s4-torture: Test rpc schannel netr_LogonGetCapability.

[ddiss/samba.git] / source4 / torture / rpc / netlogon.c
diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c

index 781fdf060b16c19b1828ec04d3507d92b6bebe8b..d60b2e3c18fca48cc1a0cee40a8d27f0003bf4da 100644 (file)
--- a/source4/torture/rpc/netlogon.c
+++ b/source4/torture/rpc/netlogon.c
@@ -32,9 +32,11 @@
  #include "librpc/gen_ndr/ndr_lsa_c.h"
  #include "param/param.h"
  #include "libcli/security/security.h"
-#include "lib/ldb/include/ldb.h"
+#include <ldb.h>
  #include "lib/util/util_ldb.h"
-#include "lib/ldb_wrap.h"
+#include "ldb_wrap.h"
+#include "lib/replace/system/network.h"
+#include "dsdb/samdb/samdb.h"
  
  #define TEST_MACHINE_NAME "torturetest"
  
@@ -144,7 +146,7 @@ bool test_SetupCredentials(struct dcerpc_pipe *p, struct torture_context *tctx,
  bool test_SetupCredentials2(struct dcerpc_pipe *p, struct torture_context *tctx,
                             uint32_t negotiate_flags,
                             struct cli_credentials *machine_credentials,
-                           int sec_chan_type,
+                           enum netr_SchannelType sec_chan_type,
                             struct netlogon_creds_CredentialState **creds_out)
  {
         struct netr_ServerReqChallenge r;
@@ -205,7 +207,7 @@ bool test_SetupCredentials2(struct dcerpc_pipe *p, struct torture_context *tctx,
  }
  
  
-static bool test_SetupCredentials3(struct dcerpc_pipe *p, struct torture_context *tctx,
+bool test_SetupCredentials3(struct dcerpc_pipe *p, struct torture_context *tctx,
                             uint32_t negotiate_flags,
                             struct cli_credentials *machine_credentials,
                             struct netlogon_creds_CredentialState **creds_out)
@@ -588,7 +590,7 @@ static bool test_SetPassword2(struct torture_context *tctx,
         new_password.length = IVAL(password_buf.data, 512);
  
         torture_comment(tctx, 
-               "Testing a third ServerPasswordSet2 on machine account, with a compleatly random password\n");
+               "Testing a third ServerPasswordSet2 on machine account, with a completely random password\n");
  
         netlogon_creds_client_authenticator(creds, &credential);
  
@@ -688,6 +690,7 @@ static bool test_netlogon_ops_args(struct dcerpc_pipe *p, struct torture_context
         NTSTATUS status;
         struct netr_LogonSamLogon r;
         struct netr_Authenticator auth, auth2;
+       static const struct netr_Authenticator auth_zero;
         union netr_LogonLevel logon;
         union netr_Validation validation;
         uint8_t authoritative;
@@ -696,11 +699,11 @@ static bool test_netlogon_ops_args(struct dcerpc_pipe *p, struct torture_context
         int i;
         struct dcerpc_binding_handle *b = p->binding_handle;
         int flags = CLI_CRED_NTLM_AUTH;
-       if (lp_client_lanman_auth(tctx->lp_ctx)) {
+       if (lpcfg_client_lanman_auth(tctx->lp_ctx)) {
                 flags |= CLI_CRED_LANMAN_AUTH;
         }
  
-       if (lp_client_ntlmv2_auth(tctx->lp_ctx)) {
+       if (lpcfg_client_ntlmv2_auth(tctx->lp_ctx) && !null_domain) {
                 flags |= CLI_CRED_NTLMv2_AUTH;
         }
  
@@ -752,7 +755,7 @@ static bool test_netlogon_ops_args(struct dcerpc_pipe *p, struct torture_context
  
         d_printf("Testing LogonSamLogon with name %s\n", ninfo.identity_info.account_name.string);
         
-       for (i=2;i<3;i++) {
+       for (i=2;i<=3;i++) {
                 ZERO_STRUCT(auth2);
                 netlogon_creds_client_authenticator(creds, &auth);
                 
@@ -765,11 +768,75 @@ static bool test_netlogon_ops_args(struct dcerpc_pipe *p, struct torture_context
                 torture_assert(tctx, netlogon_creds_client_check(creds, 
                                                                  &r.out.return_authenticator->cred), 
                         "Credential chaining failed");
+               torture_assert_int_equal(tctx, *r.out.authoritative, 1,
+                                        "LogonSamLogon invalid  *r.out.authoritative");
+       }
+
+       /* this makes sure we get the unmarshalling right for invalid levels */
+       for (i=52;i<53;i++) {
+               ZERO_STRUCT(auth2);
+               /* the authenticator should be ignored by the server */
+               generate_random_buffer((uint8_t *) &auth, sizeof(auth));
+
+               r.in.validation_level = i;
+
+               torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
+                                          "LogonSamLogon failed");
+               torture_assert_ntstatus_equal(tctx, r.out.result,
+                                             NT_STATUS_INVALID_INFO_CLASS,
+                                             "LogonSamLogon failed");
+
+               torture_assert_int_equal(tctx, *r.out.authoritative, 1,
+                                        "LogonSamLogon invalid  *r.out.authoritative");
+               torture_assert(tctx,
+                              memcmp(&auth2, &auth_zero, sizeof(auth2)) == 0,
+                              "Return authenticator non zero");
+       }
+
+       for (i=2;i<=3;i++) {
+               ZERO_STRUCT(auth2);
+               netlogon_creds_client_authenticator(creds, &auth);
+
+               r.in.validation_level = i;
+
+               torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
+                       "LogonSamLogon failed");
+               torture_assert_ntstatus_ok(tctx, r.out.result, "LogonSamLogon failed");
+
+               torture_assert(tctx, netlogon_creds_client_check(creds,
+                                                                &r.out.return_authenticator->cred),
+                       "Credential chaining failed");
+               torture_assert_int_equal(tctx, *r.out.authoritative, 1,
+                                        "LogonSamLogon invalid  *r.out.authoritative");
+       }
+
+       r.in.logon_level = 52;
+
+       for (i=2;i<=3;i++) {
+               ZERO_STRUCT(auth2);
+               /* the authenticator should be ignored by the server */
+               generate_random_buffer((uint8_t *) &auth, sizeof(auth));
+
+               r.in.validation_level = i;
+
+               torture_comment(tctx, "Testing SamLogon with validation level %d and a NULL credential\n", i);
+
+               torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
+                       "LogonSamLogon failed");
+               torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_INVALID_PARAMETER,
+                       "LogonSamLogon expected INVALID_PARAMETER");
+
+               torture_assert(tctx,
+                              memcmp(&auth2, &auth_zero, sizeof(auth2)) == 0,
+                              "Return authenticator non zero");
+               torture_assert_int_equal(tctx, *r.out.authoritative, 1,
+                                        "LogonSamLogon invalid  *r.out.authoritative");
         }
  
         r.in.credential = NULL;
  
         for (i=2;i<=3;i++) {
+               ZERO_STRUCT(auth2);
  
                 r.in.validation_level = i;
  
@@ -780,6 +847,31 @@ static bool test_netlogon_ops_args(struct dcerpc_pipe *p, struct torture_context
                 torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_INVALID_PARAMETER,
                         "LogonSamLogon expected INVALID_PARAMETER");
  
