public void SamrEnumerateUsersInDomain_AddDeleteUser_NonDC()
{
ConnectAndOpenDomain_NonDC(_samrProtocolAdapter.domainMemberFqdn, _samrProtocolAdapter.domainMemberFqdn, out _serverHandle, out _domainHandle, Utilities.MAXIMUM_ALLOWED);
Site.Log.Add(LogEntryKind.TestStep, "SamrEnumerateUsersInDomain enumerates all users.");
uint?enumerationContext = 0;
_SAMPR_ENUMERATION_BUFFER?buffer = null;
uint preferedMaximumLength = 3000;
uint countReturned = 0;
HRESULT result = _samrProtocolAdapter.SamrEnumerateUsersInDomain(_domainHandle, ref enumerationContext, (uint)USER_ACCOUNT_CONTROL.USER_NORMAL_ACCOUNT, out buffer, preferedMaximumLength, out countReturned);
Site.Assert.AreEqual(HRESULT.STATUS_SUCCESS, result, "3.1.5.2.2 The server MUST enable a client to obtain a listing, without duplicates, of all database objects that satisfy the criteria of Enumerate-Filter.");
Site.Assert.AreEqual(buffer.Value.EntriesRead, countReturned, "3.1.5.2.2 On output, CountReturned MUST equal Buffer.EntriesRead.");
_samrProtocolAdapter.VerifyConstraintsInCommonProcessingOfEnumeration(buffer.Value.Buffer, preferedMaximumLength);
uint grantedAccess, relativeId = 0;
try
{
buffer = null;
uint countReturnedAdded = 0;
result = _samrProtocolAdapter.SamrCreateUser2InDomain(_domainHandle, testUserName, (uint)ACCOUNT_TYPE.USER_NORMAL_ACCOUNT, (uint)User_ACCESS_MASK.USER_ALL_ACCESS,
out _userHandle, out grantedAccess, out relativeId);
Site.Assert.AreEqual(HRESULT.STATUS_SUCCESS, result, "SamrCreateUser2InDomain succeeded.");
result = _samrProtocolAdapter.SamrEnumerateUsersInDomain(_domainHandle, ref enumerationContext, (uint)USER_ACCOUNT_CONTROL.USER_NORMAL_ACCOUNT, out buffer, preferedMaximumLength, out countReturnedAdded);
Site.Assert.AreEqual(HRESULT.STATUS_SUCCESS, result, "3.1.5.2.2 The server MUST enable a client to obtain a listing, without duplicates, of all database objects that satisfy the criteria of Enumerate-Filter.");
Site.Assert.AreEqual(buffer.Value.EntriesRead, countReturnedAdded, "3.1.5.2.2 On output, CountReturned MUST equal Buffer.EntriesRead.");
Site.Log.Add(LogEntryKind.TestStep, "CountReturnedAdded: {0}.", countReturnedAdded);
bool flag = false;
foreach (_SAMPR_RID_ENUMERATION rid in buffer.Value.Buffer)
{
if (relativeId == rid.RelativeId)
{
flag = true;
}
}
Site.Assert.IsTrue(flag, "3.1.5.2.2 If an object that satisfies Enumerate-Filter is added between successive Enumerate method calls in a session, and said object has a RID that is greater than the RIDs of all objects returned in previous calls, the server MUST return said object before the enumeration is complete.");
_samrProtocolAdapter.VerifyConstraintsInCommonProcessingOfEnumeration(buffer.Value.Buffer, preferedMaximumLength);
}
finally
{
uint countReturnedDeleted = 0;
buffer = null;
result = _samrProtocolAdapter.SamrDeleteUser(ref _userHandle);
Site.Assert.AreEqual(HRESULT.STATUS_SUCCESS, result, "SamrDeleteUser returns:{0}.", result);
result = _samrProtocolAdapter.SamrEnumerateUsersInDomain(_domainHandle, ref enumerationContext, (uint)USER_ACCOUNT_CONTROL.USER_NORMAL_ACCOUNT, out buffer, preferedMaximumLength, out countReturnedDeleted);
Site.Assert.AreEqual(HRESULT.STATUS_SUCCESS, result, "3.1.5.2.2 The server MUST enable a client to obtain a listing, without duplicates, of all database objects that satisfy the criteria of Enumerate-Filter.");
Site.Assert.AreEqual(buffer.Value.EntriesRead, countReturnedDeleted, "3.1.5.2.2 On output, CountReturned MUST equal Buffer.EntriesRead.");
bool flag = false;
foreach (_SAMPR_RID_ENUMERATION rid in buffer.Value.Buffer)
{
if (relativeId == rid.RelativeId)
{
flag = true;
}
}
Site.Assert.IsFalse(flag, "3.1.5.2.2 If an object that satisfies Enumerate-Filter is deleted between successive Enumerate method calls in a session, and said object has not already been returned by a previous method call in the session, the server MUST NOT return said object before the enumeration is complete.");
_samrProtocolAdapter.VerifyConstraintsInCommonProcessingOfEnumeration(buffer.Value.Buffer, preferedMaximumLength);
}
}
public void SamrEnumerateGroupsInDomain_STATUS_ACCESS_DENIED()
{
ConnectAndOpenDomain(_samrProtocolAdapter.pdcFqdn, _samrProtocolAdapter.PrimaryDomainDnsName, out _serverHandle, out _domainHandle, Utilities.DOMAIN_READ);
Site.Log.Add(LogEntryKind.TestStep, "SamrEnumerateGroupsInDomain with DOMAIN_READ access.");
uint?enumerationContext = 0;
_SAMPR_ENUMERATION_BUFFER?buffer = null;
uint preferedMaximumLength = 3000;
uint countReturned = 0;
HRESULT result = _samrProtocolAdapter.SamrEnumerateGroupsInDomain(_domainHandle, ref enumerationContext, out buffer, preferedMaximumLength, out countReturned);
Site.Assert.AreEqual(HRESULT.STATUS_ACCESS_DENIED, result, "3.1.5.2.2 DomainHandle.GrantedAccess MUST have the required access specified in section 3.1.2.1. Otherwise, the server MUST return STATUS_ACCESS_DENIED.");
