2 Unix SMB/CIFS implementation.
4 test suite for netlogon rpc operations
6 Copyright (C) Andrew Tridgell 2003
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
26 #define TEST_MACHINE_NAME "torturetest"
29 struct dcerpc_pipe *p;
30 const char *machine_password;
31 struct policy_handle acct_handle;
35 join the domain as a BDC
37 static BOOL join_domain_bdc(TALLOC_CTX *mem_ctx)
40 struct samr_Connect c;
41 struct samr_CreateUser2 r;
42 struct samr_OpenDomain o;
43 struct samr_LookupDomain l;
44 struct samr_SetUserInfo s;
45 union samr_UserInfo u;
46 struct policy_handle handle;
47 struct policy_handle domain_handle;
48 uint32 access_granted;
51 uint8 session_key[16];
52 struct samr_Name name;
54 printf("Connecting to SAMR\n");
56 status = torture_rpc_connection(&join.p,
60 if (!NT_STATUS_IS_OK(status)) {
64 c.in.system_name = NULL;
65 c.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
66 c.out.handle = &handle;
68 status = dcerpc_samr_Connect(join.p, mem_ctx, &c);
69 if (!NT_STATUS_IS_OK(status)) {
70 printf("samr_Connect failed - %s\n", nt_errstr(status));
74 printf("Opening domain %s\n", lp_workgroup());
76 name.name = lp_workgroup();
77 l.in.handle = &handle;
80 status = dcerpc_samr_LookupDomain(join.p, mem_ctx, &l);
81 if (!NT_STATUS_IS_OK(status)) {
82 printf("LookupDomain failed - %s\n", nt_errstr(status));
86 o.in.handle = &handle;
87 o.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
89 o.out.domain_handle = &domain_handle;
91 status = dcerpc_samr_OpenDomain(join.p, mem_ctx, &o);
92 if (!NT_STATUS_IS_OK(status)) {
93 printf("OpenDomain failed - %s\n", nt_errstr(status));
97 printf("Creating machine account %s\n", TEST_MACHINE_NAME);
100 name.name = talloc_asprintf(mem_ctx, "%s$", TEST_MACHINE_NAME);
101 r.in.handle = &domain_handle;
102 r.in.username = &name;
103 r.in.acct_flags = ACB_SVRTRUST;
104 r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
105 r.out.acct_handle = &join.acct_handle;
106 r.out.access_granted = &access_granted;
109 status = dcerpc_samr_CreateUser2(join.p, mem_ctx, &r);
111 if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS) &&
112 test_DeleteUser_byname(join.p, mem_ctx, &domain_handle, name.name)) {
116 if (!NT_STATUS_IS_OK(status)) {
117 printf("CreateUser2 failed - %s\n", nt_errstr(status));
121 join.machine_password = generate_random_str(8);
123 printf("Setting machine account password '%s'\n", join.machine_password);
125 s.in.handle = &join.acct_handle;
129 encode_pw_buffer(u.info24.password.data, join.machine_password, STR_UNICODE);
130 u.info24.pw_len = strlen(join.machine_password);
132 status = dcerpc_fetch_session_key(join.p, session_key);
133 if (!NT_STATUS_IS_OK(status)) {
134 printf("SetUserInfo level %u - no session key - %s\n",
135 s.in.level, nt_errstr(status));
139 SamOEMhash(u.info24.password.data, session_key, 516);
141 status = dcerpc_samr_SetUserInfo(join.p, mem_ctx, &s);
142 if (!NT_STATUS_IS_OK(status)) {
143 printf("SetUserInfo failed - %s\n", nt_errstr(status));
147 s.in.handle = &join.acct_handle;
151 u.info16.acct_flags = ACB_SVRTRUST;
153 printf("Resetting ACB flags\n");
155 status = dcerpc_samr_SetUserInfo(join.p, mem_ctx, &s);
156 if (!NT_STATUS_IS_OK(status)) {
157 printf("SetUserInfo failed - %s\n", nt_errstr(status));
165 leave the domain as a BDC
167 static BOOL leave_domain_bdc(TALLOC_CTX *mem_ctx)
169 struct samr_DeleteUser d;
172 d.in.handle = &join.acct_handle;
173 d.out.handle = &join.acct_handle;
175 status = dcerpc_samr_DeleteUser(join.p, mem_ctx, &d);
176 if (!NT_STATUS_IS_OK(status)) {
177 printf("Delete of machine account failed\n");
184 static BOOL test_LogonUasLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
