2 Unix SMB/CIFS implementation.
4 test suite for netlogon rpc operations
6 Copyright (C) Andrew Tridgell 2003
7 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2003-2004
8 Copyright (C) Tim Potter 2003
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 2 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program; if not, write to the Free Software
22 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
26 #include "librpc/gen_ndr/ndr_netlogon.h"
27 #include "auth/auth.h"
29 static const char *machine_password;
31 #define TEST_MACHINE_NAME "torturetest"
33 static BOOL test_LogonUasLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
36 struct netr_LogonUasLogon r;
38 r.in.server_name = NULL;
39 r.in.account_name = lp_parm_string(-1, "torture", "username");
40 r.in.workstation = TEST_MACHINE_NAME;
42 printf("Testing LogonUasLogon\n");
44 status = dcerpc_netr_LogonUasLogon(p, mem_ctx, &r);
45 if (!NT_STATUS_IS_OK(status)) {
46 printf("LogonUasLogon - %s\n", nt_errstr(status));
54 static BOOL test_LogonUasLogoff(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
57 struct netr_LogonUasLogoff r;
59 r.in.server_name = NULL;
60 r.in.account_name = lp_parm_string(-1, "torture", "username");
61 r.in.workstation = TEST_MACHINE_NAME;
63 printf("Testing LogonUasLogoff\n");
65 status = dcerpc_netr_LogonUasLogoff(p, mem_ctx, &r);
66 if (!NT_STATUS_IS_OK(status)) {
67 printf("LogonUasLogoff - %s\n", nt_errstr(status));
75 BOOL test_SetupCredentials(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
76 const char *machine_name,
77 const char *plain_pass,
78 struct creds_CredentialState *creds)
81 struct netr_ServerReqChallenge r;
82 struct netr_ServerAuthenticate a;
83 struct netr_Credential credentials1, credentials2, credentials3;
84 struct samr_Password mach_password;
86 printf("Testing ServerReqChallenge\n");
88 r.in.server_name = NULL;
89 r.in.computer_name = machine_name;
90 r.in.credentials = &credentials1;
91 r.out.credentials = &credentials2;
93 generate_random_buffer(credentials1.data, sizeof(credentials1.data));
95 status = dcerpc_netr_ServerReqChallenge(p, mem_ctx, &r);
96 if (!NT_STATUS_IS_OK(status)) {
97 printf("ServerReqChallenge - %s\n", nt_errstr(status));
101 E_md4hash(plain_pass, mach_password.hash);
103 a.in.server_name = NULL;
104 a.in.account_name = talloc_asprintf(mem_ctx, "%s$", machine_name);
105 a.in.secure_channel_type = SEC_CHAN_BDC;
106 a.in.computer_name = machine_name;
107 a.in.credentials = &credentials3;
108 a.out.credentials = &credentials3;
110 creds_client_init(creds, &credentials1, &credentials2, &mach_password, &credentials3,
113 printf("Testing ServerAuthenticate\n");
115 status = dcerpc_netr_ServerAuthenticate(p, mem_ctx, &a);
116 if (!NT_STATUS_IS_OK(status)) {
117 printf("ServerAuthenticate - %s\n", nt_errstr(status));
121 if (!creds_client_check(creds, &credentials3)) {
122 printf("Credential chaining failed\n");
129 BOOL test_SetupCredentials2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
130 uint32_t negotiate_flags,
131 const char *machine_name,
132 const char *plain_pass,
133 struct creds_CredentialState *creds)
136 struct netr_ServerReqChallenge r;
137 struct netr_ServerAuthenticate2 a;
138 struct netr_Credential credentials1, credentials2, credentials3;
139 struct samr_Password mach_password;
141 printf("Testing ServerReqChallenge\n");
143 r.in.server_name = NULL;
144 r.in.computer_name = machine_name;
145 r.in.credentials = &credentials1;
146 r.out.credentials = &credentials2;
148 generate_random_buffer(credentials1.data, sizeof(credentials1.data));
150 status = dcerpc_netr_ServerReqChallenge(p, mem_ctx, &r);
151 if (!NT_STATUS_IS_OK(status)) {
152 printf("ServerReqChallenge - %s\n", nt_errstr(status));
