Copyright (C) Andrew Tridgell 2003
Copyright (C) Andrew Bartlett <abartlet@samba.org> 2003-2004
Copyright (C) Tim Potter 2003
- Copyright (C) Matthias Dieter Wallnöfer 2009
+ Copyright (C) Matthias Dieter Wallnöfer 2009-2010
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
*/
#include "includes.h"
-#include "version.h"
-#include "torture/torture.h"
#include "lib/events/events.h"
-#include "auth/auth.h"
-#include "auth/gensec/gensec.h"
#include "lib/cmdline/popt_common.h"
-#include "torture/rpc/rpc.h"
-#include "torture/rpc/netlogon.h"
+#include "torture/rpc/torture_rpc.h"
#include "../lib/crypto/crypto.h"
#include "libcli/auth/libcli_auth.h"
#include "librpc/gen_ndr/ndr_netlogon_c.h"
-#include "librpc/gen_ndr/ndr_netlogon.h"
#include "librpc/gen_ndr/ndr_lsa_c.h"
#include "param/param.h"
#include "libcli/security/security.h"
-#include "lib/ldb/include/ldb.h"
+#include <ldb.h>
#include "lib/util/util_ldb.h"
-#include "lib/ldb_wrap.h"
+#include "ldb_wrap.h"
+#include "lib/replace/system/network.h"
+#include "dsdb/samdb/samdb.h"
#define TEST_MACHINE_NAME "torturetest"
-#define TEST_MACHINE_DNS_SUFFIX "torturedomain"
+
+static bool test_netr_broken_binding_handle(struct torture_context *tctx,
+ struct dcerpc_pipe *p)
+{
+ NTSTATUS status;
+ struct netr_DsRGetSiteName r;
+ const char *site = NULL;
+ struct dcerpc_binding_handle *b = p->binding_handle;
+
+ r.in.computer_name = talloc_asprintf(tctx, "\\\\%s",
+ dcerpc_server_name(p));
+ r.out.site = &site;
+
+ torture_comment(tctx,
+ "Testing netlogon request with correct binding handle: %s\n",
+ r.in.computer_name);
+
+ status = dcerpc_netr_DsRGetSiteName_r(b, tctx, &r);
+ torture_assert_ntstatus_ok(tctx, status,
+ "Netlogon request with broken binding handle");
+ torture_assert_werr_ok(tctx, r.out.result,
+ "Netlogon request with broken binding handle");
+
+ if (torture_setting_bool(tctx, "samba3", false) ||
+ torture_setting_bool(tctx, "samba4", false)) {
+ torture_skip(tctx,
+ "Skipping broken binding handle check against Samba");
+ }
+
+ r.in.computer_name = talloc_asprintf(tctx, "\\\\\\\\%s",
+ dcerpc_server_name(p));
+
+ torture_comment(tctx,
+ "Testing netlogon request with broken binding handle: %s\n",
+ r.in.computer_name);
+
+ status = dcerpc_netr_DsRGetSiteName_r(b, tctx, &r);
+ torture_assert_ntstatus_ok(tctx, status,
+ "Netlogon request with broken binding handle");
+ torture_assert_werr_equal(tctx, r.out.result,
+ WERR_INVALID_COMPUTERNAME,
+ "Netlogon request with broken binding handle");
+
+ r.in.computer_name = "\\\\\\\\THIS_IS_NOT_VALID";
+
+ torture_comment(tctx,
+ "Testing netlogon request with broken binding handle: %s\n",
+ r.in.computer_name);
+
+ status = dcerpc_netr_DsRGetSiteName_r(b, tctx, &r);
+ torture_assert_ntstatus_ok(tctx, status,
+ "Netlogon request with broken binding handle");
+ torture_assert_werr_equal(tctx, r.out.result,
+ WERR_INVALID_COMPUTERNAME,
+ "Netlogon request with broken binding handle");
+
+ return true;
+}
static bool test_LogonUasLogon(struct torture_context *tctx,
struct dcerpc_pipe *p)
NTSTATUS status;
struct netr_LogonUasLogon r;
struct netr_UasInfo *info = NULL;
+ struct dcerpc_binding_handle *b = p->binding_handle;
r.in.server_name = NULL;
r.in.account_name = cli_credentials_get_username(cmdline_credentials);
r.in.workstation = TEST_MACHINE_NAME;
r.out.info = &info;
- status = dcerpc_netr_LogonUasLogon(p, tctx, &r);
+ status = dcerpc_netr_LogonUasLogon_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "LogonUasLogon");
return true;
NTSTATUS status;
struct netr_LogonUasLogoff r;
struct netr_UasLogoffInfo info;
+ struct dcerpc_binding_handle *b = p->binding_handle;
r.in.server_name = NULL;
r.in.account_name = cli_credentials_get_username(cmdline_credentials);
r.in.workstation = TEST_MACHINE_NAME;
r.out.info = &info;
- status = dcerpc_netr_LogonUasLogoff(p, tctx, &r);
+ status = dcerpc_netr_LogonUasLogoff_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "LogonUasLogoff");
return true;
struct cli_credentials *credentials,
struct netlogon_creds_CredentialState **creds_out)
{
- NTSTATUS status;
struct netr_ServerReqChallenge r;
struct netr_ServerAuthenticate a;
struct netr_Credential credentials1, credentials2, credentials3;
struct netlogon_creds_CredentialState *creds;
const struct samr_Password *mach_password;
const char *machine_name;
+ struct dcerpc_binding_handle *b = p->binding_handle;
mach_password = cli_credentials_get_nt_hash(credentials, tctx);
machine_name = cli_credentials_get_workstation(credentials);
generate_random_buffer(credentials1.data, sizeof(credentials1.data));
- status = dcerpc_netr_ServerReqChallenge(p, tctx, &r);
- torture_assert_ntstatus_ok(tctx, status, "ServerReqChallenge");
+ torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b, tctx, &r),
+ "ServerReqChallenge failed");
+ torture_assert_ntstatus_ok(tctx, r.out.result, "ServerReqChallenge failed");
a.in.server_name = NULL;
a.in.account_name = talloc_asprintf(tctx, "%s$", machine_name);
torture_comment(tctx, "Testing ServerAuthenticate\n");
- status = dcerpc_netr_ServerAuthenticate(p, tctx, &a);
+ torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerAuthenticate_r(b, tctx, &a),
+ "ServerAuthenticate failed");
/* This allows the tests to continue against the more fussy windows 2008 */
- if (NT_STATUS_EQUAL(status, NT_STATUS_DOWNGRADE_DETECTED)) {
+ if (NT_STATUS_EQUAL(a.out.result, NT_STATUS_DOWNGRADE_DETECTED)) {
return test_SetupCredentials2(p, tctx, NETLOGON_NEG_AUTH2_ADS_FLAGS,
credentials,
cli_credentials_get_secure_channel_type(credentials),
creds_out);
}
- torture_assert_ntstatus_ok(tctx, status, "ServerAuthenticate");
+ torture_assert_ntstatus_ok(tctx, a.out.result, "ServerAuthenticate");
torture_assert(tctx, netlogon_creds_client_check(creds, &credentials3),
"Credential chaining failed");
bool test_SetupCredentials2(struct dcerpc_pipe *p, struct torture_context *tctx,
uint32_t negotiate_flags,
struct cli_credentials *machine_credentials,
- int sec_chan_type,
+ enum netr_SchannelType sec_chan_type,
struct netlogon_creds_CredentialState **creds_out)
{
- NTSTATUS status;
struct netr_ServerReqChallenge r;
struct netr_ServerAuthenticate2 a;
struct netr_Credential credentials1, credentials2, credentials3;
struct netlogon_creds_CredentialState *creds;
const struct samr_Password *mach_password;
const char *machine_name;
+ struct dcerpc_binding_handle *b = p->binding_handle;
mach_password = cli_credentials_get_nt_hash(machine_credentials, tctx);
machine_name = cli_credentials_get_workstation(machine_credentials);
generate_random_buffer(credentials1.data, sizeof(credentials1.data));
- status = dcerpc_netr_ServerReqChallenge(p, tctx, &r);
- torture_assert_ntstatus_ok(tctx, status, "ServerReqChallenge");
+ torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b, tctx, &r),
+ "ServerReqChallenge failed");
+ torture_assert_ntstatus_ok(tctx, r.out.result, "ServerReqChallenge failed");
a.in.server_name = NULL;
a.in.account_name = talloc_asprintf(tctx, "%s$", machine_name);
torture_comment(tctx, "Testing ServerAuthenticate2\n");
- status = dcerpc_netr_ServerAuthenticate2(p, tctx, &a);
- torture_assert_ntstatus_ok(tctx, status, "ServerAuthenticate2");
+ torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerAuthenticate2_r(b, tctx, &a),
+ "ServerAuthenticate2 failed");
+ torture_assert_ntstatus_ok(tctx, a.out.result, "ServerAuthenticate2 failed");
torture_assert(tctx, netlogon_creds_client_check(creds, &credentials3),
"Credential chaining failed");
}
-static bool test_SetupCredentials3(struct dcerpc_pipe *p, struct torture_context *tctx,
+bool test_SetupCredentials3(struct dcerpc_pipe *p, struct torture_context *tctx,
uint32_t negotiate_flags,
struct cli_credentials *machine_credentials,
struct netlogon_creds_CredentialState **creds_out)
{
- NTSTATUS status;
struct netr_ServerReqChallenge r;
struct netr_ServerAuthenticate3 a;
struct netr_Credential credentials1, credentials2, credentials3;
uint32_t rid;
const char *machine_name;
const char *plain_pass;
+ struct dcerpc_binding_handle *b = p->binding_handle;
machine_name = cli_credentials_get_workstation(machine_credentials);
plain_pass = cli_credentials_get_password(machine_credentials);
generate_random_buffer(credentials1.data, sizeof(credentials1.data));
- status = dcerpc_netr_ServerReqChallenge(p, tctx, &r);
- torture_assert_ntstatus_ok(tctx, status, "ServerReqChallenge");
+ torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b, tctx, &r),
+ "ServerReqChallenge failed");
+ torture_assert_ntstatus_ok(tctx, r.out.result, "ServerReqChallenge failed");
E_md4hash(plain_pass, mach_password.hash);
torture_comment(tctx, "Testing ServerAuthenticate3\n");
- status = dcerpc_netr_ServerAuthenticate3(p, tctx, &a);
- torture_assert_ntstatus_ok(tctx, status, "ServerAuthenticate3");
+ torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerAuthenticate3_r(b, tctx, &a),
+ "ServerAuthenticate3 failed");
+ torture_assert_ntstatus_ok(tctx, a.out.result, "ServerAuthenticate3 failed");
torture_assert(tctx, netlogon_creds_client_check(creds, &credentials3), "Credential chaining failed");
torture_comment(tctx, "negotiate_flags=0x%08x\n", negotiate_flags);
/* Prove that requesting a challenge again won't break it */
- status = dcerpc_netr_ServerReqChallenge(p, tctx, &r);
- torture_assert_ntstatus_ok(tctx, status, "ServerReqChallenge");
+ torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b, tctx, &r),
+ "ServerReqChallenge failed");
+ torture_assert_ntstatus_ok(tctx, r.out.result, "ServerReqChallenge failed");
*creds_out = creds;
return true;
struct dcerpc_pipe *p,
struct cli_credentials *machine_credentials)
{
- NTSTATUS status;
struct netr_ServerPasswordSet r;
const char *password;
struct netlogon_creds_CredentialState *creds;
struct netr_Authenticator credential, return_authenticator;
struct samr_Password new_password;
+ struct dcerpc_binding_handle *b = p->binding_handle;
if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
return false;
r.in.new_password = &new_password;
r.out.return_authenticator = &return_authenticator;
- password = generate_random_str(tctx, 8);
+ password = generate_random_password(tctx, 8, 255);
E_md4hash(password, new_password.hash);
netlogon_creds_des_encrypt(creds, &new_password);
netlogon_creds_client_authenticator(creds, &credential);
- status = dcerpc_netr_ServerPasswordSet(p, tctx, &r);
- torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet");
+ torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerPasswordSet_r(b, tctx, &r),
+ "ServerPasswordSet failed");
+ torture_assert_ntstatus_ok(tctx, r.out.result, "ServerPasswordSet failed");
if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
torture_comment(tctx, "Credential chaining failed\n");
netlogon_creds_client_authenticator(creds, &credential);
- status = dcerpc_netr_ServerPasswordSet(p, tctx, &r);
- torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet (2)");
+ torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerPasswordSet_r(b, tctx, &r),
+ "ServerPasswordSet (2) failed");
+ torture_assert_ntstatus_ok(tctx, r.out.result, "ServerPasswordSet (2) failed");
if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
torture_comment(tctx, "Credential chaining failed\n");
struct cli_credentials *machine_credentials,
uint32_t negotiate_flags)
{
- NTSTATUS status;
struct netr_ServerPasswordSet r;
const char *password;
struct netlogon_creds_CredentialState *creds;
struct netr_Authenticator credential, return_authenticator;
struct samr_Password new_password;
+ struct dcerpc_binding_handle *b = p->binding_handle;
if (!test_SetupCredentials2(p, tctx, negotiate_flags,
machine_credentials,
r.in.new_password = &new_password;
r.out.return_authenticator = &return_authenticator;
- password = generate_random_str(tctx, 8);
+ password = generate_random_password(tctx, 8, 255);
E_md4hash(password, new_password.hash);
netlogon_creds_des_encrypt(creds, &new_password);
netlogon_creds_client_authenticator(creds, &credential);
- status = dcerpc_netr_ServerPasswordSet(p, tctx, &r);
- torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet");
+ torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerPasswordSet_r(b, tctx, &r),
+ "ServerPasswordSet failed");
+ torture_assert_ntstatus_ok(tctx, r.out.result, "ServerPasswordSet failed");
if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
