#include "librpc/gen_ndr/ndr_lsa_c.h"
#include "param/param.h"
#include "libcli/security/security.h"
-#include "lib/ldb/include/ldb.h"
+#include <ldb.h>
#include "lib/util/util_ldb.h"
-#include "lib/ldb_wrap.h"
+#include "ldb_wrap.h"
#include "lib/replace/system/network.h"
#include "dsdb/samdb/samdb.h"
bool test_SetupCredentials2(struct dcerpc_pipe *p, struct torture_context *tctx,
uint32_t negotiate_flags,
struct cli_credentials *machine_credentials,
- int sec_chan_type,
+ enum netr_SchannelType sec_chan_type,
struct netlogon_creds_CredentialState **creds_out)
{
struct netr_ServerReqChallenge r;
}
-static bool test_SetupCredentials3(struct dcerpc_pipe *p, struct torture_context *tctx,
+bool test_SetupCredentials3(struct dcerpc_pipe *p, struct torture_context *tctx,
uint32_t negotiate_flags,
struct cli_credentials *machine_credentials,
struct netlogon_creds_CredentialState **creds_out)
new_password.length = IVAL(password_buf.data, 512);
torture_comment(tctx,
- "Testing a third ServerPasswordSet2 on machine account, with a compleatly random password\n");
+ "Testing a third ServerPasswordSet2 on machine account, with a completely random password\n");
netlogon_creds_client_authenticator(creds, &credential);
NTSTATUS status;
struct netr_LogonSamLogon r;
struct netr_Authenticator auth, auth2;
+ static const struct netr_Authenticator auth_zero;
union netr_LogonLevel logon;
union netr_Validation validation;
uint8_t authoritative;
int i;
struct dcerpc_binding_handle *b = p->binding_handle;
int flags = CLI_CRED_NTLM_AUTH;
- if (lp_client_lanman_auth(tctx->lp_ctx)) {
+ if (lpcfg_client_lanman_auth(tctx->lp_ctx)) {
flags |= CLI_CRED_LANMAN_AUTH;
}
- if (lp_client_ntlmv2_auth(tctx->lp_ctx)) {
+ if (lpcfg_client_ntlmv2_auth(tctx->lp_ctx) && !null_domain) {
flags |= CLI_CRED_NTLMv2_AUTH;
}
d_printf("Testing LogonSamLogon with name %s\n", ninfo.identity_info.account_name.string);
- for (i=2;i<3;i++) {
+ for (i=2;i<=3;i++) {
ZERO_STRUCT(auth2);
netlogon_creds_client_authenticator(creds, &auth);
torture_assert(tctx, netlogon_creds_client_check(creds,
&r.out.return_authenticator->cred),
"Credential chaining failed");
+ torture_assert_int_equal(tctx, *r.out.authoritative, 1,
+ "LogonSamLogon invalid *r.out.authoritative");
+ }
+
+ /* this makes sure we get the unmarshalling right for invalid levels */
+ for (i=52;i<53;i++) {
+ ZERO_STRUCT(auth2);
+ /* the authenticator should be ignored by the server */
+ generate_random_buffer((uint8_t *) &auth, sizeof(auth));
+
+ r.in.validation_level = i;
+
+ torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
+ "LogonSamLogon failed");
+ torture_assert_ntstatus_equal(tctx, r.out.result,
+ NT_STATUS_INVALID_INFO_CLASS,
+ "LogonSamLogon failed");
+
+ torture_assert_int_equal(tctx, *r.out.authoritative, 1,
+ "LogonSamLogon invalid *r.out.authoritative");
+ torture_assert(tctx,
+ memcmp(&auth2, &auth_zero, sizeof(auth2)) == 0,
+ "Return authenticator non zero");
+ }
+
+ for (i=2;i<=3;i++) {
+ ZERO_STRUCT(auth2);
+ netlogon_creds_client_authenticator(creds, &auth);
+
+ r.in.validation_level = i;
+
+ torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
+ "LogonSamLogon failed");
+ torture_assert_ntstatus_ok(tctx, r.out.result, "LogonSamLogon failed");
+
+ torture_assert(tctx, netlogon_creds_client_check(creds,
+ &r.out.return_authenticator->cred),
+ "Credential chaining failed");
+ torture_assert_int_equal(tctx, *r.out.authoritative, 1,
+ "LogonSamLogon invalid *r.out.authoritative");
+ }
+
+ r.in.logon_level = 52;
+
+ for (i=2;i<=3;i++) {
+ ZERO_STRUCT(auth2);
+ /* the authenticator should be ignored by the server */
+ generate_random_buffer((uint8_t *) &auth, sizeof(auth));
+
+ r.in.validation_level = i;
+
+ torture_comment(tctx, "Testing SamLogon with validation level %d and a NULL credential\n", i);
+
+ torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
+ "LogonSamLogon failed");
+ torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_INVALID_PARAMETER,
+ "LogonSamLogon expected INVALID_PARAMETER");
+
+ torture_assert(tctx,
+ memcmp(&auth2, &auth_zero, sizeof(auth2)) == 0,
+ "Return authenticator non zero");
+ torture_assert_int_equal(tctx, *r.out.authoritative, 1,
+ "LogonSamLogon invalid *r.out.authoritative");
}
r.in.credential = NULL;
for (i=2;i<=3;i++) {
+ ZERO_STRUCT(auth2);
