2 Unix SMB/CIFS implementation.
4 test suite for netlogon rpc operations
6 Copyright (C) Andrew Tridgell 2003
7 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2003-2004
8 Copyright (C) Tim Potter 2003
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 2 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program; if not, write to the Free Software
22 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
26 #include "lib/events/events.h"
27 #include "auth/auth.h"
28 #include "lib/cmdline/popt_common.h"
30 static const char *machine_password;
32 #define TEST_MACHINE_NAME "torturetest"
34 static BOOL test_LogonUasLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
37 struct netr_LogonUasLogon r;
39 r.in.server_name = NULL;
40 r.in.account_name = cli_credentials_get_username(cmdline_credentials);
41 r.in.workstation = TEST_MACHINE_NAME;
43 printf("Testing LogonUasLogon\n");
45 status = dcerpc_netr_LogonUasLogon(p, mem_ctx, &r);
46 if (!NT_STATUS_IS_OK(status)) {
47 printf("LogonUasLogon - %s\n", nt_errstr(status));
55 static BOOL test_LogonUasLogoff(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
58 struct netr_LogonUasLogoff r;
60 r.in.server_name = NULL;
61 r.in.account_name = cli_credentials_get_username(cmdline_credentials);
62 r.in.workstation = TEST_MACHINE_NAME;
64 printf("Testing LogonUasLogoff\n");
66 status = dcerpc_netr_LogonUasLogoff(p, mem_ctx, &r);
67 if (!NT_STATUS_IS_OK(status)) {
68 printf("LogonUasLogoff - %s\n", nt_errstr(status));
76 static BOOL test_SetupCredentials(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
77 const char *machine_name,
78 const char *plain_pass,
79 struct creds_CredentialState **creds_out)
82 struct netr_ServerReqChallenge r;
83 struct netr_ServerAuthenticate a;
84 struct netr_Credential credentials1, credentials2, credentials3;
85 struct creds_CredentialState *creds;
86 struct samr_Password mach_password;
88 printf("Testing ServerReqChallenge\n");
90 creds = talloc(mem_ctx, struct creds_CredentialState);
95 r.in.server_name = NULL;
96 r.in.computer_name = machine_name;
97 r.in.credentials = &credentials1;
98 r.out.credentials = &credentials2;
100 generate_random_buffer(credentials1.data, sizeof(credentials1.data));
102 status = dcerpc_netr_ServerReqChallenge(p, mem_ctx, &r);
103 if (!NT_STATUS_IS_OK(status)) {
104 printf("ServerReqChallenge - %s\n", nt_errstr(status));
108 E_md4hash(plain_pass, mach_password.hash);
110 a.in.server_name = NULL;
111 a.in.account_name = talloc_asprintf(mem_ctx, "%s$", machine_name);
112 a.in.secure_channel_type = SEC_CHAN_BDC;
113 a.in.computer_name = machine_name;
114 a.in.credentials = &credentials3;
115 a.out.credentials = &credentials3;
117 creds_client_init(creds, &credentials1, &credentials2,
118 &mach_password, &credentials3,
121 printf("Testing ServerAuthenticate\n");
123 status = dcerpc_netr_ServerAuthenticate(p, mem_ctx, &a);
124 if (!NT_STATUS_IS_OK(status)) {
125 printf("ServerAuthenticate - %s\n", nt_errstr(status));
129 if (!creds_client_check(creds, &credentials3)) {
130 printf("Credential chaining failed\n");
138 static BOOL test_SetupCredentials2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
139 uint32_t negotiate_flags,
140 const char *machine_name,
141 const char *plain_pass,
143 struct creds_CredentialState **creds_out)
146 struct netr_ServerReqChallenge r;
147 struct netr_ServerAuthenticate2 a;
148 struct netr_Credential credentials1, credentials2, credentials3;
149 struct creds_CredentialState *creds;
150 struct samr_Password mach_password;
152 printf("Testing ServerReqChallenge\n");
154 creds = talloc(mem_ctx, struct creds_CredentialState);
159 r.in.server_name = NULL;
160 r.in.computer_name = machine_name;
161 r.in.credentials = &credentials1;
162 r.out.credentials = &credentials2;
164 generate_random_buffer(credentials1.data, sizeof(credentials1.data));
166 status = dcerpc_netr_ServerReqChallenge(p, mem_ctx, &r);
167 if (!NT_STATUS_IS_OK(status)) {
168 printf("ServerReqChallenge - %s\n", nt_errstr(status));
172 E_md4hash(plain_pass, mach_password.hash);
174 a.in.server_name = NULL;
175 a.in.account_name = talloc_asprintf(mem_ctx, "%s$", machine_name);
176 a.in.secure_channel_type = sec_chan_type;
177 a.in.computer_name = machine_name;
178 a.in.negotiate_flags = &negotiate_flags;
179 a.out.negotiate_flags = &negotiate_flags;
180 a.in.credentials = &credentials3;
181 a.out.credentials = &credentials3;
183 creds_client_init(creds, &credentials1, &credentials2,
184 &mach_password, &credentials3,
187 printf("Testing ServerAuthenticate2\n");
189 status = dcerpc_netr_ServerAuthenticate2(p, mem_ctx, &a);
190 if (!NT_STATUS_IS_OK(status)) {
191 printf("ServerAuthenticate2 - %s\n", nt_errstr(status));
195 if (!creds_client_check(creds, &credentials3)) {
196 printf("Credential chaining failed\n");
200 printf("negotiate_flags=0x%08x\n", negotiate_flags);