156 E_md4hash(plain_pass, mach_password.hash);
158 a.in.server_name = NULL;
159 a.in.account_name = talloc_asprintf(mem_ctx, "%s$", machine_name);
160 a.in.secure_channel_type = SEC_CHAN_BDC;
161 a.in.computer_name = machine_name;
162 a.in.negotiate_flags = &negotiate_flags;
163 a.out.negotiate_flags = &negotiate_flags;
164 a.in.credentials = &credentials3;
165 a.out.credentials = &credentials3;
167 creds_client_init(creds, &credentials1, &credentials2, &mach_password, &credentials3,
170 printf("Testing ServerAuthenticate2\n");
172 status = dcerpc_netr_ServerAuthenticate2(p, mem_ctx, &a);
173 if (!NT_STATUS_IS_OK(status)) {
174 printf("ServerAuthenticate2 - %s\n", nt_errstr(status));
178 if (!creds_client_check(creds, &credentials3)) {
179 printf("Credential chaining failed\n");
183 printf("negotiate_flags=0x%08x\n", negotiate_flags);
189 BOOL test_SetupCredentials3(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
190 uint32_t negotiate_flags,
191 const char *machine_name,
192 const char *plain_pass,
193 struct creds_CredentialState *creds)
196 struct netr_ServerReqChallenge r;
197 struct netr_ServerAuthenticate3 a;
198 struct netr_Credential credentials1, credentials2, credentials3;
199 struct samr_Password mach_password;
202 printf("Testing ServerReqChallenge\n");
204 r.in.server_name = NULL;
205 r.in.computer_name = machine_name;
206 r.in.credentials = &credentials1;
207 r.out.credentials = &credentials2;
209 generate_random_buffer(credentials1.data, sizeof(credentials1.data));
211 status = dcerpc_netr_ServerReqChallenge(p, mem_ctx, &r);
212 if (!NT_STATUS_IS_OK(status)) {
213 printf("ServerReqChallenge - %s\n", nt_errstr(status));
217 E_md4hash(plain_pass, mach_password.hash);
219 a.in.server_name = NULL;
220 a.in.account_name = talloc_asprintf(mem_ctx, "%s$", machine_name);
221 a.in.secure_channel_type = SEC_CHAN_BDC;
222 a.in.computer_name = machine_name;
223 a.in.negotiate_flags = &negotiate_flags;
224 a.in.credentials = &credentials3;
225 a.out.credentials = &credentials3;
226 a.out.negotiate_flags = &negotiate_flags;
229 creds_client_init(creds, &credentials1, &credentials2, &mach_password, &credentials3,
232 printf("Testing ServerAuthenticate3\n");
234 status = dcerpc_netr_ServerAuthenticate3(p, mem_ctx, &a);
235 if (!NT_STATUS_IS_OK(status)) {
236 printf("ServerAuthenticate3 - %s\n", nt_errstr(status));
240 if (!creds_client_check(creds, &credentials3)) {
241 printf("Credential chaining failed\n");
245 printf("negotiate_flags=0x%08x\n", negotiate_flags);
251 try a change password for our machine account
253 static BOOL test_SetPassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
256 struct netr_ServerPasswordSet r;
257 const char *password;
258 struct creds_CredentialState creds;
260 if (!test_SetupCredentials(p, mem_ctx, TEST_MACHINE_NAME,
261 machine_password, &creds)) {
265 r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
266 r.in.account_name = talloc_asprintf(mem_ctx, "%s$", TEST_MACHINE_NAME);
267 r.in.secure_channel_type = SEC_CHAN_BDC;
268 r.in.computer_name = TEST_MACHINE_NAME;
270 password = generate_random_str(mem_ctx, 8);
271 E_md4hash(password, r.in.new_password.hash);
273 creds_des_encrypt(&creds, &r.in.new_password);
275 printf("Testing ServerPasswordSet on machine account\n");
276 printf("Changing machine account password to '%s'\n", password);
278 creds_client_authenticator(&creds, &r.in.credential);
280 status = dcerpc_netr_ServerPasswordSet(p, mem_ctx, &r);
281 if (!NT_STATUS_IS_OK(status)) {
282 printf("ServerPasswordSet - %s\n", nt_errstr(status));
286 if (!creds_client_check(&creds, &r.out.return_authenticator.cred)) {
287 printf("Credential chaining failed\n");