+               torture_assert(tctx,
+                              memcmp(&auth2, &auth_zero, sizeof(auth2)) == 0,
+                              "Return authenticator non zero");
+               torture_assert_int_equal(tctx, *r.out.authoritative, 1,
+                                        "LogonSamLogon invalid  *r.out.authoritative");
+       }
+
+       r.in.logon_level = 2;
+       r.in.credential = &auth;
+
+       for (i=2;i<=3;i++) {
+               ZERO_STRUCT(auth2);
+               netlogon_creds_client_authenticator(creds, &auth);
+
+               r.in.validation_level = i;
+
+               torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
+                       "LogonSamLogon failed");
+               torture_assert_ntstatus_ok(tctx, r.out.result, "LogonSamLogon failed");
+
+               torture_assert(tctx, netlogon_creds_client_check(creds,
+                                                                &r.out.return_authenticator->cred),
+                       "Credential chaining failed");
+               torture_assert_int_equal(tctx, *r.out.authoritative, 1,
+                                        "LogonSamLogon invalid  *r.out.authoritative");
         }
  
         return true;
@@ -792,6 +884,60 @@ bool test_netlogon_ops(struct dcerpc_pipe *p, struct torture_context *tctx,
         return test_netlogon_ops_args(p, tctx, credentials, creds, false);
  }
  
+/*
+  try a netlogon GetCapabilities
+*/
+bool test_netlogon_capabilities(struct dcerpc_pipe *p, struct torture_context *tctx,
+                               struct cli_credentials *credentials,
+                               struct netlogon_creds_CredentialState *creds)
+{
+       NTSTATUS status;
+       struct netr_LogonGetCapabilities r;
+       union netr_Capabilities capabilities;
+       struct netr_Authenticator auth, return_auth;
+       struct netlogon_creds_CredentialState tmp_creds;
+       struct dcerpc_binding_handle *b = p->binding_handle;
+
+       r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+       r.in.computer_name = cli_credentials_get_workstation(credentials);
+       r.in.credential = &auth;
+       r.in.return_authenticator = &return_auth;
+       r.in.query_level = 1;
+       r.out.capabilities = &capabilities;
+       r.out.return_authenticator = &return_auth;
+
+       torture_comment(tctx, "Testing LogonGetCapabilities\n");
+
+       ZERO_STRUCT(return_auth);
+
+       /*
+        * we need to operate on a temporary copy of creds
+        * because dcerpc_netr_LogonGetCapabilities was
+        * dcerpc_netr_DummyFunction and returns NT_STATUS_NOT_IMPLEMENTED
+        * without looking a the authenticator.
+        */
+       tmp_creds = *creds;
+       netlogon_creds_client_authenticator(&tmp_creds, &auth);
+
+       status = dcerpc_netr_LogonGetCapabilities_r(b, tctx, &r);
+       torture_assert_ntstatus_ok(tctx, status, "LogonGetCapabilities failed");
+       if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_NOT_IMPLEMENTED)) {
+               return true;
+       }
+
+       *creds = tmp_creds;
+
+       torture_assert(tctx, netlogon_creds_client_check(creds,
+                                                        &r.out.return_authenticator->cred),
+                      "Credential chaining failed");
+
+       torture_assert_int_equal(tctx, creds->negotiate_flags,
+                                capabilities.server_capabilities,
+                                "negotiate flags");
+
+       return true;
+}
+
  /*
    try a netlogon SamLogon
  */
@@ -1600,7 +1746,7 @@ static bool test_GetDcName(struct torture_context *tctx,
         struct dcerpc_binding_handle *b = p->binding_handle;
  
         r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
-       r.in.domainname = lp_workgroup(tctx->lp_ctx);
+       r.in.domainname = lpcfg_workgroup(tctx->lp_ctx);
         r.out.dcname = &dcname;
  
         torture_assert_ntstatus_ok(tctx, dcerpc_netr_GetDcName_r(b, tctx, &r),
@@ -1770,6 +1916,13 @@ static bool test_LogonControl(struct torture_context *tctx,
         }
         }
  
+       r.in.level = 52;
+       torture_comment(tctx, "Testing LogonControl function code %s (%d) level %d\n",
+                       function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
+       status = dcerpc_netr_LogonControl_r(b, tctx, &r);
+       torture_assert_ntstatus_ok(tctx, status, "LogonControl");
+       torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_LEVEL, "LogonControl");
+
         return true;
  }
  
@@ -1785,18 +1938,39 @@ static bool test_GetAnyDCName(struct torture_context *tctx,
         const char *dcname = NULL;
         struct dcerpc_binding_handle *b = p->binding_handle;
  
+       r.in.domainname = lpcfg_workgroup(tctx->lp_ctx);
         r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
-       r.in.domainname = lp_workgroup(tctx->lp_ctx);
         r.out.dcname = &dcname;
  
         status = dcerpc_netr_GetAnyDCName_r(b, tctx, &r);
         torture_assert_ntstatus_ok(tctx, status, "GetAnyDCName");
-       torture_assert_werr_ok(tctx, r.out.result, "GetAnyDCName");
+       if ((!W_ERROR_IS_OK(r.out.result)) &&
+           (!W_ERROR_EQUAL(r.out.result, WERR_NO_SUCH_DOMAIN))) {
+               return false;
+       }
  
         if (dcname) {
             torture_comment(tctx, "\tDC is at '%s'\n", dcname);
         }
  
+       r.in.domainname = NULL;
+
+       status = dcerpc_netr_GetAnyDCName_r(b, tctx, &r);
+       torture_assert_ntstatus_ok(tctx, status, "GetAnyDCName");
+       if ((!W_ERROR_IS_OK(r.out.result)) &&
+           (!W_ERROR_EQUAL(r.out.result, WERR_NO_SUCH_DOMAIN))) {
+               return false;
+       }
+
+       r.in.domainname = "";
+
+       status = dcerpc_netr_GetAnyDCName_r(b, tctx, &r);
+       torture_assert_ntstatus_ok(tctx, status, "GetAnyDCName");
+       if ((!W_ERROR_IS_OK(r.out.result)) &&
+           (!W_ERROR_EQUAL(r.out.result, WERR_NO_SUCH_DOMAIN))) {
+               return false;
+       }
+
         return true;
  }
  
@@ -1816,7 +1990,7 @@ static bool test_LogonControl2(struct torture_context *tctx,
         int i;
         struct dcerpc_binding_handle *b = p->binding_handle;
  
-       data.domain = lp_workgroup(tctx->lp_ctx);
+       data.domain = lpcfg_workgroup(tctx->lp_ctx);
  
         r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
  
@@ -1827,14 +2001,14 @@ static bool test_LogonControl2(struct torture_context *tctx,
         for (i=1;i<4;i++) {
                 r.in.level = i;
  
-               torture_comment(tctx, "Testing LogonControl2 level %d function %d\n", 
-                      i, r.in.function_code);
+               torture_comment(tctx, "Testing LogonControl2 function code %s (%d) level %d\n",
+                       function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
  
                 status = dcerpc_netr_LogonControl2_r(b, tctx, &r);
-               torture_assert_ntstatus_ok(tctx, status, "LogonControl");
+               torture_assert_ntstatus_ok(tctx, status, "LogonControl2");
         }
  