187 struct netr_LogonUasLogon r;
189 r.in.server_name = NULL;
190 r.in.username = lp_parm_string(-1, "torture", "username");
191 r.in.workstation = TEST_MACHINE_NAME;
193 printf("Testing LogonUasLogon\n");
195 status = dcerpc_netr_LogonUasLogon(p, mem_ctx, &r);
196 if (!NT_STATUS_IS_OK(status)) {
197 printf("LogonUasLogon - %s\n", nt_errstr(status));
205 static BOOL test_LogonUasLogoff(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
208 struct netr_LogonUasLogoff r;
210 r.in.server_name = NULL;
211 r.in.username = lp_parm_string(-1, "torture", "username");
212 r.in.workstation = TEST_MACHINE_NAME;
214 printf("Testing LogonUasLogoff\n");
216 status = dcerpc_netr_LogonUasLogoff(p, mem_ctx, &r);
217 if (!NT_STATUS_IS_OK(status)) {
218 printf("LogonUasLogoff - %s\n", nt_errstr(status));
226 static BOOL test_SetupCredentials(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
227 struct netr_CredentialState *creds)
230 struct netr_ServerReqChallenge r;
231 struct netr_ServerAuthenticate a;
232 const char *plain_pass;
235 printf("Testing ServerReqChallenge\n");
237 r.in.server_name = NULL;
238 r.in.computer_name = TEST_MACHINE_NAME;
239 generate_random_buffer(r.in.credentials.data, sizeof(r.in.credentials.data), False);
241 status = dcerpc_netr_ServerReqChallenge(p, mem_ctx, &r);
242 if (!NT_STATUS_IS_OK(status)) {
243 printf("ServerReqChallenge - %s\n", nt_errstr(status));
247 plain_pass = join.machine_password;
249 printf("Unable to fetch machine password!\n");
253 E_md4hash(plain_pass, mach_pwd);
255 creds_client_init(creds, &r.in.credentials, &r.out.credentials, mach_pwd,
258 a.in.server_name = NULL;
259 a.in.username = talloc_asprintf(mem_ctx, "%s$", TEST_MACHINE_NAME);
260 a.in.secure_channel_type = SEC_CHAN_BDC;
261 a.in.computer_name = TEST_MACHINE_NAME;
263 printf("Testing ServerAuthenticate\n");
265 status = dcerpc_netr_ServerAuthenticate(p, mem_ctx, &a);
266 if (!NT_STATUS_IS_OK(status)) {
267 printf("ServerAuthenticate - %s\n", nt_errstr(status));
271 if (!creds_client_check(creds, &a.out.credentials)) {
272 printf("Credential chaining failed\n");
279 static BOOL test_SetupCredentials2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
280 struct netr_CredentialState *creds)
283 struct netr_ServerReqChallenge r;
284 struct netr_ServerAuthenticate2 a;
285 const char *plain_pass;
287 uint32 negotiate_flags = 0;
289 printf("Testing ServerReqChallenge\n");
291 r.in.server_name = NULL;
292 r.in.computer_name = TEST_MACHINE_NAME;
293 generate_random_buffer(r.in.credentials.data, sizeof(r.in.credentials.data), False);
295 status = dcerpc_netr_ServerReqChallenge(p, mem_ctx, &r);
296 if (!NT_STATUS_IS_OK(status)) {
297 printf("ServerReqChallenge - %s\n", nt_errstr(status));
301 plain_pass = join.machine_password;
303 printf("Unable to fetch machine password!\n");
307 E_md4hash(plain_pass, mach_pwd);
309 creds_client_init(creds, &r.in.credentials, &r.out.credentials, mach_pwd,
312 a.in.server_name = NULL;
313 a.in.username = talloc_asprintf(mem_ctx, "%s$", TEST_MACHINE_NAME);
314 a.in.secure_channel_type = SEC_CHAN_BDC;
315 a.in.computer_name = TEST_MACHINE_NAME;
316 a.in.negotiate_flags = &negotiate_flags;
317 a.out.negotiate_flags = &negotiate_flags;
319 printf("Testing ServerAuthenticate2\n");
321 status = dcerpc_netr_ServerAuthenticate2(p, mem_ctx, &a);
322 if (!NT_STATUS_IS_OK(status)) {
323 printf("ServerAuthenticate2 - %s\n", nt_errstr(status));
327 if (!creds_client_check(creds, &a.out.credentials)) {
328 printf("Credential chaining failed\n");
332 printf("negotiate_flags=0x%08x\n", negotiate_flags);
338 try a netlogon SamLogon