290 /* by changing the machine password twice we test the
291 credentials chaining fully, and we verify that the server
292 allows the password to be set to the same value twice in a
293 row (match win2k3) */
294 printf("Testing a second ServerPasswordSet on machine account\n");
295 printf("Changing machine account password to '%s' (same as previous run)\n", password);
297 creds_client_authenticator(&creds, &r.in.credential);
299 status = dcerpc_netr_ServerPasswordSet(p, mem_ctx, &r);
300 if (!NT_STATUS_IS_OK(status)) {
301 printf("ServerPasswordSet (2) - %s\n", nt_errstr(status));
305 if (!creds_client_check(&creds, &r.out.return_authenticator.cred)) {
306 printf("Credential chaining failed\n");
309 machine_password = password;
311 if (!test_SetupCredentials(p, mem_ctx, TEST_MACHINE_NAME, machine_password, &creds)) {
312 printf("ServerPasswordSet failed to actually change the password\n");
320 try a netlogon SamLogon
322 static BOOL test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
325 struct netr_LogonSamLogon r;
326 struct netr_Authenticator auth, auth2;
327 struct netr_NetworkInfo ninfo;
328 const char *username = lp_parm_string(-1, "torture", "username");
329 const char *password = lp_parm_string(-1, "torture", "password");
330 struct creds_CredentialState creds;
335 if (!test_SetupCredentials(p, mem_ctx, TEST_MACHINE_NAME,
336 machine_password, &creds)) {
340 ninfo.identity_info.domain_name.string = lp_workgroup();
341 ninfo.identity_info.parameter_control = 0;
342 ninfo.identity_info.logon_id_low = 0;
343 ninfo.identity_info.logon_id_high = 0;
344 ninfo.identity_info.account_name.string = username;
345 ninfo.identity_info.workstation.string = TEST_MACHINE_NAME;
346 generate_random_buffer(ninfo.challenge,
347 sizeof(ninfo.challenge));
348 ninfo.nt.length = 24;
349 ninfo.nt.data = talloc_size(mem_ctx, 24);
350 SMBNTencrypt(password, ninfo.challenge, ninfo.nt.data);
351 ninfo.lm.length = 24;
352 ninfo.lm.data = talloc_size(mem_ctx, 24);
353 SMBencrypt(password, ninfo.challenge, ninfo.lm.data);
355 r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
356 r.in.workstation = TEST_MACHINE_NAME;
357 r.in.credential = &auth;
358 r.in.return_authenticator = &auth2;
359 r.in.logon_level = 2;
360 r.in.logon.network = &ninfo;
364 creds_client_authenticator(&creds, &auth);
366 r.in.validation_level = i;
368 printf("Testing SamLogon with validation level %d\n", i);
370 status = dcerpc_netr_LogonSamLogon(p, mem_ctx, &r);
371 if (!NT_STATUS_IS_OK(status)) {
372 printf("LogonSamLogon - %s\n", nt_errstr(status));
376 if (!creds_client_check(&creds, &r.out.return_authenticator->cred)) {
377 printf("Credential chaining failed\n");
381 r.in.credential = NULL;
385 r.in.validation_level = i;
387 printf("Testing SamLogon with validation level %d\n", i);
389 status = dcerpc_netr_LogonSamLogon(p, mem_ctx, &r);
390 if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
391 printf("LogonSamLogon expected INVALID_PARAMETER, got: %s\n", nt_errstr(status));
402 /* we remember the sequence numbers so we can easily do a DatabaseDelta */
403 static uint64_t sequence_nums[3];
406 try a netlogon DatabaseSync
408 static BOOL test_DatabaseSync(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
411 struct netr_DatabaseSync r;
412 struct creds_CredentialState creds;
413 const uint32_t database_ids[] = {SAM_DATABASE_DOMAIN, SAM_DATABASE_BUILTIN, SAM_DATABASE_PRIVS};
417 if (!test_SetupCredentials(p, mem_ctx, TEST_MACHINE_NAME, machine_password, &creds)) {
421 r.in.logon_server = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
422 r.in.computername = TEST_MACHINE_NAME;
423 r.in.preferredmaximumlength = (uint32_t)-1;
424 ZERO_STRUCT(r.in.return_authenticator);
