2 Unix SMB/CIFS implementation.
4 test suite for netlogon rpc operations
6 Copyright (C) Andrew Tridgell 2003
7 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2003-2004
8 Copyright (C) Tim Potter 2003
9 Copyright (C) Matthias Dieter Wallnöfer 2009-2010
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 3 of the License, or
14 (at your option) any later version.
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
21 You should have received a copy of the GNU General Public License
22 along with this program. If not, see <http://www.gnu.org/licenses/>.
26 #include "lib/events/events.h"
27 #include "lib/cmdline/popt_common.h"
28 #include "torture/rpc/torture_rpc.h"
29 #include "../lib/crypto/crypto.h"
30 #include "libcli/auth/libcli_auth.h"
31 #include "librpc/gen_ndr/ndr_netlogon_c.h"
32 #include "librpc/gen_ndr/ndr_lsa_c.h"
33 #include "param/param.h"
34 #include "libcli/security/security.h"
36 #include "lib/util/util_ldb.h"
38 #include "lib/replace/system/network.h"
39 #include "dsdb/samdb/samdb.h"
43 #define TEST_MACHINE_NAME "torturetest"
45 static bool test_netr_broken_binding_handle(struct torture_context *tctx,
46 struct dcerpc_pipe *p)
49 struct netr_DsRGetSiteName r;
50 const char *site = NULL;
51 struct dcerpc_binding_handle *b = p->binding_handle;
53 r.in.computer_name = talloc_asprintf(tctx, "\\\\%s",
54 dcerpc_server_name(p));
58 "Testing netlogon request with correct binding handle: %s\n",
61 status = dcerpc_netr_DsRGetSiteName_r(b, tctx, &r);
62 torture_assert_ntstatus_ok(tctx, status,
63 "Netlogon request with broken binding handle");
64 torture_assert_werr_ok(tctx, r.out.result,
65 "Netlogon request with broken binding handle");
67 if (torture_setting_bool(tctx, "samba3", false) ||
68 torture_setting_bool(tctx, "samba4", false)) {
70 "Skipping broken binding handle check against Samba");
73 r.in.computer_name = talloc_asprintf(tctx, "\\\\\\\\%s",
74 dcerpc_server_name(p));
77 "Testing netlogon request with broken binding handle: %s\n",
80 status = dcerpc_netr_DsRGetSiteName_r(b, tctx, &r);
81 torture_assert_ntstatus_ok(tctx, status,
82 "Netlogon request with broken binding handle");
83 torture_assert_werr_equal(tctx, r.out.result,
84 WERR_INVALID_COMPUTERNAME,
85 "Netlogon request with broken binding handle");
87 r.in.computer_name = "\\\\\\\\THIS_IS_NOT_VALID";
90 "Testing netlogon request with broken binding handle: %s\n",
93 status = dcerpc_netr_DsRGetSiteName_r(b, tctx, &r);
94 torture_assert_ntstatus_ok(tctx, status,
95 "Netlogon request with broken binding handle");
96 torture_assert_werr_equal(tctx, r.out.result,
97 WERR_INVALID_COMPUTERNAME,
98 "Netlogon request with broken binding handle");
103 static bool test_LogonUasLogon(struct torture_context *tctx,
104 struct dcerpc_pipe *p)
107 struct netr_LogonUasLogon r;
108 struct netr_UasInfo *info = NULL;
109 struct dcerpc_binding_handle *b = p->binding_handle;
111 r.in.server_name = NULL;
112 r.in.account_name = cli_credentials_get_username(
113 popt_get_cmdline_credentials());
114 r.in.workstation = TEST_MACHINE_NAME;
117 status = dcerpc_netr_LogonUasLogon_r(b, tctx, &r);
118 torture_assert_ntstatus_ok(tctx, status, "LogonUasLogon");
123 static bool test_LogonUasLogoff(struct torture_context *tctx,
124 struct dcerpc_pipe *p)
127 struct netr_LogonUasLogoff r;
128 struct netr_UasLogoffInfo info;
129 struct dcerpc_binding_handle *b = p->binding_handle;
131 r.in.server_name = NULL;
132 r.in.account_name = cli_credentials_get_username(
133 popt_get_cmdline_credentials());
134 r.in.workstation = TEST_MACHINE_NAME;
137 status = dcerpc_netr_LogonUasLogoff_r(b, tctx, &r);
138 torture_assert_ntstatus_ok(tctx, status, "LogonUasLogoff");
143 bool test_SetupCredentials(struct dcerpc_pipe *p, struct torture_context *tctx,
144 struct cli_credentials *credentials,
145 struct netlogon_creds_CredentialState **creds_out)
147 struct netr_ServerReqChallenge r;
148 struct netr_ServerAuthenticate a;
149 struct netr_Credential credentials1, credentials2, credentials3;
150 struct netlogon_creds_CredentialState *creds;
151 const struct samr_Password *mach_password;
152 const char *machine_name;
153 struct dcerpc_binding_handle *b = p->binding_handle;
155 mach_password = cli_credentials_get_nt_hash(credentials, tctx);
156 machine_name = cli_credentials_get_workstation(credentials);
158 torture_comment(tctx, "Testing ServerReqChallenge\n");
160 r.in.server_name = NULL;
161 r.in.computer_name = machine_name;
162 r.in.credentials = &credentials1;
163 r.out.return_credentials = &credentials2;
165 netlogon_creds_random_challenge(&credentials1);
167 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b, tctx, &r),
168 "ServerReqChallenge failed");
169 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerReqChallenge failed");
171 a.in.server_name = NULL;
172 a.in.account_name = talloc_asprintf(tctx, "%s$", machine_name);
173 a.in.secure_channel_type = cli_credentials_get_secure_channel_type(credentials);
174 a.in.computer_name = machine_name;
175 a.in.credentials = &credentials3;
176 a.out.return_credentials = &credentials3;
178 creds = netlogon_creds_client_init(tctx, a.in.account_name,
180 a.in.secure_channel_type,
181 &credentials1, &credentials2,
182 mach_password, &credentials3,
184 torture_assert(tctx, creds != NULL, "memory allocation");
187 torture_comment(tctx, "Testing ServerAuthenticate\n");
189 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerAuthenticate_r(b, tctx, &a),
190 "ServerAuthenticate failed");
192 /* This allows the tests to continue against the more fussy windows 2008 */
193 if (NT_STATUS_EQUAL(a.out.result, NT_STATUS_DOWNGRADE_DETECTED)) {
194 return test_SetupCredentials2(p, tctx, NETLOGON_NEG_AUTH2_ADS_FLAGS,
196 cli_credentials_get_secure_channel_type(credentials),
200 torture_assert_ntstatus_ok(tctx, a.out.result, "ServerAuthenticate");
202 torture_assert(tctx, netlogon_creds_client_check(creds, &credentials3),
203 "Credential chaining failed");
209 bool test_SetupCredentials2ex(struct dcerpc_pipe *p, struct torture_context *tctx,
210 uint32_t negotiate_flags,
211 struct cli_credentials *machine_credentials,
212 const char *computer_name,
213 enum netr_SchannelType sec_chan_type,
214 NTSTATUS expected_result,
215 struct netlogon_creds_CredentialState **creds_out)
217 struct netr_ServerReqChallenge r;
218 struct netr_ServerAuthenticate2 a;
219 struct netr_Credential credentials1, credentials2, credentials3;
220 struct netlogon_creds_CredentialState *creds;
221 const struct samr_Password *mach_password;
222 struct dcerpc_binding_handle *b = p->binding_handle;
223 const char *account_name = cli_credentials_get_username(machine_credentials);
225 mach_password = cli_credentials_get_nt_hash(machine_credentials, tctx);
227 torture_comment(tctx, "Testing ServerReqChallenge\n");
229 r.in.server_name = NULL;
230 r.in.computer_name = computer_name;
231 r.in.credentials = &credentials1;
232 r.out.return_credentials = &credentials2;
234 netlogon_creds_random_challenge(&credentials1);
236 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b, tctx, &r),
237 "ServerReqChallenge failed");
238 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerReqChallenge failed");
240 a.in.server_name = NULL;
241 a.in.account_name = account_name;
242 a.in.secure_channel_type = sec_chan_type;
243 a.in.computer_name = computer_name;
244 a.in.negotiate_flags = &negotiate_flags;
245 a.out.negotiate_flags = &negotiate_flags;
246 a.in.credentials = &credentials3;
247 a.out.return_credentials = &credentials3;
249 creds = netlogon_creds_client_init(tctx, a.in.account_name,
251 a.in.secure_channel_type,
252 &credentials1, &credentials2,
253 mach_password, &credentials3,
256 torture_assert(tctx, creds != NULL, "memory allocation");
258 torture_comment(tctx, "Testing ServerAuthenticate2\n");
260 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerAuthenticate2_r(b, tctx, &a),
261 "ServerAuthenticate2 failed");
262 torture_assert_ntstatus_equal(tctx, a.out.result, expected_result,
263 "ServerAuthenticate2 unexpected");
265 if (NT_STATUS_IS_OK(expected_result)) {
266 torture_assert(tctx, netlogon_creds_client_check(creds, &credentials3),
267 "Credential chaining failed");
269 torture_assert(tctx, !netlogon_creds_client_check(creds, &credentials3),
270 "Credential chaining passed unexptected");
273 torture_comment(tctx, "negotiate_flags=0x%08x\n", negotiate_flags);
279 bool test_SetupCredentials2(struct dcerpc_pipe *p, struct torture_context *tctx,
280 uint32_t negotiate_flags,
281 struct cli_credentials *machine_credentials,
282 enum netr_SchannelType sec_chan_type,
283 struct netlogon_creds_CredentialState **creds_out)
285 const char *computer_name =
286 cli_credentials_get_workstation(machine_credentials);
288 return test_SetupCredentials2ex(p, tctx, negotiate_flags,
296 bool test_SetupCredentials3(struct dcerpc_pipe *p, struct torture_context *tctx,
297 uint32_t negotiate_flags,
298 struct cli_credentials *machine_credentials,
299 struct netlogon_creds_CredentialState **creds_out)
301 struct netr_ServerReqChallenge r;
302 struct netr_ServerAuthenticate3 a;
303 struct netr_Credential credentials1, credentials2, credentials3;
304 struct netlogon_creds_CredentialState *creds;
305 struct samr_Password mach_password;
307 const char *machine_name;
308 const char *plain_pass;
309 struct dcerpc_binding_handle *b = NULL;
315 b = p->binding_handle;
317 machine_name = cli_credentials_get_workstation(machine_credentials);
318 torture_assert(tctx, machine_name != NULL, "machine_name");
319 plain_pass = cli_credentials_get_password(machine_credentials);
320 torture_assert(tctx, plain_pass != NULL, "plain_pass");
322 torture_comment(tctx, "Testing ServerReqChallenge\n");
324 r.in.server_name = NULL;
325 r.in.computer_name = machine_name;
326 r.in.credentials = &credentials1;
327 r.out.return_credentials = &credentials2;
329 netlogon_creds_random_challenge(&credentials1);
331 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b, tctx, &r),
332 "ServerReqChallenge failed");
333 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerReqChallenge failed");
335 E_md4hash(plain_pass, mach_password.hash);
337 a.in.server_name = NULL;
338 a.in.account_name = talloc_asprintf(tctx, "%s$", machine_name);
339 a.in.secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
340 a.in.computer_name = machine_name;
341 a.in.negotiate_flags = &negotiate_flags;
342 a.in.credentials = &credentials3;
343 a.out.return_credentials = &credentials3;
344 a.out.negotiate_flags = &negotiate_flags;
347 creds = netlogon_creds_client_init(tctx, a.in.account_name,
349 a.in.secure_channel_type,
350 &credentials1, &credentials2,
351 &mach_password, &credentials3,
354 torture_assert(tctx, creds != NULL, "memory allocation");
356 torture_comment(tctx, "Testing ServerAuthenticate3\n");
358 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerAuthenticate3_r(b, tctx, &a),
359 "ServerAuthenticate3 failed");
360 torture_assert_ntstatus_ok(tctx, a.out.result, "ServerAuthenticate3 failed");
361 torture_assert(tctx, netlogon_creds_client_check(creds, &credentials3), "Credential chaining failed");
363 torture_comment(tctx, "negotiate_flags=0x%08x\n", negotiate_flags);
365 /* Prove that requesting a challenge again won't break it */
366 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b, tctx, &r),
367 "ServerReqChallenge failed");
368 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerReqChallenge failed");
374 bool test_SetupCredentialsDowngrade(struct torture_context *tctx,
375 struct dcerpc_pipe *p,
376 struct cli_credentials *machine_credentials)
378 struct netr_ServerReqChallenge r;
379 struct netr_ServerAuthenticate3 a;
380 struct netr_Credential credentials1, credentials2, credentials3;
381 struct netlogon_creds_CredentialState *creds;
382 struct samr_Password mach_password;
384 const char *machine_name;
385 const char *plain_pass;
386 struct dcerpc_binding_handle *b = p->binding_handle;
387 uint32_t negotiate_flags = 0;
389 machine_name = cli_credentials_get_workstation(machine_credentials);
390 torture_assert(tctx, machine_name != NULL, "machine_name");
391 plain_pass = cli_credentials_get_password(machine_credentials);
392 torture_assert(tctx, plain_pass != NULL, "plain_pass");
394 torture_comment(tctx, "Testing ServerReqChallenge\n");
396 r.in.server_name = NULL;
397 r.in.computer_name = machine_name;
398 r.in.credentials = &credentials1;
399 r.out.return_credentials = &credentials2;
401 netlogon_creds_random_challenge(&credentials1);
403 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b, tctx, &r),
404 "ServerReqChallenge failed");
405 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerReqChallenge failed");
407 E_md4hash(plain_pass, mach_password.hash);
409 a.in.server_name = NULL;
410 a.in.account_name = talloc_asprintf(tctx, "%s$", machine_name);
411 a.in.secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
412 a.in.computer_name = machine_name;
413 a.in.negotiate_flags = &negotiate_flags;
414 a.in.credentials = &credentials3;
415 a.out.return_credentials = &credentials3;
416 a.out.negotiate_flags = &negotiate_flags;
419 creds = netlogon_creds_client_init(tctx, a.in.account_name,
421 a.in.secure_channel_type,
422 &credentials1, &credentials2,
423 &mach_password, &credentials3,
426 torture_assert(tctx, creds != NULL, "memory allocation");
428 torture_comment(tctx, "Testing ServerAuthenticate3\n");
430 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerAuthenticate3_r(b, tctx, &a),
431 "ServerAuthenticate3 failed");
432 torture_assert_ntstatus_equal(tctx, a.out.result, NT_STATUS_DOWNGRADE_DETECTED, "ServerAuthenticate3 should have failed");
434 negotiate_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
435 creds = netlogon_creds_client_init(tctx, a.in.account_name,
437 a.in.secure_channel_type,
438 &credentials1, &credentials2,
439 &mach_password, &credentials3,
442 torture_assert(tctx, creds != NULL, "memory allocation");
444 torture_comment(tctx, "Testing ServerAuthenticate3\n");
446 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerAuthenticate3_r(b, tctx, &a),
447 "ServerAuthenticate3 failed");
448 torture_assert_ntstatus_ok(tctx, a.out.result, "ServerAuthenticate3 should succeed");
450 torture_assert(tctx, netlogon_creds_client_check(creds, &credentials3), "Credential chaining failed");
452 torture_comment(tctx, "negotiate_flags=0x%08x\n", negotiate_flags);
454 /* Prove that requesting a challenge again won't break it */
455 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b, tctx, &r),
456 "ServerReqChallenge failed");
457 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerReqChallenge failed");
462 bool test_SetupCredentialsPipe(const struct dcerpc_pipe *p1,
463 struct torture_context *tctx,
464 struct cli_credentials *machine_credentials,
465 struct netlogon_creds_CredentialState *creds,
466 uint32_t additional_flags,
467 struct dcerpc_pipe **_p2)
470 struct dcerpc_binding *b2 = NULL;
471 struct dcerpc_pipe *p2 = NULL;
473 b2 = dcerpc_binding_dup(tctx, p1->binding);
474 torture_assert(tctx, b2 != NULL, "dcerpc_binding_dup");
475 dcerpc_binding_set_flags(b2,
476 DCERPC_SCHANNEL | additional_flags,
477 DCERPC_AUTH_OPTIONS);
479 cli_credentials_set_netlogon_creds(machine_credentials, creds);
480 status = dcerpc_pipe_connect_b(tctx, &p2, b2,
483 tctx->ev, tctx->lp_ctx);
484 cli_credentials_set_netlogon_creds(machine_credentials, NULL);
485 torture_assert_ntstatus_ok(tctx, status, "dcerpc_pipe_connect_b schannel");
491 static bool test_ServerReqChallenge(
492 struct torture_context *tctx,
493 struct dcerpc_pipe *p,
494 struct cli_credentials *credentials)
496 struct netr_ServerReqChallenge r;
497 struct netr_Credential credentials1, credentials2, credentials3;
498 const char *machine_name;
499 struct dcerpc_binding_handle *b = p->binding_handle;
500 struct netr_ServerAuthenticate2 a;
501 uint32_t in_negotiate_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
502 uint32_t out_negotiate_flags = 0;
503 const struct samr_Password *mach_password = NULL;
504 enum netr_SchannelType sec_chan_type = 0;
505 struct netlogon_creds_CredentialState *creds = NULL;
506 const char *account_name = NULL;
508 machine_name = cli_credentials_get_workstation(credentials);
509 mach_password = cli_credentials_get_nt_hash(credentials, tctx);
510 account_name = cli_credentials_get_username(credentials);
511 sec_chan_type = cli_credentials_get_secure_channel_type(credentials);
513 torture_comment(tctx, "Testing ServerReqChallenge\n");
515 r.in.server_name = NULL;
516 r.in.computer_name = machine_name;
517 r.in.credentials = &credentials1;
518 r.out.return_credentials = &credentials2;
520 netlogon_creds_random_challenge(&credentials1);
522 torture_assert_ntstatus_ok(
524 dcerpc_netr_ServerReqChallenge_r(b, tctx, &r),
525 "ServerReqChallenge failed");
526 torture_assert_ntstatus_ok(
529 "ServerReqChallenge failed");
530 a.in.server_name = NULL;
531 a.in.account_name = account_name;
532 a.in.secure_channel_type = sec_chan_type;
533 a.in.computer_name = machine_name;
534 a.in.negotiate_flags = &in_negotiate_flags;
535 a.out.negotiate_flags = &out_negotiate_flags;
536 a.in.credentials = &credentials3;
537 a.out.return_credentials = &credentials3;
539 creds = netlogon_creds_client_init(tctx, a.in.account_name,
541 a.in.secure_channel_type,
542 &credentials1, &credentials2,
543 mach_password, &credentials3,
546 torture_assert(tctx, creds != NULL, "memory allocation");
548 torture_comment(tctx, "Testing ServerAuthenticate2\n");
550 torture_assert_ntstatus_ok(
552 dcerpc_netr_ServerAuthenticate2_r(b, tctx, &a),
553 "ServerAuthenticate2 failed");
554 torture_assert_ntstatus_equal(
558 "ServerAuthenticate2 unexpected");
563 static bool test_ServerReqChallenge_zero_challenge(
564 struct torture_context *tctx,
565 struct dcerpc_pipe *p,
566 struct cli_credentials *credentials)
568 struct netr_ServerReqChallenge r;
569 struct netr_Credential credentials1, credentials2, credentials3;
570 const char *machine_name;
571 struct dcerpc_binding_handle *b = p->binding_handle;
572 struct netr_ServerAuthenticate2 a;
573 uint32_t in_negotiate_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
574 uint32_t out_negotiate_flags = 0;
575 const struct samr_Password *mach_password = NULL;
576 enum netr_SchannelType sec_chan_type = 0;
577 struct netlogon_creds_CredentialState *creds = NULL;
578 const char *account_name = NULL;
580 machine_name = cli_credentials_get_workstation(credentials);
581 mach_password = cli_credentials_get_nt_hash(credentials, tctx);
582 account_name = cli_credentials_get_username(credentials);
583 sec_chan_type = cli_credentials_get_secure_channel_type(credentials);
585 torture_comment(tctx, "Testing ServerReqChallenge\n");
587 r.in.server_name = NULL;
588 r.in.computer_name = machine_name;
589 r.in.credentials = &credentials1;
590 r.out.return_credentials = &credentials2;
593 * Set the client challenge to zero, this should fail
594 * CVE-2020-1472(ZeroLogon)
595 * BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
597 ZERO_STRUCT(credentials1);
599 torture_assert_ntstatus_ok(
601 dcerpc_netr_ServerReqChallenge_r(b, tctx, &r),
602 "ServerReqChallenge failed");
603 torture_assert_ntstatus_ok(
606 "ServerReqChallenge failed");
607 a.in.server_name = NULL;
608 a.in.account_name = account_name;
609 a.in.secure_channel_type = sec_chan_type;
610 a.in.computer_name = machine_name;
611 a.in.negotiate_flags = &in_negotiate_flags;
612 a.out.negotiate_flags = &out_negotiate_flags;
613 a.in.credentials = &credentials3;
614 a.out.return_credentials = &credentials3;
616 creds = netlogon_creds_client_init(tctx, a.in.account_name,
618 a.in.secure_channel_type,
619 &credentials1, &credentials2,
620 mach_password, &credentials3,
623 torture_assert(tctx, creds != NULL, "memory allocation");
625 torture_comment(tctx, "Testing ServerAuthenticate2\n");
627 torture_assert_ntstatus_ok(
629 dcerpc_netr_ServerAuthenticate2_r(b, tctx, &a),
630 "ServerAuthenticate2 failed");
631 torture_assert_ntstatus_equal(
634 NT_STATUS_ACCESS_DENIED,
635 "ServerAuthenticate2 unexpected");
640 static bool test_ServerReqChallenge_5_repeats(
641 struct torture_context *tctx,
642 struct dcerpc_pipe *p,
643 struct cli_credentials *credentials)
645 struct netr_ServerReqChallenge r;
646 struct netr_Credential credentials1, credentials2, credentials3;
647 const char *machine_name;
648 struct dcerpc_binding_handle *b = p->binding_handle;
649 struct netr_ServerAuthenticate2 a;
650 uint32_t in_negotiate_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
651 uint32_t out_negotiate_flags = 0;
652 const struct samr_Password *mach_password = NULL;
653 enum netr_SchannelType sec_chan_type = 0;
654 struct netlogon_creds_CredentialState *creds = NULL;
655 const char *account_name = NULL;
657 machine_name = cli_credentials_get_workstation(credentials);
658 mach_password = cli_credentials_get_nt_hash(credentials, tctx);
659 account_name = cli_credentials_get_username(credentials);
660 sec_chan_type = cli_credentials_get_secure_channel_type(credentials);
662 torture_comment(tctx, "Testing ServerReqChallenge\n");
664 r.in.server_name = NULL;
665 r.in.computer_name = machine_name;
666 r.in.credentials = &credentials1;
667 r.out.return_credentials = &credentials2;
670 * Set the first 5 bytes of the client challenge to the same value,
671 * this should fail CVE-2020-1472(ZeroLogon)
672 * BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
674 credentials1.data[0] = 'A';
675 credentials1.data[1] = 'A';
676 credentials1.data[2] = 'A';
677 credentials1.data[3] = 'A';
678 credentials1.data[4] = 'A';
679 credentials1.data[5] = 'B';
680 credentials1.data[6] = 'C';
681 credentials1.data[7] = 'D';
683 torture_assert_ntstatus_ok(
685 dcerpc_netr_ServerReqChallenge_r(b, tctx, &r),
686 "ServerReqChallenge failed");
687 torture_assert_ntstatus_ok(
690 "ServerReqChallenge failed");
691 a.in.server_name = NULL;
692 a.in.account_name = account_name;
693 a.in.secure_channel_type = sec_chan_type;
694 a.in.computer_name = machine_name;
695 a.in.negotiate_flags = &in_negotiate_flags;
696 a.out.negotiate_flags = &out_negotiate_flags;
697 a.in.credentials = &credentials3;
698 a.out.return_credentials = &credentials3;
700 creds = netlogon_creds_client_init(tctx, a.in.account_name,
702 a.in.secure_channel_type,
703 &credentials1, &credentials2,
704 mach_password, &credentials3,
707 torture_assert(tctx, creds != NULL, "memory allocation");
709 torture_comment(tctx, "Testing ServerAuthenticate2\n");
711 torture_assert_ntstatus_ok(
713 dcerpc_netr_ServerAuthenticate2_r(b, tctx, &a),
714 "ServerAuthenticate2 failed");
715 torture_assert_ntstatus_equal(
718 NT_STATUS_ACCESS_DENIED,
719 "ServerAuthenticate2 unexpected");
724 static bool test_ServerReqChallenge_4_repeats(
725 struct torture_context *tctx,
726 struct dcerpc_pipe *p,
727 struct cli_credentials *credentials)
729 struct netr_ServerReqChallenge r;
730 struct netr_Credential credentials1, credentials2, credentials3;
731 const char *machine_name;
732 struct dcerpc_binding_handle *b = p->binding_handle;
733 struct netr_ServerAuthenticate2 a;
734 uint32_t in_negotiate_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
735 uint32_t out_negotiate_flags = 0;
736 const struct samr_Password *mach_password = NULL;
737 enum netr_SchannelType sec_chan_type = 0;
738 struct netlogon_creds_CredentialState *creds = NULL;
739 const char *account_name = NULL;
741 machine_name = cli_credentials_get_workstation(credentials);
742 mach_password = cli_credentials_get_nt_hash(credentials, tctx);
743 account_name = cli_credentials_get_username(credentials);
744 sec_chan_type = cli_credentials_get_secure_channel_type(credentials);
746 torture_comment(tctx, "Testing ServerReqChallenge\n");
748 r.in.server_name = NULL;
749 r.in.computer_name = machine_name;
750 r.in.credentials = &credentials1;
751 r.out.return_credentials = &credentials2;
754 * Set the first 4 bytes of the client challenge to the same
755 * value, this should pass as 5 bytes identical are needed to
756 * fail for CVE-2020-1472(ZeroLogon)
758 * BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
760 credentials1.data[0] = 'A';
761 credentials1.data[1] = 'A';
762 credentials1.data[2] = 'A';
763 credentials1.data[3] = 'A';
764 credentials1.data[4] = 'B';
765 credentials1.data[5] = 'C';
766 credentials1.data[6] = 'D';
767 credentials1.data[7] = 'E';
769 torture_assert_ntstatus_ok(
771 dcerpc_netr_ServerReqChallenge_r(b, tctx, &r),
772 "ServerReqChallenge failed");
773 torture_assert_ntstatus_ok(
776 "ServerReqChallenge failed");
777 a.in.server_name = NULL;
778 a.in.account_name = account_name;
779 a.in.secure_channel_type = sec_chan_type;
780 a.in.computer_name = machine_name;
781 a.in.negotiate_flags = &in_negotiate_flags;
782 a.out.negotiate_flags = &out_negotiate_flags;
783 a.in.credentials = &credentials3;
784 a.out.return_credentials = &credentials3;
786 creds = netlogon_creds_client_init(tctx, a.in.account_name,
788 a.in.secure_channel_type,
789 &credentials1, &credentials2,
790 mach_password, &credentials3,
793 torture_assert(tctx, creds != NULL, "memory allocation");
795 torture_comment(tctx, "Testing ServerAuthenticate2\n");
797 torture_assert_ntstatus_ok(
799 dcerpc_netr_ServerAuthenticate2_r(b, tctx, &a),
800 "ServerAuthenticate2 failed");
801 torture_assert_ntstatus_equal(
805 "ServerAuthenticate2 unexpected");
811 * Establish a NetLogon session, using a session key that encrypts the
812 * target character to zero
814 static bool test_ServerAuthenticate2_encrypts_to_zero(
815 struct torture_context *tctx,
816 struct dcerpc_pipe *p,
817 struct cli_credentials *machine_credentials,
819 struct netlogon_creds_CredentialState **creds_out)
821 const char *computer_name =
822 cli_credentials_get_workstation(machine_credentials);
823 struct netr_ServerReqChallenge r;
824 struct netr_ServerAuthenticate2 a;
825 struct netr_Credential credentials1, credentials2, credentials3;
826 struct netlogon_creds_CredentialState *creds = NULL;
827 const struct samr_Password *mach_password;
828 struct dcerpc_binding_handle *b = p->binding_handle;
829 const char *account_name = cli_credentials_get_username(
830 machine_credentials);
832 NETLOGON_NEG_AUTH2_ADS_FLAGS |
833 NETLOGON_NEG_SUPPORTS_AES;
834 enum netr_SchannelType sec_chan_type =
835 cli_credentials_get_secure_channel_type(machine_credentials);
837 * Limit the number of attempts to generate a suitable session key.
