srvsvc",
2214                                &ndr_table_srvsvc, &p);
2215         if (!NT_STATUS_IS_OK(status)) {
2216                 d_printf("(%s) could not bind to srvsvc pipe: %s\n",
2217                          __location__, nt_errstr(status));
2218                 talloc_free(tmp_ctx);
2219                 return NULL;
2220         }
2221 
2222 #if 0
2223         p->conn->flags |= DCERPC_DEBUG_PRINT_IN | DCERPC_DEBUG_PRINT_OUT;
2224 #endif
2225 
2226         r.in.server_unc = talloc_asprintf(tmp_ctx, "\\\\%s",
2227                                           dcerpc_server_name(p));
2228         r.in.share_name = sharename;
2229         r.in.level = 502;
2230         r.out.info = &info;
2231 
2232         status = dcerpc_srvsvc_NetShareGetInfo(p, tmp_ctx, &r);
2233         if (!NT_STATUS_IS_OK(status)) {
2234                 d_printf("srvsvc_NetShareGetInfo failed: %s\n",
2235                          nt_errstr(status));
2236                 talloc_free(tmp_ctx);
2237                 return NULL;
2238         }
2239 
2240         result = talloc_steal(mem_ctx, info.info502->sd_buf.sd);
2241         talloc_free(tmp_ctx);
2242         return result;
2243 }
2244 
2245 static NTSTATUS set_sharesec(TALLOC_CTX *mem_ctx,
     /* [<][>][^][v][top][bottom][index][help] */
2246                              struct loadparm_context *lp_ctx,
2247                              struct smbcli_session *sess,
2248                              const char *sharename,
2249                              struct security_descriptor *sd)
2250 {
2251         struct smbcli_tree *tree;
2252         TALLOC_CTX *tmp_ctx;
2253         struct dcerpc_pipe *p;
2254         NTSTATUS status;
2255         struct sec_desc_buf i;
2256         struct srvsvc_NetShareSetInfo r;
2257         union srvsvc_NetShareInfo info;
2258         uint32_t error = 0;
2259 
2260         if (!(tmp_ctx = talloc_new(mem_ctx))) {
2261                 d_printf("talloc_new failed\n");
2262                 return NT_STATUS_NO_MEMORY;
2263         }
2264 
2265         if (!NT_STATUS_IS_OK(secondary_tcon(tmp_ctx, sess, "IPC$", &tree))) {
2266                 d_printf("secondary_tcon failed\n");
2267                 talloc_free(tmp_ctx);
2268                 return NT_STATUS_UNSUCCESSFUL;
2269         }
2270 
2271         status = pipe_bind_smb(mem_ctx, lp_ctx, tree, "\\pipe\\srvsvc",
2272                                &ndr_table_srvsvc, &p);
2273         if (!NT_STATUS_IS_OK(status)) {
2274                 d_printf("(%s) could not bind to srvsvc pipe: %s\n",
2275                          __location__, nt_errstr(status));
2276                 talloc_free(tmp_ctx);
2277                 return NT_STATUS_UNSUCCESSFUL;
2278         }
2279 
2280 #if 0
2281         p->conn->flags |= DCERPC_DEBUG_PRINT_IN | DCERPC_DEBUG_PRINT_OUT;
2282 #endif
2283 
2284         r.in.server_unc = talloc_asprintf(tmp_ctx, "\\\\%s",
2285                                           dcerpc_server_name(p));
2286         r.in.share_name = sharename;
2287         r.in.level = 1501;
2288         i.sd = sd;
2289         info.info1501 = &i;
2290         r.in.info = &info;
2291         r.in.parm_error = &error;
2292 
2293         status = dcerpc_srvsvc_NetShareSetInfo(p, tmp_ctx, &r);
2294         if (!NT_STATUS_IS_OK(status)) {
2295                 d_printf("srvsvc_NetShareSetInfo failed: %s\n",
2296                          nt_errstr(status));
2297         }
2298 
2299         talloc_free(tmp_ctx);
2300         return status;
2301 }
2302 
2303 bool try_tcon(TALLOC_CTX *mem_ctx,
     /* [<][>][^][v][top][bottom][index][help] */
2304               struct loadparm_context *lp_ctx,
2305               struct security_descriptor *orig_sd,
2306               struct smbcli_session *session,
2307               const char *sharename, const struct dom_sid *user_sid,
2308               unsigned int access_mask, NTSTATUS expected_tcon,
2309               NTSTATUS expected_mkdir)
2310 {
2311         TALLOC_CTX *tmp_ctx;
2312         struct smbcli_tree *rmdir_tree, *tree;
2313         struct dom_sid *domain_sid;
2314         uint32_t rid;
2315         struct security_descriptor *sd;
2316         NTSTATUS status;
2317         bool ret = true;
2318 
2319         if (!(tmp_ctx = talloc_new(mem_ctx))) {
2320                 d_printf("talloc_new failed\n");
2321                 return false;
2322         }
2323 
2324         status = secondary_tcon(tmp_ctx, session, sharename, &rmdir_tree);
2325         if (!NT_STATUS_IS_OK(status)) {
2326                 d_printf("first tcon to delete dir failed\n");
2327                 talloc_free(tmp_ctx);
2328                 return false;
2329         }
2330 
2331         smbcli_rmdir(rmdir_tree, "sharesec_testdir");
2332 
2333         if (!NT_STATUS_IS_OK(dom_sid_split_rid(tmp_ctx, user_sid,
2334                                                &domain_sid, &rid))) {
2335                 d_printf("dom_sid_split_rid failed\n");
2336                 talloc_free(tmp_ctx);
2337                 return false;
2338         }
2339 
2340         sd = security_descriptor_dacl_create(
2341                 tmp_ctx, 0, "S-1-5-32-544",
2342                 dom_sid_string(mem_ctx, dom_sid_add_rid(mem_ctx, domain_sid,
2343                                                         DOMAIN_RID_USERS)),
2344                 dom_sid_string(mem_ctx, user_sid),
2345                 SEC_ACE_TYPE_ACCESS_ALLOWED, access_mask, 0, NULL);
2346         if (sd == NULL) {
2347                 d_printf("security_descriptor_dacl_create failed\n");
2348                 talloc_free(tmp_ctx);
2349                 return false;
2350         }
2351 
2352         status = set_sharesec(mem_ctx, lp_ctx, session, sharename, sd);
2353         if (!NT_STATUS_IS_OK(status)) {
2354                 d_printf("custom set_sharesec failed: %s\n",
2355                          nt_errstr(status));
2356                 talloc_free(tmp_ctx);
2357                 return false;
2358         }
2359 
2360         status = secondary_tcon(tmp_ctx, session, sharename, &tree);
2361         if (!NT_STATUS_EQUAL(status, expected_tcon)) {
2362                 d_printf("Expected %s, got %s\n", nt_errstr(expected_tcon),
2363                          nt_errstr(status));
2364                 ret = false;
2365                 goto done;
2366         }
2367 
2368         if (!NT_STATUS_IS_OK(status)) {
2369                 /* An expected non-access, no point in trying to write */
2370                 goto done;
2371         }
2372 
2373         status = smbcli_mkdir(tree, "sharesec_testdir");
2374         if (!NT_STATUS_EQUAL(status, expected_mkdir)) {
2375                 d_printf("(%s) Expected %s, got %s\n", __location__,
2376                          nt_errstr(expected_mkdir), nt_errstr(status));
2377                 ret = false;
2378         }
2379 
2380  done:
2381         smbcli_rmdir(rmdir_tree, "sharesec_testdir");
2382 
2383         status = set_sharesec(mem_ctx, lp_ctx, session, sharename, orig_sd);
