2 Unix SMB/CIFS implementation.
4 test suite for netlogon rpc operations
6 Copyright (C) Andrew Tridgell 2003
7 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2003-2004
8 Copyright (C) Tim Potter 2003
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
25 #include "torture/torture.h"
26 #include "lib/events/events.h"
27 #include "auth/auth.h"
28 #include "lib/cmdline/popt_common.h"
29 #include "torture/rpc/rpc.h"
30 #include "libcli/auth/libcli_auth.h"
31 #include "librpc/gen_ndr/ndr_netlogon_c.h"
32 #include "librpc/gen_ndr/ndr_lsa_c.h"
33 #include "param/param.h"
35 #define TEST_MACHINE_NAME "torturetest"
37 static bool test_LogonUasLogon(struct torture_context *tctx,
38 struct dcerpc_pipe *p)
41 struct netr_LogonUasLogon r;
43 r.in.server_name = NULL;
44 r.in.account_name = cli_credentials_get_username(cmdline_credentials);
45 r.in.workstation = TEST_MACHINE_NAME;
47 status = dcerpc_netr_LogonUasLogon(p, tctx, &r);
48 torture_assert_ntstatus_ok(tctx, status, "LogonUasLogon");
53 static bool test_LogonUasLogoff(struct torture_context *tctx,
54 struct dcerpc_pipe *p)
57 struct netr_LogonUasLogoff r;
59 r.in.server_name = NULL;
60 r.in.account_name = cli_credentials_get_username(cmdline_credentials);
61 r.in.workstation = TEST_MACHINE_NAME;
63 status = dcerpc_netr_LogonUasLogoff(p, tctx, &r);
64 torture_assert_ntstatus_ok(tctx, status, "LogonUasLogoff");
69 static bool test_SetupCredentials(struct dcerpc_pipe *p, struct torture_context *tctx,
70 struct cli_credentials *credentials,
71 struct creds_CredentialState **creds_out)
74 struct netr_ServerReqChallenge r;
75 struct netr_ServerAuthenticate a;
76 struct netr_Credential credentials1, credentials2, credentials3;
77 struct creds_CredentialState *creds;
78 struct samr_Password mach_password;
79 const char *plain_pass;
80 const char *machine_name;
82 plain_pass = cli_credentials_get_password(credentials);
83 machine_name = cli_credentials_get_workstation(credentials);
85 torture_comment(tctx, "Testing ServerReqChallenge\n");
87 creds = talloc(tctx, struct creds_CredentialState);
88 torture_assert(tctx, creds != NULL, "memory allocation");
90 r.in.server_name = NULL;
91 r.in.computer_name = machine_name;
92 r.in.credentials = &credentials1;
93 r.out.credentials = &credentials2;
95 generate_random_buffer(credentials1.data, sizeof(credentials1.data));
97 status = dcerpc_netr_ServerReqChallenge(p, tctx, &r);
98 torture_assert_ntstatus_ok(tctx, status, "ServerReqChallenge");
100 E_md4hash(plain_pass, mach_password.hash);
102 a.in.server_name = NULL;
103 a.in.account_name = talloc_asprintf(tctx, "%s$", machine_name);
104 a.in.secure_channel_type = SEC_CHAN_BDC;
105 a.in.computer_name = machine_name;
106 a.in.credentials = &credentials3;
107 a.out.credentials = &credentials3;
109 creds_client_init(creds, &credentials1, &credentials2,
110 &mach_password, &credentials3,
113 torture_comment(tctx, "Testing ServerAuthenticate\n");
115 status = dcerpc_netr_ServerAuthenticate(p, tctx, &a);
116 torture_assert_ntstatus_ok(tctx, status, "ServerAuthenticate");
118 torture_assert(tctx, creds_client_check(creds, &credentials3),
119 "Credential chaining failed");
125 static bool test_SetupCredentials2(struct dcerpc_pipe *p, struct torture_context *tctx,
126 uint32_t negotiate_flags,
127 struct cli_credentials *machine_credentials,
129 struct creds_CredentialState **creds_out)
132 struct netr_ServerReqChallenge r;
133 struct netr_ServerAuthenticate2 a;
134 struct netr_Credential credentials1, credentials2, credentials3;
135 struct creds_CredentialState *creds;
136 struct samr_Password mach_password;
137 const char *machine_name;
138 const char *plain_pass;
140 machine_name = cli_credentials_get_workstation(machine_credentials);
141 plain_pass = cli_credentials_get_password(machine_credentials);
143 torture_comment(tctx, "Testing ServerReqChallenge\n");
145 creds = talloc(tctx, struct creds_CredentialState);
146 torture_assert(tctx, creds != NULL, "memory allocation");
148 r.in.server_name = NULL;
149 r.in.computer_name = machine_name;
150 r.in.credentials = &credentials1;
151 r.out.credentials = &credentials2;
153 generate_random_buffer(credentials1.data, sizeof(credentials1.data));
155 status = dcerpc_netr_ServerReqChallenge(p, tctx, &r);
156 torture_assert_ntstatus_ok(tctx, status, "ServerReqChallenge");
158 E_md4hash(plain_pass, mach_password.hash);
160 a.in.server_name = NULL;
161 a.in.account_name = talloc_asprintf(tctx, "%s$", machine_name);
162 a.in.secure_channel_type = sec_chan_type;