r.in.validation_level = i;
torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_INVALID_PARAMETER,
"LogonSamLogon expected INVALID_PARAMETER");
+ torture_assert(tctx,
+ memcmp(&auth2, &auth_zero, sizeof(auth2)) == 0,
+ "Return authenticator non zero");
+ torture_assert_int_equal(tctx, *r.out.authoritative, 1,
+ "LogonSamLogon invalid *r.out.authoritative");
+ }
+
+ r.in.logon_level = 2;
+ r.in.credential = &auth;
+
+ for (i=2;i<=3;i++) {
+ ZERO_STRUCT(auth2);
+ netlogon_creds_client_authenticator(creds, &auth);
+
+ r.in.validation_level = i;
+
+ torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
+ "LogonSamLogon failed");
+ torture_assert_ntstatus_ok(tctx, r.out.result, "LogonSamLogon failed");
+
+ torture_assert(tctx, netlogon_creds_client_check(creds,
+ &r.out.return_authenticator->cred),
+ "Credential chaining failed");
+ torture_assert_int_equal(tctx, *r.out.authoritative, 1,
+ "LogonSamLogon invalid *r.out.authoritative");
}
return true;
return test_netlogon_ops_args(p, tctx, credentials, creds, false);
}
+/*
+ try a netlogon GetCapabilities
+*/
+bool test_netlogon_capabilities(struct dcerpc_pipe *p, struct torture_context *tctx,
+ struct cli_credentials *credentials,
+ struct netlogon_creds_CredentialState *creds)
+{
+ NTSTATUS status;
+ struct netr_LogonGetCapabilities r;
+ union netr_Capabilities capabilities;
+ struct netr_Authenticator auth, return_auth;
+ struct netlogon_creds_CredentialState tmp_creds;
+ struct dcerpc_binding_handle *b = p->binding_handle;
+
+ r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+ r.in.computer_name = cli_credentials_get_workstation(credentials);
+ r.in.credential = &auth;
+ r.in.return_authenticator = &return_auth;
+ r.in.query_level = 1;
+ r.out.capabilities = &capabilities;
+ r.out.return_authenticator = &return_auth;
+
+ torture_comment(tctx, "Testing LogonGetCapabilities\n");
+
+ ZERO_STRUCT(return_auth);
+
+ /*
+ * we need to operate on a temporary copy of creds
+ * because dcerpc_netr_LogonGetCapabilities was
+ * dcerpc_netr_DummyFunction and returns NT_STATUS_NOT_IMPLEMENTED
+ * without looking a the authenticator.
+ */
+ tmp_creds = *creds;
+ netlogon_creds_client_authenticator(&tmp_creds, &auth);
+
+ status = dcerpc_netr_LogonGetCapabilities_r(b, tctx, &r);
+ torture_assert_ntstatus_ok(tctx, status, "LogonGetCapabilities failed");
+ if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_NOT_IMPLEMENTED)) {
+ return true;
+ }
+
+ *creds = tmp_creds;
+
+ torture_assert(tctx, netlogon_creds_client_check(creds,
+ &r.out.return_authenticator->cred),
+ "Credential chaining failed");
+
+ torture_assert_int_equal(tctx, creds->negotiate_flags,
+ capabilities.server_capabilities,
+ "negotiate flags");
+
+ return true;
+}
+
/*
try a netlogon SamLogon
*/
struct dcerpc_binding_handle *b = p->binding_handle;
r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
- r.in.domainname = lp_workgroup(tctx->lp_ctx);
+ r.in.domainname = lpcfg_workgroup(tctx->lp_ctx);
r.out.dcname = &dcname;
torture_assert_ntstatus_ok(tctx, dcerpc_netr_GetDcName_r(b, tctx, &r),
}
}
+ r.in.level = 52;
+ torture_comment(tctx, "Testing LogonControl function code %s (%d) level %d\n",
+ function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
+ status = dcerpc_netr_LogonControl_r(b, tctx, &r);
+ torture_assert_ntstatus_ok(tctx, status, "LogonControl");
+ torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_LEVEL, "LogonControl");
+
return true;
}
const char *dcname = NULL;
struct dcerpc_binding_handle *b = p->binding_handle;
- r.in.domainname = lp_workgroup(tctx->lp_ctx);
+ r.in.domainname = lpcfg_workgroup(tctx->lp_ctx);
r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
r.out.dcname = &dcname;
int i;
struct dcerpc_binding_handle *b = p->binding_handle;
- data.domain = lp_workgroup(tctx->lp_ctx);
+ data.domain = lpcfg_workgroup(tctx->lp_ctx);
r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
for (i=1;i<4;i++) {
r.in.level = i;
- torture_comment(tctx, "Testing LogonControl2 level %d function %d\n",
- i, r.in.function_code);
+ torture_comment(tctx, "Testing LogonControl2 function code %s (%d) level %d\n",
+ function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
status = dcerpc_netr_LogonControl2_r(b, tctx, &r);
- torture_assert_ntstatus_ok(tctx, status, "LogonControl");