}
public void SamrEnumerateGroupsInDomain_InvalidHandle()
{
ConnectAndOpenDomain(_samrProtocolAdapter.pdcFqdn, _samrProtocolAdapter.PrimaryDomainDnsName, out _serverHandle, out _domainHandle);
Site.Log.Add(LogEntryKind.TestStep, "SamrEnumerateGroupsInDomain enumerates all groups.");
uint?enumerationContext = 0;
_SAMPR_ENUMERATION_BUFFER?buffer = null;
uint preferedMaximumLength = 3000;
uint countReturned = 0;
HRESULT result = _samrProtocolAdapter.SamrEnumerateGroupsInDomain(_serverHandle, ref enumerationContext, out buffer, preferedMaximumLength, out countReturned);
Site.Assert.AreNotEqual(HRESULT.STATUS_SUCCESS, result, "3.1.5.2.2 The server MUST return an error if DomainHandle.HandleType is not equal to Domain.");
}
public void SamrEnumerateGroupsInDomain_STATUS_MORE_ENTRIES()
{
ConnectAndOpenDomain(_samrProtocolAdapter.pdcFqdn, _samrProtocolAdapter.PrimaryDomainDnsName, out _serverHandle, out _domainHandle);
Site.Log.Add(LogEntryKind.TestStep, "SamrEnumerateGroupsInDomain enumerates all groups.");
uint?enumerationContext = 0;
_SAMPR_ENUMERATION_BUFFER?buffer = null;
uint preferedMaximumLength = 1;
uint countReturned = 0;
HRESULT result = _samrProtocolAdapter.SamrEnumerateGroupsInDomain(_domainHandle, ref enumerationContext, out buffer, preferedMaximumLength, out countReturned);
Site.Assert.AreEqual(HRESULT.STATUS_MORE_ENTRIES, result, "3.1.5.2.2 The server MUST enable a client to obtain a listing, without duplicates, of all database objects that satisfy the criteria of Enumerate-Filter.");
}
public void SamrEnumerateUsersInDomain_InvalidHandle_NonDC()
{
ConnectAndOpenDomain_NonDC(_samrProtocolAdapter.domainMemberFqdn, _samrProtocolAdapter.domainMemberFqdn, out _serverHandle, out _domainHandle, Utilities.MAXIMUM_ALLOWED);
Site.Log.Add(LogEntryKind.TestStep, "SamrEnumerateUsersInDomain enumerates all users.");
uint?enumerationContext = 0;
_SAMPR_ENUMERATION_BUFFER?buffer = null;
uint preferedMaximumLength = 3000;
uint countReturned = 0;
HRESULT result = _samrProtocolAdapter.SamrEnumerateUsersInDomain(_serverHandle, ref enumerationContext, (uint)USER_ACCOUNT_CONTROL.USER_NORMAL_ACCOUNT, out buffer, preferedMaximumLength, out countReturned);
Site.Assert.AreNotEqual(HRESULT.STATUS_SUCCESS, result, "3.1.5.2.2 The server MUST return an error if DomainHandle.HandleType is not equal to Domain.");
}
public void SamrEnumerateUsersInDomain_STATUS_MORE_ENTRIES_NonDC()
{
ConnectAndOpenDomain_NonDC(_samrProtocolAdapter.domainMemberFqdn, _samrProtocolAdapter.domainMemberFqdn, out _serverHandle, out _domainHandle, Utilities.MAXIMUM_ALLOWED);
Site.Log.Add(LogEntryKind.TestStep, "SamrEnumerateUsersInDomain enumerates all users.");
uint?enumerationContext = 0;
_SAMPR_ENUMERATION_BUFFER?buffer = null;
uint preferedMaximumLength = 1;
uint countReturned = 0;
HRESULT result = _samrProtocolAdapter.SamrEnumerateUsersInDomain(_domainHandle, ref enumerationContext, (uint)USER_ACCOUNT_CONTROL.USER_NORMAL_ACCOUNT, out buffer, preferedMaximumLength, out countReturned);
Site.Assert.AreEqual(HRESULT.STATUS_MORE_ENTRIES, result, "3.1.5.2.2 The server MUST enable a client to obtain a listing, without duplicates, of all database objects that satisfy the criteria of Enumerate-Filter.");
}
public void SamrEnumerateGroupsInDomain_STATUS_MORE_ENTRIES_NonDC()
{
ConnectAndOpenDomain_NonDC(_samrProtocolAdapter.domainMemberFqdn, _samrProtocolAdapter.domainMemberFqdn, out _serverHandle, out _domainHandle, Utilities.MAXIMUM_ALLOWED);
Site.Log.Add(LogEntryKind.TestStep, "SamrEnumerateGroupsInDomain enumerates all groups.");
uint?enumerationContext = 0;
_SAMPR_ENUMERATION_BUFFER?buffer = null;
uint preferedMaximumLength = 0;
uint countReturned = 0;
HRESULT result = _samrProtocolAdapter.SamrEnumerateGroupsInDomain(_domainHandle, ref enumerationContext, out buffer, preferedMaximumLength, out countReturned);
Site.Assert.AreEqual(HRESULT.STATUS_MORE_ENTRIES, result, "3.1.5.2.2 9. STATUS_MORE_ENTRIES MUST be returned if the server returns less than all of the database objects in Buffer.Buffer because of the PreferedMaximumLength restriction. ");
}
public void SamrEnumerateGroupsInDomain_NonDC()
{
ConnectAndOpenDomain_NonDC(_samrProtocolAdapter.domainMemberFqdn, _samrProtocolAdapter.domainMemberFqdn, out _serverHandle, out _domainHandle, Utilities.MAXIMUM_ALLOWED);
Site.Log.Add(LogEntryKind.TestStep, "SamrEnumerateGroupsInDomain enumerates all groups.");
uint?enumerationContext = 0;
_SAMPR_ENUMERATION_BUFFER?buffer = null;
uint preferedMaximumLength = 3000;
uint countReturned = 0;
HRESULT result = _samrProtocolAdapter.SamrEnumerateGroupsInDomain(_domainHandle, ref enumerationContext, out buffer, preferedMaximumLength, out countReturned);
