#include "libcli/security/security.h"
#include "lib/ldb/include/ldb.h"
#include "lib/util/util_ldb.h"
-#include "lib/ldb_wrap.h"
+#include "ldb_wrap.h"
+#include "lib/replace/system/network.h"
+#include "dsdb/samdb/samdb.h"
#define TEST_MACHINE_NAME "torturetest"
bool test_SetupCredentials2(struct dcerpc_pipe *p, struct torture_context *tctx,
uint32_t negotiate_flags,
struct cli_credentials *machine_credentials,
- int sec_chan_type,
+ enum netr_SchannelType sec_chan_type,
struct netlogon_creds_CredentialState **creds_out)
{
struct netr_ServerReqChallenge r;
}
-static bool test_SetupCredentials3(struct dcerpc_pipe *p, struct torture_context *tctx,
+bool test_SetupCredentials3(struct dcerpc_pipe *p, struct torture_context *tctx,
uint32_t negotiate_flags,
struct cli_credentials *machine_credentials,
struct netlogon_creds_CredentialState **creds_out)
int i;
struct dcerpc_binding_handle *b = p->binding_handle;
int flags = CLI_CRED_NTLM_AUTH;
- if (lp_client_lanman_auth(tctx->lp_ctx)) {
+ if (lpcfg_client_lanman_auth(tctx->lp_ctx)) {
flags |= CLI_CRED_LANMAN_AUTH;
}
- if (lp_client_ntlmv2_auth(tctx->lp_ctx)) {
+ if (lpcfg_client_ntlmv2_auth(tctx->lp_ctx)) {
flags |= CLI_CRED_NTLMv2_AUTH;
}
struct dcerpc_binding_handle *b = p->binding_handle;
r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
- r.in.domainname = lp_workgroup(tctx->lp_ctx);
+ r.in.domainname = lpcfg_workgroup(tctx->lp_ctx);
r.out.dcname = &dcname;
torture_assert_ntstatus_ok(tctx, dcerpc_netr_GetDcName_r(b, tctx, &r),
const char *dcname = NULL;
struct dcerpc_binding_handle *b = p->binding_handle;
+ r.in.domainname = lpcfg_workgroup(tctx->lp_ctx);
r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
- r.in.domainname = lp_workgroup(tctx->lp_ctx);
r.out.dcname = &dcname;
status = dcerpc_netr_GetAnyDCName_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "GetAnyDCName");
- torture_assert_werr_ok(tctx, r.out.result, "GetAnyDCName");
+ if ((!W_ERROR_IS_OK(r.out.result)) &&
+ (!W_ERROR_EQUAL(r.out.result, WERR_NO_SUCH_DOMAIN))) {
+ return false;
+ }
if (dcname) {
torture_comment(tctx, "\tDC is at '%s'\n", dcname);
}
+ r.in.domainname = NULL;
+
+ status = dcerpc_netr_GetAnyDCName_r(b, tctx, &r);
+ torture_assert_ntstatus_ok(tctx, status, "GetAnyDCName");
+ if ((!W_ERROR_IS_OK(r.out.result)) &&
+ (!W_ERROR_EQUAL(r.out.result, WERR_NO_SUCH_DOMAIN))) {
+ return false;
+ }
+
+ r.in.domainname = "";
+
+ status = dcerpc_netr_GetAnyDCName_r(b, tctx, &r);
+ torture_assert_ntstatus_ok(tctx, status, "GetAnyDCName");
+ if ((!W_ERROR_IS_OK(r.out.result)) &&
+ (!W_ERROR_EQUAL(r.out.result, WERR_NO_SUCH_DOMAIN))) {
+ return false;
+ }
+
return true;
}
int i;
struct dcerpc_binding_handle *b = p->binding_handle;
- data.domain = lp_workgroup(tctx->lp_ctx);
+ data.domain = lpcfg_workgroup(tctx->lp_ctx);
r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
torture_assert_ntstatus_ok(tctx, status, "LogonControl");
}
- data.domain = lp_workgroup(tctx->lp_ctx);
+ data.domain = lpcfg_workgroup(tctx->lp_ctx);
r.in.function_code = NETLOGON_CONTROL_TC_QUERY;
r.in.data = &data;
torture_assert_ntstatus_ok(tctx, status, "LogonControl");
}
- data.domain = lp_workgroup(tctx->lp_ctx);
+ data.domain = lpcfg_workgroup(tctx->lp_ctx);
r.in.function_code = NETLOGON_CONTROL_TRANSPORT_NOTIFY;
r.in.data = &data;
int i;