-       data.domain = lp_workgroup(tctx->lp_ctx);
+       data.domain = lpcfg_workgroup(tctx->lp_ctx);
  
         r.in.function_code = NETLOGON_CONTROL_TC_QUERY;
         r.in.data = &data;
@@ -1842,14 +2016,14 @@ static bool test_LogonControl2(struct torture_context *tctx,
         for (i=1;i<4;i++) {
                 r.in.level = i;
  
-               torture_comment(tctx, "Testing LogonControl2 level %d function %d\n", 
-                      i, r.in.function_code);
+               torture_comment(tctx, "Testing LogonControl2 function code %s (%d) level %d\n",
+                       function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
  
                 status = dcerpc_netr_LogonControl2_r(b, tctx, &r);
-               torture_assert_ntstatus_ok(tctx, status, "LogonControl");
+               torture_assert_ntstatus_ok(tctx, status, "LogonControl2");
         }
  
-       data.domain = lp_workgroup(tctx->lp_ctx);
+       data.domain = lpcfg_workgroup(tctx->lp_ctx);
  
         r.in.function_code = NETLOGON_CONTROL_TRANSPORT_NOTIFY;
         r.in.data = &data;
@@ -1857,11 +2031,11 @@ static bool test_LogonControl2(struct torture_context *tctx,
         for (i=1;i<4;i++) {
                 r.in.level = i;
  
-               torture_comment(tctx, "Testing LogonControl2 level %d function %d\n", 
-                      i, r.in.function_code);
+               torture_comment(tctx, "Testing LogonControl2 function code %s (%d) level %d\n",
+                       function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
  
                 status = dcerpc_netr_LogonControl2_r(b, tctx, &r);
-               torture_assert_ntstatus_ok(tctx, status, "LogonControl");
+               torture_assert_ntstatus_ok(tctx, status, "LogonControl2");
         }
  
         data.debug_level = ~0;
@@ -1872,13 +2046,37 @@ static bool test_LogonControl2(struct torture_context *tctx,
         for (i=1;i<4;i++) {
                 r.in.level = i;
  
-               torture_comment(tctx, "Testing LogonControl2 level %d function %d\n", 
-                      i, r.in.function_code);
+               torture_comment(tctx, "Testing LogonControl2 function code %s (%d) level %d\n",
+                       function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
  
                 status = dcerpc_netr_LogonControl2_r(b, tctx, &r);
-               torture_assert_ntstatus_ok(tctx, status, "LogonControl");
+               torture_assert_ntstatus_ok(tctx, status, "LogonControl2");
         }
  
+       ZERO_STRUCT(data);
+       r.in.function_code = 52;
+       r.in.data = &data;
+
+       torture_comment(tctx, "Testing LogonControl2 function code %s (%d) level %d\n",
+                       function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
+
+       status = dcerpc_netr_LogonControl2_r(b, tctx, &r);
+       torture_assert_ntstatus_ok(tctx, status, "LogonControl2");
+       torture_assert_werr_equal(tctx, r.out.result, WERR_UNKNOWN_LEVEL, "LogonControl2");
+
+       data.debug_level = ~0;
+
+       r.in.function_code = NETLOGON_CONTROL_SET_DBFLAG;
+       r.in.data = &data;
+
+       r.in.level = 52;
+       torture_comment(tctx, "Testing LogonControl2 function code %s (%d) level %d\n",
+                       function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
+
+       status = dcerpc_netr_LogonControl2_r(b, tctx, &r);
+       torture_assert_ntstatus_ok(tctx, status, "LogonControl2");
+       torture_assert_werr_equal(tctx, r.out.result, WERR_UNKNOWN_LEVEL, "LogonControl2");
+
         return true;
  }
  
@@ -1968,7 +2166,7 @@ static bool test_LogonControl2Ex(struct torture_context *tctx,
         int i;
         struct dcerpc_binding_handle *b = p->binding_handle;
  
-       data.domain = lp_workgroup(tctx->lp_ctx);
+       data.domain = lpcfg_workgroup(tctx->lp_ctx);
  
         r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
  
@@ -1986,7 +2184,7 @@ static bool test_LogonControl2Ex(struct torture_context *tctx,
                 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
         }
  
-       data.domain = lp_workgroup(tctx->lp_ctx);
+       data.domain = lpcfg_workgroup(tctx->lp_ctx);
  
         r.in.function_code = NETLOGON_CONTROL_TC_QUERY;
         r.in.data = &data;
@@ -2001,7 +2199,7 @@ static bool test_LogonControl2Ex(struct torture_context *tctx,
                 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
         }
  
-       data.domain = lp_workgroup(tctx->lp_ctx);
+       data.domain = lpcfg_workgroup(tctx->lp_ctx);
  
         r.in.function_code = NETLOGON_CONTROL_TRANSPORT_NOTIFY;
         r.in.data = &data;
@@ -2034,6 +2232,48 @@ static bool test_LogonControl2Ex(struct torture_context *tctx,
         return true;
  }
  
+static bool test_netr_GetForestTrustInformation(struct torture_context *tctx,
+                                               struct dcerpc_pipe *p,
+                                               struct cli_credentials *machine_credentials)
+{
+       struct netr_GetForestTrustInformation r;
+       struct netlogon_creds_CredentialState *creds;
+       struct netr_Authenticator a;
+       struct netr_Authenticator return_authenticator;
+       struct lsa_ForestTrustInformation *forest_trust_info;
+       struct dcerpc_binding_handle *b = p->binding_handle;
+
+       if (!test_SetupCredentials3(p, tctx, NETLOGON_NEG_AUTH2_ADS_FLAGS,
+                                   machine_credentials, &creds)) {
+               return false;
+       }
+
+       netlogon_creds_client_authenticator(creds, &a);
+
+       r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+       r.in.computer_name = TEST_MACHINE_NAME;
+       r.in.credential = &a;
+       r.in.flags = 0;
+       r.out.return_authenticator = &return_authenticator;
+       r.out.forest_trust_info = &forest_trust_info;
+
+       torture_assert_ntstatus_ok(tctx,
+               dcerpc_netr_GetForestTrustInformation_r(b, tctx, &r),
+               "netr_GetForestTrustInformation failed");
+       if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_NOT_IMPLEMENTED)) {
+               torture_comment(tctx, "not considering NT_STATUS_NOT_IMPLEMENTED as an error\n");
+       } else {
+               torture_assert_ntstatus_ok(tctx, r.out.result,
+                       "netr_GetForestTrustInformation failed");
+       }
+
+       torture_assert(tctx,
+               netlogon_creds_client_check(creds, &return_authenticator.cred),
+               "Credential chaining failed");
+
+       return true;
+}
+
  static bool test_netr_DsRGetForestTrustInformation(struct torture_context *tctx, 
                                                    struct dcerpc_pipe *p, const char *trusted_domain_name) 
  {
@@ -2116,7 +2356,7 @@ static bool test_netr_NetrEnumerateTrustedDomains(struct torture_context *tctx,
  
         status = dcerpc_netr_NetrEnumerateTrustedDomains_r(b, tctx, &r);
         torture_assert_ntstatus_ok(tctx, status, "netr_NetrEnumerateTrustedDomains");
-       torture_assert_werr_ok(tctx, r.out.result, "NetrEnumerateTrustedDomains");
+       torture_assert_ntstatus_ok(tctx, r.out.result, "NetrEnumerateTrustedDomains");
  
         return true;
  }
@@ -2149,9 +2389,6 @@ static bool test_netr_DsRGetSiteName(struct dcerpc_pipe *p, struct torture_conte
         const char *site = NULL;
         struct dcerpc_binding_handle *b = p->binding_handle;
  