2384         if (!NT_STATUS_IS_OK(status)) {
2385                 d_printf("custom set_sharesec failed: %s\n",
2386                          nt_errstr(status));
2387                 talloc_free(tmp_ctx);
2388                 return false;
2389         }
2390 
2391         talloc_free(tmp_ctx);
2392         return ret;
2393 }
2394 
2395 bool torture_samba3_rpc_sharesec(struct torture_context *torture)
     /* [<][>][^][v][top][bottom][index][help] */
2396 {
2397         TALLOC_CTX *mem_ctx;
2398         bool ret = true;
2399         struct smbcli_state *cli;
2400         struct security_descriptor *sd;
2401         struct dom_sid *user_sid;
2402 
2403         if (!(mem_ctx = talloc_new(torture))) {
2404                 return false;
2405         }
2406 
2407         if (!(torture_open_connection_share(
2408                       mem_ctx, &cli, torture, torture_setting_string(torture, "host", NULL),
2409                       "IPC$", torture->ev))) {
2410                 d_printf("IPC$ connection failed\n");
2411                 talloc_free(mem_ctx);
2412                 return false;
2413         }
2414 
2415         if (!(user_sid = whoami(mem_ctx, torture->lp_ctx, cli->tree))) {
2416                 d_printf("whoami failed\n");
2417                 talloc_free(mem_ctx);
2418                 return false;
2419         }
2420 
2421         sd = get_sharesec(mem_ctx, torture->lp_ctx, cli->session, 
2422                           torture_setting_string(torture, "share", NULL));
2423 
2424         ret &= try_tcon(mem_ctx, torture->lp_ctx, sd, cli->session,
2425                         torture_setting_string(torture, "share", NULL),
2426                         user_sid, 0, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK);
2427 
2428         ret &= try_tcon(mem_ctx, torture->lp_ctx, sd, cli->session,
2429                         torture_setting_string(torture, "share", NULL),
2430                         user_sid, SEC_FILE_READ_DATA, NT_STATUS_OK,
2431                         NT_STATUS_MEDIA_WRITE_PROTECTED);
2432 
2433         ret &= try_tcon(mem_ctx, torture->lp_ctx, sd, cli->session,
2434                         torture_setting_string(torture, "share", NULL),
2435                         user_sid, SEC_FILE_ALL, NT_STATUS_OK, NT_STATUS_OK);
2436 
2437         talloc_free(mem_ctx);
2438         return ret;
2439 }
2440 
2441 bool torture_samba3_rpc_lsa(struct torture_context *torture)
     /* [<][>][^][v][top][bottom][index][help] */
2442 {
2443         TALLOC_CTX *mem_ctx;
2444         bool ret = true;
2445         struct smbcli_state *cli;
2446         struct dcerpc_pipe *p;
2447         struct policy_handle lsa_handle;
2448         NTSTATUS status;
2449         struct dom_sid *domain_sid;
2450 
2451         if (!(mem_ctx = talloc_new(torture))) {
2452                 return false;
2453         }
2454 
2455         if (!(torture_open_connection_share(
2456                       mem_ctx, &cli, torture, torture_setting_string(torture, "host", NULL),
2457                       "IPC$", torture->ev))) {
2458                 d_printf("IPC$ connection failed\n");
2459                 talloc_free(mem_ctx);
2460                 return false;
2461         }
2462 
2463         status = pipe_bind_smb(mem_ctx, torture->lp_ctx, cli->tree, "\\lsarpc",
2464                                &ndr_table_lsarpc, &p);
2465         if (!NT_STATUS_IS_OK(status)) {
2466                 d_printf("(%s) pipe_bind_smb failed: %s\n", __location__,
2467                          nt_errstr(status));
2468                 talloc_free(mem_ctx);
2469                 return false;
2470         }
2471 
2472         {
2473                 struct lsa_ObjectAttribute attr;
2474                 struct lsa_OpenPolicy2 o;
2475                 o.in.system_name = talloc_asprintf(
2476                         mem_ctx, "\\\\%s", dcerpc_server_name(p));
2477                 ZERO_STRUCT(attr);
2478                 o.in.attr = &attr;
2479                 o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
2480                 o.out.handle = &lsa_handle;
2481                 status = dcerpc_lsa_OpenPolicy2(p, mem_ctx, &o);
2482                 if (!NT_STATUS_IS_OK(status)) {
2483                         d_printf("(%s) dcerpc_lsa_OpenPolicy2 failed: %s\n",
2484                                  __location__, nt_errstr(status));
2485                         talloc_free(mem_ctx);
2486                         return false;
2487                 }
2488         }
2489 
2490 #if 0
2491         p->conn->flags |= DCERPC_DEBUG_PRINT_IN | DCERPC_DEBUG_PRINT_OUT;
2492 #endif
2493 
2494         {
2495                 int i;
2496                 int levels[] = { 2,3,5,6 };
2497 
2498                 for (i=0; i<ARRAY_SIZE(levels); i++) {
2499                         struct lsa_QueryInfoPolicy r;
2500                         union lsa_PolicyInformation *info = NULL;
2501                         r.in.handle = &lsa_handle;
2502                         r.in.level = levels[i];
2503                         r.out.info = &info;
2504                         status = dcerpc_lsa_QueryInfoPolicy(p, mem_ctx, &r);
2505                         if (!NT_STATUS_IS_OK(status)) {
2506                                 d_printf("(%s) dcerpc_lsa_QueryInfoPolicy %d "
2507                                          "failed: %s\n", __location__,
2508                                          levels[i], nt_errstr(status));
2509                                 talloc_free(mem_ctx);
2510                                 return false;
2511                         }
2512                         if (levels[i] == 5) {
2513                                 domain_sid = info->account_domain.sid;
2514                         }
2515                 }
2516         }
2517 
2518         return ret;
2519 }
2520 
2521 static NTSTATUS get_servername(TALLOC_CTX *mem_ctx, struct smbcli_tree *tree,
     /* [<][>][^][v][top][bottom][index][help] */
2522                                struct smb_iconv_convenience *iconv_convenience,
2523                                char **name)
2524 {
2525         struct rap_WserverGetInfo r;
2526         NTSTATUS status;
2527         char servername[17];
2528 
2529         r.in.level = 0;
2530         r.in.bufsize = 0xffff;
2531 
2532         status = smbcli_rap_netservergetinfo(tree, iconv_convenience, mem_ctx, &r);
2533         if (!NT_STATUS_IS_OK(status)) {
2534                 return status;
2535         }
2536 
2537         memcpy(servername, r.out.info.info0.name, 16);
2538         servername[16] = '\0';
2539 
2540         if (!pull_ascii_talloc(mem_ctx, name, servername, NULL)) {
2541                 return NT_STATUS_NO_MEMORY;
2542         }
2543 
2544         return NT_STATUS_OK;
2545 }
2546 
2547 
2548 static NTSTATUS find_printers(TALLOC_CTX *ctx, struct loadparm_context *lp_ctx,
     /* [<][>][^][v][top][bottom][index][help] */
2549                               struct smbcli_tree *tree,