839 const unsigned MAX_ITER = 4096;
842 mach_password = cli_credentials_get_nt_hash(machine_credentials, tctx);
844 r.in.server_name = NULL;
845 r.in.computer_name = computer_name;
846 r.in.credentials = &credentials1;
847 r.out.return_credentials = &credentials2;
849 netlogon_creds_random_challenge(&credentials1);
850 credentials1.data[0] = target;
852 torture_comment(tctx, "Generating candidate session keys\n");
857 torture_assert_ntstatus_ok(
859 dcerpc_netr_ServerReqChallenge_r(b, tctx, &r),
860 "ServerReqChallenge failed");
861 torture_assert_ntstatus_ok(
864 "ServerReqChallenge failed");
866 a.in.server_name = NULL;
867 a.in.account_name = account_name;
868 a.in.secure_channel_type = sec_chan_type;
869 a.in.computer_name = computer_name;
870 a.in.negotiate_flags = &flags;
871 a.out.negotiate_flags = &flags;
872 a.in.credentials = &credentials3;
873 a.out.return_credentials = &credentials3;
875 creds = netlogon_creds_client_init(
879 a.in.secure_channel_type,
886 torture_assert(tctx, creds != NULL, "memory allocation");
887 } while (credentials3.data[0] != 0 && i < MAX_ITER);
892 "Unable to obtain a suitable session key, "
893 "after [%u] attempts\n",
895 torture_fail(tctx, "Unable obtain suitable session key");
898 torture_assert_ntstatus_ok(
900 dcerpc_netr_ServerAuthenticate2_r(b, tctx, &a),
901 "ServerAuthenticate2 failed");
902 torture_assert_ntstatus_equal(
906 "ServerAuthenticate2 unexpected result code");
913 try a change password for our machine account
915 static bool test_SetPassword(struct torture_context *tctx,
916 struct dcerpc_pipe *p,
917 struct cli_credentials *machine_credentials)
919 struct netr_ServerPasswordSet r;
920 const char *password;
921 struct netlogon_creds_CredentialState *creds;
922 struct netr_Authenticator credential, return_authenticator;
923 struct samr_Password new_password;
924 struct dcerpc_binding_handle *b = p->binding_handle;
926 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
930 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
931 r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
932 r.in.secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
933 r.in.computer_name = TEST_MACHINE_NAME;
934 r.in.credential = &credential;
935 r.in.new_password = &new_password;
936 r.out.return_authenticator = &return_authenticator;
938 password = generate_random_password(tctx, 8, 255);
939 E_md4hash(password, new_password.hash);
941 netlogon_creds_des_encrypt(creds, &new_password);
943 torture_comment(tctx, "Testing ServerPasswordSet on machine account\n");
944 torture_comment(tctx, "Changing machine account password to '%s'\n",
947 netlogon_creds_client_authenticator(creds, &credential);
949 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerPasswordSet_r(b, tctx, &r),
950 "ServerPasswordSet failed");
951 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerPasswordSet failed");
953 if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
954 torture_comment(tctx, "Credential chaining failed\n");
957 /* by changing the machine password twice we test the
958 credentials chaining fully, and we verify that the server
959 allows the password to be set to the same value twice in a
960 row (match win2k3) */
961 torture_comment(tctx,
962 "Testing a second ServerPasswordSet on machine account\n");
963 torture_comment(tctx,
964 "Changing machine account password to '%s' (same as previous run)\n", password);
966 netlogon_creds_client_authenticator(creds, &credential);
968 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerPasswordSet_r(b, tctx, &r),
969 "ServerPasswordSet (2) failed");
970 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerPasswordSet (2) failed");
972 if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
973 torture_comment(tctx, "Credential chaining failed\n");
976 cli_credentials_set_password(machine_credentials, password, CRED_SPECIFIED);
979 test_SetupCredentials(p, tctx, machine_credentials, &creds),
980 "ServerPasswordSet failed to actually change the password");
986 try a change password for our machine account
988 static bool test_SetPassword_flags(struct torture_context *tctx,
989 struct dcerpc_pipe *p1,
990 struct cli_credentials *machine_credentials,
991 uint32_t negotiate_flags)
993 struct netr_ServerPasswordSet r;
994 const char *password;
995 struct netlogon_creds_CredentialState *creds;
996 struct netr_Authenticator credential, return_authenticator;
997 struct samr_Password new_password;
998 struct dcerpc_pipe *p = NULL;
999 struct dcerpc_binding_handle *b = NULL;
1001 if (!test_SetupCredentials2(p1, tctx, negotiate_flags,
1002 machine_credentials,
1003 cli_credentials_get_secure_channel_type(machine_credentials),
1007 if (!test_SetupCredentialsPipe(p1, tctx, machine_credentials, creds,
1008 DCERPC_SIGN | DCERPC_SEAL, &p)) {
1011 b = p->binding_handle;
1013 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1014 r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
1015 r.in.secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
1016 r.in.computer_name = TEST_MACHINE_NAME;
1017 r.in.credential = &credential;
1018 r.in.new_password = &new_password;
1019 r.out.return_authenticator = &return_authenticator;
1021 password = generate_random_password(tctx, 8, 255);
1022 E_md4hash(password, new_password.hash);
1024 netlogon_creds_des_encrypt(creds, &new_password);
1026 torture_comment(tctx, "Testing ServerPasswordSet on machine account\n");
1027 torture_comment(tctx, "Changing machine account password to '%s'\n",
1030 netlogon_creds_client_authenticator(creds, &credential);
1032 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerPasswordSet_r(b, tctx, &r),
1033 "ServerPasswordSet failed");
1034 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerPasswordSet failed");
1036 if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
1037 torture_comment(tctx, "Credential chaining failed\n");
1040 /* by changing the machine password twice we test the
1041 credentials chaining fully, and we verify that the server
1042 allows the password to be set to the same value twice in a
1043 row (match win2k3) */
1044 torture_comment(tctx,
1045 "Testing a second ServerPasswordSet on machine account\n");
1046 torture_comment(tctx,
1047 "Changing machine account password to '%s' (same as previous run)\n", password);
1049 netlogon_creds_client_authenticator(creds, &credential);
1051 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerPasswordSet_r(b, tctx, &r),
1052 "ServerPasswordSet (2) failed");
1053 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerPasswordSet (2) failed");
1055 if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
1056 torture_comment(tctx, "Credential chaining failed\n");
1059 cli_credentials_set_password(machine_credentials, password, CRED_SPECIFIED);
1061 torture_assert(tctx,
1062 test_SetupCredentials(p, tctx, machine_credentials, &creds),
1063 "ServerPasswordSet failed to actually change the password");
1070 generate a random password for password change tests
1072 static DATA_BLOB netlogon_very_rand_pass(TALLOC_CTX *mem_ctx, int len)
1075 DATA_BLOB password = data_blob_talloc(mem_ctx, NULL, len * 2 /* number of unicode chars */);
1076 generate_random_buffer(password.data, password.length);
1078 for (i=0; i < len; i++) {
1079 if (((uint16_t *)password.data)[i] == 0) {
1080 ((uint16_t *)password.data)[i] = 1;
1088 try a change password for our machine account
1090 static bool test_SetPassword2_with_flags(struct torture_context *tctx,
1091 struct dcerpc_pipe *p1,
1092 struct cli_credentials *machine_credentials,
1095 struct netr_ServerPasswordSet2 r;
1096 const char *password;
1097 DATA_BLOB new_random_pass;
1098 struct netlogon_creds_CredentialState *creds;
1099 struct samr_CryptPassword password_buf;
1100 struct samr_Password nt_hash;
1101 struct netr_Authenticator credential, return_authenticator;
1102 struct netr_CryptPassword new_password;
1103 struct dcerpc_pipe *p = NULL;
1104 struct dcerpc_binding_handle *b = NULL;
1106 if (!test_SetupCredentials2(p1, tctx, flags, machine_credentials,
1107 cli_credentials_get_secure_channel_type(machine_credentials),
1111 if (!test_SetupCredentialsPipe(p1, tctx, machine_credentials, creds,
1112 DCERPC_SIGN | DCERPC_SEAL, &p)) {
1115 b = p->binding_handle;
1117 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1118 r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
1119 r.in.secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
1120 r.in.computer_name = TEST_MACHINE_NAME;
1121 r.in.credential = &credential;
1122 r.in.new_password = &new_password;
1123 r.out.return_authenticator = &return_authenticator;
1125 password = generate_random_password(tctx, 8, 255);
1126 encode_pw_buffer(password_buf.data, password, STR_UNICODE);
1127 if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
1128 netlogon_creds_aes_encrypt(creds, password_buf.data, 516);
1130 netlogon_creds_arcfour_crypt(creds, password_buf.data, 516);
1133 memcpy(new_password.data, password_buf.data, 512);
1134 new_password.length = IVAL(password_buf.data, 512);
1136 torture_comment(tctx, "Testing ServerPasswordSet2 on machine account\n");
1137 torture_comment(tctx, "Changing machine account password to '%s'\n", password);
1139 netlogon_creds_client_authenticator(creds, &credential);
1141 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerPasswordSet2_r(b, tctx, &r),
1142 "ServerPasswordSet2 failed");
1143 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerPasswordSet2 failed");
1145 if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
1146 torture_comment(tctx, "Credential chaining failed\n");
1149 cli_credentials_set_password(machine_credentials, password, CRED_SPECIFIED);
1152 * As a consequence of CVE-2020-1472(ZeroLogon)
1153 * Samba explicitly disallows the setting of an empty machine account
1156 * Note that this may fail against Windows, and leave a machine account
1157 * with an empty password.
1160 encode_pw_buffer(password_buf.data, password, STR_UNICODE);
1161 if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
1162 netlogon_creds_aes_encrypt(creds, password_buf.data, 516);
1164 netlogon_creds_arcfour_crypt(creds, password_buf.data, 516);
1166 memcpy(new_password.data, password_buf.data, 512);
1167 new_password.length = IVAL(password_buf.data, 512);
1169 torture_comment(tctx,
1170 "Testing ServerPasswordSet2 on machine account\n");
1171 torture_comment(tctx,
1172 "Changing machine account password to '%s'\n", password);
1174 netlogon_creds_client_authenticator(creds, &credential);
1176 torture_assert_ntstatus_ok(
1177 tctx, dcerpc_netr_ServerPasswordSet2_r(b, tctx, &r),
1178 "ServerPasswordSet2 failed");
1179 torture_assert_ntstatus_equal(
1182 NT_STATUS_WRONG_PASSWORD,
1183 "ServerPasswordSet2 did not return NT_STATUS_WRONG_PASSWORD");
1185 /* now try a random password */
1186 password = generate_random_password(tctx, 8, 255);
1187 encode_pw_buffer(password_buf.data, password, STR_UNICODE);
1188 if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
1189 netlogon_creds_aes_encrypt(creds, password_buf.data, 516);
1191 netlogon_creds_arcfour_crypt(creds, password_buf.data, 516);
1193 memcpy(new_password.data, password_buf.data, 512);
1194 new_password.length = IVAL(password_buf.data, 512);
1196 torture_comment(tctx, "Testing second ServerPasswordSet2 on machine account\n");
1197 torture_comment(tctx, "Changing machine account password to '%s'\n", password);
1199 netlogon_creds_client_authenticator(creds, &credential);
1201 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerPasswordSet2_r(b, tctx, &r),
1202 "ServerPasswordSet2 (2) failed");
1203 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerPasswordSet2 (2) failed");
1205 if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
1206 torture_comment(tctx, "Credential chaining failed\n");
1209 /* by changing the machine password twice we test the
1210 credentials chaining fully, and we verify that the server
1211 allows the password to be set to the same value twice in a
1212 row (match win2k3) */
1213 torture_comment(tctx,
1214 "Testing a second ServerPasswordSet2 on machine account\n");
1215 torture_comment(tctx,
1216 "Changing machine account password to '%s' (same as previous run)\n", password);
1218 netlogon_creds_client_authenticator(creds, &credential);
1220 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerPasswordSet2_r(b, tctx, &r),
1221 "ServerPasswordSet (3) failed");
1222 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerPasswordSet (3) failed");
1224 if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
1225 torture_comment(tctx, "Credential chaining failed\n");
1228 cli_credentials_set_password(machine_credentials, password, CRED_SPECIFIED);
1230 torture_assert (tctx,
1231 test_SetupCredentials(p, tctx, machine_credentials, &creds),
1232 "ServerPasswordSet failed to actually change the password");
1234 new_random_pass = netlogon_very_rand_pass(tctx, 128);
1236 /* now try a random stream of bytes for a password */
1237 set_pw_in_buffer(password_buf.data, &new_random_pass);
1239 if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
1240 netlogon_creds_aes_encrypt(creds, password_buf.data, 516);
1242 netlogon_creds_arcfour_crypt(creds, password_buf.data, 516);
1245 memcpy(new_password.data, password_buf.data, 512);
1246 new_password.length = IVAL(password_buf.data, 512);
1248 torture_comment(tctx,
1249 "Testing a third ServerPasswordSet2 on machine account, with a completely random password\n");
1251 netlogon_creds_client_authenticator(creds, &credential);
1253 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerPasswordSet2_r(b, tctx, &r),
1254 "ServerPasswordSet (3) failed");
1255 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerPasswordSet (3) failed");
1257 if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
1258 torture_comment(tctx, "Credential chaining failed\n");
1261 mdfour(nt_hash.hash, new_random_pass.data, new_random_pass.length);
1263 cli_credentials_set_password(machine_credentials, NULL, CRED_UNINITIALISED);
1264 cli_credentials_set_nt_hash(machine_credentials, &nt_hash, CRED_SPECIFIED);
1266 torture_assert (tctx,
1267 test_SetupCredentials(p, tctx, machine_credentials, &creds),
1268 "ServerPasswordSet failed to actually change the password");
1274 try to change the password of our machine account using a buffer of all zeros,
1275 and a session key that encrypts that to all zeros.
1277 Note: The test does use sign and seal, it's purpose is to exercise
1278 the detection code in dcesrv_netr_ServerPasswordSet2
1280 static bool test_SetPassword2_encrypted_to_all_zeros(
1281 struct torture_context *tctx,
1282 struct dcerpc_pipe *p1,
1283 struct cli_credentials *machine_credentials)
1285 struct netr_ServerPasswordSet2 r;
1286 struct netlogon_creds_CredentialState *creds;
1287 struct samr_CryptPassword password_buf;
1288 struct netr_Authenticator credential, return_authenticator;
1289 struct netr_CryptPassword new_password;
1290 struct dcerpc_pipe *p = NULL;
1291 struct dcerpc_binding_handle *b = NULL;
1293 if (!test_ServerAuthenticate2_encrypts_to_zero(
1296 machine_credentials,
1303 if (!test_SetupCredentialsPipe(
1306 machine_credentials,
1308 DCERPC_SIGN | DCERPC_SEAL,
1313 b = p->binding_handle;
1315 r.in.server_name = talloc_asprintf(
1317 "\\\\%s", dcerpc_server_name(p));
1318 r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
1319 r.in.secure_channel_type =
1320 cli_credentials_get_secure_channel_type(machine_credentials);
1321 r.in.computer_name = TEST_MACHINE_NAME;
1322 r.in.credential = &credential;
1323 r.in.new_password = &new_password;
1324 r.out.return_authenticator = &return_authenticator;
1326 ZERO_STRUCT(password_buf);
1328 if (!(creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES)) {
1329 torture_fail(tctx, "NETLOGON_NEG_SUPPORTS_AES not set");
1331 netlogon_creds_aes_encrypt(creds, password_buf.data, 516);
1332 if(!all_zero(password_buf.data, 516)) {
1333 torture_fail(tctx, "Password did not encrypt to all zeros\n");
1336 memcpy(new_password.data, password_buf.data, 512);
1337 new_password.length = IVAL(password_buf.data, 512);
1338 torture_assert_int_equal(
1340 new_password.length,
1342 "Length should have encrypted to 0");
1344 netlogon_creds_client_authenticator(creds, &credential);
1346 torture_assert_ntstatus_ok(
1348 dcerpc_netr_ServerPasswordSet2_r(b, tctx, &r),
1349 "ServerPasswordSet2 zero length check failed");
1350 torture_assert_ntstatus_equal(
1351 tctx, r.out.result, NT_STATUS_WRONG_PASSWORD, "");
1357 * Choose a session key that encrypts a password of all zeros to all zeros.
1358 * Then try to set the password, using a zeroed buffer, with a non zero
1361 * This exercises the password self encryption check.
1363 * Note: The test does use sign and seal, it's purpose is to exercise
1364 * the detection code in dcesrv_netr_ServerPasswordSet2
1366 static bool test_SetPassword2_password_encrypts_to_zero(
1367 struct torture_context *tctx,
1368 struct dcerpc_pipe *p1,
1369 struct cli_credentials *machine_credentials)
1371 struct netr_ServerPasswordSet2 r;
1372 struct netlogon_creds_CredentialState *creds;
1373 struct samr_CryptPassword password_buf;
1374 struct netr_Authenticator credential, return_authenticator;
1375 struct netr_CryptPassword new_password;
1376 struct dcerpc_pipe *p = NULL;
1377 struct dcerpc_binding_handle *b = NULL;
1379 if (!test_ServerAuthenticate2_encrypts_to_zero(
1382 machine_credentials,
1389 if (!test_SetupCredentialsPipe(
1392 machine_credentials,
1394 DCERPC_SIGN | DCERPC_SEAL,
1399 b = p->binding_handle;
1401 r.in.server_name = talloc_asprintf(
1403 "\\\\%s", dcerpc_server_name(p));
1404 r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
1405 r.in.secure_channel_type =
1406 cli_credentials_get_secure_channel_type(machine_credentials);
1407 r.in.computer_name = TEST_MACHINE_NAME;
1408 r.in.credential = &credential;
1409 r.in.new_password = &new_password;
1410 r.out.return_authenticator = &return_authenticator;
1412 ZERO_STRUCT(password_buf);
1413 SIVAL(password_buf.data, 512, 512);
1415 if (!(creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES)) {
1416 torture_fail(tctx, "NETLOGON_NEG_SUPPORTS_AES not set");
1418 netlogon_creds_aes_encrypt(creds, password_buf.data, 516);
1420 memcpy(new_password.data, password_buf.data, 512);
1421 new_password.length = IVAL(password_buf.data, 512);
1423 netlogon_creds_client_authenticator(creds, &credential);
1425 torture_assert_ntstatus_ok(
1427 dcerpc_netr_ServerPasswordSet2_r(b, tctx, &r),
1428 "ServerPasswordSet2 password encrypts to zero check failed");
1429 torture_assert_ntstatus_equal(
1430 tctx, r.out.result, NT_STATUS_WRONG_PASSWORD, "");
1435 static bool test_SetPassword2(struct torture_context *tctx,
1436 struct dcerpc_pipe *p,
1437 struct cli_credentials *machine_credentials)
1439 return test_SetPassword2_with_flags(tctx, p, machine_credentials, NETLOGON_NEG_AUTH2_ADS_FLAGS);
1442 static bool test_SetPassword2_AES(struct torture_context *tctx,
1443 struct dcerpc_pipe *p,
1444 struct cli_credentials *machine_credentials)
1446 return test_SetPassword2_with_flags(tctx, p, machine_credentials, NETLOGON_NEG_AUTH2_ADS_FLAGS | NETLOGON_NEG_SUPPORTS_AES);
1449 static bool test_GetPassword(struct torture_context *tctx,
1450 struct dcerpc_pipe *p,
1451 struct cli_credentials *machine_credentials)
1453 struct netr_ServerPasswordGet r;
1454 struct netlogon_creds_CredentialState *creds;
1455 struct netr_Authenticator credential;
1457 struct netr_Authenticator return_authenticator;
1458 struct samr_Password password;
1459 struct dcerpc_binding_handle *b = p->binding_handle;
1461 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
1465 netlogon_creds_client_authenticator(creds, &credential);
1467 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1468 r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
1469 r.in.secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
1470 r.in.computer_name = TEST_MACHINE_NAME;
1471 r.in.credential = &credential;
1472 r.out.return_authenticator = &return_authenticator;
1473 r.out.password = &password;
1475 status = dcerpc_netr_ServerPasswordGet_r(b, tctx, &r);
1476 torture_assert_ntstatus_ok(tctx, status, "ServerPasswordGet");
1477 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerPasswordGet");
1482 static bool test_GetTrustPasswords(struct torture_context *tctx,
1483 struct dcerpc_pipe *p,
1484 struct cli_credentials *machine_credentials)
1486 struct netr_ServerTrustPasswordsGet r;
1487 struct netlogon_creds_CredentialState *creds;
1488 struct netr_Authenticator credential;
1489 struct netr_Authenticator return_authenticator;
1490 struct samr_Password password, password2;
1491 struct dcerpc_binding_handle *b = p->binding_handle;
1493 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
1497 netlogon_creds_client_authenticator(creds, &credential);
1499 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1500 r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
1501 r.in.secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
1502 r.in.computer_name = TEST_MACHINE_NAME;
1503 r.in.credential = &credential;
1504 r.out.return_authenticator = &return_authenticator;
1505 r.out.new_owf_password = &password;
1506 r.out.old_owf_password = &password2;
1508 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerTrustPasswordsGet_r(b, tctx, &r),
1509 "ServerTrustPasswordsGet failed");
1510 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerTrustPasswordsGet failed");
1516 try a netlogon SamLogon
1518 static bool test_netlogon_ops_args(struct dcerpc_pipe *p, struct torture_context *tctx,
1519 struct cli_credentials *credentials,
1520 struct netlogon_creds_CredentialState *creds,
1524 struct netr_LogonSamLogon r;
1525 struct netr_Authenticator auth, auth2;
1526 union netr_LogonLevel logon;
1527 union netr_Validation validation;
1528 uint8_t authoritative;
1529 struct netr_NetworkInfo ninfo;
1530 DATA_BLOB names_blob, chal, lm_resp, nt_resp;
1532 struct dcerpc_binding_handle *b = p->binding_handle;
1533 int flags = CLI_CRED_NTLM_AUTH;
1534 if (lpcfg_client_lanman_auth(tctx->lp_ctx)) {
1535 flags |= CLI_CRED_LANMAN_AUTH;
1538 if (lpcfg_client_ntlmv2_auth(tctx->lp_ctx) && !null_domain) {
1539 flags |= CLI_CRED_NTLMv2_AUTH;
1542 cli_credentials_get_ntlm_username_domain(popt_get_cmdline_credentials(),
1544 &ninfo.identity_info.account_name.string,
1545 &ninfo.identity_info.domain_name.string);
1548 ninfo.identity_info.domain_name.string = NULL;
1551 generate_random_buffer(ninfo.challenge,
1552 sizeof(ninfo.challenge));
1553 chal = data_blob_const(ninfo.challenge,
1554 sizeof(ninfo.challenge));
1556 names_blob = NTLMv2_generate_names_blob(tctx, cli_credentials_get_workstation(credentials),
1557 cli_credentials_get_domain(credentials));
1559 status = cli_credentials_get_ntlm_response(
1560 popt_get_cmdline_credentials(), tctx,
1563 NULL, /* server_timestamp */
1567 torture_assert_ntstatus_ok(tctx, status, "cli_credentials_get_ntlm_response failed");
1569 ninfo.lm.data = lm_resp.data;
1570 ninfo.lm.length = lm_resp.length;
1572 ninfo.nt.data = nt_resp.data;
1573 ninfo.nt.length = nt_resp.length;
1575 ninfo.identity_info.parameter_control = 0;
1576 ninfo.identity_info.logon_id = 0;
1577 ninfo.identity_info.workstation.string = cli_credentials_get_workstation(credentials);
1579 logon.network = &ninfo;
1581 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1582 r.in.computer_name = cli_credentials_get_workstation(credentials);
1583 r.in.credential = &auth;
1584 r.in.return_authenticator = &auth2;
1585 r.in.logon_level = NetlogonNetworkInformation;
1586 r.in.logon = &logon;
1587 r.out.validation = &validation;
1588 r.out.authoritative = &authoritative;
1590 d_printf("Testing LogonSamLogon with name %s\n", ninfo.identity_info.account_name.string);
1592 for (i=2;i<=3;i++) {
1594 netlogon_creds_client_authenticator(creds, &auth);
1596 r.in.validation_level = i;
1598 torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
1599 "LogonSamLogon failed");
1600 torture_assert_ntstatus_ok(tctx, r.out.result, "LogonSamLogon failed");
1602 torture_assert(tctx, netlogon_creds_client_check(creds,
1603 &r.out.return_authenticator->cred),
1604 "Credential chaining failed");
1605 torture_assert_int_equal(tctx, *r.out.authoritative, 1,
1606 "LogonSamLogon invalid *r.out.authoritative");
1609 /* this makes sure we get the unmarshalling right for invalid levels */
1610 for (i=52;i<53;i++) {
1612 /* the authenticator should be ignored by the server */
1613 generate_random_buffer((uint8_t *) &auth, sizeof(auth));
1615 r.in.validation_level = i;
1617 torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
1618 "LogonSamLogon failed");
1619 torture_assert_ntstatus_equal(tctx, r.out.result,
1620 NT_STATUS_INVALID_INFO_CLASS,
1621 "LogonSamLogon failed");
1623 torture_assert_int_equal(tctx, *r.out.authoritative, 1,
1624 "LogonSamLogon invalid *r.out.authoritative");
1625 torture_assert(tctx,
1626 all_zero((uint8_t *)&auth2, sizeof(auth2)),
1627 "Return authenticator non zero");
1630 for (i=2;i<=3;i++) {
1632 netlogon_creds_client_authenticator(creds, &auth);
1634 r.in.validation_level = i;
1636 torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
1637 "LogonSamLogon failed");
1638 torture_assert_ntstatus_ok(tctx, r.out.result, "LogonSamLogon failed");
1640 torture_assert(tctx, netlogon_creds_client_check(creds,
1641 &r.out.return_authenticator->cred),
1642 "Credential chaining failed");
1643 torture_assert_int_equal(tctx, *r.out.authoritative, 1,
1644 "LogonSamLogon invalid *r.out.authoritative");
1647 r.in.logon_level = 52;
1649 for (i=2;i<=3;i++) {
1651 /* the authenticator should be ignored by the server */
1652 generate_random_buffer((uint8_t *) &auth, sizeof(auth));
1654 r.in.validation_level = i;
1656 torture_comment(tctx, "Testing SamLogon with validation level %d and a NULL credential\n", i);
1658 torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
1659 "LogonSamLogon failed");
1660 torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_INVALID_PARAMETER,
1661 "LogonSamLogon expected INVALID_PARAMETER");
1663 torture_assert(tctx,
1664 all_zero((uint8_t *)&auth2, sizeof(auth2)),
1665 "Return authenticator non zero");
1666 torture_assert_int_equal(tctx, *r.out.authoritative, 1,
1667 "LogonSamLogon invalid *r.out.authoritative");
1670 r.in.credential = NULL;
1672 for (i=2;i<=3;i++) {
1675 r.in.validation_level = i;
1677 torture_comment(tctx, "Testing SamLogon with validation level %d and a NULL credential\n", i);
1679 torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
1680 "LogonSamLogon failed");
1681 torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_INVALID_PARAMETER,
1682 "LogonSamLogon expected INVALID_PARAMETER");
1684 torture_assert(tctx,
1685 all_zero((uint8_t *)&auth2, sizeof(auth2)),
1686 "Return authenticator non zero");
1687 torture_assert_int_equal(tctx, *r.out.authoritative, 1,
1688 "LogonSamLogon invalid *r.out.authoritative");
1691 r.in.logon_level = NetlogonNetworkInformation;
1692 r.in.credential = &auth;
1694 for (i=2;i<=3;i++) {
1696 netlogon_creds_client_authenticator(creds, &auth);
1698 r.in.validation_level = i;
1700 torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
1701 "LogonSamLogon failed");
1702 torture_assert_ntstatus_ok(tctx, r.out.result, "LogonSamLogon failed");
1704 torture_assert(tctx, netlogon_creds_client_check(creds,
1705 &r.out.return_authenticator->cred),
1706 "Credential chaining failed");
1707 torture_assert_int_equal(tctx, *r.out.authoritative, 1,
1708 "LogonSamLogon invalid *r.out.authoritative");
1714 bool test_netlogon_ops(struct dcerpc_pipe *p, struct torture_context *tctx,
1715 struct cli_credentials *credentials,
1716 struct netlogon_creds_CredentialState *creds)
1718 return test_netlogon_ops_args(p, tctx, credentials, creds, false);
1722 try a netlogon GetCapabilities
1724 bool test_netlogon_capabilities(struct dcerpc_pipe *p, struct torture_context *tctx,
1725 struct cli_credentials *credentials,
1726 struct netlogon_creds_CredentialState *creds)
1729 struct netr_LogonGetCapabilities r;
1730 union netr_Capabilities capabilities;
1731 struct netr_Authenticator auth, return_auth;
1732 struct netlogon_creds_CredentialState tmp_creds;
1733 struct dcerpc_binding_handle *b = p->binding_handle;
1735 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1736 r.in.computer_name = cli_credentials_get_workstation(credentials);
1737 r.in.credential = &auth;
1738 r.in.return_authenticator = &return_auth;
1739 r.in.query_level = 1;
1740 r.out.capabilities = &capabilities;
1741 r.out.return_authenticator = &return_auth;
1743 torture_comment(tctx, "Testing LogonGetCapabilities\n");
1745 ZERO_STRUCT(return_auth);
1748 * we need to operate on a temporary copy of creds
1749 * because dcerpc_netr_LogonGetCapabilities was
1750 * dcerpc_netr_DummyFunction and returns NT_STATUS_NOT_IMPLEMENTED
1751 * without looking a the authenticator.