426 for (i=0;i<ARRAY_SIZE(database_ids);i++) {
427 r.in.sync_context = 0;
428 r.in.database_id = database_ids[i];
430 printf("Testing DatabaseSync of id %d\n", r.in.database_id);
433 creds_client_authenticator(&creds, &r.in.credential);
435 status = dcerpc_netr_DatabaseSync(p, mem_ctx, &r);
436 if (!NT_STATUS_IS_OK(status) &&
437 !NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
438 printf("DatabaseSync - %s\n", nt_errstr(status));
443 if (!creds_client_check(&creds, &r.out.return_authenticator.cred)) {
444 printf("Credential chaining failed\n");
447 r.in.sync_context = r.out.sync_context;
449 if (r.out.delta_enum_array &&
450 r.out.delta_enum_array->num_deltas > 0 &&
451 r.out.delta_enum_array->delta_enum[0].delta_type == NETR_DELTA_DOMAIN &&
452 r.out.delta_enum_array->delta_enum[0].delta_union.domain) {
453 sequence_nums[r.in.database_id] =
454 r.out.delta_enum_array->delta_enum[0].delta_union.domain->sequence_num;
455 printf("\tsequence_nums[%d]=%llu\n",
457 sequence_nums[r.in.database_id]);
459 } while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES));
467 try a netlogon DatabaseDeltas
469 static BOOL test_DatabaseDeltas(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
472 struct netr_DatabaseDeltas r;
473 struct creds_CredentialState creds;
474 const uint32_t database_ids[] = {0, 1, 2};
478 if (!test_SetupCredentials(p, mem_ctx, TEST_MACHINE_NAME, machine_password, &creds)) {
482 r.in.logon_server = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
483 r.in.computername = TEST_MACHINE_NAME;
484 r.in.preferredmaximumlength = (uint32_t)-1;
485 ZERO_STRUCT(r.in.return_authenticator);
487 for (i=0;i<ARRAY_SIZE(database_ids);i++) {
488 r.in.database_id = database_ids[i];
489 r.in.sequence_num = sequence_nums[r.in.database_id];
491 if (r.in.sequence_num == 0) continue;
493 r.in.sequence_num -= 1;
496 printf("Testing DatabaseDeltas of id %d at %llu\n",
497 r.in.database_id, r.in.sequence_num);
500 creds_client_authenticator(&creds, &r.in.credential);
502 status = dcerpc_netr_DatabaseDeltas(p, mem_ctx, &r);
503 if (!NT_STATUS_IS_OK(status) &&
504 !NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
505 printf("DatabaseDeltas - %s\n", nt_errstr(status));
510 if (!creds_client_check(&creds, &r.out.return_authenticator.cred)) {
511 printf("Credential chaining failed\n");
515 } while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES));
523 try a netlogon AccountDeltas
525 static BOOL test_AccountDeltas(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
528 struct netr_AccountDeltas r;
529 struct creds_CredentialState creds;
532 if (!test_SetupCredentials(p, mem_ctx, TEST_MACHINE_NAME, machine_password, &creds)) {
536 r.in.logon_server = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
537 r.in.computername = TEST_MACHINE_NAME;
538 ZERO_STRUCT(r.in.return_authenticator);
539 creds_client_authenticator(&creds, &r.in.credential);
540 ZERO_STRUCT(r.in.uas);
545 printf("Testing AccountDeltas\n");
547 /* w2k3 returns "NOT IMPLEMENTED" for this call */
548 status = dcerpc_netr_AccountDeltas(p, mem_ctx, &r);
549 if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)) {
550 printf("AccountDeltas - %s\n", nt_errstr(status));
558 try a netlogon AccountSync
560 static BOOL test_AccountSync(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
563 struct netr_AccountSync r;
564 struct creds_CredentialState creds;
567 if (!test_SetupCredentials(p, mem_ctx, TEST_MACHINE_NAME, machine_password, &creds)) {
571 r.in.logon_server = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
572 r.in.computername = TEST_MACHINE_NAME;
573 ZERO_STRUCT(r.in.return_authenticator);
574 creds_client_authenticator(&creds, &r.in.credential);