340 static BOOL test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
343 struct netr_LogonSamLogon r;
344 struct netr_Authenticator auth, auth2;
345 struct netr_NetworkInfo ninfo;
346 const char *username = lp_parm_string(-1, "torture", "username");
347 const char *password = lp_parm_string(-1, "torture", "password");
348 struct netr_CredentialState creds;
352 if (!test_SetupCredentials2(p, mem_ctx, &creds)) {
356 ninfo.logon_info.domain_name.string = lp_workgroup();
357 ninfo.logon_info.parameter_control = 0;
358 ninfo.logon_info.logon_id_low = 0;
359 ninfo.logon_info.logon_id_high = 0;
360 ninfo.logon_info.username.string = username;
361 ninfo.logon_info.workstation.string = TEST_MACHINE_NAME;
362 generate_random_buffer(ninfo.challenge,
363 sizeof(ninfo.challenge), False);
364 ninfo.nt.length = 24;
365 ninfo.nt.data = talloc(mem_ctx, 24);
366 SMBNTencrypt(password, ninfo.challenge, ninfo.nt.data);
367 ninfo.lm.length = 24;
368 ninfo.lm.data = talloc(mem_ctx, 24);
369 SMBencrypt(password, ninfo.challenge, ninfo.lm.data);
371 r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
372 r.in.workstation = TEST_MACHINE_NAME;
373 r.in.credential = &auth;
374 r.in.authenticator = &auth2;
375 r.in.logon_level = 2;
376 r.in.logon.network = &ninfo;
380 creds_client_authenticator(&creds, &auth);
382 r.in.validation_level = i;
384 printf("Testing SamLogon with validation level %d\n", i);
386 status = dcerpc_netr_LogonSamLogon(p, mem_ctx, &r);
387 if (!NT_STATUS_IS_OK(status)) {
388 printf("LogonSamLogon - %s\n", nt_errstr(status));
392 if (!creds_client_check(&creds, &r.out.authenticator->cred)) {
393 printf("Credential chaining failed\n");
402 try a change password for our machine account
404 static BOOL test_SetPassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
407 struct netr_ServerPasswordSet r;
408 const char *password;
409 struct netr_CredentialState creds;
411 if (!test_SetupCredentials(p, mem_ctx, &creds)) {
415 r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
416 r.in.username = talloc_asprintf(mem_ctx, "%s$", TEST_MACHINE_NAME);
417 r.in.secure_channel_type = SEC_CHAN_BDC;
418 r.in.computer_name = TEST_MACHINE_NAME;
420 password = generate_random_str(8);
421 E_md4hash(password, r.in.new_password.data);
423 creds_client_encrypt(&creds, &r.in.new_password);
425 printf("Testing ServerPasswordSet on machine account\n");
427 creds_client_authenticator(&creds, &r.in.credential);
429 status = dcerpc_netr_ServerPasswordSet(p, mem_ctx, &r);
430 if (!NT_STATUS_IS_OK(status)) {
431 printf("ServerPasswordSet - %s\n", nt_errstr(status));
435 join.machine_password = password;
437 if (!creds_client_check(&creds, &r.out.return_authenticator.cred)) {
438 printf("Credential chaining failed\n");
441 /* by changing the machine password twice we test the credentials
443 printf("Testing a second ServerPasswordSet on machine account\n");
445 creds_client_authenticator(&creds, &r.in.credential);
447 status = dcerpc_netr_ServerPasswordSet(p, mem_ctx, &r);
448 if (!NT_STATUS_IS_OK(status)) {
449 printf("ServerPasswordSet - %s\n", nt_errstr(status));
453 if (!creds_client_check(&creds, &r.out.return_authenticator.cred)) {
454 printf("Credential chaining failed\n");
461 /* we remember the sequence numbers so we can easily do a DatabaseDelta */
462 static struct ULONG8 sequence_nums[3];
465 try a netlogon DatabaseSync
467 static BOOL test_DatabaseSync(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
470 struct netr_DatabaseSync r;
471 struct netr_CredentialState creds;
472 const uint32 database_ids[] = {0, 1, 2};
476 if (!test_SetupCredentials(p, mem_ctx, &creds)) {
480 r.in.logon_server = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