Site.Assert.AreEqual(HRESULT.STATUS_SUCCESS, result, "3.1.5.2.2 The server MUST enable a client to obtain a listing, without duplicates, of all database objects that satisfy the criteria of Enumerate-Filter.");
Site.Assert.AreEqual(buffer.Value.EntriesRead, countReturned, "3.1.5.2.2 On output, CountReturned MUST equal Buffer.EntriesRead.");
_samrProtocolAdapter.VerifyConstraintsInCommonProcessingOfEnumeration(buffer.Value.Buffer, preferedMaximumLength);
}
public void SamrEnumerateUsersInDomain_IgnoreBits_NonDC()
{
ConnectAndOpenDomain_NonDC(_samrProtocolAdapter.domainMemberFqdn, _samrProtocolAdapter.domainMemberFqdn, out _serverHandle, out _domainHandle, Utilities.MAXIMUM_ALLOWED);
Site.Log.Add(LogEntryKind.TestStep, "SamrEnumerateUsersInDomain enumerates all users.");
uint?enumerationContext = 0;
_SAMPR_ENUMERATION_BUFFER?buffer = null;
uint preferedMaximumLength = 3000;
uint countReturned = 0;
HRESULT result = _samrProtocolAdapter.SamrEnumerateUsersInDomain(_domainHandle, ref enumerationContext, (uint)(USER_ACCOUNT_CONTROL.USER_NORMAL_ACCOUNT | USER_ACCOUNT_CONTROL.USER_ACCOUNT_AUTO_LOCKED | USER_ACCOUNT_CONTROL.USER_PASSWORD_EXPIRED), out buffer, preferedMaximumLength, out countReturned);
Site.Assert.AreEqual(HRESULT.STATUS_SUCCESS, result, "3.1.5.2.2 The server MUST ignore the UF_LOCKOUT and UF_PASSWORD_EXPIRED bits in the UserAccountControl parameter.");
Site.Assert.AreEqual(buffer.Value.EntriesRead, countReturned, "3.1.5.2.2 On output, CountReturned MUST equal Buffer.EntriesRead.");
_samrProtocolAdapter.VerifyConstraintsInCommonProcessingOfEnumeration(buffer.Value.Buffer, preferedMaximumLength);
}
public void SamrEnumerateUsersInDomain()
{
ConnectAndOpenDomain(_samrProtocolAdapter.pdcFqdn, _samrProtocolAdapter.PrimaryDomainDnsName, out _serverHandle, out _domainHandle);
Site.Log.Add(LogEntryKind.TestStep, "SamrEnumerateUsersInDomain enumerates all users.");
uint?enumerationContext = 0;
_SAMPR_ENUMERATION_BUFFER?buffer = null;
uint preferedMaximumLength = 3000;
uint countReturned = 0;
HRESULT result = _samrProtocolAdapter.SamrEnumerateUsersInDomain(_domainHandle, ref enumerationContext, (uint)USER_ACCOUNT_CONTROL.USER_NORMAL_ACCOUNT, out buffer, preferedMaximumLength, out countReturned);
Site.Assert.AreEqual(HRESULT.STATUS_SUCCESS, result, "3.1.5.2.2 The server MUST enable a client to obtain a listing, without duplicates, of all database objects that satisfy the criteria of Enumerate-Filter.");
Site.Assert.AreEqual(buffer.Value.EntriesRead, countReturned, "3.1.5.2.2 On output, CountReturned MUST equal Buffer.EntriesRead.");
_samrProtocolAdapter.VerifyConstraintsInCommonProcessingOfEnumeration(buffer.Value.Buffer, preferedMaximumLength);
_samrProtocolAdapter.VerifyEnumerateUsersInDomainResults(buffer, (uint)AdtsUserAccountControl.ADS_UF_NORMAL_ACCOUNT);
}
public void SamrEnumerateGroupsInDomain_AddDeleteGroup()
{
ConnectAndOpenDomain(_samrProtocolAdapter.pdcFqdn, _samrProtocolAdapter.PrimaryDomainDnsName, out _serverHandle, out _domainHandle);
Site.Log.Add(LogEntryKind.TestStep, "SamrEnumerateUsersInDomain enumerates all groups.");
uint?enumerationContext = 0;
_SAMPR_ENUMERATION_BUFFER?buffer = null;
uint preferedMaximumLength = 3000;
uint countReturned = 0;
HRESULT result = _samrProtocolAdapter.SamrEnumerateGroupsInDomain(_domainHandle, ref enumerationContext, out buffer, preferedMaximumLength, out countReturned);
Site.Assert.AreEqual(HRESULT.STATUS_SUCCESS, result, "3.1.5.2.2 The server MUST enable a client to obtain a listing, without duplicates, of all database objects that satisfy the criteria of Enumerate-Filter.");
Site.Assert.AreEqual(buffer.Value.EntriesRead, countReturned, "3.1.5.2.2 On output, CountReturned MUST equal Buffer.EntriesRead.");
_samrProtocolAdapter.VerifyConstraintsInCommonProcessingOfEnumeration(buffer.Value.Buffer, preferedMaximumLength);
_samrProtocolAdapter.VerifyEnumerateGroupsInDomainResults(buffer);
uint relativeId;
buffer = null;
uint countReturnedAdded = 0;
result = _samrProtocolAdapter.SamrCreateGroupInDomain(_domainHandle, testGroupName, (uint)Group_ACCESS_MASK.GROUP_ALL_ACCESS,
out _groupHandle, out relativeId);
Site.Assert.AreEqual(HRESULT.STATUS_SUCCESS, result, "SamrCreateGroupInDomain succeeded.");
result = _samrProtocolAdapter.SamrEnumerateGroupsInDomain(_domainHandle, ref enumerationContext, out buffer, preferedMaximumLength, out countReturnedAdded);
Site.Assert.AreEqual(HRESULT.STATUS_SUCCESS, result, "3.1.5.2.2 The server MUST enable a client to obtain a listing, without duplicates, of all database objects that satisfy the criteria of Enumerate-Filter.");
Site.Assert.AreEqual(buffer.Value.EntriesRead, countReturnedAdded, "3.1.5.2.2 On output, CountReturned MUST equal Buffer.EntriesRead.");
Site.Assert.AreEqual(countReturned + 1, countReturnedAdded, "3.1.5.2.2 If an object that satisfies Enumerate-Filter is added between successive Enumerate method calls in a session, and said object has a RID that is greater than the RIDs of all objects returned in previous calls, the server MUST return said object before the enumeration is complete.");