2550                               const char ***printers, int *num_printers)
2551 {
2552         TALLOC_CTX *mem_ctx;
2553         NTSTATUS status;
2554         struct dcerpc_pipe *p;
2555         struct srvsvc_NetShareEnum r;
2556         struct srvsvc_NetShareInfoCtr info_ctr;
2557         struct srvsvc_NetShareCtr1 c1_in;
2558         struct srvsvc_NetShareCtr1 *c1;
2559         uint32_t totalentries = 0;
2560         int i;
2561 
2562         mem_ctx = talloc_new(ctx);
2563         if (mem_ctx == NULL) {
2564                 return NT_STATUS_NO_MEMORY;
2565         }
2566 
2567         status = pipe_bind_smb(mem_ctx, lp_ctx, 
2568                                tree, "\\srvsvc", &ndr_table_srvsvc,
2569                                &p);
2570         if (!NT_STATUS_IS_OK(status)) {
2571                 d_printf("could not bind to srvsvc pipe\n");
2572                 talloc_free(mem_ctx);
2573                 return status;
2574         }
2575 
2576         ZERO_STRUCT(c1_in);
2577         info_ctr.level = 1;
2578         info_ctr.ctr.ctr1 = &c1_in;
2579 
2580         r.in.server_unc = talloc_asprintf(
2581                 mem_ctx, "\\\\%s", dcerpc_server_name(p));
2582         r.in.info_ctr = &info_ctr;
2583         r.in.max_buffer = (uint32_t)-1;
2584         r.in.resume_handle = NULL;
2585         r.out.totalentries = &totalentries;
2586         r.out.info_ctr = &info_ctr;
2587 
2588         status = dcerpc_srvsvc_NetShareEnum(p, mem_ctx, &r);
2589         if (!NT_STATUS_IS_OK(status)) {
2590                 d_printf("NetShareEnum level %u failed - %s\n",
2591                          info_ctr.level, nt_errstr(status));
2592                 talloc_free(mem_ctx);
2593                 return status;
2594         }
2595 
2596         *printers = NULL;
2597         *num_printers = 0;
2598         c1 = r.out.info_ctr->ctr.ctr1;
2599         for (i=0; i<c1->count; i++) {
2600                 if (c1->array[i].type != STYPE_PRINTQ) {
2601                         continue;
2602                 }
2603                 if (!add_string_to_array(ctx, c1->array[i].name,
2604                                          printers, num_printers)) {
2605                         talloc_free(ctx);
2606                         return NT_STATUS_NO_MEMORY;
2607                 }
2608         }
2609 
2610         talloc_free(mem_ctx);
2611         return NT_STATUS_OK;
2612 }
2613 
2614 static bool enumprinters(TALLOC_CTX *mem_ctx, struct dcerpc_pipe *pipe,
     /* [<][>][^][v][top][bottom][index][help] */
2615                          const char *servername, int level, int *num_printers)
2616 {
2617         struct spoolss_EnumPrinters r;
2618         NTSTATUS status;
2619         DATA_BLOB blob;
2620         uint32_t needed;
2621         uint32_t count;
2622         union spoolss_PrinterInfo *info;
2623 
2624         r.in.flags = PRINTER_ENUM_LOCAL;
2625         r.in.server = talloc_asprintf(mem_ctx, "\\\\%s", servername);
2626         r.in.level = level;
2627         r.in.buffer = NULL;
2628         r.in.offered = 0;
2629         r.out.needed = &needed;
2630         r.out.count = &count;
2631         r.out.info = &info;
2632 
2633         status = dcerpc_spoolss_EnumPrinters(pipe, mem_ctx, &r);
2634         if (!NT_STATUS_IS_OK(status)) {
2635                 d_printf("(%s) dcerpc_spoolss_EnumPrinters failed: %s\n",
2636                          __location__, nt_errstr(status));
2637                 return false;
2638         }
2639 
2640         if (!W_ERROR_EQUAL(r.out.result, WERR_INSUFFICIENT_BUFFER)) {
2641                 d_printf("(%s) EnumPrinters unexpected return code %s, should "
2642                          "be WERR_INSUFFICIENT_BUFFER\n", __location__,
2643                          win_errstr(r.out.result));
2644                 return false;
2645         }
2646 
2647         blob = data_blob_talloc_zero(mem_ctx, needed);
2648         if (blob.data == NULL) {
2649                 d_printf("(%s) data_blob_talloc failed\n", __location__);
2650                 return false;
2651         }
2652 
2653         r.in.buffer = &blob;
2654         r.in.offered = needed;
2655 
2656         status = dcerpc_spoolss_EnumPrinters(pipe, mem_ctx, &r);
2657         if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(r.out.result)) {
2658                 d_printf("(%s) dcerpc_spoolss_EnumPrinters failed: %s, "
2659                          "%s\n", __location__, nt_errstr(status),
2660                          win_errstr(r.out.result));
2661                 return false;
2662         }
2663 
2664         *num_printers = count;
2665 
2666         return true;
2667 }
2668 
2669 static NTSTATUS getprinterinfo(TALLOC_CTX *ctx, struct dcerpc_pipe *pipe,
     /* [<][>][^][v][top][bottom][index][help] */
2670                                struct policy_handle *handle, int level,
2671                                union spoolss_PrinterInfo **res)
2672 {
2673         TALLOC_CTX *mem_ctx;
2674         struct spoolss_GetPrinter r;
2675         DATA_BLOB blob;
2676         NTSTATUS status;
2677         uint32_t needed;
2678 
2679         mem_ctx = talloc_new(ctx);
2680         if (mem_ctx == NULL) {
2681                 return NT_STATUS_NO_MEMORY;
2682         }
2683 
2684         r.in.handle = handle;
2685         r.in.level = level;
2686         r.in.buffer = NULL;
2687         r.in.offered = 0;
2688         r.out.needed = &needed;
2689 
2690         status = dcerpc_spoolss_GetPrinter(pipe, mem_ctx, &r);
2691         if (!NT_STATUS_IS_OK(status)) {
2692                 d_printf("(%s) dcerpc_spoolss_GetPrinter failed: %s\n",
2693                          __location__, nt_errstr(status));
2694                 talloc_free(mem_ctx);
2695                 return status;
2696         }
2697 
2698         if (!W_ERROR_EQUAL(r.out.result, WERR_INSUFFICIENT_BUFFER)) {
2699                 printf("GetPrinter unexpected return code %s, should "
2700                        "be WERR_INSUFFICIENT_BUFFER\n",
2701                        win_errstr(r.out.result));
2702                 talloc_free(mem_ctx);
2703                 return NT_STATUS_UNSUCCESSFUL;
2704         }
2705 
2706         r.in.handle = handle;
2707         r.in.level = level;
2708         blob = data_blob_talloc(mem_ctx, NULL, needed);
2709         if (blob.data == NULL) {
2710                 talloc_free(mem_ctx);
2711                 return NT_STATUS_NO_MEMORY;
2712         }
2713         memset(blob.data, 0, blob.length);
2714         r.in.buffer = &blob;
2715         r.in.offered = needed;
2716 
2717         status = dcerpc_spoolss_GetPrinter(pipe, mem_ctx, &r);
2718         if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(r.out.result)) {
2719                 d_printf("(%s) dcerpc_spoolss_GetPrinter failed: %s, "
2720                          "%s\n", __location__, nt_errstr(status),
2721                          win_errstr(r.out.result));
2722                 talloc_free(mem_ctx);
2723                 return NT_STATUS_IS_OK(status) ?