481 r.in.computername = TEST_MACHINE_NAME;
482 r.in.preferredmaximumlength = (uint32)-1;
483 ZERO_STRUCT(r.in.return_authenticator);
485 for (i=0;i<ARRAY_SIZE(database_ids);i++) {
486 r.in.sync_context = 0;
487 r.in.database_id = database_ids[i];
489 printf("Testing DatabaseSync of id %d\n", r.in.database_id);
492 creds_client_authenticator(&creds, &r.in.credential);
494 status = dcerpc_netr_DatabaseSync(p, mem_ctx, &r);
495 if (!NT_STATUS_IS_OK(status) &&
496 !NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
497 printf("DatabaseSync - %s\n", nt_errstr(status));
502 if (!creds_client_check(&creds, &r.out.return_authenticator.cred)) {
503 printf("Credential chaining failed\n");
506 r.in.sync_context = r.out.sync_context;
508 if (r.out.delta_enum_array &&
509 r.out.delta_enum_array->num_deltas > 0 &&
510 r.out.delta_enum_array->delta_enum[0].delta_type == 1 &&
511 r.out.delta_enum_array->delta_enum[0].delta_union.domain) {
512 sequence_nums[r.in.database_id] =
513 r.out.delta_enum_array->delta_enum[0].delta_union.domain->sequence_num;
514 printf("\tsequence_nums[%d]=0x%08x%08x\n",
516 sequence_nums[r.in.database_id].high,
517 sequence_nums[r.in.database_id].low);
519 } while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES));
527 try a netlogon DatabaseDeltas
529 static BOOL test_DatabaseDeltas(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
532 struct netr_DatabaseDeltas r;
533 struct netr_CredentialState creds;
534 const uint32 database_ids[] = {0, 1, 2};
538 if (!test_SetupCredentials(p, mem_ctx, &creds)) {
542 r.in.logon_server = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
543 r.in.computername = TEST_MACHINE_NAME;
544 r.in.preferredmaximumlength = (uint32)-1;
545 ZERO_STRUCT(r.in.return_authenticator);
547 for (i=0;i<ARRAY_SIZE(database_ids);i++) {
548 r.in.database_id = database_ids[i];
549 r.in.sequence_num = sequence_nums[r.in.database_id];
551 if (r.in.sequence_num.low == 0) continue;
553 r.in.sequence_num.low -= 1;
556 printf("Testing DatabaseDeltas of id %d at %d\n",
557 r.in.database_id, r.in.sequence_num.low);
560 creds_client_authenticator(&creds, &r.in.credential);
562 status = dcerpc_netr_DatabaseDeltas(p, mem_ctx, &r);
563 if (!NT_STATUS_IS_OK(status) &&
564 !NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
565 printf("DatabaseDeltas - %s\n", nt_errstr(status));
570 if (!creds_client_check(&creds, &r.out.return_authenticator.cred)) {
571 printf("Credential chaining failed\n");
574 r.in.sequence_num.low++;
575 r.in.sequence_num.high = 0;
576 } while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES));
584 try a netlogon AccountDeltas
586 static BOOL test_AccountDeltas(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
589 struct netr_AccountDeltas r;
590 struct netr_CredentialState creds;
593 if (!test_SetupCredentials(p, mem_ctx, &creds)) {
597 r.in.logon_server = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
598 r.in.computername = TEST_MACHINE_NAME;
599 ZERO_STRUCT(r.in.return_authenticator);
600 creds_client_authenticator(&creds, &r.in.credential);
601 ZERO_STRUCT(r.in.uas);
606 printf("Testing AccountDeltas\n");
608 /* w2k3 returns "NOT IMPLEMENTED" for this call */
609 status = dcerpc_netr_AccountDeltas(p, mem_ctx, &r);
610 if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)) {
611 printf("AccountDeltas - %s\n", nt_errstr(status));
619 try a netlogon AccountSync
621 static BOOL test_AccountSync(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
624 struct netr_AccountSync r;
625 struct netr_CredentialState creds;
628 if (!test_SetupCredentials(p, mem_ctx, &creds)) {