_samrProtocolAdapter.VerifyConstraintsInCommonProcessingOfEnumeration(buffer.Value.Buffer, preferedMaximumLength);
_samrProtocolAdapter.VerifyEnumerateGroupsInDomainResults(buffer);
uint countReturnedDeleted = 0;
buffer = null;
result = _samrProtocolAdapter.SamrDeleteGroup(ref _groupHandle);
Site.Assert.AreEqual(HRESULT.STATUS_SUCCESS, result, "SamrDeleteGroup returns:{0}.", result);
result = _samrProtocolAdapter.SamrEnumerateGroupsInDomain(_domainHandle, ref enumerationContext, out buffer, preferedMaximumLength, out countReturnedDeleted);
Site.Assert.AreEqual(HRESULT.STATUS_SUCCESS, result, "3.1.5.2.2 The server MUST enable a client to obtain a listing, without duplicates, of all database objects that satisfy the criteria of Enumerate-Filter.");
Site.Assert.AreEqual(buffer.Value.EntriesRead, countReturnedDeleted, "3.1.5.2.2 On output, CountReturned MUST equal Buffer.EntriesRead.");
Site.Assert.AreEqual(countReturnedAdded - 1, countReturnedDeleted, "3.1.5.2.2 If an object that satisfies Enumerate-Filter is deleted between successive Enumerate method calls in a session, and said object has not already been returned by a previous method call in the session, the server MUST NOT return said object before the enumeration is complete.");
_samrProtocolAdapter.VerifyConstraintsInCommonProcessingOfEnumeration(buffer.Value.Buffer, preferedMaximumLength);
_samrProtocolAdapter.VerifyEnumerateGroupsInDomainResults(buffer);
}
public void SamrGetDisplayEnumerationIndex2_Group_STATUS_NO_MORE_ENTRIES_NonDC()
{
ConnectAndOpenDomain_NonDC(_samrProtocolAdapter.domainMemberFqdn, _samrProtocolAdapter.domainMemberFqdn, out _serverHandle, out _domainHandle, Utilities.MAXIMUM_ALLOWED);
Site.Log.Add(LogEntryKind.TestStep, "SamrGetDisplayEnumerationIndex2: obtains an index into an ascending account-name-sorted list of accounts.");
uint index;
string prefix = "X";
HRESULT result = _samrProtocolAdapter.SamrGetDisplayEnumerationIndex2(_domainHandle, _DOMAIN_DISPLAY_INFORMATION.DomainDisplayGroup, prefix, out index);
Site.Log.Add(LogEntryKind.TestStep, "SamrEnumerateGroupsInDomain enumerates all groups.");
uint?enumerationContext = 0;
_SAMPR_ENUMERATION_BUFFER?buffer = null;
uint preferedMaximumLength = 3000;
uint countReturned = 0;
HRESULT res = _samrProtocolAdapter.SamrEnumerateGroupsInDomain(_domainHandle, ref enumerationContext, out buffer, preferedMaximumLength, out countReturned);
Site.Assert.AreEqual(HRESULT.STATUS_SUCCESS, res, "3.1.5.2.2 The server MUST enable a client to obtain a listing, without duplicates, of all database objects that satisfy the criteria of Enumerate-Filter.");
List <string> groups = new List <string>(utilityObject.convertToString((_SAMPR_ENUMERATION_BUFFER)buffer, buffer.Value.EntriesRead));
bool flag = false;
foreach (string group in groups)
{
if (group.Substring(0, prefix.Length).ToUpper() == prefix.ToUpper())
{
flag = true;
}
}
if (flag)
{
Site.Assert.AreEqual(HRESULT.STATUS_SUCCESS, result, "STATUS_SUCCESS is returned if there is such group.");
}
else
{
Site.Assert.AreEqual(HRESULT.STATUS_NO_MORE_ENTRIES, result, "3.1.5.3.4 If no such element exists, the server MUST return STATUS_NO_MORE_ENTRIES.");
}
}
public void SamrEnumerateGroupsInDomain_AddDeleteGroup()
{
ConnectAndOpenDomain(_samrProtocolAdapter.pdcFqdn, _samrProtocolAdapter.PrimaryDomainDnsName, out _serverHandle, out _domainHandle);
uint?enumerationContext = 0;
_SAMPR_ENUMERATION_BUFFER?buffer = null;
uint preferedMaximumLength = 1;
uint countReturned = 0;
uint relativeId = 0;
try
{
Site.Log.Add(LogEntryKind.TestStep, "SamrEnumerateUsersInDomain enumerates all groups.");
// Start a new enumeration session
HRESULT enumResult = _samrProtocolAdapter.SamrEnumerateGroupsInDomain(_domainHandle, ref enumerationContext, out buffer, preferedMaximumLength, out countReturned);
Site.Assert.AreEqual(HRESULT.STATUS_MORE_ENTRIES, enumResult, "3.1.5.2.2 The server MUST enable a client to obtain a listing, without duplicates, of all database objects that satisfy the criteria of Enumerate-Filter.");
Site.Assert.AreEqual(buffer.Value.EntriesRead, countReturned, "3.1.5.2.2 On output, CountReturned MUST equal Buffer.EntriesRead.");
_samrProtocolAdapter.VerifyConstraintsInCommonProcessingOfEnumeration(buffer.Value.Buffer, preferedMaximumLength);
buffer = null;
uint countReturnedAdded = 0;
// Add a new group to the domain
Site.Log.Add(LogEntryKind.TestStep, "Create a group with name \"{0}\".", testGroupName);
HRESULT opResult = _samrProtocolAdapter.SamrCreateGroupInDomain(_domainHandle, testGroupName, (uint)Group_ACCESS_MASK.GROUP_ALL_ACCESS, out _groupHandle, out relativeId);