-       if (torture_setting_bool(tctx, "samba4", false))
-               torture_skip(tctx, "skipping DsRGetSiteName test against Samba4");
-
         r.in.computer_name              = computer_name;
         r.out.site                      = &site;
         torture_comment(tctx, "Testing netr_DsRGetSiteName\n");
@@ -2161,6 +2398,9 @@ static bool test_netr_DsRGetSiteName(struct dcerpc_pipe *p, struct torture_conte
         torture_assert_werr_ok(tctx, r.out.result, "DsRGetSiteName");
         torture_assert_str_equal(tctx, expected_site, site, "netr_DsRGetSiteName");
  
+       if (torture_setting_bool(tctx, "samba4", false))
+               torture_skip(tctx, "skipping computer name check against Samba4");
+
         r.in.computer_name              = talloc_asprintf(tctx, "\\\\%s", computer_name);
         torture_comment(tctx, 
                         "Testing netr_DsRGetSiteName with broken computer name: %s\n", r.in.computer_name);
@@ -2184,7 +2424,7 @@ static bool test_netr_DsRGetDCName(struct torture_context *tctx,
         struct dcerpc_binding_handle *b = p->binding_handle;
  
         r.in.server_unc         = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
-       r.in.domain_name        = lp_dnsdomain(tctx->lp_ctx);
+       r.in.domain_name        = lpcfg_dnsdomain(tctx->lp_ctx);
         r.in.domain_guid        = NULL;
         r.in.site_guid          = NULL;
         r.in.flags              = DS_RETURN_DNS_NAME;
@@ -2194,7 +2434,7 @@ static bool test_netr_DsRGetDCName(struct torture_context *tctx,
         torture_assert_ntstatus_ok(tctx, status, "DsRGetDCName");
         torture_assert_werr_ok(tctx, r.out.result, "DsRGetDCName");
  
-       r.in.domain_name        = lp_workgroup(tctx->lp_ctx);
+       r.in.domain_name        = lpcfg_workgroup(tctx->lp_ctx);
  
         status = dcerpc_netr_DsRGetDCName_r(b, tctx, &r);
         torture_assert_ntstatus_ok(tctx, status, "DsRGetDCName");
@@ -2217,7 +2457,7 @@ static bool test_netr_DsRGetDCNameEx(struct torture_context *tctx,
         struct dcerpc_binding_handle *b = p->binding_handle;
  
         r.in.server_unc         = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
-       r.in.domain_name        = lp_dnsdomain(tctx->lp_ctx);
+       r.in.domain_name        = lpcfg_dnsdomain(tctx->lp_ctx);
         r.in.domain_guid        = NULL;
         r.in.site_name          = NULL;
         r.in.flags              = DS_RETURN_DNS_NAME;
@@ -2227,7 +2467,7 @@ static bool test_netr_DsRGetDCNameEx(struct torture_context *tctx,
         torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx");
         torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx");
  
-       r.in.domain_name        = lp_workgroup(tctx->lp_ctx);
+       r.in.domain_name        = lpcfg_workgroup(tctx->lp_ctx);
  
         status = dcerpc_netr_DsRGetDCNameEx_r(b, tctx, &r);
         torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx");
@@ -2248,10 +2488,19 @@ static bool test_netr_DsRGetDCNameEx2(struct torture_context *tctx,
         struct netr_DsRGetDCNameInfo *info = NULL;
         struct dcerpc_binding_handle *b = p->binding_handle;
  
+       torture_comment(tctx, "Testing netr_DsRGetDCNameEx2 with no inputs\n");
+       ZERO_STRUCT(r.in);
+       r.in.flags              = DS_RETURN_DNS_NAME;
+       r.out.info              = &info;
+
+       status = dcerpc_netr_DsRGetDCNameEx2_r(b, tctx, &r);
+       torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx2");
+       torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx2");
+
         r.in.server_unc         = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
         r.in.client_account     = NULL;
         r.in.mask               = 0x00000000;
-       r.in.domain_name        = lp_dnsdomain(tctx->lp_ctx);
+       r.in.domain_name        = lpcfg_dnsdomain(tctx->lp_ctx);
         r.in.domain_guid        = NULL;
         r.in.site_name          = NULL;
         r.in.flags              = DS_RETURN_DNS_NAME;
@@ -2263,13 +2512,13 @@ static bool test_netr_DsRGetDCNameEx2(struct torture_context *tctx,
         torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx2");
         torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx2");
  
-       r.in.domain_name        = lp_workgroup(tctx->lp_ctx);
+       r.in.domain_name        = lpcfg_workgroup(tctx->lp_ctx);
  
         status = dcerpc_netr_DsRGetDCNameEx2_r(b, tctx, &r);
         torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx2");
         torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx2");
  
-       torture_comment(tctx, "Testing netr_DsRGetDCNameEx2 with client acount\n");
+       torture_comment(tctx, "Testing netr_DsRGetDCNameEx2 with client account\n");
         r.in.client_account     = TEST_MACHINE_NAME"$";
         r.in.mask               = ACB_SVRTRUST;
         r.in.flags              = DS_RETURN_FLAT_NAME;
@@ -2283,14 +2532,79 @@ static bool test_netr_DsRGetDCNameEx2(struct torture_context *tctx,
                                         info->dc_site_name);
  }
  
+/* This is a substitution for "samdb_server_site_name" which relies on the
+ * correct "lp_ctx" and therefore can't be used here. */
+static const char *server_site_name(struct torture_context *tctx,
+                                   struct ldb_context *ldb)
+{
+       TALLOC_CTX *tmp_ctx;
+       struct ldb_dn *dn, *server_dn;
+       const struct ldb_val *site_name_val;
+       const char *server_dn_str, *site_name;
+
+       tmp_ctx = talloc_new(ldb);
+       if (tmp_ctx == NULL) {
+               goto failed;
+       }
+
+       dn = ldb_dn_new(tmp_ctx, ldb, "");
+       if (dn == NULL) {
+               goto failed;
+       }
+
+       server_dn_str = samdb_search_string(ldb, tmp_ctx, dn, "serverName",
+                                           NULL);
+       if (server_dn_str == NULL) {
+               goto failed;
+       }
+
+       server_dn = ldb_dn_new(tmp_ctx, ldb, server_dn_str);
+       if (server_dn == NULL) {
+               goto failed;
+       }
+
+       /* CN=<Server name>, CN=Servers, CN=<Site name>, CN=Sites, ... */
+       site_name_val = ldb_dn_get_component_val(server_dn, 2);
+       if (site_name_val == NULL) {
+               goto failed;
+       }
+
+       site_name = (const char *) site_name_val->data;
+
+       talloc_steal(tctx, site_name);
+       talloc_free(tmp_ctx);
+
+       return site_name;
+
+failed:
+       talloc_free(tmp_ctx);
+       return NULL;
+}
+
  static bool test_netr_DsrGetDcSiteCoverageW(struct torture_context *tctx, 
                                             struct dcerpc_pipe *p)
  {
+       char *url;
+       struct ldb_context *sam_ctx = NULL;
         NTSTATUS status;
         struct netr_DsrGetDcSiteCoverageW r;
         struct DcSitesCtr *ctr = NULL;
         struct dcerpc_binding_handle *b = p->binding_handle;
  