207 static BOOL test_SetupCredentials3(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
208 uint32_t negotiate_flags,
209 const char *machine_name,
210 const char *plain_pass,
211 struct creds_CredentialState **creds_out)
214 struct netr_ServerReqChallenge r;
215 struct netr_ServerAuthenticate3 a;
216 struct netr_Credential credentials1, credentials2, credentials3;
217 struct creds_CredentialState *creds;
218 struct samr_Password mach_password;
221 printf("Testing ServerReqChallenge\n");
223 creds = talloc(mem_ctx, struct creds_CredentialState);
228 r.in.server_name = NULL;
229 r.in.computer_name = machine_name;
230 r.in.credentials = &credentials1;
231 r.out.credentials = &credentials2;
233 generate_random_buffer(credentials1.data, sizeof(credentials1.data));
235 status = dcerpc_netr_ServerReqChallenge(p, mem_ctx, &r);
236 if (!NT_STATUS_IS_OK(status)) {
237 printf("ServerReqChallenge - %s\n", nt_errstr(status));
241 E_md4hash(plain_pass, mach_password.hash);
243 a.in.server_name = NULL;
244 a.in.account_name = talloc_asprintf(mem_ctx, "%s$", machine_name);
245 a.in.secure_channel_type = SEC_CHAN_BDC;
246 a.in.computer_name = machine_name;
247 a.in.negotiate_flags = &negotiate_flags;
248 a.in.credentials = &credentials3;
249 a.out.credentials = &credentials3;
250 a.out.negotiate_flags = &negotiate_flags;
253 creds_client_init(creds, &credentials1, &credentials2,
254 &mach_password, &credentials3,
257 printf("Testing ServerAuthenticate3\n");
259 status = dcerpc_netr_ServerAuthenticate3(p, mem_ctx, &a);
260 if (!NT_STATUS_IS_OK(status)) {
261 printf("ServerAuthenticate3 - %s\n", nt_errstr(status));
265 if (!creds_client_check(creds, &credentials3)) {
266 printf("Credential chaining failed\n");
270 printf("negotiate_flags=0x%08x\n", negotiate_flags);
277 try a change password for our machine account
279 static BOOL test_SetPassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
282 struct netr_ServerPasswordSet r;
283 const char *password;
284 struct creds_CredentialState *creds;
286 if (!test_SetupCredentials(p, mem_ctx, TEST_MACHINE_NAME,
287 machine_password, &creds)) {
291 r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
292 r.in.account_name = talloc_asprintf(mem_ctx, "%s$", TEST_MACHINE_NAME);
293 r.in.secure_channel_type = SEC_CHAN_BDC;
294 r.in.computer_name = TEST_MACHINE_NAME;
296 password = generate_random_str(mem_ctx, 8);
297 E_md4hash(password, r.in.new_password.hash);
299 creds_des_encrypt(creds, &r.in.new_password);
301 printf("Testing ServerPasswordSet on machine account\n");
302 printf("Changing machine account password to '%s'\n", password);
304 creds_client_authenticator(creds, &r.in.credential);
306 status = dcerpc_netr_ServerPasswordSet(p, mem_ctx, &r);
307 if (!NT_STATUS_IS_OK(status)) {
308 printf("ServerPasswordSet - %s\n", nt_errstr(status));
312 if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
313 printf("Credential chaining failed\n");
316 /* by changing the machine password twice we test the
317 credentials chaining fully, and we verify that the server
318 allows the password to be set to the same value twice in a
319 row (match win2k3) */
320 printf("Testing a second ServerPasswordSet on machine account\n");
321 printf("Changing machine account password to '%s' (same as previous run)\n", password);
323 creds_client_authenticator(creds, &r.in.credential);
325 status = dcerpc_netr_ServerPasswordSet(p, mem_ctx, &r);
326 if (!NT_STATUS_IS_OK(status)) {
327 printf("ServerPasswordSet (2) - %s\n", nt_errstr(status));
331 if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
332 printf("Credential chaining failed\n");
335 machine_password = password;
337 if (!test_SetupCredentials(p, mem_ctx, TEST_MACHINE_NAME, machine_password, &creds)) {
338 printf("ServerPasswordSet failed to actually change the password\n");
346 try a change password for our machine account
348 static BOOL test_SetPassword2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
351 struct netr_ServerPasswordSet2 r;
352 const char *password;
353 struct creds_CredentialState *creds;
354 struct samr_CryptPassword password_buf;
356 if (!test_SetupCredentials(p, mem_ctx, TEST_MACHINE_NAME,
357 machine_password, &creds)) {
361 r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
362 r.in.account_name = talloc_asprintf(mem_ctx, "%s$", TEST_MACHINE_NAME);
363 r.in.secure_channel_type = SEC_CHAN_BDC;
364 r.in.computer_name = TEST_MACHINE_NAME;
366 password = generate_random_str(mem_ctx, 8);
367 encode_pw_buffer(password_buf.data, password, STR_UNICODE);
368 creds_arcfour_crypt(creds, password_buf.data, 516);
370 memcpy(r.in.new_password.data, password_buf.data, 512);
371 r.in.new_password.length = IVAL(password_buf.data, 512);
373 printf("Testing ServerPasswordSet2 on machine account\n");
374 printf("Changing machine account password to '%s'\n", password);