torture_comment(tctx, "Credential chaining failed\n");
netlogon_creds_client_authenticator(creds, &credential);
- status = dcerpc_netr_ServerPasswordSet(p, tctx, &r);
- torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet (2)");
+ torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerPasswordSet_r(b, tctx, &r),
+ "ServerPasswordSet (2) failed");
+ torture_assert_ntstatus_ok(tctx, r.out.result, "ServerPasswordSet (2) failed");
if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
torture_comment(tctx, "Credential chaining failed\n");
struct dcerpc_pipe *p,
struct cli_credentials *machine_credentials)
{
- NTSTATUS status;
struct netr_ServerPasswordSet2 r;
const char *password;
DATA_BLOB new_random_pass;
struct samr_Password nt_hash;
struct netr_Authenticator credential, return_authenticator;
struct netr_CryptPassword new_password;
+ struct dcerpc_binding_handle *b = p->binding_handle;
if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
return false;
r.in.new_password = &new_password;
r.out.return_authenticator = &return_authenticator;
- password = generate_random_str(tctx, 8);
+ password = generate_random_password(tctx, 8, 255);
encode_pw_buffer(password_buf.data, password, STR_UNICODE);
netlogon_creds_arcfour_crypt(creds, password_buf.data, 516);
netlogon_creds_client_authenticator(creds, &credential);
- status = dcerpc_netr_ServerPasswordSet2(p, tctx, &r);
- torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet2");
+ torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerPasswordSet2_r(b, tctx, &r),
+ "ServerPasswordSet2 failed");
+ torture_assert_ntstatus_ok(tctx, r.out.result, "ServerPasswordSet2 failed");
if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
torture_comment(tctx, "Credential chaining failed\n");
netlogon_creds_client_authenticator(creds, &credential);
- status = dcerpc_netr_ServerPasswordSet2(p, tctx, &r);
- torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet2");
+ torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerPasswordSet2_r(b, tctx, &r),
+ "ServerPasswordSet2 failed");
+ torture_assert_ntstatus_ok(tctx, r.out.result, "ServerPasswordSet2 failed");
if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
torture_comment(tctx, "Credential chaining failed\n");
"ServerPasswordSet failed to actually change the password");
/* now try a random password */
- password = generate_random_str(tctx, 8);
+ password = generate_random_password(tctx, 8, 255);
encode_pw_buffer(password_buf.data, password, STR_UNICODE);
netlogon_creds_arcfour_crypt(creds, password_buf.data, 516);
netlogon_creds_client_authenticator(creds, &credential);
- status = dcerpc_netr_ServerPasswordSet2(p, tctx, &r);
- torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet2 (2)");
+ torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerPasswordSet2_r(b, tctx, &r),
+ "ServerPasswordSet2 (2) failed");
+ torture_assert_ntstatus_ok(tctx, r.out.result, "ServerPasswordSet2 (2) failed");
if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
torture_comment(tctx, "Credential chaining failed\n");
netlogon_creds_client_authenticator(creds, &credential);
- status = dcerpc_netr_ServerPasswordSet2(p, tctx, &r);
- torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet (3)");
+ torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerPasswordSet2_r(b, tctx, &r),
+ "ServerPasswordSet (3) failed");
+ torture_assert_ntstatus_ok(tctx, r.out.result, "ServerPasswordSet (3) failed");
if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
torture_comment(tctx, "Credential chaining failed\n");
new_password.length = IVAL(password_buf.data, 512);
torture_comment(tctx,
- "Testing a third ServerPasswordSet2 on machine account, with a compleatly random password\n");
+ "Testing a third ServerPasswordSet2 on machine account, with a completely random password\n");
netlogon_creds_client_authenticator(creds, &credential);
- status = dcerpc_netr_ServerPasswordSet2(p, tctx, &r);
- torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet (3)");
+ torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerPasswordSet2_r(b, tctx, &r),
+ "ServerPasswordSet (3) failed");
+ torture_assert_ntstatus_ok(tctx, r.out.result, "ServerPasswordSet (3) failed");
if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
torture_comment(tctx, "Credential chaining failed\n");
NTSTATUS status;
struct netr_Authenticator return_authenticator;
struct samr_Password password;
+ struct dcerpc_binding_handle *b = p->binding_handle;
if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
return false;
r.out.return_authenticator = &return_authenticator;
r.out.password = &password;
- status = dcerpc_netr_ServerPasswordGet(p, tctx, &r);
+ status = dcerpc_netr_ServerPasswordGet_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "ServerPasswordGet");
return true;
struct netr_ServerTrustPasswordsGet r;
struct netlogon_creds_CredentialState *creds;
struct netr_Authenticator credential;
- NTSTATUS status;
struct netr_Authenticator return_authenticator;
struct samr_Password password, password2;
+ struct dcerpc_binding_handle *b = p->binding_handle;
if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
return false;
r.out.password = &password;
r.out.password2 = &password2;
- status = dcerpc_netr_ServerTrustPasswordsGet(p, tctx, &r);
- torture_assert_ntstatus_ok(tctx, status, "ServerTrustPasswordsGet");
+ torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerTrustPasswordsGet_r(b, tctx, &r),
+ "ServerTrustPasswordsGet failed");
+ torture_assert_ntstatus_ok(tctx, r.out.result, "ServerTrustPasswordsGet failed");
return true;
}
/*
try a netlogon SamLogon
*/
-bool test_netlogon_ops(struct dcerpc_pipe *p, struct torture_context *tctx,
- struct cli_credentials *credentials,
- struct netlogon_creds_CredentialState *creds)
+static bool test_netlogon_ops_args(struct dcerpc_pipe *p, struct torture_context *tctx,
+ struct cli_credentials *credentials,
+ struct netlogon_creds_CredentialState *creds,
+ bool null_domain)
{
NTSTATUS status;
struct netr_LogonSamLogon r;
struct netr_Authenticator auth, auth2;
+ static const struct netr_Authenticator auth_zero;
union netr_LogonLevel logon;
union netr_Validation validation;
uint8_t authoritative;
struct netr_NetworkInfo ninfo;
DATA_BLOB names_blob, chal, lm_resp, nt_resp;
int i;
+ struct dcerpc_binding_handle *b = p->binding_handle;
int flags = CLI_CRED_NTLM_AUTH;
- if (lp_client_lanman_auth(tctx->lp_ctx)) {
+ if (lpcfg_client_lanman_auth(tctx->lp_ctx)) {
flags |= CLI_CRED_LANMAN_AUTH;
}
- if (lp_client_ntlmv2_auth(tctx->lp_ctx)) {
+ if (lpcfg_client_ntlmv2_auth(tctx->lp_ctx) && !null_domain) {
flags |= CLI_CRED_NTLMv2_AUTH;
}
cli_credentials_get_ntlm_username_domain(cmdline_credentials, tctx,
&ninfo.identity_info.account_name.string,
&ninfo.identity_info.domain_name.string);
-
+
+ if (null_domain) {
+ ninfo.identity_info.domain_name.string = NULL;
+ }
+
generate_random_buffer(ninfo.challenge,
sizeof(ninfo.challenge));
chal = data_blob_const(ninfo.challenge,
d_printf("Testing LogonSamLogon with name %s\n", ninfo.identity_info.account_name.string);
- for (i=2;i<3;i++) {
+ for (i=2;i<=3;i++) {
ZERO_STRUCT(auth2);
netlogon_creds_client_authenticator(creds, &auth);
r.in.validation_level = i;
- status = dcerpc_netr_LogonSamLogon(p, tctx, &r);
- torture_assert_ntstatus_ok(tctx, status, "LogonSamLogon failed");
+ torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
+ "LogonSamLogon failed");
+ torture_assert_ntstatus_ok(tctx, r.out.result, "LogonSamLogon failed");
torture_assert(tctx, netlogon_creds_client_check(creds,
&r.out.return_authenticator->cred),
"Credential chaining failed");
+ torture_assert_int_equal(tctx, *r.out.authoritative, 1,
+ "LogonSamLogon invalid *r.out.authoritative");
+ }
+
+ /* this makes sure we get the unmarshalling right for invalid levels */
+ for (i=52;i<53;i++) {
+ ZERO_STRUCT(auth2);
+ /* the authenticator should be ignored by the server */
+ generate_random_buffer((uint8_t *) &auth, sizeof(auth));
+
+ r.in.validation_level = i;
+
+ torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
+ "LogonSamLogon failed");
+ torture_assert_ntstatus_equal(tctx, r.out.result,
+ NT_STATUS_INVALID_INFO_CLASS,
+ "LogonSamLogon failed");
+
+ torture_assert_int_equal(tctx, *r.out.authoritative, 1,
+ "LogonSamLogon invalid *r.out.authoritative");
+ torture_assert(tctx,
+ memcmp(&auth2, &auth_zero, sizeof(auth2)) == 0,
+ "Return authenticator non zero");
+ }
+
+ for (i=2;i<=3;i++) {
+ ZERO_STRUCT(auth2);
+ netlogon_creds_client_authenticator(creds, &auth);
+
+ r.in.validation_level = i;
+
+ torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
+ "LogonSamLogon failed");
+ torture_assert_ntstatus_ok(tctx, r.out.result, "LogonSamLogon failed");
+
+ torture_assert(tctx, netlogon_creds_client_check(creds,
+ &r.out.return_authenticator->cred),
+ "Credential chaining failed");
+ torture_assert_int_equal(tctx, *r.out.authoritative, 1,
+ "LogonSamLogon invalid *r.out.authoritative");
+ }
+
+ r.in.logon_level = 52;
+
+ for (i=2;i<=3;i++) {
+ ZERO_STRUCT(auth2);
+ /* the authenticator should be ignored by the server */
+ generate_random_buffer((uint8_t *) &auth, sizeof(auth));
+
+ r.in.validation_level = i;
+
+ torture_comment(tctx, "Testing SamLogon with validation level %d and a NULL credential\n", i);
+
+ torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
+ "LogonSamLogon failed");
+ torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_INVALID_PARAMETER,
+ "LogonSamLogon expected INVALID_PARAMETER");
+
+ torture_assert(tctx,
+ memcmp(&auth2, &auth_zero, sizeof(auth2)) == 0,
+ "Return authenticator non zero");
+ torture_assert_int_equal(tctx, *r.out.authoritative, 1,
+ "LogonSamLogon invalid *r.out.authoritative");
}
r.in.credential = NULL;
for (i=2;i<=3;i++) {
+ ZERO_STRUCT(auth2);
r.in.validation_level = i;
torture_comment(tctx, "Testing SamLogon with validation level %d and a NULL credential\n", i);
- status = dcerpc_netr_LogonSamLogon(p, tctx, &r);
- torture_assert_ntstatus_equal(tctx, status, NT_STATUS_INVALID_PARAMETER,
+ torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
+ "LogonSamLogon failed");
+ torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_INVALID_PARAMETER,
"LogonSamLogon expected INVALID_PARAMETER");
+ torture_assert(tctx,
+ memcmp(&auth2, &auth_zero, sizeof(auth2)) == 0,
+ "Return authenticator non zero");
+ torture_assert_int_equal(tctx, *r.out.authoritative, 1,
+ "LogonSamLogon invalid *r.out.authoritative");
+ }
+
+ r.in.logon_level = 2;
+ r.in.credential = &auth;
+
+ for (i=2;i<=3;i++) {
+ ZERO_STRUCT(auth2);
+ netlogon_creds_client_authenticator(creds, &auth);
+
+ r.in.validation_level = i;
+
+ torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
+ "LogonSamLogon failed");
+ torture_assert_ntstatus_ok(tctx, r.out.result, "LogonSamLogon failed");
+
+ torture_assert(tctx, netlogon_creds_client_check(creds,
+ &r.out.return_authenticator->cred),
+ "Credential chaining failed");
+ torture_assert_int_equal(tctx, *r.out.authoritative, 1,
+ "LogonSamLogon invalid *r.out.authoritative");
}
return true;
}
+bool test_netlogon_ops(struct dcerpc_pipe *p, struct torture_context *tctx,
+ struct cli_credentials *credentials,
+ struct netlogon_creds_CredentialState *creds)
+{
+ return test_netlogon_ops_args(p, tctx, credentials, creds, false);
+}
+
+/*
+ try a netlogon GetCapabilities
+*/
+bool test_netlogon_capabilities(struct dcerpc_pipe *p, struct torture_context *tctx,
+ struct cli_credentials *credentials,
+ struct netlogon_creds_CredentialState *creds)
+{
+ NTSTATUS status;
+ struct netr_LogonGetCapabilities r;
+ union netr_Capabilities capabilities;
+ struct netr_Authenticator auth, return_auth;
+ struct netlogon_creds_CredentialState tmp_creds;
+ struct dcerpc_binding_handle *b = p->binding_handle;
+
+ r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+ r.in.computer_name = cli_credentials_get_workstation(credentials);
+ r.in.credential = &auth;
+ r.in.return_authenticator = &return_auth;
+ r.in.query_level = 1;
+ r.out.capabilities = &capabilities;
+ r.out.return_authenticator = &return_auth;
+
+ torture_comment(tctx, "Testing LogonGetCapabilities\n");
+
+ ZERO_STRUCT(return_auth);
+
+ /*
+ * we need to operate on a temporary copy of creds
+ * because dcerpc_netr_LogonGetCapabilities was
+ * dcerpc_netr_DummyFunction and returns NT_STATUS_NOT_IMPLEMENTED
+ * without looking a the authenticator.