struct dcerpc_binding_handle *b = p->binding_handle;
- data.domain = lp_workgroup(tctx->lp_ctx);
+ data.domain = lpcfg_workgroup(tctx->lp_ctx);
r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
torture_assert_ntstatus_ok(tctx, status, "LogonControl");
}
- data.domain = lp_workgroup(tctx->lp_ctx);
+ data.domain = lpcfg_workgroup(tctx->lp_ctx);
r.in.function_code = NETLOGON_CONTROL_TC_QUERY;
r.in.data = &data;
torture_assert_ntstatus_ok(tctx, status, "LogonControl");
}
- data.domain = lp_workgroup(tctx->lp_ctx);
+ data.domain = lpcfg_workgroup(tctx->lp_ctx);
r.in.function_code = NETLOGON_CONTROL_TRANSPORT_NOTIFY;
r.in.data = &data;
return true;
}
+static bool test_netr_GetForestTrustInformation(struct torture_context *tctx,
+ struct dcerpc_pipe *p,
+ struct cli_credentials *machine_credentials)
+{
+ struct netr_GetForestTrustInformation r;
+ struct netlogon_creds_CredentialState *creds;
+ struct netr_Authenticator a;
+ struct netr_Authenticator return_authenticator;
+ struct lsa_ForestTrustInformation *forest_trust_info;
+ struct dcerpc_binding_handle *b = p->binding_handle;
+
+ if (!test_SetupCredentials3(p, tctx, NETLOGON_NEG_AUTH2_ADS_FLAGS,
+ machine_credentials, &creds)) {
+ return false;
+ }
+
+ netlogon_creds_client_authenticator(creds, &a);
+
+ r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+ r.in.computer_name = TEST_MACHINE_NAME;
+ r.in.credential = &a;
+ r.in.flags = 0;
+ r.out.return_authenticator = &return_authenticator;
+ r.out.forest_trust_info = &forest_trust_info;
+
+ torture_assert_ntstatus_ok(tctx,
+ dcerpc_netr_GetForestTrustInformation_r(b, tctx, &r),
+ "netr_GetForestTrustInformation failed");
+ if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_NOT_IMPLEMENTED)) {
+ torture_comment(tctx, "not considering NT_STATUS_NOT_IMPLEMENTED as an error\n");
+ } else {
+ torture_assert_ntstatus_ok(tctx, r.out.result,
+ "netr_GetForestTrustInformation failed");
+ }
+
+ torture_assert(tctx,
+ netlogon_creds_client_check(creds, &return_authenticator.cred),
+ "Credential chaining failed");
+
+ return true;
+}
+
static bool test_netr_DsRGetForestTrustInformation(struct torture_context *tctx,
struct dcerpc_pipe *p, const char *trusted_domain_name)
{
status = dcerpc_netr_NetrEnumerateTrustedDomains_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "netr_NetrEnumerateTrustedDomains");
- torture_assert_werr_ok(tctx, r.out.result, "NetrEnumerateTrustedDomains");
+ torture_assert_ntstatus_ok(tctx, r.out.result, "NetrEnumerateTrustedDomains");
return true;
}
const char *site = NULL;
struct dcerpc_binding_handle *b = p->binding_handle;
- if (torture_setting_bool(tctx, "samba4", false))
- torture_skip(tctx, "skipping DsRGetSiteName test against Samba4");
-
r.in.computer_name = computer_name;
r.out.site = &site;
torture_comment(tctx, "Testing netr_DsRGetSiteName\n");
torture_assert_werr_ok(tctx, r.out.result, "DsRGetSiteName");
torture_assert_str_equal(tctx, expected_site, site, "netr_DsRGetSiteName");
+ if (torture_setting_bool(tctx, "samba4", false))
+ torture_skip(tctx, "skipping computer name check against Samba4");
+
r.in.computer_name = talloc_asprintf(tctx, "\\\\%s", computer_name);
torture_comment(tctx,
"Testing netr_DsRGetSiteName with broken computer name: %s\n", r.in.computer_name);
struct dcerpc_binding_handle *b = p->binding_handle;