2724                         NT_STATUS_UNSUCCESSFUL : status;
2725         }
2726 
2727         if (res != NULL) {
2728                 *res = talloc_steal(ctx, r.out.info);
2729         }
2730 
2731         talloc_free(mem_ctx);
2732         return NT_STATUS_OK;
2733 }
2734 
2735 bool torture_samba3_rpc_spoolss(struct torture_context *torture)
     /* [<][>][^][v][top][bottom][index][help] */
2736 {
2737         TALLOC_CTX *mem_ctx;
2738         bool ret = true;
2739         struct smbcli_state *cli;
2740         struct dcerpc_pipe *p;
2741         NTSTATUS status;
2742         struct policy_handle server_handle, printer_handle;
2743         const char **printers;
2744         int num_printers;
2745         struct spoolss_UserLevel1 userlevel1;
2746         char *servername;
2747 
2748         if (!(mem_ctx = talloc_new(torture))) {
2749                 return false;
2750         }
2751 
2752         if (!(torture_open_connection_share(
2753                       mem_ctx, &cli, torture, torture_setting_string(torture, "host", NULL),
2754                       "IPC$", torture->ev))) {
2755                 d_printf("IPC$ connection failed\n");
2756                 talloc_free(mem_ctx);
2757                 return false;
2758         }
2759 
2760         status = get_servername(mem_ctx, cli->tree, lp_iconv_convenience(torture->lp_ctx), &servername);
2761         if (!NT_STATUS_IS_OK(status)) {
2762                 d_fprintf(stderr, "(%s) get_servername returned %s\n",
2763                           __location__, nt_errstr(status));
2764                 talloc_free(mem_ctx);
2765                 return false;
2766         }
2767 
2768         if (!NT_STATUS_IS_OK(find_printers(mem_ctx, torture->lp_ctx, cli->tree,
2769                                            &printers, &num_printers))) {
2770                 talloc_free(mem_ctx);
2771                 return false;
2772         }
2773 
2774         if (num_printers == 0) {
2775                 d_printf("Did not find printers\n");
2776                 talloc_free(mem_ctx);
2777                 return true;
2778         }
2779 
2780         status = pipe_bind_smb(mem_ctx, torture->lp_ctx, cli->tree, "\\spoolss",
2781                                &ndr_table_spoolss, &p);
2782         if (!NT_STATUS_IS_OK(status)) {
2783                 d_printf("(%s) pipe_bind_smb failed: %s\n", __location__,
2784                          nt_errstr(status));
2785                 talloc_free(mem_ctx);
2786                 return false;
2787         }
2788 
2789         ZERO_STRUCT(userlevel1);
2790         userlevel1.client = talloc_asprintf(
2791                 mem_ctx, "\\\\%s", lp_netbios_name(torture->lp_ctx));
2792         userlevel1.user = cli_credentials_get_username(cmdline_credentials);
2793         userlevel1.build = 2600;
2794         userlevel1.major = 3;
2795         userlevel1.minor = 0;
2796         userlevel1.processor = 0;
2797 
2798         {
2799                 struct spoolss_OpenPrinterEx r;
2800 
2801                 ZERO_STRUCT(r);
2802                 r.in.printername = talloc_asprintf(mem_ctx, "\\\\%s",
2803                                                    servername);
2804                 r.in.datatype = NULL;
2805                 r.in.access_mask = 0;
2806                 r.in.level = 1;
2807                 r.in.userlevel.level1 = &userlevel1;
2808                 r.out.handle = &server_handle;
2809 
2810                 status = dcerpc_spoolss_OpenPrinterEx(p, mem_ctx, &r);
2811                 if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(r.out.result)) {
2812                         d_printf("(%s) dcerpc_spoolss_OpenPrinterEx failed: "
2813                                  "%s, %s\n", __location__, nt_errstr(status),
2814                                  win_errstr(r.out.result));
2815                         talloc_free(mem_ctx);
2816                         return false;
2817                 }
2818         }
2819 
2820         {
2821                 struct spoolss_ClosePrinter r;
2822 
2823                 r.in.handle = &server_handle;
2824                 r.out.handle = &server_handle;
2825 
2826                 status = dcerpc_spoolss_ClosePrinter(p, mem_ctx, &r);
2827                 if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(r.out.result)) {
2828                         d_printf("(%s) dcerpc_spoolss_ClosePrinter failed: "
2829                                  "%s, %s\n", __location__, nt_errstr(status),
2830                                  win_errstr(r.out.result));
2831                         talloc_free(mem_ctx);
2832                         return false;
2833                 }
2834         }
2835 
2836         {
2837                 struct spoolss_OpenPrinterEx r;
2838 
2839                 ZERO_STRUCT(r);
2840                 r.in.printername = talloc_asprintf(
2841                         mem_ctx, "\\\\%s\\%s", servername, printers[0]);
2842                 r.in.datatype = NULL;
2843                 r.in.access_mask = 0;
2844                 r.in.level = 1;
2845                 r.in.userlevel.level1 = &userlevel1;
2846                 r.out.handle = &printer_handle;
2847 
2848                 status = dcerpc_spoolss_OpenPrinterEx(p, mem_ctx, &r);
2849                 if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(r.out.result)) {
2850                         d_printf("(%s) dcerpc_spoolss_OpenPrinterEx failed: "
2851                                  "%s, %s\n", __location__, nt_errstr(status),
2852                                  win_errstr(r.out.result));
2853                         talloc_free(mem_ctx);
2854                         return false;
2855                 }
2856         }
2857 
2858         {
2859                 int i;
2860 
2861                 for (i=0; i<8; i++) {
2862                         status = getprinterinfo(mem_ctx, p, &printer_handle,
2863                                                 i, NULL);
2864                         if (!NT_STATUS_IS_OK(status)) {
2865                                 d_printf("(%s) getprinterinfo %d failed: %s\n",
2866                                          __location__, i, nt_errstr(status));
2867                                 ret = false;
2868                         }
2869                 }
2870         }
2871 
2872         {
2873                 struct spoolss_ClosePrinter r;
2874 
2875                 r.in.handle = &printer_handle;
2876                 r.out.handle = &printer_handle;
2877 
2878                 status = dcerpc_spoolss_ClosePrinter(p, mem_ctx, &r);
2879                 if (!NT_STATUS_IS_OK(status)) {
2880                         d_printf("(%s) dcerpc_spoolss_ClosePrinter failed: "