+ torture_assert_ntstatus_ok(tctx, status, "LogonControl2");
}
- data.domain = lp_workgroup(tctx->lp_ctx);
+ data.domain = lpcfg_workgroup(tctx->lp_ctx);
r.in.function_code = NETLOGON_CONTROL_TC_QUERY;
r.in.data = &data;
for (i=1;i<4;i++) {
r.in.level = i;
- torture_comment(tctx, "Testing LogonControl2 level %d function %d\n",
- i, r.in.function_code);
+ torture_comment(tctx, "Testing LogonControl2 function code %s (%d) level %d\n",
+ function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
status = dcerpc_netr_LogonControl2_r(b, tctx, &r);
- torture_assert_ntstatus_ok(tctx, status, "LogonControl");
+ torture_assert_ntstatus_ok(tctx, status, "LogonControl2");
}
- data.domain = lp_workgroup(tctx->lp_ctx);
+ data.domain = lpcfg_workgroup(tctx->lp_ctx);
r.in.function_code = NETLOGON_CONTROL_TRANSPORT_NOTIFY;
r.in.data = &data;
for (i=1;i<4;i++) {
r.in.level = i;
- torture_comment(tctx, "Testing LogonControl2 level %d function %d\n",
- i, r.in.function_code);
+ torture_comment(tctx, "Testing LogonControl2 function code %s (%d) level %d\n",
+ function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
status = dcerpc_netr_LogonControl2_r(b, tctx, &r);
- torture_assert_ntstatus_ok(tctx, status, "LogonControl");
+ torture_assert_ntstatus_ok(tctx, status, "LogonControl2");
}
data.debug_level = ~0;
for (i=1;i<4;i++) {
r.in.level = i;
- torture_comment(tctx, "Testing LogonControl2 level %d function %d\n",
- i, r.in.function_code);
+ torture_comment(tctx, "Testing LogonControl2 function code %s (%d) level %d\n",
+ function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
status = dcerpc_netr_LogonControl2_r(b, tctx, &r);
- torture_assert_ntstatus_ok(tctx, status, "LogonControl");
+ torture_assert_ntstatus_ok(tctx, status, "LogonControl2");
}
+ ZERO_STRUCT(data);
+ r.in.function_code = 52;
+ r.in.data = &data;
+
+ torture_comment(tctx, "Testing LogonControl2 function code %s (%d) level %d\n",
+ function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
+
+ status = dcerpc_netr_LogonControl2_r(b, tctx, &r);
+ torture_assert_ntstatus_ok(tctx, status, "LogonControl2");
+ torture_assert_werr_equal(tctx, r.out.result, WERR_UNKNOWN_LEVEL, "LogonControl2");
+
+ data.debug_level = ~0;
+
+ r.in.function_code = NETLOGON_CONTROL_SET_DBFLAG;
+ r.in.data = &data;
+
+ r.in.level = 52;
+ torture_comment(tctx, "Testing LogonControl2 function code %s (%d) level %d\n",
+ function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
+
+ status = dcerpc_netr_LogonControl2_r(b, tctx, &r);
+ torture_assert_ntstatus_ok(tctx, status, "LogonControl2");
+ torture_assert_werr_equal(tctx, r.out.result, WERR_UNKNOWN_LEVEL, "LogonControl2");
+
return true;
}
int i;
struct dcerpc_binding_handle *b = p->binding_handle;
- data.domain = lp_workgroup(tctx->lp_ctx);
+ data.domain = lpcfg_workgroup(tctx->lp_ctx);
r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
torture_assert_ntstatus_ok(tctx, status, "LogonControl");
}
- data.domain = lp_workgroup(tctx->lp_ctx);
+ data.domain = lpcfg_workgroup(tctx->lp_ctx);
r.in.function_code = NETLOGON_CONTROL_TC_QUERY;
r.in.data = &data;
torture_assert_ntstatus_ok(tctx, status, "LogonControl");
}
- data.domain = lp_workgroup(tctx->lp_ctx);
+ data.domain = lpcfg_workgroup(tctx->lp_ctx);
r.in.function_code = NETLOGON_CONTROL_TRANSPORT_NOTIFY;
r.in.data = &data;
return true;
}
+static bool test_netr_GetForestTrustInformation(struct torture_context *tctx,
+ struct dcerpc_pipe *p,
+ struct cli_credentials *machine_credentials)
+{
+ struct netr_GetForestTrustInformation r;
+ struct netlogon_creds_CredentialState *creds;
+ struct netr_Authenticator a;
+ struct netr_Authenticator return_authenticator;
+ struct lsa_ForestTrustInformation *forest_trust_info;
+ struct dcerpc_binding_handle *b = p->binding_handle;
+
+ if (!test_SetupCredentials3(p, tctx, NETLOGON_NEG_AUTH2_ADS_FLAGS,
+ machine_credentials, &creds)) {
+ return false;
+ }
+
+ netlogon_creds_client_authenticator(creds, &a);
+
+ r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+ r.in.computer_name = TEST_MACHINE_NAME;
+ r.in.credential = &a;
+ r.in.flags = 0;
+ r.out.return_authenticator = &return_authenticator;
+ r.out.forest_trust_info = &forest_trust_info;
+
+ torture_assert_ntstatus_ok(tctx,
+ dcerpc_netr_GetForestTrustInformation_r(b, tctx, &r),
+ "netr_GetForestTrustInformation failed");