163 a.in.computer_name = machine_name;
164 a.in.negotiate_flags = &negotiate_flags;
165 a.out.negotiate_flags = &negotiate_flags;
166 a.in.credentials = &credentials3;
167 a.out.credentials = &credentials3;
169 creds_client_init(creds, &credentials1, &credentials2,
170 &mach_password, &credentials3,
173 torture_comment(tctx, "Testing ServerAuthenticate2\n");
175 status = dcerpc_netr_ServerAuthenticate2(p, tctx, &a);
176 torture_assert_ntstatus_ok(tctx, status, "ServerAuthenticate2");
178 torture_assert(tctx, creds_client_check(creds, &credentials3),
179 "Credential chaining failed");
181 torture_comment(tctx, "negotiate_flags=0x%08x\n", negotiate_flags);
188 static bool test_SetupCredentials3(struct dcerpc_pipe *p, struct torture_context *tctx,
189 uint32_t negotiate_flags,
190 struct cli_credentials *machine_credentials,
191 struct creds_CredentialState **creds_out)
194 struct netr_ServerReqChallenge r;
195 struct netr_ServerAuthenticate3 a;
196 struct netr_Credential credentials1, credentials2, credentials3;
197 struct creds_CredentialState *creds;
198 struct samr_Password mach_password;
200 const char *machine_name;
201 const char *plain_pass;
203 machine_name = cli_credentials_get_workstation(machine_credentials);
204 plain_pass = cli_credentials_get_password(machine_credentials);
206 torture_comment(tctx, "Testing ServerReqChallenge\n");
208 creds = talloc(tctx, struct creds_CredentialState);
209 torture_assert(tctx, creds != NULL, "memory allocation");
211 r.in.server_name = NULL;
212 r.in.computer_name = machine_name;
213 r.in.credentials = &credentials1;
214 r.out.credentials = &credentials2;
216 generate_random_buffer(credentials1.data, sizeof(credentials1.data));
218 status = dcerpc_netr_ServerReqChallenge(p, tctx, &r);
219 torture_assert_ntstatus_ok(tctx, status, "ServerReqChallenge");
221 E_md4hash(plain_pass, mach_password.hash);
223 a.in.server_name = NULL;
224 a.in.account_name = talloc_asprintf(tctx, "%s$", machine_name);
225 a.in.secure_channel_type = SEC_CHAN_BDC;
226 a.in.computer_name = machine_name;
227 a.in.negotiate_flags = &negotiate_flags;
228 a.in.credentials = &credentials3;
229 a.out.credentials = &credentials3;
230 a.out.negotiate_flags = &negotiate_flags;
233 creds_client_init(creds, &credentials1, &credentials2,
234 &mach_password, &credentials3,
237 torture_comment(tctx, "Testing ServerAuthenticate3\n");
239 status = dcerpc_netr_ServerAuthenticate3(p, tctx, &a);
240 torture_assert_ntstatus_ok(tctx, status, "ServerAuthenticate3");
241 torture_assert(tctx, creds_client_check(creds, &credentials3), "Credential chaining failed");
243 torture_comment(tctx, "negotiate_flags=0x%08x\n", negotiate_flags);
250 try a change password for our machine account
252 static bool test_SetPassword(struct torture_context *tctx,
253 struct dcerpc_pipe *p,
254 struct cli_credentials *machine_credentials)
257 struct netr_ServerPasswordSet r;
258 const char *password;
259 struct creds_CredentialState *creds;
261 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
265 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
266 r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
267 r.in.secure_channel_type = SEC_CHAN_BDC;
268 r.in.computer_name = TEST_MACHINE_NAME;
270 password = generate_random_str(tctx, 8);
271 E_md4hash(password, r.in.new_password.hash);
273 creds_des_encrypt(creds, &r.in.new_password);
275 torture_comment(tctx, "Testing ServerPasswordSet on machine account\n");
276 torture_comment(tctx, "Changing machine account password to '%s'\n",
279 creds_client_authenticator(creds, &r.in.credential);
281 status = dcerpc_netr_ServerPasswordSet(p, tctx, &r);
282 torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet");
284 if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
285 torture_comment(tctx, "Credential chaining failed\n");
288 /* by changing the machine password twice we test the
289 credentials chaining fully, and we verify that the server
290 allows the password to be set to the same value twice in a
291 row (match win2k3) */
292 torture_comment(tctx,
293 "Testing a second ServerPasswordSet on machine account\n");
294 torture_comment(tctx,
295 "Changing machine account password to '%s' (same as previous run)\n", password);
297 creds_client_authenticator(creds, &r.in.credential);
299 status = dcerpc_netr_ServerPasswordSet(p, tctx, &r);
300 torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet (2)");
302 if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
303 torture_comment(tctx, "Credential chaining failed\n");