2881                                  "%s\n", __location__, nt_errstr(status));
2882                         talloc_free(mem_ctx);
2883                         return false;
2884                 }
2885         }
2886 
2887         {
2888                 int num_enumerated;
2889                 if (!enumprinters(mem_ctx, p, servername, 1,
2890                                   &num_enumerated)) {
2891                         d_printf("(%s) enumprinters failed\n", __location__);
2892                         talloc_free(mem_ctx);
2893                         return false;
2894                 }
2895                 if (num_printers != num_enumerated) {
2896                         d_printf("(%s) netshareenum gave %d printers, "
2897                                  "enumprinters lvl 1 gave %d\n", __location__,
2898                                  num_printers, num_enumerated);
2899                         talloc_free(mem_ctx);
2900                         return false;
2901                 }
2902         }
2903 
2904         {
2905                 int num_enumerated;
2906                 if (!enumprinters(mem_ctx, p, servername, 2,
2907                                   &num_enumerated)) {
2908                         d_printf("(%s) enumprinters failed\n", __location__);
2909                         talloc_free(mem_ctx);
2910                         return false;
2911                 }
2912                 if (num_printers != num_enumerated) {
2913                         d_printf("(%s) netshareenum gave %d printers, "
2914                                  "enumprinters lvl 2 gave %d\n", __location__,
2915                                  num_printers, num_enumerated);
2916                         talloc_free(mem_ctx);
2917                         return false;
2918                 }
2919         }
2920 
2921         talloc_free(mem_ctx);
2922 
2923         return ret;
2924 }
2925 
2926 bool torture_samba3_rpc_wkssvc(struct torture_context *torture)
     /* [<][>][^][v][top][bottom][index][help] */
2927 {
2928         TALLOC_CTX *mem_ctx;
2929         struct smbcli_state *cli;
2930         struct dcerpc_pipe *p;
2931         NTSTATUS status;
2932         char *servername;
2933 
2934         if (!(mem_ctx = talloc_new(torture))) {
2935                 return false;
2936         }
2937 
2938         if (!(torture_open_connection_share(
2939                       mem_ctx, &cli, torture, torture_setting_string(torture, "host", NULL),
2940                       "IPC$", torture->ev))) {
2941                 d_printf("IPC$ connection failed\n");
2942                 talloc_free(mem_ctx);
2943                 return false;
2944         }
2945 
2946         status = get_servername(mem_ctx, cli->tree, lp_iconv_convenience(torture->lp_ctx), &servername);
2947         if (!NT_STATUS_IS_OK(status)) {
2948                 d_fprintf(stderr, "(%s) get_servername returned %s\n",
2949                           __location__, nt_errstr(status));
2950                 talloc_free(mem_ctx);
2951                 return false;
2952         }
2953 
2954         status = pipe_bind_smb(mem_ctx, torture->lp_ctx, cli->tree, "\\wkssvc",
2955                                &ndr_table_wkssvc, &p);
2956         if (!NT_STATUS_IS_OK(status)) {
2957                 d_printf("(%s) pipe_bind_smb failed: %s\n", __location__,
2958                          nt_errstr(status));
2959                 talloc_free(mem_ctx);
2960                 return false;
2961         }
2962 
2963         {
2964                 struct wkssvc_NetWkstaInfo100 wks100;
2965                 union wkssvc_NetWkstaInfo info;
2966                 struct wkssvc_NetWkstaGetInfo r;
2967 
2968                 r.in.server_name = "\\foo";
2969                 r.in.level = 100;
2970                 info.info100 = &wks100;
2971                 r.out.info = &info;
2972 
2973                 status = dcerpc_wkssvc_NetWkstaGetInfo(p, mem_ctx, &r);
2974                 if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(r.out.result)) {
2975                         d_printf("(%s) dcerpc_wkssvc_NetWksGetInfo failed: "
2976                                  "%s, %s\n", __location__, nt_errstr(status),
2977                                  win_errstr(r.out.result));
2978                         talloc_free(mem_ctx);
2979                         return false;
2980                 }
2981 
2982                 if (strcmp(servername,
2983                            r.out.info->info100->server_name) != 0) {
2984                         d_printf("(%s) servername inconsistency: RAP=%s, "
2985                                  "dcerpc_wkssvc_NetWksGetInfo=%s",
2986                                  __location__, servername,
2987                                  r.out.info->info100->server_name);
2988                         talloc_free(mem_ctx);
2989                         return false;
2990                 }
2991         }
2992 
2993         talloc_free(mem_ctx);
2994         return true;
2995 }
2996 
2997 static NTSTATUS winreg_close(struct dcerpc_pipe *p,
     /* [<][>][^][v][top][bottom][index][help] */
2998                              struct policy_handle *handle)
2999 {
3000         struct winreg_CloseKey c;
3001         NTSTATUS status;
3002         TALLOC_CTX *mem_ctx;
3003 
3004         c.in.handle = c.out.handle = handle;
3005 
3006         if (!(mem_ctx = talloc_new(p))) {
3007                 return NT_STATUS_NO_MEMORY;
3008         }
3009 
3010         status = dcerpc_winreg_CloseKey(p, mem_ctx, &c);
3011         talloc_free(mem_ctx);
3012 
3013         if (!NT_STATUS_IS_OK(status)) {
3014                 return status;
3015         }
3016 
3017         if (!W_ERROR_IS_OK(c.out.result)) {
3018                 return werror_to_ntstatus(c.out.result);
3019         }
3020 
3021         return NT_STATUS_OK;
3022 }
3023 
3024 static NTSTATUS enumvalues(struct dcerpc_pipe *p, struct policy_handle *handle,
     /* [<][>][^][v][top][bottom][index][help] */
3025                            TALLOC_CTX *mem_ctx)
3026 {
3027         uint32_t enum_index = 0;
3028 
3029         while (1) {
3030                 struct winreg_EnumValue r;
3031                 struct winreg_ValNameBuf name;
3032                 enum winreg_Type type = 0;
3033                 uint8_t buf8[1024];
3034                 NTSTATUS status;
3035                 uint32_t size, length;
3036                 
3037                 r.in.handle = handle;
3038                 r.in.enum_index = enum_index;
3039                 name.name = "";
3040                 name.size = 1024;
3041                 r.in.name = r.out.name = &name;
3042                 size = 1024;