+ if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_NOT_IMPLEMENTED)) {
+ torture_comment(tctx, "not considering NT_STATUS_NOT_IMPLEMENTED as an error\n");
+ } else {
+ torture_assert_ntstatus_ok(tctx, r.out.result,
+ "netr_GetForestTrustInformation failed");
+ }
+
+ torture_assert(tctx,
+ netlogon_creds_client_check(creds, &return_authenticator.cred),
+ "Credential chaining failed");
+
+ return true;
+}
+
static bool test_netr_DsRGetForestTrustInformation(struct torture_context *tctx,
struct dcerpc_pipe *p, const char *trusted_domain_name)
{
status = dcerpc_netr_NetrEnumerateTrustedDomains_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "netr_NetrEnumerateTrustedDomains");
- torture_assert_werr_ok(tctx, r.out.result, "NetrEnumerateTrustedDomains");
+ torture_assert_ntstatus_ok(tctx, r.out.result, "NetrEnumerateTrustedDomains");
return true;
}
const char *site = NULL;
struct dcerpc_binding_handle *b = p->binding_handle;
- if (torture_setting_bool(tctx, "samba4", false))
- torture_skip(tctx, "skipping DsRGetSiteName test against Samba4");
-
r.in.computer_name = computer_name;
r.out.site = &site;
torture_comment(tctx, "Testing netr_DsRGetSiteName\n");
torture_assert_werr_ok(tctx, r.out.result, "DsRGetSiteName");
torture_assert_str_equal(tctx, expected_site, site, "netr_DsRGetSiteName");
+ if (torture_setting_bool(tctx, "samba4", false))
+ torture_skip(tctx, "skipping computer name check against Samba4");
+
r.in.computer_name = talloc_asprintf(tctx, "\\\\%s", computer_name);
torture_comment(tctx,
"Testing netr_DsRGetSiteName with broken computer name: %s\n", r.in.computer_name);
struct dcerpc_binding_handle *b = p->binding_handle;
r.in.server_unc = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
- r.in.domain_name = lp_dnsdomain(tctx->lp_ctx);
+ r.in.domain_name = lpcfg_dnsdomain(tctx->lp_ctx);
r.in.domain_guid = NULL;
r.in.site_guid = NULL;
r.in.flags = DS_RETURN_DNS_NAME;
torture_assert_ntstatus_ok(tctx, status, "DsRGetDCName");
torture_assert_werr_ok(tctx, r.out.result, "DsRGetDCName");
- r.in.domain_name = lp_workgroup(tctx->lp_ctx);
+ r.in.domain_name = lpcfg_workgroup(tctx->lp_ctx);
status = dcerpc_netr_DsRGetDCName_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "DsRGetDCName");
struct dcerpc_binding_handle *b = p->binding_handle;
r.in.server_unc = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
- r.in.domain_name = lp_dnsdomain(tctx->lp_ctx);
+ r.in.domain_name = lpcfg_dnsdomain(tctx->lp_ctx);
r.in.domain_guid = NULL;
r.in.site_name = NULL;
r.in.flags = DS_RETURN_DNS_NAME;
torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx");
torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx");
- r.in.domain_name = lp_workgroup(tctx->lp_ctx);
+ r.in.domain_name = lpcfg_workgroup(tctx->lp_ctx);
status = dcerpc_netr_DsRGetDCNameEx_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx");
struct netr_DsRGetDCNameInfo *info = NULL;
struct dcerpc_binding_handle *b = p->binding_handle;
+ torture_comment(tctx, "Testing netr_DsRGetDCNameEx2 with no inputs\n");
+ ZERO_STRUCT(r.in);
+ r.in.flags = DS_RETURN_DNS_NAME;
+ r.out.info = &info;
+
+ status = dcerpc_netr_DsRGetDCNameEx2_r(b, tctx, &r);
+ torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx2");
+ torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx2");
+
r.in.server_unc = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
r.in.client_account = NULL;
r.in.mask = 0x00000000;
- r.in.domain_name = lp_dnsdomain(tctx->lp_ctx);
+ r.in.domain_name = lpcfg_dnsdomain(tctx->lp_ctx);
r.in.domain_guid = NULL;
r.in.site_name = NULL;
r.in.flags = DS_RETURN_DNS_NAME;
torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx2");
torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx2");
- r.in.domain_name = lp_workgroup(tctx->lp_ctx);
+ r.in.domain_name = lpcfg_workgroup(tctx->lp_ctx);
status = dcerpc_netr_DsRGetDCNameEx2_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx2");
info->dc_site_name);
}
+/* This is a substitution for "samdb_server_site_name" which relies on the
+ * correct "lp_ctx" and therefore can't be used here. */
+static const char *server_site_name(struct torture_context *tctx,
+ struct ldb_context *ldb)
+{
+ TALLOC_CTX *tmp_ctx;
+ struct ldb_dn *dn, *server_dn;
+ const struct ldb_val *site_name_val;