632 r.in.logon_server = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
633 r.in.computername = TEST_MACHINE_NAME;
634 ZERO_STRUCT(r.in.return_authenticator);
635 creds_client_authenticator(&creds, &r.in.credential);
636 ZERO_STRUCT(r.in.recordid);
641 printf("Testing AccountSync\n");
643 /* w2k3 returns "NOT IMPLEMENTED" for this call */
644 status = dcerpc_netr_AccountSync(p, mem_ctx, &r);
645 if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)) {
646 printf("AccountSync - %s\n", nt_errstr(status));
654 try a netlogon GetDcName
656 static BOOL test_GetDcName(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
659 struct netr_GetDcName r;
661 r.in.logon_server = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
662 r.in.domainname = lp_workgroup();
664 printf("Testing GetDcName\n");
666 status = dcerpc_netr_GetDcName(p, mem_ctx, &r);
667 if (!NT_STATUS_IS_OK(status)) {
668 printf("GetDcName - %s\n", nt_errstr(status));
672 printf("\tDC is at '%s'\n", r.out.dcname);
678 try a netlogon LogonControl
680 static BOOL test_LogonControl(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
683 struct netr_LogonControl r;
687 r.in.logon_server = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
688 r.in.function_code = 1;
693 printf("Testing LogonControl level %d\n", i);
695 status = dcerpc_netr_LogonControl(p, mem_ctx, &r);
696 if (!NT_STATUS_IS_OK(status)) {
697 printf("LogonControl - %s\n", nt_errstr(status));
707 try a netlogon GetAnyDCName
709 static BOOL test_GetAnyDCName(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
712 struct netr_GetAnyDCName r;
714 r.in.logon_server = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
715 r.in.domainname = lp_workgroup();
717 printf("Testing GetAnyDCName\n");
719 status = dcerpc_netr_GetAnyDCName(p, mem_ctx, &r);
720 if (!NT_STATUS_IS_OK(status)) {
721 printf("GetAnyDCName - %s\n", nt_errstr(status));
726 printf("\tDC is at '%s'\n", r.out.dcname);
734 try a netlogon LogonControl2
736 static BOOL test_LogonControl2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
739 struct netr_LogonControl2 r;
743 r.in.logon_server = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
745 r.in.function_code = NETLOGON_CONTROL_REDISCOVER;
746 r.in.data.domain = lp_workgroup();
751 printf("Testing LogonControl2 level %d function %d\n",
752 i, r.in.function_code);
754 status = dcerpc_netr_LogonControl2(p, mem_ctx, &r);
755 if (!NT_STATUS_IS_OK(status)) {
756 printf("LogonControl - %s\n", nt_errstr(status));
761 r.in.function_code = NETLOGON_CONTROL_TC_QUERY;
762 r.in.data.domain = lp_workgroup();
767 printf("Testing LogonControl2 level %d function %d\n",
768 i, r.in.function_code);
770 status = dcerpc_netr_LogonControl2(p, mem_ctx, &r);
771 if (!NT_STATUS_IS_OK(status)) {
772 printf("LogonControl - %s\n", nt_errstr(status));
777 r.in.function_code = NETLOGON_CONTROL_TRANSPORT_NOTIFY;
778 r.in.data.domain = lp_workgroup();
783 printf("Testing LogonControl2 level %d function %d\n",
784 i, r.in.function_code);
786 status = dcerpc_netr_LogonControl2(p, mem_ctx, &r);
787 if (!NT_STATUS_IS_OK(status)) {
788 printf("LogonControl - %s\n", nt_errstr(status));
793 r.in.function_code = NETLOGON_CONTROL_SET_DBFLAG;
794 r.in.data.debug_level = ~0;
799 printf("Testing LogonControl2 level %d function %d\n",
800 i, r.in.function_code);
802 status = dcerpc_netr_LogonControl2(p, mem_ctx, &r);
803 if (!NT_STATUS_IS_OK(status)) {
804 printf("LogonControl - %s\n", nt_errstr(status));
813 try a netlogon DatabaseSync2
815 static BOOL test_DatabaseSync2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
818 struct netr_DatabaseSync2 r;
819 struct netr_CredentialState creds;