+       torture_comment(tctx, "This does only pass with the default site\n");
+
+       /* We won't double-check this when we are over 'local' transports */
+       if (dcerpc_server_name(p)) {
+               /* Set up connection to SAMDB on DC */
+               url = talloc_asprintf(tctx, "ldap://%s", dcerpc_server_name(p));
+               sam_ctx = ldb_wrap_connect(tctx, tctx->ev, tctx->lp_ctx, url,
+                                          NULL,
+                                          cmdline_credentials,
+                                          0);
+
+               torture_assert(tctx, sam_ctx, "Connection to the SAMDB on DC failed!");
+        }
+
         r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
         r.out.ctr = &ctr;
  
@@ -2298,72 +2612,374 @@ static bool test_netr_DsrGetDcSiteCoverageW(struct torture_context *tctx,
         torture_assert_ntstatus_ok(tctx, status, "failed");
         torture_assert_werr_ok(tctx, r.out.result, "failed");
  
+       torture_assert(tctx, ctr->num_sites == 1,
+                      "we should per default only get the default site");
+       if (sam_ctx != NULL) {
+               torture_assert_casestr_equal(tctx, ctr->sites[0].string,
+                                            server_site_name(tctx, sam_ctx),
+                                            "didn't return default site");
+       }
+
         return true;
  }
  
  static bool test_netr_DsRAddressToSitenamesW(struct torture_context *tctx,
                                              struct dcerpc_pipe *p)
  {
+       char *url;
+       struct ldb_context *sam_ctx = NULL;
         NTSTATUS status;
         struct netr_DsRAddressToSitenamesW r;
-       struct netr_DsRAddress addr;
+       struct netr_DsRAddress addrs[6];
+       struct sockaddr_in *addr;
+#ifdef HAVE_IPV6
+       struct sockaddr_in6 *addr6;
+#endif
         struct netr_DsRAddressToSitenamesWCtr *ctr;
         struct dcerpc_binding_handle *b = p->binding_handle;
+       uint32_t i;
+       int ret;
  
-       ctr = talloc(tctx, struct netr_DsRAddressToSitenamesWCtr);
+       torture_comment(tctx, "This does only pass with the default site\n");
+
+       /* We won't double-check this when we are over 'local' transports */
+       if (dcerpc_server_name(p)) {
+               /* Set up connection to SAMDB on DC */
+               url = talloc_asprintf(tctx, "ldap://%s", dcerpc_server_name(p));
+               sam_ctx = ldb_wrap_connect(tctx, tctx->ev, tctx->lp_ctx, url,
+                                          NULL,
+                                          cmdline_credentials,
+                                          0);
  
-       addr.size = 16;
-       addr.buffer = talloc_zero_array(tctx, uint8_t, addr.size);
+               torture_assert(tctx, sam_ctx, "Connection to the SAMDB on DC failed!");
+        }
+
+       /* First try valid IP addresses */
+
+       addrs[0].size = sizeof(struct sockaddr_in);
+       addrs[0].buffer = talloc_zero_array(tctx, uint8_t, addrs[0].size);
+       addr = (struct sockaddr_in *) addrs[0].buffer;
+       addrs[0].buffer[0] = AF_INET;
+       ret = inet_pton(AF_INET, "127.0.0.1", &addr->sin_addr);
+       torture_assert(tctx, ret > 0, "inet_pton failed");
+
+       addrs[1].size = sizeof(struct sockaddr_in);
+       addrs[1].buffer = talloc_zero_array(tctx, uint8_t, addrs[1].size);
+       addr = (struct sockaddr_in *) addrs[1].buffer;
+       addrs[1].buffer[0] = AF_INET;
+       ret = inet_pton(AF_INET, "0.0.0.0", &addr->sin_addr);
+       torture_assert(tctx, ret > 0, "inet_pton failed");
+
+       addrs[2].size = sizeof(struct sockaddr_in);
+       addrs[2].buffer = talloc_zero_array(tctx, uint8_t, addrs[2].size);
+       addr = (struct sockaddr_in *) addrs[2].buffer;
+       addrs[2].buffer[0] = AF_INET;
+       ret = inet_pton(AF_INET, "255.255.255.255", &addr->sin_addr);
+       torture_assert(tctx, ret > 0, "inet_pton failed");
+
+#ifdef HAVE_IPV6
+       addrs[3].size = sizeof(struct sockaddr_in6);
+       addrs[3].buffer = talloc_zero_array(tctx, uint8_t, addrs[3].size);
+       addr6 = (struct sockaddr_in6 *) addrs[3].buffer;
+       addrs[3].buffer[0] = AF_INET6;
+       ret = inet_pton(AF_INET6, "::1", &addr6->sin6_addr);
+       torture_assert(tctx, ret > 0, "inet_pton failed");
+
+       addrs[4].size = sizeof(struct sockaddr_in6);
+       addrs[4].buffer = talloc_zero_array(tctx, uint8_t, addrs[4].size);
+       addr6 = (struct sockaddr_in6 *) addrs[4].buffer;
+       addrs[4].buffer[0] = AF_INET6;
+       ret = inet_pton(AF_INET6, "::", &addr6->sin6_addr);
+       torture_assert(tctx, ret > 0, "inet_pton failed");
+
+       addrs[5].size = sizeof(struct sockaddr_in6);
+       addrs[5].buffer = talloc_zero_array(tctx, uint8_t, addrs[5].size);
+       addr6 = (struct sockaddr_in6 *) addrs[5].buffer;
+       addrs[5].buffer[0] = AF_INET6;
+       ret = inet_pton(AF_INET6, "ff02::1", &addr6->sin6_addr);
+       torture_assert(tctx, ret > 0, "inet_pton failed");
+#else
+       /* the test cases are repeated to have exactly 6. This is for
+        * compatibility with IPv4-only machines */
+       addrs[3].size = sizeof(struct sockaddr_in);
+       addrs[3].buffer = talloc_zero_array(tctx, uint8_t, addrs[3].size);
+       addr = (struct sockaddr_in *) addrs[3].buffer;
+       addrs[3].buffer[0] = AF_INET;
+       ret = inet_pton(AF_INET, "127.0.0.1", &addr->sin_addr);
+       torture_assert(tctx, ret > 0, "inet_pton failed");
+
+       addrs[4].size = sizeof(struct sockaddr_in);
+       addrs[4].buffer = talloc_zero_array(tctx, uint8_t, addrs[4].size);
+       addr = (struct sockaddr_in *) addrs[4].buffer;
+       addrs[4].buffer[0] = AF_INET;
+       ret = inet_pton(AF_INET, "0.0.0.0", &addr->sin_addr);
+       torture_assert(tctx, ret > 0, "inet_pton failed");
+
+       addrs[5].size = sizeof(struct sockaddr_in);
+       addrs[5].buffer = talloc_zero_array(tctx, uint8_t, addrs[5].size);
+       addr = (struct sockaddr_in *) addrs[5].buffer;
+       addrs[5].buffer[0] = AF_INET;
+       ret = inet_pton(AF_INET, "255.255.255.255", &addr->sin_addr);
+       torture_assert(tctx, ret > 0, "inet_pton failed");
+#endif
  