Site.Assert.AreEqual(HRESULT.STATUS_SUCCESS, opResult, "SamrCreateGroupInDomain succeeded.");
// Continue the enumeration with the existing session
var enumeratedGroupsAfterGroupCreation = new List <_SAMPR_RID_ENUMERATION>();
while (enumResult == HRESULT.STATUS_MORE_ENTRIES)
{
enumResult = _samrProtocolAdapter.SamrEnumerateGroupsInDomain(_domainHandle, ref enumerationContext, out buffer, preferedMaximumLength, out countReturnedAdded);
Site.Assert.AreEqual(buffer.Value.EntriesRead, countReturnedAdded, "3.1.5.2.2 On output, CountReturned MUST equal Buffer.EntriesRead.");
Site.Log.Add(LogEntryKind.TestStep, "CountReturnedAdded: {0}.", countReturnedAdded);
_samrProtocolAdapter.VerifyConstraintsInCommonProcessingOfEnumeration(buffer.Value.Buffer, preferedMaximumLength);
enumeratedGroupsAfterGroupCreation.AddRange(buffer.Value.Buffer);
}
Site.Assert.AreEqual(HRESULT.STATUS_SUCCESS, enumResult, "3.1.5.2.2 The server MUST enable a client to obtain a listing, without duplicates, of all database objects that satisfy the criteria of Enumerate-Filter.");
// Check whether the newly added group was enumerated
bool flag = enumeratedGroupsAfterGroupCreation.Any(group => group.RelativeId == relativeId);
Site.Assert.IsTrue(flag, "3.1.5.2.2 If an object that satisfies Enumerate-Filter is added between successive Enumerate method calls in a session, and said object has a RID that is greater than the RIDs of all objects returned in previous calls, the server MUST return said object before the enumeration is complete.");
}
finally
{
enumerationContext = 0;
Site.Log.Add(LogEntryKind.TestStep, "SamrEnumerateUsersInDomain enumerates all groups.");
// Start a new enumeration session
HRESULT enumResult = _samrProtocolAdapter.SamrEnumerateGroupsInDomain(_domainHandle, ref enumerationContext, out buffer, preferedMaximumLength, out countReturned);
Site.Assert.AreEqual(HRESULT.STATUS_MORE_ENTRIES, enumResult, "3.1.5.2.2 The server MUST enable a client to obtain a listing, without duplicates, of all database objects that satisfy the criteria of Enumerate-Filter.");
Site.Assert.AreEqual(buffer.Value.EntriesRead, countReturned, "3.1.5.2.2 On output, CountReturned MUST equal Buffer.EntriesRead.");
_samrProtocolAdapter.VerifyConstraintsInCommonProcessingOfEnumeration(buffer.Value.Buffer, preferedMaximumLength);
buffer = null;
uint countReturnedDeleted = 0;
// Delete the newly added group in the domain
Site.Log.Add(LogEntryKind.TestStep, "Delete the group with name \"{0}\"", testGroupName);
HRESULT opResult = _samrProtocolAdapter.SamrDeleteGroup(ref _groupHandle);
Site.Assert.AreEqual(HRESULT.STATUS_SUCCESS, opResult, "SamrDeleteGroup returns:{0}.", opResult);
// Continue the enumeration with the existing session
var enumeratedGroupsAfterGroupDeletion = new List <_SAMPR_RID_ENUMERATION>();
while (enumResult == HRESULT.STATUS_MORE_ENTRIES)
{
enumResult = _samrProtocolAdapter.SamrEnumerateGroupsInDomain(_domainHandle, ref enumerationContext, out buffer, preferedMaximumLength, out countReturnedDeleted);
Site.Assert.AreEqual(buffer.Value.EntriesRead, countReturnedDeleted, "3.1.5.2.2 On output, CountReturned MUST equal Buffer.EntriesRead.");
Site.Log.Add(LogEntryKind.TestStep, "CountReturnedDeleted: {0}.", countReturnedDeleted);
_samrProtocolAdapter.VerifyConstraintsInCommonProcessingOfEnumeration(buffer.Value.Buffer, preferedMaximumLength);
enumeratedGroupsAfterGroupDeletion.AddRange(buffer.Value.Buffer);
}
Site.Assert.AreEqual(HRESULT.STATUS_SUCCESS, enumResult, "3.1.5.2.2 The server MUST enable a client to obtain a listing, without duplicates, of all database objects that satisfy the criteria of Enumerate-Filter.");
// Check whether the newly added group was enumerated
bool flag = enumeratedGroupsAfterGroupDeletion.Any(group => group.RelativeId == relativeId);
Site.Assert.IsFalse(flag, "3.1.5.2.2 If an object that satisfies Enumerate-Filter is deleted between successive Enumerate method calls in a session, and said object has not already been returned by a previous method call in the session, the server MUST NOT return said object before the enumeration is complete.");
}
}
public void SamrEnumerateUsersInDomain_AddDeleteUser_NonDC()
{
ConnectAndOpenDomain_NonDC(_samrProtocolAdapter.domainMemberFqdn, _samrProtocolAdapter.domainMemberFqdn, out _serverHandle, out _domainHandle, Utilities.MAXIMUM_ALLOWED);
uint?enumerationContext = 0;
_SAMPR_ENUMERATION_BUFFER?buffer = null;
uint preferedMaximumLength = 1;
uint countReturned = 0;
uint grantedAccess = 0;
uint relativeId = 0;
try
{
Site.Log.Add(LogEntryKind.TestStep, "SamrEnumerateUsersInDomain enumerates all users.");
// Start a new enumeration session
HRESULT enumResult = _samrProtocolAdapter.SamrEnumerateUsersInDomain(_domainHandle, ref enumerationContext, (uint)USER_ACCOUNT_CONTROL.USER_NORMAL_ACCOUNT, out buffer, preferedMaximumLength, out countReturned);