575 ZERO_STRUCT(r.in.recordid);
580 printf("Testing AccountSync\n");
582 /* w2k3 returns "NOT IMPLEMENTED" for this call */
583 status = dcerpc_netr_AccountSync(p, mem_ctx, &r);
584 if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)) {
585 printf("AccountSync - %s\n", nt_errstr(status));
593 try a netlogon GetDcName
595 static BOOL test_GetDcName(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
598 struct netr_GetDcName r;
600 r.in.logon_server = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
601 r.in.domainname = lp_workgroup();
603 printf("Testing GetDcName\n");
605 status = dcerpc_netr_GetDcName(p, mem_ctx, &r);
606 if (!NT_STATUS_IS_OK(status)) {
607 printf("GetDcName - %s\n", nt_errstr(status));
611 printf("\tDC is at '%s'\n", r.out.dcname);
617 try a netlogon LogonControl
619 static BOOL test_LogonControl(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
622 struct netr_LogonControl r;
626 r.in.logon_server = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
627 r.in.function_code = 1;
632 printf("Testing LogonControl level %d\n", i);
634 status = dcerpc_netr_LogonControl(p, mem_ctx, &r);
635 if (!NT_STATUS_IS_OK(status)) {
636 printf("LogonControl - %s\n", nt_errstr(status));
646 try a netlogon GetAnyDCName
648 static BOOL test_GetAnyDCName(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
651 struct netr_GetAnyDCName r;
653 r.in.logon_server = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
654 r.in.domainname = lp_workgroup();
656 printf("Testing GetAnyDCName\n");
658 status = dcerpc_netr_GetAnyDCName(p, mem_ctx, &r);
659 if (!NT_STATUS_IS_OK(status)) {
660 printf("GetAnyDCName - %s\n", nt_errstr(status));
665 printf("\tDC is at '%s'\n", r.out.dcname);
673 try a netlogon LogonControl2
675 static BOOL test_LogonControl2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
678 struct netr_LogonControl2 r;
682 r.in.logon_server = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
684 r.in.function_code = NETLOGON_CONTROL_REDISCOVER;
685 r.in.data.domain = lp_workgroup();
690 printf("Testing LogonControl2 level %d function %d\n",
691 i, r.in.function_code);
693 status = dcerpc_netr_LogonControl2(p, mem_ctx, &r);
694 if (!NT_STATUS_IS_OK(status)) {
695 printf("LogonControl - %s\n", nt_errstr(status));
700 r.in.function_code = NETLOGON_CONTROL_TC_QUERY;
701 r.in.data.domain = lp_workgroup();
706 printf("Testing LogonControl2 level %d function %d\n",
707 i, r.in.function_code);
709 status = dcerpc_netr_LogonControl2(p, mem_ctx, &r);
710 if (!NT_STATUS_IS_OK(status)) {
711 printf("LogonControl - %s\n", nt_errstr(status));
716 r.in.function_code = NETLOGON_CONTROL_TRANSPORT_NOTIFY;
717 r.in.data.domain = lp_workgroup();
722 printf("Testing LogonControl2 level %d function %d\n",
723 i, r.in.function_code);
725 status = dcerpc_netr_LogonControl2(p, mem_ctx, &r);
726 if (!NT_STATUS_IS_OK(status)) {
727 printf("LogonControl - %s\n", nt_errstr(status));
732 r.in.function_code = NETLOGON_CONTROL_SET_DBFLAG;
733 r.in.data.debug_level = ~0;
738 printf("Testing LogonControl2 level %d function %d\n",
739 i, r.in.function_code);
741 status = dcerpc_netr_LogonControl2(p, mem_ctx, &r);
742 if (!NT_STATUS_IS_OK(status)) {
743 printf("LogonControl - %s\n", nt_errstr(status));
752 try a netlogon DatabaseSync2
754 static BOOL test_DatabaseSync2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
757 struct netr_DatabaseSync2 r;
758 struct creds_CredentialState creds;
759 const uint32_t database_ids[] = {0, 1, 2};
763 if (!test_SetupCredentials2(p, mem_ctx, NETLOGON_NEG_AUTH2_FLAGS,
764 TEST_MACHINE_NAME, machine_password, &creds)) {
768 r.in.logon_server = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