-       addr.buffer[0] = 2; /* AF_INET */
-       addr.buffer[4] = 127;
-       addr.buffer[5] = 0;
-       addr.buffer[6] = 0;
-       addr.buffer[7] = 1;
+       ctr = talloc(tctx, struct netr_DsRAddressToSitenamesWCtr);
  
         r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
-       r.in.count = 1;
-       r.in.addresses = talloc_zero_array(tctx, struct netr_DsRAddress, r.in.count);
-       r.in.addresses[0] = addr;
+       r.in.count = 6;
+       r.in.addresses = addrs;
         r.out.ctr = &ctr;
  
         status = dcerpc_netr_DsRAddressToSitenamesW_r(b, tctx, &r);
         torture_assert_ntstatus_ok(tctx, status, "failed");
         torture_assert_werr_ok(tctx, r.out.result, "failed");
  
+       if (sam_ctx != NULL) {
+               for (i = 0; i < 3; i++) {
+                       torture_assert_casestr_equal(tctx,
+                                                    ctr->sitename[i].string,
+                                                    server_site_name(tctx, sam_ctx),
+                                                    "didn't return default site");
+               }
+               for (i = 3; i < 6; i++) {
+                       /* Windows returns "NULL" for the sitename if it isn't
+                        * IPv6 configured */
+                       if (torture_setting_bool(tctx, "samba4", false)) {
+                               torture_assert_casestr_equal(tctx,
+                                                            ctr->sitename[i].string,
+                                                            server_site_name(tctx, sam_ctx),
+                                                            "didn't return default site");
+                       }
+               }
+       }
+
+       /* Now try invalid ones (too short buffers) */
+
+       addrs[0].size = 0;
+       addrs[1].size = 1;
+       addrs[2].size = 4;
+
+       addrs[3].size = 0;
+       addrs[4].size = 1;
+       addrs[5].size = 4;
+
+       status = dcerpc_netr_DsRAddressToSitenamesW_r(b, tctx, &r);
+       torture_assert_ntstatus_ok(tctx, status, "failed");
+       torture_assert_werr_ok(tctx, r.out.result, "failed");
+
+       for (i = 0; i < 6; i++) {
+               torture_assert(tctx, ctr->sitename[i].string == NULL,
+                              "sitename should be null");
+       }
+
+       /* Now try invalid ones (wrong address types) */
+
+       addrs[0].size = 10;
+       addrs[0].buffer[0] = AF_UNSPEC;
+       addrs[1].size = 10;
+       addrs[1].buffer[0] = AF_UNIX; /* AF_LOCAL = AF_UNIX */
+       addrs[2].size = 10;
+       addrs[2].buffer[0] = AF_UNIX;
+
+       addrs[3].size = 10;
+       addrs[3].buffer[0] = 250;
+       addrs[4].size = 10;
+       addrs[4].buffer[0] = 251;
+       addrs[5].size = 10;
+       addrs[5].buffer[0] = 252;
+
+       status = dcerpc_netr_DsRAddressToSitenamesW_r(b, tctx, &r);
+       torture_assert_ntstatus_ok(tctx, status, "failed");
+       torture_assert_werr_ok(tctx, r.out.result, "failed");
+
+       for (i = 0; i < 6; i++) {
+               torture_assert(tctx, ctr->sitename[i].string == NULL,
+                              "sitename should be null");
+       }
+
         return true;
  }
  
  static bool test_netr_DsRAddressToSitenamesExW(struct torture_context *tctx,
                                                struct dcerpc_pipe *p)
  {
+       char *url;
+       struct ldb_context *sam_ctx = NULL;
         NTSTATUS status;
         struct netr_DsRAddressToSitenamesExW r;
-       struct netr_DsRAddress addr;
+       struct netr_DsRAddress addrs[6];
+       struct sockaddr_in *addr;
+#ifdef HAVE_IPV6
+       struct sockaddr_in6 *addr6;
+#endif
         struct netr_DsRAddressToSitenamesExWCtr *ctr;
         struct dcerpc_binding_handle *b = p->binding_handle;
+       uint32_t i;
+       int ret;
  
-       ctr = talloc(tctx, struct netr_DsRAddressToSitenamesExWCtr);
+       torture_comment(tctx, "This does pass with the default site\n");
+
+       /* We won't double-check this when we are over 'local' transports */
+       if (dcerpc_server_name(p)) {
+               /* Set up connection to SAMDB on DC */
+               url = talloc_asprintf(tctx, "ldap://%s", dcerpc_server_name(p));
+               sam_ctx = ldb_wrap_connect(tctx, tctx->ev, tctx->lp_ctx, url,
+                                          NULL,
+                                          cmdline_credentials,
+                                          0);
  
-       addr.size = 16;
-       addr.buffer = talloc_zero_array(tctx, uint8_t, addr.size);
+               torture_assert(tctx, sam_ctx, "Connection to the SAMDB on DC failed!");
+        }
+
+       /* First try valid IP addresses */
+
+       addrs[0].size = sizeof(struct sockaddr_in);
+       addrs[0].buffer = talloc_zero_array(tctx, uint8_t, addrs[0].size);
+       addr = (struct sockaddr_in *) addrs[0].buffer;
+       addrs[0].buffer[0] = AF_INET;
+       ret = inet_pton(AF_INET, "127.0.0.1", &addr->sin_addr);
+       torture_assert(tctx, ret > 0, "inet_pton failed");
+
+       addrs[1].size = sizeof(struct sockaddr_in);
+       addrs[1].buffer = talloc_zero_array(tctx, uint8_t, addrs[1].size);
+       addr = (struct sockaddr_in *) addrs[1].buffer;
+       addrs[1].buffer[0] = AF_INET;
+       ret = inet_pton(AF_INET, "0.0.0.0", &addr->sin_addr);
+       torture_assert(tctx, ret > 0, "inet_pton failed");
+
+       addrs[2].size = sizeof(struct sockaddr_in);
+       addrs[2].buffer = talloc_zero_array(tctx, uint8_t, addrs[2].size);
+       addr = (struct sockaddr_in *) addrs[2].buffer;
+       addrs[2].buffer[0] = AF_INET;
+       ret = inet_pton(AF_INET, "255.255.255.255", &addr->sin_addr);
+       torture_assert(tctx, ret > 0, "inet_pton failed");
+
+#ifdef HAVE_IPV6
+       addrs[3].size = sizeof(struct sockaddr_in6);
+       addrs[3].buffer = talloc_zero_array(tctx, uint8_t, addrs[3].size);
+       addr6 = (struct sockaddr_in6 *) addrs[3].buffer;
+       addrs[3].buffer[0] = AF_INET6;
+       ret = inet_pton(AF_INET6, "::1", &addr6->sin6_addr);
+       torture_assert(tctx, ret > 0, "inet_pton failed");
+
+       addrs[4].size = sizeof(struct sockaddr_in6);
+       addrs[4].buffer = talloc_zero_array(tctx, uint8_t, addrs[4].size);
+       addr6 = (struct sockaddr_in6 *) addrs[4].buffer;
+       addrs[4].buffer[0] = AF_INET6;
+       ret = inet_pton(AF_INET6, "::", &addr6->sin6_addr);
+       torture_assert(tctx, ret > 0, "inet_pton failed");
+
+       addrs[5].size = sizeof(struct sockaddr_in6);
+       addrs[5].buffer = talloc_zero_array(tctx, uint8_t, addrs[5].size);
+       addr6 = (struct sockaddr_in6 *) addrs[5].buffer;
+       addrs[5].buffer[0] = AF_INET6;
+       ret = inet_pton(AF_INET6, "ff02::1", &addr6->sin6_addr);
+       torture_assert(tctx, ret > 0, "inet_pton failed");
+#else
+       /* the test cases are repeated to have exactly 6. This is for
+        * compatibility with IPv4-only machines */
+       addrs[3].size = sizeof(struct sockaddr_in);
+       addrs[3].buffer = talloc_zero_array(tctx, uint8_t, addrs[3].size);
+       addr = (struct sockaddr_in *) addrs[3].buffer;
+       addrs[3].buffer[0] = AF_INET;
+       ret = inet_pton(AF_INET, "127.0.0.1", &addr->sin_addr);
+       torture_assert(tctx, ret > 0, "inet_pton failed");
+
+       addrs[4].size = sizeof(struct sockaddr_in);
+       addrs[4].buffer = talloc_zero_array(tctx, uint8_t, addrs[4].size);
+       addr = (struct sockaddr_in *) addrs[4].buffer;
+       addrs[4].buffer[0] = AF_INET;
+       ret = inet_pton(AF_INET, "0.0.0.0", &addr->sin_addr);
+       torture_assert(tctx, ret > 0, "inet_pton failed");
+
+       addrs[5].size = sizeof(struct sockaddr_in);
+       addrs[5].buffer = talloc_zero_array(tctx, uint8_t, addrs[5].size);
+       addr = (struct sockaddr_in *) addrs[5].buffer;
+       addrs[5].buffer[0] = AF_INET;
+       ret = inet_pton(AF_INET, "255.255.255.255", &addr->sin_addr);
+       torture_assert(tctx, ret > 0, "inet_pton failed");
+#endif
  