Site.Assert.AreEqual(HRESULT.STATUS_MORE_ENTRIES, enumResult, "3.1.5.2.2 The server MUST enable a client to obtain a listing, without duplicates, of all database objects that satisfy the criteria of Enumerate-Filter.");
Site.Assert.AreEqual(buffer.Value.EntriesRead, countReturned, "3.1.5.2.2 On output, CountReturned MUST equal Buffer.EntriesRead.");
_samrProtocolAdapter.VerifyConstraintsInCommonProcessingOfEnumeration(buffer.Value.Buffer, preferedMaximumLength);
buffer = null;
uint countReturnedAdded = 0;
// Add a new user to the domain
HRESULT opResult = _samrProtocolAdapter.SamrCreateUser2InDomain(_domainHandle, testUserName, (uint)ACCOUNT_TYPE.USER_NORMAL_ACCOUNT, (uint)User_ACCESS_MASK.USER_ALL_ACCESS,
out _userHandle, out grantedAccess, out relativeId);
Site.Assert.AreEqual(HRESULT.STATUS_SUCCESS, opResult, "SamrCreateUser2InDomain succeeded.");
// Continue the enumeration with the existing session
var enumeratedUsersAfterUserCreation = new List <_SAMPR_RID_ENUMERATION>();
while (enumResult == HRESULT.STATUS_MORE_ENTRIES)
{
enumResult = _samrProtocolAdapter.SamrEnumerateUsersInDomain(_domainHandle, ref enumerationContext, (uint)USER_ACCOUNT_CONTROL.USER_NORMAL_ACCOUNT, out buffer, preferedMaximumLength, out countReturnedAdded);
Site.Assert.AreEqual(buffer.Value.EntriesRead, countReturnedAdded, "3.1.5.2.2 On output, CountReturned MUST equal Buffer.EntriesRead.");
Site.Log.Add(LogEntryKind.TestStep, "CountReturnedAdded: {0}.", countReturnedAdded);
_samrProtocolAdapter.VerifyConstraintsInCommonProcessingOfEnumeration(buffer.Value.Buffer, preferedMaximumLength);
enumeratedUsersAfterUserCreation.AddRange(buffer.Value.Buffer);
}
Site.Assert.AreEqual(HRESULT.STATUS_SUCCESS, enumResult, "3.1.5.2.2 The server MUST enable a client to obtain a listing, without duplicates, of all database objects that satisfy the criteria of Enumerate-Filter.");
// Check whether the newly added user was enumerated
bool flag = enumeratedUsersAfterUserCreation.Any(user => user.RelativeId == relativeId);
Site.Assert.IsTrue(flag, "3.1.5.2.2 If an object that satisfies Enumerate-Filter is added between successive Enumerate method calls in a session, and said object has a RID that is greater than the RIDs of all objects returned in previous calls, the server MUST return said object before the enumeration is complete.");
}
finally
{
enumerationContext = 0;
Site.Log.Add(LogEntryKind.TestStep, "SamrEnumerateUsersInDomain enumerates all users.");
// Start a new enumeration session
HRESULT enumResult = _samrProtocolAdapter.SamrEnumerateUsersInDomain(_domainHandle, ref enumerationContext, (uint)USER_ACCOUNT_CONTROL.USER_NORMAL_ACCOUNT, out buffer, preferedMaximumLength, out countReturned);
Site.Assert.AreEqual(HRESULT.STATUS_MORE_ENTRIES, enumResult, "3.1.5.2.2 The server MUST enable a client to obtain a listing, without duplicates, of all database objects that satisfy the criteria of Enumerate-Filter.");
Site.Assert.AreEqual(buffer.Value.EntriesRead, countReturned, "3.1.5.2.2 On output, CountReturned MUST equal Buffer.EntriesRead.");
_samrProtocolAdapter.VerifyConstraintsInCommonProcessingOfEnumeration(buffer.Value.Buffer, preferedMaximumLength);
buffer = null;
uint countReturnedDeleted = 0;
// Delete the newly added user in the domain
HRESULT opResult = _samrProtocolAdapter.SamrDeleteUser(ref _userHandle);
Site.Assert.AreEqual(HRESULT.STATUS_SUCCESS, opResult, "SamrDeleteUser returns:{0}.", opResult);
// Continue the enumeration with the existing session
var enumeratedUsersAfterUserDeletion = new List <_SAMPR_RID_ENUMERATION>();
while (enumResult == HRESULT.STATUS_MORE_ENTRIES)
{
enumResult = _samrProtocolAdapter.SamrEnumerateUsersInDomain(_domainHandle, ref enumerationContext, (uint)USER_ACCOUNT_CONTROL.USER_NORMAL_ACCOUNT, out buffer, preferedMaximumLength, out countReturnedDeleted);
Site.Assert.AreEqual(buffer.Value.EntriesRead, countReturnedDeleted, "3.1.5.2.2 On output, CountReturned MUST equal Buffer.EntriesRead.");
Site.Log.Add(LogEntryKind.TestStep, "CountReturnedDeleted: {0}", countReturnedDeleted);
_samrProtocolAdapter.VerifyConstraintsInCommonProcessingOfEnumeration(buffer.Value.Buffer, preferedMaximumLength);
enumeratedUsersAfterUserDeletion.AddRange(buffer.Value.Buffer);
}
Site.Assert.AreEqual(HRESULT.STATUS_SUCCESS, enumResult, "3.1.5.2.2 The server MUST enable a client to obtain a listing, without duplicates, of all database objects that satisfy the criteria of Enumerate-Filter.");
// Check whether the newly added user was enumerated
bool flag = enumeratedUsersAfterUserDeletion.Any(user => user.RelativeId == relativeId);
Site.Assert.IsFalse(flag, "3.1.5.2.2 If an object that satisfies Enumerate-Filter is deleted between successive Enumerate method calls in a session, and said object has not already been returned by a previous method call in the session, the server MUST NOT return said object before the enumeration is complete.");