769 r.in.computername = TEST_MACHINE_NAME;
770 r.in.preferredmaximumlength = (uint32_t)-1;
771 ZERO_STRUCT(r.in.return_authenticator);
773 for (i=0;i<ARRAY_SIZE(database_ids);i++) {
774 r.in.sync_context = 0;
775 r.in.database_id = database_ids[i];
776 r.in.restart_state = 0;
778 printf("Testing DatabaseSync2 of id %d\n", r.in.database_id);
781 creds_client_authenticator(&creds, &r.in.credential);
783 status = dcerpc_netr_DatabaseSync2(p, mem_ctx, &r);
784 if (!NT_STATUS_IS_OK(status) &&
785 !NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
786 printf("DatabaseSync2 - %s\n", nt_errstr(status));
791 if (!creds_client_check(&creds, &r.out.return_authenticator.cred)) {
792 printf("Credential chaining failed\n");
795 r.in.sync_context = r.out.sync_context;
796 } while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES));
804 try a netlogon LogonControl2Ex
806 static BOOL test_LogonControl2Ex(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
809 struct netr_LogonControl2Ex r;
813 r.in.logon_server = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
815 r.in.function_code = NETLOGON_CONTROL_REDISCOVER;
816 r.in.data.domain = lp_workgroup();
821 printf("Testing LogonControl2Ex level %d function %d\n",
822 i, r.in.function_code);
824 status = dcerpc_netr_LogonControl2Ex(p, mem_ctx, &r);
825 if (!NT_STATUS_IS_OK(status)) {
826 printf("LogonControl - %s\n", nt_errstr(status));
831 r.in.function_code = NETLOGON_CONTROL_TC_QUERY;
832 r.in.data.domain = lp_workgroup();
837 printf("Testing LogonControl2Ex level %d function %d\n",
838 i, r.in.function_code);
840 status = dcerpc_netr_LogonControl2Ex(p, mem_ctx, &r);
841 if (!NT_STATUS_IS_OK(status)) {
842 printf("LogonControl - %s\n", nt_errstr(status));
847 r.in.function_code = NETLOGON_CONTROL_TRANSPORT_NOTIFY;
848 r.in.data.domain = lp_workgroup();
853 printf("Testing LogonControl2Ex level %d function %d\n",
854 i, r.in.function_code);
856 status = dcerpc_netr_LogonControl2Ex(p, mem_ctx, &r);
857 if (!NT_STATUS_IS_OK(status)) {
858 printf("LogonControl - %s\n", nt_errstr(status));
863 r.in.function_code = NETLOGON_CONTROL_SET_DBFLAG;
864 r.in.data.debug_level = ~0;
869 printf("Testing LogonControl2Ex level %d function %d\n",
870 i, r.in.function_code);
872 status = dcerpc_netr_LogonControl2Ex(p, mem_ctx, &r);
873 if (!NT_STATUS_IS_OK(status)) {
874 printf("LogonControl - %s\n", nt_errstr(status));
884 try a netlogon netr_DsrEnumerateDomainTrusts
886 static BOOL test_DsrEnumerateDomainTrusts(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
889 struct netr_DsrEnumerateDomainTrusts r;
891 r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
892 r.in.trust_flags = 0x3f;
894 printf("Testing netr_DsrEnumerateDomainTrusts\n");
896 status = dcerpc_netr_DsrEnumerateDomainTrusts(p, mem_ctx, &r);
897 if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(r.out.result)) {
898 printf("netr_DsrEnumerateDomainTrusts - %s/%s\n",
899 nt_errstr(status), win_errstr(r.out.result));
907 try a netlogon netr_DrsGetDCNameEx2
909 static BOOL test_netr_DrsGetDCNameEx2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
912 struct netr_DrsGetDCNameEx2 r;
915 r.in.server_unc = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
916 r.in.client_account = NULL;
917 r.in.mask = 0x00000000;
918 r.in.domain_name = talloc_asprintf(mem_ctx, "%s", lp_realm());
919 r.in.domain_guid = NULL;
920 r.in.site_name = NULL;
921 r.in.flags = 0x40000000;
923 printf("Testing netr_DrsGetDCNameEx2 without client account\n");
925 status = dcerpc_netr_DrsGetDCNameEx2(p, mem_ctx, &r);
926 if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(r.out.result)) {
927 printf("netr_DrsGetDCNameEx2 - %s/%s\n",