+ */
+ tmp_creds = *creds;
+ netlogon_creds_client_authenticator(&tmp_creds, &auth);
+
+ status = dcerpc_netr_LogonGetCapabilities_r(b, tctx, &r);
+ torture_assert_ntstatus_ok(tctx, status, "LogonGetCapabilities failed");
+ if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_NOT_IMPLEMENTED)) {
+ return true;
+ }
+
+ *creds = tmp_creds;
+
+ torture_assert(tctx, netlogon_creds_client_check(creds,
+ &r.out.return_authenticator->cred),
+ "Credential chaining failed");
+
+ torture_assert_int_equal(tctx, creds->negotiate_flags,
+ capabilities.server_capabilities,
+ "negotiate flags");
+
+ return true;
+}
+
/*
try a netlogon SamLogon
*/
return test_netlogon_ops(p, tctx, credentials, creds);
}
+static bool test_SamLogon_NULL_domain(struct torture_context *tctx,
+ struct dcerpc_pipe *p,
+ struct cli_credentials *credentials)
+{
+ struct netlogon_creds_CredentialState *creds;
+
+ if (!test_SetupCredentials(p, tctx, credentials, &creds)) {
+ return false;
+ }
+
+ return test_netlogon_ops_args(p, tctx, credentials, creds, true);
+}
+
/* we remember the sequence numbers so we can easily do a DatabaseDelta */
static uint64_t sequence_nums[3];
struct dcerpc_pipe *p,
struct cli_credentials *machine_credentials)
{
- NTSTATUS status;
struct netr_DatabaseSync r;
struct netlogon_creds_CredentialState *creds;
const uint32_t database_ids[] = {SAM_DATABASE_DOMAIN, SAM_DATABASE_BUILTIN, SAM_DATABASE_PRIVS};
int i;
struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
struct netr_Authenticator credential, return_authenticator;
+ struct dcerpc_binding_handle *b = p->binding_handle;
if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
return false;
r.in.credential = &credential;
- status = dcerpc_netr_DatabaseSync(p, tctx, &r);
- if (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES))
+ torture_assert_ntstatus_ok(tctx, dcerpc_netr_DatabaseSync_r(b, tctx, &r),
+ "DatabaseSync failed");
+ if (NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES))
break;
/* Native mode servers don't do this */
- if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
+ if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_NOT_SUPPORTED)) {
return true;
}
- torture_assert_ntstatus_ok(tctx, status, "DatabaseSync");
+ torture_assert_ntstatus_ok(tctx, r.out.result, "DatabaseSync");
if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
torture_comment(tctx, "Credential chaining failed\n");
r.in.database_id,
(unsigned long long)sequence_nums[r.in.database_id]);
}
- } while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES));
+ } while (NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES));
}
return true;
struct dcerpc_pipe *p,
struct cli_credentials *machine_credentials)
{
- NTSTATUS status;
struct netr_DatabaseDeltas r;
struct netlogon_creds_CredentialState *creds;
struct netr_Authenticator credential;
struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
const uint32_t database_ids[] = {0, 1, 2};
int i;
+ struct dcerpc_binding_handle *b = p->binding_handle;
if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
return false;
do {
netlogon_creds_client_authenticator(creds, &credential);
- status = dcerpc_netr_DatabaseDeltas(p, tctx, &r);
- if (NT_STATUS_EQUAL(status,
+ torture_assert_ntstatus_ok(tctx, dcerpc_netr_DatabaseDeltas_r(b, tctx, &r),
+ "DatabaseDeltas failed");
+ if (NT_STATUS_EQUAL(r.out.result,
NT_STATUS_SYNCHRONIZATION_REQUIRED)) {
torture_comment(tctx, "not considering %s to be an error\n",
- nt_errstr(status));
+ nt_errstr(r.out.result));
return true;
}
- if (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES))
+ if (NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES))
break;
- torture_assert_ntstatus_ok(tctx, status, "DatabaseDeltas");
+ torture_assert_ntstatus_ok(tctx, r.out.result, "DatabaseDeltas");
if (!netlogon_creds_client_check(creds, &return_authenticator.cred)) {
torture_comment(tctx, "Credential chaining failed\n");
}
(*r.in.sequence_num)++;
- } while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES));
+ } while (NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES));
}
return true;
struct dcerpc_pipe *p,
struct cli_credentials *machine_credentials)
{
- NTSTATUS status;
struct netr_DatabaseRedo r;
struct netlogon_creds_CredentialState *creds;
struct netr_Authenticator credential;
struct netr_ChangeLogEntry e;
struct dom_sid null_sid, *sid;
int i,d;
+ struct dcerpc_binding_handle *b = p->binding_handle;
ZERO_STRUCT(null_sid);
r.out.delta_enum_array = &delta_enum_array;
for (d=0; d<3; d++) {
-
- const char *database;
+ const char *database = NULL;
switch (d) {
case 0:
torture_comment(tctx, "Testing DatabaseRedo with database %s and %s\n",
database, changes[i].comment);
- status = dcerpc_netr_DatabaseRedo(p, tctx, &r);
- if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
+ torture_assert_ntstatus_ok(tctx, dcerpc_netr_DatabaseRedo_r(b, tctx, &r),
+ "DatabaseRedo failed");
+ if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_NOT_SUPPORTED)) {
return true;
}
- torture_assert_ntstatus_equal(tctx, status, changes[i].expected_error, changes[i].comment);
+ torture_assert_ntstatus_equal(tctx, r.out.result, changes[i].expected_error, changes[i].comment);
if (delta_enum_array) {
torture_assert_int_equal(tctx,
delta_enum_array->num_deltas,
struct dcerpc_pipe *p,
struct cli_credentials *machine_credentials)
{
- NTSTATUS status;
struct netr_AccountDeltas r;
struct netlogon_creds_CredentialState *creds;
uint32_t total_entries = 0;
struct netr_UAS_INFO_0 recordid;
struct netr_Authenticator return_authenticator;
+ struct dcerpc_binding_handle *b = p->binding_handle;
if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
return false;
r.out.return_authenticator = &return_authenticator;
/* w2k3 returns "NOT IMPLEMENTED" for this call */
- status = dcerpc_netr_AccountDeltas(p, tctx, &r);
- torture_assert_ntstatus_equal(tctx, status, NT_STATUS_NOT_IMPLEMENTED, "AccountDeltas");
+ torture_assert_ntstatus_ok(tctx, dcerpc_netr_AccountDeltas_r(b, tctx, &r),
+ "AccountDeltas failed");
+ torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_NOT_IMPLEMENTED, "AccountDeltas");
return true;
}
static bool test_AccountSync(struct torture_context *tctx, struct dcerpc_pipe *p,
struct cli_credentials *machine_credentials)
{
- NTSTATUS status;
struct netr_AccountSync r;
struct netlogon_creds_CredentialState *creds;
uint32_t next_reference = 0;
struct netr_UAS_INFO_0 recordid;
struct netr_Authenticator return_authenticator;
+ struct dcerpc_binding_handle *b = p->binding_handle;
ZERO_STRUCT(recordid);
ZERO_STRUCT(return_authenticator);
r.out.return_authenticator = &return_authenticator;
/* w2k3 returns "NOT IMPLEMENTED" for this call */
- status = dcerpc_netr_AccountSync(p, tctx, &r);
- torture_assert_ntstatus_equal(tctx, status, NT_STATUS_NOT_IMPLEMENTED, "AccountSync");
+ torture_assert_ntstatus_ok(tctx, dcerpc_netr_AccountSync_r(b, tctx, &r),
+ "AccountSync failed");
+ torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_NOT_IMPLEMENTED, "AccountSync");
return true;
}
static bool test_GetDcName(struct torture_context *tctx,
struct dcerpc_pipe *p)
{
- NTSTATUS status;
struct netr_GetDcName r;
const char *dcname = NULL;
+ struct dcerpc_binding_handle *b = p->binding_handle;
r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
- r.in.domainname = lp_workgroup(tctx->lp_ctx);
+ r.in.domainname = lpcfg_workgroup(tctx->lp_ctx);
r.out.dcname = &dcname;
- status = dcerpc_netr_GetDcName(p, tctx, &r);
- torture_assert_ntstatus_ok(tctx, status, "GetDcName");
- torture_assert_werr_ok(tctx, r.out.result, "GetDcName");
+ torture_assert_ntstatus_ok(tctx, dcerpc_netr_GetDcName_r(b, tctx, &r),
+ "GetDcName failed");
+ torture_assert_werr_ok(tctx, r.out.result, "GetDcName failed");
torture_comment(tctx, "\tDC is at '%s'\n", dcname);
return true;
}
+static const char *function_code_str(TALLOC_CTX *mem_ctx,
+ enum netr_LogonControlCode function_code)
+{
+ switch (function_code) {
+ case NETLOGON_CONTROL_QUERY:
+ return "NETLOGON_CONTROL_QUERY";
+ case NETLOGON_CONTROL_REPLICATE:
+ return "NETLOGON_CONTROL_REPLICATE";
+ case NETLOGON_CONTROL_SYNCHRONIZE:
+ return "NETLOGON_CONTROL_SYNCHRONIZE";
+ case NETLOGON_CONTROL_PDC_REPLICATE:
+ return "NETLOGON_CONTROL_PDC_REPLICATE";
+ case NETLOGON_CONTROL_REDISCOVER:
+ return "NETLOGON_CONTROL_REDISCOVER";
+ case NETLOGON_CONTROL_TC_QUERY:
+ return "NETLOGON_CONTROL_TC_QUERY";
+ case NETLOGON_CONTROL_TRANSPORT_NOTIFY:
+ return "NETLOGON_CONTROL_TRANSPORT_NOTIFY";
+ case NETLOGON_CONTROL_FIND_USER:
+ return "NETLOGON_CONTROL_FIND_USER";
+ case NETLOGON_CONTROL_CHANGE_PASSWORD:
+ return "NETLOGON_CONTROL_CHANGE_PASSWORD";
+ case NETLOGON_CONTROL_TC_VERIFY:
+ return "NETLOGON_CONTROL_TC_VERIFY";
+ case NETLOGON_CONTROL_FORCE_DNS_REG:
+ return "NETLOGON_CONTROL_FORCE_DNS_REG";
+ case NETLOGON_CONTROL_QUERY_DNS_REG:
+ return "NETLOGON_CONTROL_QUERY_DNS_REG";
+ case NETLOGON_CONTROL_BACKUP_CHANGE_LOG:
+ return "NETLOGON_CONTROL_BACKUP_CHANGE_LOG";
+ case NETLOGON_CONTROL_TRUNCATE_LOG:
+ return "NETLOGON_CONTROL_TRUNCATE_LOG";
+ case NETLOGON_CONTROL_SET_DBFLAG:
+ return "NETLOGON_CONTROL_SET_DBFLAG";
+ case NETLOGON_CONTROL_BREAKPOINT:
+ return "NETLOGON_CONTROL_BREAKPOINT";
+ default:
+ return talloc_asprintf(mem_ctx, "unknown function code: %d",
+ function_code);
+ }
+}
+
+
/*
try a netlogon LogonControl
*/
static bool test_LogonControl(struct torture_context *tctx,
- struct dcerpc_pipe *p)
+ struct dcerpc_pipe *p,
+ struct cli_credentials *machine_credentials)
+
{
NTSTATUS status;
struct netr_LogonControl r;
union netr_CONTROL_QUERY_INFORMATION query;
- int i;
+ int i,f;
+ enum netr_SchannelType secure_channel_type = SEC_CHAN_NULL;
+ struct dcerpc_binding_handle *b = p->binding_handle;
+
+ uint32_t function_codes[] = {
+ NETLOGON_CONTROL_QUERY,
+ NETLOGON_CONTROL_REPLICATE,
+ NETLOGON_CONTROL_SYNCHRONIZE,
+ NETLOGON_CONTROL_PDC_REPLICATE,
+ NETLOGON_CONTROL_REDISCOVER,
+ NETLOGON_CONTROL_TC_QUERY,
+ NETLOGON_CONTROL_TRANSPORT_NOTIFY,
+ NETLOGON_CONTROL_FIND_USER,
+ NETLOGON_CONTROL_CHANGE_PASSWORD,
+ NETLOGON_CONTROL_TC_VERIFY,
+ NETLOGON_CONTROL_FORCE_DNS_REG,
+ NETLOGON_CONTROL_QUERY_DNS_REG,
+ NETLOGON_CONTROL_BACKUP_CHANGE_LOG,
+ NETLOGON_CONTROL_TRUNCATE_LOG,
+ NETLOGON_CONTROL_SET_DBFLAG,
+ NETLOGON_CONTROL_BREAKPOINT
+ };
+
+ if (machine_credentials) {
+ secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
+ }
+
+ torture_comment(tctx, "Testing LogonControl with secure channel type: %d\n",
+ secure_channel_type);
r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
r.in.function_code = 1;
r.out.query = &query;
- for (i=1;i<4;i++) {
+ for (f=0;f<ARRAY_SIZE(function_codes); f++) {
+ for (i=1;i<5;i++) {
+
+ r.in.function_code = function_codes[f];
r.in.level = i;
- torture_comment(tctx, "Testing LogonControl level %d\n", i);
+ torture_comment(tctx, "Testing LogonControl function code %s (%d) level %d\n",
+ function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
- status = dcerpc_netr_LogonControl(p, tctx, &r);
+ status = dcerpc_netr_LogonControl_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "LogonControl");
+
+ switch (r.in.level) {
+ case 1:
+ switch (r.in.function_code) {
+ case NETLOGON_CONTROL_REPLICATE:
+ case NETLOGON_CONTROL_SYNCHRONIZE:
+ case NETLOGON_CONTROL_PDC_REPLICATE:
+ case NETLOGON_CONTROL_BREAKPOINT:
+ case NETLOGON_CONTROL_BACKUP_CHANGE_LOG:
+ if ((secure_channel_type == SEC_CHAN_BDC) ||
+ (secure_channel_type == SEC_CHAN_WKSTA)) {
+ torture_assert_werr_equal(tctx, r.out.result, WERR_ACCESS_DENIED,
+ "LogonControl returned unexpected error code");