r.in.server_unc = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
- r.in.domain_name = lp_dnsdomain(tctx->lp_ctx);
+ r.in.domain_name = lpcfg_dnsdomain(tctx->lp_ctx);
r.in.domain_guid = NULL;
r.in.site_guid = NULL;
r.in.flags = DS_RETURN_DNS_NAME;
torture_assert_ntstatus_ok(tctx, status, "DsRGetDCName");
torture_assert_werr_ok(tctx, r.out.result, "DsRGetDCName");
- r.in.domain_name = lp_workgroup(tctx->lp_ctx);
+ r.in.domain_name = lpcfg_workgroup(tctx->lp_ctx);
status = dcerpc_netr_DsRGetDCName_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "DsRGetDCName");
struct dcerpc_binding_handle *b = p->binding_handle;
r.in.server_unc = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
- r.in.domain_name = lp_dnsdomain(tctx->lp_ctx);
+ r.in.domain_name = lpcfg_dnsdomain(tctx->lp_ctx);
r.in.domain_guid = NULL;
r.in.site_name = NULL;
r.in.flags = DS_RETURN_DNS_NAME;
torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx");
torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx");
- r.in.domain_name = lp_workgroup(tctx->lp_ctx);
+ r.in.domain_name = lpcfg_workgroup(tctx->lp_ctx);
status = dcerpc_netr_DsRGetDCNameEx_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx");
struct netr_DsRGetDCNameInfo *info = NULL;
struct dcerpc_binding_handle *b = p->binding_handle;
+ torture_comment(tctx, "Testing netr_DsRGetDCNameEx2 with no inputs\n");
+ ZERO_STRUCT(r.in);
+ r.in.flags = DS_RETURN_DNS_NAME;
+ r.out.info = &info;
+
+ status = dcerpc_netr_DsRGetDCNameEx2_r(b, tctx, &r);
+ torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx2");
+ torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx2");
+
r.in.server_unc = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
r.in.client_account = NULL;
r.in.mask = 0x00000000;
- r.in.domain_name = lp_dnsdomain(tctx->lp_ctx);
+ r.in.domain_name = lpcfg_dnsdomain(tctx->lp_ctx);
r.in.domain_guid = NULL;
r.in.site_name = NULL;
r.in.flags = DS_RETURN_DNS_NAME;
torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx2");
torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx2");
- r.in.domain_name = lp_workgroup(tctx->lp_ctx);
+ r.in.domain_name = lpcfg_workgroup(tctx->lp_ctx);
status = dcerpc_netr_DsRGetDCNameEx2_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx2");
static bool test_netr_DsrGetDcSiteCoverageW(struct torture_context *tctx,
struct dcerpc_pipe *p)
{
+ char *url;
+ struct ldb_context *sam_ctx = NULL;
NTSTATUS status;
struct netr_DsrGetDcSiteCoverageW r;
struct DcSitesCtr *ctr = NULL;
struct dcerpc_binding_handle *b = p->binding_handle;
+ torture_comment(tctx, "This does only pass with the default site\n");
+
+ /* We won't double-check this when we are over 'local' transports */
+ if (dcerpc_server_name(p)) {
+ /* Set up connection to SAMDB on DC */
+ url = talloc_asprintf(tctx, "ldap://%s", dcerpc_server_name(p));
+ sam_ctx = ldb_wrap_connect(tctx, tctx->ev, tctx->lp_ctx, url,
+ NULL,
+ cmdline_credentials,
+ 0);
+
+ torture_assert(tctx, sam_ctx, "Connection to the SAMDB on DC failed!");
+ }
+
r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
r.out.ctr = &ctr;
torture_assert_ntstatus_ok(tctx, status, "failed");
torture_assert_werr_ok(tctx, r.out.result, "failed");
+ torture_assert(tctx, ctr->num_sites == 1,
+ "we should per default only get the default site");
+ if (sam_ctx != NULL) {