928 nt_errstr(status), win_errstr(r.out.result));
932 printf("Testing netr_DrsGetDCNameEx2 with client acount\n");
933 r.in.client_account = TEST_MACHINE_NAME"$";
934 r.in.mask = 0x00002000;
935 r.in.flags = 0x80000000;
937 status = dcerpc_netr_DrsGetDCNameEx2(p, mem_ctx, &r);
938 if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(r.out.result)) {
939 printf("netr_DrsGetDCNameEx2 - %s/%s\n",
940 nt_errstr(status), win_errstr(r.out.result));
947 static BOOL test_GetDomainInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
950 struct netr_LogonGetDomainInfo r;
951 struct netr_DomainQuery1 q1;
952 struct netr_Authenticator a;
953 struct creds_CredentialState creds;
955 if (!test_SetupCredentials3(p, mem_ctx, NETLOGON_NEG_AUTH2_ADS_FLAGS,
956 TEST_MACHINE_NAME, machine_password, &creds)) {
962 creds_client_authenticator(&creds, &a);
964 r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
965 r.in.computer_name = TEST_MACHINE_NAME;
968 r.in.credential = &a;
969 r.out.credential = &a;
974 r.in.query.query1 = &q1;
977 /* this should really be the fully qualified name */
978 q1.workstation_domain = TEST_MACHINE_NAME;
979 q1.workstation_site = "Default-First-Site-Name";
982 q1.blob2.data = NULL;
983 q1.product.string = "product string";
985 printf("Testing netr_LogonGetDomainInfo\n");
987 status = dcerpc_netr_LogonGetDomainInfo(p, mem_ctx, &r);
988 if (!NT_STATUS_IS_OK(status)) {
989 printf("netr_LogonGetDomainInfo - %s\n", nt_errstr(status));
993 if (!creds_client_check(&creds, &a.cred)) {
994 printf("Credential chaining failed\n");
1002 static void async_callback(struct rpc_request *req)
1004 int *counter = req->async.private;
1005 if (NT_STATUS_IS_OK(req->status)) {
1010 static BOOL test_GetDomainInfo_async(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
1013 struct netr_LogonGetDomainInfo r;
1014 struct netr_DomainQuery1 q1;
1015 struct netr_Authenticator a;
1016 #define ASYNC_COUNT 100
1017 struct creds_CredentialState creds;
1018 struct creds_CredentialState creds_async[ASYNC_COUNT];
1019 struct rpc_request *req[ASYNC_COUNT];
1021 int *async_counter = talloc_p(mem_ctx, int);
1023 if (!lp_parm_bool(-1, "torture", "dangerous", False)) {
1024 printf("test_GetDomainInfo_async disabled - enable dangerous tests to use\n");
1028 if (!test_SetupCredentials3(p, mem_ctx, NETLOGON_NEG_AUTH2_ADS_FLAGS,
1029 TEST_MACHINE_NAME, machine_password, &creds)) {
1034 r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
1035 r.in.computer_name = TEST_MACHINE_NAME;
1036 r.in.unknown1 = 512;
1038 r.in.credential = &a;
1039 r.out.credential = &a;
1044 r.in.query.query1 = &q1;
1047 /* this should really be the fully qualified name */
1048 q1.workstation_domain = TEST_MACHINE_NAME;
1049 q1.workstation_site = "Default-First-Site-Name";
1050 q1.blob2.length = 0;
1052 q1.blob2.data = NULL;
1053 q1.product.string = "product string";
1055 printf("Testing netr_LogonGetDomainInfo - async count %d\n", ASYNC_COUNT);
1059 for (i=0;i<ASYNC_COUNT;i++) {
1060 creds_client_authenticator(&creds, &a);
1062 creds_async[i] = creds;
1063 req[i] = dcerpc_netr_LogonGetDomainInfo_send(p, mem_ctx, &r);
1065 req[i]->async.callback = async_callback;
1066 req[i]->async.private = async_counter;
1068 /* even with this flush per request a w2k3 server seems to
1069 clag with multiple outstanding requests. bleergh. */
1070 if (event_loop_once(dcerpc_event_context(p)) != 0) {
1075 for (i=0;i<ASYNC_COUNT;i++) {
1076 status = dcerpc_ndr_request_recv(req[i]);
1077 if (!NT_STATUS_IS_OK(status) || !NT_STATUS_IS_OK(r.out.result)) {
1078 printf("netr_LogonGetDomainInfo_async(%d) - %s/%s\n",
1079 i, nt_errstr(status), nt_errstr(r.out.result));
1083 if (!creds_client_check(&creds_async[i], &a.cred)) {