1754 netlogon_creds_client_authenticator(&tmp_creds, &auth);
1756 status = dcerpc_netr_LogonGetCapabilities_r(b, tctx, &r);
1757 torture_assert_ntstatus_ok(tctx, status, "LogonGetCapabilities failed");
1758 if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_NOT_IMPLEMENTED)) {
1764 torture_assert(tctx, netlogon_creds_client_check(creds,
1765 &r.out.return_authenticator->cred),
1766 "Credential chaining failed");
1768 torture_assert_int_equal(tctx, creds->negotiate_flags,
1769 capabilities.server_capabilities,
1776 try a netlogon SamLogon
1778 static bool test_SamLogon(struct torture_context *tctx,
1779 struct dcerpc_pipe *p,
1780 struct cli_credentials *credentials)
1782 struct netlogon_creds_CredentialState *creds;
1784 if (!test_SetupCredentials(p, tctx, credentials, &creds)) {
1788 return test_netlogon_ops(p, tctx, credentials, creds);
1791 static bool test_invalidAuthenticate2(struct torture_context *tctx,
1792 struct dcerpc_pipe *p,
1793 struct cli_credentials *credentials)
1795 struct netlogon_creds_CredentialState *creds;
1796 uint32_t flags = NETLOGON_NEG_AUTH2_FLAGS | NETLOGON_NEG_SUPPORTS_AES;
1798 torture_comment(tctx, "Testing invalidAuthenticate2\n");
1800 if (!test_SetupCredentials2(p, tctx, flags,
1802 cli_credentials_get_secure_channel_type(credentials),
1807 if (!test_SetupCredentials2ex(p, tctx, flags,
1810 cli_credentials_get_secure_channel_type(credentials),
1811 STATUS_BUFFER_OVERFLOW,
1816 if (!test_SetupCredentials2ex(p, tctx, flags,
1819 cli_credentials_get_secure_channel_type(credentials),
1828 static bool test_ServerReqChallengeGlobal(struct torture_context *tctx,
1829 struct dcerpc_pipe *p1,
1830 struct cli_credentials *machine_credentials)
1832 uint32_t flags = NETLOGON_NEG_AUTH2_FLAGS | NETLOGON_NEG_SUPPORTS_AES;
1833 struct netr_ServerReqChallenge r;
1834 struct netr_ServerAuthenticate3 a;
1835 struct netr_Credential credentials1, credentials2, credentials3;
1836 struct netlogon_creds_CredentialState *creds;
1837 struct samr_Password mach_password;
1839 const char *machine_name;
1840 const char *plain_pass;
1841 struct dcerpc_binding_handle *b1 = p1->binding_handle;
1842 struct dcerpc_pipe *p2 = NULL;
1843 struct dcerpc_binding_handle *b2 = NULL;
1845 machine_name = cli_credentials_get_workstation(machine_credentials);
1846 torture_assert(tctx, machine_name != NULL, "machine_name");
1847 plain_pass = cli_credentials_get_password(machine_credentials);
1848 torture_assert(tctx, plain_pass != NULL, "plain_pass");
1850 torture_comment(tctx, "Testing ServerReqChallenge on b1\n");
1852 torture_assert_ntstatus_ok(tctx,
1853 dcerpc_pipe_connect_b(tctx, &p2, p1->binding,
1854 &ndr_table_netlogon,
1855 machine_credentials,
1856 tctx->ev, tctx->lp_ctx),
1857 "dcerpc_pipe_connect_b failed");
1858 b2 = p2->binding_handle;
1860 r.in.server_name = NULL;
1861 r.in.computer_name = machine_name;
1862 r.in.credentials = &credentials1;
1863 r.out.return_credentials = &credentials2;
1865 netlogon_creds_random_challenge(&credentials1);
1867 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b1, tctx, &r),
1868 "ServerReqChallenge failed on b1");
1869 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerReqChallenge failed on b1");
1871 E_md4hash(plain_pass, mach_password.hash);
1873 a.in.server_name = NULL;
1874 a.in.account_name = talloc_asprintf(tctx, "%s$", machine_name);
1875 a.in.secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
1876 a.in.computer_name = machine_name;
1877 a.in.negotiate_flags = &flags;
1878 a.in.credentials = &credentials3;
1879 a.out.return_credentials = &credentials3;
1880 a.out.negotiate_flags = &flags;
1883 creds = netlogon_creds_client_init(tctx, a.in.account_name,
1885 a.in.secure_channel_type,
1886 &credentials1, &credentials2,
1887 &mach_password, &credentials3,
1890 torture_assert(tctx, creds != NULL, "memory allocation");
1892 torture_comment(tctx, "Testing ServerAuthenticate3 on b2\n");
1894 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerAuthenticate3_r(b2, tctx, &a),
1895 "ServerAuthenticate3 failed on b2");
1896 torture_assert_ntstatus_ok(tctx, a.out.result, "ServerAuthenticate3 failed on b2");
1897 torture_assert(tctx, netlogon_creds_client_check(creds, &credentials3), "Credential chaining failed");
1903 * Test the re-use of the challenge is not possible on a third
1904 * connection, after first useing it second one.
1907 static bool test_ServerReqChallengeReuseGlobal(struct torture_context *tctx,
1908 struct dcerpc_pipe *p1,
1909 struct cli_credentials *machine_credentials)
1911 uint32_t flags = NETLOGON_NEG_AUTH2_FLAGS | NETLOGON_NEG_SUPPORTS_AES;
1912 struct netr_ServerReqChallenge r;
1913 struct netr_ServerAuthenticate3 a;
1914 struct netr_Credential credentials1, credentials2, credentials3;
1915 struct netlogon_creds_CredentialState *creds;
1916 struct samr_Password mach_password;
1918 const char *machine_name;
1919 const char *plain_pass;
1920 struct dcerpc_binding_handle *b1 = p1->binding_handle;
1921 struct dcerpc_pipe *p2 = NULL;
1922 struct dcerpc_binding_handle *b2 = NULL;
1923 struct dcerpc_pipe *p3 = NULL;
1924 struct dcerpc_binding_handle *b3 = NULL;
1926 machine_name = cli_credentials_get_workstation(machine_credentials);
1927 torture_assert(tctx, machine_name != NULL, "machine_name");
1928 plain_pass = cli_credentials_get_password(machine_credentials);
1929 torture_assert(tctx, plain_pass != NULL, "plain_pass");
1931 torture_comment(tctx, "Testing ServerReqChallenge on b1\n");
1933 torture_assert_ntstatus_ok(tctx,
1934 dcerpc_pipe_connect_b(tctx, &p2, p1->binding,
1935 &ndr_table_netlogon,
1936 machine_credentials,
1937 tctx->ev, tctx->lp_ctx),
1938 "dcerpc_pipe_connect_b failed");
1939 b2 = p2->binding_handle;
1941 torture_assert_ntstatus_ok(tctx,
1942 dcerpc_pipe_connect_b(tctx, &p3, p1->binding,
1943 &ndr_table_netlogon,
1944 machine_credentials,
1945 tctx->ev, tctx->lp_ctx),
1946 "dcerpc_pipe_connect_b failed");
1947 b3 = p3->binding_handle;
1949 r.in.server_name = NULL;
1950 r.in.computer_name = machine_name;
1951 r.in.credentials = &credentials1;
1952 r.out.return_credentials = &credentials2;
1954 netlogon_creds_random_challenge(&credentials1);
1956 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b1, tctx, &r),
1957 "ServerReqChallenge failed on b1");
1958 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerReqChallenge failed on b1");
1960 E_md4hash(plain_pass, mach_password.hash);
1962 a.in.server_name = NULL;
1963 a.in.account_name = talloc_asprintf(tctx, "%s$", machine_name);
1964 a.in.secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
1965 a.in.computer_name = machine_name;
1966 a.in.negotiate_flags = &flags;
1967 a.in.credentials = &credentials3;
1968 a.out.return_credentials = &credentials3;
1969 a.out.negotiate_flags = &flags;
1972 creds = netlogon_creds_client_init(tctx, a.in.account_name,
1974 a.in.secure_channel_type,
1975 &credentials1, &credentials2,
1976 &mach_password, &credentials3,
1979 torture_assert(tctx, creds != NULL, "memory allocation");
1981 torture_comment(tctx, "Testing ServerAuthenticate3 on b2\n");
1983 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerAuthenticate3_r(b2, tctx, &a),
1984 "ServerAuthenticate3 failed on b2");
1985 torture_assert_ntstatus_ok(tctx, a.out.result, "ServerAuthenticate3 failed on b2");
1986 torture_assert(tctx, netlogon_creds_client_check(creds, &credentials3), "Credential chaining failed");
1988 /* We have to re-run this part */
1989 creds = netlogon_creds_client_init(tctx, a.in.account_name,
1991 a.in.secure_channel_type,
1992 &credentials1, &credentials2,
1993 &mach_password, &credentials3,
1996 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerAuthenticate3_r(b3, tctx, &a),
1997 "ServerAuthenticate3 failed on b3");
1998 torture_assert_ntstatus_equal(tctx, a.out.result, NT_STATUS_ACCESS_DENIED,
1999 "ServerAuthenticate3 should have failed on b3, due to credential reuse");
2004 * Test if use of the per-pipe challenge will wipe out the globally cached challenge
2006 static bool test_ServerReqChallengeReuseGlobal2(struct torture_context *tctx,
2007 struct dcerpc_pipe *p1,
2008 struct cli_credentials *machine_credentials)
2010 uint32_t flags = NETLOGON_NEG_AUTH2_FLAGS | NETLOGON_NEG_SUPPORTS_AES;
2011 struct netr_ServerReqChallenge r;
2012 struct netr_ServerAuthenticate3 a;
2013 struct netr_Credential credentials1, credentials2, credentials3;
2014 struct netlogon_creds_CredentialState *creds;
2015 struct samr_Password mach_password;
2017 const char *machine_name;
2018 const char *plain_pass;
2019 struct dcerpc_binding_handle *b1 = p1->binding_handle;
2020 struct dcerpc_pipe *p2 = NULL;
2021 struct dcerpc_binding_handle *b2 = NULL;
2023 machine_name = cli_credentials_get_workstation(machine_credentials);
2024 torture_assert(tctx, machine_name != NULL, "machine_name");
2025 plain_pass = cli_credentials_get_password(machine_credentials);
2026 torture_assert(tctx, plain_pass != NULL, "plain_pass");
2028 torture_comment(tctx, "Testing ServerReqChallenge on b1\n");
2030 torture_assert_ntstatus_ok(tctx,
2031 dcerpc_pipe_connect_b(tctx, &p2, p1->binding,
2032 &ndr_table_netlogon,
2033 machine_credentials,
2034 tctx->ev, tctx->lp_ctx),
2035 "dcerpc_pipe_connect_b failed");
2036 b2 = p2->binding_handle;
2038 r.in.server_name = NULL;
2039 r.in.computer_name = machine_name;
2040 r.in.credentials = &credentials1;
2041 r.out.return_credentials = &credentials2;
2043 netlogon_creds_random_challenge(&credentials1);
2045 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b1, tctx, &r),
2046 "ServerReqChallenge failed on b1");
2047 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerReqChallenge failed on b1");
2049 E_md4hash(plain_pass, mach_password.hash);
2051 a.in.server_name = NULL;
2052 a.in.account_name = talloc_asprintf(tctx, "%s$", machine_name);
2053 a.in.secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
2054 a.in.computer_name = machine_name;
2055 a.in.negotiate_flags = &flags;
2056 a.in.credentials = &credentials3;
2057 a.out.return_credentials = &credentials3;
2058 a.out.negotiate_flags = &flags;
2061 creds = netlogon_creds_client_init(tctx, a.in.account_name,
2063 a.in.secure_channel_type,
2064 &credentials1, &credentials2,
2065 &mach_password, &credentials3,
2068 torture_assert(tctx, creds != NULL, "memory allocation");
2070 torture_comment(tctx, "Testing ServerAuthenticate3 on b2\n");
2072 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerAuthenticate3_r(b1, tctx, &a),
2073 "ServerAuthenticate3 failed on b");
2074 torture_assert_ntstatus_ok(tctx, a.out.result, "ServerAuthenticate3 failed on b");
2075 torture_assert(tctx, netlogon_creds_client_check(creds, &credentials3), "Credential chaining failed");
2077 /* We have to re-run this part */
2078 creds = netlogon_creds_client_init(tctx, a.in.account_name,
2080 a.in.secure_channel_type,
2081 &credentials1, &credentials2,
2082 &mach_password, &credentials3,
2085 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerAuthenticate3_r(b2, tctx, &a),
2086 "ServerAuthenticate3 failed on b2");
2087 torture_assert_ntstatus_equal(tctx, a.out.result, NT_STATUS_ACCESS_DENIED,
2088 "ServerAuthenticate3 should have failed on b2, due to credential reuse");
2093 * Test if use of the globally cached challenge will wipe out the
2094 * per-pipe challenge
2096 static bool test_ServerReqChallengeReuseGlobal3(struct torture_context *tctx,
2097 struct dcerpc_pipe *p1,
2098 struct cli_credentials *machine_credentials)
2100 uint32_t flags = NETLOGON_NEG_AUTH2_FLAGS | NETLOGON_NEG_SUPPORTS_AES;
2101 struct netr_ServerReqChallenge r;
2102 struct netr_ServerAuthenticate3 a;
2103 struct netr_Credential credentials1, credentials2, credentials3;
2104 struct netlogon_creds_CredentialState *creds;
2105 struct samr_Password mach_password;
2107 const char *machine_name;
2108 const char *plain_pass;
2109 struct dcerpc_binding_handle *b1 = p1->binding_handle;
2110 struct dcerpc_pipe *p2 = NULL;
2111 struct dcerpc_binding_handle *b2 = NULL;
2113 machine_name = cli_credentials_get_workstation(machine_credentials);
2114 torture_assert(tctx, machine_name != NULL, "machine_name");
2115 plain_pass = cli_credentials_get_password(machine_credentials);
2116 torture_assert(tctx, plain_pass != NULL, "plain_pass");
2118 torture_comment(tctx, "Testing ServerReqChallenge on b1\n");
2120 torture_assert_ntstatus_ok(tctx,
2121 dcerpc_pipe_connect_b(tctx, &p2, p1->binding,
2122 &ndr_table_netlogon,
2123 machine_credentials,
2124 tctx->ev, tctx->lp_ctx),
2125 "dcerpc_pipe_connect_b failed");
2126 b2 = p2->binding_handle;
2128 r.in.server_name = NULL;
2129 r.in.computer_name = machine_name;
2130 r.in.credentials = &credentials1;
2131 r.out.return_credentials = &credentials2;
2133 netlogon_creds_random_challenge(&credentials1);
2135 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b1, tctx, &r),
2136 "ServerReqChallenge failed on b1");
2137 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerReqChallenge failed on b1");
2139 E_md4hash(plain_pass, mach_password.hash);
2141 a.in.server_name = NULL;
2142 a.in.account_name = talloc_asprintf(tctx, "%s$", machine_name);
2143 a.in.secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
2144 a.in.computer_name = machine_name;
2145 a.in.negotiate_flags = &flags;
2146 a.in.credentials = &credentials3;
2147 a.out.return_credentials = &credentials3;
2148 a.out.negotiate_flags = &flags;
2151 creds = netlogon_creds_client_init(tctx, a.in.account_name,
2153 a.in.secure_channel_type,
2154 &credentials1, &credentials2,
2155 &mach_password, &credentials3,
2158 torture_assert(tctx, creds != NULL, "memory allocation");
2160 torture_comment(tctx, "Testing ServerAuthenticate3 on b2\n");
2162 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerAuthenticate3_r(b2, tctx, &a),
2163 "ServerAuthenticate3 failed on b2");
2164 torture_assert_ntstatus_ok(tctx, a.out.result, "ServerAuthenticate3 failed on b");
2165 torture_assert(tctx, netlogon_creds_client_check(creds, &credentials3), "Credential chaining failed");
2167 /* We have to re-run this part */
2168 creds = netlogon_creds_client_init(tctx, a.in.account_name,
2170 a.in.secure_channel_type,
2171 &credentials1, &credentials2,
2172 &mach_password, &credentials3,
2175 torture_assert(tctx, creds != NULL, "memory allocation");
2177 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerAuthenticate3_r(b1, tctx, &a),
2178 "ServerAuthenticate3 failed on b1");
2179 torture_assert_ntstatus_equal(tctx, a.out.result, NT_STATUS_ACCESS_DENIED,
2180 "ServerAuthenticate3 should have failed on b1, due to credential reuse");
2185 * Test if more than one globally cached challenge works
2187 static bool test_ServerReqChallengeReuseGlobal4(struct torture_context *tctx,
2188 struct dcerpc_pipe *p1,
2189 struct cli_credentials *machine_credentials)
2191 uint32_t flags = NETLOGON_NEG_AUTH2_FLAGS | NETLOGON_NEG_SUPPORTS_AES;
2192 struct netr_ServerReqChallenge r;
2193 struct netr_ServerAuthenticate3 a;
2194 struct netr_Credential credentials1, credentials1_random,
2195 credentials2, credentials3, credentials_discard;
2196 struct netlogon_creds_CredentialState *creds;
2197 struct samr_Password mach_password;
2199 const char *machine_name;
2200 const char *plain_pass;
2201 struct dcerpc_binding_handle *b1 = p1->binding_handle;
2202 struct dcerpc_pipe *p2 = NULL;
2203 struct dcerpc_binding_handle *b2 = NULL;
2205 machine_name = cli_credentials_get_workstation(machine_credentials);
2206 torture_assert(tctx, machine_name != NULL, "machine_name");
2207 plain_pass = cli_credentials_get_password(machine_credentials);
2208 torture_assert(tctx, plain_pass != NULL, "plain_pass");
2210 torture_comment(tctx, "Testing ServerReqChallenge on b1\n");
2212 torture_assert_ntstatus_ok(tctx,
2213 dcerpc_pipe_connect_b(tctx, &p2, p1->binding,
2214 &ndr_table_netlogon,
2215 machine_credentials,
2216 tctx->ev, tctx->lp_ctx),
2217 "dcerpc_pipe_connect_b failed");
2218 b2 = p2->binding_handle;
2220 r.in.server_name = NULL;
2221 r.in.computer_name = "CHALTEST1";
2222 r.in.credentials = &credentials1_random;
2223 r.out.return_credentials = &credentials_discard;
2225 netlogon_creds_random_challenge(&credentials1_random);
2227 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b1, tctx, &r),
2228 "ServerReqChallenge failed on b1");
2229 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerReqChallenge failed on b1");
2231 /* Now ask for the actual client name */
2232 r.in.server_name = NULL;
2233 r.in.computer_name = machine_name;
2234 r.in.credentials = &credentials1;
2235 r.out.return_credentials = &credentials2;
2237 netlogon_creds_random_challenge(&credentials1);
2239 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b1, tctx, &r),
2240 "ServerReqChallenge failed on b1");
2241 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerReqChallenge failed on b1");
2243 r.in.server_name = NULL;
2244 r.in.computer_name = "CHALTEST2";
2245 r.in.credentials = &credentials1_random;
2246 r.out.return_credentials = &credentials_discard;
2248 netlogon_creds_random_challenge(&credentials1_random);
2250 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b1, tctx, &r),
2251 "ServerReqChallenge failed on b1");
2252 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerReqChallenge failed on b1");
2254 E_md4hash(plain_pass, mach_password.hash);
2256 a.in.server_name = NULL;
2257 a.in.account_name = talloc_asprintf(tctx, "%s$", machine_name);
2258 a.in.secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
2259 a.in.computer_name = machine_name;
2260 a.in.negotiate_flags = &flags;
2261 a.in.credentials = &credentials3;
2262 a.out.return_credentials = &credentials3;
2263 a.out.negotiate_flags = &flags;
2266 creds = netlogon_creds_client_init(tctx, a.in.account_name,
2268 a.in.secure_channel_type,
2269 &credentials1, &credentials2,
2270 &mach_password, &credentials3,
2273 torture_assert(tctx, creds != NULL, "memory allocation");
2275 torture_comment(tctx, "Testing ServerAuthenticate3 on b2 (must use global credentials)\n");
2277 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerAuthenticate3_r(b2, tctx, &a),
2278 "ServerAuthenticate3 failed on b2");
2279 torture_assert_ntstatus_ok(tctx, a.out.result, "ServerAuthenticate3 failed on b2");
2280 torture_assert(tctx, netlogon_creds_client_check(creds, &credentials3), "Credential chaining failed");
2282 /* We have to re-run this part */
2283 creds = netlogon_creds_client_init(tctx, a.in.account_name,
2285 a.in.secure_channel_type,
2286 &credentials1, &credentials2,
2287 &mach_password, &credentials3,
2290 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerAuthenticate3_r(b1, tctx, &a),
2291 "ServerAuthenticate3 failed on b1");
2292 torture_assert_ntstatus_equal(tctx, a.out.result, NT_STATUS_ACCESS_DENIED,
2293 "ServerAuthenticate3 should have failed on b1, due to credential reuse");
2297 static bool test_ServerReqChallengeReuse(struct torture_context *tctx,
2298 struct dcerpc_pipe *p,
2299 struct cli_credentials *machine_credentials)
2301 uint32_t flags = NETLOGON_NEG_AUTH2_FLAGS | NETLOGON_NEG_SUPPORTS_AES;
2302 struct netr_ServerReqChallenge r;
2303 struct netr_ServerAuthenticate3 a;
2304 struct netr_Credential credentials1, credentials2, credentials3;
2305 struct netlogon_creds_CredentialState *creds;
2306 struct samr_Password mach_password;
2308 const char *machine_name;
2309 const char *plain_pass;
2310 struct dcerpc_binding_handle *b = p->binding_handle;
2312 machine_name = cli_credentials_get_workstation(machine_credentials);
2313 torture_assert(tctx, machine_name != NULL, "machine_name");
2314 plain_pass = cli_credentials_get_password(machine_credentials);
2315 torture_assert(tctx, plain_pass != NULL, "plain_pass");
2317 torture_comment(tctx, "Testing ServerReqChallenge on b1\n");
2319 r.in.server_name = NULL;
2320 r.in.computer_name = machine_name;
2321 r.in.credentials = &credentials1;
2322 r.out.return_credentials = &credentials2;
2324 netlogon_creds_random_challenge(&credentials1);
2326 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b, tctx, &r),
2327 "ServerReqChallenge");
2328 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerReqChallenge failed on b1");
2330 E_md4hash(plain_pass, mach_password.hash);
2332 a.in.server_name = NULL;
2333 a.in.account_name = talloc_asprintf(tctx, "%s$", machine_name);
2334 a.in.secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
2335 a.in.computer_name = machine_name;
2336 a.in.negotiate_flags = &flags;
2337 a.in.credentials = &credentials3;
2338 a.out.return_credentials = &credentials3;
2339 a.out.negotiate_flags = &flags;
2342 creds = netlogon_creds_client_init(tctx, a.in.account_name,