376 creds_client_authenticator(creds, &r.in.credential);
378 status = dcerpc_netr_ServerPasswordSet2(p, mem_ctx, &r);
379 if (!NT_STATUS_IS_OK(status)) {
380 printf("ServerPasswordSet2 - %s\n", nt_errstr(status));
384 if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
385 printf("Credential chaining failed\n");
388 machine_password = password;
390 if (!lp_parm_bool(-1, "torture", "dangerous", False)) {
391 printf("Not testing ability to set password to '', enable dangerous tests to perform this test\n");
393 /* by changing the machine password to ""
394 * we check if the server uses password restrictions
395 * for ServerPasswordSet2
396 * (win2k3 accepts "")
399 encode_pw_buffer(password_buf.data, password, STR_UNICODE);
400 creds_arcfour_crypt(creds, password_buf.data, 516);
402 memcpy(r.in.new_password.data, password_buf.data, 512);
403 r.in.new_password.length = IVAL(password_buf.data, 512);
405 printf("Testing ServerPasswordSet2 on machine account\n");
406 printf("Changing machine account password to '%s'\n", password);
408 creds_client_authenticator(creds, &r.in.credential);
410 status = dcerpc_netr_ServerPasswordSet2(p, mem_ctx, &r);
411 if (!NT_STATUS_IS_OK(status)) {
412 printf("ServerPasswordSet2 - %s\n", nt_errstr(status));
416 if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
417 printf("Credential chaining failed\n");
420 machine_password = password;
423 if (!test_SetupCredentials(p, mem_ctx, TEST_MACHINE_NAME, machine_password, &creds)) {
424 printf("ServerPasswordSet failed to actually change the password\n");
428 /* now try a random password */
429 password = generate_random_str(mem_ctx, 8);
430 encode_pw_buffer(password_buf.data, password, STR_UNICODE);
431 creds_arcfour_crypt(creds, password_buf.data, 516);
433 memcpy(r.in.new_password.data, password_buf.data, 512);
434 r.in.new_password.length = IVAL(password_buf.data, 512);
436 printf("Testing second ServerPasswordSet2 on machine account\n");
437 printf("Changing machine account password to '%s'\n", password);
439 creds_client_authenticator(creds, &r.in.credential);
441 status = dcerpc_netr_ServerPasswordSet2(p, mem_ctx, &r);
442 if (!NT_STATUS_IS_OK(status)) {
443 printf("ServerPasswordSet2 (2) - %s\n", nt_errstr(status));
447 if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
448 printf("Credential chaining failed\n");
451 /* by changing the machine password twice we test the
452 credentials chaining fully, and we verify that the server
453 allows the password to be set to the same value twice in a
454 row (match win2k3) */
455 printf("Testing a second ServerPasswordSet2 on machine account\n");
456 printf("Changing machine account password to '%s' (same as previous run)\n", password);
458 creds_client_authenticator(creds, &r.in.credential);
460 status = dcerpc_netr_ServerPasswordSet2(p, mem_ctx, &r);
461 if (!NT_STATUS_IS_OK(status)) {
462 printf("ServerPasswordSet (3) - %s\n", nt_errstr(status));
466 if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
467 printf("Credential chaining failed\n");
470 machine_password = password;
472 if (!test_SetupCredentials(p, mem_ctx, TEST_MACHINE_NAME, machine_password, &creds)) {
473 printf("ServerPasswordSet failed to actually change the password\n");
481 try a netlogon SamLogon
483 BOOL test_netlogon_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
484 struct cli_credentials *credentials,
485 struct creds_CredentialState *creds)
488 struct netr_LogonSamLogon r;
489 struct netr_Authenticator auth, auth2;
490 struct netr_NetworkInfo ninfo;
491 DATA_BLOB names_blob, chal, lm_resp, nt_resp;
494 int flags = CLI_CRED_NTLM_AUTH;
495 if (lp_client_lanman_auth()) {
496 flags |= CLI_CRED_LANMAN_AUTH;
499 if (lp_client_ntlmv2_auth()) {
500 flags |= CLI_CRED_NTLMv2_AUTH;
503 cli_credentials_get_ntlm_username_domain(cmdline_credentials, mem_ctx,
504 &ninfo.identity_info.account_name.string,
505 &ninfo.identity_info.domain_name.string);
507 generate_random_buffer(ninfo.challenge,
508 sizeof(ninfo.challenge));
509 chal = data_blob_const(ninfo.challenge,
510 sizeof(ninfo.challenge));
512 names_blob = NTLMv2_generate_names_blob(mem_ctx, cli_credentials_get_workstation(credentials),
513 cli_credentials_get_domain(credentials));
515 status = cli_credentials_get_ntlm_response(cmdline_credentials, mem_ctx,
521 if (!NT_STATUS_IS_OK(status)) {
522 printf("cli_credentials_get_ntlm_response failed: %s\n",
527 ninfo.lm.data = lm_resp.data;
528 ninfo.lm.length = lm_resp.length;
530 ninfo.nt.data = nt_resp.data;
531 ninfo.nt.length = nt_resp.length;
533 ninfo.identity_info.parameter_control = 0;
534 ninfo.identity_info.logon_id_low = 0;
535 ninfo.identity_info.logon_id_high = 0;
536 ninfo.identity_info.workstation.string = cli_credentials_get_workstation(credentials);
538 r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