+ const char *server_dn_str, *site_name;
+
+ tmp_ctx = talloc_new(ldb);
+ if (tmp_ctx == NULL) {
+ goto failed;
+ }
+
+ dn = ldb_dn_new(tmp_ctx, ldb, "");
+ if (dn == NULL) {
+ goto failed;
+ }
+
+ server_dn_str = samdb_search_string(ldb, tmp_ctx, dn, "serverName",
+ NULL);
+ if (server_dn_str == NULL) {
+ goto failed;
+ }
+
+ server_dn = ldb_dn_new(tmp_ctx, ldb, server_dn_str);
+ if (server_dn == NULL) {
+ goto failed;
+ }
+
+ /* CN=<Server name>, CN=Servers, CN=<Site name>, CN=Sites, ... */
+ site_name_val = ldb_dn_get_component_val(server_dn, 2);
+ if (site_name_val == NULL) {
+ goto failed;
+ }
+
+ site_name = (const char *) site_name_val->data;
+
+ talloc_steal(tctx, site_name);
+ talloc_free(tmp_ctx);
+
+ return site_name;
+
+failed:
+ talloc_free(tmp_ctx);
+ return NULL;
+}
+
static bool test_netr_DsrGetDcSiteCoverageW(struct torture_context *tctx,
struct dcerpc_pipe *p)
{
+ char *url;
+ struct ldb_context *sam_ctx = NULL;
NTSTATUS status;
struct netr_DsrGetDcSiteCoverageW r;
struct DcSitesCtr *ctr = NULL;
struct dcerpc_binding_handle *b = p->binding_handle;
+ torture_comment(tctx, "This does only pass with the default site\n");
+
+ /* We won't double-check this when we are over 'local' transports */
+ if (dcerpc_server_name(p)) {
+ /* Set up connection to SAMDB on DC */
+ url = talloc_asprintf(tctx, "ldap://%s", dcerpc_server_name(p));
+ sam_ctx = ldb_wrap_connect(tctx, tctx->ev, tctx->lp_ctx, url,
+ NULL,
+ cmdline_credentials,
+ 0);
+
+ torture_assert(tctx, sam_ctx, "Connection to the SAMDB on DC failed!");
+ }
+
r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
r.out.ctr = &ctr;
torture_assert_ntstatus_ok(tctx, status, "failed");
torture_assert_werr_ok(tctx, r.out.result, "failed");
+ torture_assert(tctx, ctr->num_sites == 1,
+ "we should per default only get the default site");
+ if (sam_ctx != NULL) {
+ torture_assert_casestr_equal(tctx, ctr->sites[0].string,
+ server_site_name(tctx, sam_ctx),
+ "didn't return default site");
+ }
+
return true;
}
struct netr_DsRAddressToSitenamesW r;
struct netr_DsRAddress addrs[6];
struct sockaddr_in *addr;
+#ifdef HAVE_IPV6
struct sockaddr_in6 *addr6;
+#endif
struct netr_DsRAddressToSitenamesWCtr *ctr;
struct dcerpc_binding_handle *b = p->binding_handle;
uint32_t i;
addrs[0].size = sizeof(struct sockaddr_in);
addrs[0].buffer = talloc_zero_array(tctx, uint8_t, addrs[0].size);
addr = (struct sockaddr_in *) addrs[0].buffer;
- addr->sin_family = AF_INET;
+ addrs[0].buffer[0] = AF_INET;
ret = inet_pton(AF_INET, "127.0.0.1", &addr->sin_addr);
torture_assert(tctx, ret > 0, "inet_pton failed");
addrs[1].size = sizeof(struct sockaddr_in);
addrs[1].buffer = talloc_zero_array(tctx, uint8_t, addrs[1].size);
addr = (struct sockaddr_in *) addrs[1].buffer;
- addr->sin_family = AF_INET;
+ addrs[1].buffer[0] = AF_INET;
ret = inet_pton(AF_INET, "0.0.0.0", &addr->sin_addr);
torture_assert(tctx, ret > 0, "inet_pton failed");
addrs[2].size = sizeof(struct sockaddr_in);
addrs[2].buffer = talloc_zero_array(tctx, uint8_t, addrs[2].size);
addr = (struct sockaddr_in *) addrs[2].buffer;
- addr->sin_family = AF_INET;
- ret = inet_pton(AF_INET, "255.255.255.255",
- &((struct sockaddr_in *)addrs[2].buffer)->sin_addr);
+ addrs[2].buffer[0] = AF_INET;
+ ret = inet_pton(AF_INET, "255.255.255.255", &addr->sin_addr);
torture_assert(tctx, ret > 0, "inet_pton failed");
+#ifdef HAVE_IPV6
addrs[3].size = sizeof(struct sockaddr_in6);
addrs[3].buffer = talloc_zero_array(tctx, uint8_t, addrs[3].size);
addr6 = (struct sockaddr_in6 *) addrs[3].buffer;
- addr6->sin6_family = AF_INET6;
+ addrs[3].buffer[0] = AF_INET6;
ret = inet_pton(AF_INET6, "::1", &addr6->sin6_addr);
torture_assert(tctx, ret > 0, "inet_pton failed");
addrs[4].size = sizeof(struct sockaddr_in6);
addrs[4].buffer = talloc_zero_array(tctx, uint8_t, addrs[4].size);
addr6 = (struct sockaddr_in6 *) addrs[4].buffer;
- addr6->sin6_family = AF_INET6;
+ addrs[4].buffer[0] = AF_INET6;
ret = inet_pton(AF_INET6, "::", &addr6->sin6_addr);
torture_assert(tctx, ret > 0, "inet_pton failed");
addrs[5].size = sizeof(struct sockaddr_in6);
addrs[5].buffer = talloc_zero_array(tctx, uint8_t, addrs[5].size);
addr6 = (struct sockaddr_in6 *) addrs[5].buffer;
- addr6->sin6_family = AF_INET6;
+ addrs[5].buffer[0] = AF_INET6;
ret = inet_pton(AF_INET6, "ff02::1", &addr6->sin6_addr);