306 cli_credentials_set_password(machine_credentials, password, CRED_SPECIFIED);
309 test_SetupCredentials(p, tctx, machine_credentials, &creds),
310 "ServerPasswordSet failed to actually change the password");
316 try a change password for our machine account
318 static bool test_SetPassword2(struct torture_context *tctx,
319 struct dcerpc_pipe *p,
320 struct cli_credentials *machine_credentials)
323 struct netr_ServerPasswordSet2 r;
324 const char *password;
325 struct creds_CredentialState *creds;
326 struct samr_CryptPassword password_buf;
328 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
332 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
333 r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
334 r.in.secure_channel_type = SEC_CHAN_BDC;
335 r.in.computer_name = TEST_MACHINE_NAME;
337 password = generate_random_str(tctx, 8);
338 encode_pw_buffer(password_buf.data, password, STR_UNICODE);
339 creds_arcfour_crypt(creds, password_buf.data, 516);
341 memcpy(r.in.new_password.data, password_buf.data, 512);
342 r.in.new_password.length = IVAL(password_buf.data, 512);
344 torture_comment(tctx, "Testing ServerPasswordSet2 on machine account\n");
345 torture_comment(tctx, "Changing machine account password to '%s'\n", password);
347 creds_client_authenticator(creds, &r.in.credential);
349 status = dcerpc_netr_ServerPasswordSet2(p, tctx, &r);
350 torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet2");
352 if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
353 torture_comment(tctx, "Credential chaining failed\n");
356 cli_credentials_set_password(machine_credentials, password, CRED_SPECIFIED);
358 if (!torture_setting_bool(tctx, "dangerous", false)) {
359 torture_comment(tctx,
360 "Not testing ability to set password to '', enable dangerous tests to perform this test\n");
362 /* by changing the machine password to ""
363 * we check if the server uses password restrictions
364 * for ServerPasswordSet2
365 * (win2k3 accepts "")
368 encode_pw_buffer(password_buf.data, password, STR_UNICODE);
369 creds_arcfour_crypt(creds, password_buf.data, 516);
371 memcpy(r.in.new_password.data, password_buf.data, 512);
372 r.in.new_password.length = IVAL(password_buf.data, 512);
374 torture_comment(tctx,
375 "Testing ServerPasswordSet2 on machine account\n");
376 torture_comment(tctx,
377 "Changing machine account password to '%s'\n", password);
379 creds_client_authenticator(creds, &r.in.credential);
381 status = dcerpc_netr_ServerPasswordSet2(p, tctx, &r);
382 torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet2");
384 if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
385 torture_comment(tctx, "Credential chaining failed\n");
388 cli_credentials_set_password(machine_credentials, password, CRED_SPECIFIED);
391 torture_assert(tctx, test_SetupCredentials(p, tctx, machine_credentials, &creds),
392 "ServerPasswordSet failed to actually change the password");
394 /* now try a random password */
395 password = generate_random_str(tctx, 8);
396 encode_pw_buffer(password_buf.data, password, STR_UNICODE);
397 creds_arcfour_crypt(creds, password_buf.data, 516);
399 memcpy(r.in.new_password.data, password_buf.data, 512);
400 r.in.new_password.length = IVAL(password_buf.data, 512);
402 torture_comment(tctx, "Testing second ServerPasswordSet2 on machine account\n");
403 torture_comment(tctx, "Changing machine account password to '%s'\n", password);
405 creds_client_authenticator(creds, &r.in.credential);
407 status = dcerpc_netr_ServerPasswordSet2(p, tctx, &r);
408 torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet2 (2)");
410 if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
411 torture_comment(tctx, "Credential chaining failed\n");
414 /* by changing the machine password twice we test the
415 credentials chaining fully, and we verify that the server
416 allows the password to be set to the same value twice in a
417 row (match win2k3) */
418 torture_comment(tctx,
419 "Testing a second ServerPasswordSet2 on machine account\n");
420 torture_comment(tctx,
421 "Changing machine account password to '%s' (same as previous run)\n", password);
423 creds_client_authenticator(creds, &r.in.credential);
425 status = dcerpc_netr_ServerPasswordSet2(p, tctx, &r);
426 torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet (3)");
428 if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
429 torture_comment(tctx, "Credential chaining failed\n");
432 cli_credentials_set_password(machine_credentials, password, CRED_SPECIFIED);