}
}
public void SamrEnumerateGroupsInDomain_AddDeleteGroup_NonDC()
{
ConnectAndOpenDomain_NonDC(_samrProtocolAdapter.domainMemberFqdn, _samrProtocolAdapter.domainMemberFqdn, out _serverHandle, out _domainHandle, Utilities.MAXIMUM_ALLOWED);
string groupName = testGroupName;
Site.Log.Add(LogEntryKind.TestStep, "Record the current DACL of domain DM.");
_SAMPR_SR_SECURITY_DESCRIPTOR?sd;
HRESULT hResult = _samrProtocolAdapter.SamrQuerySecurityObject(_domainHandle, SecurityInformation.DACL_SECURITY_INFORMATION, out sd);
Site.Assert.AreEqual(HRESULT.STATUS_SUCCESS, hResult, "SamrQuerySecurityObject must return STATUS_SUCCESS.");
Site.Assert.IsNotNull(sd, "The SecurityDescriptor returned by SamrQuerySecurityObject is not null.");
CommonSecurityDescriptor ObtainedSecurityDescriptor = new CommonSecurityDescriptor(false, true, sd.Value.SecurityDescriptor, 0);
string oldDACL = ObtainedSecurityDescriptor.GetSddlForm(AccessControlSections.Access);
Site.Log.Add(LogEntryKind.TestStep, "Old DACL: {0}", oldDACL);
Site.Log.Add(LogEntryKind.TestStep, "Modify the DACL value of domain DM to get the access to create group in this domain.");
CommonSecurityDescriptor commonsd = new CommonSecurityDescriptor(false, true, "D:(A;;0xf07ff;;;WD)(A;;0xf07ff;;;BA)(A;;0xf07ff;;;AO)");
byte[] buff = new byte[commonsd.BinaryLength];
commonsd.GetBinaryForm(buff, 0);
_SAMPR_SR_SECURITY_DESCRIPTOR securityDescriptor = new _SAMPR_SR_SECURITY_DESCRIPTOR()
{
SecurityDescriptor = buff,
Length = (uint)buff.Length
};
Site.Log.Add(LogEntryKind.TestStep,
"SamrSetSecurityObject, SecurityInformation: OWNER_SECURITY_INFORMATION. ");
hResult = _samrProtocolAdapter.SamrSetSecurityObject(_domainHandle, SecurityInformation.DACL_SECURITY_INFORMATION, securityDescriptor);
Site.Assert.AreEqual(HRESULT.STATUS_SUCCESS, hResult, "SamrSetSecurityObject must return STATUS_SUCCESS.");
hResult = _samrProtocolAdapter.SamrQuerySecurityObject(_domainHandle, SecurityInformation.DACL_SECURITY_INFORMATION, out sd);
Site.Assert.AreEqual(HRESULT.STATUS_SUCCESS, hResult, "SamrQuerySecurityObject must return STATUS_SUCCESS.");
ObtainedSecurityDescriptor = new CommonSecurityDescriptor(false, true, sd.Value.SecurityDescriptor, 0);
Site.Log.Add(LogEntryKind.TestStep, "New DACL: {0}", ObtainedSecurityDescriptor.GetSddlForm(AccessControlSections.Access));
Site.Log.Add(LogEntryKind.TestStep, "Reopen the domain DM");
_RPC_SID domainSid;
hResult = _samrProtocolAdapter.SamrLookupDomainInSamServer(
_serverHandle,
_samrProtocolAdapter.domainMemberFqdn,
out domainSid);
Site.Assert.AreEqual(HRESULT.STATUS_SUCCESS, hResult, "SamrLookupDomainInSamServer returns:{0}.", hResult);
Site.Log.Add(LogEntryKind.TestStep, "SamrOpenDomain: obtain a handle to a domain object, given SID.");
hResult = _samrProtocolAdapter.SamrOpenDomain(
_serverHandle,
Utilities.MAXIMUM_ALLOWED,
domainSid,
out _domainHandle);
Site.Assert.AreEqual(HRESULT.STATUS_SUCCESS, hResult, "SamrOpenDomain returns:{0}.", hResult);
Site.Assert.IsNotNull(hResult, "The returned domain handle is:{0}.", _domainHandle);
uint?enumerationContext = 0;
_SAMPR_ENUMERATION_BUFFER?buffer = null;
uint preferedMaximumLength = 1;
uint countReturned = 0;
uint relativeId = 0;
try
{
Site.Log.Add(LogEntryKind.TestStep, "SamrEnumerateUsersInDomain enumerates all groups.");
// Start a new enumeration session
HRESULT enumResult = _samrProtocolAdapter.SamrEnumerateGroupsInDomain(_domainHandle, ref enumerationContext, out buffer, preferedMaximumLength, out countReturned);
Site.Assert.AreEqual(HRESULT.STATUS_MORE_ENTRIES, enumResult, "3.1.5.2.2 The server MUST enable a client to obtain a listing, without duplicates, of all database objects that satisfy the criteria of Enumerate-Filter.");
Site.Assert.AreEqual(buffer.Value.EntriesRead, countReturned, "3.1.5.2.2 On output, CountReturned MUST equal Buffer.EntriesRead.");
_samrProtocolAdapter.VerifyConstraintsInCommonProcessingOfEnumeration(buffer.Value.Buffer, preferedMaximumLength);
buffer = null;
uint countReturnedAdded = 0;
// Add a new group to the domain
Site.Log.Add(LogEntryKind.TestStep, "Create a group with name \"{0}\".", groupName);
HRESULT opResult = _samrProtocolAdapter.SamrCreateGroupInDomain(_domainHandle, groupName, (uint)Group_ACCESS_MASK.GROUP_ALL_ACCESS, out _groupHandle, out relativeId);
Site.Assert.AreEqual(HRESULT.STATUS_SUCCESS, opResult, "SamrCreateGroupInDomain succeeded.");
// Continue the enumeration with the existing session
var enumeratedGroupsAfterGroupCreation = new List <_SAMPR_RID_ENUMERATION>();
while (enumResult == HRESULT.STATUS_MORE_ENTRIES)
{
enumResult = _samrProtocolAdapter.SamrEnumerateGroupsInDomain(_domainHandle, ref enumerationContext, out buffer, preferedMaximumLength, out countReturnedAdded);