2344 a.in.secure_channel_type,
2345 &credentials1, &credentials2,
2346 &mach_password, &credentials3,
2349 torture_assert(tctx, creds != NULL, "memory allocation");
2351 torture_comment(tctx, "Testing ServerAuthenticate3\n");
2353 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerAuthenticate3_r(b, tctx, &a),
2354 "ServerAuthenticate3 failed");
2355 torture_assert_ntstatus_ok(tctx, a.out.result, "ServerAuthenticate3 failed");
2356 torture_assert(tctx, netlogon_creds_client_check(creds, &credentials3), "Credential chaining failed");
2358 /* We have to re-run this part */
2359 creds = netlogon_creds_client_init(tctx, a.in.account_name,
2361 a.in.secure_channel_type,
2362 &credentials1, &credentials2,
2363 &mach_password, &credentials3,
2366 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerAuthenticate3_r(b, tctx, &a),
2367 "ServerAuthenticate3 failed");
2368 torture_assert_ntstatus_equal(tctx, a.out.result, NT_STATUS_ACCESS_DENIED,
2369 "ServerAuthenticate3 should have failed on b3, due to credential reuse");
2371 ZERO_STRUCT(credentials1.data);
2372 ZERO_STRUCT(credentials2.data);
2373 creds = netlogon_creds_client_init(tctx, a.in.account_name,
2375 a.in.secure_channel_type,
2376 &credentials1, &credentials2,
2377 &mach_password, &credentials3,
2380 torture_assert(tctx, creds != NULL, "memory allocation");
2382 torture_comment(tctx, "Testing ServerAuthenticate3 with zero'ed challenge\n");
2384 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerAuthenticate3_r(b, tctx, &a),
2385 "ServerAuthenticate3 failed");
2386 torture_assert_ntstatus_equal(tctx, a.out.result, NT_STATUS_ACCESS_DENIED,
2387 "ServerAuthenticate3 should have failed on b3, due to credential reuse");
2391 static bool test_SamLogon_NULL_domain(struct torture_context *tctx,
2392 struct dcerpc_pipe *p,
2393 struct cli_credentials *credentials)
2395 struct netlogon_creds_CredentialState *creds;
2397 if (!test_SetupCredentials(p, tctx, credentials, &creds)) {
2401 return test_netlogon_ops_args(p, tctx, credentials, creds, true);
2404 /* we remember the sequence numbers so we can easily do a DatabaseDelta */
2405 static uint64_t sequence_nums[3];
2408 try a netlogon DatabaseSync
2410 static bool test_DatabaseSync(struct torture_context *tctx,
2411 struct dcerpc_pipe *p,
2412 struct cli_credentials *machine_credentials)
2414 struct netr_DatabaseSync r;
2415 struct netlogon_creds_CredentialState *creds;
2416 const uint32_t database_ids[] = {SAM_DATABASE_DOMAIN, SAM_DATABASE_BUILTIN, SAM_DATABASE_PRIVS};
2418 struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
2419 struct netr_Authenticator credential, return_authenticator;
2420 struct dcerpc_binding_handle *b = p->binding_handle;
2422 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
2426 ZERO_STRUCT(return_authenticator);
2428 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
2429 r.in.computername = TEST_MACHINE_NAME;
2430 r.in.preferredmaximumlength = (uint32_t)-1;
2431 r.in.return_authenticator = &return_authenticator;
2432 r.out.delta_enum_array = &delta_enum_array;
2433 r.out.return_authenticator = &return_authenticator;
2435 for (i=0;i<ARRAY_SIZE(database_ids);i++) {
2437 uint32_t sync_context = 0;
2439 r.in.database_id = database_ids[i];
2440 r.in.sync_context = &sync_context;
2441 r.out.sync_context = &sync_context;
2443 torture_comment(tctx, "Testing DatabaseSync of id %d\n", r.in.database_id);
2446 netlogon_creds_client_authenticator(creds, &credential);
2448 r.in.credential = &credential;
2450 torture_assert_ntstatus_ok(tctx, dcerpc_netr_DatabaseSync_r(b, tctx, &r),
2451 "DatabaseSync failed");
2452 if (NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES))
2455 /* Native mode servers don't do this */
2456 if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_NOT_SUPPORTED)) {
2459 torture_assert_ntstatus_ok(tctx, r.out.result, "DatabaseSync");
2461 if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
2462 torture_comment(tctx, "Credential chaining failed\n");
2465 if (delta_enum_array &&
2466 delta_enum_array->num_deltas > 0 &&
2467 delta_enum_array->delta_enum[0].delta_type == NETR_DELTA_DOMAIN &&
2468 delta_enum_array->delta_enum[0].delta_union.domain) {
2469 sequence_nums[r.in.database_id] =
2470 delta_enum_array->delta_enum[0].delta_union.domain->sequence_num;
2471 torture_comment(tctx, "\tsequence_nums[%d]=%llu\n",
2473 (unsigned long long)sequence_nums[r.in.database_id]);
2475 } while (NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES));
2483 try a netlogon DatabaseDeltas
2485 static bool test_DatabaseDeltas(struct torture_context *tctx,
2486 struct dcerpc_pipe *p,
2487 struct cli_credentials *machine_credentials)
2489 struct netr_DatabaseDeltas r;
2490 struct netlogon_creds_CredentialState *creds;
2491 struct netr_Authenticator credential;
2492 struct netr_Authenticator return_authenticator;
2493 struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
2494 const uint32_t database_ids[] = {0, 1, 2};
2496 struct dcerpc_binding_handle *b = p->binding_handle;
2498 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
2502 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
2503 r.in.computername = TEST_MACHINE_NAME;
2504 r.in.preferredmaximumlength = (uint32_t)-1;
2505 ZERO_STRUCT(r.in.return_authenticator);
2506 r.out.return_authenticator = &return_authenticator;
2507 r.out.delta_enum_array = &delta_enum_array;
2509 for (i=0;i<ARRAY_SIZE(database_ids);i++) {
2510 r.in.database_id = database_ids[i];
2511 r.in.sequence_num = &sequence_nums[r.in.database_id];
2513 if (*r.in.sequence_num == 0) continue;
2515 *r.in.sequence_num -= 1;
2517 torture_comment(tctx, "Testing DatabaseDeltas of id %d at %llu\n",
2518 r.in.database_id, (unsigned long long)*r.in.sequence_num);
2521 netlogon_creds_client_authenticator(creds, &credential);
2523 torture_assert_ntstatus_ok(tctx, dcerpc_netr_DatabaseDeltas_r(b, tctx, &r),
2524 "DatabaseDeltas failed");
2525 if (NT_STATUS_EQUAL(r.out.result,
2526 NT_STATUS_SYNCHRONIZATION_REQUIRED)) {
2527 torture_comment(tctx, "not considering %s to be an error\n",
2528 nt_errstr(r.out.result));
2531 if (NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES))
2534 torture_assert_ntstatus_ok(tctx, r.out.result, "DatabaseDeltas");
2536 if (!netlogon_creds_client_check(creds, &return_authenticator.cred)) {
2537 torture_comment(tctx, "Credential chaining failed\n");
2540 (*r.in.sequence_num)++;
2541 } while (NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES));
2547 static bool test_DatabaseRedo(struct torture_context *tctx,
2548 struct dcerpc_pipe *p,
2549 struct cli_credentials *machine_credentials)
2551 struct netr_DatabaseRedo r;
2552 struct netlogon_creds_CredentialState *creds;
2553 struct netr_Authenticator credential;
2554 struct netr_Authenticator return_authenticator;
2555 struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
2556 struct netr_ChangeLogEntry e;
2557 struct dom_sid null_sid, *sid;
2559 struct dcerpc_binding_handle *b = p->binding_handle;
2561 ZERO_STRUCT(null_sid);
2563 sid = dom_sid_parse_talloc(tctx, "S-1-5-21-1111111111-2222222222-333333333-500");
2574 NTSTATUS expected_error;
2575 uint32_t expected_num_results;
2576 uint8_t expected_delta_type_1;
2577 uint8_t expected_delta_type_2;
2578 const char *comment;
2581 /* SAM_DATABASE_DOMAIN */
2586 .db_index = SAM_DATABASE_DOMAIN,
2587 .delta_type = NETR_DELTA_MODIFY_COUNT,
2590 .expected_error = NT_STATUS_SYNCHRONIZATION_REQUIRED,
2591 .expected_num_results = 0,
2592 .comment = "NETR_DELTA_MODIFY_COUNT"
2597 .db_index = SAM_DATABASE_DOMAIN,
2601 .expected_error = NT_STATUS_OK,
2602 .expected_num_results = 1,
2603 .expected_delta_type_1 = NETR_DELTA_DOMAIN,
2604 .comment = "NULL DELTA"
2609 .db_index = SAM_DATABASE_DOMAIN,
2610 .delta_type = NETR_DELTA_DOMAIN,
2613 .expected_error = NT_STATUS_OK,
2614 .expected_num_results = 1,
2615 .expected_delta_type_1 = NETR_DELTA_DOMAIN,
2616 .comment = "NETR_DELTA_DOMAIN"
2619 .rid = DOMAIN_RID_ADMINISTRATOR,
2621 .db_index = SAM_DATABASE_DOMAIN,
2622 .delta_type = NETR_DELTA_USER,
2625 .expected_error = NT_STATUS_OK,
2626 .expected_num_results = 1,
2627 .expected_delta_type_1 = NETR_DELTA_USER,
2628 .comment = "NETR_DELTA_USER by rid 500"
2631 .rid = DOMAIN_RID_GUEST,
2633 .db_index = SAM_DATABASE_DOMAIN,
2634 .delta_type = NETR_DELTA_USER,
2637 .expected_error = NT_STATUS_OK,
2638 .expected_num_results = 1,
2639 .expected_delta_type_1 = NETR_DELTA_USER,
2640 .comment = "NETR_DELTA_USER by rid 501"
2644 .flags = NETR_CHANGELOG_SID_INCLUDED,
2645 .db_index = SAM_DATABASE_DOMAIN,
2646 .delta_type = NETR_DELTA_USER,
2649 .expected_error = NT_STATUS_OK,
2650 .expected_num_results = 1,
2651 .expected_delta_type_1 = NETR_DELTA_DELETE_USER,
2652 .comment = "NETR_DELTA_USER by sid and flags"
2656 .flags = NETR_CHANGELOG_SID_INCLUDED,
2657 .db_index = SAM_DATABASE_DOMAIN,
2658 .delta_type = NETR_DELTA_USER,
2661 .expected_error = NT_STATUS_OK,
2662 .expected_num_results = 1,
2663 .expected_delta_type_1 = NETR_DELTA_DELETE_USER,
2664 .comment = "NETR_DELTA_USER by null_sid and flags"
2668 .flags = NETR_CHANGELOG_NAME_INCLUDED,
2669 .db_index = SAM_DATABASE_DOMAIN,
2670 .delta_type = NETR_DELTA_USER,
2672 .name = "administrator",
2673 .expected_error = NT_STATUS_OK,
2674 .expected_num_results = 1,
2675 .expected_delta_type_1 = NETR_DELTA_DELETE_USER,
2676 .comment = "NETR_DELTA_USER by name 'administrator'"
2679 .rid = DOMAIN_RID_ADMINS,
2681 .db_index = SAM_DATABASE_DOMAIN,
2682 .delta_type = NETR_DELTA_GROUP,
2685 .expected_error = NT_STATUS_OK,
2686 .expected_num_results = 2,
2687 .expected_delta_type_1 = NETR_DELTA_GROUP,
2688 .expected_delta_type_2 = NETR_DELTA_GROUP_MEMBER,
2689 .comment = "NETR_DELTA_GROUP by rid 512"
2692 .rid = DOMAIN_RID_ADMINS,
2694 .db_index = SAM_DATABASE_DOMAIN,
2695 .delta_type = NETR_DELTA_GROUP_MEMBER,
2698 .expected_error = NT_STATUS_OK,
2699 .expected_num_results = 2,
2700 .expected_delta_type_1 = NETR_DELTA_GROUP,
2701 .expected_delta_type_2 = NETR_DELTA_GROUP_MEMBER,
2702 .comment = "NETR_DELTA_GROUP_MEMBER by rid 512"
2706 /* SAM_DATABASE_BUILTIN */
2711 .db_index = SAM_DATABASE_BUILTIN,
2712 .delta_type = NETR_DELTA_MODIFY_COUNT,
2715 .expected_error = NT_STATUS_SYNCHRONIZATION_REQUIRED,
2716 .expected_num_results = 0,
2717 .comment = "NETR_DELTA_MODIFY_COUNT"
2722 .db_index = SAM_DATABASE_BUILTIN,
2723 .delta_type = NETR_DELTA_DOMAIN,
2726 .expected_error = NT_STATUS_OK,
2727 .expected_num_results = 1,
2728 .expected_delta_type_1 = NETR_DELTA_DOMAIN,
2729 .comment = "NETR_DELTA_DOMAIN"
2732 .rid = DOMAIN_RID_ADMINISTRATOR,
2734 .db_index = SAM_DATABASE_BUILTIN,
2735 .delta_type = NETR_DELTA_USER,
2738 .expected_error = NT_STATUS_OK,
2739 .expected_num_results = 1,
2740 .expected_delta_type_1 = NETR_DELTA_DELETE_USER,
2741 .comment = "NETR_DELTA_USER by rid 500"
2746 .db_index = SAM_DATABASE_BUILTIN,
2747 .delta_type = NETR_DELTA_USER,
2750 .expected_error = NT_STATUS_OK,
2751 .expected_num_results = 1,
2752 .expected_delta_type_1 = NETR_DELTA_DELETE_USER,
2753 .comment = "NETR_DELTA_USER"
2758 .db_index = SAM_DATABASE_BUILTIN,
2759 .delta_type = NETR_DELTA_ALIAS,
2762 .expected_error = NT_STATUS_OK,
2763 .expected_num_results = 2,
2764 .expected_delta_type_1 = NETR_DELTA_ALIAS,
2765 .expected_delta_type_2 = NETR_DELTA_ALIAS_MEMBER,
2766 .comment = "NETR_DELTA_ALIAS by rid 544"
2771 .db_index = SAM_DATABASE_BUILTIN,
2772 .delta_type = NETR_DELTA_ALIAS_MEMBER,
2775 .expected_error = NT_STATUS_OK,
2776 .expected_num_results = 2,
2777 .expected_delta_type_1 = NETR_DELTA_ALIAS,
2778 .expected_delta_type_2 = NETR_DELTA_ALIAS_MEMBER,
2779 .comment = "NETR_DELTA_ALIAS_MEMBER by rid 544"
2784 .db_index = SAM_DATABASE_BUILTIN,
2788 .expected_error = NT_STATUS_OK,
2789 .expected_num_results = 1,
2790 .expected_delta_type_1 = NETR_DELTA_DOMAIN,
2791 .comment = "NULL DELTA by rid 544"
2795 .flags = NETR_CHANGELOG_SID_INCLUDED,
2796 .db_index = SAM_DATABASE_BUILTIN,
2798 .sid = *dom_sid_parse_talloc(tctx, "S-1-5-32-544"),
2800 .expected_error = NT_STATUS_OK,
2801 .expected_num_results = 1,
2802 .expected_delta_type_1 = NETR_DELTA_DOMAIN,
2803 .comment = "NULL DELTA by rid 544 sid S-1-5-32-544 and flags"
2807 .flags = NETR_CHANGELOG_SID_INCLUDED,
2808 .db_index = SAM_DATABASE_BUILTIN,
2809 .delta_type = NETR_DELTA_ALIAS,
2810 .sid = *dom_sid_parse_talloc(tctx, "S-1-5-32-544"),
2812 .expected_error = NT_STATUS_OK,
2813 .expected_num_results = 2,
2814 .expected_delta_type_1 = NETR_DELTA_ALIAS,
2815 .expected_delta_type_2 = NETR_DELTA_ALIAS_MEMBER,
2816 .comment = "NETR_DELTA_ALIAS by rid 544 and sid S-1-5-32-544 and flags"
2820 .flags = NETR_CHANGELOG_SID_INCLUDED,
2821 .db_index = SAM_DATABASE_BUILTIN,
2822 .delta_type = NETR_DELTA_ALIAS,
2823 .sid = *dom_sid_parse_talloc(tctx, "S-1-5-32-544"),
2825 .expected_error = NT_STATUS_OK,
2826 .expected_num_results = 1,
2827 .expected_delta_type_1 = NETR_DELTA_DELETE_ALIAS,
2828 .comment = "NETR_DELTA_ALIAS by sid S-1-5-32-544 and flags"
2831 /* SAM_DATABASE_PRIVS */
2836 .db_index = SAM_DATABASE_PRIVS,
2840 .expected_error = NT_STATUS_ACCESS_DENIED,
2841 .expected_num_results = 0,
2842 .comment = "NULL DELTA"
2847 .db_index = SAM_DATABASE_PRIVS,
2848 .delta_type = NETR_DELTA_MODIFY_COUNT,
2851 .expected_error = NT_STATUS_SYNCHRONIZATION_REQUIRED,
2852 .expected_num_results = 0,
2853 .comment = "NETR_DELTA_MODIFY_COUNT"
2858 .db_index = SAM_DATABASE_PRIVS,
2859 .delta_type = NETR_DELTA_POLICY,
2862 .expected_error = NT_STATUS_OK,
2863 .expected_num_results = 1,
2864 .expected_delta_type_1 = NETR_DELTA_POLICY,
2865 .comment = "NETR_DELTA_POLICY"
2869 .flags = NETR_CHANGELOG_SID_INCLUDED,
2870 .db_index = SAM_DATABASE_PRIVS,
2871 .delta_type = NETR_DELTA_POLICY,
2874 .expected_error = NT_STATUS_OK,
2875 .expected_num_results = 1,
2876 .expected_delta_type_1 = NETR_DELTA_POLICY,
2877 .comment = "NETR_DELTA_POLICY by null sid and flags"
2881 .flags = NETR_CHANGELOG_SID_INCLUDED,
2882 .db_index = SAM_DATABASE_PRIVS,
2883 .delta_type = NETR_DELTA_POLICY,
2884 .sid = *dom_sid_parse_talloc(tctx, "S-1-5-32"),
2886 .expected_error = NT_STATUS_OK,
2887 .expected_num_results = 1,
2888 .expected_delta_type_1 = NETR_DELTA_POLICY,
2889 .comment = "NETR_DELTA_POLICY by sid S-1-5-32 and flags"
2892 .rid = DOMAIN_RID_ADMINISTRATOR,
2894 .db_index = SAM_DATABASE_PRIVS,
2895 .delta_type = NETR_DELTA_ACCOUNT,
2898 .expected_error = NT_STATUS_SYNCHRONIZATION_REQUIRED, /* strange */
2899 .expected_num_results = 0,
2900 .comment = "NETR_DELTA_ACCOUNT by rid 500"
2904 .flags = NETR_CHANGELOG_SID_INCLUDED,
2905 .db_index = SAM_DATABASE_PRIVS,
2906 .delta_type = NETR_DELTA_ACCOUNT,
2907 .sid = *dom_sid_parse_talloc(tctx, "S-1-1-0"),
2909 .expected_error = NT_STATUS_OK,
2910 .expected_num_results = 1,
2911 .expected_delta_type_1 = NETR_DELTA_ACCOUNT,
2912 .comment = "NETR_DELTA_ACCOUNT by sid S-1-1-0 and flags"
2916 .flags = NETR_CHANGELOG_SID_INCLUDED |
2917 NETR_CHANGELOG_IMMEDIATE_REPL_REQUIRED,
2918 .db_index = SAM_DATABASE_PRIVS,
2919 .delta_type = NETR_DELTA_ACCOUNT,
2920 .sid = *dom_sid_parse_talloc(tctx, "S-1-1-0"),
2922 .expected_error = NT_STATUS_OK,
2923 .expected_num_results = 1,
2924 .expected_delta_type_1 = NETR_DELTA_ACCOUNT,
2925 .comment = "NETR_DELTA_ACCOUNT by sid S-1-1-0 and 2 flags"
2929 .flags = NETR_CHANGELOG_SID_INCLUDED |
2930 NETR_CHANGELOG_NAME_INCLUDED,
2931 .db_index = SAM_DATABASE_PRIVS,
2932 .delta_type = NETR_DELTA_ACCOUNT,
2933 .sid = *dom_sid_parse_talloc(tctx, "S-1-1-0"),
2935 .expected_error = NT_STATUS_INVALID_PARAMETER,
2936 .expected_num_results = 0,
2937 .comment = "NETR_DELTA_ACCOUNT by sid S-1-1-0 and invalid flags"
2940 .rid = DOMAIN_RID_ADMINISTRATOR,
2941 .flags = NETR_CHANGELOG_SID_INCLUDED,
2942 .db_index = SAM_DATABASE_PRIVS,
2943 .delta_type = NETR_DELTA_ACCOUNT,
2946 .expected_error = NT_STATUS_OK,
2947 .expected_num_results = 1,
2948 .expected_delta_type_1 = NETR_DELTA_DELETE_ACCOUNT,
2949 .comment = "NETR_DELTA_ACCOUNT by rid 500, sid and flags"
2953 .flags = NETR_CHANGELOG_NAME_INCLUDED,
2954 .db_index = SAM_DATABASE_PRIVS,
2955 .delta_type = NETR_DELTA_SECRET,
2957 .name = "IsurelydontexistIhope",
2958 .expected_error = NT_STATUS_OK,
2959 .expected_num_results = 1,
2960 .expected_delta_type_1 = NETR_DELTA_DELETE_SECRET,
2961 .comment = "NETR_DELTA_SECRET by name 'IsurelydontexistIhope' and flags"
2965 .flags = NETR_CHANGELOG_NAME_INCLUDED,
2966 .db_index = SAM_DATABASE_PRIVS,
2967 .delta_type = NETR_DELTA_SECRET,
2969 .name = "G$BCKUPKEY_P",
2970 .expected_error = NT_STATUS_OK,
2971 .expected_num_results = 1,
2972 .expected_delta_type_1 = NETR_DELTA_SECRET,
2973 .comment = "NETR_DELTA_SECRET by name 'G$BCKUPKEY_P' and flags"
2977 ZERO_STRUCT(return_authenticator);
2979 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
2980 r.in.computername = TEST_MACHINE_NAME;
2981 r.in.return_authenticator = &return_authenticator;
2982 r.out.return_authenticator = &return_authenticator;
2983 r.out.delta_enum_array = &delta_enum_array;
2985 for (d=0; d<3; d++) {
2986 const char *database = NULL;
2993 database = "BUILTIN";
3002 torture_comment(tctx, "Testing DatabaseRedo\n");
3004 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
3008 for (i=0;i<ARRAY_SIZE(changes);i++) {
3010 if (d != changes[i].db_index) {
3014 netlogon_creds_client_authenticator(creds, &credential);
3016 r.in.credential = &credential;
3018 e.serial_number1 = 0;
3019 e.serial_number2 = 0;
3020 e.object_rid = changes[i].rid;
3021 e.flags = changes[i].flags;
3022 e.db_index = changes[i].db_index;
3023 e.delta_type = changes[i].delta_type;
3025 switch (changes[i].flags & (NETR_CHANGELOG_NAME_INCLUDED | NETR_CHANGELOG_SID_INCLUDED)) {
3026 case NETR_CHANGELOG_SID_INCLUDED:
3027 e.object.object_sid = changes[i].sid;
3029 case NETR_CHANGELOG_NAME_INCLUDED:
3030 e.object.object_name = changes[i].name;
3036 r.in.change_log_entry = e;
3038 torture_comment(tctx, "Testing DatabaseRedo with database %s and %s\n",
3039 database, changes[i].comment);
3041 torture_assert_ntstatus_ok(tctx, dcerpc_netr_DatabaseRedo_r(b, tctx, &r),
3042 "DatabaseRedo failed");
3043 if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_NOT_SUPPORTED)) {
3047 torture_assert_ntstatus_equal(tctx, r.out.result, changes[i].expected_error, changes[i].comment);
3048 if (delta_enum_array) {
3049 torture_assert_int_equal(tctx,
3050 delta_enum_array->num_deltas,
3051 changes[i].expected_num_results,
3052 changes[i].comment);
3053 if (delta_enum_array->num_deltas > 0) {
3054 torture_assert_int_equal(tctx,
3055 delta_enum_array->delta_enum[0].delta_type,
3056 changes[i].expected_delta_type_1,
3057 changes[i].comment);
3059 if (delta_enum_array->num_deltas > 1) {
3060 torture_assert_int_equal(tctx,
3061 delta_enum_array->delta_enum[1].delta_type,
3062 changes[i].expected_delta_type_2,
3063 changes[i].comment);
3067 if (!netlogon_creds_client_check(creds, &return_authenticator.cred)) {
3068 torture_comment(tctx, "Credential chaining failed\n");
3069 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
3081 try a netlogon AccountDeltas
3083 static bool test_AccountDeltas(struct torture_context *tctx,
3084 struct dcerpc_pipe *p,
3085 struct cli_credentials *machine_credentials)
3087 struct netr_AccountDeltas r;
3088 struct netlogon_creds_CredentialState *creds;
3090 struct netr_AccountBuffer buffer;
3091 uint32_t count_returned = 0;
3092 uint32_t total_entries = 0;
3093 struct netr_UAS_INFO_0 recordid;
3094 struct netr_Authenticator return_authenticator;
3095 struct dcerpc_binding_handle *b = p->binding_handle;
3097 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
3101 ZERO_STRUCT(return_authenticator);
3103 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
3104 r.in.computername = TEST_MACHINE_NAME;
3105 r.in.return_authenticator = &return_authenticator;
3106 netlogon_creds_client_authenticator(creds, &r.in.credential);
3107 ZERO_STRUCT(r.in.uas);
3110 r.in.buffersize=100;
3111 r.out.buffer = &buffer;
3112 r.out.count_returned = &count_returned;
3113 r.out.total_entries = &total_entries;
3114 r.out.recordid = &recordid;
3115 r.out.return_authenticator = &return_authenticator;
3117 /* w2k3 returns "NOT IMPLEMENTED" for this call */
3118 torture_assert_ntstatus_ok(tctx, dcerpc_netr_AccountDeltas_r(b, tctx, &r),
3119 "AccountDeltas failed");
3120 torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_NOT_IMPLEMENTED, "AccountDeltas");
3126 try a netlogon AccountSync
3128 static bool test_AccountSync(struct torture_context *tctx, struct dcerpc_pipe *p,
3129 struct cli_credentials *machine_credentials)
3131 struct netr_AccountSync r;