1084 printf("Credential chaining failed at async %d\n", i);
1089 printf("Testing netr_LogonGetDomainInfo - async count %d OK\n", *async_counter);
1091 return (*async_counter) == ASYNC_COUNT;
1094 static BOOL test_ManyGetDCName(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
1097 struct dcerpc_pipe *p2;
1098 struct lsa_ObjectAttribute attr;
1099 struct lsa_QosInfo qos;
1100 struct lsa_OpenPolicy2 o;
1101 struct policy_handle lsa_handle;
1102 struct lsa_DomainList domains;
1104 struct lsa_EnumTrustDom t;
1105 uint32_t resume_handle = 0;
1106 struct netr_GetAnyDCName d;
1111 if (p->transport.transport != NCACN_NP) {
1115 printf("Torturing GetDCName\n");
1117 status = dcerpc_secondary_connection(p, &p2,
1120 DCERPC_LSARPC_VERSION);
1121 if (!NT_STATUS_IS_OK(status)) {
1122 printf("Failed to create secondary connection\n");
1127 qos.impersonation_level = 2;
1128 qos.context_mode = 1;
1129 qos.effective_only = 0;
1132 attr.root_dir = NULL;
1133 attr.object_name = NULL;
1134 attr.attributes = 0;
1135 attr.sec_desc = NULL;
1136 attr.sec_qos = &qos;
1138 o.in.system_name = "\\";
1140 o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
1141 o.out.handle = &lsa_handle;
1143 status = dcerpc_lsa_OpenPolicy2(p2, mem_ctx, &o);
1144 if (!NT_STATUS_IS_OK(status)) {
1145 printf("OpenPolicy2 failed - %s\n", nt_errstr(status));
1149 t.in.handle = &lsa_handle;
1150 t.in.resume_handle = &resume_handle;
1151 t.in.num_entries = 1000;
1152 t.out.domains = &domains;
1153 t.out.resume_handle = &resume_handle;
1155 status = dcerpc_lsa_EnumTrustDom(p2, mem_ctx, &t);
1157 if ((!NT_STATUS_IS_OK(status) &&
1158 (!NT_STATUS_EQUAL(status, NT_STATUS_NO_MORE_ENTRIES)))) {
1159 printf("Could not list domains\n");
1163 dcerpc_pipe_close(p2);
1165 d.in.logon_server = talloc_asprintf(mem_ctx, "\\\\%s",
1166 dcerpc_server_name(p));
1168 for (i=0; i<domains.count * 4; i++) {
1169 struct lsa_DomainInformation *info =
1170 &domains.domains[rand()%domains.count];
1172 d.in.domainname = info->name.string;
1174 status = dcerpc_netr_GetAnyDCName(p, mem_ctx, &d);
1175 if (!NT_STATUS_IS_OK(status)) {
1176 printf("GetAnyDCName - %s\n", nt_errstr(status));
1180 printf("\tDC for domain %s is %s\n", info->name.string,
1181 d.out.dcname ? d.out.dcname : "unknown");
1188 BOOL torture_rpc_netlogon(void)
1191 struct dcerpc_pipe *p;
1192 TALLOC_CTX *mem_ctx;
1194 struct test_join *join_ctx;
1196 mem_ctx = talloc_init("torture_rpc_netlogon");
1198 join_ctx = torture_join_domain(TEST_MACHINE_NAME, lp_workgroup(), ACB_SVRTRUST,
1201 printf("Failed to join as BDC\n");
1205 status = torture_rpc_connection(&p,
1206 DCERPC_NETLOGON_NAME,
1207 DCERPC_NETLOGON_UUID,
1208 DCERPC_NETLOGON_VERSION);
1209 if (!NT_STATUS_IS_OK(status)) {
1213 ret &= test_LogonUasLogon(p, mem_ctx);
1214 ret &= test_LogonUasLogoff(p, mem_ctx);
1215 ret &= test_SamLogon(p, mem_ctx);
1216 ret &= test_SetPassword(p, mem_ctx);
1217 ret &= test_GetDomainInfo(p, mem_ctx);
1218 ret &= test_DatabaseSync(p, mem_ctx);
1219 ret &= test_DatabaseDeltas(p, mem_ctx);
1220 ret &= test_AccountDeltas(p, mem_ctx);
1221 ret &= test_AccountSync(p, mem_ctx);
1222 ret &= test_GetDcName(p, mem_ctx);
1223 ret &= test_ManyGetDCName(p, mem_ctx);
1224 ret &= test_LogonControl(p, mem_ctx);
1225 ret &= test_GetAnyDCName(p, mem_ctx);
1226 ret &= test_LogonControl2(p, mem_ctx);
1227 ret &= test_DatabaseSync2(p, mem_ctx);
1228 ret &= test_LogonControl2Ex(p, mem_ctx);
1229 ret &= test_DsrEnumerateDomainTrusts(p, mem_ctx);
1230 ret &= test_GetDomainInfo_async(p, mem_ctx);
1231 ret &= test_netr_DrsGetDCNameEx2(p, mem_ctx);
1233 talloc_destroy(mem_ctx);
1235 torture_rpc_close(p);
1237 torture_leave_domain(join_ctx);
git.samba.org / samba.git / blob