torture_assert(tctx, ret > 0, "inet_pton failed");
+#else
+ /* the test cases are repeated to have exactly 6. This is for
+ * compatibility with IPv4-only machines */
+ addrs[3].size = sizeof(struct sockaddr_in);
+ addrs[3].buffer = talloc_zero_array(tctx, uint8_t, addrs[3].size);
+ addr = (struct sockaddr_in *) addrs[3].buffer;
+ addrs[3].buffer[0] = AF_INET;
+ ret = inet_pton(AF_INET, "127.0.0.1", &addr->sin_addr);
+ torture_assert(tctx, ret > 0, "inet_pton failed");
+
+ addrs[4].size = sizeof(struct sockaddr_in);
+ addrs[4].buffer = talloc_zero_array(tctx, uint8_t, addrs[4].size);
+ addr = (struct sockaddr_in *) addrs[4].buffer;
+ addrs[4].buffer[0] = AF_INET;
+ ret = inet_pton(AF_INET, "0.0.0.0", &addr->sin_addr);
+ torture_assert(tctx, ret > 0, "inet_pton failed");
+
+ addrs[5].size = sizeof(struct sockaddr_in);
+ addrs[5].buffer = talloc_zero_array(tctx, uint8_t, addrs[5].size);
+ addr = (struct sockaddr_in *) addrs[5].buffer;
+ addrs[5].buffer[0] = AF_INET;
+ ret = inet_pton(AF_INET, "255.255.255.255", &addr->sin_addr);
+ torture_assert(tctx, ret > 0, "inet_pton failed");
+#endif
ctr = talloc(tctx, struct netr_DsRAddressToSitenamesWCtr);
for (i = 0; i < 3; i++) {
torture_assert_casestr_equal(tctx,
ctr->sitename[i].string,
- samdb_server_site_name(sam_ctx, tctx),
+ server_site_name(tctx, sam_ctx),
"didn't return default site");
}
for (i = 3; i < 6; i++) {
-/* Windows returns "NULL" for the sitename if it isn't IPv6 configured
- torture_assert_casestr_equal(tctx,
- ctr->sitename[i].string,
- samdb_server_site_name(sam_ctx, tctx),
- "didn't return default site");
-*/
+ /* Windows returns "NULL" for the sitename if it isn't
+ * IPv6 configured */
+ if (torture_setting_bool(tctx, "samba4", false)) {
+ torture_assert_casestr_equal(tctx,
+ ctr->sitename[i].string,
+ server_site_name(tctx, sam_ctx),
+ "didn't return default site");
+ }
}
}
addrs[0].size = 10;
addrs[0].buffer[0] = AF_UNSPEC;
addrs[1].size = 10;
- addrs[1].buffer[0] = AF_LOCAL;
+ addrs[1].buffer[0] = AF_UNIX; /* AF_LOCAL = AF_UNIX */
addrs[2].size = 10;
addrs[2].buffer[0] = AF_UNIX;
addrs[3].size = 10;
- addrs[3].buffer[0] = AF_FILE;
+ addrs[3].buffer[0] = 250;
addrs[4].size = 10;
- addrs[4].buffer[0] = AF_AX25;
+ addrs[4].buffer[0] = 251;
addrs[5].size = 10;
- addrs[5].buffer[0] = AF_IPX;
+ addrs[5].buffer[0] = 252;
status = dcerpc_netr_DsRAddressToSitenamesW_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "failed");
struct netr_DsRAddressToSitenamesExW r;
struct netr_DsRAddress addrs[6];
struct sockaddr_in *addr;
+#ifdef HAVE_IPV6
struct sockaddr_in6 *addr6;
+#endif
struct netr_DsRAddressToSitenamesExWCtr *ctr;
struct dcerpc_binding_handle *b = p->binding_handle;
uint32_t i;
addrs[0].size = sizeof(struct sockaddr_in);
addrs[0].buffer = talloc_zero_array(tctx, uint8_t, addrs[0].size);
addr = (struct sockaddr_in *) addrs[0].buffer;
- addr->sin_family = AF_INET;
+ addrs[0].buffer[0] = AF_INET;
ret = inet_pton(AF_INET, "127.0.0.1", &addr->sin_addr);
torture_assert(tctx, ret > 0, "inet_pton failed");
addrs[1].size = sizeof(struct sockaddr_in);
addrs[1].buffer = talloc_zero_array(tctx, uint8_t, addrs[1].size);
addr = (struct sockaddr_in *) addrs[1].buffer;
- addr->sin_family = AF_INET;
+ addrs[1].buffer[0] = AF_INET;
ret = inet_pton(AF_INET, "0.0.0.0", &addr->sin_addr);
torture_assert(tctx, ret > 0, "inet_pton failed");
addrs[2].size = sizeof(struct sockaddr_in);
addrs[2].buffer = talloc_zero_array(tctx, uint8_t, addrs[2].size);
addr = (struct sockaddr_in *) addrs[2].buffer;
- addr->sin_family = AF_INET;
- ret = inet_pton(AF_INET, "255.255.255.255",
- &((struct sockaddr_in *)addrs[2].buffer)->sin_addr);
+ addrs[2].buffer[0] = AF_INET;
+ ret = inet_pton(AF_INET, "255.255.255.255", &addr->sin_addr);
torture_assert(tctx, ret > 0, "inet_pton failed");
+#ifdef HAVE_IPV6
addrs[3].size = sizeof(struct sockaddr_in6);
addrs[3].buffer = talloc_zero_array(tctx, uint8_t, addrs[3].size);
addr6 = (struct sockaddr_in6 *) addrs[3].buffer;
- addr6->sin6_family = AF_INET6;
+ addrs[3].buffer[0] = AF_INET6;
ret = inet_pton(AF_INET6, "::1", &addr6->sin6_addr);
torture_assert(tctx, ret > 0, "inet_pton failed");
addrs[4].size = sizeof(struct sockaddr_in6);
addrs[4].buffer = talloc_zero_array(tctx, uint8_t, addrs[4].size);
addr6 = (struct sockaddr_in6 *) addrs[4].buffer;
- addr6->sin6_family = AF_INET6;