+ torture_assert_casestr_equal(tctx, ctr->sites[0].string,
+ samdb_server_site_name(sam_ctx, tctx),
+ "didn't return default site");
+ }
+
return true;
}
static bool test_netr_DsRAddressToSitenamesW(struct torture_context *tctx,
struct dcerpc_pipe *p)
{
+ char *url;
+ struct ldb_context *sam_ctx = NULL;
NTSTATUS status;
struct netr_DsRAddressToSitenamesW r;
- struct netr_DsRAddress addr;
+ struct netr_DsRAddress addrs[6];
+ struct sockaddr_in *addr;
+#ifdef HAVE_IPV6
+ struct sockaddr_in6 *addr6;
+#endif
struct netr_DsRAddressToSitenamesWCtr *ctr;
struct dcerpc_binding_handle *b = p->binding_handle;
+ uint32_t i;
+ int ret;
- ctr = talloc(tctx, struct netr_DsRAddressToSitenamesWCtr);
+ torture_comment(tctx, "This does only pass with the default site\n");
- addr.size = 16;
- addr.buffer = talloc_zero_array(tctx, uint8_t, addr.size);
+ /* We won't double-check this when we are over 'local' transports */
+ if (dcerpc_server_name(p)) {
+ /* Set up connection to SAMDB on DC */
+ url = talloc_asprintf(tctx, "ldap://%s", dcerpc_server_name(p));
+ sam_ctx = ldb_wrap_connect(tctx, tctx->ev, tctx->lp_ctx, url,
+ NULL,
+ cmdline_credentials,
+ 0);
+
+ torture_assert(tctx, sam_ctx, "Connection to the SAMDB on DC failed!");
+ }
+
+ /* First try valid IP addresses */
+
+ addrs[0].size = sizeof(struct sockaddr_in);
+ addrs[0].buffer = talloc_zero_array(tctx, uint8_t, addrs[0].size);
+ addr = (struct sockaddr_in *) addrs[0].buffer;
+ addrs[0].buffer[0] = AF_INET;
+ ret = inet_pton(AF_INET, "127.0.0.1", &addr->sin_addr);
+ torture_assert(tctx, ret > 0, "inet_pton failed");
+
+ addrs[1].size = sizeof(struct sockaddr_in);
+ addrs[1].buffer = talloc_zero_array(tctx, uint8_t, addrs[1].size);
+ addr = (struct sockaddr_in *) addrs[1].buffer;
+ addrs[1].buffer[0] = AF_INET;
+ ret = inet_pton(AF_INET, "0.0.0.0", &addr->sin_addr);
+ torture_assert(tctx, ret > 0, "inet_pton failed");
+
+ addrs[2].size = sizeof(struct sockaddr_in);
+ addrs[2].buffer = talloc_zero_array(tctx, uint8_t, addrs[2].size);
+ addr = (struct sockaddr_in *) addrs[2].buffer;
+ addrs[2].buffer[0] = AF_INET;
+ ret = inet_pton(AF_INET, "255.255.255.255", &addr->sin_addr);
+ torture_assert(tctx, ret > 0, "inet_pton failed");
+
+#ifdef HAVE_IPV6
+ addrs[3].size = sizeof(struct sockaddr_in6);
+ addrs[3].buffer = talloc_zero_array(tctx, uint8_t, addrs[3].size);
+ addr6 = (struct sockaddr_in6 *) addrs[3].buffer;
+ addrs[3].buffer[0] = AF_INET6;
+ ret = inet_pton(AF_INET6, "::1", &addr6->sin6_addr);
+ torture_assert(tctx, ret > 0, "inet_pton failed");
+
+ addrs[4].size = sizeof(struct sockaddr_in6);
+ addrs[4].buffer = talloc_zero_array(tctx, uint8_t, addrs[4].size);
+ addr6 = (struct sockaddr_in6 *) addrs[4].buffer;
+ addrs[4].buffer[0] = AF_INET6;
+ ret = inet_pton(AF_INET6, "::", &addr6->sin6_addr);
+ torture_assert(tctx, ret > 0, "inet_pton failed");
+
+ addrs[5].size = sizeof(struct sockaddr_in6);
+ addrs[5].buffer = talloc_zero_array(tctx, uint8_t, addrs[5].size);
+ addr6 = (struct sockaddr_in6 *) addrs[5].buffer;
+ addrs[5].buffer[0] = AF_INET6;
+ ret = inet_pton(AF_INET6, "ff02::1", &addr6->sin6_addr);
+ torture_assert(tctx, ret > 0, "inet_pton failed");
+#else
+ /* the test cases are repeated to have exactly 6. This is for
+ * compatibility with IPv4-only machines */
+ addrs[3].size = sizeof(struct sockaddr_in);