+ } else {
+ torture_assert_werr_equal(tctx, r.out.result, WERR_NOT_SUPPORTED,
+ "LogonControl returned unexpected error code");
+ }
+ break;
+
+ case NETLOGON_CONTROL_REDISCOVER:
+ case NETLOGON_CONTROL_TC_QUERY:
+ case NETLOGON_CONTROL_TRANSPORT_NOTIFY:
+ case NETLOGON_CONTROL_FIND_USER:
+ case NETLOGON_CONTROL_CHANGE_PASSWORD:
+ case NETLOGON_CONTROL_TC_VERIFY:
+ case NETLOGON_CONTROL_FORCE_DNS_REG:
+ case NETLOGON_CONTROL_QUERY_DNS_REG:
+ case NETLOGON_CONTROL_SET_DBFLAG:
+ torture_assert_werr_equal(tctx, r.out.result, WERR_NOT_SUPPORTED,
+ "LogonControl returned unexpected error code");
+ break;
+ case NETLOGON_CONTROL_TRUNCATE_LOG:
+ if ((secure_channel_type == SEC_CHAN_BDC) ||
+ (secure_channel_type == SEC_CHAN_WKSTA)) {
+ torture_assert_werr_equal(tctx, r.out.result, WERR_ACCESS_DENIED,
+ "LogonControl returned unexpected error code");
+ } else {
+ torture_assert_werr_ok(tctx, r.out.result,
+ "LogonControl returned unexpected result");
+ }
+ break;
+ default:
+ torture_assert_werr_ok(tctx, r.out.result,
+ "LogonControl returned unexpected result");
+ break;
+ }
+ break;
+ case 2:
+ torture_assert_werr_equal(tctx, r.out.result, WERR_NOT_SUPPORTED,
+ "LogonControl returned unexpected error code");
+ break;
+ default:
+ torture_assert_werr_equal(tctx, r.out.result, WERR_UNKNOWN_LEVEL,
+ "LogonControl returned unexpected error code");
+ break;
+ }
+ }
}
+ r.in.level = 52;
+ torture_comment(tctx, "Testing LogonControl function code %s (%d) level %d\n",
+ function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
+ status = dcerpc_netr_LogonControl_r(b, tctx, &r);
+ torture_assert_ntstatus_ok(tctx, status, "LogonControl");
+ torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_LEVEL, "LogonControl");
+
return true;
}
NTSTATUS status;
struct netr_GetAnyDCName r;
const char *dcname = NULL;
+ struct dcerpc_binding_handle *b = p->binding_handle;
+ r.in.domainname = lpcfg_workgroup(tctx->lp_ctx);
r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
- r.in.domainname = lp_workgroup(tctx->lp_ctx);
r.out.dcname = &dcname;
- status = dcerpc_netr_GetAnyDCName(p, tctx, &r);
+ status = dcerpc_netr_GetAnyDCName_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "GetAnyDCName");
- torture_assert_werr_ok(tctx, r.out.result, "GetAnyDCName");
+ if ((!W_ERROR_IS_OK(r.out.result)) &&
+ (!W_ERROR_EQUAL(r.out.result, WERR_NO_SUCH_DOMAIN))) {
+ return false;
+ }
if (dcname) {
torture_comment(tctx, "\tDC is at '%s'\n", dcname);
}
+ r.in.domainname = NULL;
+
+ status = dcerpc_netr_GetAnyDCName_r(b, tctx, &r);
+ torture_assert_ntstatus_ok(tctx, status, "GetAnyDCName");
+ if ((!W_ERROR_IS_OK(r.out.result)) &&
+ (!W_ERROR_EQUAL(r.out.result, WERR_NO_SUCH_DOMAIN))) {
+ return false;
+ }
+
+ r.in.domainname = "";
+
+ status = dcerpc_netr_GetAnyDCName_r(b, tctx, &r);
+ torture_assert_ntstatus_ok(tctx, status, "GetAnyDCName");
+ if ((!W_ERROR_IS_OK(r.out.result)) &&
+ (!W_ERROR_EQUAL(r.out.result, WERR_NO_SUCH_DOMAIN))) {
+ return false;
+ }
+
return true;
}
try a netlogon LogonControl2
*/
static bool test_LogonControl2(struct torture_context *tctx,
- struct dcerpc_pipe *p)
+ struct dcerpc_pipe *p,
+ struct cli_credentials *machine_credentials)
+
{
NTSTATUS status;
struct netr_LogonControl2 r;
union netr_CONTROL_DATA_INFORMATION data;
union netr_CONTROL_QUERY_INFORMATION query;
int i;
+ struct dcerpc_binding_handle *b = p->binding_handle;
- data.domain = lp_workgroup(tctx->lp_ctx);
+ data.domain = lpcfg_workgroup(tctx->lp_ctx);
r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
for (i=1;i<4;i++) {
r.in.level = i;
- torture_comment(tctx, "Testing LogonControl2 level %d function %d\n",
- i, r.in.function_code);
+ torture_comment(tctx, "Testing LogonControl2 function code %s (%d) level %d\n",
+ function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
- status = dcerpc_netr_LogonControl2(p, tctx, &r);
- torture_assert_ntstatus_ok(tctx, status, "LogonControl");
+ status = dcerpc_netr_LogonControl2_r(b, tctx, &r);
+ torture_assert_ntstatus_ok(tctx, status, "LogonControl2");
}
- data.domain = lp_workgroup(tctx->lp_ctx);
+ data.domain = lpcfg_workgroup(tctx->lp_ctx);
r.in.function_code = NETLOGON_CONTROL_TC_QUERY;
r.in.data = &data;
for (i=1;i<4;i++) {
r.in.level = i;
- torture_comment(tctx, "Testing LogonControl2 level %d function %d\n",
- i, r.in.function_code);
+ torture_comment(tctx, "Testing LogonControl2 function code %s (%d) level %d\n",
+ function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
- status = dcerpc_netr_LogonControl2(p, tctx, &r);
- torture_assert_ntstatus_ok(tctx, status, "LogonControl");
+ status = dcerpc_netr_LogonControl2_r(b, tctx, &r);
+ torture_assert_ntstatus_ok(tctx, status, "LogonControl2");
}
- data.domain = lp_workgroup(tctx->lp_ctx);
+ data.domain = lpcfg_workgroup(tctx->lp_ctx);
r.in.function_code = NETLOGON_CONTROL_TRANSPORT_NOTIFY;
r.in.data = &data;
for (i=1;i<4;i++) {
r.in.level = i;
- torture_comment(tctx, "Testing LogonControl2 level %d function %d\n",
- i, r.in.function_code);
+ torture_comment(tctx, "Testing LogonControl2 function code %s (%d) level %d\n",
+ function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
- status = dcerpc_netr_LogonControl2(p, tctx, &r);
- torture_assert_ntstatus_ok(tctx, status, "LogonControl");
+ status = dcerpc_netr_LogonControl2_r(b, tctx, &r);
+ torture_assert_ntstatus_ok(tctx, status, "LogonControl2");
}
data.debug_level = ~0;
for (i=1;i<4;i++) {
r.in.level = i;
- torture_comment(tctx, "Testing LogonControl2 level %d function %d\n",
- i, r.in.function_code);
+ torture_comment(tctx, "Testing LogonControl2 function code %s (%d) level %d\n",
+ function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
- status = dcerpc_netr_LogonControl2(p, tctx, &r);
- torture_assert_ntstatus_ok(tctx, status, "LogonControl");
+ status = dcerpc_netr_LogonControl2_r(b, tctx, &r);
+ torture_assert_ntstatus_ok(tctx, status, "LogonControl2");
}
+ ZERO_STRUCT(data);
+ r.in.function_code = 52;
+ r.in.data = &data;
+
+ torture_comment(tctx, "Testing LogonControl2 function code %s (%d) level %d\n",
+ function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
+
+ status = dcerpc_netr_LogonControl2_r(b, tctx, &r);
+ torture_assert_ntstatus_ok(tctx, status, "LogonControl2");
+ torture_assert_werr_equal(tctx, r.out.result, WERR_UNKNOWN_LEVEL, "LogonControl2");
+
+ data.debug_level = ~0;
+
+ r.in.function_code = NETLOGON_CONTROL_SET_DBFLAG;
+ r.in.data = &data;
+
+ r.in.level = 52;
+ torture_comment(tctx, "Testing LogonControl2 function code %s (%d) level %d\n",
+ function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
+
+ status = dcerpc_netr_LogonControl2_r(b, tctx, &r);
+ torture_assert_ntstatus_ok(tctx, status, "LogonControl2");
+ torture_assert_werr_equal(tctx, r.out.result, WERR_UNKNOWN_LEVEL, "LogonControl2");
+
return true;
}
struct dcerpc_pipe *p,
struct cli_credentials *machine_credentials)
{
- NTSTATUS status;
struct netr_DatabaseSync2 r;
struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
struct netr_Authenticator return_authenticator, credential;
struct netlogon_creds_CredentialState *creds;
const uint32_t database_ids[] = {0, 1, 2};
int i;
+ struct dcerpc_binding_handle *b = p->binding_handle;
if (!test_SetupCredentials2(p, tctx, NETLOGON_NEG_AUTH2_FLAGS,
machine_credentials,
r.in.credential = &credential;
- status = dcerpc_netr_DatabaseSync2(p, tctx, &r);
- if (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES))
+ torture_assert_ntstatus_ok(tctx, dcerpc_netr_DatabaseSync2_r(b, tctx, &r),
+ "DatabaseSync2 failed");
+ if (NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES))
break;
/* Native mode servers don't do this */
- if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
+ if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_NOT_SUPPORTED)) {
return true;
}
- torture_assert_ntstatus_ok(tctx, status, "DatabaseSync2");
+ torture_assert_ntstatus_ok(tctx, r.out.result, "DatabaseSync2");
if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
torture_comment(tctx, "Credential chaining failed\n");
}
- } while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES));
+ } while (NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES));
}
return true;
try a netlogon LogonControl2Ex
*/
static bool test_LogonControl2Ex(struct torture_context *tctx,
- struct dcerpc_pipe *p)
+ struct dcerpc_pipe *p,
+ struct cli_credentials *machine_credentials)
+
{
NTSTATUS status;
struct netr_LogonControl2Ex r;
union netr_CONTROL_DATA_INFORMATION data;
union netr_CONTROL_QUERY_INFORMATION query;
int i;
+ struct dcerpc_binding_handle *b = p->binding_handle;
- data.domain = lp_workgroup(tctx->lp_ctx);
+ data.domain = lpcfg_workgroup(tctx->lp_ctx);
r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
torture_comment(tctx, "Testing LogonControl2Ex level %d function %d\n",
i, r.in.function_code);
- status = dcerpc_netr_LogonControl2Ex(p, tctx, &r);
+ status = dcerpc_netr_LogonControl2Ex_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "LogonControl");
}
- data.domain = lp_workgroup(tctx->lp_ctx);
+ data.domain = lpcfg_workgroup(tctx->lp_ctx);
r.in.function_code = NETLOGON_CONTROL_TC_QUERY;
r.in.data = &data;
torture_comment(tctx, "Testing LogonControl2Ex level %d function %d\n",
i, r.in.function_code);
- status = dcerpc_netr_LogonControl2Ex(p, tctx, &r);
+ status = dcerpc_netr_LogonControl2Ex_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "LogonControl");
}
- data.domain = lp_workgroup(tctx->lp_ctx);
+ data.domain = lpcfg_workgroup(tctx->lp_ctx);
r.in.function_code = NETLOGON_CONTROL_TRANSPORT_NOTIFY;
r.in.data = &data;
torture_comment(tctx, "Testing LogonControl2Ex level %d function %d\n",
i, r.in.function_code);
- status = dcerpc_netr_LogonControl2Ex(p, tctx, &r);
+ status = dcerpc_netr_LogonControl2Ex_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "LogonControl");
}
torture_comment(tctx, "Testing LogonControl2Ex level %d function %d\n",
i, r.in.function_code);
- status = dcerpc_netr_LogonControl2Ex(p, tctx, &r);
+ status = dcerpc_netr_LogonControl2Ex_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "LogonControl");
}
return true;
}
+static bool test_netr_GetForestTrustInformation(struct torture_context *tctx,
+ struct dcerpc_pipe *p,
+ struct cli_credentials *machine_credentials)
+{
+ struct netr_GetForestTrustInformation r;
+ struct netlogon_creds_CredentialState *creds;
+ struct netr_Authenticator a;
+ struct netr_Authenticator return_authenticator;
+ struct lsa_ForestTrustInformation *forest_trust_info;
+ struct dcerpc_binding_handle *b = p->binding_handle;
+
+ if (!test_SetupCredentials3(p, tctx, NETLOGON_NEG_AUTH2_ADS_FLAGS,
+ machine_credentials, &creds)) {
+ return false;
+ }
+
+ netlogon_creds_client_authenticator(creds, &a);
+
+ r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+ r.in.computer_name = TEST_MACHINE_NAME;
+ r.in.credential = &a;
+ r.in.flags = 0;
+ r.out.return_authenticator = &return_authenticator;
+ r.out.forest_trust_info = &forest_trust_info;
+
+ torture_assert_ntstatus_ok(tctx,
+ dcerpc_netr_GetForestTrustInformation_r(b, tctx, &r),
+ "netr_GetForestTrustInformation failed");
+ if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_NOT_IMPLEMENTED)) {
+ torture_comment(tctx, "not considering NT_STATUS_NOT_IMPLEMENTED as an error\n");
+ } else {
+ torture_assert_ntstatus_ok(tctx, r.out.result,
+ "netr_GetForestTrustInformation failed");
+ }
+
+ torture_assert(tctx,
+ netlogon_creds_client_check(creds, &return_authenticator.cred),
+ "Credential chaining failed");
+
+ return true;
+}
+