434 torture_assert (tctx,
435 test_SetupCredentials(p, tctx, machine_credentials, &creds),
436 "ServerPasswordSet failed to actually change the password");
442 try a netlogon SamLogon
444 bool test_netlogon_ops(struct dcerpc_pipe *p, struct torture_context *tctx,
445 struct cli_credentials *credentials,
446 struct creds_CredentialState *creds)
449 struct netr_LogonSamLogon r;
450 struct netr_Authenticator auth, auth2;
451 struct netr_NetworkInfo ninfo;
452 DATA_BLOB names_blob, chal, lm_resp, nt_resp;
454 int flags = CLI_CRED_NTLM_AUTH;
455 if (lp_client_lanman_auth()) {
456 flags |= CLI_CRED_LANMAN_AUTH;
459 if (lp_client_ntlmv2_auth()) {
460 flags |= CLI_CRED_NTLMv2_AUTH;
463 cli_credentials_get_ntlm_username_domain(cmdline_credentials, tctx,
464 &ninfo.identity_info.account_name.string,
465 &ninfo.identity_info.domain_name.string);
467 generate_random_buffer(ninfo.challenge,
468 sizeof(ninfo.challenge));
469 chal = data_blob_const(ninfo.challenge,
470 sizeof(ninfo.challenge));
472 names_blob = NTLMv2_generate_names_blob(tctx, cli_credentials_get_workstation(credentials),
473 cli_credentials_get_domain(credentials));
475 status = cli_credentials_get_ntlm_response(cmdline_credentials, tctx,
481 torture_assert_ntstatus_ok(tctx, status, "cli_credentials_get_ntlm_response failed");
483 ninfo.lm.data = lm_resp.data;
484 ninfo.lm.length = lm_resp.length;
486 ninfo.nt.data = nt_resp.data;
487 ninfo.nt.length = nt_resp.length;
489 ninfo.identity_info.parameter_control = 0;
490 ninfo.identity_info.logon_id_low = 0;
491 ninfo.identity_info.logon_id_high = 0;
492 ninfo.identity_info.workstation.string = cli_credentials_get_workstation(credentials);
494 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
495 r.in.computer_name = cli_credentials_get_workstation(credentials);
496 r.in.credential = &auth;
497 r.in.return_authenticator = &auth2;
498 r.in.logon_level = 2;
499 r.in.logon.network = &ninfo;
501 d_printf("Testing LogonSamLogon with name %s\n", ninfo.identity_info.account_name.string);
505 creds_client_authenticator(creds, &auth);
507 r.in.validation_level = i;
509 status = dcerpc_netr_LogonSamLogon(p, tctx, &r);
510 torture_assert_ntstatus_ok(tctx, status, "LogonSamLogon failed");
512 torture_assert(tctx, creds_client_check(creds, &r.out.return_authenticator->cred),
513 "Credential chaining failed");
516 r.in.credential = NULL;
520 r.in.validation_level = i;
522 torture_comment(tctx, "Testing SamLogon with validation level %d and a NULL credential\n", i);
524 status = dcerpc_netr_LogonSamLogon(p, tctx, &r);
525 torture_assert_ntstatus_equal(tctx, status, NT_STATUS_INVALID_PARAMETER,
526 "LogonSamLogon expected INVALID_PARAMETER");
534 try a netlogon SamLogon
536 static bool test_SamLogon(struct torture_context *tctx,
537 struct dcerpc_pipe *p,
538 struct cli_credentials *credentials)
540 struct creds_CredentialState *creds;
542 if (!test_SetupCredentials(p, tctx, credentials, &creds)) {
546 return test_netlogon_ops(p, tctx, credentials, creds);
549 /* we remember the sequence numbers so we can easily do a DatabaseDelta */
550 static uint64_t sequence_nums[3];
553 try a netlogon DatabaseSync
555 static bool test_DatabaseSync(struct torture_context *tctx,
556 struct dcerpc_pipe *p,
557 struct cli_credentials *machine_credentials)
560 struct netr_DatabaseSync r;
561 struct creds_CredentialState *creds;
562 const uint32_t database_ids[] = {SAM_DATABASE_DOMAIN, SAM_DATABASE_BUILTIN, SAM_DATABASE_PRIVS};
565 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
569 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
570 r.in.computername = TEST_MACHINE_NAME;
571 r.in.preferredmaximumlength = (uint32_t)-1;
572 ZERO_STRUCT(r.in.return_authenticator);
574 for (i=0;i<ARRAY_SIZE(database_ids);i++) {
575 r.in.sync_context = 0;
576 r.in.database_id = database_ids[i];
578 torture_comment(tctx, "Testing DatabaseSync of id %d\n", r.in.database_id);
581 creds_client_authenticator(creds, &r.in.credential);
583 status = dcerpc_netr_DatabaseSync(p, tctx, &r);
584 if (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES))
587 torture_assert_ntstatus_ok(tctx, status, "DatabaseSync");
589 if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
590 torture_comment(tctx, "Credential chaining failed\n");
593 r.in.sync_context = r.out.sync_context;
595 if (r.out.delta_enum_array &&
596 r.out.delta_enum_array->num_deltas > 0 &&
597 r.out.delta_enum_array->delta_enum[0].delta_type == NETR_DELTA_DOMAIN &&
598 r.out.delta_enum_array->delta_enum[0].delta_union.domain) {