+ addrs[4].buffer[0] = AF_INET6;
ret = inet_pton(AF_INET6, "::", &addr6->sin6_addr);
torture_assert(tctx, ret > 0, "inet_pton failed");
addrs[5].size = sizeof(struct sockaddr_in6);
addrs[5].buffer = talloc_zero_array(tctx, uint8_t, addrs[5].size);
addr6 = (struct sockaddr_in6 *) addrs[5].buffer;
- addr6->sin6_family = AF_INET6;
+ addrs[5].buffer[0] = AF_INET6;
ret = inet_pton(AF_INET6, "ff02::1", &addr6->sin6_addr);
torture_assert(tctx, ret > 0, "inet_pton failed");
+#else
+ /* the test cases are repeated to have exactly 6. This is for
+ * compatibility with IPv4-only machines */
+ addrs[3].size = sizeof(struct sockaddr_in);
+ addrs[3].buffer = talloc_zero_array(tctx, uint8_t, addrs[3].size);
+ addr = (struct sockaddr_in *) addrs[3].buffer;
+ addrs[3].buffer[0] = AF_INET;
+ ret = inet_pton(AF_INET, "127.0.0.1", &addr->sin_addr);
+ torture_assert(tctx, ret > 0, "inet_pton failed");
+
+ addrs[4].size = sizeof(struct sockaddr_in);
+ addrs[4].buffer = talloc_zero_array(tctx, uint8_t, addrs[4].size);
+ addr = (struct sockaddr_in *) addrs[4].buffer;
+ addrs[4].buffer[0] = AF_INET;
+ ret = inet_pton(AF_INET, "0.0.0.0", &addr->sin_addr);
+ torture_assert(tctx, ret > 0, "inet_pton failed");
+
+ addrs[5].size = sizeof(struct sockaddr_in);
+ addrs[5].buffer = talloc_zero_array(tctx, uint8_t, addrs[5].size);
+ addr = (struct sockaddr_in *) addrs[5].buffer;
+ addrs[5].buffer[0] = AF_INET;
+ ret = inet_pton(AF_INET, "255.255.255.255", &addr->sin_addr);
+ torture_assert(tctx, ret > 0, "inet_pton failed");
+#endif
ctr = talloc(tctx, struct netr_DsRAddressToSitenamesExWCtr);
for (i = 0; i < 3; i++) {
torture_assert_casestr_equal(tctx,
ctr->sitename[i].string,
- samdb_server_site_name(sam_ctx, tctx),
+ server_site_name(tctx, sam_ctx),
"didn't return default site");
torture_assert(tctx, ctr->subnetname[i].string == NULL,
"subnet should be null");
}
for (i = 3; i < 6; i++) {
-/* Windows returns "NULL" for the sitename if it isn't IPv6 configured
- torture_assert_casestr_equal(tctx,
- ctr->sitename[i].string,
- samdb_server_site_name(sam_ctx, tctx),
- "didn't return default site");
-*/
+ /* Windows returns "NULL" for the sitename if it isn't
+ * IPv6 configured */
+ if (torture_setting_bool(tctx, "samba4", false)) {
+ torture_assert_casestr_equal(tctx,
+ ctr->sitename[i].string,
+ server_site_name(tctx, sam_ctx),
+ "didn't return default site");
+ }
torture_assert(tctx, ctr->subnetname[i].string == NULL,
"subnet should be null");
}
addrs[0].size = 10;
addrs[0].buffer[0] = AF_UNSPEC;
addrs[1].size = 10;
- addrs[1].buffer[0] = AF_LOCAL;
+ addrs[1].buffer[0] = AF_UNIX; /* AF_LOCAL = AF_UNIX */
addrs[2].size = 10;
addrs[2].buffer[0] = AF_UNIX;
addrs[3].size = 10;
- addrs[3].buffer[0] = AF_FILE;
+ addrs[3].buffer[0] = 250;
addrs[4].size = 10;
- addrs[4].buffer[0] = AF_AX25;
+ addrs[4].buffer[0] = 251;
addrs[5].size = 10;
- addrs[5].buffer[0] = AF_IPX;
+ addrs[5].buffer[0] = 252;
status = dcerpc_netr_DsRAddressToSitenamesExW_r(b, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "failed");
ZERO_STRUCT(q1);
q1.dns_hostname = talloc_asprintf(tctx, "%s.%s", TEST_MACHINE_NAME,
- lp_dnsdomain(tctx->lp_ctx));
+ lpcfg_dnsdomain(tctx->lp_ctx));
q1.sitename = "Default-First-Site-Name";
q1.os_version.os = &os;
q1.os_name.string = talloc_asprintf(tctx,
torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
- msleep(250);
+ smb_msleep(250);
if (sam_ctx) {
/* AD workstation infos entry check */
/* Change also the DNS hostname to test differences in behaviour */
talloc_free(discard_const_p(char, q1.dns_hostname));
q1.dns_hostname = talloc_asprintf(tctx, "%s2.%s", TEST_MACHINE_NAME,
- lp_dnsdomain(tctx->lp_ctx));
+ lpcfg_dnsdomain(tctx->lp_ctx));
/* The workstation handles the "servicePrincipalName" and DNS hostname
updates */
torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
- msleep(250);
+ smb_msleep(250);
if (sam_ctx) {
/* AD workstation infos entry check */
/* Change also the DNS hostname to test differences in behaviour */
talloc_free(discard_const_p(char, q1.dns_hostname));
q1.dns_hostname = talloc_asprintf(tctx, "%s2.%s", TEST_MACHINE_NAME,
- lp_dnsdomain(tctx->lp_ctx));
+ lpcfg_dnsdomain(tctx->lp_ctx));
/* Wipe out the osVersion, and prove which values still 'stick' */
q1.os_version.os = NULL;
torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