static bool test_netr_DsRGetForestTrustInformation(struct torture_context *tctx,
struct dcerpc_pipe *p, const char *trusted_domain_name)
{
NTSTATUS status;
struct netr_DsRGetForestTrustInformation r;
struct lsa_ForestTrustInformation info, *info_ptr;
+ struct dcerpc_binding_handle *b = p->binding_handle;
info_ptr = &info;
torture_comment(tctx ,"Testing netr_DsRGetForestTrustInformation\n");
- status = dcerpc_netr_DsRGetForestTrustInformation(p, tctx, &r);
+ status = dcerpc_netr_DsRGetForestTrustInformation_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "DsRGetForestTrustInformation");
torture_assert_werr_ok(tctx, r.out.result, "DsRGetForestTrustInformation");
struct netr_DsrEnumerateDomainTrusts r;
struct netr_DomainTrustList trusts;
int i;
+ struct dcerpc_binding_handle *b = p->binding_handle;
r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
r.in.trust_flags = 0x3f;
r.out.trusts = &trusts;
- status = dcerpc_netr_DsrEnumerateDomainTrusts(p, tctx, &r);
+ status = dcerpc_netr_DsrEnumerateDomainTrusts_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "DsrEnumerateDomaintrusts");
torture_assert_werr_ok(tctx, r.out.result, "DsrEnumerateDomaintrusts");
NTSTATUS status;
struct netr_NetrEnumerateTrustedDomains r;
struct netr_Blob trusted_domains_blob;
+ struct dcerpc_binding_handle *b = p->binding_handle;
r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
r.out.trusted_domains_blob = &trusted_domains_blob;
- status = dcerpc_netr_NetrEnumerateTrustedDomains(p, tctx, &r);
+ status = dcerpc_netr_NetrEnumerateTrustedDomains_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "netr_NetrEnumerateTrustedDomains");
- torture_assert_werr_ok(tctx, r.out.result, "NetrEnumerateTrustedDomains");
+ torture_assert_ntstatus_ok(tctx, r.out.result, "NetrEnumerateTrustedDomains");
return true;
}
NTSTATUS status;
struct netr_NetrEnumerateTrustedDomainsEx r;
struct netr_DomainTrustList dom_trust_list;
+ struct dcerpc_binding_handle *b = p->binding_handle;
r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
r.out.dom_trust_list = &dom_trust_list;
- status = dcerpc_netr_NetrEnumerateTrustedDomainsEx(p, tctx, &r);
+ status = dcerpc_netr_NetrEnumerateTrustedDomainsEx_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "netr_NetrEnumerateTrustedDomainsEx");
torture_assert_werr_ok(tctx, r.out.result, "NetrEnumerateTrustedDomainsEx");
NTSTATUS status;
struct netr_DsRGetSiteName r;
const char *site = NULL;
-
- if (torture_setting_bool(tctx, "samba4", false))
- torture_skip(tctx, "skipping DsRGetSiteName test against Samba4");
+ struct dcerpc_binding_handle *b = p->binding_handle;
r.in.computer_name = computer_name;
r.out.site = &site;
torture_comment(tctx, "Testing netr_DsRGetSiteName\n");
- status = dcerpc_netr_DsRGetSiteName(p, tctx, &r);
+ status = dcerpc_netr_DsRGetSiteName_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "DsRGetSiteName");
torture_assert_werr_ok(tctx, r.out.result, "DsRGetSiteName");
torture_assert_str_equal(tctx, expected_site, site, "netr_DsRGetSiteName");
- r.in.computer_name = talloc_asprintf(tctx, "\\\\%s", computer_name);
- torture_comment(tctx,
- "Testing netr_DsRGetSiteName with broken computer name: %s\n", r.in.computer_name);
-
- status = dcerpc_netr_DsRGetSiteName(p, tctx, &r);
- torture_assert_ntstatus_ok(tctx, status, "DsRGetSiteName");
- torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_COMPUTERNAME, "netr_DsRGetSiteName");
-
return true;
}
NTSTATUS status;
struct netr_DsRGetDCName r;
struct netr_DsRGetDCNameInfo *info = NULL;
+ struct dcerpc_binding_handle *b = p->binding_handle;
r.in.server_unc = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
- r.in.domain_name = talloc_asprintf(tctx, "%s", lp_realm(tctx->lp_ctx));
+ r.in.domain_name = lpcfg_dnsdomain(tctx->lp_ctx);
r.in.domain_guid = NULL;
r.in.site_guid = NULL;
r.in.flags = DS_RETURN_DNS_NAME;
r.out.info = &info;
- status = dcerpc_netr_DsRGetDCName(p, tctx, &r);
+ status = dcerpc_netr_DsRGetDCName_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "DsRGetDCName");
torture_assert_werr_ok(tctx, r.out.result, "DsRGetDCName");
+
+ torture_assert_int_equal(tctx,
+ (info->dc_flags & (DS_DNS_CONTROLLER)),
+ DS_DNS_CONTROLLER,
+ "DsRGetDCName");
+ torture_assert_int_equal(tctx,
+ (info->dc_flags & (DS_DNS_DOMAIN)),
+ DS_DNS_DOMAIN,
+ "DsRGetDCName");
+ torture_assert_int_equal(tctx,
+ (info->dc_flags & (DS_DNS_FOREST_ROOT)),
+ DS_DNS_FOREST_ROOT,
+ "DsRGetDCName");
+
+ r.in.domain_name = lpcfg_workgroup(tctx->lp_ctx);
+ r.in.flags = 0;
+
+ status = dcerpc_netr_DsRGetDCName_r(b, tctx, &r);
+ torture_assert_ntstatus_ok(tctx, status, "DsRGetDCName");
+ torture_assert_werr_ok(tctx, r.out.result, "DsRGetDCName");
+
+ torture_assert_int_equal(tctx,
+ (info->dc_flags & (DS_DNS_CONTROLLER)), 0,
+ "DsRGetDCName");
+ torture_assert_int_equal(tctx,
+ (info->dc_flags & (DS_DNS_DOMAIN)), 0,
+ "DsRGetDCName");
+ torture_assert_int_equal(tctx,
+ (info->dc_flags & (DS_DNS_FOREST_ROOT)),
+ DS_DNS_FOREST_ROOT,
+ "DsRGetDCName");
+
+ if (strcasecmp(info->dc_site_name, info->client_site_name) == 0) {
+ torture_assert_int_equal(tctx,
+ (info->dc_flags & (DS_SERVER_CLOSEST)),
+ DS_SERVER_CLOSEST,
+ "DsRGetDCName");
+ }
+
return test_netr_DsRGetSiteName(p, tctx,
info->dc_unc,
info->dc_site_name);
NTSTATUS status;
struct netr_DsRGetDCNameEx r;
struct netr_DsRGetDCNameInfo *info = NULL;
+ struct dcerpc_binding_handle *b = p->binding_handle;
r.in.server_unc = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
- r.in.domain_name = talloc_asprintf(tctx, "%s", lp_realm(tctx->lp_ctx));
+ r.in.domain_name = lpcfg_dnsdomain(tctx->lp_ctx);
r.in.domain_guid = NULL;
r.in.site_name = NULL;
r.in.flags = DS_RETURN_DNS_NAME;
r.out.info = &info;
- status = dcerpc_netr_DsRGetDCNameEx(p, tctx, &r);
+ status = dcerpc_netr_DsRGetDCNameEx_r(b, tctx, &r);
+ torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx");
+ torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx");
+
+ torture_assert_int_equal(tctx,
+ (info->dc_flags & (DS_DNS_CONTROLLER)),
+ DS_DNS_CONTROLLER,
+ "DsRGetDCNameEx");
+ torture_assert_int_equal(tctx,
+ (info->dc_flags & (DS_DNS_DOMAIN)),
+ DS_DNS_DOMAIN,
+ "DsRGetDCNameEx");
+ torture_assert_int_equal(tctx,
+ (info->dc_flags & (DS_DNS_FOREST_ROOT)),
+ DS_DNS_FOREST_ROOT,
+ "DsRGetDCNameEx");
+
+ r.in.domain_name = lpcfg_workgroup(tctx->lp_ctx);
+ r.in.flags = 0;
+
+ status = dcerpc_netr_DsRGetDCNameEx_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx");
torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx");
+ torture_assert_int_equal(tctx,
+ (info->dc_flags & (DS_DNS_CONTROLLER)), 0,
+ "DsRGetDCNameEx");
+ torture_assert_int_equal(tctx,
+ (info->dc_flags & (DS_DNS_DOMAIN)), 0,
+ "DsRGetDCNameEx");
+ torture_assert_int_equal(tctx,
+ (info->dc_flags & (DS_DNS_FOREST_ROOT)),
+ DS_DNS_FOREST_ROOT,
+ "DsRGetDCNameEx");
+
+ if (strcasecmp(info->dc_site_name, info->client_site_name) == 0) {
+ torture_assert_int_equal(tctx,
+ (info->dc_flags & (DS_SERVER_CLOSEST)),
+ DS_SERVER_CLOSEST,
+ "DsRGetDCNameEx");
+ }
+
return test_netr_DsRGetSiteName(p, tctx, info->dc_unc,
info->dc_site_name);
}
NTSTATUS status;
struct netr_DsRGetDCNameEx2 r;
struct netr_DsRGetDCNameInfo *info = NULL;
+ struct dcerpc_binding_handle *b = p->binding_handle;
+
+ torture_comment(tctx, "Testing netr_DsRGetDCNameEx2 with no inputs\n");
+ ZERO_STRUCT(r.in);
+ r.in.flags = DS_RETURN_DNS_NAME;
+ r.out.info = &info;
+
+ status = dcerpc_netr_DsRGetDCNameEx2_r(b, tctx, &r);
+ torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx2");
+ torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx2");
+
+ torture_assert_int_equal(tctx,
+ (info->dc_flags & (DS_DNS_CONTROLLER)),
+ DS_DNS_CONTROLLER,
+ "DsRGetDCNameEx2");
+ torture_assert_int_equal(tctx,
+ (info->dc_flags & (DS_DNS_DOMAIN)),
+ DS_DNS_DOMAIN,
+ "DsRGetDCNameEx2");
+ torture_assert_int_equal(tctx,
+ (info->dc_flags & (DS_DNS_FOREST_ROOT)),
+ DS_DNS_FOREST_ROOT,
+ "DsRGetDCNameEx2");
r.in.server_unc = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
r.in.client_account = NULL;
r.in.mask = 0x00000000;
- r.in.domain_name = talloc_asprintf(tctx, "%s", lp_realm(tctx->lp_ctx));
+ r.in.domain_name = lpcfg_dnsdomain(tctx->lp_ctx);
r.in.domain_guid = NULL;
r.in.site_name = NULL;
r.in.flags = DS_RETURN_DNS_NAME;
torture_comment(tctx, "Testing netr_DsRGetDCNameEx2 without client account\n");
- status = dcerpc_netr_DsRGetDCNameEx2(p, tctx, &r);
+ status = dcerpc_netr_DsRGetDCNameEx2_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx2");
torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx2");
- torture_comment(tctx, "Testing netr_DsRGetDCNameEx2 with client acount\n");
+ r.in.domain_name = lpcfg_workgroup(tctx->lp_ctx);
+ r.in.flags = 0;
+
+ status = dcerpc_netr_DsRGetDCNameEx2_r(b, tctx, &r);
+ torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx2");
+ torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx2");
+
+ torture_assert_int_equal(tctx,
+ (info->dc_flags & (DS_DNS_CONTROLLER)), 0,
+ "DsRGetDCNameEx2");
+ torture_assert_int_equal(tctx,
+ (info->dc_flags & (DS_DNS_DOMAIN)), 0,
+ "DsRGetDCNameEx2");
+ torture_assert_int_equal(tctx,
+ (info->dc_flags & (DS_DNS_FOREST_ROOT)),
+ DS_DNS_FOREST_ROOT,
+ "DsRGetDCNameEx2");
+
+ if (strcasecmp(info->dc_site_name, info->client_site_name) == 0) {
+ torture_assert_int_equal(tctx,
+ (info->dc_flags & (DS_SERVER_CLOSEST)),
+ DS_SERVER_CLOSEST,
+ "DsRGetDCNameEx2");
+ }
+
+ torture_comment(tctx, "Testing netr_DsRGetDCNameEx2 with client account\n");
r.in.client_account = TEST_MACHINE_NAME"$";
r.in.mask = ACB_SVRTRUST;
r.in.flags = DS_RETURN_FLAT_NAME;
r.out.info = &info;
- status = dcerpc_netr_DsRGetDCNameEx2(p, tctx, &r);
+ status = dcerpc_netr_DsRGetDCNameEx2_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx2");
torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx2");
+
return test_netr_DsRGetSiteName(p, tctx, info->dc_unc,
info->dc_site_name);
}
+/* This is a substitution for "samdb_server_site_name" which relies on the
+ * correct "lp_ctx" and therefore can't be used here. */
+static const char *server_site_name(struct torture_context *tctx,
+ struct ldb_context *ldb)
+{
+ TALLOC_CTX *tmp_ctx;
+ struct ldb_dn *dn, *server_dn;
+ const struct ldb_val *site_name_val;
+ const char *server_dn_str, *site_name;
+
+ tmp_ctx = talloc_new(ldb);
+ if (tmp_ctx == NULL) {
+ goto failed;
+ }
+
+ dn = ldb_dn_new(tmp_ctx, ldb, "");
+ if (dn == NULL) {
+ goto failed;
+ }
+
+ server_dn_str = samdb_search_string(ldb, tmp_ctx, dn, "serverName",
+ NULL);
+ if (server_dn_str == NULL) {
+ goto failed;
+ }
+
+ server_dn = ldb_dn_new(tmp_ctx, ldb, server_dn_str);
+ if (server_dn == NULL) {
+ goto failed;
+ }
+
+ /* CN=<Server name>, CN=Servers, CN=<Site name>, CN=Sites, ... */
+ site_name_val = ldb_dn_get_component_val(server_dn, 2);
+ if (site_name_val == NULL) {
+ goto failed;
+ }
+
+ site_name = (const char *) site_name_val->data;
+
+ talloc_steal(tctx, site_name);
+ talloc_free(tmp_ctx);
+
+ return site_name;
+
+failed:
+ talloc_free(tmp_ctx);
+ return NULL;
+}
+
static bool test_netr_DsrGetDcSiteCoverageW(struct torture_context *tctx,
struct dcerpc_pipe *p)
{
+ char *url;
+ struct ldb_context *sam_ctx = NULL;
NTSTATUS status;
struct netr_DsrGetDcSiteCoverageW r;
struct DcSitesCtr *ctr = NULL;
+ struct dcerpc_binding_handle *b = p->binding_handle;
+
+ torture_comment(tctx, "This does only pass with the default site\n");
+
+ /* We won't double-check this when we are over 'local' transports */
+ if (dcerpc_server_name(p)) {
+ /* Set up connection to SAMDB on DC */