599 sequence_nums[r.in.database_id] =
600 r.out.delta_enum_array->delta_enum[0].delta_union.domain->sequence_num;
601 torture_comment(tctx, "\tsequence_nums[%d]=%llu\n",
603 (unsigned long long)sequence_nums[r.in.database_id]);
605 } while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES));
613 try a netlogon DatabaseDeltas
615 static bool test_DatabaseDeltas(struct torture_context *tctx,
616 struct dcerpc_pipe *p,
617 struct cli_credentials *machine_credentials)
620 struct netr_DatabaseDeltas r;
621 struct creds_CredentialState *creds;
622 const uint32_t database_ids[] = {0, 1, 2};
625 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
629 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
630 r.in.computername = TEST_MACHINE_NAME;
631 r.in.preferredmaximumlength = (uint32_t)-1;
632 ZERO_STRUCT(r.in.return_authenticator);
634 for (i=0;i<ARRAY_SIZE(database_ids);i++) {
635 r.in.database_id = database_ids[i];
636 r.in.sequence_num = sequence_nums[r.in.database_id];
638 if (r.in.sequence_num == 0) continue;
640 r.in.sequence_num -= 1;
642 torture_comment(tctx, "Testing DatabaseDeltas of id %d at %llu\n",
643 r.in.database_id, (unsigned long long)r.in.sequence_num);
646 creds_client_authenticator(creds, &r.in.credential);
648 status = dcerpc_netr_DatabaseDeltas(p, tctx, &r);
649 if (NT_STATUS_EQUAL(status,
650 NT_STATUS_SYNCHRONIZATION_REQUIRED)) {
651 torture_comment(tctx, "not considering %s to be an error\n",
655 if (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES))
658 torture_assert_ntstatus_ok(tctx, status, "DatabaseDeltas");
660 if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
661 torture_comment(tctx, "Credential chaining failed\n");
665 } while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES));
673 try a netlogon AccountDeltas
675 static bool test_AccountDeltas(struct torture_context *tctx,
676 struct dcerpc_pipe *p,
677 struct cli_credentials *machine_credentials)
680 struct netr_AccountDeltas r;
681 struct creds_CredentialState *creds;
683 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
687 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
688 r.in.computername = TEST_MACHINE_NAME;
689 ZERO_STRUCT(r.in.return_authenticator);
690 creds_client_authenticator(creds, &r.in.credential);
691 ZERO_STRUCT(r.in.uas);
696 /* w2k3 returns "NOT IMPLEMENTED" for this call */
697 status = dcerpc_netr_AccountDeltas(p, tctx, &r);
698 torture_assert_ntstatus_equal(tctx, status, NT_STATUS_NOT_IMPLEMENTED, "AccountDeltas");
704 try a netlogon AccountSync
706 static bool test_AccountSync(struct torture_context *tctx, struct dcerpc_pipe *p,
707 struct cli_credentials *machine_credentials)
710 struct netr_AccountSync r;
711 struct creds_CredentialState *creds;
713 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
717 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
718 r.in.computername = TEST_MACHINE_NAME;
719 ZERO_STRUCT(r.in.return_authenticator);
720 creds_client_authenticator(creds, &r.in.credential);
721 ZERO_STRUCT(r.in.recordid);
726 /* w2k3 returns "NOT IMPLEMENTED" for this call */
727 status = dcerpc_netr_AccountSync(p, tctx, &r);
728 torture_assert_ntstatus_equal(tctx, status, NT_STATUS_NOT_IMPLEMENTED, "AccountSync");
734 try a netlogon GetDcName
736 static bool test_GetDcName(struct torture_context *tctx,
737 struct dcerpc_pipe *p)
740 struct netr_GetDcName r;
742 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
743 r.in.domainname = lp_workgroup();
745 status = dcerpc_netr_GetDcName(p, tctx, &r);
746 torture_assert_ntstatus_ok(tctx, status, "GetDcName");
747 torture_assert_werr_ok(tctx, r.out.result, "GetDcName");
749 torture_comment(tctx, "\tDC is at '%s'\n", r.out.dcname);
755 try a netlogon LogonControl
757 static bool test_LogonControl(struct torture_context *tctx,
758 struct dcerpc_pipe *p)
761 struct netr_LogonControl r;
764 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
765 r.in.function_code = 1;
770 torture_comment(tctx, "Testing LogonControl level %d\n", i);
772 status = dcerpc_netr_LogonControl(p, tctx, &r);
773 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
781 try a netlogon GetAnyDCName
783 static bool test_GetAnyDCName(struct torture_context *tctx,
784 struct dcerpc_pipe *p)
787 struct netr_GetAnyDCName r;
789 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
790 r.in.domainname = lp_workgroup();
792 status = dcerpc_netr_GetAnyDCName(p, tctx, &r);
793 torture_assert_ntstatus_ok(tctx, status, "GetAnyDCName");