+ addrs[3].buffer = talloc_zero_array(tctx, uint8_t, addrs[3].size);
+ addr = (struct sockaddr_in *) addrs[3].buffer;
+ addrs[3].buffer[0] = AF_INET;
+ ret = inet_pton(AF_INET, "127.0.0.1", &addr->sin_addr);
+ torture_assert(tctx, ret > 0, "inet_pton failed");
+
+ addrs[4].size = sizeof(struct sockaddr_in);
+ addrs[4].buffer = talloc_zero_array(tctx, uint8_t, addrs[4].size);
+ addr = (struct sockaddr_in *) addrs[4].buffer;
+ addrs[4].buffer[0] = AF_INET;
+ ret = inet_pton(AF_INET, "0.0.0.0", &addr->sin_addr);
+ torture_assert(tctx, ret > 0, "inet_pton failed");
+
+ addrs[5].size = sizeof(struct sockaddr_in);
+ addrs[5].buffer = talloc_zero_array(tctx, uint8_t, addrs[5].size);
+ addr = (struct sockaddr_in *) addrs[5].buffer;
+ addrs[5].buffer[0] = AF_INET;
+ ret = inet_pton(AF_INET, "255.255.255.255", &addr->sin_addr);
+ torture_assert(tctx, ret > 0, "inet_pton failed");
+#endif
- addr.buffer[0] = 2; /* AF_INET */
- addr.buffer[4] = 127;
- addr.buffer[5] = 0;
- addr.buffer[6] = 0;
- addr.buffer[7] = 1;
+ ctr = talloc(tctx, struct netr_DsRAddressToSitenamesWCtr);
r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
- r.in.count = 1;
- r.in.addresses = talloc_zero_array(tctx, struct netr_DsRAddress, r.in.count);
- r.in.addresses[0] = addr;
+ r.in.count = 6;
+ r.in.addresses = addrs;
r.out.ctr = &ctr;
status = dcerpc_netr_DsRAddressToSitenamesW_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "failed");
torture_assert_werr_ok(tctx, r.out.result, "failed");
+ if (sam_ctx != NULL) {
+ for (i = 0; i < 3; i++) {
+ torture_assert_casestr_equal(tctx,
+ ctr->sitename[i].string,
+ samdb_server_site_name(sam_ctx, tctx),
+ "didn't return default site");
+ }
+ for (i = 3; i < 6; i++) {
+ /* Windows returns "NULL" for the sitename if it isn't
+ * IPv6 configured */
+ if (torture_setting_bool(tctx, "samba4", false)) {
+ torture_assert_casestr_equal(tctx,
+ ctr->sitename[i].string,
+ samdb_server_site_name(sam_ctx, tctx),
+ "didn't return default site");
+ }
+ }
+ }
+
+ /* Now try invalid ones (too short buffers) */
+
+ addrs[0].size = 0;
+ addrs[1].size = 1;
+ addrs[2].size = 4;
+
+ addrs[3].size = 0;
+ addrs[4].size = 1;
+ addrs[5].size = 4;
+
+ status = dcerpc_netr_DsRAddressToSitenamesW_r(b, tctx, &r);
+ torture_assert_ntstatus_ok(tctx, status, "failed");
+ torture_assert_werr_ok(tctx, r.out.result, "failed");
+
+ for (i = 0; i < 6; i++) {
+ torture_assert(tctx, ctr->sitename[i].string == NULL,
+ "sitename should be null");
+ }
+
+ /* Now try invalid ones (wrong address types) */
+
+ addrs[0].size = 10;
+ addrs[0].buffer[0] = AF_UNSPEC;
+ addrs[1].size = 10;
+ addrs[1].buffer[0] = AF_UNIX; /* AF_LOCAL = AF_UNIX */
+ addrs[2].size = 10;
+ addrs[2].buffer[0] = AF_UNIX;
+
+ addrs[3].size = 10;
+ addrs[3].buffer[0] = 250;
+ addrs[4].size = 10;
+ addrs[4].buffer[0] = 251;
+ addrs[5].size = 10;
+ addrs[5].buffer[0] = 252;
+
+ status = dcerpc_netr_DsRAddressToSitenamesW_r(b, tctx, &r);
+ torture_assert_ntstatus_ok(tctx, status, "failed");
+ torture_assert_werr_ok(tctx, r.out.result, "failed");
+
+ for (i = 0; i < 6; i++) {
+ torture_assert(tctx, ctr->sitename[i].string == NULL,
+ "sitename should be null");
+ }
+
return true;
}
static bool test_netr_DsRAddressToSitenamesExW(struct torture_context *tctx,
struct dcerpc_pipe *p)
{
+ char *url;
+ struct ldb_context *sam_ctx = NULL;