+ url = talloc_asprintf(tctx, "ldap://%s", dcerpc_server_name(p));
+ sam_ctx = ldb_wrap_connect(tctx, tctx->ev, tctx->lp_ctx, url,
+ NULL,
+ cmdline_credentials,
+ 0);
+
+ torture_assert(tctx, sam_ctx, "Connection to the SAMDB on DC failed!");
+ }
r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
r.out.ctr = &ctr;
- status = dcerpc_netr_DsrGetDcSiteCoverageW(p, tctx, &r);
+ status = dcerpc_netr_DsrGetDcSiteCoverageW_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "failed");
torture_assert_werr_ok(tctx, r.out.result, "failed");
+ torture_assert(tctx, ctr->num_sites == 1,
+ "we should per default only get the default site");
+ if (sam_ctx != NULL) {
+ torture_assert_casestr_equal(tctx, ctr->sites[0].string,
+ server_site_name(tctx, sam_ctx),
+ "didn't return default site");
+ }
+
return true;
}
static bool test_netr_DsRAddressToSitenamesW(struct torture_context *tctx,
struct dcerpc_pipe *p)
{
+ char *url;
+ struct ldb_context *sam_ctx = NULL;
NTSTATUS status;
struct netr_DsRAddressToSitenamesW r;
- struct netr_DsRAddress addr;
+ struct netr_DsRAddress addrs[6];
+ struct sockaddr_in *addr;
+#ifdef HAVE_IPV6
+ struct sockaddr_in6 *addr6;
+#endif
struct netr_DsRAddressToSitenamesWCtr *ctr;
+ struct dcerpc_binding_handle *b = p->binding_handle;
+ uint32_t i;
+ int ret;
- ctr = talloc(tctx, struct netr_DsRAddressToSitenamesWCtr);
+ torture_comment(tctx, "This does only pass with the default site\n");
+
+ /* We won't double-check this when we are over 'local' transports */
+ if (dcerpc_server_name(p)) {
+ /* Set up connection to SAMDB on DC */
+ url = talloc_asprintf(tctx, "ldap://%s", dcerpc_server_name(p));
+ sam_ctx = ldb_wrap_connect(tctx, tctx->ev, tctx->lp_ctx, url,
+ NULL,
+ cmdline_credentials,
+ 0);
- addr.size = 16;
- addr.buffer = talloc_zero_array(tctx, uint8_t, addr.size);
+ torture_assert(tctx, sam_ctx, "Connection to the SAMDB on DC failed!");
+ }
+
+ /* First try valid IP addresses */
+
+ addrs[0].size = sizeof(struct sockaddr_in);
+ addrs[0].buffer = talloc_zero_array(tctx, uint8_t, addrs[0].size);
+ addr = (struct sockaddr_in *) addrs[0].buffer;
+ addrs[0].buffer[0] = AF_INET;
+ ret = inet_pton(AF_INET, "127.0.0.1", &addr->sin_addr);
+ torture_assert(tctx, ret > 0, "inet_pton failed");
+
+ addrs[1].size = sizeof(struct sockaddr_in);
+ addrs[1].buffer = talloc_zero_array(tctx, uint8_t, addrs[1].size);
+ addr = (struct sockaddr_in *) addrs[1].buffer;
+ addrs[1].buffer[0] = AF_INET;
+ ret = inet_pton(AF_INET, "0.0.0.0", &addr->sin_addr);
+ torture_assert(tctx, ret > 0, "inet_pton failed");
+
+ addrs[2].size = sizeof(struct sockaddr_in);
+ addrs[2].buffer = talloc_zero_array(tctx, uint8_t, addrs[2].size);
+ addr = (struct sockaddr_in *) addrs[2].buffer;
+ addrs[2].buffer[0] = AF_INET;
+ ret = inet_pton(AF_INET, "255.255.255.255", &addr->sin_addr);
+ torture_assert(tctx, ret > 0, "inet_pton failed");
+
+#ifdef HAVE_IPV6
+ addrs[3].size = sizeof(struct sockaddr_in6);
+ addrs[3].buffer = talloc_zero_array(tctx, uint8_t, addrs[3].size);
+ addr6 = (struct sockaddr_in6 *) addrs[3].buffer;
+ addrs[3].buffer[0] = AF_INET6;
+ ret = inet_pton(AF_INET6, "::1", &addr6->sin6_addr);
+ torture_assert(tctx, ret > 0, "inet_pton failed");
+
+ addrs[4].size = sizeof(struct sockaddr_in6);
+ addrs[4].buffer = talloc_zero_array(tctx, uint8_t, addrs[4].size);
+ addr6 = (struct sockaddr_in6 *) addrs[4].buffer;
+ addrs[4].buffer[0] = AF_INET6;
+ ret = inet_pton(AF_INET6, "::", &addr6->sin6_addr);
+ torture_assert(tctx, ret > 0, "inet_pton failed");
+
+ addrs[5].size = sizeof(struct sockaddr_in6);
+ addrs[5].buffer = talloc_zero_array(tctx, uint8_t, addrs[5].size);
+ addr6 = (struct sockaddr_in6 *) addrs[5].buffer;
+ addrs[5].buffer[0] = AF_INET6;
+ ret = inet_pton(AF_INET6, "ff02::1", &addr6->sin6_addr);
+ torture_assert(tctx, ret > 0, "inet_pton failed");
+#else
+ /* the test cases are repeated to have exactly 6. This is for
+ * compatibility with IPv4-only machines */
+ addrs[3].size = sizeof(struct sockaddr_in);
+ addrs[3].buffer = talloc_zero_array(tctx, uint8_t, addrs[3].size);
+ addr = (struct sockaddr_in *) addrs[3].buffer;
+ addrs[3].buffer[0] = AF_INET;
+ ret = inet_pton(AF_INET, "127.0.0.1", &addr->sin_addr);
+ torture_assert(tctx, ret > 0, "inet_pton failed");
+
+ addrs[4].size = sizeof(struct sockaddr_in);
+ addrs[4].buffer = talloc_zero_array(tctx, uint8_t, addrs[4].size);
+ addr = (struct sockaddr_in *) addrs[4].buffer;
+ addrs[4].buffer[0] = AF_INET;
+ ret = inet_pton(AF_INET, "0.0.0.0", &addr->sin_addr);
+ torture_assert(tctx, ret > 0, "inet_pton failed");
+
+ addrs[5].size = sizeof(struct sockaddr_in);
+ addrs[5].buffer = talloc_zero_array(tctx, uint8_t, addrs[5].size);
+ addr = (struct sockaddr_in *) addrs[5].buffer;
+ addrs[5].buffer[0] = AF_INET;
+ ret = inet_pton(AF_INET, "255.255.255.255", &addr->sin_addr);
+ torture_assert(tctx, ret > 0, "inet_pton failed");
+#endif
- addr.buffer[0] = 2; /* AF_INET */
- addr.buffer[4] = 127;
- addr.buffer[5] = 0;
- addr.buffer[6] = 0;
- addr.buffer[7] = 1;
+ ctr = talloc(tctx, struct netr_DsRAddressToSitenamesWCtr);
r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
- r.in.count = 1;
- r.in.addresses = talloc_zero_array(tctx, struct netr_DsRAddress, r.in.count);
- r.in.addresses[0] = addr;
+ r.in.count = 6;
+ r.in.addresses = addrs;
r.out.ctr = &ctr;
- status = dcerpc_netr_DsRAddressToSitenamesW(p, tctx, &r);
+ status = dcerpc_netr_DsRAddressToSitenamesW_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "failed");
torture_assert_werr_ok(tctx, r.out.result, "failed");
+ if (sam_ctx != NULL) {
+ for (i = 0; i < 3; i++) {
+ torture_assert_casestr_equal(tctx,
+ ctr->sitename[i].string,
+ server_site_name(tctx, sam_ctx),
+ "didn't return default site");
+ }
+ for (i = 3; i < 6; i++) {
+ /* Windows returns "NULL" for the sitename if it isn't
+ * IPv6 configured */
+ if (torture_setting_bool(tctx, "samba4", false)) {
+ torture_assert_casestr_equal(tctx,
+ ctr->sitename[i].string,
+ server_site_name(tctx, sam_ctx),
+ "didn't return default site");
+ }
+ }
+ }
+
+ /* Now try invalid ones (too short buffers) */
+
+ addrs[0].size = 0;
+ addrs[1].size = 1;
+ addrs[2].size = 4;
+
+ addrs[3].size = 0;
+ addrs[4].size = 1;
+ addrs[5].size = 4;
+
+ status = dcerpc_netr_DsRAddressToSitenamesW_r(b, tctx, &r);
+ torture_assert_ntstatus_ok(tctx, status, "failed");
+ torture_assert_werr_ok(tctx, r.out.result, "failed");
+
+ for (i = 0; i < 6; i++) {
+ torture_assert(tctx, ctr->sitename[i].string == NULL,
+ "sitename should be null");
+ }
+
+ /* Now try invalid ones (wrong address types) */
+
+ addrs[0].size = 10;
+ addrs[0].buffer[0] = AF_UNSPEC;
+ addrs[1].size = 10;
+ addrs[1].buffer[0] = AF_UNIX; /* AF_LOCAL = AF_UNIX */
+ addrs[2].size = 10;
+ addrs[2].buffer[0] = AF_UNIX;
+
+ addrs[3].size = 10;
+ addrs[3].buffer[0] = 250;
+ addrs[4].size = 10;
+ addrs[4].buffer[0] = 251;
+ addrs[5].size = 10;
+ addrs[5].buffer[0] = 252;
+
+ status = dcerpc_netr_DsRAddressToSitenamesW_r(b, tctx, &r);
+ torture_assert_ntstatus_ok(tctx, status, "failed");
+ torture_assert_werr_ok(tctx, r.out.result, "failed");
+
+ for (i = 0; i < 6; i++) {
+ torture_assert(tctx, ctr->sitename[i].string == NULL,
+ "sitename should be null");
+ }
+
return true;
}
static bool test_netr_DsRAddressToSitenamesExW(struct torture_context *tctx,
struct dcerpc_pipe *p)
{
+ char *url;
+ struct ldb_context *sam_ctx = NULL;
NTSTATUS status;
struct netr_DsRAddressToSitenamesExW r;
- struct netr_DsRAddress addr;
+ struct netr_DsRAddress addrs[6];
+ struct sockaddr_in *addr;
+#ifdef HAVE_IPV6
+ struct sockaddr_in6 *addr6;
+#endif
struct netr_DsRAddressToSitenamesExWCtr *ctr;
+ struct dcerpc_binding_handle *b = p->binding_handle;
+ uint32_t i;
+ int ret;
- ctr = talloc(tctx, struct netr_DsRAddressToSitenamesExWCtr);
+ torture_comment(tctx, "This does pass with the default site\n");
+
+ /* We won't double-check this when we are over 'local' transports */
+ if (dcerpc_server_name(p)) {
+ /* Set up connection to SAMDB on DC */
+ url = talloc_asprintf(tctx, "ldap://%s", dcerpc_server_name(p));
+ sam_ctx = ldb_wrap_connect(tctx, tctx->ev, tctx->lp_ctx, url,
+ NULL,
+ cmdline_credentials,
+ 0);
- addr.size = 16;
- addr.buffer = talloc_zero_array(tctx, uint8_t, addr.size);
+ torture_assert(tctx, sam_ctx, "Connection to the SAMDB on DC failed!");
+ }
+
+ /* First try valid IP addresses */
+
+ addrs[0].size = sizeof(struct sockaddr_in);
+ addrs[0].buffer = talloc_zero_array(tctx, uint8_t, addrs[0].size);
+ addr = (struct sockaddr_in *) addrs[0].buffer;
+ addrs[0].buffer[0] = AF_INET;
+ ret = inet_pton(AF_INET, "127.0.0.1", &addr->sin_addr);
+ torture_assert(tctx, ret > 0, "inet_pton failed");
+
+ addrs[1].size = sizeof(struct sockaddr_in);
+ addrs[1].buffer = talloc_zero_array(tctx, uint8_t, addrs[1].size);
+ addr = (struct sockaddr_in *) addrs[1].buffer;
+ addrs[1].buffer[0] = AF_INET;
+ ret = inet_pton(AF_INET, "0.0.0.0", &addr->sin_addr);
+ torture_assert(tctx, ret > 0, "inet_pton failed");
+
+ addrs[2].size = sizeof(struct sockaddr_in);
+ addrs[2].buffer = talloc_zero_array(tctx, uint8_t, addrs[2].size);
+ addr = (struct sockaddr_in *) addrs[2].buffer;
+ addrs[2].buffer[0] = AF_INET;
+ ret = inet_pton(AF_INET, "255.255.255.255", &addr->sin_addr);
+ torture_assert(tctx, ret > 0, "inet_pton failed");
+
+#ifdef HAVE_IPV6
+ addrs[3].size = sizeof(struct sockaddr_in6);
+ addrs[3].buffer = talloc_zero_array(tctx, uint8_t, addrs[3].size);
+ addr6 = (struct sockaddr_in6 *) addrs[3].buffer;
+ addrs[3].buffer[0] = AF_INET6;
+ ret = inet_pton(AF_INET6, "::1", &addr6->sin6_addr);
+ torture_assert(tctx, ret > 0, "inet_pton failed");
+
+ addrs[4].size = sizeof(struct sockaddr_in6);
+ addrs[4].buffer = talloc_zero_array(tctx, uint8_t, addrs[4].size);
+ addr6 = (struct sockaddr_in6 *) addrs[4].buffer;
+ addrs[4].buffer[0] = AF_INET6;
+ ret = inet_pton(AF_INET6, "::", &addr6->sin6_addr);
+ torture_assert(tctx, ret > 0, "inet_pton failed");
+
+ addrs[5].size = sizeof(struct sockaddr_in6);
+ addrs[5].buffer = talloc_zero_array(tctx, uint8_t, addrs[5].size);
+ addr6 = (struct sockaddr_in6 *) addrs[5].buffer;
+ addrs[5].buffer[0] = AF_INET6;
+ ret = inet_pton(AF_INET6, "ff02::1", &addr6->sin6_addr);
+ torture_assert(tctx, ret > 0, "inet_pton failed");
+#else
+ /* the test cases are repeated to have exactly 6. This is for
+ * compatibility with IPv4-only machines */
+ addrs[3].size = sizeof(struct sockaddr_in);
+ addrs[3].buffer = talloc_zero_array(tctx, uint8_t, addrs[3].size);
+ addr = (struct sockaddr_in *) addrs[3].buffer;
+ addrs[3].buffer[0] = AF_INET;
+ ret = inet_pton(AF_INET, "127.0.0.1", &addr->sin_addr);
+ torture_assert(tctx, ret > 0, "inet_pton failed");
+
+ addrs[4].size = sizeof(struct sockaddr_in);
+ addrs[4].buffer = talloc_zero_array(tctx, uint8_t, addrs[4].size);
+ addr = (struct sockaddr_in *) addrs[4].buffer;
+ addrs[4].buffer[0] = AF_INET;
+ ret = inet_pton(AF_INET, "0.0.0.0", &addr->sin_addr);
+ torture_assert(tctx, ret > 0, "inet_pton failed");
+
+ addrs[5].size = sizeof(struct sockaddr_in);
+ addrs[5].buffer = talloc_zero_array(tctx, uint8_t, addrs[5].size);
+ addr = (struct sockaddr_in *) addrs[5].buffer;
+ addrs[5].buffer[0] = AF_INET;
+ ret = inet_pton(AF_INET, "255.255.255.255", &addr->sin_addr);
+ torture_assert(tctx, ret > 0, "inet_pton failed");
+#endif
- addr.buffer[0] = 2; /* AF_INET */
- addr.buffer[4] = 127;
- addr.buffer[5] = 0;
- addr.buffer[6] = 0;
- addr.buffer[7] = 1;
+ ctr = talloc(tctx, struct netr_DsRAddressToSitenamesExWCtr);
r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
- r.in.count = 1;