796 torture_comment(tctx, "\tDC is at '%s'\n", r.out.dcname);
804 try a netlogon LogonControl2
806 static bool test_LogonControl2(struct torture_context *tctx,
807 struct dcerpc_pipe *p)
810 struct netr_LogonControl2 r;
813 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
815 r.in.function_code = NETLOGON_CONTROL_REDISCOVER;
816 r.in.data.domain = lp_workgroup();
821 torture_comment(tctx, "Testing LogonControl2 level %d function %d\n",
822 i, r.in.function_code);
824 status = dcerpc_netr_LogonControl2(p, tctx, &r);
825 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
828 r.in.function_code = NETLOGON_CONTROL_TC_QUERY;
829 r.in.data.domain = lp_workgroup();
834 torture_comment(tctx, "Testing LogonControl2 level %d function %d\n",
835 i, r.in.function_code);
837 status = dcerpc_netr_LogonControl2(p, tctx, &r);
838 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
841 r.in.function_code = NETLOGON_CONTROL_TRANSPORT_NOTIFY;
842 r.in.data.domain = lp_workgroup();
847 torture_comment(tctx, "Testing LogonControl2 level %d function %d\n",
848 i, r.in.function_code);
850 status = dcerpc_netr_LogonControl2(p, tctx, &r);
851 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
854 r.in.function_code = NETLOGON_CONTROL_SET_DBFLAG;
855 r.in.data.debug_level = ~0;
860 torture_comment(tctx, "Testing LogonControl2 level %d function %d\n",
861 i, r.in.function_code);
863 status = dcerpc_netr_LogonControl2(p, tctx, &r);
864 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
871 try a netlogon DatabaseSync2
873 static bool test_DatabaseSync2(struct torture_context *tctx,
874 struct dcerpc_pipe *p,
875 struct cli_credentials *machine_credentials)
878 struct netr_DatabaseSync2 r;
879 struct creds_CredentialState *creds;
880 const uint32_t database_ids[] = {0, 1, 2};
883 if (!test_SetupCredentials2(p, tctx, NETLOGON_NEG_AUTH2_FLAGS,
885 SEC_CHAN_BDC, &creds)) {
889 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
890 r.in.computername = TEST_MACHINE_NAME;
891 r.in.preferredmaximumlength = (uint32_t)-1;
892 ZERO_STRUCT(r.in.return_authenticator);
894 for (i=0;i<ARRAY_SIZE(database_ids);i++) {
895 r.in.sync_context = 0;
896 r.in.database_id = database_ids[i];
897 r.in.restart_state = 0;
899 torture_comment(tctx, "Testing DatabaseSync2 of id %d\n", r.in.database_id);
902 creds_client_authenticator(creds, &r.in.credential);
904 status = dcerpc_netr_DatabaseSync2(p, tctx, &r);
905 if (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES))
908 torture_assert_ntstatus_ok(tctx, status, "DatabaseSync2");
910 if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
911 torture_comment(tctx, "Credential chaining failed\n");
914 r.in.sync_context = r.out.sync_context;
915 } while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES));
923 try a netlogon LogonControl2Ex
925 static bool test_LogonControl2Ex(struct torture_context *tctx,
926 struct dcerpc_pipe *p)
929 struct netr_LogonControl2Ex r;
932 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
934 r.in.function_code = NETLOGON_CONTROL_REDISCOVER;
935 r.in.data.domain = lp_workgroup();
940 torture_comment(tctx, "Testing LogonControl2Ex level %d function %d\n",
941 i, r.in.function_code);
943 status = dcerpc_netr_LogonControl2Ex(p, tctx, &r);
944 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
947 r.in.function_code = NETLOGON_CONTROL_TC_QUERY;
948 r.in.data.domain = lp_workgroup();
953 torture_comment(tctx, "Testing LogonControl2Ex level %d function %d\n",
954 i, r.in.function_code);
956 status = dcerpc_netr_LogonControl2Ex(p, tctx, &r);
957 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
960 r.in.function_code = NETLOGON_CONTROL_TRANSPORT_NOTIFY;
961 r.in.data.domain = lp_workgroup();
966 torture_comment(tctx, "Testing LogonControl2Ex level %d function %d\n",
967 i, r.in.function_code);
969 status = dcerpc_netr_LogonControl2Ex(p, tctx, &r);
970 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
973 r.in.function_code = NETLOGON_CONTROL_SET_DBFLAG;
974 r.in.data.debug_level = ~0;
979 torture_comment(tctx, "Testing LogonControl2Ex level %d function %d\n",
980 i, r.in.function_code);
982 status = dcerpc_netr_LogonControl2Ex(p, tctx, &r);
983 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
989 static bool test_netr_DsRGetForestTrustInformation(struct torture_context *tctx,
990 struct dcerpc_pipe *p, const char *trusted_domain_name)
993 struct netr_DsRGetForestTrustInformation r;
994 struct lsa_ForestTrustInformation info, *info_ptr;
998 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