-       addr.buffer[0] = 2; /* AF_INET */
-       addr.buffer[4] = 127;
-       addr.buffer[5] = 0;
-       addr.buffer[6] = 0;
-       addr.buffer[7] = 1;
+       ctr = talloc(tctx, struct netr_DsRAddressToSitenamesExWCtr);
  
         r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
-       r.in.count = 1;
-       r.in.addresses = talloc_zero_array(tctx, struct netr_DsRAddress, r.in.count);
-       r.in.addresses[0] = addr;
+       r.in.count = 6;
+       r.in.addresses = addrs;
         r.out.ctr = &ctr;
  
         status = dcerpc_netr_DsRAddressToSitenamesExW_r(b, tctx, &r);
         torture_assert_ntstatus_ok(tctx, status, "failed");
         torture_assert_werr_ok(tctx, r.out.result, "failed");
  
+       if (sam_ctx != NULL) {
+               for (i = 0; i < 3; i++) {
+                       torture_assert_casestr_equal(tctx,
+                                                    ctr->sitename[i].string,
+                                                    server_site_name(tctx, sam_ctx),
+                                                    "didn't return default site");
+                       torture_assert(tctx, ctr->subnetname[i].string == NULL,
+                                      "subnet should be null");
+               }
+               for (i = 3; i < 6; i++) {
+                       /* Windows returns "NULL" for the sitename if it isn't
+                        * IPv6 configured */
+                       if (torture_setting_bool(tctx, "samba4", false)) {
+                               torture_assert_casestr_equal(tctx,
+                                                            ctr->sitename[i].string,
+                                                            server_site_name(tctx, sam_ctx),
+                                                            "didn't return default site");
+                       }
+                       torture_assert(tctx, ctr->subnetname[i].string == NULL,
+                                      "subnet should be null");
+               }
+       }
+
+       /* Now try invalid ones (too short buffers) */
+
+       addrs[0].size = 0;
+       addrs[1].size = 1;
+       addrs[2].size = 4;
+
+       addrs[3].size = 0;
+       addrs[4].size = 1;
+       addrs[5].size = 4;
+
+       status = dcerpc_netr_DsRAddressToSitenamesExW_r(b, tctx, &r);
+       torture_assert_ntstatus_ok(tctx, status, "failed");
+       torture_assert_werr_ok(tctx, r.out.result, "failed");
+
+       for (i = 0; i < 6; i++) {
+               torture_assert(tctx, ctr->sitename[i].string == NULL,
+                              "sitename should be null");
+               torture_assert(tctx, ctr->subnetname[i].string == NULL,
+                              "subnet should be null");
+       }
+
+       addrs[0].size = 10;
+       addrs[0].buffer[0] = AF_UNSPEC;
+       addrs[1].size = 10;
+       addrs[1].buffer[0] = AF_UNIX; /* AF_LOCAL = AF_UNIX */
+       addrs[2].size = 10;
+       addrs[2].buffer[0] = AF_UNIX;
+
+       addrs[3].size = 10;
+       addrs[3].buffer[0] = 250;
+       addrs[4].size = 10;
+       addrs[4].buffer[0] = 251;
+       addrs[5].size = 10;
+       addrs[5].buffer[0] = 252;
+
+       status = dcerpc_netr_DsRAddressToSitenamesExW_r(b, tctx, &r);
+       torture_assert_ntstatus_ok(tctx, status, "failed");
+       torture_assert_werr_ok(tctx, r.out.result, "failed");
+
+       for (i = 0; i < 6; i++) {
+               torture_assert(tctx, ctr->sitename[i].string == NULL,
+                              "sitename should be null");
+               torture_assert(tctx, ctr->subnetname[i].string == NULL,
+                              "subnet should be null");
+       }
+
         return true;
  }
  
@@ -2483,7 +3099,7 @@ static bool test_GetDomainInfo(struct torture_context *tctx,
  
         ZERO_STRUCT(q1);
         q1.dns_hostname = talloc_asprintf(tctx, "%s.%s", TEST_MACHINE_NAME,
-               lp_dnsdomain(tctx->lp_ctx));
+               lpcfg_dnsdomain(tctx->lp_ctx));
         q1.sitename = "Default-First-Site-Name";
         q1.os_version.os = &os;
         q1.os_name.string = talloc_asprintf(tctx,
@@ -2519,7 +3135,7 @@ static bool test_GetDomainInfo(struct torture_context *tctx,
         torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
         torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
  
-       msleep(250);
+       smb_msleep(250);
  
         if (sam_ctx) {
                 /* AD workstation infos entry check */
@@ -2596,7 +3212,7 @@ static bool test_GetDomainInfo(struct torture_context *tctx,
         /* Change also the DNS hostname to test differences in behaviour */
         talloc_free(discard_const_p(char, q1.dns_hostname));
         q1.dns_hostname = talloc_asprintf(tctx, "%s2.%s", TEST_MACHINE_NAME,
-               lp_dnsdomain(tctx->lp_ctx));
+               lpcfg_dnsdomain(tctx->lp_ctx));
  