820 const uint32 database_ids[] = {0, 1, 2};
824 if (!test_SetupCredentials2(p, mem_ctx, &creds)) {
828 r.in.logon_server = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
829 r.in.computername = TEST_MACHINE_NAME;
830 r.in.preferredmaximumlength = (uint32)-1;
831 ZERO_STRUCT(r.in.return_authenticator);
833 for (i=0;i<ARRAY_SIZE(database_ids);i++) {
834 r.in.sync_context = 0;
835 r.in.database_id = database_ids[i];
836 r.in.restart_state = 0;
838 printf("Testing DatabaseSync2 of id %d\n", r.in.database_id);
841 creds_client_authenticator(&creds, &r.in.credential);
843 status = dcerpc_netr_DatabaseSync2(p, mem_ctx, &r);
844 if (!NT_STATUS_IS_OK(status) &&
845 !NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
846 printf("DatabaseSync2 - %s\n", nt_errstr(status));
851 if (!creds_client_check(&creds, &r.out.return_authenticator.cred)) {
852 printf("Credential chaining failed\n");
855 r.in.sync_context = r.out.sync_context;
856 } while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES));
864 try a netlogon LogonControl2Ex
866 static BOOL test_LogonControl2Ex(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
869 struct netr_LogonControl2Ex r;
873 r.in.logon_server = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
875 r.in.function_code = NETLOGON_CONTROL_REDISCOVER;
876 r.in.data.domain = lp_workgroup();
881 printf("Testing LogonControl2Ex level %d function %d\n",
882 i, r.in.function_code);
884 status = dcerpc_netr_LogonControl2Ex(p, mem_ctx, &r);
885 if (!NT_STATUS_IS_OK(status)) {
886 printf("LogonControl - %s\n", nt_errstr(status));
891 r.in.function_code = NETLOGON_CONTROL_TC_QUERY;
892 r.in.data.domain = lp_workgroup();
897 printf("Testing LogonControl2Ex level %d function %d\n",
898 i, r.in.function_code);
900 status = dcerpc_netr_LogonControl2Ex(p, mem_ctx, &r);
901 if (!NT_STATUS_IS_OK(status)) {
902 printf("LogonControl - %s\n", nt_errstr(status));
907 r.in.function_code = NETLOGON_CONTROL_TRANSPORT_NOTIFY;
908 r.in.data.domain = lp_workgroup();
913 printf("Testing LogonControl2Ex level %d function %d\n",
914 i, r.in.function_code);
916 status = dcerpc_netr_LogonControl2Ex(p, mem_ctx, &r);
917 if (!NT_STATUS_IS_OK(status)) {
918 printf("LogonControl - %s\n", nt_errstr(status));
923 r.in.function_code = NETLOGON_CONTROL_SET_DBFLAG;
924 r.in.data.debug_level = ~0;
929 printf("Testing LogonControl2Ex level %d function %d\n",
930 i, r.in.function_code);
932 status = dcerpc_netr_LogonControl2Ex(p, mem_ctx, &r);
933 if (!NT_STATUS_IS_OK(status)) {
934 printf("LogonControl - %s\n", nt_errstr(status));
944 BOOL torture_rpc_netlogon(int dummy)
947 struct dcerpc_pipe *p;
951 mem_ctx = talloc_init("torture_rpc_netlogon");
953 if (!join_domain_bdc(mem_ctx)) {
954 printf("Failed to join as BDC\n");
958 status = torture_rpc_connection(&p,
959 DCERPC_NETLOGON_NAME,
960 DCERPC_NETLOGON_UUID,
961 DCERPC_NETLOGON_VERSION);
962 if (!NT_STATUS_IS_OK(status)) {
966 if (!test_LogonUasLogon(p, mem_ctx)) {
970 if (!test_LogonUasLogoff(p, mem_ctx)) {
974 if (!test_SetPassword(p, mem_ctx)) {
978 if (!test_SamLogon(p, mem_ctx)) {
982 if (!test_DatabaseSync(p, mem_ctx)) {
986 if (!test_DatabaseDeltas(p, mem_ctx)) {
990 if (!test_AccountDeltas(p, mem_ctx)) {
994 if (!test_AccountSync(p, mem_ctx)) {
998 if (!test_GetDcName(p, mem_ctx)) {
1002 if (!test_LogonControl(p, mem_ctx)) {
1006 if (!test_GetAnyDCName(p, mem_ctx)) {
1010 if (!test_LogonControl2(p, mem_ctx)) {
1014 if (!test_DatabaseSync2(p, mem_ctx)) {
1018 if (!test_LogonControl2Ex(p, mem_ctx)) {
1022 torture_rpc_close(p);
1024 if (!leave_domain_bdc(mem_ctx)) {
1025 printf("Failed to delete BDC machine account\n");