NTSTATUS status;
struct netr_DsRAddressToSitenamesExW r;
- struct netr_DsRAddress addr;
+ struct netr_DsRAddress addrs[6];
+ struct sockaddr_in *addr;
+#ifdef HAVE_IPV6
+ struct sockaddr_in6 *addr6;
+#endif
struct netr_DsRAddressToSitenamesExWCtr *ctr;
struct dcerpc_binding_handle *b = p->binding_handle;
+ uint32_t i;
+ int ret;
- ctr = talloc(tctx, struct netr_DsRAddressToSitenamesExWCtr);
+ torture_comment(tctx, "This does pass with the default site\n");
- addr.size = 16;
- addr.buffer = talloc_zero_array(tctx, uint8_t, addr.size);
+ /* We won't double-check this when we are over 'local' transports */
+ if (dcerpc_server_name(p)) {
+ /* Set up connection to SAMDB on DC */
+ url = talloc_asprintf(tctx, "ldap://%s", dcerpc_server_name(p));
+ sam_ctx = ldb_wrap_connect(tctx, tctx->ev, tctx->lp_ctx, url,
+ NULL,
+ cmdline_credentials,
+ 0);
+
+ torture_assert(tctx, sam_ctx, "Connection to the SAMDB on DC failed!");
+ }
+
+ /* First try valid IP addresses */
+
+ addrs[0].size = sizeof(struct sockaddr_in);
+ addrs[0].buffer = talloc_zero_array(tctx, uint8_t, addrs[0].size);
+ addr = (struct sockaddr_in *) addrs[0].buffer;
+ addrs[0].buffer[0] = AF_INET;
+ ret = inet_pton(AF_INET, "127.0.0.1", &addr->sin_addr);
+ torture_assert(tctx, ret > 0, "inet_pton failed");
+
+ addrs[1].size = sizeof(struct sockaddr_in);
+ addrs[1].buffer = talloc_zero_array(tctx, uint8_t, addrs[1].size);
+ addr = (struct sockaddr_in *) addrs[1].buffer;
+ addrs[1].buffer[0] = AF_INET;
+ ret = inet_pton(AF_INET, "0.0.0.0", &addr->sin_addr);
+ torture_assert(tctx, ret > 0, "inet_pton failed");
+
+ addrs[2].size = sizeof(struct sockaddr_in);
+ addrs[2].buffer = talloc_zero_array(tctx, uint8_t, addrs[2].size);
+ addr = (struct sockaddr_in *) addrs[2].buffer;
+ addrs[2].buffer[0] = AF_INET;
+ ret = inet_pton(AF_INET, "255.255.255.255", &addr->sin_addr);
+ torture_assert(tctx, ret > 0, "inet_pton failed");
+
+#ifdef HAVE_IPV6
+ addrs[3].size = sizeof(struct sockaddr_in6);
+ addrs[3].buffer = talloc_zero_array(tctx, uint8_t, addrs[3].size);
+ addr6 = (struct sockaddr_in6 *) addrs[3].buffer;
+ addrs[3].buffer[0] = AF_INET6;
+ ret = inet_pton(AF_INET6, "::1", &addr6->sin6_addr);
+ torture_assert(tctx, ret > 0, "inet_pton failed");
+
+ addrs[4].size = sizeof(struct sockaddr_in6);
+ addrs[4].buffer = talloc_zero_array(tctx, uint8_t, addrs[4].size);
+ addr6 = (struct sockaddr_in6 *) addrs[4].buffer;
+ addrs[4].buffer[0] = AF_INET6;
+ ret = inet_pton(AF_INET6, "::", &addr6->sin6_addr);
+ torture_assert(tctx, ret > 0, "inet_pton failed");
+
+ addrs[5].size = sizeof(struct sockaddr_in6);
+ addrs[5].buffer = talloc_zero_array(tctx, uint8_t, addrs[5].size);
+ addr6 = (struct sockaddr_in6 *) addrs[5].buffer;
+ addrs[5].buffer[0] = AF_INET6;
+ ret = inet_pton(AF_INET6, "ff02::1", &addr6->sin6_addr);
+ torture_assert(tctx, ret > 0, "inet_pton failed");
+#else
+ /* the test cases are repeated to have exactly 6. This is for
+ * compatibility with IPv4-only machines */
+ addrs[3].size = sizeof(struct sockaddr_in);
+ addrs[3].buffer = talloc_zero_array(tctx, uint8_t, addrs[3].size);
+ addr = (struct sockaddr_in *) addrs[3].buffer;
+ addrs[3].buffer[0] = AF_INET;
+ ret = inet_pton(AF_INET, "127.0.0.1", &addr->sin_addr);
+ torture_assert(tctx, ret > 0, "inet_pton failed");
+
+ addrs[4].size = sizeof(struct sockaddr_in);