3043                 length = 5;
3044                 r.in.type = &type;
3045                 r.in.value = buf8;
3046                 r.in.size = &size;
3047                 r.in.length = &length;
3048 
3049                 status = dcerpc_winreg_EnumValue(p, mem_ctx, &r);
3050                 if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(r.out.result)) {
3051                         return NT_STATUS_OK;
3052                 }
3053                 enum_index += 1;
3054         }
3055 }
3056 
3057 static NTSTATUS enumkeys(struct dcerpc_pipe *p, struct policy_handle *handle, 
     /* [<][>][^][v][top][bottom][index][help] */
3058                          TALLOC_CTX *mem_ctx, int depth)
3059 {
3060         struct winreg_EnumKey r;
3061         struct winreg_StringBuf kclass, name;
3062         NTSTATUS status;
3063         NTTIME t = 0;
3064 
3065         if (depth <= 0) {
3066                 return NT_STATUS_OK;
3067         }
3068 
3069         kclass.name   = "";
3070         kclass.size   = 1024;
3071 
3072         r.in.handle = handle;
3073         r.in.enum_index = 0;
3074         r.in.name = &name;
3075         r.in.keyclass = &kclass;
3076         r.out.name = &name;
3077         r.in.last_changed_time = &t;
3078 
3079         do {
3080                 TALLOC_CTX *tmp_ctx;
3081                 struct winreg_OpenKey o;
3082                 struct policy_handle key_handle;
3083                 int i;
3084 
3085                 if (!(tmp_ctx = talloc_new(mem_ctx))) {
3086                         return NT_STATUS_NO_MEMORY;
3087                 }
3088 
3089                 name.name = NULL;
3090                 name.size = 1024;
3091 
3092                 status = dcerpc_winreg_EnumKey(p, tmp_ctx, &r);
3093                 if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(r.out.result)) {
3094                         /* We're done enumerating */
3095                         talloc_free(tmp_ctx);
3096                         return NT_STATUS_OK;
3097                 }
3098 
3099                 for (i=0; i<10-depth; i++)
3100                         printf(" ");
3101                 printf("%s\n", r.out.name->name);
3102                         
3103 
3104                 o.in.parent_handle = handle;
3105                 o.in.keyname.name = r.out.name->name;
3106                 o.in.unknown = 0;
3107                 o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
3108                 o.out.handle = &key_handle;
3109 
3110                 status = dcerpc_winreg_OpenKey(p, tmp_ctx, &o);
3111                 if (NT_STATUS_IS_OK(status) && W_ERROR_IS_OK(o.out.result)) {
3112                         enumkeys(p, &key_handle, tmp_ctx, depth-1);
3113                         enumvalues(p, &key_handle, tmp_ctx);
3114                         status = winreg_close(p, &key_handle);
3115                         if (!NT_STATUS_IS_OK(status)) {
3116                                 return status;
3117                         }
3118                 }
3119 
3120                 talloc_free(tmp_ctx);
3121 
3122                 r.in.enum_index += 1;
3123         } while(true);
3124 
3125         return NT_STATUS_OK;
3126 }
3127 
3128 typedef NTSTATUS (*winreg_open_fn)(struct dcerpc_pipe *, TALLOC_CTX *, void *);
3129 
3130 static bool test_Open3(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, 
     /* [<][>][^][v][top][bottom][index][help] */
3131                        const char *name, winreg_open_fn open_fn)
3132 {
3133         struct policy_handle handle;
3134         struct winreg_OpenHKLM r;
3135         NTSTATUS status;
3136 
3137         r.in.system_name = 0;
3138         r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
3139         r.out.handle = &handle;
3140         
3141         status = open_fn(p, mem_ctx, &r);
3142         if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(r.out.result)) {
3143                 d_printf("(%s) %s failed: %s, %s\n", __location__, name,
3144                          nt_errstr(status), win_errstr(r.out.result));
3145                 return false;
3146         }
3147 
3148         enumkeys(p, &handle, mem_ctx, 4);
3149 
3150         status = winreg_close(p, &handle);
3151         if (!NT_STATUS_IS_OK(status)) {
3152                 d_printf("(%s) dcerpc_CloseKey failed: %s\n",
3153                          __location__, nt_errstr(status));
3154                 return false;
3155         }
3156 
3157         return true;
3158 }
3159 
3160 bool torture_samba3_rpc_winreg(struct torture_context *torture)
     /* [<][>][^][v][top][bottom][index][help] */
3161 {
3162         NTSTATUS status;
3163         struct dcerpc_pipe *p;
3164         TALLOC_CTX *mem_ctx;
3165         bool ret = true;
3166         struct {
3167                 const char *name;
3168                 winreg_open_fn fn;
3169         } open_fns[] = {
3170                 {"OpenHKLM", (winreg_open_fn)dcerpc_winreg_OpenHKLM },
3171                 {"OpenHKU",  (winreg_open_fn)dcerpc_winreg_OpenHKU },
3172                 {"OpenHKPD", (winreg_open_fn)dcerpc_winreg_OpenHKPD },
3173                 {"OpenHKPT", (winreg_open_fn)dcerpc_winreg_OpenHKPT },
3174                 {"OpenHKCR", (winreg_open_fn)dcerpc_winreg_OpenHKCR }};
3175 #if 0
3176         int i;
3177 #endif
3178 
3179         mem_ctx = talloc_init("torture_rpc_winreg");
3180 
3181         status = torture_rpc_connection(torture, &p, &ndr_table_winreg);
3182 
3183         if (!NT_STATUS_IS_OK(status)) {
3184                 talloc_free(mem_ctx);
3185                 return false;
3186         }
3187 
3188 #if 1
3189         ret = test_Open3(p, mem_ctx, open_fns[0].name, open_fns[0].fn);
3190 #else
3191         for (i = 0; i < ARRAY_SIZE(open_fns); i++) {
3192                 if (!test_Open3(p, mem_ctx, open_fns[i].name, open_fns[i].fn))
3193                         ret = false;
3194         }
3195 #endif
3196 
3197         talloc_free(mem_ctx);
3198 
3199         return ret;
3200 }
3201 
3202 static NTSTATUS get_shareinfo(TALLOC_CTX *mem_ctx,
     /* [<][>][^][v][top][bottom][index][help] */
3203                               struct loadparm_context *lp_ctx,
3204                               struct smbcli_state *cli,
3205                               const char *share,
3206                               struct srvsvc_NetShareInfo502 **info502)
3207 {
3208         struct smbcli_tree *ipc;
3209         struct dcerpc_pipe *p;
3210         struct srvsvc_NetShareGetInfo r;
3211         union srvsvc_NetShareInfo info;
3212         NTSTATUS status;
3213 
3214         if (!(p = dcerpc_pipe_init(cli,
3215                                    cli->transport->socket->event.ctx,