3132 struct netlogon_creds_CredentialState *creds;
3134 struct netr_AccountBuffer buffer;
3135 uint32_t count_returned = 0;
3136 uint32_t total_entries = 0;
3137 uint32_t next_reference = 0;
3138 struct netr_UAS_INFO_0 recordid;
3139 struct netr_Authenticator return_authenticator;
3140 struct dcerpc_binding_handle *b = p->binding_handle;
3142 ZERO_STRUCT(recordid);
3143 ZERO_STRUCT(return_authenticator);
3145 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
3149 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
3150 r.in.computername = TEST_MACHINE_NAME;
3151 r.in.return_authenticator = &return_authenticator;
3152 netlogon_creds_client_authenticator(creds, &r.in.credential);
3153 r.in.recordid = &recordid;
3156 r.in.buffersize=100;
3157 r.out.buffer = &buffer;
3158 r.out.count_returned = &count_returned;
3159 r.out.total_entries = &total_entries;
3160 r.out.next_reference = &next_reference;
3161 r.out.recordid = &recordid;
3162 r.out.return_authenticator = &return_authenticator;
3164 /* w2k3 returns "NOT IMPLEMENTED" for this call */
3165 torture_assert_ntstatus_ok(tctx, dcerpc_netr_AccountSync_r(b, tctx, &r),
3166 "AccountSync failed");
3167 torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_NOT_IMPLEMENTED, "AccountSync");
3173 try a netlogon GetDcName
3175 static bool test_GetDcName(struct torture_context *tctx,
3176 struct dcerpc_pipe *p)
3178 struct netr_GetDcName r;
3179 const char *dcname = NULL;
3180 struct dcerpc_binding_handle *b = p->binding_handle;
3182 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
3183 r.in.domainname = lpcfg_workgroup(tctx->lp_ctx);
3184 r.out.dcname = &dcname;
3186 torture_assert_ntstatus_ok(tctx, dcerpc_netr_GetDcName_r(b, tctx, &r),
3187 "GetDcName failed");
3188 torture_assert_werr_ok(tctx, r.out.result, "GetDcName failed");
3190 torture_comment(tctx, "\tDC is at '%s'\n", dcname);
3195 static const char *function_code_str(TALLOC_CTX *mem_ctx,
3196 enum netr_LogonControlCode function_code)
3198 switch (function_code) {
3199 case NETLOGON_CONTROL_QUERY:
3200 return "NETLOGON_CONTROL_QUERY";
3201 case NETLOGON_CONTROL_REPLICATE:
3202 return "NETLOGON_CONTROL_REPLICATE";
3203 case NETLOGON_CONTROL_SYNCHRONIZE:
3204 return "NETLOGON_CONTROL_SYNCHRONIZE";
3205 case NETLOGON_CONTROL_PDC_REPLICATE:
3206 return "NETLOGON_CONTROL_PDC_REPLICATE";
3207 case NETLOGON_CONTROL_REDISCOVER:
3208 return "NETLOGON_CONTROL_REDISCOVER";
3209 case NETLOGON_CONTROL_TC_QUERY:
3210 return "NETLOGON_CONTROL_TC_QUERY";
3211 case NETLOGON_CONTROL_TRANSPORT_NOTIFY:
3212 return "NETLOGON_CONTROL_TRANSPORT_NOTIFY";
3213 case NETLOGON_CONTROL_FIND_USER:
3214 return "NETLOGON_CONTROL_FIND_USER";
3215 case NETLOGON_CONTROL_CHANGE_PASSWORD:
3216 return "NETLOGON_CONTROL_CHANGE_PASSWORD";
3217 case NETLOGON_CONTROL_TC_VERIFY:
3218 return "NETLOGON_CONTROL_TC_VERIFY";
3219 case NETLOGON_CONTROL_FORCE_DNS_REG:
3220 return "NETLOGON_CONTROL_FORCE_DNS_REG";
3221 case NETLOGON_CONTROL_QUERY_DNS_REG:
3222 return "NETLOGON_CONTROL_QUERY_DNS_REG";
3223 case NETLOGON_CONTROL_BACKUP_CHANGE_LOG:
3224 return "NETLOGON_CONTROL_BACKUP_CHANGE_LOG";
3225 case NETLOGON_CONTROL_TRUNCATE_LOG:
3226 return "NETLOGON_CONTROL_TRUNCATE_LOG";
3227 case NETLOGON_CONTROL_SET_DBFLAG:
3228 return "NETLOGON_CONTROL_SET_DBFLAG";
3229 case NETLOGON_CONTROL_BREAKPOINT:
3230 return "NETLOGON_CONTROL_BREAKPOINT";
3232 return talloc_asprintf(mem_ctx, "unknown function code: %d",
3239 try a netlogon LogonControl
3241 static bool test_LogonControl(struct torture_context *tctx,
3242 struct dcerpc_pipe *p,
3243 struct cli_credentials *machine_credentials)
3247 struct netr_LogonControl r;
3248 union netr_CONTROL_QUERY_INFORMATION query;
3250 enum netr_SchannelType secure_channel_type = SEC_CHAN_NULL;
3251 struct dcerpc_binding_handle *b = p->binding_handle;
3253 uint32_t function_codes[] = {
3254 NETLOGON_CONTROL_QUERY,
3255 NETLOGON_CONTROL_REPLICATE,
3256 NETLOGON_CONTROL_SYNCHRONIZE,
3257 NETLOGON_CONTROL_PDC_REPLICATE,
3258 NETLOGON_CONTROL_REDISCOVER,
3259 NETLOGON_CONTROL_TC_QUERY,
3260 NETLOGON_CONTROL_TRANSPORT_NOTIFY,
3261 NETLOGON_CONTROL_FIND_USER,
3262 NETLOGON_CONTROL_CHANGE_PASSWORD,
3263 NETLOGON_CONTROL_TC_VERIFY,
3264 NETLOGON_CONTROL_FORCE_DNS_REG,
3265 NETLOGON_CONTROL_QUERY_DNS_REG,
3266 NETLOGON_CONTROL_BACKUP_CHANGE_LOG,
3267 NETLOGON_CONTROL_TRUNCATE_LOG,
3268 NETLOGON_CONTROL_SET_DBFLAG,
3269 NETLOGON_CONTROL_BREAKPOINT
3272 if (machine_credentials) {
3273 secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
3276 torture_comment(tctx, "Testing LogonControl with secure channel type: %d\n",
3277 secure_channel_type);
3279 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
3280 r.in.function_code = 1;
3281 r.out.query = &query;
3283 for (f=0;f<ARRAY_SIZE(function_codes); f++) {
3286 r.in.function_code = function_codes[f];
3289 torture_comment(tctx, "Testing LogonControl function code %s (%d) level %d\n",
3290 function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
3292 status = dcerpc_netr_LogonControl_r(b, tctx, &r);
3293 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
3295 switch (r.in.level) {
3297 switch (r.in.function_code) {
3298 case NETLOGON_CONTROL_REPLICATE:
3299 case NETLOGON_CONTROL_SYNCHRONIZE:
3300 case NETLOGON_CONTROL_PDC_REPLICATE:
3301 case NETLOGON_CONTROL_BREAKPOINT:
3302 case NETLOGON_CONTROL_BACKUP_CHANGE_LOG:
3303 if ((secure_channel_type == SEC_CHAN_BDC) ||
3304 (secure_channel_type == SEC_CHAN_WKSTA)) {
3305 torture_assert_werr_equal(tctx, r.out.result, WERR_ACCESS_DENIED,
3306 "LogonControl returned unexpected error code");
3308 torture_assert_werr_equal(tctx, r.out.result, WERR_NOT_SUPPORTED,
3309 "LogonControl returned unexpected error code");
3313 case NETLOGON_CONTROL_REDISCOVER:
3314 case NETLOGON_CONTROL_TC_QUERY:
3315 case NETLOGON_CONTROL_TRANSPORT_NOTIFY:
3316 case NETLOGON_CONTROL_FIND_USER:
3317 case NETLOGON_CONTROL_CHANGE_PASSWORD:
3318 case NETLOGON_CONTROL_TC_VERIFY:
3319 case NETLOGON_CONTROL_FORCE_DNS_REG:
3320 case NETLOGON_CONTROL_QUERY_DNS_REG:
3321 case NETLOGON_CONTROL_SET_DBFLAG:
3322 torture_assert_werr_equal(tctx, r.out.result, WERR_NOT_SUPPORTED,
3323 "LogonControl returned unexpected error code");
3325 case NETLOGON_CONTROL_TRUNCATE_LOG:
3326 if ((secure_channel_type == SEC_CHAN_BDC) ||
3327 (secure_channel_type == SEC_CHAN_WKSTA)) {
3328 torture_assert_werr_equal(tctx, r.out.result, WERR_ACCESS_DENIED,
3329 "LogonControl returned unexpected error code");
3330 } else if (!W_ERROR_EQUAL(r.out.result, WERR_NOT_SUPPORTED)) {
3331 torture_assert_werr_ok(tctx, r.out.result,
3332 "LogonControl returned unexpected result");
3336 torture_assert_werr_ok(tctx, r.out.result,
3337 "LogonControl returned unexpected result");
3342 torture_assert_werr_equal(tctx, r.out.result, WERR_NOT_SUPPORTED,
3343 "LogonControl returned unexpected error code");
3346 torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_LEVEL,
3347 "LogonControl returned unexpected error code");
3354 torture_comment(tctx, "Testing LogonControl function code %s (%d) level %d\n",
3355 function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
3356 status = dcerpc_netr_LogonControl_r(b, tctx, &r);
3357 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
3358 torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_LEVEL, "LogonControl");
3365 try a netlogon GetAnyDCName
3367 static bool test_GetAnyDCName(struct torture_context *tctx,
3368 struct dcerpc_pipe *p)
3371 struct netr_GetAnyDCName r;
3372 const char *dcname = NULL;
3373 struct dcerpc_binding_handle *b = p->binding_handle;
3375 r.in.domainname = lpcfg_workgroup(tctx->lp_ctx);
3376 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
3377 r.out.dcname = &dcname;
3379 status = dcerpc_netr_GetAnyDCName_r(b, tctx, &r);
3380 torture_assert_ntstatus_ok(tctx, status, "GetAnyDCName");
3381 if ((!W_ERROR_IS_OK(r.out.result)) &&
3382 (!W_ERROR_EQUAL(r.out.result, WERR_NO_SUCH_DOMAIN))) {
3387 torture_comment(tctx, "\tDC is at '%s'\n", dcname);
3390 r.in.domainname = NULL;
3392 status = dcerpc_netr_GetAnyDCName_r(b, tctx, &r);
3393 torture_assert_ntstatus_ok(tctx, status, "GetAnyDCName");
3394 if ((!W_ERROR_IS_OK(r.out.result)) &&
3395 (!W_ERROR_EQUAL(r.out.result, WERR_NO_SUCH_DOMAIN))) {
3399 r.in.domainname = "";
3401 status = dcerpc_netr_GetAnyDCName_r(b, tctx, &r);
3402 torture_assert_ntstatus_ok(tctx, status, "GetAnyDCName");
3403 if ((!W_ERROR_IS_OK(r.out.result)) &&
3404 (!W_ERROR_EQUAL(r.out.result, WERR_NO_SUCH_DOMAIN))) {
3413 try a netlogon LogonControl2
3415 static bool test_LogonControl2(struct torture_context *tctx,
3416 struct dcerpc_pipe *p,
3417 struct cli_credentials *machine_credentials)
3421 struct netr_LogonControl2 r;
3422 union netr_CONTROL_DATA_INFORMATION data;
3423 union netr_CONTROL_QUERY_INFORMATION query;
3424 enum netr_SchannelType secure_channel_type = SEC_CHAN_NULL;
3426 struct dcerpc_binding_handle *b = p->binding_handle;
3428 data.domain = lpcfg_workgroup(tctx->lp_ctx);
3430 if (machine_credentials) {
3431 secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
3434 torture_comment(tctx, "Testing LogonControl2 with secure channel type: %d\n",
3435 secure_channel_type);
3437 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
3439 r.in.function_code = NETLOGON_CONTROL_REDISCOVER;
3441 r.out.query = &query;
3446 torture_comment(tctx, "Testing LogonControl2 function code %s (%d) level %d\n",
3447 function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
3449 status = dcerpc_netr_LogonControl2_r(b, tctx, &r);
3450 torture_assert_ntstatus_ok(tctx, status, "LogonControl2");
3453 data.domain = lpcfg_workgroup(tctx->lp_ctx);
3455 r.in.function_code = NETLOGON_CONTROL_TC_QUERY;
3461 torture_comment(tctx, "Testing LogonControl2 function code %s (%d) level %d\n",
3462 function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
3464 status = dcerpc_netr_LogonControl2_r(b, tctx, &r);
3465 torture_assert_ntstatus_ok(tctx, status, "LogonControl2");
3468 data.domain = lpcfg_workgroup(tctx->lp_ctx);
3470 r.in.function_code = NETLOGON_CONTROL_TRANSPORT_NOTIFY;
3476 torture_comment(tctx, "Testing LogonControl2 function code %s (%d) level %d\n",
3477 function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
3479 status = dcerpc_netr_LogonControl2_r(b, tctx, &r);
3480 torture_assert_ntstatus_ok(tctx, status, "LogonControl2");
3483 data.debug_level = ~0;
3485 r.in.function_code = NETLOGON_CONTROL_SET_DBFLAG;
3491 torture_comment(tctx, "Testing LogonControl2 function code %s (%d) level %d\n",
3492 function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
3494 status = dcerpc_netr_LogonControl2_r(b, tctx, &r);
3495 torture_assert_ntstatus_ok(tctx, status, "LogonControl2");
3499 r.in.function_code = 52;
3502 torture_comment(tctx, "Testing LogonControl2 function code %s (%d) level %d\n",
3503 function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
3505 status = dcerpc_netr_LogonControl2_r(b, tctx, &r);
3506 torture_assert_ntstatus_ok(tctx, status, "LogonControl2");
3507 switch (secure_channel_type) {
3509 torture_assert_werr_equal(tctx, r.out.result, WERR_NOT_SUPPORTED, "LogonControl2");
3512 torture_assert_werr_equal(tctx, r.out.result, WERR_ACCESS_DENIED, "LogonControl2");
3515 data.debug_level = ~0;
3517 r.in.function_code = NETLOGON_CONTROL_SET_DBFLAG;
3521 torture_comment(tctx, "Testing LogonControl2 function code %s (%d) level %d\n",
3522 function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
3524 status = dcerpc_netr_LogonControl2_r(b, tctx, &r);
3525 torture_assert_ntstatus_ok(tctx, status, "LogonControl2");
3526 torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_LEVEL, "LogonControl2");
3532 try a netlogon DatabaseSync2
3534 static bool test_DatabaseSync2(struct torture_context *tctx,
3535 struct dcerpc_pipe *p,
3536 struct cli_credentials *machine_credentials)
3538 struct netr_DatabaseSync2 r;
3539 struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
3540 struct netr_Authenticator return_authenticator, credential;
3542 struct netlogon_creds_CredentialState *creds;
3543 const uint32_t database_ids[] = {0, 1, 2};
3545 struct dcerpc_binding_handle *b = p->binding_handle;
3547 if (!test_SetupCredentials2(p, tctx, NETLOGON_NEG_AUTH2_FLAGS,
3548 machine_credentials,
3549 cli_credentials_get_secure_channel_type(machine_credentials),
3554 ZERO_STRUCT(return_authenticator);
3556 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
3557 r.in.computername = TEST_MACHINE_NAME;
3558 r.in.preferredmaximumlength = (uint32_t)-1;
3559 r.in.return_authenticator = &return_authenticator;
3560 r.out.return_authenticator = &return_authenticator;
3561 r.out.delta_enum_array = &delta_enum_array;
3563 for (i=0;i<ARRAY_SIZE(database_ids);i++) {
3565 uint32_t sync_context = 0;
3567 r.in.database_id = database_ids[i];
3568 r.in.sync_context = &sync_context;
3569 r.out.sync_context = &sync_context;
3570 r.in.restart_state = 0;
3572 torture_comment(tctx, "Testing DatabaseSync2 of id %d\n", r.in.database_id);
3575 netlogon_creds_client_authenticator(creds, &credential);
3577 r.in.credential = &credential;
3579 torture_assert_ntstatus_ok(tctx, dcerpc_netr_DatabaseSync2_r(b, tctx, &r),
3580 "DatabaseSync2 failed");
3581 if (NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES))
3584 /* Native mode servers don't do this */
3585 if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_NOT_SUPPORTED)) {
3589 torture_assert_ntstatus_ok(tctx, r.out.result, "DatabaseSync2");
3591 if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
3592 torture_comment(tctx, "Credential chaining failed\n");
3595 } while (NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES));
3603 try a netlogon LogonControl2Ex
3605 static bool test_LogonControl2Ex(struct torture_context *tctx,
3606 struct dcerpc_pipe *p,
3607 struct cli_credentials *machine_credentials)
3611 struct netr_LogonControl2Ex r;
3612 union netr_CONTROL_DATA_INFORMATION data;
3613 union netr_CONTROL_QUERY_INFORMATION query;
3614 enum netr_SchannelType secure_channel_type = SEC_CHAN_NULL;
3616 struct dcerpc_binding_handle *b = p->binding_handle;
3618 data.domain = lpcfg_workgroup(tctx->lp_ctx);
3620 if (machine_credentials) {
3621 secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
3624 torture_comment(tctx, "Testing LogonControl2Ex with secure channel type: %d\n",
3625 secure_channel_type);
3627 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
3629 r.in.function_code = NETLOGON_CONTROL_REDISCOVER;
3631 r.out.query = &query;
3636 torture_comment(tctx, "Testing LogonControl2Ex function code %s (%d) level %d\n",
3637 function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
3639 status = dcerpc_netr_LogonControl2Ex_r(b, tctx, &r);
3640 torture_assert_ntstatus_ok(tctx, status, "LogonControl2Ex");
3643 data.domain = lpcfg_workgroup(tctx->lp_ctx);
3645 r.in.function_code = NETLOGON_CONTROL_TC_QUERY;
3651 torture_comment(tctx, "Testing LogonControl2Ex function code %s (%d) level %d\n",
3652 function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
3654 status = dcerpc_netr_LogonControl2Ex_r(b, tctx, &r);
3655 torture_assert_ntstatus_ok(tctx, status, "LogonControl2Ex");
3658 data.domain = lpcfg_workgroup(tctx->lp_ctx);
3660 r.in.function_code = NETLOGON_CONTROL_TRANSPORT_NOTIFY;
3666 torture_comment(tctx, "Testing LogonControl2Ex function code %s (%d) level %d\n",
3667 function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
3669 status = dcerpc_netr_LogonControl2Ex_r(b, tctx, &r);
3670 torture_assert_ntstatus_ok(tctx, status, "LogonControl2Ex");
3673 data.debug_level = ~0;
3675 r.in.function_code = NETLOGON_CONTROL_SET_DBFLAG;
3681 torture_comment(tctx, "Testing LogonControl2Ex function code %s (%d) level %d\n",
3682 function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
3684 status = dcerpc_netr_LogonControl2Ex_r(b, tctx, &r);
3685 torture_assert_ntstatus_ok(tctx, status, "LogonControl2Ex");
3689 r.in.function_code = 52;
3692 torture_comment(tctx, "Testing LogonControl2Ex function code %s (%d) level %d\n",
3693 function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
3695 status = dcerpc_netr_LogonControl2Ex_r(b, tctx, &r);
3696 torture_assert_ntstatus_ok(tctx, status, "LogonControl2Ex");
3697 switch (secure_channel_type) {
3699 torture_assert_werr_equal(tctx, r.out.result, WERR_NOT_SUPPORTED, "LogonControl2Ex");
3702 torture_assert_werr_equal(tctx, r.out.result, WERR_ACCESS_DENIED, "LogonControl2Ex");
3705 data.debug_level = ~0;
3707 r.in.function_code = NETLOGON_CONTROL_SET_DBFLAG;
3711 torture_comment(tctx, "Testing LogonControl2Ex function code %s (%d) level %d\n",
3712 function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
3714 status = dcerpc_netr_LogonControl2Ex_r(b, tctx, &r);
3715 torture_assert_ntstatus_ok(tctx, status, "LogonControl2Ex");
3716 torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_LEVEL, "LogonControl2Ex");
3721 static bool test_netr_GetForestTrustInformation(struct torture_context *tctx,
3722 struct dcerpc_pipe *p1,
3723 struct cli_credentials *machine_credentials)
3725 struct netr_GetForestTrustInformation r;
3726 struct netlogon_creds_CredentialState *creds;
3727 struct netr_Authenticator a;
3728 struct netr_Authenticator return_authenticator;
3729 struct lsa_ForestTrustInformation *forest_trust_info;
3730 struct dcerpc_pipe *p = NULL;
3731 struct dcerpc_binding_handle *b = NULL;
3733 if (!test_SetupCredentials3(p1, tctx, NETLOGON_NEG_AUTH2_ADS_FLAGS,
3734 machine_credentials, &creds)) {
3737 if (!test_SetupCredentialsPipe(p1, tctx, machine_credentials, creds,
3738 DCERPC_SIGN | DCERPC_SEAL, &p)) {
3741 b = p->binding_handle;
3743 netlogon_creds_client_authenticator(creds, &a);
3745 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
3746 r.in.computer_name = TEST_MACHINE_NAME;
3747 r.in.credential = &a;
3749 r.out.return_authenticator = &return_authenticator;
3750 r.out.forest_trust_info = &forest_trust_info;
3752 torture_assert_ntstatus_ok(tctx,
3753 dcerpc_netr_GetForestTrustInformation_r(b, tctx, &r),
3754 "netr_GetForestTrustInformation failed");
3755 if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_NOT_IMPLEMENTED)) {
3756 torture_comment(tctx, "not considering NT_STATUS_NOT_IMPLEMENTED as an error\n");
3758 torture_assert_ntstatus_ok(tctx, r.out.result,
3759 "netr_GetForestTrustInformation failed");
3762 torture_assert(tctx,
3763 netlogon_creds_client_check(creds, &return_authenticator.cred),
3764 "Credential chaining failed");
3769 static bool test_netr_DsRGetForestTrustInformation(struct torture_context *tctx,
3770 struct dcerpc_pipe *p, const char *trusted_domain_name)
3773 struct netr_DsRGetForestTrustInformation r;
3774 struct lsa_ForestTrustInformation info, *info_ptr;
3775 struct dcerpc_binding_handle *b = p->binding_handle;
3779 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
3780 r.in.trusted_domain_name = trusted_domain_name;
3782 r.out.forest_trust_info = &info_ptr;
3784 torture_comment(tctx ,"Testing netr_DsRGetForestTrustInformation\n");
3786 status = dcerpc_netr_DsRGetForestTrustInformation_r(b, tctx, &r);
3787 torture_assert_ntstatus_ok(tctx, status, "DsRGetForestTrustInformation");
3788 torture_assert_werr_ok(tctx, r.out.result, "DsRGetForestTrustInformation");
3794 try a netlogon netr_DsrEnumerateDomainTrusts
3796 static bool test_DsrEnumerateDomainTrusts(struct torture_context *tctx,
3797 struct dcerpc_pipe *p)
3800 struct netr_DsrEnumerateDomainTrusts r;
3801 struct netr_DomainTrustList trusts;
3803 struct dcerpc_binding_handle *b = p->binding_handle;
3805 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
3806 r.in.trust_flags = 0x3f;
3807 r.out.trusts = &trusts;
3809 status = dcerpc_netr_DsrEnumerateDomainTrusts_r(b, tctx, &r);
3810 torture_assert_ntstatus_ok(tctx, status, "DsrEnumerateDomaintrusts");
3811 torture_assert_werr_ok(tctx, r.out.result, "DsrEnumerateDomaintrusts");
3813 /* when trusted_domain_name is NULL, netr_DsRGetForestTrustInformation
3814 * will show non-forest trusts and all UPN suffixes of the own forest
3815 * as LSA_FOREST_TRUST_TOP_LEVEL_NAME types */
3817 if (r.out.trusts->count) {
3818 if (!test_netr_DsRGetForestTrustInformation(tctx, p, NULL)) {
3823 for (i=0; i<r.out.trusts->count; i++) {
3825 /* get info for transitive forest trusts */
3827 if (r.out.trusts->array[i].trust_attributes & LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE) {
3828 if (!test_netr_DsRGetForestTrustInformation(tctx, p,
3829 r.out.trusts->array[i].dns_name)) {
3838 static bool test_netr_NetrEnumerateTrustedDomains(struct torture_context *tctx,
3839 struct dcerpc_pipe *p)