+ addrs[4].buffer = talloc_zero_array(tctx, uint8_t, addrs[4].size);
+ addr = (struct sockaddr_in *) addrs[4].buffer;
+ addrs[4].buffer[0] = AF_INET;
+ ret = inet_pton(AF_INET, "0.0.0.0", &addr->sin_addr);
+ torture_assert(tctx, ret > 0, "inet_pton failed");
+
+ addrs[5].size = sizeof(struct sockaddr_in);
+ addrs[5].buffer = talloc_zero_array(tctx, uint8_t, addrs[5].size);
+ addr = (struct sockaddr_in *) addrs[5].buffer;
+ addrs[5].buffer[0] = AF_INET;
+ ret = inet_pton(AF_INET, "255.255.255.255", &addr->sin_addr);
+ torture_assert(tctx, ret > 0, "inet_pton failed");
+#endif
- addr.buffer[0] = 2; /* AF_INET */
- addr.buffer[4] = 127;
- addr.buffer[5] = 0;
- addr.buffer[6] = 0;
- addr.buffer[7] = 1;
+ ctr = talloc(tctx, struct netr_DsRAddressToSitenamesExWCtr);
r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
- r.in.count = 1;
- r.in.addresses = talloc_zero_array(tctx, struct netr_DsRAddress, r.in.count);
- r.in.addresses[0] = addr;
+ r.in.count = 6;
+ r.in.addresses = addrs;
r.out.ctr = &ctr;
status = dcerpc_netr_DsRAddressToSitenamesExW_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "failed");
torture_assert_werr_ok(tctx, r.out.result, "failed");
+ if (sam_ctx != NULL) {
+ for (i = 0; i < 3; i++) {
+ torture_assert_casestr_equal(tctx,
+ ctr->sitename[i].string,
+ samdb_server_site_name(sam_ctx, tctx),
+ "didn't return default site");
+ torture_assert(tctx, ctr->subnetname[i].string == NULL,
+ "subnet should be null");
+ }
+ for (i = 3; i < 6; i++) {
+ /* Windows returns "NULL" for the sitename if it isn't
+ * IPv6 configured */
+ if (torture_setting_bool(tctx, "samba4", false)) {
+ torture_assert_casestr_equal(tctx,
+ ctr->sitename[i].string,
+ samdb_server_site_name(sam_ctx, tctx),
+ "didn't return default site");
+ }
+ torture_assert(tctx, ctr->subnetname[i].string == NULL,
+ "subnet should be null");
+ }
+ }
+
+ /* Now try invalid ones (too short buffers) */
+
+ addrs[0].size = 0;
+ addrs[1].size = 1;
+ addrs[2].size = 4;
+
+ addrs[3].size = 0;
+ addrs[4].size = 1;
+ addrs[5].size = 4;
+
+ status = dcerpc_netr_DsRAddressToSitenamesExW_r(b, tctx, &r);
+ torture_assert_ntstatus_ok(tctx, status, "failed");
+ torture_assert_werr_ok(tctx, r.out.result, "failed");
+
+ for (i = 0; i < 6; i++) {
+ torture_assert(tctx, ctr->sitename[i].string == NULL,
+ "sitename should be null");
+ torture_assert(tctx, ctr->subnetname[i].string == NULL,
+ "subnet should be null");
+ }
+
+ addrs[0].size = 10;
+ addrs[0].buffer[0] = AF_UNSPEC;
+ addrs[1].size = 10;
+ addrs[1].buffer[0] = AF_UNIX; /* AF_LOCAL = AF_UNIX */
+ addrs[2].size = 10;
+ addrs[2].buffer[0] = AF_UNIX;
+
+ addrs[3].size = 10;
+ addrs[3].buffer[0] = 250;
+ addrs[4].size = 10;
+ addrs[4].buffer[0] = 251;
+ addrs[5].size = 10;
+ addrs[5].buffer[0] = 252;
+
+ status = dcerpc_netr_DsRAddressToSitenamesExW_r(b, tctx, &r);
+ torture_assert_ntstatus_ok(tctx, status, "failed");
+ torture_assert_werr_ok(tctx, r.out.result, "failed");
+
+ for (i = 0; i < 6; i++) {
+ torture_assert(tctx, ctr->sitename[i].string == NULL,
+ "sitename should be null");
+ torture_assert(tctx, ctr->subnetname[i].string == NULL,
+ "subnet should be null");
+ }
+
return true;
}
ZERO_STRUCT(q1);
q1.dns_hostname = talloc_asprintf(tctx, "%s.%s", TEST_MACHINE_NAME,
- lp_dnsdomain(tctx->lp_ctx));
+ lpcfg_dnsdomain(tctx->lp_ctx));