- r.in.addresses = talloc_zero_array(tctx, struct netr_DsRAddress, r.in.count);
- r.in.addresses[0] = addr;
+ r.in.count = 6;
+ r.in.addresses = addrs;
r.out.ctr = &ctr;
- status = dcerpc_netr_DsRAddressToSitenamesExW(p, tctx, &r);
+ status = dcerpc_netr_DsRAddressToSitenamesExW_r(b, tctx, &r);
+ torture_assert_ntstatus_ok(tctx, status, "failed");
+ torture_assert_werr_ok(tctx, r.out.result, "failed");
+
+ if (sam_ctx != NULL) {
+ for (i = 0; i < 3; i++) {
+ torture_assert_casestr_equal(tctx,
+ ctr->sitename[i].string,
+ server_site_name(tctx, sam_ctx),
+ "didn't return default site");
+ torture_assert(tctx, ctr->subnetname[i].string == NULL,
+ "subnet should be null");
+ }
+ for (i = 3; i < 6; i++) {
+ /* Windows returns "NULL" for the sitename if it isn't
+ * IPv6 configured */
+ if (torture_setting_bool(tctx, "samba4", false)) {
+ torture_assert_casestr_equal(tctx,
+ ctr->sitename[i].string,
+ server_site_name(tctx, sam_ctx),
+ "didn't return default site");
+ }
+ torture_assert(tctx, ctr->subnetname[i].string == NULL,
+ "subnet should be null");
+ }
+ }
+
+ /* Now try invalid ones (too short buffers) */
+
+ addrs[0].size = 0;
+ addrs[1].size = 1;
+ addrs[2].size = 4;
+
+ addrs[3].size = 0;
+ addrs[4].size = 1;
+ addrs[5].size = 4;
+
+ status = dcerpc_netr_DsRAddressToSitenamesExW_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "failed");
torture_assert_werr_ok(tctx, r.out.result, "failed");
+ for (i = 0; i < 6; i++) {
+ torture_assert(tctx, ctr->sitename[i].string == NULL,
+ "sitename should be null");
+ torture_assert(tctx, ctr->subnetname[i].string == NULL,
+ "subnet should be null");
+ }
+
+ addrs[0].size = 10;
+ addrs[0].buffer[0] = AF_UNSPEC;
+ addrs[1].size = 10;
+ addrs[1].buffer[0] = AF_UNIX; /* AF_LOCAL = AF_UNIX */
+ addrs[2].size = 10;
+ addrs[2].buffer[0] = AF_UNIX;
+
+ addrs[3].size = 10;
+ addrs[3].buffer[0] = 250;
+ addrs[4].size = 10;
+ addrs[4].buffer[0] = 251;
+ addrs[5].size = 10;
+ addrs[5].buffer[0] = 252;
+
+ status = dcerpc_netr_DsRAddressToSitenamesExW_r(b, tctx, &r);
+ torture_assert_ntstatus_ok(tctx, status, "failed");
+ torture_assert_werr_ok(tctx, r.out.result, "failed");
+
+ for (i = 0; i < 6; i++) {
+ torture_assert(tctx, ctr->sitename[i].string == NULL,
+ "sitename should be null");
+ torture_assert(tctx, ctr->subnetname[i].string == NULL,
+ "subnet should be null");
+ }
+
return true;
}
struct dcerpc_pipe *p,
struct cli_credentials *machine_credentials)
{
- NTSTATUS status;
struct netr_ServerGetTrustInfo r;
struct netr_Authenticator a;
struct netr_TrustInfo *trust_info;
struct netlogon_creds_CredentialState *creds;
+ struct dcerpc_binding_handle *b = p->binding_handle;
if (!test_SetupCredentials3(p, tctx, NETLOGON_NEG_AUTH2_ADS_FLAGS,
machine_credentials, &creds)) {
r.out.old_owf_password = &old_owf_password;
r.out.trust_info = &trust_info;
- status = dcerpc_netr_ServerGetTrustInfo(p, tctx, &r);
- torture_assert_ntstatus_ok(tctx, status, "failed");
+ torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerGetTrustInfo_r(b, tctx, &r),
+ "ServerGetTrustInfo failed");
+ torture_assert_ntstatus_ok(tctx, r.out.result, "ServerGetTrustInfo failed");
torture_assert(tctx, netlogon_creds_client_check(creds, &return_authenticator.cred), "Credential chaining failed");
return true;
struct dcerpc_pipe *p,
struct cli_credentials *machine_credentials)
{
- NTSTATUS status;
struct netr_LogonGetDomainInfo r;
struct netr_WorkstationInformation q1;
struct netr_Authenticator a;
struct ldb_message_element *spn_el;
int ret, i;
char *version_str;
- const char *old_dnsname;
+ const char *old_dnsname = NULL;
char **spns = NULL;
int num_spns = 0;
char *temp_str;
+ struct dcerpc_binding_handle *b = p->binding_handle;
torture_comment(tctx, "Testing netr_LogonGetDomainInfo\n");
sam_ctx = ldb_wrap_connect(tctx, tctx->ev, tctx->lp_ctx, url,
NULL,
cmdline_credentials,
- 0, NULL);
+ 0);
torture_assert(tctx, sam_ctx, "Connection to the SAMDB on DC failed!");
}
ZERO_STRUCT(q1);
q1.dns_hostname = talloc_asprintf(tctx, "%s.%s", TEST_MACHINE_NAME,
- TEST_MACHINE_DNS_SUFFIX);
+ lpcfg_dnsdomain(tctx->lp_ctx));
q1.sitename = "Default-First-Site-Name";
q1.os_version.os = &os;
q1.os_name.string = talloc_asprintf(tctx,
}
}
- status = dcerpc_netr_LogonGetDomainInfo(p, tctx, &r);
- torture_assert_ntstatus_ok(tctx, status, "netr_LogonGetDomainInfo");
+ torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonGetDomainInfo_r(b, tctx, &r),
+ "LogonGetDomainInfo failed");
+ torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
- msleep(250);
+ smb_msleep(250);
if (sam_ctx) {
/* AD workstation infos entry check */
"Out 'workstation flags' don't match!");
- torture_comment(tctx, "Testing netr_LogonGetDomainInfo 2nd call (variation of DNS hostname)\n");
+ torture_comment(tctx, "Testing netr_LogonGetDomainInfo 2nd call (variation of DNS hostname doesn't work)\n");
netlogon_creds_client_authenticator(creds, &a);
/* Wipe out the osVersion, and prove which values still 'stick' */
q1.os_version.os = NULL;
/* Change also the DNS hostname to test differences in behaviour */
- q1.dns_hostname = talloc_asprintf(tctx, "%s.newdomain",
- TEST_MACHINE_NAME);
+ talloc_free(discard_const_p(char, q1.dns_hostname));
+ q1.dns_hostname = talloc_asprintf(tctx, "%s2.%s", TEST_MACHINE_NAME,
+ lpcfg_dnsdomain(tctx->lp_ctx));
- /* Let the DC handle the "servicePrincipalName" and DNS hostname
+ /* The workstation handles the "servicePrincipalName" and DNS hostname
updates */
- q1.workstation_flags = 0;
+ q1.workstation_flags = NETR_WS_FLAG_HANDLES_SPN_UPDATE;
+
+ torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonGetDomainInfo_r(b, tctx, &r),
+ "LogonGetDomainInfo failed");
+ torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
- status = dcerpc_netr_LogonGetDomainInfo(p, tctx, &r);
- torture_assert_ntstatus_ok(tctx, status, "netr_LogonGetDomainInfo");
torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
- msleep(250);
+ smb_msleep(250);
if (sam_ctx) {
/* AD workstation infos entry check */
ret = gendb_search(sam_ctx, tctx, NULL, &res, attrs,
"(sAMAccountName=%s$)", TEST_MACHINE_NAME);
torture_assert(tctx, ret == 1, "Test machine account not found in SAMDB on DC! Has the workstation been joined?");
+
torture_assert_str_equal(tctx,
ldb_msg_find_attr_as_string(res[0], "operatingSystem", NULL),
q1.os_name.string, "'operatingSystem' should stick!");
torture_assert(tctx,
ldb_msg_find_attr_as_string(res[0], "operatingSystemVersion", NULL) == NULL,
"'operatingSystemVersion' shouldn't stick!");
-
- /* The DNS host name should have been updated now by the server */
+
+ /* The DNS host name shouldn't have been updated by the server */
+
torture_assert_str_equal(tctx,
ldb_msg_find_attr_as_string(res[0], "dNSHostName", NULL),
- q1.dns_hostname, "'DNS host name' didn't change!");
+ old_dnsname, "'DNS host name' did change!");
- /* Find the two "servicePrincipalName"s which the DC should have been
+ /* Find the two "servicePrincipalName"s which the DC shouldn't have been
updated (HOST/<Netbios name> and HOST/<FQDN name>) - see MS-NRPC
3.5.4.3.9 */
spn_el = ldb_msg_find_element(res[0], "servicePrincipalName");
"There should exist 'servicePrincipalName's in AD!");
temp_str = talloc_asprintf(tctx, "HOST/%s", TEST_MACHINE_NAME);
for (i=0; i < spn_el->num_values; i++)
- if (strcmp((char *) spn_el->values[i].data, temp_str) == 0)
+ if (strcasecmp((char *) spn_el->values[i].data, temp_str) == 0)
break;
torture_assert(tctx, i != spn_el->num_values,
"'servicePrincipalName' HOST/<Netbios name> not found!");
- temp_str = talloc_asprintf(tctx, "HOST/%s", q1.dns_hostname);
+ temp_str = talloc_asprintf(tctx, "HOST/%s", old_dnsname);
for (i=0; i < spn_el->num_values; i++)
- if (strcmp((char *) spn_el->values[i].data, temp_str) == 0)
+ if (strcasecmp((char *) spn_el->values[i].data, temp_str) == 0)
break;
torture_assert(tctx, i != spn_el->num_values,
"'servicePrincipalName' HOST/<FQDN name> not found!");
old_dnsname, "Out 'DNS hostname' doesn't match the old one!");
}
+ /* Checks "workstation flags" */
+ torture_assert(tctx,
+ info.domain_info->workstation_flags == NETR_WS_FLAG_HANDLES_SPN_UPDATE,
+ "Out 'workstation flags' don't match!");
+
+
+ /* Now try the same but the workstation flags set to 0 */
+
+ torture_comment(tctx, "Testing netr_LogonGetDomainInfo 3rd call (variation of DNS hostname doesn't work)\n");
+ netlogon_creds_client_authenticator(creds, &a);
+
+ /* Change also the DNS hostname to test differences in behaviour */
+ talloc_free(discard_const_p(char, q1.dns_hostname));
+ q1.dns_hostname = talloc_asprintf(tctx, "%s2.%s", TEST_MACHINE_NAME,
+ lpcfg_dnsdomain(tctx->lp_ctx));
+
+ /* Wipe out the osVersion, and prove which values still 'stick' */
+ q1.os_version.os = NULL;
+
+ /* Let the DC handle the "servicePrincipalName" and DNS hostname
+ updates */
+ q1.workstation_flags = 0;
+
+ torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonGetDomainInfo_r(b, tctx, &r),
+ "LogonGetDomainInfo failed");
+ torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
+ torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
+
+ smb_msleep(250);
+
+ if (sam_ctx) {
+ /* AD workstation infos entry check */
+ ret = gendb_search(sam_ctx, tctx, NULL, &res, attrs,
+ "(sAMAccountName=%s$)", TEST_MACHINE_NAME);
+ torture_assert(tctx, ret == 1, "Test machine account not found in SAMDB on DC! Has the workstation been joined?");
+
+ torture_assert_str_equal(tctx,
+ ldb_msg_find_attr_as_string(res[0], "operatingSystem", NULL),
+ q1.os_name.string, "'operatingSystem' should stick!");
+ torture_assert(tctx,
+ ldb_msg_find_attr_as_string(res[0], "operatingSystemServicePack", NULL) == NULL,
+ "'operatingSystemServicePack' shouldn't stick!");
+ torture_assert(tctx,
+ ldb_msg_find_attr_as_string(res[0], "operatingSystemVersion", NULL) == NULL,
+ "'operatingSystemVersion' shouldn't stick!");
+
+ /* The DNS host name shouldn't have been updated by the server */
+
+ torture_assert_str_equal(tctx,
+ ldb_msg_find_attr_as_string(res[0], "dNSHostName", NULL),
+ old_dnsname, "'DNS host name' did change!");
+
+ /* Find the two "servicePrincipalName"s which the DC shouldn't have been
+ updated (HOST/<Netbios name> and HOST/<FQDN name>) - see MS-NRPC
+ 3.5.4.3.9 */
+ spn_el = ldb_msg_find_element(res[0], "servicePrincipalName");
+ torture_assert(tctx, spn_el != NULL,
+ "There should exist 'servicePrincipalName's in AD!");
+ temp_str = talloc_asprintf(tctx, "HOST/%s", TEST_MACHINE_NAME);
+ for (i=0; i < spn_el->num_values; i++)
+ if (strcasecmp((char *) spn_el->values[i].data, temp_str) == 0)
+ break;
+ torture_assert(tctx, i != spn_el->num_values,
+ "'servicePrincipalName' HOST/<Netbios name> not found!");
+ temp_str = talloc_asprintf(tctx, "HOST/%s", old_dnsname);
+ for (i=0; i < spn_el->num_values; i++)
+ if (strcasecmp((char *) spn_el->values[i].data, temp_str) == 0)
+ break;
+ torture_assert(tctx, i != spn_el->num_values,
+ "'servicePrincipalName' HOST/<FQDN name> not found!");
+
+ /* Here the server gives us NULL as the out DNS hostname */
+ torture_assert(tctx, info.domain_info->dns_hostname.string == NULL,
+ "Out 'DNS hostname' should be NULL!");
+ }
+
/* Checks "workstation flags" */
torture_assert(tctx,
info.domain_info->workstation_flags == 0,
"Out 'workstation flags' don't match!");
- torture_comment(tctx, "Testing netr_LogonGetDomainInfo 3rd call (verification of DNS hostname and check for trusted domains)\n");
+ torture_comment(tctx, "Testing netr_LogonGetDomainInfo 4th call (verification of DNS hostname and check for trusted domains)\n");
netlogon_creds_client_authenticator(creds, &a);
