s4-torture: Test rpc schannel netr_LogonGetCapability.
[ddiss/samba.git] / source4 / torture / rpc / netlogon.c
index b7c9b05d1d3f8508dccb353037bcc8c9fc343e32..d60b2e3c18fca48cc1a0cee40a8d27f0003bf4da 100644 (file)
@@ -32,7 +32,7 @@
 #include "librpc/gen_ndr/ndr_lsa_c.h"
 #include "param/param.h"
 #include "libcli/security/security.h"
-#include "lib/ldb/include/ldb.h"
+#include <ldb.h>
 #include "lib/util/util_ldb.h"
 #include "ldb_wrap.h"
 #include "lib/replace/system/network.h"
@@ -590,7 +590,7 @@ static bool test_SetPassword2(struct torture_context *tctx,
        new_password.length = IVAL(password_buf.data, 512);
 
        torture_comment(tctx, 
-               "Testing a third ServerPasswordSet2 on machine account, with a compleatly random password\n");
+               "Testing a third ServerPasswordSet2 on machine account, with a completely random password\n");
 
        netlogon_creds_client_authenticator(creds, &credential);
 
@@ -776,7 +776,7 @@ static bool test_netlogon_ops_args(struct dcerpc_pipe *p, struct torture_context
        for (i=52;i<53;i++) {
                ZERO_STRUCT(auth2);
                /* the authenticator should be ignored by the server */
-               generate_random_buffer(&auth, sizeof(auth));
+               generate_random_buffer((uint8_t *) &auth, sizeof(auth));
 
                r.in.validation_level = i;
 
@@ -815,7 +815,7 @@ static bool test_netlogon_ops_args(struct dcerpc_pipe *p, struct torture_context
        for (i=2;i<=3;i++) {
                ZERO_STRUCT(auth2);
                /* the authenticator should be ignored by the server */
-               generate_random_buffer(&auth, sizeof(auth));
+               generate_random_buffer((uint8_t *) &auth, sizeof(auth));
 
                r.in.validation_level = i;
 
@@ -884,6 +884,60 @@ bool test_netlogon_ops(struct dcerpc_pipe *p, struct torture_context *tctx,
        return test_netlogon_ops_args(p, tctx, credentials, creds, false);
 }
 
+/*
+  try a netlogon GetCapabilities
+*/
+bool test_netlogon_capabilities(struct dcerpc_pipe *p, struct torture_context *tctx,
+                               struct cli_credentials *credentials,
+                               struct netlogon_creds_CredentialState *creds)
+{
+       NTSTATUS status;
+       struct netr_LogonGetCapabilities r;
+       union netr_Capabilities capabilities;
+       struct netr_Authenticator auth, return_auth;
+       struct netlogon_creds_CredentialState tmp_creds;
+       struct dcerpc_binding_handle *b = p->binding_handle;
+
+       r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+       r.in.computer_name = cli_credentials_get_workstation(credentials);
+       r.in.credential = &auth;
+       r.in.return_authenticator = &return_auth;
+       r.in.query_level = 1;
+       r.out.capabilities = &capabilities;
+       r.out.return_authenticator = &return_auth;
+
+       torture_comment(tctx, "Testing LogonGetCapabilities\n");
+
+       ZERO_STRUCT(return_auth);
+
+       /*
+        * we need to operate on a temporary copy of creds
+        * because dcerpc_netr_LogonGetCapabilities was
+        * dcerpc_netr_DummyFunction and returns NT_STATUS_NOT_IMPLEMENTED
+        * without looking a the authenticator.
+        */
+       tmp_creds = *creds;
+       netlogon_creds_client_authenticator(&tmp_creds, &auth);
+
+       status = dcerpc_netr_LogonGetCapabilities_r(b, tctx, &r);
+       torture_assert_ntstatus_ok(tctx, status, "LogonGetCapabilities failed");
+       if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_NOT_IMPLEMENTED)) {
+               return true;
+       }
+
+       *creds = tmp_creds;
+
+       torture_assert(tctx, netlogon_creds_client_check(creds,
+                                                        &r.out.return_authenticator->cred),
+                      "Credential chaining failed");
+
+       torture_assert_int_equal(tctx, creds->negotiate_flags,
+                                capabilities.server_capabilities,
+                                "negotiate flags");
+
+       return true;
+}
+
 /*
   try a netlogon SamLogon
 */
@@ -1999,6 +2053,30 @@ static bool test_LogonControl2(struct torture_context *tctx,
                torture_assert_ntstatus_ok(tctx, status, "LogonControl2");
        }
 
+       ZERO_STRUCT(data);
+       r.in.function_code = 52;
+       r.in.data = &data;
+
+       torture_comment(tctx, "Testing LogonControl2 function code %s (%d) level %d\n",
+                       function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
+
+       status = dcerpc_netr_LogonControl2_r(b, tctx, &r);
+       torture_assert_ntstatus_ok(tctx, status, "LogonControl2");
+       torture_assert_werr_equal(tctx, r.out.result, WERR_UNKNOWN_LEVEL, "LogonControl2");
+
+       data.debug_level = ~0;
+
+       r.in.function_code = NETLOGON_CONTROL_SET_DBFLAG;
+       r.in.data = &data;
+
+       r.in.level = 52;
+       torture_comment(tctx, "Testing LogonControl2 function code %s (%d) level %d\n",
+                       function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
+
+       status = dcerpc_netr_LogonControl2_r(b, tctx, &r);
+       torture_assert_ntstatus_ok(tctx, status, "LogonControl2");
+       torture_assert_werr_equal(tctx, r.out.result, WERR_UNKNOWN_LEVEL, "LogonControl2");
+
        return true;
 }
 
@@ -3429,8 +3507,8 @@ static bool test_GetDomainInfo_async(struct torture_context *tctx,
 
                /* even with this flush per request a w2k3 server seems to 
                   clag with multiple outstanding requests. bleergh. */
-               torture_assert_int_equal(tctx, event_loop_once(dcerpc_event_context(p)), 0, 
-                                        "event_loop_once failed");
+               torture_assert_int_equal(tctx, tevent_loop_once(dcerpc_event_context(p)), 0, 
+                                        "tevent_loop_once failed");
        }
 
        for (i=0;i<ASYNC_COUNT;i++) {