q1.sitename = "Default-First-Site-Name";
q1.os_version.os = &os;
q1.os_name.string = talloc_asprintf(tctx,
torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
- msleep(250);
+ smb_msleep(250);
if (sam_ctx) {
/* AD workstation infos entry check */
/* Change also the DNS hostname to test differences in behaviour */
talloc_free(discard_const_p(char, q1.dns_hostname));
q1.dns_hostname = talloc_asprintf(tctx, "%s2.%s", TEST_MACHINE_NAME,
- lp_dnsdomain(tctx->lp_ctx));
+ lpcfg_dnsdomain(tctx->lp_ctx));
/* The workstation handles the "servicePrincipalName" and DNS hostname
updates */
torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
- msleep(250);
+ smb_msleep(250);
if (sam_ctx) {
/* AD workstation infos entry check */
/* Change also the DNS hostname to test differences in behaviour */
talloc_free(discard_const_p(char, q1.dns_hostname));
q1.dns_hostname = talloc_asprintf(tctx, "%s2.%s", TEST_MACHINE_NAME,
- lp_dnsdomain(tctx->lp_ctx));
+ lpcfg_dnsdomain(tctx->lp_ctx));
/* Wipe out the osVersion, and prove which values still 'stick' */
q1.os_version.os = NULL;
torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
- msleep(250);
+ smb_msleep(250);
if (sam_ctx) {
/* AD workstation infos entry check */
/* Put the DNS hostname back */
talloc_free(discard_const_p(char, q1.dns_hostname));
q1.dns_hostname = talloc_asprintf(tctx, "%s.%s", TEST_MACHINE_NAME,
- lp_dnsdomain(tctx->lp_ctx));
+ lpcfg_dnsdomain(tctx->lp_ctx));
/* The workstation handles the "servicePrincipalName" and DNS hostname
updates */
torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
- msleep(250);
+ smb_msleep(250);
/* Now the in/out DNS hostnames should be the same */
torture_assert_str_equal(tctx,
torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
- msleep(250);
+ smb_msleep(250);
/* Checks "workstation flags" */
torture_assert(tctx,
&& (info.domain_info->trusted_domains != NULL),
"Trusted domains have been requested!");
+
+ if (!torture_setting_bool(tctx, "dangerous", false)) {
+ torture_comment(tctx, "Not testing netr_LogonGetDomainInfo 6th call (no workstation info) - enable dangerous tests in order to do so\n");
+ } else {
+ /* Try a call without the workstation information structure */
+
+ torture_comment(tctx, "Testing netr_LogonGetDomainInfo 6th call (no workstation info)\n");
+ netlogon_creds_client_authenticator(creds, &a);
+
+ query.workstation_info = NULL;
+
+ torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonGetDomainInfo_r(b, tctx, &r),
+ "LogonGetDomainInfo failed");
+ torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
+ torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
+ }
+
return true;
}
ZERO_STRUCT(q1);
q1.dns_hostname = talloc_asprintf(tctx, "%s.%s", TEST_MACHINE_NAME,
- lp_dnsdomain(tctx->lp_ctx));
+ lpcfg_dnsdomain(tctx->lp_ctx));
q1.sitename = "Default-First-Site-Name";
q1.os_name.string = "UNIX/Linux or similar";
torture_rpc_tcase_add_test(tcase, "DsRAddressToSitenamesW", test_netr_DsRAddressToSitenamesW);
torture_rpc_tcase_add_test(tcase, "DsRAddressToSitenamesExW", test_netr_DsRAddressToSitenamesExW);
torture_rpc_tcase_add_test_creds(tcase, "ServerGetTrustInfo", test_netr_ServerGetTrustInfo);
+ torture_rpc_tcase_add_test_creds(tcase, "GetForestTrustInformation", test_netr_GetForestTrustInformation);
return suite;
}