539 r.in.workstation = cli_credentials_get_workstation(credentials);
540 r.in.credential = &auth;
541 r.in.return_authenticator = &auth2;
542 r.in.logon_level = 2;
543 r.in.logon.network = &ninfo;
545 printf("Testing LogonSamLogon with name %s\n", ninfo.identity_info.account_name.string);
549 creds_client_authenticator(creds, &auth);
551 r.in.validation_level = i;
553 status = dcerpc_netr_LogonSamLogon(p, mem_ctx, &r);
554 if (!NT_STATUS_IS_OK(status)) {
555 printf("LogonSamLogon failed: %s\n",
560 if (!creds_client_check(creds, &r.out.return_authenticator->cred)) {
561 printf("Credential chaining failed\n");
567 r.in.credential = NULL;
571 r.in.validation_level = i;
573 printf("Testing SamLogon with validation level %d\n", i);
575 status = dcerpc_netr_LogonSamLogon(p, mem_ctx, &r);
576 if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
577 printf("LogonSamLogon expected INVALID_PARAMETER, got: %s\n", nt_errstr(status));
588 try a netlogon SamLogon
590 static BOOL test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
591 struct cli_credentials *credentials)
593 struct creds_CredentialState *creds;
595 if (!test_SetupCredentials(p, mem_ctx, cli_credentials_get_workstation(credentials),
596 cli_credentials_get_password(credentials), &creds)) {
600 return test_netlogon_ops(p, mem_ctx, credentials, creds);
603 /* we remember the sequence numbers so we can easily do a DatabaseDelta */
604 static uint64_t sequence_nums[3];
607 try a netlogon DatabaseSync
609 static BOOL test_DatabaseSync(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
612 struct netr_DatabaseSync r;
613 struct creds_CredentialState *creds;
614 const uint32_t database_ids[] = {SAM_DATABASE_DOMAIN, SAM_DATABASE_BUILTIN, SAM_DATABASE_PRIVS};
618 if (!test_SetupCredentials(p, mem_ctx, TEST_MACHINE_NAME, machine_password, &creds)) {
622 r.in.logon_server = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
623 r.in.computername = TEST_MACHINE_NAME;
624 r.in.preferredmaximumlength = (uint32_t)-1;
625 ZERO_STRUCT(r.in.return_authenticator);
627 for (i=0;i<ARRAY_SIZE(database_ids);i++) {
628 r.in.sync_context = 0;
629 r.in.database_id = database_ids[i];
631 printf("Testing DatabaseSync of id %d\n", r.in.database_id);
634 creds_client_authenticator(creds, &r.in.credential);
636 status = dcerpc_netr_DatabaseSync(p, mem_ctx, &r);
637 if (!NT_STATUS_IS_OK(status) &&
638 !NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
639 printf("DatabaseSync - %s\n", nt_errstr(status));
644 if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
645 printf("Credential chaining failed\n");
648 r.in.sync_context = r.out.sync_context;
650 if (r.out.delta_enum_array &&
651 r.out.delta_enum_array->num_deltas > 0 &&
652 r.out.delta_enum_array->delta_enum[0].delta_type == NETR_DELTA_DOMAIN &&
653 r.out.delta_enum_array->delta_enum[0].delta_union.domain) {
654 sequence_nums[r.in.database_id] =
655 r.out.delta_enum_array->delta_enum[0].delta_union.domain->sequence_num;
656 printf("\tsequence_nums[%d]=%llu\n",
658 (unsigned long long)sequence_nums[r.in.database_id]);
660 } while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES));
668 try a netlogon DatabaseDeltas
670 static BOOL test_DatabaseDeltas(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
673 struct netr_DatabaseDeltas r;
674 struct creds_CredentialState *creds;
675 const uint32_t database_ids[] = {0, 1, 2};
679 if (!test_SetupCredentials(p, mem_ctx, TEST_MACHINE_NAME, machine_password, &creds)) {
683 r.in.logon_server = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
684 r.in.computername = TEST_MACHINE_NAME;
685 r.in.preferredmaximumlength = (uint32_t)-1;
686 ZERO_STRUCT(r.in.return_authenticator);
688 for (i=0;i<ARRAY_SIZE(database_ids);i++) {
689 r.in.database_id = database_ids[i];
690 r.in.sequence_num = sequence_nums[r.in.database_id];
692 if (r.in.sequence_num == 0) continue;
694 r.in.sequence_num -= 1;
697 printf("Testing DatabaseDeltas of id %d at %llu\n",
698 r.in.database_id, (unsigned long long)r.in.sequence_num);
701 creds_client_authenticator(creds, &r.in.credential);
703 status = dcerpc_netr_DatabaseDeltas(p, mem_ctx, &r);
704 if (NT_STATUS_EQUAL(status,
705 NT_STATUS_SYNCHRONIZATION_REQUIRED)) {
706 printf("no considering %s to be an error\n",
710 if (!NT_STATUS_IS_OK(status) &&
711 !NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
712 printf("DatabaseDeltas - %s\n", nt_errstr(status));
717 if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
718 printf("Credential chaining failed\n");
722 } while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES));
730 try a netlogon AccountDeltas
732 static BOOL test_AccountDeltas(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
735 struct netr_AccountDeltas r;
736 struct creds_CredentialState *creds;
739 if (!test_SetupCredentials(p, mem_ctx, TEST_MACHINE_NAME, machine_password, &creds)) {