- msleep(250);
+ smb_msleep(250);
if (sam_ctx) {
/* AD workstation infos entry check */
/* Put the DNS hostname back */
talloc_free(discard_const_p(char, q1.dns_hostname));
q1.dns_hostname = talloc_asprintf(tctx, "%s.%s", TEST_MACHINE_NAME,
- lp_dnsdomain(tctx->lp_ctx));
+ lpcfg_dnsdomain(tctx->lp_ctx));
/* The workstation handles the "servicePrincipalName" and DNS hostname
updates */
torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
- msleep(250);
+ smb_msleep(250);
/* Now the in/out DNS hostnames should be the same */
torture_assert_str_equal(tctx,
info.domain_info->dns_hostname.string,
query.workstation_info->dns_hostname,
"In/Out 'DNS hostnames' don't match!");
+ old_dnsname = info.domain_info->dns_hostname.string;
/* Checks "workstation flags" */
torture_assert(tctx,
torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
- msleep(250);
+ smb_msleep(250);
/* Checks "workstation flags" */
torture_assert(tctx,
&& (info.domain_info->trusted_domains != NULL),
"Trusted domains have been requested!");
+
+ torture_comment(tctx, "Testing netr_LogonGetDomainInfo 6th call (no DNS hostname)\n");
+ netlogon_creds_client_authenticator(creds, &a);
+
+ query.workstation_info->dns_hostname = NULL;
+
+ torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonGetDomainInfo_r(b, tctx, &r),
+ "LogonGetDomainInfo failed");
+ torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
+ torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
+
+ /* The old DNS hostname should stick */
+ torture_assert_str_equal(tctx,
+ info.domain_info->dns_hostname.string,
+ old_dnsname,
+ "'DNS hostname' changed!");
+
+
+ if (!torture_setting_bool(tctx, "dangerous", false)) {
+ torture_comment(tctx, "Not testing netr_LogonGetDomainInfo 7th call (no workstation info) - enable dangerous tests in order to do so\n");
+ } else {
+ /* Try a call without the workstation information structure */
+
+ torture_comment(tctx, "Testing netr_LogonGetDomainInfo 7th call (no workstation info)\n");
+ netlogon_creds_client_authenticator(creds, &a);
+
+ query.workstation_info = NULL;
+
+ torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonGetDomainInfo_r(b, tctx, &r),
+ "LogonGetDomainInfo failed");
+ torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
+ torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
+ }
+
return true;
}
ZERO_STRUCT(q1);
q1.dns_hostname = talloc_asprintf(tctx, "%s.%s", TEST_MACHINE_NAME,
- lp_dnsdomain(tctx->lp_ctx));
+ lpcfg_dnsdomain(tctx->lp_ctx));
q1.sitename = "Default-First-Site-Name";
q1.os_name.string = "UNIX/Linux or similar";
/* even with this flush per request a w2k3 server seems to
clag with multiple outstanding requests. bleergh. */
- torture_assert_int_equal(tctx, event_loop_once(dcerpc_event_context(p)), 0,
- "event_loop_once failed");
+ torture_assert_int_equal(tctx, tevent_loop_once(dcerpc_event_context(p)), 0,
+ "tevent_loop_once failed");
}
for (i=0;i<ASYNC_COUNT;i++) {
struct torture_suite *torture_rpc_netlogon(TALLOC_CTX *mem_ctx)
{
- struct torture_suite *suite = torture_suite_create(mem_ctx, "NETLOGON");
+ struct torture_suite *suite = torture_suite_create(mem_ctx, "netlogon");
struct torture_rpc_tcase *tcase;
struct torture_test *test;
torture_rpc_tcase_add_test(tcase, "DsRAddressToSitenamesW", test_netr_DsRAddressToSitenamesW);
torture_rpc_tcase_add_test(tcase, "DsRAddressToSitenamesExW", test_netr_DsRAddressToSitenamesExW);
torture_rpc_tcase_add_test_creds(tcase, "ServerGetTrustInfo", test_netr_ServerGetTrustInfo);
+ torture_rpc_tcase_add_test_creds(tcase, "GetForestTrustInformation", test_netr_GetForestTrustInformation);
return suite;
}
struct torture_suite *torture_rpc_netlogon_s3(TALLOC_CTX *mem_ctx)
{
- struct torture_suite *suite = torture_suite_create(mem_ctx, "NETLOGON-S3");
+ struct torture_suite *suite = torture_suite_create(mem_ctx, "netlogon-s3");
struct torture_rpc_tcase *tcase;
tcase = torture_suite_add_machine_bdc_rpc_iface_tcase(suite, "netlogon",
struct torture_suite *torture_rpc_netlogon_admin(TALLOC_CTX *mem_ctx)
{
- struct torture_suite *suite = torture_suite_create(mem_ctx, "NETLOGON-ADMIN");
+ struct torture_suite *suite = torture_suite_create(mem_ctx, "netlogon.admin");
struct torture_rpc_tcase *tcase;
tcase = torture_suite_add_machine_bdc_rpc_iface_tcase(suite, "netlogon",