1#!/usr/bin/python 2 3import sys 4import dcerpc, samr 5 6def test_Connect(pipe): 7 8 handle = samr.Connect(pipe) 9 handle = samr.Connect2(pipe) 10 handle = samr.Connect3(pipe) 11 handle = samr.Connect4(pipe) 12 13 # WIN2K3 only? 14 15 try: 16 handle = samr.Connect5(pipe) 17 except dcerpc.NTSTATUS, arg: 18 if arg[0] != 0xc00000d2L: # NT_STATUS_NET_WRITE_FAULT 19 raise 20 21 return handle 22 23def test_UserHandle(user_handle): 24 25 # QuerySecurity()/SetSecurity() 26 27 user_handle.SetSecurity(user_handle.QuerySecurity()) 28 29 # GetUserPwInfo() 30 31 user_handle.GetUserPwInfo() 32 33 # GetUserInfo() 34 35 for level in [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 16, 17, 20, 36 21, 23, 24, 25, 26]: 37 38 try: 39 user_handle.QueryUserInfo(level) 40 user_handle.QueryUserInfo2(level) 41 except dcerpc.NTSTATUS, arg: 42 if arg[0] != 0xc0000003L: # NT_STATUS_INVALID_INFO_CLASS 43 raise 44 45 # GetGroupsForUser() 46 47 user_handle.GetGroupsForUser() 48 49 # TestPrivateFunctionsUser() 50 51 try: 52 user_handle.TestPrivateFunctionsUser() 53 except dcerpc.NTSTATUS, arg: 54 if arg[0] != 0xC0000002L: 55 raise 56 57def test_GroupHandle(group_handle): 58 59 # QuerySecurity()/SetSecurity() 60 61 group_handle.SetSecurity(group_handle.QuerySecurity()) 62 63 # QueryGroupInfo() 64 65 for level in [1, 2, 3, 4, 5]: 66 info = group_handle.QueryGroupInfo(level) 67 68 # TODO: SetGroupinfo() 69 70 # QueryGroupMember() 71 72 group_handle.QueryGroupMember() 73 74def test_AliasHandle(alias_handle): 75 76 # QuerySecurity()/SetSecurity() 77 78 alias_handle.SetSecurity(alias_handle.QuerySecurity()) 79 80 print alias_handle.GetMembersInAlias() 81 82def test_DomainHandle(name, sid, domain_handle): 83 84 print 'testing %s (%s)' % (name, sid) 85 86 # QuerySecurity()/SetSecurity() 87 88 domain_handle.SetSecurity(domain_handle.QuerySecurity()) 89 90 # LookupNames(), none mapped 91 92 try: 93 domain_handle.LookupNames(['xxNONAMExx']) 94 except dcerpc.NTSTATUS, arg: 95 if arg[0] != 0xc0000073L: 96 raise dcerpc.NTSTATUS(arg) 97 98 # LookupNames(), some mapped 99 100 if name != 'Builtin': 101 domain_handle.LookupNames(['Administrator', 'xxNONAMExx']) 102 103 # QueryDomainInfo()/SetDomainInfo() 104 105 levels = [1, 2, 3, 4, 5, 6, 7, 8, 9, 11, 12, 13] 106 set_ok = [1, 0, 1, 1, 0, 1, 1, 0, 1, 0, 1, 0] 107 108 for i in range(len(levels)): 109 110 info = domain_handle.QueryDomainInfo(level = levels[i]) 111 112 try: 113 domain_handle.SetDomainInfo(levels[i], info) 114 except dcerpc.NTSTATUS, arg: 115 if not (arg[0] == 0xc0000003L and not set_ok[i]): 116 raise 117 118 # QueryDomainInfo2() 119 120 levels = [1, 2, 3, 4, 5, 6, 7, 8, 9, 11, 12, 13] 121 122 for i in range(len(levels)): 123 domain_handle.QueryDomainInfo2(level = levels[i]) 124 125 # EnumDomainUsers 126 127 print 'testing users' 128 129 users = domain_handle.EnumDomainUsers() 130 rids = domain_handle.LookupNames(users) 131 132 for i in range(len(users)): 133 test_UserHandle(domain_handle.OpenUser(rids[0][i])) 134 135 # QueryDisplayInfo 136 137 for i in [1, 2, 3, 4, 5]: 138 domain_handle.QueryDisplayInfo(level = i) 139 domain_handle.QueryDisplayInfo2(level = i) 140 domain_handle.QueryDisplayInfo3(level = i) 141 142 # EnumDomainGroups 143 144 print 'testing groups' 145 146 groups = domain_handle.EnumDomainGroups() 147 rids = domain_handle.LookupNames(groups) 148 149 for i in range(len(groups)): 150 test_GroupHandle(domain_handle.OpenGroup(rids[0][i])) 151 152 # EnumDomainAliases 153 154 print 'testing aliases' 155 156 aliases = domain_handle.EnumDomainAliases() 157 rids = domain_handle.LookupNames(aliases) 158 159 for i in range(len(aliases)): 160 test_AliasHandle(domain_handle.OpenAlias(rids[0][i])) 161 162 # CreateUser 163 # CreateUser2 164 # CreateDomAlias 165 # RidToSid 166 # RemoveMemberFromForeignDomain 167 # CreateDomainGroup 168 # GetAliasMembership 169 170 # GetBootKeyInformation() 171 172 try: 173 domain_handle.GetBootKeyInformation() 174 except dcerpc.NTSTATUS, arg: 175 pass 176 177 # TestPrivateFunctionsDomain() 178 179 try: 180 domain_handle.TestPrivateFunctionsDomain() 181 except dcerpc.NTSTATUS, arg: 182 if arg[0] != 0xC0000002L: 183 raise 184 185def test_ConnectHandle(connect_handle): 186 187 print 'testing connect handle' 188 189 # QuerySecurity/SetSecurity 190 191 connect_handle.SetSecurity(connect_handle.QuerySecurity()) 192 193 # Lookup bogus domain 194 195 try: 196 connect_handle.LookupDomain('xxNODOMAINxx') 197 except dcerpc.NTSTATUS, arg: 198 if arg[0] != 0xC00000DFL: # NT_STATUS_NO_SUCH_DOMAIN 199 raise 200 201 # Test all domains 202 203 for domain_name in connect_handle.EnumDomains(): 204 205 connect_handle.GetDomPwInfo(domain_name) 206 sid = connect_handle.LookupDomain(domain_name) 207 domain_handle = connect_handle.OpenDomain(sid) 208 209 test_DomainHandle(domain_name, sid, domain_handle) 210 211 # TODO: Test Shutdown() function 212 213def runtests(binding, creds): 214 215 print 'Testing SAMR pipe' 216 217 pipe = dcerpc.pipe_connect(binding, 218 dcerpc.DCERPC_SAMR_UUID, int(dcerpc.DCERPC_SAMR_VERSION), creds) 219 220 handle = test_Connect(pipe) 221 test_ConnectHandle(handle) 222