743 r.in.logon_server = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
744 r.in.computername = TEST_MACHINE_NAME;
745 ZERO_STRUCT(r.in.return_authenticator);
746 creds_client_authenticator(creds, &r.in.credential);
747 ZERO_STRUCT(r.in.uas);
752 printf("Testing AccountDeltas\n");
754 /* w2k3 returns "NOT IMPLEMENTED" for this call */
755 status = dcerpc_netr_AccountDeltas(p, mem_ctx, &r);
756 if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)) {
757 printf("AccountDeltas - %s\n", nt_errstr(status));
765 try a netlogon AccountSync
767 static BOOL test_AccountSync(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
770 struct netr_AccountSync r;
771 struct creds_CredentialState *creds;
774 if (!test_SetupCredentials(p, mem_ctx, TEST_MACHINE_NAME, machine_password, &creds)) {
778 r.in.logon_server = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
779 r.in.computername = TEST_MACHINE_NAME;
780 ZERO_STRUCT(r.in.return_authenticator);
781 creds_client_authenticator(creds, &r.in.credential);
782 ZERO_STRUCT(r.in.recordid);
787 printf("Testing AccountSync\n");
789 /* w2k3 returns "NOT IMPLEMENTED" for this call */
790 status = dcerpc_netr_AccountSync(p, mem_ctx, &r);
791 if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)) {
792 printf("AccountSync - %s\n", nt_errstr(status));
800 try a netlogon GetDcName
802 static BOOL test_GetDcName(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
805 struct netr_GetDcName r;
807 r.in.logon_server = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
808 r.in.domainname = lp_workgroup();
810 printf("Testing GetDcName\n");
812 status = dcerpc_netr_GetDcName(p, mem_ctx, &r);
813 if (!NT_STATUS_IS_OK(status)) {
814 printf("GetDcName - %s\n", nt_errstr(status));
818 printf("\tDC is at '%s'\n", r.out.dcname);
824 try a netlogon LogonControl
826 static BOOL test_LogonControl(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
829 struct netr_LogonControl r;
833 r.in.logon_server = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
834 r.in.function_code = 1;
839 printf("Testing LogonControl level %d\n", i);
841 status = dcerpc_netr_LogonControl(p, mem_ctx, &r);
842 if (!NT_STATUS_IS_OK(status)) {
843 printf("LogonControl - %s\n", nt_errstr(status));
853 try a netlogon GetAnyDCName
855 static BOOL test_GetAnyDCName(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
858 struct netr_GetAnyDCName r;
860 r.in.logon_server = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
861 r.in.domainname = lp_workgroup();
863 printf("Testing GetAnyDCName\n");
865 status = dcerpc_netr_GetAnyDCName(p, mem_ctx, &r);
866 if (!NT_STATUS_IS_OK(status)) {
867 printf("GetAnyDCName - %s\n", nt_errstr(status));
872 printf("\tDC is at '%s'\n", r.out.dcname);
880 try a netlogon LogonControl2
882 static BOOL test_LogonControl2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
885 struct netr_LogonControl2 r;
889 r.in.logon_server = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
891 r.in.function_code = NETLOGON_CONTROL_REDISCOVER;
892 r.in.data.domain = lp_workgroup();
897 printf("Testing LogonControl2 level %d function %d\n",
898 i, r.in.function_code);
900 status = dcerpc_netr_LogonControl2(p, mem_ctx, &r);
901 if (!NT_STATUS_IS_OK(status)) {
902 printf("LogonControl - %s\n", nt_errstr(status));
907 r.in.function_code = NETLOGON_CONTROL_TC_QUERY;
908 r.in.data.domain = lp_workgroup();
913 printf("Testing LogonControl2 level %d function %d\n",
914 i, r.in.function_code);
916 status = dcerpc_netr_LogonControl2(p, mem_ctx, &r);
917 if (!NT_STATUS_IS_OK(status)) {
918 printf("LogonControl - %s\n", nt_errstr(status));
923 r.in.function_code = NETLOGON_CONTROL_TRANSPORT_NOTIFY;
924 r.in.data.domain = lp_workgroup();
929 printf("Testing LogonControl2 level %d function %d\n",
930 i, r.in.function_code);
932 status = dcerpc_netr_LogonControl2(p, mem_ctx, &r);
933 if (!NT_STATUS_IS_OK(status)) {
934 printf("LogonControl - %s\n", nt_errstr(status));
939 r.in.function_code = NETLOGON_CONTROL_SET_DBFLAG;
940 r.in.data.debug_level = ~0;
945 printf("Testing LogonControl2 level %d function %d\n",
946 i, r.in.function_code);
948 status = dcerpc_netr_LogonControl2(p, mem_ctx, &r);
949 if (!NT_STATUS_IS_OK(status)) {
950 printf("LogonControl - %s\n", nt_errstr(status));
959 try a netlogon DatabaseSync2
961 static BOOL test_DatabaseSync2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
964 struct netr_DatabaseSync2 r;
965 struct creds_CredentialState *creds;
966 const uint32_t database_ids[] = {0, 1, 2};
970 if (!test_SetupCredentials2(p, mem_ctx, NETLOGON_NEG_AUTH2_FLAGS,
971 TEST_MACHINE_NAME, machine_password,
972 SEC_CHAN_BDC, &creds)) {
976 r.in.logon_server = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
977 r.in.computername = TEST_MACHINE_NAME;
978 r.in.preferredmaximumlength = (uint32_t)-1;
979 ZERO_STRUCT(r.in.return_authenticator);