3842 struct netr_NetrEnumerateTrustedDomains r;
3843 struct netr_Blob trusted_domains_blob;
3844 struct dcerpc_binding_handle *b = p->binding_handle;
3846 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
3847 r.out.trusted_domains_blob = &trusted_domains_blob;
3849 status = dcerpc_netr_NetrEnumerateTrustedDomains_r(b, tctx, &r);
3850 torture_assert_ntstatus_ok(tctx, status, "netr_NetrEnumerateTrustedDomains");
3851 torture_assert_ntstatus_ok(tctx, r.out.result, "NetrEnumerateTrustedDomains");
3856 static bool test_netr_NetrEnumerateTrustedDomainsEx(struct torture_context *tctx,
3857 struct dcerpc_pipe *p)
3860 struct netr_NetrEnumerateTrustedDomainsEx r;
3861 struct netr_DomainTrustList dom_trust_list;
3862 struct dcerpc_binding_handle *b = p->binding_handle;
3864 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
3865 r.out.dom_trust_list = &dom_trust_list;
3867 status = dcerpc_netr_NetrEnumerateTrustedDomainsEx_r(b, tctx, &r);
3868 torture_assert_ntstatus_ok(tctx, status, "netr_NetrEnumerateTrustedDomainsEx");
3869 torture_assert_werr_ok(tctx, r.out.result, "NetrEnumerateTrustedDomainsEx");
3875 static bool test_netr_DsRGetSiteName(struct dcerpc_pipe *p, struct torture_context *tctx,
3876 const char *computer_name,
3877 const char *expected_site)
3880 struct netr_DsRGetSiteName r;
3881 const char *site = NULL;
3882 struct dcerpc_binding_handle *b = p->binding_handle;
3884 r.in.computer_name = computer_name;
3886 torture_comment(tctx, "Testing netr_DsRGetSiteName\n");
3888 status = dcerpc_netr_DsRGetSiteName_r(b, tctx, &r);
3889 torture_assert_ntstatus_ok(tctx, status, "DsRGetSiteName");
3890 torture_assert_werr_ok(tctx, r.out.result, "DsRGetSiteName");
3891 torture_assert_str_equal(tctx, expected_site, site, "netr_DsRGetSiteName");
3897 try a netlogon netr_DsRGetDCName
3899 static bool test_netr_DsRGetDCName(struct torture_context *tctx,
3900 struct dcerpc_pipe *p)
3903 struct netr_DsRGetDCName r;
3904 struct netr_DsRGetDCNameInfo *info = NULL;
3905 struct dcerpc_binding_handle *b = p->binding_handle;
3907 r.in.server_unc = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
3908 r.in.domain_name = lpcfg_dnsdomain(tctx->lp_ctx);
3909 r.in.domain_guid = NULL;
3910 r.in.site_guid = NULL;
3911 r.in.flags = DS_RETURN_DNS_NAME;
3914 status = dcerpc_netr_DsRGetDCName_r(b, tctx, &r);
3915 torture_assert_ntstatus_ok(tctx, status, "DsRGetDCName");
3916 torture_assert_werr_ok(tctx, r.out.result, "DsRGetDCName");
3918 torture_assert_int_equal(tctx,
3919 (info->dc_flags & (DS_DNS_CONTROLLER)),
3922 torture_assert_int_equal(tctx,
3923 (info->dc_flags & (DS_DNS_DOMAIN)),
3926 torture_assert_int_equal(tctx,
3927 (info->dc_flags & (DS_DNS_FOREST_ROOT)),
3931 r.in.domain_name = lpcfg_workgroup(tctx->lp_ctx);
3934 status = dcerpc_netr_DsRGetDCName_r(b, tctx, &r);
3935 torture_assert_ntstatus_ok(tctx, status, "DsRGetDCName");
3936 torture_assert_werr_ok(tctx, r.out.result, "DsRGetDCName");
3938 torture_assert_int_equal(tctx,
3939 (info->dc_flags & (DS_DNS_CONTROLLER)), 0,
3941 torture_assert_int_equal(tctx,
3942 (info->dc_flags & (DS_DNS_DOMAIN)), 0,
3944 torture_assert_int_equal(tctx,
3945 (info->dc_flags & (DS_DNS_FOREST_ROOT)),
3949 if (strcasecmp(info->dc_site_name, info->client_site_name) == 0) {
3950 torture_assert_int_equal(tctx,
3951 (info->dc_flags & (DS_SERVER_CLOSEST)),
3956 return test_netr_DsRGetSiteName(p, tctx,
3958 info->dc_site_name);
3962 try a netlogon netr_DsRGetDCNameEx
3964 static bool test_netr_DsRGetDCNameEx(struct torture_context *tctx,
3965 struct dcerpc_pipe *p)
3968 struct netr_DsRGetDCNameEx r;
3969 struct netr_DsRGetDCNameInfo *info = NULL;
3970 struct dcerpc_binding_handle *b = p->binding_handle;
3972 r.in.server_unc = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
3973 r.in.domain_name = lpcfg_dnsdomain(tctx->lp_ctx);
3974 r.in.domain_guid = NULL;
3975 r.in.site_name = NULL;
3976 r.in.flags = DS_RETURN_DNS_NAME;
3979 status = dcerpc_netr_DsRGetDCNameEx_r(b, tctx, &r);
3980 torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx");
3981 torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx");
3983 torture_assert_int_equal(tctx,
3984 (info->dc_flags & (DS_DNS_CONTROLLER)),
3987 torture_assert_int_equal(tctx,
3988 (info->dc_flags & (DS_DNS_DOMAIN)),
3991 torture_assert_int_equal(tctx,
3992 (info->dc_flags & (DS_DNS_FOREST_ROOT)),
3996 r.in.domain_name = lpcfg_workgroup(tctx->lp_ctx);
3999 status = dcerpc_netr_DsRGetDCNameEx_r(b, tctx, &r);
4000 torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx");
4001 torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx");
4003 torture_assert_int_equal(tctx,
4004 (info->dc_flags & (DS_DNS_CONTROLLER)), 0,
4006 torture_assert_int_equal(tctx,
4007 (info->dc_flags & (DS_DNS_DOMAIN)), 0,
4009 torture_assert_int_equal(tctx,
4010 (info->dc_flags & (DS_DNS_FOREST_ROOT)),
4014 if (strcasecmp(info->dc_site_name, info->client_site_name) == 0) {
4015 torture_assert_int_equal(tctx,
4016 (info->dc_flags & (DS_SERVER_CLOSEST)),
4021 return test_netr_DsRGetSiteName(p, tctx, info->dc_unc,
4022 info->dc_site_name);
4026 try a netlogon netr_DsRGetDCNameEx2
4028 static bool test_netr_DsRGetDCNameEx2(struct torture_context *tctx,
4029 struct dcerpc_pipe *p)
4032 struct netr_DsRGetDCNameEx2 r;
4033 struct netr_DsRGetDCNameInfo *info = NULL;
4034 struct dcerpc_binding_handle *b = p->binding_handle;
4036 torture_comment(tctx, "Testing netr_DsRGetDCNameEx2 with no inputs\n");
4038 r.in.flags = DS_RETURN_DNS_NAME;
4041 status = dcerpc_netr_DsRGetDCNameEx2_r(b, tctx, &r);
4042 torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx2");
4043 torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx2");
4045 torture_assert_int_equal(tctx,
4046 (info->dc_flags & (DS_DNS_CONTROLLER)),
4049 torture_assert_int_equal(tctx,
4050 (info->dc_flags & (DS_DNS_DOMAIN)),
4053 torture_assert_int_equal(tctx,
4054 (info->dc_flags & (DS_DNS_FOREST_ROOT)),
4058 r.in.server_unc = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
4059 r.in.client_account = NULL;
4060 r.in.mask = 0x00000000;
4061 r.in.domain_name = lpcfg_dnsdomain(tctx->lp_ctx);
4062 r.in.domain_guid = NULL;
4063 r.in.site_name = NULL;
4064 r.in.flags = DS_RETURN_DNS_NAME;
4067 torture_comment(tctx, "Testing netr_DsRGetDCNameEx2 without client account\n");
4069 status = dcerpc_netr_DsRGetDCNameEx2_r(b, tctx, &r);
4070 torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx2");
4071 torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx2");
4073 r.in.domain_name = lpcfg_workgroup(tctx->lp_ctx);
4076 status = dcerpc_netr_DsRGetDCNameEx2_r(b, tctx, &r);
4077 torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx2");
4078 torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx2");
4080 torture_assert_int_equal(tctx,
4081 (info->dc_flags & (DS_DNS_CONTROLLER)), 0,
4083 torture_assert_int_equal(tctx,
4084 (info->dc_flags & (DS_DNS_DOMAIN)), 0,
4086 torture_assert_int_equal(tctx,
4087 (info->dc_flags & (DS_DNS_FOREST_ROOT)),
4091 if (strcasecmp(info->dc_site_name, info->client_site_name) == 0) {
4092 torture_assert_int_equal(tctx,
4093 (info->dc_flags & (DS_SERVER_CLOSEST)),
4098 torture_comment(tctx, "Testing netr_DsRGetDCNameEx2 with client account\n");
4099 r.in.client_account = TEST_MACHINE_NAME"$";
4100 r.in.mask = ACB_SVRTRUST;
4101 r.in.flags = DS_RETURN_FLAT_NAME;
4104 status = dcerpc_netr_DsRGetDCNameEx2_r(b, tctx, &r);
4105 torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx2");
4106 torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx2");
4108 return test_netr_DsRGetSiteName(p, tctx, info->dc_unc,
4109 info->dc_site_name);
4112 /* This is a substitution for "samdb_server_site_name" which relies on the
4113 * correct "lp_ctx" and therefore can't be used here. */
4114 static const char *server_site_name(struct torture_context *tctx,
4115 struct ldb_context *ldb)
4117 TALLOC_CTX *tmp_ctx;
4118 struct ldb_dn *dn, *server_dn;
4119 const struct ldb_val *site_name_val;
4120 const char *server_dn_str, *site_name;
4122 tmp_ctx = talloc_new(ldb);
4123 if (tmp_ctx == NULL) {
4127 dn = ldb_dn_new(tmp_ctx, ldb, "");
4132 server_dn_str = samdb_search_string(ldb, tmp_ctx, dn, "serverName",
4134 if (server_dn_str == NULL) {
4138 server_dn = ldb_dn_new(tmp_ctx, ldb, server_dn_str);
4139 if (server_dn == NULL) {
4143 /* CN=<Server name>, CN=Servers, CN=<Site name>, CN=Sites, ... */
4144 site_name_val = ldb_dn_get_component_val(server_dn, 2);
4145 if (site_name_val == NULL) {
4149 site_name = (const char *) site_name_val->data;
4151 talloc_steal(tctx, site_name);
4152 talloc_free(tmp_ctx);
4157 talloc_free(tmp_ctx);
4161 static bool test_netr_DsrGetDcSiteCoverageW(struct torture_context *tctx,
4162 struct dcerpc_pipe *p)
4165 struct ldb_context *sam_ctx = NULL;
4167 struct netr_DsrGetDcSiteCoverageW r;
4168 struct DcSitesCtr *ctr = NULL;
4169 struct dcerpc_binding_handle *b = p->binding_handle;
4171 torture_comment(tctx, "This does only pass with the default site\n");
4173 /* We won't double-check this when we are over 'local' transports */
4174 if (dcerpc_server_name(p)) {
4175 /* Set up connection to SAMDB on DC */
4176 url = talloc_asprintf(tctx, "ldap://%s", dcerpc_server_name(p));
4177 sam_ctx = ldb_wrap_connect(tctx, tctx->ev, tctx->lp_ctx, url,
4179 popt_get_cmdline_credentials(),
4182 torture_assert(tctx, sam_ctx, "Connection to the SAMDB on DC failed!");
4185 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
4188 status = dcerpc_netr_DsrGetDcSiteCoverageW_r(b, tctx, &r);
4189 torture_assert_ntstatus_ok(tctx, status, "failed");
4190 torture_assert_werr_ok(tctx, r.out.result, "failed");
4192 torture_assert(tctx, ctr->num_sites == 1,
4193 "we should per default only get the default site");
4194 if (sam_ctx != NULL) {
4195 torture_assert_casestr_equal(tctx, ctr->sites[0].string,
4196 server_site_name(tctx, sam_ctx),
4197 "didn't return default site");
4203 static bool test_netr_DsRAddressToSitenamesW(struct torture_context *tctx,
4204 struct dcerpc_pipe *p)
4207 struct ldb_context *sam_ctx = NULL;
4209 struct netr_DsRAddressToSitenamesW r;
4210 struct netr_DsRAddress addrs[6];
4211 struct sockaddr_in *addr;
4213 struct sockaddr_in6 *addr6;
4215 struct netr_DsRAddressToSitenamesWCtr *ctr;
4216 struct dcerpc_binding_handle *b = p->binding_handle;
4220 torture_comment(tctx, "This does only pass with the default site\n");
4222 /* We won't double-check this when we are over 'local' transports */
4223 if (dcerpc_server_name(p)) {
4224 /* Set up connection to SAMDB on DC */
4225 url = talloc_asprintf(tctx, "ldap://%s", dcerpc_server_name(p));
4226 sam_ctx = ldb_wrap_connect(tctx, tctx->ev, tctx->lp_ctx, url,
4228 popt_get_cmdline_credentials(),
4231 torture_assert(tctx, sam_ctx, "Connection to the SAMDB on DC failed!");
4234 /* First try valid IP addresses */
4236 addrs[0].size = sizeof(struct sockaddr_in);
4237 addrs[0].buffer = talloc_zero_array(tctx, uint8_t, addrs[0].size);
4238 addr = (struct sockaddr_in *) addrs[0].buffer;
4239 addrs[0].buffer[0] = AF_INET;
4240 ret = inet_pton(AF_INET, "127.0.0.1", &addr->sin_addr);
4241 torture_assert(tctx, ret > 0, "inet_pton failed");
4243 addrs[1].size = sizeof(struct sockaddr_in);
4244 addrs[1].buffer = talloc_zero_array(tctx, uint8_t, addrs[1].size);
4245 addr = (struct sockaddr_in *) addrs[1].buffer;
4246 addrs[1].buffer[0] = AF_INET;
4247 ret = inet_pton(AF_INET, "0.0.0.0", &addr->sin_addr);
4248 torture_assert(tctx, ret > 0, "inet_pton failed");
4250 addrs[2].size = sizeof(struct sockaddr_in);
4251 addrs[2].buffer = talloc_zero_array(tctx, uint8_t, addrs[2].size);
4252 addr = (struct sockaddr_in *) addrs[2].buffer;
4253 addrs[2].buffer[0] = AF_INET;
4254 ret = inet_pton(AF_INET, "255.255.255.255", &addr->sin_addr);
4255 torture_assert(tctx, ret > 0, "inet_pton failed");
4258 addrs[3].size = sizeof(struct sockaddr_in6);
4259 addrs[3].buffer = talloc_zero_array(tctx, uint8_t, addrs[3].size);
4260 addr6 = (struct sockaddr_in6 *) addrs[3].buffer;
4261 addrs[3].buffer[0] = AF_INET6;
4262 ret = inet_pton(AF_INET6, "::1", &addr6->sin6_addr);
4263 torture_assert(tctx, ret > 0, "inet_pton failed");
4265 addrs[4].size = sizeof(struct sockaddr_in6);
4266 addrs[4].buffer = talloc_zero_array(tctx, uint8_t, addrs[4].size);
4267 addr6 = (struct sockaddr_in6 *) addrs[4].buffer;
4268 addrs[4].buffer[0] = AF_INET6;
4269 ret = inet_pton(AF_INET6, "::", &addr6->sin6_addr);
4270 torture_assert(tctx, ret > 0, "inet_pton failed");
4272 addrs[5].size = sizeof(struct sockaddr_in6);
4273 addrs[5].buffer = talloc_zero_array(tctx, uint8_t, addrs[5].size);
4274 addr6 = (struct sockaddr_in6 *) addrs[5].buffer;
4275 addrs[5].buffer[0] = AF_INET6;
4276 ret = inet_pton(AF_INET6, "ff02::1", &addr6->sin6_addr);
4277 torture_assert(tctx, ret > 0, "inet_pton failed");
4279 /* the test cases are repeated to have exactly 6. This is for
4280 * compatibility with IPv4-only machines */
4281 addrs[3].size = sizeof(struct sockaddr_in);
4282 addrs[3].buffer = talloc_zero_array(tctx, uint8_t, addrs[3].size);
4283 addr = (struct sockaddr_in *) addrs[3].buffer;
4284 addrs[3].buffer[0] = AF_INET;
4285 ret = inet_pton(AF_INET, "127.0.0.1", &addr->sin_addr);
4286 torture_assert(tctx, ret > 0, "inet_pton failed");
4288 addrs[4].size = sizeof(struct sockaddr_in);
4289 addrs[4].buffer = talloc_zero_array(tctx, uint8_t, addrs[4].size);
4290 addr = (struct sockaddr_in *) addrs[4].buffer;
4291 addrs[4].buffer[0] = AF_INET;
4292 ret = inet_pton(AF_INET, "0.0.0.0", &addr->sin_addr);
4293 torture_assert(tctx, ret > 0, "inet_pton failed");
4295 addrs[5].size = sizeof(struct sockaddr_in);
4296 addrs[5].buffer = talloc_zero_array(tctx, uint8_t, addrs[5].size);
4297 addr = (struct sockaddr_in *) addrs[5].buffer;
4298 addrs[5].buffer[0] = AF_INET;
4299 ret = inet_pton(AF_INET, "255.255.255.255", &addr->sin_addr);
4300 torture_assert(tctx, ret > 0, "inet_pton failed");
4303 ctr = talloc(tctx, struct netr_DsRAddressToSitenamesWCtr);
4305 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
4307 r.in.addresses = addrs;
4310 status = dcerpc_netr_DsRAddressToSitenamesW_r(b, tctx, &r);
4311 torture_assert_ntstatus_ok(tctx, status, "failed");
4312 torture_assert_werr_ok(tctx, r.out.result, "failed");
4314 if (sam_ctx != NULL) {
4315 for (i = 0; i < 3; i++) {
4316 torture_assert_casestr_equal(tctx,
4317 ctr->sitename[i].string,
4318 server_site_name(tctx, sam_ctx),
4319 "didn't return default site");
4321 for (i = 3; i < 6; i++) {
4322 /* Windows returns "NULL" for the sitename if it isn't
4323 * IPv6 configured */
4324 if (torture_setting_bool(tctx, "samba4", false)) {
4325 torture_assert_casestr_equal(tctx,
4326 ctr->sitename[i].string,
4327 server_site_name(tctx, sam_ctx),
4328 "didn't return default site");
4333 /* Now try invalid ones (too short buffers) */
4343 status = dcerpc_netr_DsRAddressToSitenamesW_r(b, tctx, &r);
4344 torture_assert_ntstatus_ok(tctx, status, "failed");
4345 torture_assert_werr_ok(tctx, r.out.result, "failed");
4347 for (i = 0; i < 6; i++) {
4348 torture_assert(tctx, ctr->sitename[i].string == NULL,
4349 "sitename should be null");
4352 /* Now try invalid ones (wrong address types) */
4355 addrs[0].buffer[0] = AF_UNSPEC;
4357 addrs[1].buffer[0] = AF_UNIX; /* AF_LOCAL = AF_UNIX */
4359 addrs[2].buffer[0] = AF_UNIX;
4362 addrs[3].buffer[0] = 250;
4364 addrs[4].buffer[0] = 251;
4366 addrs[5].buffer[0] = 252;
4368 status = dcerpc_netr_DsRAddressToSitenamesW_r(b, tctx, &r);
4369 torture_assert_ntstatus_ok(tctx, status, "failed");
4370 torture_assert_werr_ok(tctx, r.out.result, "failed");
4372 for (i = 0; i < 6; i++) {
4373 torture_assert(tctx, ctr->sitename[i].string == NULL,
4374 "sitename should be null");
4380 static bool test_netr_DsRAddressToSitenamesExW(struct torture_context *tctx,
4381 struct dcerpc_pipe *p)
4384 struct ldb_context *sam_ctx = NULL;
4386 struct netr_DsRAddressToSitenamesExW r;
4387 struct netr_DsRAddress addrs[6];
4388 struct sockaddr_in *addr;
4390 struct sockaddr_in6 *addr6;
4392 struct netr_DsRAddressToSitenamesExWCtr *ctr;
4393 struct dcerpc_binding_handle *b = p->binding_handle;
4397 torture_comment(tctx, "This does pass with the default site\n");
4399 /* We won't double-check this when we are over 'local' transports */
4400 if (dcerpc_server_name(p)) {
4401 /* Set up connection to SAMDB on DC */
4402 url = talloc_asprintf(tctx, "ldap://%s", dcerpc_server_name(p));
4403 sam_ctx = ldb_wrap_connect(tctx, tctx->ev, tctx->lp_ctx, url,
4405 popt_get_cmdline_credentials(),
4408 torture_assert(tctx, sam_ctx, "Connection to the SAMDB on DC failed!");
4411 /* First try valid IP addresses */
4413 addrs[0].size = sizeof(struct sockaddr_in);
4414 addrs[0].buffer = talloc_zero_array(tctx, uint8_t, addrs[0].size);
4415 addr = (struct sockaddr_in *) addrs[0].buffer;
4416 addrs[0].buffer[0] = AF_INET;
4417 ret = inet_pton(AF_INET, "127.0.0.1", &addr->sin_addr);
4418 torture_assert(tctx, ret > 0, "inet_pton failed");
4420 addrs[1].size = sizeof(struct sockaddr_in);
4421 addrs[1].buffer = talloc_zero_array(tctx, uint8_t, addrs[1].size);
4422 addr = (struct sockaddr_in *) addrs[1].buffer;
4423 addrs[1].buffer[0] = AF_INET;
4424 ret = inet_pton(AF_INET, "0.0.0.0", &addr->sin_addr);
4425 torture_assert(tctx, ret > 0, "inet_pton failed");
4427 addrs[2].size = sizeof(struct sockaddr_in);
4428 addrs[2].buffer = talloc_zero_array(tctx, uint8_t, addrs[2].size);
4429 addr = (struct sockaddr_in *) addrs[2].buffer;
4430 addrs[2].buffer[0] = AF_INET;
4431 ret = inet_pton(AF_INET, "255.255.255.255", &addr->sin_addr);
4432 torture_assert(tctx, ret > 0, "inet_pton failed");
4435 addrs[3].size = sizeof(struct sockaddr_in6);
4436 addrs[3].buffer = talloc_zero_array(tctx, uint8_t, addrs[3].size);
4437 addr6 = (struct sockaddr_in6 *) addrs[3].buffer;
4438 addrs[3].buffer[0] = AF_INET6;
4439 ret = inet_pton(AF_INET6, "::1", &addr6->sin6_addr);
4440 torture_assert(tctx, ret > 0, "inet_pton failed");
4442 addrs[4].size = sizeof(struct sockaddr_in6);
4443 addrs[4].buffer = talloc_zero_array(tctx, uint8_t, addrs[4].size);
4444 addr6 = (struct sockaddr_in6 *) addrs[4].buffer;
4445 addrs[4].buffer[0] = AF_INET6;
4446 ret = inet_pton(AF_INET6, "::", &addr6->sin6_addr);
4447 torture_assert(tctx, ret > 0, "inet_pton failed");
4449 addrs[5].size = sizeof(struct sockaddr_in6);
4450 addrs[5].buffer = talloc_zero_array(tctx, uint8_t, addrs[5].size);
4451 addr6 = (struct sockaddr_in6 *) addrs[5].buffer;
4452 addrs[5].buffer[0] = AF_INET6;
4453 ret = inet_pton(AF_INET6, "ff02::1", &addr6->sin6_addr);
4454 torture_assert(tctx, ret > 0, "inet_pton failed");
4456 /* the test cases are repeated to have exactly 6. This is for
4457 * compatibility with IPv4-only machines */
4458 addrs[3].size = sizeof(struct sockaddr_in);
4459 addrs[3].buffer = talloc_zero_array(tctx, uint8_t, addrs[3].size);
4460 addr = (struct sockaddr_in *) addrs[3].buffer;
4461 addrs[3].buffer[0] = AF_INET;
4462 ret = inet_pton(AF_INET, "127.0.0.1", &addr->sin_addr);
4463 torture_assert(tctx, ret > 0, "inet_pton failed");
4465 addrs[4].size = sizeof(struct sockaddr_in);
4466 addrs[4].buffer = talloc_zero_array(tctx, uint8_t, addrs[4].size);
4467 addr = (struct sockaddr_in *) addrs[4].buffer;
4468 addrs[4].buffer[0] = AF_INET;
4469 ret = inet_pton(AF_INET, "0.0.0.0", &addr->sin_addr);
4470 torture_assert(tctx, ret > 0, "inet_pton failed");
4472 addrs[5].size = sizeof(struct sockaddr_in);
4473 addrs[5].buffer = talloc_zero_array(tctx, uint8_t, addrs[5].size);
4474 addr = (struct sockaddr_in *) addrs[5].buffer;
4475 addrs[5].buffer[0] = AF_INET;
4476 ret = inet_pton(AF_INET, "255.255.255.255", &addr->sin_addr);
4477 torture_assert(tctx, ret > 0, "inet_pton failed");
4480 ctr = talloc(tctx, struct netr_DsRAddressToSitenamesExWCtr);
4482 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
4484 r.in.addresses = addrs;
4487 status = dcerpc_netr_DsRAddressToSitenamesExW_r(b, tctx, &r);
4488 torture_assert_ntstatus_ok(tctx, status, "failed");
4489 torture_assert_werr_ok(tctx, r.out.result, "failed");
4491 if (sam_ctx != NULL) {
4492 for (i = 0; i < 3; i++) {
4493 torture_assert_casestr_equal(tctx,
4494 ctr->sitename[i].string,
4495 server_site_name(tctx, sam_ctx),
4496 "didn't return default site");
4497 torture_assert(tctx, ctr->subnetname[i].string == NULL,
4498 "subnet should be null");
4500 for (i = 3; i < 6; i++) {
4501 /* Windows returns "NULL" for the sitename if it isn't
4502 * IPv6 configured */
4503 if (torture_setting_bool(tctx, "samba4", false)) {
4504 torture_assert_casestr_equal(tctx,
4505 ctr->sitename[i].string,
4506 server_site_name(tctx, sam_ctx),
4507 "didn't return default site");
4509 torture_assert(tctx, ctr->subnetname[i].string == NULL,