Site.Assert.AreEqual(buffer.Value.EntriesRead, countReturnedAdded, "3.1.5.2.2 On output, CountReturned MUST equal Buffer.EntriesRead.");
Site.Log.Add(LogEntryKind.TestStep, "CountReturnedAdded: {0}.", countReturnedAdded);
_samrProtocolAdapter.VerifyConstraintsInCommonProcessingOfEnumeration(buffer.Value.Buffer, preferedMaximumLength);
enumeratedGroupsAfterGroupCreation.AddRange(buffer.Value.Buffer);
}
Site.Assert.AreEqual(HRESULT.STATUS_SUCCESS, enumResult, "3.1.5.2.2 The server MUST enable a client to obtain a listing, without duplicates, of all database objects that satisfy the criteria of Enumerate-Filter.");
// Check whether the newly added group was enumerated
bool flag = enumeratedGroupsAfterGroupCreation.Any(group => group.RelativeId == relativeId);
Site.Assert.IsTrue(flag, "3.1.5.2.2 If an object that satisfies Enumerate-Filter is added between successive Enumerate method calls in a session, and said object has a RID that is greater than the RIDs of all objects returned in previous calls, the server MUST return said object before the enumeration is complete.");
}
finally
{
enumerationContext = 0;
Site.Log.Add(LogEntryKind.TestStep, "SamrEnumerateUsersInDomain enumerates all groups.");
// Start a new enumeration session
HRESULT enumResult = _samrProtocolAdapter.SamrEnumerateGroupsInDomain(_domainHandle, ref enumerationContext, out buffer, preferedMaximumLength, out countReturned);
Site.Assert.AreEqual(HRESULT.STATUS_MORE_ENTRIES, enumResult, "3.1.5.2.2 The server MUST enable a client to obtain a listing, without duplicates, of all database objects that satisfy the criteria of Enumerate-Filter.");
Site.Assert.AreEqual(buffer.Value.EntriesRead, countReturned, "3.1.5.2.2 On output, CountReturned MUST equal Buffer.EntriesRead.");
_samrProtocolAdapter.VerifyConstraintsInCommonProcessingOfEnumeration(buffer.Value.Buffer, preferedMaximumLength);
buffer = null;
uint countReturnedDeleted = 0;
// Delete the newly added group in the domain
Site.Log.Add(LogEntryKind.TestStep, "Delete the group with name \"{0}\"", groupName);
HRESULT opResult = _samrProtocolAdapter.SamrDeleteGroup(ref _groupHandle);
Site.Assert.AreEqual(HRESULT.STATUS_SUCCESS, opResult, "SamrDeleteGroup returns:{0}.", opResult);
// Continue the enumeration with the existing session
var enumeratedGroupsAfterGroupDeletion = new List <_SAMPR_RID_ENUMERATION>();
while (enumResult == HRESULT.STATUS_MORE_ENTRIES)
{
enumResult = _samrProtocolAdapter.SamrEnumerateGroupsInDomain(_domainHandle, ref enumerationContext, out buffer, preferedMaximumLength, out countReturnedDeleted);
Site.Assert.AreEqual(buffer.Value.EntriesRead, countReturnedDeleted, "3.1.5.2.2 On output, CountReturned MUST equal Buffer.EntriesRead.");
Site.Log.Add(LogEntryKind.TestStep, "CountReturnedDeleted: {0}.", countReturnedDeleted);
_samrProtocolAdapter.VerifyConstraintsInCommonProcessingOfEnumeration(buffer.Value.Buffer, preferedMaximumLength);
enumeratedGroupsAfterGroupDeletion.AddRange(buffer.Value.Buffer);
}
Site.Assert.AreEqual(HRESULT.STATUS_SUCCESS, enumResult, "3.1.5.2.2 The server MUST enable a client to obtain a listing, without duplicates, of all database objects that satisfy the criteria of Enumerate-Filter.");
// Check whether the newly added group was enumerated
bool flag = enumeratedGroupsAfterGroupDeletion.Any(group => group.RelativeId == relativeId);
Site.Assert.IsFalse(flag, "3.1.5.2.2 If an object that satisfies Enumerate-Filter is deleted between successive Enumerate method calls in a session, and said object has not already been returned by a previous method call in the session, the server MUST NOT return said object before the enumeration is complete.");
Site.Log.Add(LogEntryKind.TestStep, "Change back the DACL of domain DM.");
commonsd = new CommonSecurityDescriptor(false, true, oldDACL);
buff = new byte[commonsd.BinaryLength];
commonsd.GetBinaryForm(buff, 0);
securityDescriptor = new _SAMPR_SR_SECURITY_DESCRIPTOR()
{
SecurityDescriptor = buff,
Length = (uint)buff.Length
};
Site.Log.Add(LogEntryKind.TestStep,
"SamrSetSecurityObject, SecurityInformation: OWNER_SECURITY_INFORMATION. ");
hResult = _samrProtocolAdapter.SamrSetSecurityObject(_domainHandle, SecurityInformation.DACL_SECURITY_INFORMATION, securityDescriptor);
Site.Assert.AreEqual(HRESULT.STATUS_SUCCESS, hResult, "SamrSetSecurityObject must return STATUS_SUCCESS.");
hResult = _samrProtocolAdapter.SamrQuerySecurityObject(_domainHandle, SecurityInformation.DACL_SECURITY_INFORMATION, out sd);
Site.Assert.AreEqual(HRESULT.STATUS_SUCCESS, hResult, "SamrQuerySecurityObject must return STATUS_SUCCESS.");
ObtainedSecurityDescriptor = new CommonSecurityDescriptor(false, true, sd.Value.SecurityDescriptor, 0);
Site.Assert.AreEqual(oldDACL, ObtainedSecurityDescriptor.GetSddlForm(AccessControlSections.Access), "The DACL of domain DM should be changed back");
}
}