981 for (i=0;i<ARRAY_SIZE(database_ids);i++) {
982 r.in.sync_context = 0;
983 r.in.database_id = database_ids[i];
984 r.in.restart_state = 0;
986 printf("Testing DatabaseSync2 of id %d\n", r.in.database_id);
989 creds_client_authenticator(creds, &r.in.credential);
991 status = dcerpc_netr_DatabaseSync2(p, mem_ctx, &r);
992 if (!NT_STATUS_IS_OK(status) &&
993 !NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
994 printf("DatabaseSync2 - %s\n", nt_errstr(status));
999 if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
1000 printf("Credential chaining failed\n");
1003 r.in.sync_context = r.out.sync_context;
1004 } while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES));
1012 try a netlogon LogonControl2Ex
1014 static BOOL test_LogonControl2Ex(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
1017 struct netr_LogonControl2Ex r;
1021 r.in.logon_server = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
1023 r.in.function_code = NETLOGON_CONTROL_REDISCOVER;
1024 r.in.data.domain = lp_workgroup();
1029 printf("Testing LogonControl2Ex level %d function %d\n",
1030 i, r.in.function_code);
1032 status = dcerpc_netr_LogonControl2Ex(p, mem_ctx, &r);
1033 if (!NT_STATUS_IS_OK(status)) {
1034 printf("LogonControl - %s\n", nt_errstr(status));
1039 r.in.function_code = NETLOGON_CONTROL_TC_QUERY;
1040 r.in.data.domain = lp_workgroup();
1045 printf("Testing LogonControl2Ex level %d function %d\n",
1046 i, r.in.function_code);
1048 status = dcerpc_netr_LogonControl2Ex(p, mem_ctx, &r);
1049 if (!NT_STATUS_IS_OK(status)) {
1050 printf("LogonControl - %s\n", nt_errstr(status));
1055 r.in.function_code = NETLOGON_CONTROL_TRANSPORT_NOTIFY;
1056 r.in.data.domain = lp_workgroup();
1061 printf("Testing LogonControl2Ex level %d function %d\n",
1062 i, r.in.function_code);
1064 status = dcerpc_netr_LogonControl2Ex(p, mem_ctx, &r);
1065 if (!NT_STATUS_IS_OK(status)) {
1066 printf("LogonControl - %s\n", nt_errstr(status));
1071 r.in.function_code = NETLOGON_CONTROL_SET_DBFLAG;
1072 r.in.data.debug_level = ~0;
1077 printf("Testing LogonControl2Ex level %d function %d\n",
1078 i, r.in.function_code);
1080 status = dcerpc_netr_LogonControl2Ex(p, mem_ctx, &r);
1081 if (!NT_STATUS_IS_OK(status)) {
1082 printf("LogonControl - %s\n", nt_errstr(status));
1092 try a netlogon netr_DsrEnumerateDomainTrusts
1094 static BOOL test_DsrEnumerateDomainTrusts(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
1097 struct netr_DsrEnumerateDomainTrusts r;
1099 r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
1100 r.in.trust_flags = 0x3f;
1102 printf("Testing netr_DsrEnumerateDomainTrusts\n");
1104 status = dcerpc_netr_DsrEnumerateDomainTrusts(p, mem_ctx, &r);
1105 if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(r.out.result)) {
1106 printf("netr_DsrEnumerateDomainTrusts - %s/%s\n",
1107 nt_errstr(status), win_errstr(r.out.result));
1114 static BOOL test_netr_DsRGetSiteName(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1115 const char *computer_name,
1116 const char *expected_site)
1119 struct netr_DsRGetSiteName r;
1122 r.in.computer_name = computer_name;
1123 printf("Testing netr_DsRGetSiteName\n");
1125 status = dcerpc_netr_DsRGetSiteName(p, mem_ctx, &r);
1126 if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(r.out.result)) {
1127 printf("netr_DsRGetSiteName - %s/%s\n",
1128 nt_errstr(status), win_errstr(r.out.result));
1131 if (strcmp(expected_site, r.out.site) != 0) {
1132 printf("netr_DsRGetSiteName - unexpected result: %s, expected %s\n",
1133 r.out.site, expected_site);
1138 r.in.computer_name = talloc_asprintf(mem_ctx, "\\\\%s", computer_name);
1139 printf("Testing netr_DsRGetSiteName with broken computer name: %s\n", r.in.computer_name);
1141 status = dcerpc_netr_DsRGetSiteName(p, mem_ctx, &r);
1142 if (!NT_STATUS_IS_OK(status)) {
1143 printf("netr_DsRGetSiteName - %s\n",
1146 } else if (!W_ERROR_EQUAL(r.out.result, WERR_INVALID_COMPUTERNAME)) {
1147 printf("netr_DsRGetSiteName - incorrect error return %s, expected %s\n",
1148 win_errstr(r.out.result), win_errstr(WERR_INVALID_COMPUTERNAME));
1155 try a netlogon netr_DsRGetDCName
1157 static BOOL test_netr_DsRGetDCName(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
1160 struct netr_DsRGetDCName r;
1163 r.in.server_unc = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
1164 r.in.domain_name = talloc_asprintf(mem_ctx, "%s", lp_realm());
1165 r.in.domain_guid = NULL;
1166 r.in.site_guid = NULL;
1167 r.in.flags = 0x40000000;
1169 printf("Testing netr_DsRGetDCName\n");
1171 status = dcerpc_netr_DsRGetDCName(p, mem_ctx, &r);
1172 if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(r.out.result)) {
1173 printf("netr_DsRGetDCName - %s/%s\n",
1174 nt_errstr(status), win_errstr(r.out.result));
1177 ret = test_netr_DsRGetSiteName(p, mem_ctx,
1179 r.out.info->dc_site_name);