         /* The workstation handles the "servicePrincipalName" and DNS hostname
            updates */
@@ -2608,7 +3224,7 @@ static bool test_GetDomainInfo(struct torture_context *tctx,
  
         torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
  
-       msleep(250);
+       smb_msleep(250);
  
         if (sam_ctx) {
                 /* AD workstation infos entry check */
@@ -2670,7 +3286,7 @@ static bool test_GetDomainInfo(struct torture_context *tctx,
         /* Change also the DNS hostname to test differences in behaviour */
         talloc_free(discard_const_p(char, q1.dns_hostname));
         q1.dns_hostname = talloc_asprintf(tctx, "%s2.%s", TEST_MACHINE_NAME,
-               lp_dnsdomain(tctx->lp_ctx));
+               lpcfg_dnsdomain(tctx->lp_ctx));
  
         /* Wipe out the osVersion, and prove which values still 'stick' */
         q1.os_version.os = NULL;
@@ -2684,7 +3300,7 @@ static bool test_GetDomainInfo(struct torture_context *tctx,
         torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
         torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
  
-       msleep(250);
+       smb_msleep(250);
  
         if (sam_ctx) {
                 /* AD workstation infos entry check */
@@ -2744,7 +3360,7 @@ static bool test_GetDomainInfo(struct torture_context *tctx,
         /* Put the DNS hostname back */
         talloc_free(discard_const_p(char, q1.dns_hostname));
         q1.dns_hostname = talloc_asprintf(tctx, "%s.%s", TEST_MACHINE_NAME,
-               lp_dnsdomain(tctx->lp_ctx));
+               lpcfg_dnsdomain(tctx->lp_ctx));
  
         /* The workstation handles the "servicePrincipalName" and DNS hostname
            updates */
@@ -2755,13 +3371,14 @@ static bool test_GetDomainInfo(struct torture_context *tctx,
         torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
         torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
  
-       msleep(250);
+       smb_msleep(250);
  
         /* Now the in/out DNS hostnames should be the same */
         torture_assert_str_equal(tctx,
                 info.domain_info->dns_hostname.string,
                 query.workstation_info->dns_hostname,
                 "In/Out 'DNS hostnames' don't match!");
+       old_dnsname = info.domain_info->dns_hostname.string;
  
         /* Checks "workstation flags" */
         torture_assert(tctx,
@@ -2789,7 +3406,7 @@ static bool test_GetDomainInfo(struct torture_context *tctx,
         torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
         torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
  
-       msleep(250);
+       smb_msleep(250);
  
         /* Checks "workstation flags" */
         torture_assert(tctx,
@@ -2804,6 +3421,40 @@ static bool test_GetDomainInfo(struct torture_context *tctx,
                 && (info.domain_info->trusted_domains != NULL),
                 "Trusted domains have been requested!");
  
+
+       torture_comment(tctx, "Testing netr_LogonGetDomainInfo 6th call (no DNS hostname)\n");
+       netlogon_creds_client_authenticator(creds, &a);
+
+       query.workstation_info->dns_hostname = NULL;
+
+       torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonGetDomainInfo_r(b, tctx, &r),
+               "LogonGetDomainInfo failed");
+       torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
+       torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
+
+       /* The old DNS hostname should stick */
+       torture_assert_str_equal(tctx,
+               info.domain_info->dns_hostname.string,
+               old_dnsname,
+               "'DNS hostname' changed!");
+
+
+       if (!torture_setting_bool(tctx, "dangerous", false)) {
+               torture_comment(tctx, "Not testing netr_LogonGetDomainInfo 7th call (no workstation info) - enable dangerous tests in order to do so\n");
+       } else {
+               /* Try a call without the workstation information structure */
+
+               torture_comment(tctx, "Testing netr_LogonGetDomainInfo 7th call (no workstation info)\n");
+               netlogon_creds_client_authenticator(creds, &a);
+
+               query.workstation_info = NULL;
+
+               torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonGetDomainInfo_r(b, tctx, &r),
+                       "LogonGetDomainInfo failed");
+               torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
+               torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
+       }
+
         return true;
  }
  
@@ -2842,7 +3493,7 @@ static bool test_GetDomainInfo_async(struct torture_context *tctx,
  
         ZERO_STRUCT(q1);
         q1.dns_hostname = talloc_asprintf(tctx, "%s.%s", TEST_MACHINE_NAME,
-               lp_dnsdomain(tctx->lp_ctx));
+               lpcfg_dnsdomain(tctx->lp_ctx));
         q1.sitename = "Default-First-Site-Name";
         q1.os_name.string = "UNIX/Linux or similar";
  
@@ -2856,8 +3507,8 @@ static bool test_GetDomainInfo_async(struct torture_context *tctx,
  
                 /* even with this flush per request a w2k3 server seems to 
                    clag with multiple outstanding requests. bleergh. */
-               torture_assert_int_equal(tctx, event_loop_once(dcerpc_event_context(p)), 0, 
-                                        "event_loop_once failed");
+               torture_assert_int_equal(tctx, tevent_loop_once(dcerpc_event_context(p)), 0, 
+                                        "tevent_loop_once failed");
         }
  
         for (i=0;i<ASYNC_COUNT;i++) {
@@ -2994,7 +3645,7 @@ static bool test_SetPassword_with_flags(struct torture_context *tctx,
  
  struct torture_suite *torture_rpc_netlogon(TALLOC_CTX *mem_ctx)
  {
-       struct torture_suite *suite = torture_suite_create(mem_ctx, "NETLOGON");
+       struct torture_suite *suite = torture_suite_create(mem_ctx, "netlogon");
         struct torture_rpc_tcase *tcase;
         struct torture_test *test;
  
@@ -3030,13 +3681,14 @@ struct torture_suite *torture_rpc_netlogon(TALLOC_CTX *mem_ctx)
         torture_rpc_tcase_add_test(tcase, "DsRAddressToSitenamesW", test_netr_DsRAddressToSitenamesW);
         torture_rpc_tcase_add_test(tcase, "DsRAddressToSitenamesExW", test_netr_DsRAddressToSitenamesExW);
         torture_rpc_tcase_add_test_creds(tcase, "ServerGetTrustInfo", test_netr_ServerGetTrustInfo);
+       torture_rpc_tcase_add_test_creds(tcase, "GetForestTrustInformation", test_netr_GetForestTrustInformation);
  
         return suite;
  }
  
  struct torture_suite *torture_rpc_netlogon_s3(TALLOC_CTX *mem_ctx)
  {
-       struct torture_suite *suite = torture_suite_create(mem_ctx, "NETLOGON-S3");
+       struct torture_suite *suite = torture_suite_create(mem_ctx, "netlogon-s3");
         struct torture_rpc_tcase *tcase;
  
         tcase = torture_suite_add_machine_bdc_rpc_iface_tcase(suite, "netlogon",
@@ -3054,7 +3706,7 @@ struct torture_suite *torture_rpc_netlogon_s3(TALLOC_CTX *mem_ctx)
  
  struct torture_suite *torture_rpc_netlogon_admin(TALLOC_CTX *mem_ctx)
  {
-       struct torture_suite *suite = torture_suite_create(mem_ctx, "NETLOGON-ADMIN");
+       struct torture_suite *suite = torture_suite_create(mem_ctx, "netlogon.admin");
         struct torture_rpc_tcase *tcase;
  
         tcase = torture_suite_add_machine_bdc_rpc_iface_tcase(suite, "netlogon",