4510 "subnet should be null");
4514 /* Now try invalid ones (too short buffers) */
4524 status = dcerpc_netr_DsRAddressToSitenamesExW_r(b, tctx, &r);
4525 torture_assert_ntstatus_ok(tctx, status, "failed");
4526 torture_assert_werr_ok(tctx, r.out.result, "failed");
4528 for (i = 0; i < 6; i++) {
4529 torture_assert(tctx, ctr->sitename[i].string == NULL,
4530 "sitename should be null");
4531 torture_assert(tctx, ctr->subnetname[i].string == NULL,
4532 "subnet should be null");
4536 addrs[0].buffer[0] = AF_UNSPEC;
4538 addrs[1].buffer[0] = AF_UNIX; /* AF_LOCAL = AF_UNIX */
4540 addrs[2].buffer[0] = AF_UNIX;
4543 addrs[3].buffer[0] = 250;
4545 addrs[4].buffer[0] = 251;
4547 addrs[5].buffer[0] = 252;
4549 status = dcerpc_netr_DsRAddressToSitenamesExW_r(b, tctx, &r);
4550 torture_assert_ntstatus_ok(tctx, status, "failed");
4551 torture_assert_werr_ok(tctx, r.out.result, "failed");
4553 for (i = 0; i < 6; i++) {
4554 torture_assert(tctx, ctr->sitename[i].string == NULL,
4555 "sitename should be null");
4556 torture_assert(tctx, ctr->subnetname[i].string == NULL,
4557 "subnet should be null");
4563 static bool test_netr_ServerGetTrustInfo_flags(struct torture_context *tctx,
4564 struct dcerpc_pipe *p1,
4565 struct cli_credentials *machine_credentials,
4566 uint32_t negotiate_flags)
4568 struct netr_ServerGetTrustInfo r;
4570 struct netr_Authenticator a;
4571 struct netr_Authenticator return_authenticator;
4572 struct samr_Password new_owf_password;
4573 struct samr_Password old_owf_password;
4574 struct netr_TrustInfo *trust_info;
4576 struct netlogon_creds_CredentialState *creds;
4577 struct dcerpc_pipe *p = NULL;
4578 struct dcerpc_binding_handle *b = NULL;
4580 struct samr_Password nt_hash;
4582 if (!test_SetupCredentials3(p1, tctx, negotiate_flags,
4583 machine_credentials, &creds)) {
4586 if (!test_SetupCredentialsPipe(p1, tctx, machine_credentials, creds,
4587 DCERPC_SIGN | DCERPC_SEAL, &p)) {
4590 b = p->binding_handle;
4592 netlogon_creds_client_authenticator(creds, &a);
4594 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
4595 r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
4596 r.in.secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
4597 r.in.computer_name = TEST_MACHINE_NAME;
4598 r.in.credential = &a;
4600 r.out.return_authenticator = &return_authenticator;
4601 r.out.new_owf_password = &new_owf_password;
4602 r.out.old_owf_password = &old_owf_password;
4603 r.out.trust_info = &trust_info;
4605 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerGetTrustInfo_r(b, tctx, &r),
4606 "ServerGetTrustInfo failed");
4607 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerGetTrustInfo failed");
4608 torture_assert(tctx, netlogon_creds_client_check(creds, &return_authenticator.cred), "Credential chaining failed");
4610 E_md4hash(cli_credentials_get_password(machine_credentials), nt_hash.hash);
4612 netlogon_creds_des_decrypt(creds, &new_owf_password);
4614 dump_data(1, new_owf_password.hash, 16);
4615 dump_data(1, nt_hash.hash, 16);
4617 torture_assert_mem_equal(tctx, new_owf_password.hash, nt_hash.hash, 16,
4618 "received unexpected owf password\n");
4623 static bool test_netr_ServerGetTrustInfo(struct torture_context *tctx,
4624 struct dcerpc_pipe *p,
4625 struct cli_credentials *machine_credentials)
4627 return test_netr_ServerGetTrustInfo_flags(tctx, p, machine_credentials,
4628 NETLOGON_NEG_AUTH2_ADS_FLAGS);
4631 static bool test_netr_ServerGetTrustInfo_AES(struct torture_context *tctx,
4632 struct dcerpc_pipe *p,
4633 struct cli_credentials *machine_credentials)
4635 return test_netr_ServerGetTrustInfo_flags(tctx, p, machine_credentials,
4636 NETLOGON_NEG_AUTH2_ADS_FLAGS | NETLOGON_NEG_SUPPORTS_AES);
4639 static bool test_GetDomainInfo(struct torture_context *tctx,
4640 struct dcerpc_pipe *p1,
4641 struct cli_credentials *machine_credentials)
4643 struct netr_LogonGetDomainInfo r;
4644 struct netr_WorkstationInformation q1;
4645 struct netr_Authenticator a;
4646 struct netlogon_creds_CredentialState *creds;
4647 struct netr_OsVersion os;
4648 union netr_WorkstationInfo query;
4649 union netr_DomainInfo info;
4650 const char* const attrs[] = { "dNSHostName", "operatingSystem",
4651 "operatingSystemServicePack", "operatingSystemVersion",
4652 "servicePrincipalName", NULL };
4654 struct ldb_context *sam_ctx = NULL;
4655 struct ldb_message **res;
4656 struct ldb_message_element *spn_el;
4659 const char *old_dnsname = NULL;
4662 char *temp_str = NULL;
4663 char *temp_str2 = NULL;
4664 struct dcerpc_pipe *p = NULL;
4665 struct dcerpc_binding_handle *b = NULL;
4666 struct netr_OneDomainInfo *odi1 = NULL;
4667 struct netr_OneDomainInfo *odi2 = NULL;
4668 struct netr_trust_extension_info *tex2 = NULL;
4670 torture_comment(tctx, "Testing netr_LogonGetDomainInfo\n");
4672 if (!test_SetupCredentials3(p1, tctx, NETLOGON_NEG_AUTH2_ADS_FLAGS,
4673 machine_credentials, &creds)) {
4676 if (!test_SetupCredentialsPipe(p1, tctx, machine_credentials, creds,
4677 DCERPC_SIGN | DCERPC_SEAL, &p)) {
4680 b = p->binding_handle;
4682 /* We won't double-check this when we are over 'local' transports */
4683 if (dcerpc_server_name(p)) {
4684 /* Set up connection to SAMDB on DC */
4685 url = talloc_asprintf(tctx, "ldap://%s", dcerpc_server_name(p));
4686 sam_ctx = ldb_wrap_connect(tctx, tctx->ev, tctx->lp_ctx, url,
4688 popt_get_cmdline_credentials(),
4691 torture_assert(tctx, sam_ctx, "Connection to the SAMDB on DC failed!");
4694 torture_comment(tctx, "Testing netr_LogonGetDomainInfo 1st call (no variation of DNS hostname)\n");
4695 netlogon_creds_client_authenticator(creds, &a);
4698 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
4699 r.in.computer_name = TEST_MACHINE_NAME;
4700 r.in.credential = &a;
4702 r.in.return_authenticator = &a;
4703 r.in.query = &query;
4704 r.out.return_authenticator = &a;
4708 os.os.MajorVersion = 123;
4709 os.os.MinorVersion = 456;
4710 os.os.BuildNumber = 789;
4711 os.os.CSDVersion = "Service Pack 10";
4712 os.os.ServicePackMajor = 10;
4713 os.os.ServicePackMinor = 1;
4714 os.os.SuiteMask = NETR_VER_SUITE_SINGLEUSERTS;
4715 os.os.ProductType = NETR_VER_NT_SERVER;
4718 version_str = talloc_asprintf(tctx, "%d.%d (%d)", os.os.MajorVersion,
4719 os.os.MinorVersion, os.os.BuildNumber);
4722 q1.dns_hostname = talloc_asprintf(tctx, "%s.%s", TEST_MACHINE_NAME,
4723 lpcfg_dnsdomain(tctx->lp_ctx));
4724 q1.sitename = "Default-First-Site-Name";
4725 q1.os_version.os = &os;
4726 q1.os_name.string = talloc_asprintf(tctx,
4727 "Tortured by Samba4 RPC-NETLOGON: %s",
4728 timestring(tctx, time(NULL)));
4730 /* The workstation handles the "servicePrincipalName" and DNS hostname
4732 q1.workstation_flags = NETR_WS_FLAG_HANDLES_SPN_UPDATE;
4734 query.workstation_info = &q1;
4737 /* Gets back the old DNS hostname in AD */
4738 ret = gendb_search(sam_ctx, tctx, NULL, &res, attrs,
4739 "(sAMAccountName=%s$)", TEST_MACHINE_NAME);
4741 ldb_msg_find_attr_as_string(res[0], "dNSHostName", NULL);
4743 /* Gets back the "servicePrincipalName"s in AD */
4744 spn_el = ldb_msg_find_element(res[0], "servicePrincipalName");
4745 if (spn_el != NULL) {
4746 for (i=0; i < spn_el->num_values; i++) {
4747 spns = talloc_realloc(tctx, spns, char *, i + 1);
4748 spns[i] = (char *) spn_el->values[i].data;
4754 torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonGetDomainInfo_r(b, tctx, &r),
4755 "LogonGetDomainInfo failed");
4756 torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
4757 torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
4762 /* AD workstation infos entry check */
4763 ret = gendb_search(sam_ctx, tctx, NULL, &res, attrs,
4764 "(sAMAccountName=%s$)", TEST_MACHINE_NAME);
4765 torture_assert(tctx, ret == 1, "Test machine account not found in SAMDB on DC! Has the workstation been joined?");
4766 torture_assert_str_equal(tctx,
4767 ldb_msg_find_attr_as_string(res[0], "operatingSystem", NULL),
4768 q1.os_name.string, "'operatingSystem' wrong!");
4769 torture_assert_str_equal(tctx,
4770 ldb_msg_find_attr_as_string(res[0], "operatingSystemServicePack", NULL),
4771 os.os.CSDVersion, "'operatingSystemServicePack' wrong!");
4772 torture_assert_str_equal(tctx,
4773 ldb_msg_find_attr_as_string(res[0], "operatingSystemVersion", NULL),
4774 version_str, "'operatingSystemVersion' wrong!");
4776 if (old_dnsname != NULL) {
4777 /* If before a DNS hostname was set then it should remain
4778 the same in combination with the "servicePrincipalName"s.
4779 The DNS hostname should also be returned by our
4780 "LogonGetDomainInfo" call (in the domain info structure). */
4782 torture_assert_str_equal(tctx,
4783 ldb_msg_find_attr_as_string(res[0], "dNSHostName", NULL),
4784 old_dnsname, "'DNS hostname' was not set!");
4786 spn_el = ldb_msg_find_element(res[0], "servicePrincipalName");
4787 torture_assert(tctx, ((spns != NULL) && (spn_el != NULL)),
4788 "'servicePrincipalName's not set!");
4789 torture_assert(tctx, spn_el->num_values == num_spns,
4790 "'servicePrincipalName's incorrect!");
4791 for (i=0; (i < spn_el->num_values) && (i < num_spns); i++)
4792 torture_assert_str_equal(tctx,
4793 (char *) spn_el->values[i].data,
4794 spns[i], "'servicePrincipalName's incorrect!");
4796 torture_assert_str_equal(tctx,
4797 info.domain_info->dns_hostname.string,
4799 "Out 'DNS hostname' doesn't match the old one!");
4801 /* If no DNS hostname was set then also now none should be set,
4802 the "servicePrincipalName"s should remain empty and no DNS
4803 hostname should be returned by our "LogonGetDomainInfo"
4804 call (in the domain info structure). */
4806 torture_assert(tctx,
4807 ldb_msg_find_attr_as_string(res[0], "dNSHostName", NULL) == NULL,
4808 "'DNS hostname' was set!");
4810 spn_el = ldb_msg_find_element(res[0], "servicePrincipalName");
4811 torture_assert(tctx, ((spns == NULL) && (spn_el == NULL)),
4812 "'servicePrincipalName's were set!");
4814 torture_assert(tctx,
4815 info.domain_info->dns_hostname.string == NULL,
4816 "Out 'DNS host name' was set!");
4820 /* Checks "workstation flags" */
4821 torture_assert(tctx,
4822 info.domain_info->workstation_flags
4823 == NETR_WS_FLAG_HANDLES_SPN_UPDATE,
4824 "Out 'workstation flags' don't match!");
4827 torture_comment(tctx, "Testing netr_LogonGetDomainInfo 2nd call (variation of DNS hostname doesn't work)\n");
4828 netlogon_creds_client_authenticator(creds, &a);
4830 /* Wipe out the osVersion, and prove which values still 'stick' */
4831 q1.os_version.os = NULL;
4833 /* Change also the DNS hostname to test differences in behaviour */
4834 talloc_free(discard_const_p(char, q1.dns_hostname));
4835 q1.dns_hostname = talloc_asprintf(tctx, "%s2.%s", TEST_MACHINE_NAME,
4836 lpcfg_dnsdomain(tctx->lp_ctx));
4838 /* The workstation handles the "servicePrincipalName" and DNS hostname
4840 q1.workstation_flags = NETR_WS_FLAG_HANDLES_SPN_UPDATE;
4842 torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonGetDomainInfo_r(b, tctx, &r),
4843 "LogonGetDomainInfo failed");
4844 torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
4846 torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
4851 /* AD workstation infos entry check */
4852 ret = gendb_search(sam_ctx, tctx, NULL, &res, attrs,
4853 "(sAMAccountName=%s$)", TEST_MACHINE_NAME);
4854 torture_assert(tctx, ret == 1, "Test machine account not found in SAMDB on DC! Has the workstation been joined?");
4856 torture_assert_str_equal(tctx,
4857 ldb_msg_find_attr_as_string(res[0], "operatingSystem", NULL),
4858 q1.os_name.string, "'operatingSystem' should stick!");
4859 torture_assert(tctx,
4860 ldb_msg_find_attr_as_string(res[0], "operatingSystemServicePack", NULL) == NULL,
4861 "'operatingSystemServicePack' shouldn't stick!");
4862 torture_assert(tctx,
4863 ldb_msg_find_attr_as_string(res[0], "operatingSystemVersion", NULL) == NULL,
4864 "'operatingSystemVersion' shouldn't stick!");
4866 /* The DNS host name shouldn't have been updated by the server */
4868 torture_assert_str_equal(tctx,
4869 ldb_msg_find_attr_as_string(res[0], "dNSHostName", NULL),
4870 old_dnsname, "'DNS host name' did change!");
4872 /* Find the two "servicePrincipalName"s which the DC shouldn't have been
4873 updated (HOST/<Netbios name> and HOST/<FQDN name>) - see MS-NRPC
4875 spn_el = ldb_msg_find_element(res[0], "servicePrincipalName");
4876 torture_assert(tctx, spn_el != NULL,
4877 "There should exist 'servicePrincipalName's in AD!");
4878 temp_str = talloc_asprintf(tctx, "HOST/%s", TEST_MACHINE_NAME);
4879 for (i=0; i < spn_el->num_values; i++)
4880 if (strcasecmp((char *) spn_el->values[i].data, temp_str) == 0)
4882 torture_assert(tctx, i != spn_el->num_values,
4883 "'servicePrincipalName' HOST/<Netbios name> not found!");
4884 temp_str = talloc_asprintf(tctx, "HOST/%s", old_dnsname);
4885 for (i=0; i < spn_el->num_values; i++)
4886 if (strcasecmp((char *) spn_el->values[i].data, temp_str) == 0)
4888 torture_assert(tctx, i != spn_el->num_values,
4889 "'servicePrincipalName' HOST/<FQDN name> not found!");
4891 /* Check that the out DNS hostname was set properly */
4892 torture_assert_str_equal(tctx, info.domain_info->dns_hostname.string,
4893 old_dnsname, "Out 'DNS hostname' doesn't match the old one!");
4896 /* Checks "workstation flags" */
4897 torture_assert(tctx,
4898 info.domain_info->workstation_flags == NETR_WS_FLAG_HANDLES_SPN_UPDATE,
4899 "Out 'workstation flags' don't match!");
4902 /* Now try the same but the workstation flags set to 0 */
4904 torture_comment(tctx, "Testing netr_LogonGetDomainInfo 3rd call (variation of DNS hostname doesn't work)\n");
4905 netlogon_creds_client_authenticator(creds, &a);
4907 /* Change also the DNS hostname to test differences in behaviour */
4908 talloc_free(discard_const_p(char, q1.dns_hostname));
4909 q1.dns_hostname = talloc_asprintf(tctx, "%s2.%s", TEST_MACHINE_NAME,
4910 lpcfg_dnsdomain(tctx->lp_ctx));
4912 /* Wipe out the osVersion, and prove which values still 'stick' */
4913 q1.os_version.os = NULL;
4915 /* Let the DC handle the "servicePrincipalName" and DNS hostname
4917 q1.workstation_flags = 0;
4919 torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonGetDomainInfo_r(b, tctx, &r),
4920 "LogonGetDomainInfo failed");
4921 torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
4922 torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
4927 /* AD workstation infos entry check */
4928 ret = gendb_search(sam_ctx, tctx, NULL, &res, attrs,
4929 "(sAMAccountName=%s$)", TEST_MACHINE_NAME);
4930 torture_assert(tctx, ret == 1, "Test machine account not found in SAMDB on DC! Has the workstation been joined?");
4932 torture_assert_str_equal(tctx,
4933 ldb_msg_find_attr_as_string(res[0], "operatingSystem", NULL),
4934 q1.os_name.string, "'operatingSystem' should stick!");
4935 torture_assert(tctx,
4936 ldb_msg_find_attr_as_string(res[0], "operatingSystemServicePack", NULL) == NULL,
4937 "'operatingSystemServicePack' shouldn't stick!");
4938 torture_assert(tctx,
4939 ldb_msg_find_attr_as_string(res[0], "operatingSystemVersion", NULL) == NULL,
4940 "'operatingSystemVersion' shouldn't stick!");
4942 /* The DNS host name shouldn't have been updated by the server */
4944 torture_assert_str_equal(tctx,
4945 ldb_msg_find_attr_as_string(res[0], "dNSHostName", NULL),
4946 old_dnsname, "'DNS host name' did change!");
4948 /* Find the two "servicePrincipalName"s which the DC shouldn't have been
4949 updated (HOST/<Netbios name> and HOST/<FQDN name>) - see MS-NRPC
4951 spn_el = ldb_msg_find_element(res[0], "servicePrincipalName");
4952 torture_assert(tctx, spn_el != NULL,
4953 "There should exist 'servicePrincipalName's in AD!");
4954 temp_str = talloc_asprintf(tctx, "HOST/%s", TEST_MACHINE_NAME);
4955 for (i=0; i < spn_el->num_values; i++)
4956 if (strcasecmp((char *) spn_el->values[i].data, temp_str) == 0)
4958 torture_assert(tctx, i != spn_el->num_values,
4959 "'servicePrincipalName' HOST/<Netbios name> not found!");
4960 temp_str = talloc_asprintf(tctx, "HOST/%s", old_dnsname);
4961 for (i=0; i < spn_el->num_values; i++)
4962 if (strcasecmp((char *) spn_el->values[i].data, temp_str) == 0)
4964 torture_assert(tctx, i != spn_el->num_values,
4965 "'servicePrincipalName' HOST/<FQDN name> not found!");
4967 /* Here the server gives us NULL as the out DNS hostname */
4968 torture_assert(tctx, info.domain_info->dns_hostname.string == NULL,
4969 "Out 'DNS hostname' should be NULL!");
4972 /* Checks "workstation flags" */
4973 torture_assert(tctx,
4974 info.domain_info->workstation_flags == 0,
4975 "Out 'workstation flags' don't match!");
4978 torture_comment(tctx, "Testing netr_LogonGetDomainInfo 4th call (verification of DNS hostname and check for trusted domains)\n");
4979 netlogon_creds_client_authenticator(creds, &a);
4981 /* Put the DNS hostname back */
4982 talloc_free(discard_const_p(char, q1.dns_hostname));
4983 q1.dns_hostname = talloc_asprintf(tctx, "%s.%s", TEST_MACHINE_NAME,
4984 lpcfg_dnsdomain(tctx->lp_ctx));
4986 /* The workstation handles the "servicePrincipalName" and DNS hostname
4988 q1.workstation_flags = NETR_WS_FLAG_HANDLES_SPN_UPDATE;
4990 torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonGetDomainInfo_r(b, tctx, &r),
4991 "LogonGetDomainInfo failed");
4992 torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
4993 torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
4997 /* Now the in/out DNS hostnames should be the same */
4998 torture_assert_str_equal(tctx,
4999 info.domain_info->dns_hostname.string,
5000 query.workstation_info->dns_hostname,
5001 "In/Out 'DNS hostnames' don't match!");
5002 old_dnsname = info.domain_info->dns_hostname.string;
5004 /* Checks "workstation flags" */
5005 torture_assert(tctx,
5006 info.domain_info->workstation_flags
5007 == NETR_WS_FLAG_HANDLES_SPN_UPDATE,
5008 "Out 'workstation flags' don't match!");
5010 /* Checks for trusted domains */
5011 torture_assert(tctx,
5012 (info.domain_info->trusted_domain_count != 0)
5013 && (info.domain_info->trusted_domains != NULL),
5014 "Trusted domains have been requested!");
5017 torture_comment(tctx, "Testing netr_LogonGetDomainInfo 5th call (check for trusted domains)\n");
5018 netlogon_creds_client_authenticator(creds, &a);
5020 /* The workstation handles the "servicePrincipalName" and DNS hostname
5021 updates and requests inbound trusts */
5022 q1.workstation_flags = NETR_WS_FLAG_HANDLES_SPN_UPDATE
5023 | NETR_WS_FLAG_HANDLES_INBOUND_TRUSTS;
5025 torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonGetDomainInfo_r(b, tctx, &r),
5026 "LogonGetDomainInfo failed");
5027 torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
5028 torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
5032 /* Checks "workstation flags" */
5033 torture_assert(tctx,
5034 info.domain_info->workstation_flags
5035 == (NETR_WS_FLAG_HANDLES_SPN_UPDATE
5036 | NETR_WS_FLAG_HANDLES_INBOUND_TRUSTS),
5037 "Out 'workstation flags' don't match!");
5039 /* Checks for trusted domains */
5040 torture_assert(tctx,
5041 (info.domain_info->trusted_domain_count != 0)
5042 && (info.domain_info->trusted_domains != NULL),
5043 "Trusted domains have been requested!");
5045 odi1 = &info.domain_info->primary_domain;
5047 torture_assert(tctx, !GUID_all_zero(&odi1->domain_guid),
5048 "primary domain_guid needs to be valid");
5050 for (i=0; i < info.domain_info->trusted_domain_count; i++) {
5051 struct netr_OneDomainInfo *odiT =
5052 &info.domain_info->trusted_domains[i];
5053 struct netr_trust_extension_info *texT = NULL;
5055 torture_assert_int_equal(tctx, odiT->trust_extension.length, 16,
5056 "trust_list should have extension");
5057 torture_assert(tctx, odiT->trust_extension.info != NULL,
5058 "trust_list should have extension");
5059 texT = &odiT->trust_extension.info->info;
5061 if (GUID_equal(&odiT->domain_guid, &odi1->domain_guid)) {
5067 torture_assert_int_equal(tctx,
5068 texT->flags & NETR_TRUST_FLAG_PRIMARY,
5070 "trust_list flags should not have PRIMARY");
5072 torture_assert(tctx, odiT->domainname.string != NULL,
5073 "trust_list domainname should be valid");
5074 if (texT->trust_type == LSA_TRUST_TYPE_DOWNLEVEL) {
5075 torture_assert(tctx, odiT->dns_domainname.string == NULL,
5076 "trust_list dns_domainname should be NULL for downlevel");
5078 torture_assert(tctx, odiT->dns_domainname.string != NULL,
5079 "trust_list dns_domainname should be valid for uplevel");
5081 torture_assert(tctx, odiT->dns_forestname.string == NULL,
5082 "trust_list dns_forestname needs to be NULL");
5084 torture_assert(tctx, odiT->domain_sid != NULL,
5085 "trust_list domain_sid needs to be valid");
5088 torture_assert(tctx, odi2 != NULL,
5089 "trust_list primary domain not found.");