1186 try a netlogon netr_DsRGetDCNameEx
1188 static BOOL test_netr_DsRGetDCNameEx(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
1191 struct netr_DsRGetDCNameEx r;
1194 r.in.server_unc = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
1195 r.in.domain_name = talloc_asprintf(mem_ctx, "%s", lp_realm());
1196 r.in.domain_guid = NULL;
1197 r.in.site_name = NULL;
1198 r.in.flags = 0x40000000;
1200 printf("Testing netr_DsRGetDCNameEx\n");
1202 status = dcerpc_netr_DsRGetDCNameEx(p, mem_ctx, &r);
1203 if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(r.out.result)) {
1204 printf("netr_DsRGetDCNameEx - %s/%s\n",
1205 nt_errstr(status), win_errstr(r.out.result));
1208 ret = test_netr_DsRGetSiteName(p, mem_ctx,
1210 r.out.info->dc_site_name);
1217 try a netlogon netr_DsRGetDCNameEx2
1219 static BOOL test_netr_DsRGetDCNameEx2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
1222 struct netr_DsRGetDCNameEx2 r;
1225 r.in.server_unc = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
1226 r.in.client_account = NULL;
1227 r.in.mask = 0x00000000;
1228 r.in.domain_name = talloc_asprintf(mem_ctx, "%s", lp_realm());
1229 r.in.domain_guid = NULL;
1230 r.in.site_name = NULL;
1231 r.in.flags = 0x40000000;
1233 printf("Testing netr_DsRGetDCNameEx2 without client account\n");
1235 status = dcerpc_netr_DsRGetDCNameEx2(p, mem_ctx, &r);
1236 if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(r.out.result)) {
1237 printf("netr_DsRGetDCNameEx2 - %s/%s\n",
1238 nt_errstr(status), win_errstr(r.out.result));
1242 printf("Testing netr_DsRGetDCNameEx2 with client acount\n");
1243 r.in.client_account = TEST_MACHINE_NAME"$";
1244 r.in.mask = 0x00002000;
1245 r.in.flags = 0x80000000;
1247 status = dcerpc_netr_DsRGetDCNameEx2(p, mem_ctx, &r);
1248 if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(r.out.result)) {
1249 printf("netr_DsRGetDCNameEx2 - %s/%s\n",
1250 nt_errstr(status), win_errstr(r.out.result));
1253 ret = test_netr_DsRGetSiteName(p, mem_ctx,
1255 r.out.info->dc_site_name);
1261 static BOOL test_GetDomainInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
1264 struct netr_LogonGetDomainInfo r;
1265 struct netr_DomainQuery1 q1;
1266 struct netr_Authenticator a;
1267 struct creds_CredentialState *creds;
1269 if (!test_SetupCredentials3(p, mem_ctx, NETLOGON_NEG_AUTH2_ADS_FLAGS,
1270 TEST_MACHINE_NAME, machine_password, &creds)) {
1276 creds_client_authenticator(creds, &a);
1278 r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
1279 r.in.computer_name = TEST_MACHINE_NAME;
1281 r.in.credential = &a;
1282 r.in.return_authenticator = &a;
1283 r.out.return_authenticator = &a;
1285 r.in.query.query1 = &q1;
1288 /* this should really be the fully qualified name */
1289 q1.workstation_domain = TEST_MACHINE_NAME;
1290 q1.workstation_site = "Default-First-Site-Name";
1291 q1.blob2.length = 0;
1293 q1.blob2.data = NULL;
1294 q1.product.string = "product string";
1296 printf("Testing netr_LogonGetDomainInfo\n");
1298 status = dcerpc_netr_LogonGetDomainInfo(p, mem_ctx, &r);
1299 if (!NT_STATUS_IS_OK(status)) {
1300 printf("netr_LogonGetDomainInfo - %s\n", nt_errstr(status));
1304 if (!creds_client_check(creds, &a.cred)) {
1305 printf("Credential chaining failed\n");
1313 static void async_callback(struct rpc_request *req)
1315 int *counter = req->async.private;
1316 if (NT_STATUS_IS_OK(req->status)) {
1321 static BOOL test_GetDomainInfo_async(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
1324 struct netr_LogonGetDomainInfo r;
1325 struct netr_DomainQuery1 q1;
1326 struct netr_Authenticator a;
1327 #define ASYNC_COUNT 100
1328 struct creds_CredentialState *creds;
1329 struct creds_CredentialState *creds_async[ASYNC_COUNT];
1330 struct rpc_request *req[ASYNC_COUNT];
1332 int *async_counter = talloc(mem_ctx, int);
1334 if (!lp_parm_bool(-1, "torture", "dangerous", False)) {
1335 printf("test_GetDomainInfo_async disabled - enable dangerous tests to use\n");
1339 if (!test_SetupCredentials3(p, mem_ctx, NETLOGON_NEG_AUTH2_ADS_FLAGS,
1340 TEST_MACHINE_NAME, machine_password, &creds)) {
1345 r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
1346 r.in.computer_name = TEST_MACHINE_NAME;
1348 r.in.credential = &a;
1349 r.in.return_authenticator = &a;
1350 r.out.return_authenticator = &a;
1352 r.in.query.query1 = &q1;
1355 /* this should really be the fully qualified name */
1356 q1.workstation_domain = TEST_MACHINE_NAME;
1357 q1.workstation_site = "Default-First-Site-Name";
1358 q1.blob2.length = 0;
1360 q1.blob2.data = NULL;
1361 q1.product.string = "product string";
1363 printf("Testing netr_LogonGetDomainInfo - async count %d\n", ASYNC_COUNT);
1367 for (i=0;i<ASYNC_COUNT;i++) {
1368 creds_client_authenticator(creds, &a);
1370 creds_async[i] = talloc_memdup(creds, creds, sizeof(*creds));
1371 req[i] = dcerpc_netr_LogonGetDomainInfo_send(p, mem_ctx, &r);