3216                                    lp_iconv_convenience(lp_ctx)))) {
3217                 status = NT_STATUS_NO_MEMORY;
3218                 goto fail;
3219         }
3220 
3221         status = secondary_tcon(p, cli->session, "IPC$", &ipc);
3222         if (!NT_STATUS_IS_OK(status)) {
3223                 goto fail;
3224         }
3225 
3226         status = dcerpc_pipe_open_smb(p, ipc, "\\pipe\\srvsvc");
3227         if (!NT_STATUS_IS_OK(status)) {
3228                 d_printf("dcerpc_pipe_open_smb failed: %s\n",
3229                          nt_errstr(status));
3230                 goto fail;
3231         }
3232 
3233         status = dcerpc_bind_auth_none(p, &ndr_table_srvsvc);
3234         if (!NT_STATUS_IS_OK(status)) {
3235                 d_printf("dcerpc_bind_auth_none failed: %s\n",
3236                          nt_errstr(status));
3237                 goto fail;
3238         }
3239 
3240         r.in.server_unc = talloc_asprintf(mem_ctx, "\\\\%s",
3241                                           dcerpc_server_name(p));
3242         r.in.share_name = share;
3243         r.in.level = 502;
3244         r.out.info = &info;
3245 
3246         status = dcerpc_srvsvc_NetShareGetInfo(p, p, &r);
3247         if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(r.out.result)) {
3248                 d_printf("(%s) srvsvc_NetShareGetInfo failed: %s, %s\n", __location__,
3249                          nt_errstr(status), win_errstr(r.out.result));
3250                 goto fail;
3251         }
3252 
3253         *info502 = talloc_move(mem_ctx, &info.info502);
3254         return NT_STATUS_OK;
3255 
3256  fail:
3257         talloc_free(p);
3258         return status;
3259 }
3260 
3261 /*
3262  * Get us a handle on HKLM\
3263  */
3264 
3265 static NTSTATUS get_hklm_handle(TALLOC_CTX *mem_ctx,
     /* [<][>][^][v][top][bottom][index][help] */
3266                                 struct smbcli_state *cli,
3267                                 struct smb_iconv_convenience *iconv_convenience,
3268                                 struct dcerpc_pipe **pipe_p,
3269                                 struct policy_handle **handle)
3270 {
3271         struct smbcli_tree *ipc;
3272         struct dcerpc_pipe *p;
3273         struct winreg_OpenHKLM r;
3274         NTSTATUS status;
3275         struct policy_handle *result;
3276 
3277         result = talloc(mem_ctx, struct policy_handle);
3278 
3279         if (result == NULL) {
3280                 return NT_STATUS_NO_MEMORY;
3281         }
3282 
3283         if (!(p = dcerpc_pipe_init(result,
3284                                    cli->transport->socket->event.ctx,
3285                                    iconv_convenience))) {
3286                 status = NT_STATUS_NO_MEMORY;
3287                 goto fail;
3288         }
3289 
3290         status = secondary_tcon(p, cli->session, "IPC$", &ipc);
3291         if (!NT_STATUS_IS_OK(status)) {
3292                 goto fail;
3293         }
3294 
3295         status = dcerpc_pipe_open_smb(p, ipc, "\\winreg");
3296         if (!NT_STATUS_IS_OK(status)) {
3297                 d_printf("dcerpc_pipe_open_smb failed: %s\n",
3298                          nt_errstr(status));
3299                 goto fail;
3300         }
3301 
3302         status = dcerpc_bind_auth_none(p, &ndr_table_winreg);
3303         if (!NT_STATUS_IS_OK(status)) {
3304                 d_printf("dcerpc_bind_auth_none failed: %s\n",
3305                          nt_errstr(status));
3306                 goto fail;
3307         }
3308 
3309         r.in.system_name = 0;
3310         r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
3311         r.out.handle = result;
3312 
3313         status = dcerpc_winreg_OpenHKLM(p, p, &r);
3314         if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(r.out.result)) {
3315                 d_printf("(%s) OpenHKLM failed: %s, %s\n", __location__,
3316                          nt_errstr(status), win_errstr(r.out.result));
3317                 goto fail;
3318         }
3319 
3320         *pipe_p = p;
3321         *handle = result;
3322         return NT_STATUS_OK;
3323 
3324  fail:
3325         talloc_free(result);
3326         return status;
3327 }
3328 
3329 static NTSTATUS torture_samba3_createshare(struct smbcli_state *cli,
     /* [<][>][^][v][top][bottom][index][help] */
3330                                            struct smb_iconv_convenience *iconv_convenience,
3331                                            const char *sharename)
3332 {
3333         struct dcerpc_pipe *p;
3334         struct policy_handle *hklm = NULL;
3335         struct policy_handle new_handle;
3336         struct winreg_CreateKey c;
3337         struct winreg_CloseKey cl;
3338         enum winreg_CreateAction action_taken;
3339         NTSTATUS status;
3340         TALLOC_CTX *mem_ctx;
3341 
3342         mem_ctx = talloc_new(cli);
3343         NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
3344 
3345         status = get_hklm_handle(mem_ctx, cli, iconv_convenience, &p, &hklm);
3346         if (!NT_STATUS_IS_OK(status)) {
3347                 d_printf("get_hklm_handle failed: %s\n", nt_errstr(status));
3348                 goto fail;
3349         }
3350 
3351         c.in.handle = hklm;
3352         c.in.name.name = talloc_asprintf(
3353                 mem_ctx, "software\\samba\\smbconf\\%s", sharename);
3354         if (c.in.name.name == NULL) {
3355                 d_printf("talloc_asprintf failed\n");
3356                 status = NT_STATUS_NO_MEMORY;
3357                 goto fail;
3358         }
3359         c.in.keyclass.name = "";
3360         c.in.options = 0;
3361         c.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
3362         c.in.secdesc = NULL;
3363         c.in.action_taken = &action_taken;
3364         c.out.new_handle = &new_handle;
3365         c.out.action_taken = &action_taken;
3366 
3367         status = dcerpc_winreg_CreateKey(p, p, &c);
3368         if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(c.out.result)) {
3369                 d_printf("(%s) OpenKey failed: %s, %s\n", __location__,
3370                          nt_errstr(status), win_errstr(c.out.result));
3371                 goto fail;
3372         }
3373 
3374         cl.in.handle = &new_handle;
3375         cl.out.handle = &new_handle;
3376         status = dcerpc_winreg_CloseKey(p, p, &cl);
3377         if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(cl.out.result)) {
3378                 d_printf("(%s) OpenKey failed: %s, %s\n", __location__,
3379                          nt_errstr(status), win_errstr(cl.out.result));
3380                 goto fail;
3381         }
3382 
3383 
3384  fail:
3385         talloc_free(mem_ctx);
3386         return status;
3387 }
3388 
3389 static NTSTATUS torture_samba3_deleteshare(struct torture_context *torture,
     /* [<][>][^][v][top][bottom][index][help] */
3390                                            struct smbcli_state *cli,
3391                                            const char *sharename)
3392 {
3393         struct dcerpc_pipe *p;
3394         struct policy_handle *hklm = NULL;
3395         struct winreg_DeleteKey d;
3396         NTSTATUS status;
3397         TALLOC_CTX *mem_ctx;
3398 
3399         mem_ctx = talloc_new(cli);
3400         NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
3401 
3402         status = get_hklm_handle(cli, cli, lp_iconv_convenience(torture->lp_ctx),
3403                                  &p, &hklm);
3404         if (!NT_STATUS_IS_OK(status)) {
3405                 d_printf("get_hklm_handle failed: %s\n", nt_errstr(status));
3406                 goto fail;
3407         }
3408 
3409         d.in.handle = hklm;
3410         d.in.key.name = talloc_asprintf(
3411                 mem_ctx, "software\\samba\\smbconf\\%s", sharename);
3412         if (d.in.key.name == NULL) {
3413                 d_printf("talloc_asprintf failed\n");
3414                 status = NT_STATUS_NO_MEMORY;
3415                 goto fail;
3416         }
3417         status = dcerpc_winreg_DeleteKey(p, p, &d);
3418         if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(d.out.result)) {
3419                 d_printf("(%s) OpenKey failed: %s, %s\n", __location__,
3420                          nt_errstr(status), win_errstr(d.out.result));
3421                 goto fail;
3422         }
3423 
3424  fail:
3425         talloc_free(mem_ctx);
3426         return status;
3427 }
3428 
3429 static NTSTATUS torture_samba3_setconfig(struct smbcli_state *cli,
     /* [<][>][^][v][top][bottom][index][help] */
3430                                          struct loadparm_context *lp_ctx,
3431                                          const char *sharename,
3432                                          const char *parameter,
3433                                          const char *value)
3434 {
3435         struct dcerpc_pipe *p = NULL;
3436         struct policy_handle *hklm = NULL, key_handle;
3437         struct winreg_OpenKey o;
3438         struct winreg_SetValue s;
3439         uint32_t type;
3440         DATA_BLOB val;
3441         NTSTATUS status;
3442 
3443         status = get_hklm_handle(cli, cli, lp_iconv_convenience(lp_ctx), &p, &hklm);
3444         if (!NT_STATUS_IS_OK(status)) {
3445                 d_printf("get_hklm_handle failed: %s\n", nt_errstr(status));
3446                 return status;;
3447         }
3448 
3449         o.in.parent_handle = hklm;
3450         o.in.keyname.name = talloc_asprintf(
3451                 hklm, "software\\samba\\smbconf\\%s", sharename);
3452         if (o.in.keyname.name == NULL) {
3453                 d_printf("talloc_asprintf failed\n");
3454                 status = NT_STATUS_NO_MEMORY;
3455                 goto done;
3456         }
3457         o.in.unknown = 0;
3458         o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
3459         o.out.handle = &key_handle;
3460 
3461         status = dcerpc_winreg_OpenKey(p, p, &o);
3462         if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(o.out.result)) {
3463                 d_printf("(%s) OpenKey failed: %s, %s\n", __location__,
3464                          nt_errstr(status), win_errstr(o.out.result));
3465                 goto done;
3466         }
3467 
3468         if (!reg_string_to_val(hklm, lp_iconv_convenience(lp_ctx), "REG_SZ", 
3469                                value, &type, &val)) {
3470                 d_printf("(%s) reg_string_to_val failed\n", __location__);
3471                 goto done;
3472         }
3473 
3474         s.in.handle = &key_handle;
3475         s.in.name.name = parameter;
3476         s.in.type = type;
3477         s.in.data = val.data;
3478         s.in.size = val.length;
3479 
3480         status = dcerpc_winreg_SetValue(p, p, &s);
3481         if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(s.out.result)) {
3482                 d_printf("(%s) SetValue failed: %s, %s\n", __location__,
3483                          nt_errstr(status), win_errstr(s.out.result));
3484                 goto done;
3485         }
3486 
3487  done:
3488         talloc_free(hklm);
3489         return status;
3490 }
3491 
3492 bool torture_samba3_regconfig(struct torture_context *torture)
     /* [<][>][^][v][top][bottom][index][help] */
3493 {
3494         struct smbcli_state *cli;
3495         struct srvsvc_NetShareInfo502 *i = NULL;
3496         NTSTATUS status;
3497         bool ret = false;
3498         const char *comment = "Dummer Kommentar";
3499 
3500         if (!(torture_open_connection(&cli, torture, 0))) {
3501                 return false;
3502         }
3503 
3504         status = torture_samba3_createshare(cli, lp_iconv_convenience(torture->lp_ctx), "blubber");
3505         if (!NT_STATUS_IS_OK(status)) {
3506                 torture_warning(torture, "torture_samba3_createshare failed: "
3507                                 "%s\n", nt_errstr(status));
3508                 goto done;
3509         }
3510 
3511         status = torture_samba3_setconfig(cli, torture->lp_ctx, "blubber", "comment", comment);
3512         if (!NT_STATUS_IS_OK(status)) {
3513                 torture_warning(torture, "torture_samba3_setconfig failed: "
3514                                 "%s\n", nt_errstr(status));
3515                 goto done;
3516         }
3517 
3518         status = get_shareinfo(torture, torture->lp_ctx, cli, "blubber", &i);
3519         if (!NT_STATUS_IS_OK(status)) {
3520                 torture_warning(torture, "get_shareinfo failed: "
3521                                 "%s\n", nt_errstr(status));
3522                 goto done;
3523         }
3524 
3525         if (strcmp(comment, i->comment) != 0) {
3526                 torture_warning(torture, "Expected comment [%s], got [%s]\n",
3527                                 comment, i->comment);
3528                 goto done;
3529         }
3530 
3531         status = torture_samba3_deleteshare(torture, cli, "blubber");
3532         if (!NT_STATUS_IS_OK(status)) {
3533                 torture_warning(torture, "torture_samba3_deleteshare failed: "
3534                                 "%s\n", nt_errstr(status));
3535                 goto done;
3536         }
3537 
3538         ret = true;
3539  done:
3540         talloc_free(cli);
3541         return ret;
3542 }

/* [<][>][^][v][top][bottom][index][help] */