999 r.in.trusted_domain_name = trusted_domain_name;
1001 r.out.forest_trust_info = &info_ptr;
1003 torture_comment(tctx ,"Testing netr_DsRGetForestTrustInformation\n");
1005 status = dcerpc_netr_DsRGetForestTrustInformation(p, tctx, &r);
1006 torture_assert_ntstatus_ok(tctx, status, "DsRGetForestTrustInformation");
1007 torture_assert_werr_ok(tctx, r.out.result, "DsRGetForestTrustInformation");
1013 try a netlogon netr_DsrEnumerateDomainTrusts
1015 static bool test_DsrEnumerateDomainTrusts(struct torture_context *tctx,
1016 struct dcerpc_pipe *p)
1019 struct netr_DsrEnumerateDomainTrusts r;
1022 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1023 r.in.trust_flags = 0x3f;
1025 status = dcerpc_netr_DsrEnumerateDomainTrusts(p, tctx, &r);
1026 torture_assert_ntstatus_ok(tctx, status, "DsrEnumerateDomaintrusts");
1027 torture_assert_werr_ok(tctx, r.out.result, "DsrEnumerateDomaintrusts");
1029 /* when trusted_domain_name is NULL, netr_DsRGetForestTrustInformation
1030 * will show non-forest trusts and all UPN suffixes of the own forest
1031 * as LSA_FOREST_TRUST_TOP_LEVEL_NAME types */
1034 if (!test_netr_DsRGetForestTrustInformation(tctx, p, NULL)) {
1039 for (i=0; i<r.out.count; i++) {
1041 /* get info for transitive forest trusts */
1043 if (r.out.trusts[i].trust_attributes & NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE) {
1044 if (!test_netr_DsRGetForestTrustInformation(tctx, p,
1045 r.out.trusts[i].dns_name)) {
1054 static bool test_netr_DsRGetSiteName(struct dcerpc_pipe *p, struct torture_context *tctx,
1055 const char *computer_name,
1056 const char *expected_site)
1059 struct netr_DsRGetSiteName r;
1061 if (torture_setting_bool(tctx, "samba4", false))
1062 torture_skip(tctx, "skipping DsRGetSiteName test against Samba4");
1064 r.in.computer_name = computer_name;
1065 torture_comment(tctx, "Testing netr_DsRGetSiteName\n");
1067 status = dcerpc_netr_DsRGetSiteName(p, tctx, &r);
1068 torture_assert_ntstatus_ok(tctx, status, "DsRGetSiteName");
1069 torture_assert_werr_ok(tctx, r.out.result, "DsRGetSiteName");
1070 torture_assert_str_equal(tctx, expected_site, r.out.site, "netr_DsRGetSiteName");
1072 r.in.computer_name = talloc_asprintf(tctx, "\\\\%s", computer_name);
1073 torture_comment(tctx,
1074 "Testing netr_DsRGetSiteName with broken computer name: %s\n", r.in.computer_name);
1076 status = dcerpc_netr_DsRGetSiteName(p, tctx, &r);
1077 torture_assert_ntstatus_ok(tctx, status, "DsRGetSiteName");
1078 torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_COMPUTERNAME, "netr_DsRGetSiteName");
1084 try a netlogon netr_DsRGetDCName
1086 static bool test_netr_DsRGetDCName(struct torture_context *tctx,
1087 struct dcerpc_pipe *p)
1090 struct netr_DsRGetDCName r;
1092 r.in.server_unc = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1093 r.in.domain_name = talloc_asprintf(tctx, "%s", lp_realm());
1094 r.in.domain_guid = NULL;
1095 r.in.site_guid = NULL;
1096 r.in.flags = DS_RETURN_DNS_NAME;
1098 status = dcerpc_netr_DsRGetDCName(p, tctx, &r);
1099 torture_assert_ntstatus_ok(tctx, status, "DsRGetDCName");
1100 torture_assert_werr_ok(tctx, r.out.result, "DsRGetDCName");
1101 return test_netr_DsRGetSiteName(p, tctx,
1103 r.out.info->dc_site_name);
1107 try a netlogon netr_DsRGetDCNameEx
1109 static bool test_netr_DsRGetDCNameEx(struct torture_context *tctx,
1110 struct dcerpc_pipe *p)
1113 struct netr_DsRGetDCNameEx r;
1115 r.in.server_unc = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1116 r.in.domain_name = talloc_asprintf(tctx, "%s", lp_realm());
1117 r.in.domain_guid = NULL;
1118 r.in.site_name = NULL;
1119 r.in.flags = DS_RETURN_DNS_NAME;
1121 status = dcerpc_netr_DsRGetDCNameEx(p, tctx, &r);
1122 torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx");
1123 torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx");
1125 return test_netr_DsRGetSiteName(p, tctx, r.out.info->dc_unc,
1126 r.out.info->dc_site_name);
1130 try a netlogon netr_DsRGetDCNameEx2
1132 static bool test_netr_DsRGetDCNameEx2(struct torture_context *tctx,
1133 struct dcerpc_pipe *p)
1136 struct netr_DsRGetDCNameEx2 r;
1138 r.in.server_unc = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1139 r.in.client_account = NULL;
1140 r.in.mask = 0x00000000;
1141 r.in.domain_name = talloc_asprintf(tctx, "%s", lp_realm());
1142 r.in.domain_guid = NULL;
1143 r.in.site_name = NULL;
1144 r.in.flags = DS_RETURN_DNS_NAME;
1146 torture_comment(tctx, "Testing netr_DsRGetDCNameEx2 without client account\n");
1148 status = dcerpc_netr_DsRGetDCNameEx2(p, tctx, &r);