1373 req[i]->async.callback = async_callback;
1374 req[i]->async.private = async_counter;
1376 /* even with this flush per request a w2k3 server seems to
1377 clag with multiple outstanding requests. bleergh. */
1378 if (event_loop_once(dcerpc_event_context(p)) != 0) {
1383 for (i=0;i<ASYNC_COUNT;i++) {
1384 status = dcerpc_ndr_request_recv(req[i]);
1385 if (!NT_STATUS_IS_OK(status) || !NT_STATUS_IS_OK(r.out.result)) {
1386 printf("netr_LogonGetDomainInfo_async(%d) - %s/%s\n",
1387 i, nt_errstr(status), nt_errstr(r.out.result));
1391 if (!creds_client_check(creds_async[i], &a.cred)) {
1392 printf("Credential chaining failed at async %d\n", i);
1397 printf("Testing netr_LogonGetDomainInfo - async count %d OK\n", *async_counter);
1399 return (*async_counter) == ASYNC_COUNT;
1402 static BOOL test_ManyGetDCName(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
1405 struct dcerpc_binding *b;
1406 struct dcerpc_pipe *p2;
1407 struct lsa_ObjectAttribute attr;
1408 struct lsa_QosInfo qos;
1409 struct lsa_OpenPolicy2 o;
1410 struct policy_handle lsa_handle;
1411 struct lsa_DomainList domains;
1413 struct lsa_EnumTrustDom t;
1414 uint32_t resume_handle = 0;
1415 struct netr_GetAnyDCName d;
1420 if (p->conn->transport.transport != NCACN_NP) {
1424 printf("Torturing GetDCName\n");
1426 status = dcerpc_parse_binding(mem_ctx, p->conn->binding_string, &b);
1427 if (!NT_STATUS_IS_OK(status)) {
1428 printf("Failed to parse dcerpc binding '%s'\n", p->conn->binding_string);
1432 status = dcerpc_secondary_connection(p, &p2, b);
1433 if (!NT_STATUS_IS_OK(status)) {
1434 printf("Failed to create secondary connection\n");
1438 status = dcerpc_bind_auth_none(p2, &dcerpc_table_lsarpc);
1439 if (!NT_STATUS_IS_OK(status)) {
1440 printf("Failed to create bind on secondary connection\n");
1445 qos.impersonation_level = 2;
1446 qos.context_mode = 1;
1447 qos.effective_only = 0;
1450 attr.root_dir = NULL;
1451 attr.object_name = NULL;
1452 attr.attributes = 0;
1453 attr.sec_desc = NULL;
1454 attr.sec_qos = &qos;
1456 o.in.system_name = "\\";
1458 o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
1459 o.out.handle = &lsa_handle;
1461 status = dcerpc_lsa_OpenPolicy2(p2, mem_ctx, &o);
1462 if (!NT_STATUS_IS_OK(status)) {
1463 printf("OpenPolicy2 failed - %s\n", nt_errstr(status));
1467 t.in.handle = &lsa_handle;
1468 t.in.resume_handle = &resume_handle;
1469 t.in.max_size = 1000;
1470 t.out.domains = &domains;
1471 t.out.resume_handle = &resume_handle;
1473 status = dcerpc_lsa_EnumTrustDom(p2, mem_ctx, &t);
1475 if ((!NT_STATUS_IS_OK(status) &&
1476 (!NT_STATUS_EQUAL(status, NT_STATUS_NO_MORE_ENTRIES)))) {
1477 printf("Could not list domains\n");
1483 d.in.logon_server = talloc_asprintf(mem_ctx, "\\\\%s",
1484 dcerpc_server_name(p));
1486 for (i=0; i<domains.count * 4; i++) {
1487 struct lsa_DomainInformation *info =
1488 &domains.domains[rand()%domains.count];
1490 d.in.domainname = info->name.string;
1492 status = dcerpc_netr_GetAnyDCName(p, mem_ctx, &d);
1493 if (!NT_STATUS_IS_OK(status)) {
1494 printf("GetAnyDCName - %s\n", nt_errstr(status));
1498 printf("\tDC for domain %s is %s\n", info->name.string,
1499 d.out.dcname ? d.out.dcname : "unknown");
1506 BOOL torture_rpc_netlogon(void)
1509 struct dcerpc_pipe *p;
1510 TALLOC_CTX *mem_ctx;
1512 struct test_join *join_ctx;
1513 struct cli_credentials *machine_credentials;
1515 mem_ctx = talloc_init("torture_rpc_netlogon");
1517 join_ctx = torture_join_domain(TEST_MACHINE_NAME, ACB_SVRTRUST,
1518 &machine_credentials);
1520 talloc_free(mem_ctx);
1521 printf("Failed to join as BDC\n");
1525 machine_password = cli_credentials_get_password(machine_credentials);
1527 status = torture_rpc_connection(mem_ctx, &p, &dcerpc_table_netlogon);
1528 if (!NT_STATUS_IS_OK(status)) {
1529 talloc_free(mem_ctx);
1533 ret &= test_LogonUasLogon(p, mem_ctx);
1534 ret &= test_LogonUasLogoff(p, mem_ctx);
1535 ret &= test_SamLogon(p, mem_ctx, machine_credentials);
1536 ret &= test_SetPassword(p, mem_ctx);
1537 ret &= test_SetPassword2(p, mem_ctx);
1538 ret &= test_GetDomainInfo(p, mem_ctx);
1539 ret &= test_DatabaseSync(p, mem_ctx);
1540 ret &= test_DatabaseDeltas(p, mem_ctx);
1541 ret &= test_AccountDeltas(p, mem_ctx);
1542 ret &= test_AccountSync(p, mem_ctx);
1543 ret &= test_GetDcName(p, mem_ctx);
1544 ret &= test_ManyGetDCName(p, mem_ctx);
1545 ret &= test_LogonControl(p, mem_ctx);
1546 ret &= test_GetAnyDCName(p, mem_ctx);
1547 ret &= test_LogonControl2(p, mem_ctx);
1548 ret &= test_DatabaseSync2(p, mem_ctx);
1549 ret &= test_LogonControl2Ex(p, mem_ctx);
1550 ret &= test_DsrEnumerateDomainTrusts(p, mem_ctx);
1551 ret &= test_GetDomainInfo_async(p, mem_ctx);
1552 ret &= test_netr_DsRGetDCName(p, mem_ctx);
1553 ret &= test_netr_DsRGetDCNameEx(p, mem_ctx);
1554 ret &= test_netr_DsRGetDCNameEx2(p, mem_ctx);
1556 talloc_free(mem_ctx);
1558 torture_leave_domain(join_ctx);