5091 torture_assert_str_equal(tctx,
5092 odi1->domainname.string,
5093 odi2->domainname.string,
5094 "netbios name should match");
5096 temp_str = talloc_strdup(tctx, odi1->dns_domainname.string);
5097 torture_assert(tctx, temp_str != NULL,
5098 "primary_domain dns_domainname copy");
5099 temp_str2 = strrchr(temp_str, '.');
5100 torture_assert(tctx, temp_str2 != NULL && temp_str2[1] == '\0',
5101 "primary_domain dns_domainname needs trailing '.'");
5102 temp_str2[0] = '\0';
5103 torture_assert_str_equal(tctx,
5105 odi2->dns_domainname.string,
5106 "dns domainname should match "
5107 "(without trailing '.')");
5109 temp_str = talloc_strdup(tctx, odi1->dns_forestname.string);
5110 torture_assert(tctx, temp_str != NULL,
5111 "primary_domain dns_forestname copy");
5112 temp_str2 = strrchr(temp_str, '.');
5113 torture_assert(tctx, temp_str2 != NULL && temp_str2[1] == '\0',
5114 "primary_domain dns_forestname needs trailing '.'");
5115 temp_str2[0] = '\0';
5116 torture_assert(tctx, odi2->dns_forestname.string == NULL,
5117 "trust_list dns_forestname needs to be NULL");
5119 torture_assert_guid_equal(tctx, odi1->domain_guid, odi2->domain_guid,
5120 "domain_guid should match");
5121 torture_assert(tctx, odi1->domain_sid != NULL,
5122 "primary domain_sid needs to be valid");
5123 torture_assert(tctx, odi2->domain_sid != NULL,
5124 "trust_list domain_sid needs to be valid");
5125 torture_assert_sid_equal(tctx, odi1->domain_sid, odi2->domain_sid,
5126 "domain_sid should match");
5128 torture_assert_int_equal(tctx, odi1->trust_extension.length, 0,
5129 "primary_domain should not have extension");
5130 torture_assert_int_equal(tctx, odi2->trust_extension.length, 16,
5131 "trust_list should have extension");
5132 torture_assert(tctx, odi2->trust_extension.info != NULL,
5133 "trust_list should have extension");
5134 tex2 = &odi2->trust_extension.info->info;
5135 torture_assert_int_equal(tctx,
5136 tex2->flags & NETR_TRUST_FLAG_PRIMARY,
5137 NETR_TRUST_FLAG_PRIMARY,
5138 "trust_list flags should have PRIMARY");
5139 torture_assert_int_equal(tctx,
5140 tex2->flags & NETR_TRUST_FLAG_IN_FOREST,
5141 NETR_TRUST_FLAG_IN_FOREST,
5142 "trust_list flags should have IN_FOREST");
5143 torture_assert_int_equal(tctx,
5144 tex2->flags & NETR_TRUST_FLAG_NATIVE,
5145 NETR_TRUST_FLAG_NATIVE,
5146 "trust_list flags should have NATIVE");
5147 torture_assert_int_equal(tctx,
5148 tex2->flags & ~NETR_TRUST_FLAG_TREEROOT,
5149 NETR_TRUST_FLAG_IN_FOREST |
5150 NETR_TRUST_FLAG_PRIMARY |
5151 NETR_TRUST_FLAG_NATIVE,
5152 "trust_list flags IN_FOREST, PRIMARY, NATIVE "
5153 "(TREEROOT optional)");
5154 if (strcmp(odi1->dns_domainname.string, odi1->dns_forestname.string) == 0) {
5155 torture_assert_int_equal(tctx,
5156 tex2->flags & NETR_TRUST_FLAG_TREEROOT,
5157 NETR_TRUST_FLAG_TREEROOT,
5158 "trust_list flags TREEROOT on forest root");
5159 torture_assert_int_equal(tctx,
5160 tex2->parent_index, 0,
5161 "trust_list no parent on foreset root");
5163 torture_assert_int_equal(tctx,
5164 tex2->trust_type, LSA_TRUST_TYPE_UPLEVEL,
5165 "trust_list uplevel");
5166 torture_assert_int_equal(tctx,
5167 tex2->trust_attributes, 0,
5168 "trust_list no attributes");
5170 torture_comment(tctx, "Testing netr_LogonGetDomainInfo 6th call (no DNS hostname)\n");
5171 netlogon_creds_client_authenticator(creds, &a);
5173 query.workstation_info->dns_hostname = NULL;
5175 torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonGetDomainInfo_r(b, tctx, &r),
5176 "LogonGetDomainInfo failed");
5177 torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
5178 torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
5180 /* The old DNS hostname should stick */
5181 torture_assert_str_equal(tctx,
5182 info.domain_info->dns_hostname.string,
5184 "'DNS hostname' changed!");
5186 torture_comment(tctx, "Testing netr_LogonGetDomainInfo 7th call (extra workstation flags)\n");
5187 netlogon_creds_client_authenticator(creds, &a);
5189 q1.workstation_flags = NETR_WS_FLAG_HANDLES_SPN_UPDATE
5190 | NETR_WS_FLAG_HANDLES_INBOUND_TRUSTS | 0x4;
5192 /* Put the DNS hostname back */
5193 talloc_free(discard_const_p(char, q1.dns_hostname));
5194 q1.dns_hostname = talloc_asprintf(tctx, "%s.%s", TEST_MACHINE_NAME,
5195 lpcfg_dnsdomain(tctx->lp_ctx));
5197 torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonGetDomainInfo_r(b, tctx, &r),
5198 "LogonGetDomainInfo failed");
5199 torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
5200 torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
5202 /* Checks "workstation flags" */
5203 torture_assert(tctx,
5204 info.domain_info->workstation_flags
5205 == (NETR_WS_FLAG_HANDLES_SPN_UPDATE
5206 | NETR_WS_FLAG_HANDLES_INBOUND_TRUSTS),
5207 "Out 'workstation flags' don't match!");
5209 if (!torture_setting_bool(tctx, "dangerous", false)) {
5210 torture_comment(tctx, "Not testing netr_LogonGetDomainInfo 8th call (no workstation info) - enable dangerous tests in order to do so\n");
5212 /* Try a call without the workstation information structure */
5214 torture_comment(tctx, "Testing netr_LogonGetDomainInfo 8th call (no workstation info)\n");
5215 netlogon_creds_client_authenticator(creds, &a);
5217 query.workstation_info = NULL;
5219 torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonGetDomainInfo_r(b, tctx, &r),
5220 "LogonGetDomainInfo failed");
5221 torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
5222 torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
5228 static bool test_GetDomainInfo_async(struct torture_context *tctx,
5229 struct dcerpc_pipe *p1,
5230 struct cli_credentials *machine_credentials)
5233 struct netr_LogonGetDomainInfo r;
5234 struct netr_WorkstationInformation q1;
5235 struct netr_Authenticator a;
5236 #define ASYNC_COUNT 100
5237 struct netlogon_creds_CredentialState *creds;
5238 struct netlogon_creds_CredentialState *creds_async[ASYNC_COUNT];
5239 struct tevent_req *req[ASYNC_COUNT];
5241 union netr_WorkstationInfo query;
5242 union netr_DomainInfo info;
5243 struct dcerpc_pipe *p = NULL;
5245 torture_comment(tctx, "Testing netr_LogonGetDomainInfo - async count %d\n", ASYNC_COUNT);
5247 if (!test_SetupCredentials3(p, tctx, NETLOGON_NEG_AUTH2_ADS_FLAGS,
5248 machine_credentials, &creds)) {
5251 if (!test_SetupCredentialsPipe(p1, tctx, machine_credentials, creds,
5252 DCERPC_SIGN | DCERPC_SEAL, &p)) {
5257 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
5258 r.in.computer_name = TEST_MACHINE_NAME;
5259 r.in.credential = &a;
5261 r.in.return_authenticator = &a;
5262 r.in.query = &query;
5263 r.out.return_authenticator = &a;
5267 q1.dns_hostname = talloc_asprintf(tctx, "%s.%s", TEST_MACHINE_NAME,
5268 lpcfg_dnsdomain(tctx->lp_ctx));
5269 q1.sitename = "Default-First-Site-Name";
5270 q1.os_name.string = "UNIX/Linux or similar";
5272 query.workstation_info = &q1;
5274 for (i=0;i<ASYNC_COUNT;i++) {
5275 netlogon_creds_client_authenticator(creds, &a);
5277 creds_async[i] = (struct netlogon_creds_CredentialState *)talloc_memdup(creds, creds, sizeof(*creds));
5278 req[i] = dcerpc_netr_LogonGetDomainInfo_r_send(tctx, tctx->ev, p->binding_handle, &r);
5280 /* even with this flush per request a w2k3 server seems to
5281 clag with multiple outstanding requests. bleergh. */
5282 torture_assert_int_equal(tctx, tevent_loop_once(tctx->ev), 0,
5283 "tevent_loop_once failed");
5286 for (i=0;i<ASYNC_COUNT;i++) {
5287 torture_assert_int_equal(tctx, tevent_req_poll(req[i], tctx->ev), true,
5288 "tevent_req_poll() failed");
5290 status = dcerpc_netr_LogonGetDomainInfo_r_recv(req[i], tctx);
5292 torture_assert_ntstatus_ok(tctx, status, "netr_LogonGetDomainInfo_async");
5293 torture_assert_ntstatus_ok(tctx, r.out.result, "netr_LogonGetDomainInfo_async");
5295 torture_assert(tctx, netlogon_creds_client_check(creds_async[i], &a.cred),
5296 "Credential chaining failed at async");
5299 torture_comment(tctx,
5300 "Testing netr_LogonGetDomainInfo - async count %d OK\n", ASYNC_COUNT);
5305 static bool test_ManyGetDCName(struct torture_context *tctx,
5306 struct dcerpc_pipe *p)
5309 struct cli_credentials *anon_creds;
5310 struct dcerpc_binding *binding2;
5311 struct dcerpc_pipe *p2;
5312 struct lsa_ObjectAttribute attr;
5313 struct lsa_QosInfo qos;
5314 struct lsa_OpenPolicy2 o;
5315 struct policy_handle lsa_handle;
5316 struct lsa_DomainList domains;
5318 struct lsa_EnumTrustDom t;
5319 uint32_t resume_handle = 0;
5320 struct netr_GetAnyDCName d;
5321 const char *dcname = NULL;
5322 struct dcerpc_binding_handle *b = p->binding_handle;
5323 struct dcerpc_binding_handle *b2;
5327 if (p->conn->transport.transport != NCACN_NP) {
5328 torture_skip(tctx, "test_ManyGetDCName works only with NCACN_NP");
5331 torture_comment(tctx, "Torturing GetDCName\n");
5333 anon_creds = cli_credentials_init_anon(tctx);
5334 torture_assert(tctx, anon_creds != NULL, "cli_credentials_init_anon failed");
5336 binding2 = dcerpc_binding_dup(tctx, p->binding);
5337 /* Swap the binding details from NETLOGON to LSA */
5338 status = dcerpc_epm_map_binding(tctx, binding2, &ndr_table_lsarpc, tctx->ev, tctx->lp_ctx);
5339 dcerpc_binding_set_assoc_group_id(binding2, 0);
5340 torture_assert_ntstatus_ok(tctx, status, "epm map");
5342 status = dcerpc_secondary_auth_connection(p, binding2, &ndr_table_lsarpc,
5343 anon_creds, tctx->lp_ctx,
5345 torture_assert_ntstatus_ok(tctx, status, "Failed to create secondary connection");
5346 b2 = p2->binding_handle;
5349 qos.impersonation_level = 2;
5350 qos.context_mode = 1;
5351 qos.effective_only = 0;
5354 attr.root_dir = NULL;
5355 attr.object_name = NULL;
5356 attr.attributes = 0;
5357 attr.sec_desc = NULL;
5358 attr.sec_qos = &qos;
5360 o.in.system_name = "\\";
5362 o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
5363 o.out.handle = &lsa_handle;
5365 torture_assert_ntstatus_ok(tctx, dcerpc_lsa_OpenPolicy2_r(b2, tctx, &o),
5366 "OpenPolicy2 failed");
5367 torture_assert_ntstatus_ok(tctx, o.out.result, "OpenPolicy2 failed");
5369 t.in.handle = &lsa_handle;
5370 t.in.resume_handle = &resume_handle;
5371 t.in.max_size = 1000;
5372 t.out.domains = &domains;
5373 t.out.resume_handle = &resume_handle;
5375 torture_assert_ntstatus_ok(tctx, dcerpc_lsa_EnumTrustDom_r(b2, tctx, &t),
5376 "EnumTrustDom failed");
5378 if ((!NT_STATUS_IS_OK(t.out.result) &&
5379 (!NT_STATUS_EQUAL(t.out.result, NT_STATUS_NO_MORE_ENTRIES))))
5380 torture_fail(tctx, "Could not list domains");
5384 d.in.logon_server = talloc_asprintf(tctx, "\\\\%s",
5385 dcerpc_server_name(p));
5386 d.out.dcname = &dcname;
5388 for (i=0; i<domains.count * 4; i++) {
5389 struct lsa_DomainInfo *info =
5390 &domains.domains[rand()%domains.count];
5392 d.in.domainname = info->name.string;
5394 status = dcerpc_netr_GetAnyDCName_r(b, tctx, &d);
5395 torture_assert_ntstatus_ok(tctx, status, "GetAnyDCName");
5397 torture_comment(tctx, "\tDC for domain %s is %s\n", info->name.string,
5398 dcname ? dcname : "unknown");
5404 static bool test_lsa_over_netlogon(struct torture_context *tctx,
5405 struct dcerpc_pipe *p)
5408 struct cli_credentials *anon_creds;
5409 const struct dcerpc_binding *binding2;
5410 struct dcerpc_pipe *p2;
5411 struct lsa_ObjectAttribute attr;
5412 struct lsa_QosInfo qos;
5413 struct lsa_OpenPolicy2 o;
5414 struct policy_handle lsa_handle;
5416 struct dcerpc_binding_handle *b2;
5419 if (p->conn->transport.transport != NCACN_NP) {
5420 torture_skip(tctx, "test_lsa_over_netlogon works only with NCACN_NP");
5423 torture_comment(tctx, "Testing if we can access the LSA server over\n"
5424 " \\\\pipe\\netlogon rather than \\\\pipe\\lsarpc\n");
5426 anon_creds = cli_credentials_init_anon(tctx);
5427 torture_assert(tctx, anon_creds != NULL, "cli_credentials_init_anon failed");
5429 binding2 = p->binding;
5431 status = dcerpc_secondary_auth_connection(p, binding2, &ndr_table_lsarpc,
5432 anon_creds, tctx->lp_ctx,
5434 torture_assert_ntstatus_ok(tctx, status, "Failed to create secondary connection");
5435 b2 = p2->binding_handle;
5438 qos.impersonation_level = 2;
5439 qos.context_mode = 1;
5440 qos.effective_only = 0;
5443 attr.root_dir = NULL;
5444 attr.object_name = NULL;
5445 attr.attributes = 0;
5446 attr.sec_desc = NULL;
5447 attr.sec_qos = &qos;
5449 o.in.system_name = "\\";
5451 o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
5452 o.out.handle = &lsa_handle;
5454 torture_assert_ntstatus_ok(tctx, dcerpc_lsa_OpenPolicy2_r(b2, tctx, &o),
5455 "OpenPolicy2 failed");
5456 torture_assert_ntstatus_ok(tctx, o.out.result, "OpenPolicy2 failed");
5463 static bool test_SetPassword_with_flags(struct torture_context *tctx,
5464 struct dcerpc_pipe *p,
5465 struct cli_credentials *machine_credentials)
5467 uint32_t flags[] = { 0, NETLOGON_NEG_STRONG_KEYS };
5468 struct netlogon_creds_CredentialState *creds;
5471 if (!test_SetupCredentials2(p, tctx, 0,
5472 machine_credentials,
5473 cli_credentials_get_secure_channel_type(machine_credentials),
5475 torture_skip(tctx, "DC does not support negotiation of 64bit session keys");
5478 for (i=0; i < ARRAY_SIZE(flags); i++) {
5479 torture_assert(tctx,
5480 test_SetPassword_flags(tctx, p, machine_credentials, flags[i]),
5481 talloc_asprintf(tctx, "failed to test SetPassword negotiating with 0x%08x flags", flags[i]));
5487 struct torture_suite *torture_rpc_netlogon(TALLOC_CTX *mem_ctx)
5489 struct torture_suite *suite = torture_suite_create(mem_ctx, "netlogon");
5490 struct torture_rpc_tcase *tcase;
5491 struct torture_test *test;
5493 tcase = torture_suite_add_machine_bdc_rpc_iface_tcase(suite, "netlogon",
5494 &ndr_table_netlogon, TEST_MACHINE_NAME);
5496 torture_rpc_tcase_add_test_creds(tcase, "SetupCredentialsDowngrade", test_SetupCredentialsDowngrade);
5497 torture_rpc_tcase_add_test(tcase, "lsa_over_netlogon", test_lsa_over_netlogon);
5499 torture_rpc_tcase_add_test_creds(tcase, "GetForestTrustInformation", test_netr_GetForestTrustInformation);
5500 torture_rpc_tcase_add_test_creds(tcase, "ServerGetTrustInfo_AES", test_netr_ServerGetTrustInfo_AES);
5501 torture_rpc_tcase_add_test_creds(tcase, "ServerGetTrustInfo", test_netr_ServerGetTrustInfo);
5502 torture_rpc_tcase_add_test(tcase, "DsRAddressToSitenamesExW", test_netr_DsRAddressToSitenamesExW);
5503 torture_rpc_tcase_add_test(tcase, "DsRAddressToSitenamesW", test_netr_DsRAddressToSitenamesW);
5504 torture_rpc_tcase_add_test(tcase, "DsrGetDcSiteCoverageW", test_netr_DsrGetDcSiteCoverageW);
5505 torture_rpc_tcase_add_test(tcase, "DsRGetDCNameEx2", test_netr_DsRGetDCNameEx2);
5506 torture_rpc_tcase_add_test(tcase, "DsRGetDCNameEx", test_netr_DsRGetDCNameEx);
5507 torture_rpc_tcase_add_test(tcase, "DsRGetDCName", test_netr_DsRGetDCName);
5508 test = torture_rpc_tcase_add_test_creds(tcase, "GetDomainInfo_async", test_GetDomainInfo_async);
5509 test->dangerous = true;
5510 torture_rpc_tcase_add_test(tcase, "NetrEnumerateTrustedDomainsEx", test_netr_NetrEnumerateTrustedDomainsEx);
5511 torture_rpc_tcase_add_test(tcase, "NetrEnumerateTrustedDomains", test_netr_NetrEnumerateTrustedDomains);
5512 torture_rpc_tcase_add_test(tcase, "DsrEnumerateDomainTrusts", test_DsrEnumerateDomainTrusts);
5513 torture_rpc_tcase_add_test_creds(tcase, "DatabaseSync2", test_DatabaseSync2);
5514 torture_rpc_tcase_add_test(tcase, "GetAnyDCName", test_GetAnyDCName);
5515 torture_rpc_tcase_add_test(tcase, "ManyGetDCName", test_ManyGetDCName);
5516 torture_rpc_tcase_add_test(tcase, "GetDcName", test_GetDcName);
5517 torture_rpc_tcase_add_test_creds(tcase, "AccountSync", test_AccountSync);
5518 torture_rpc_tcase_add_test_creds(tcase, "AccountDeltas", test_AccountDeltas);
5519 torture_rpc_tcase_add_test_creds(tcase, "DatabaseRedo", test_DatabaseRedo);
5520 torture_rpc_tcase_add_test_creds(tcase, "DatabaseDeltas", test_DatabaseDeltas);
5521 torture_rpc_tcase_add_test_creds(tcase, "DatabaseSync", test_DatabaseSync);
5522 torture_rpc_tcase_add_test_creds(tcase, "GetDomainInfo", test_GetDomainInfo);
5523 torture_rpc_tcase_add_test_creds(tcase, "GetTrustPasswords", test_GetTrustPasswords);
5524 torture_rpc_tcase_add_test_creds(tcase, "GetPassword", test_GetPassword);
5525 torture_rpc_tcase_add_test_creds(tcase, "SetPassword2_AES", test_SetPassword2_AES);
5526 torture_rpc_tcase_add_test_creds(tcase, "SetPassword2", test_SetPassword2);
5527 torture_rpc_tcase_add_test_creds(tcase, "SetPassword", test_SetPassword);
5528 torture_rpc_tcase_add_test_creds(tcase, "ServerReqChallengeReuse", test_ServerReqChallengeReuse);
5529 torture_rpc_tcase_add_test_creds(tcase, "ServerReqChallengeReuseGlobal4", test_ServerReqChallengeReuseGlobal4);
5530 torture_rpc_tcase_add_test_creds(tcase, "ServerReqChallengeReuseGlobal3", test_ServerReqChallengeReuseGlobal3);
5531 torture_rpc_tcase_add_test_creds(tcase, "ServerReqChallengeReuseGlobal2", test_ServerReqChallengeReuseGlobal2);
5532 torture_rpc_tcase_add_test_creds(tcase, "ServerReqChallengeReuseGlobal", test_ServerReqChallengeReuseGlobal);
5533 torture_rpc_tcase_add_test_creds(tcase, "ServerReqChallengeGlobal", test_ServerReqChallengeGlobal);
5534 torture_rpc_tcase_add_test_creds(tcase, "invalidAuthenticate2", test_invalidAuthenticate2);
5535 torture_rpc_tcase_add_test_creds(tcase, "SamLogon", test_SamLogon);
5536 torture_rpc_tcase_add_test(tcase, "LogonUasLogoff", test_LogonUasLogoff);
5537 torture_rpc_tcase_add_test(tcase, "LogonUasLogon", test_LogonUasLogon);
5539 torture_rpc_tcase_add_test(tcase, "Broken RPC binding handle",
5540 test_netr_broken_binding_handle);
5545 struct torture_suite *torture_rpc_netlogon_s3(TALLOC_CTX *mem_ctx)
5547 struct torture_suite *suite = torture_suite_create(mem_ctx, "netlogon-s3");
5548 struct torture_rpc_tcase *tcase;
5550 tcase = torture_suite_add_machine_bdc_rpc_iface_tcase(suite, "netlogon",
5551 &ndr_table_netlogon, TEST_MACHINE_NAME);
5553 torture_rpc_tcase_add_test_creds(tcase, "SamLogon", test_SamLogon);
5554 torture_rpc_tcase_add_test_creds(tcase, "SamLogon_NULL_domain", test_SamLogon_NULL_domain);
5555 torture_rpc_tcase_add_test_creds(tcase, "SetPassword", test_SetPassword);
5556 torture_rpc_tcase_add_test_creds(tcase, "SetPassword_with_flags", test_SetPassword_with_flags);
5557 torture_rpc_tcase_add_test_creds(tcase, "SetPassword2", test_SetPassword2);
5558 torture_rpc_tcase_add_test_creds(tcase, "SetPassword2_AES", test_SetPassword2_AES);
5559 torture_rpc_tcase_add_test(tcase, "NetrEnumerateTrustedDomains", test_netr_NetrEnumerateTrustedDomains);
5564 struct torture_suite *torture_rpc_netlogon_zerologon(TALLOC_CTX *mem_ctx)
5566 struct torture_suite *suite = torture_suite_create(
5568 "netlogon.zerologon");
5569 struct torture_rpc_tcase *tcase;
5571 tcase = torture_suite_add_machine_bdc_rpc_iface_tcase(
5574 &ndr_table_netlogon,
5577 torture_rpc_tcase_add_test_creds(
5579 "ServerReqChallenge",
5580 test_ServerReqChallenge);
5581 torture_rpc_tcase_add_test_creds(
5583 "ServerReqChallenge_zero_challenge",
5584 test_ServerReqChallenge_zero_challenge);
5585 torture_rpc_tcase_add_test_creds(
5587 "ServerReqChallenge_5_repeats",
5588 test_ServerReqChallenge_5_repeats);
5589 torture_rpc_tcase_add_test_creds(
5591 "ServerReqChallenge_4_repeats",
5592 test_ServerReqChallenge_4_repeats);
5593 torture_rpc_tcase_add_test_creds(
5595 "test_SetPassword2_encrypted_to_all_zeros",
5596 test_SetPassword2_encrypted_to_all_zeros);
5597 torture_rpc_tcase_add_test_creds(
5599 "test_SetPassword2_password_encrypts_to_zero",
5600 test_SetPassword2_password_encrypts_to_zero);
5605 struct torture_suite *torture_rpc_netlogon_admin(TALLOC_CTX *mem_ctx)
5607 struct torture_suite *suite = torture_suite_create(mem_ctx, "netlogon.admin");
5608 struct torture_rpc_tcase *tcase;
5610 tcase = torture_suite_add_machine_bdc_rpc_iface_tcase(suite, "bdc",
5611 &ndr_table_netlogon, TEST_MACHINE_NAME);
5612 torture_rpc_tcase_add_test_creds(tcase, "LogonControl", test_LogonControl);
5613 torture_rpc_tcase_add_test_creds(tcase, "LogonControl2", test_LogonControl2);
5614 torture_rpc_tcase_add_test_creds(tcase, "LogonControl2Ex", test_LogonControl2Ex);
5616 tcase = torture_suite_add_machine_workstation_rpc_iface_tcase(suite, "wkst",
5617 &ndr_table_netlogon, TEST_MACHINE_NAME);
5618 torture_rpc_tcase_add_test_creds(tcase, "LogonControl", test_LogonControl);
5619 torture_rpc_tcase_add_test_creds(tcase, "LogonControl2", test_LogonControl2);
5620 torture_rpc_tcase_add_test_creds(tcase, "LogonControl2Ex", test_LogonControl2Ex);
5622 tcase = torture_suite_add_rpc_iface_tcase(suite, "admin",
5623 &ndr_table_netlogon);
5624 torture_rpc_tcase_add_test_creds(tcase, "LogonControl", test_LogonControl);
5625 torture_rpc_tcase_add_test_creds(tcase, "LogonControl2", test_LogonControl2);
5626 torture_rpc_tcase_add_test_creds(tcase, "LogonControl2Ex", test_LogonControl2Ex);