+ /* Put the DNS hostname back */
+ talloc_free(discard_const_p(char, q1.dns_hostname));
+ q1.dns_hostname = talloc_asprintf(tctx, "%s.%s", TEST_MACHINE_NAME,
+ lpcfg_dnsdomain(tctx->lp_ctx));
+
/* The workstation handles the "servicePrincipalName" and DNS hostname
updates */
q1.workstation_flags = NETR_WS_FLAG_HANDLES_SPN_UPDATE;
- status = dcerpc_netr_LogonGetDomainInfo(p, tctx, &r);
- torture_assert_ntstatus_ok(tctx, status, "netr_LogonGetDomainInfo");
+ torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonGetDomainInfo_r(b, tctx, &r),
+ "LogonGetDomainInfo failed");
+ torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
- msleep(250);
+ smb_msleep(250);
/* Now the in/out DNS hostnames should be the same */
torture_assert_str_equal(tctx,
info.domain_info->dns_hostname.string,
query.workstation_info->dns_hostname,
"In/Out 'DNS hostnames' don't match!");
+ old_dnsname = info.domain_info->dns_hostname.string;
/* Checks "workstation flags" */
torture_assert(tctx,
"Trusted domains have been requested!");
- torture_comment(tctx, "Testing netr_LogonGetDomainInfo 4th call (check for trusted domains)\n");
+ torture_comment(tctx, "Testing netr_LogonGetDomainInfo 5th call (check for trusted domains)\n");
netlogon_creds_client_authenticator(creds, &a);
/* The workstation handles the "servicePrincipalName" and DNS hostname
q1.workstation_flags = NETR_WS_FLAG_HANDLES_SPN_UPDATE
| NETR_WS_FLAG_HANDLES_INBOUND_TRUSTS;
- status = dcerpc_netr_LogonGetDomainInfo(p, tctx, &r);
- torture_assert_ntstatus_ok(tctx, status, "netr_LogonGetDomainInfo");
+ torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonGetDomainInfo_r(b, tctx, &r),
+ "LogonGetDomainInfo failed");
+ torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
- msleep(250);
+ smb_msleep(250);
/* Checks "workstation flags" */
torture_assert(tctx,
&& (info.domain_info->trusted_domains != NULL),
"Trusted domains have been requested!");
- return true;
-}
+ torture_comment(tctx, "Testing netr_LogonGetDomainInfo 6th call (no DNS hostname)\n");
+ netlogon_creds_client_authenticator(creds, &a);
+
+ query.workstation_info->dns_hostname = NULL;
-static void async_callback(struct rpc_request *req)
-{
- int *counter = (int *)req->async.private_data;
- if (NT_STATUS_IS_OK(req->status)) {
- (*counter)++;
+ torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonGetDomainInfo_r(b, tctx, &r),
+ "LogonGetDomainInfo failed");
+ torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
+ torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
+
+ /* The old DNS hostname should stick */
+ torture_assert_str_equal(tctx,
+ info.domain_info->dns_hostname.string,
+ old_dnsname,
+ "'DNS hostname' changed!");
+
+
+ if (!torture_setting_bool(tctx, "dangerous", false)) {
+ torture_comment(tctx, "Not testing netr_LogonGetDomainInfo 7th call (no workstation info) - enable dangerous tests in order to do so\n");
+ } else {
+ /* Try a call without the workstation information structure */
+
+ torture_comment(tctx, "Testing netr_LogonGetDomainInfo 7th call (no workstation info)\n");
+ netlogon_creds_client_authenticator(creds, &a);
+
+ query.workstation_info = NULL;
+
+ torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonGetDomainInfo_r(b, tctx, &r),
+ "LogonGetDomainInfo failed");
+ torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
+ torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
}
+
+ return true;
}
static bool test_GetDomainInfo_async(struct torture_context *tctx,
#define ASYNC_COUNT 100
struct netlogon_creds_CredentialState *creds;
struct netlogon_creds_CredentialState *creds_async[ASYNC_COUNT];
- struct rpc_request *req[ASYNC_COUNT];
+ struct tevent_req *req[ASYNC_COUNT];
int i;
- int *async_counter = talloc(tctx, int);
union netr_WorkstationInfo query;
union netr_DomainInfo info;
ZERO_STRUCT(q1);
q1.dns_hostname = talloc_asprintf(tctx, "%s.%s", TEST_MACHINE_NAME,
- TEST_MACHINE_DNS_SUFFIX);
+ lpcfg_dnsdomain(tctx->lp_ctx));
q1.sitename = "Default-First-Site-Name";
q1.os_name.string = "UNIX/Linux or similar";
query.workstation_info = &q1;
- *async_counter = 0;
-
for (i=0;i<ASYNC_COUNT;i++) {
netlogon_creds_client_authenticator(creds, &a);
creds_async[i] = (struct netlogon_creds_CredentialState *)talloc_memdup(creds, creds, sizeof(*creds));
- req[i] = dcerpc_netr_LogonGetDomainInfo_send(p, tctx, &r);
-
- req[i]->async.callback = async_callback;
- req[i]->async.private_data = async_counter;
+ req[i] = dcerpc_netr_LogonGetDomainInfo_r_send(tctx, tctx->ev, p->binding_handle, &r);
/* even with this flush per request a w2k3 server seems to
clag with multiple outstanding requests. bleergh. */
- torture_assert_int_equal(tctx, event_loop_once(dcerpc_event_context(p)), 0,
- "event_loop_once failed");
+ torture_assert_int_equal(tctx, tevent_loop_once(dcerpc_event_context(p)), 0,
+ "tevent_loop_once failed");
}
for (i=0;i<ASYNC_COUNT;i++) {
- status = dcerpc_ndr_request_recv(req[i]);
+ torture_assert_int_equal(tctx, tevent_req_poll(req[i], tctx->ev), true,
+ "tevent_req_poll() failed");
+
+ status = dcerpc_netr_LogonGetDomainInfo_r_recv(req[i], tctx);
torture_assert_ntstatus_ok(tctx, status, "netr_LogonGetDomainInfo_async");
torture_assert_ntstatus_ok(tctx, r.out.result, "netr_LogonGetDomainInfo_async");
}
torture_comment(tctx,
- "Testing netr_LogonGetDomainInfo - async count %d OK\n", *async_counter);
-
- torture_assert_int_equal(tctx, (*async_counter), ASYNC_COUNT, "int");
+ "Testing netr_LogonGetDomainInfo - async count %d OK\n", ASYNC_COUNT);
return true;
}
uint32_t resume_handle = 0;
struct netr_GetAnyDCName d;
const char *dcname = NULL;
+ struct dcerpc_binding_handle *b = p->binding_handle;
+ struct dcerpc_binding_handle *b2;
int i;
status = dcerpc_bind_auth_none(p2, &ndr_table_lsarpc);
torture_assert_ntstatus_ok(tctx, status, "Failed to create bind on secondary connection");
+ b2 = p2->binding_handle;
qos.len = 0;
qos.impersonation_level = 2;
o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
o.out.handle = &lsa_handle;
- status = dcerpc_lsa_OpenPolicy2(p2, tctx, &o);
- torture_assert_ntstatus_ok(tctx, status, "OpenPolicy2 failed");
+ torture_assert_ntstatus_ok(tctx, dcerpc_lsa_OpenPolicy2_r(b2, tctx, &o),
+ "OpenPolicy2 failed");
+ torture_assert_ntstatus_ok(tctx, o.out.result, "OpenPolicy2 failed");
t.in.handle = &lsa_handle;
t.in.resume_handle = &resume_handle;
t.out.domains = &domains;
t.out.resume_handle = &resume_handle;
- status = dcerpc_lsa_EnumTrustDom(p2, tctx, &t);
+ torture_assert_ntstatus_ok(tctx, dcerpc_lsa_EnumTrustDom_r(b2, tctx, &t),
+ "EnumTrustDom failed");
- if ((!NT_STATUS_IS_OK(status) &&
- (!NT_STATUS_EQUAL(status, NT_STATUS_NO_MORE_ENTRIES))))
+ if ((!NT_STATUS_IS_OK(t.out.result) &&
+ (!NT_STATUS_EQUAL(t.out.result, NT_STATUS_NO_MORE_ENTRIES))))
torture_fail(tctx, "Could not list domains");
talloc_free(p2);
d.in.domainname = info->name.string;
- status = dcerpc_netr_GetAnyDCName(p, tctx, &d);
+ status = dcerpc_netr_GetAnyDCName_r(b, tctx, &d);
torture_assert_ntstatus_ok(tctx, status, "GetAnyDCName");
torture_comment(tctx, "\tDC for domain %s is %s\n", info->name.string,
struct torture_suite *torture_rpc_netlogon(TALLOC_CTX *mem_ctx)
{
- struct torture_suite *suite = torture_suite_create(mem_ctx, "NETLOGON");
+ struct torture_suite *suite = torture_suite_create(mem_ctx, "netlogon");
struct torture_rpc_tcase *tcase;
struct torture_test *test;
tcase = torture_suite_add_machine_bdc_rpc_iface_tcase(suite, "netlogon",
&ndr_table_netlogon, TEST_MACHINE_NAME);
+ torture_rpc_tcase_add_test(tcase, "Broken RPC binding handle",
+ test_netr_broken_binding_handle);
+
torture_rpc_tcase_add_test(tcase, "LogonUasLogon", test_LogonUasLogon);
torture_rpc_tcase_add_test(tcase, "LogonUasLogoff", test_LogonUasLogoff);
torture_rpc_tcase_add_test_creds(tcase, "SamLogon", test_SamLogon);
torture_rpc_tcase_add_test_creds(tcase, "AccountSync", test_AccountSync);
torture_rpc_tcase_add_test(tcase, "GetDcName", test_GetDcName);
torture_rpc_tcase_add_test(tcase, "ManyGetDCName", test_ManyGetDCName);
- torture_rpc_tcase_add_test(tcase, "LogonControl", test_LogonControl);
torture_rpc_tcase_add_test(tcase, "GetAnyDCName", test_GetAnyDCName);
- torture_rpc_tcase_add_test(tcase, "LogonControl2", test_LogonControl2);
torture_rpc_tcase_add_test_creds(tcase, "DatabaseSync2", test_DatabaseSync2);
- torture_rpc_tcase_add_test(tcase, "LogonControl2Ex", test_LogonControl2Ex);
torture_rpc_tcase_add_test(tcase, "DsrEnumerateDomainTrusts", test_DsrEnumerateDomainTrusts);
torture_rpc_tcase_add_test(tcase, "NetrEnumerateTrustedDomains", test_netr_NetrEnumerateTrustedDomains);
torture_rpc_tcase_add_test(tcase, "NetrEnumerateTrustedDomainsEx", test_netr_NetrEnumerateTrustedDomainsEx);
torture_rpc_tcase_add_test(tcase, "DsRAddressToSitenamesW", test_netr_DsRAddressToSitenamesW);
torture_rpc_tcase_add_test(tcase, "DsRAddressToSitenamesExW", test_netr_DsRAddressToSitenamesExW);
torture_rpc_tcase_add_test_creds(tcase, "ServerGetTrustInfo", test_netr_ServerGetTrustInfo);
+ torture_rpc_tcase_add_test_creds(tcase, "GetForestTrustInformation", test_netr_GetForestTrustInformation);
return suite;
}
struct torture_suite *torture_rpc_netlogon_s3(TALLOC_CTX *mem_ctx)
{
- struct torture_suite *suite = torture_suite_create(mem_ctx, "NETLOGON-S3");
+ struct torture_suite *suite = torture_suite_create(mem_ctx, "netlogon-s3");
struct torture_rpc_tcase *tcase;
tcase = torture_suite_add_machine_bdc_rpc_iface_tcase(suite, "netlogon",
&ndr_table_netlogon, TEST_MACHINE_NAME);
torture_rpc_tcase_add_test_creds(tcase, "SamLogon", test_SamLogon);
+ torture_rpc_tcase_add_test_creds(tcase, "SamLogon_NULL_domain", test_SamLogon_NULL_domain);
torture_rpc_tcase_add_test_creds(tcase, "SetPassword", test_SetPassword);
torture_rpc_tcase_add_test_creds(tcase, "SetPassword_with_flags", test_SetPassword_with_flags);
- torture_rpc_tcase_add_test(tcase, "LogonControl", test_LogonControl);
- torture_rpc_tcase_add_test(tcase, "LogonControl2", test_LogonControl2);
- torture_rpc_tcase_add_test(tcase, "LogonControl2Ex", test_LogonControl2Ex);
+ torture_rpc_tcase_add_test_creds(tcase, "SetPassword2", test_SetPassword2);
torture_rpc_tcase_add_test(tcase, "NetrEnumerateTrustedDomains", test_netr_NetrEnumerateTrustedDomains);
return suite;
}
+
+struct torture_suite *torture_rpc_netlogon_admin(TALLOC_CTX *mem_ctx)
+{
+ struct torture_suite *suite = torture_suite_create(mem_ctx, "netlogon.admin");
+ struct torture_rpc_tcase *tcase;
+
+ tcase = torture_suite_add_machine_bdc_rpc_iface_tcase(suite, "netlogon",
+ &ndr_table_netlogon, TEST_MACHINE_NAME);
+ torture_rpc_tcase_add_test_creds(tcase, "LogonControl", test_LogonControl);
+ torture_rpc_tcase_add_test_creds(tcase, "LogonControl2", test_LogonControl2);
+ torture_rpc_tcase_add_test_creds(tcase, "LogonControl2Ex", test_LogonControl2Ex);
+
+ tcase = torture_suite_add_machine_workstation_rpc_iface_tcase(suite, "netlogon",
+ &ndr_table_netlogon, TEST_MACHINE_NAME);
+ torture_rpc_tcase_add_test_creds(tcase, "LogonControl", test_LogonControl);
+ torture_rpc_tcase_add_test_creds(tcase, "LogonControl2", test_LogonControl2);
+ torture_rpc_tcase_add_test_creds(tcase, "LogonControl2Ex", test_LogonControl2Ex);
+
+ tcase = torture_suite_add_rpc_iface_tcase(suite, "netlogon",
+ &ndr_table_netlogon);
+ torture_rpc_tcase_add_test_creds(tcase, "LogonControl", test_LogonControl);
+ torture_rpc_tcase_add_test_creds(tcase, "LogonControl2", test_LogonControl2);
+ torture_rpc_tcase_add_test_creds(tcase, "LogonControl2Ex", test_LogonControl2Ex);
+
+ return suite;
+}
git.samba.org / ddiss / samba.git / blobdiff