1149 torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx2");
1150 torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx2");
1152 torture_comment(tctx, "Testing netr_DsRGetDCNameEx2 with client acount\n");
1153 r.in.client_account = TEST_MACHINE_NAME"$";
1154 r.in.mask = ACB_SVRTRUST;
1155 r.in.flags = DS_RETURN_FLAT_NAME;
1157 status = dcerpc_netr_DsRGetDCNameEx2(p, tctx, &r);
1158 torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx2");
1159 torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx2");
1160 return test_netr_DsRGetSiteName(p, tctx, r.out.info->dc_unc,
1161 r.out.info->dc_site_name);
1164 static bool test_netr_DsrGetDcSiteCoverageW(struct torture_context *tctx,
1165 struct dcerpc_pipe *p)
1168 struct netr_DsrGetDcSiteCoverageW r;
1170 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1172 status = dcerpc_netr_DsrGetDcSiteCoverageW(p, tctx, &r);
1173 torture_assert_ntstatus_ok(tctx, status, "failed");
1174 torture_assert_werr_ok(tctx, r.out.result, "failed");
1180 static bool test_GetDomainInfo(struct torture_context *tctx,
1181 struct dcerpc_pipe *p,
1182 struct cli_credentials *machine_credentials)
1185 struct netr_LogonGetDomainInfo r;
1186 struct netr_DomainQuery1 q1;
1187 struct netr_Authenticator a;
1188 struct creds_CredentialState *creds;
1190 if (!test_SetupCredentials3(p, tctx, NETLOGON_NEG_AUTH2_ADS_FLAGS,
1191 machine_credentials, &creds)) {
1197 creds_client_authenticator(creds, &a);
1199 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1200 r.in.computer_name = TEST_MACHINE_NAME;
1202 r.in.credential = &a;
1203 r.in.return_authenticator = &a;
1204 r.out.return_authenticator = &a;
1206 r.in.query.query1 = &q1;
1209 /* this should really be the fully qualified name */
1210 q1.workstation_domain = TEST_MACHINE_NAME;
1211 q1.workstation_site = "Default-First-Site-Name";
1212 q1.blob2.length = 0;
1214 q1.blob2.data = NULL;
1215 q1.product.string = "product string";
1217 torture_comment(tctx, "Testing netr_uogonGetDomainInfo\n");
1219 status = dcerpc_netr_LogonGetDomainInfo(p, tctx, &r);
1220 torture_assert_ntstatus_ok(tctx, status, "netr_LogonGetDomainInfo");
1221 torture_assert(tctx, creds_client_check(creds, &a.cred), "Credential chaining failed");
1227 static void async_callback(struct rpc_request *req)
1229 int *counter = (int *)req->async.private_data;
1230 if (NT_STATUS_IS_OK(req->status)) {
1235 static bool test_GetDomainInfo_async(struct torture_context *tctx,
1236 struct dcerpc_pipe *p,
1237 struct cli_credentials *machine_credentials)
1240 struct netr_LogonGetDomainInfo r;
1241 struct netr_DomainQuery1 q1;
1242 struct netr_Authenticator a;
1243 #define ASYNC_COUNT 100
1244 struct creds_CredentialState *creds;
1245 struct creds_CredentialState *creds_async[ASYNC_COUNT];
1246 struct rpc_request *req[ASYNC_COUNT];
1248 int *async_counter = talloc(tctx, int);
1250 if (!test_SetupCredentials3(p, tctx, NETLOGON_NEG_AUTH2_ADS_FLAGS,
1251 machine_credentials, &creds)) {
1256 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1257 r.in.computer_name = TEST_MACHINE_NAME;
1259 r.in.credential = &a;
1260 r.in.return_authenticator = &a;
1261 r.out.return_authenticator = &a;
1263 r.in.query.query1 = &q1;
1266 /* this should really be the fully qualified name */
1267 q1.workstation_domain = TEST_MACHINE_NAME;
1268 q1.workstation_site = "Default-First-Site-Name";
1269 q1.blob2.length = 0;
1271 q1.blob2.data = NULL;
1272 q1.product.string = "product string";
1274 torture_comment(tctx, "Testing netr_LogonGetDomainInfo - async count %d\n", ASYNC_COUNT);
1278 for (i=0;i<ASYNC_COUNT;i++) {
1279 creds_client_authenticator(creds, &a);
1281 creds_async[i] = (struct creds_CredentialState *)talloc_memdup(creds, creds, sizeof(*creds));
1282 req[i] = dcerpc_netr_LogonGetDomainInfo_send(p, tctx, &r);
1284 req[i]->async.callback = async_callback;
1285 req[i]->async.private_data = async_counter;
1287 /* even with this flush per request a w2k3 server seems to
1288 clag with multiple outstanding requests. bleergh. */
1289 torture_assert_int_equal(tctx, event_loop_once(dcerpc_event_context(p)), 0,
1290 "event_loop_once failed");
1293 for (i=0;i<ASYNC_COUNT;i++) {
1294 status = dcerpc_ndr_request_recv(req[i]);
1296 torture_assert_ntstatus_ok(tctx, status, "netr_LogonGetDomainInfo_async");
1297 torture_assert_ntstatus_ok(tctx, r.out.result, "netr_LogonGetDomainInfo_async");
1299 torture_assert(tctx, creds_client_check(creds_async[i], &a.cred),
1300 "Credential chaining failed at async");
1303 torture_comment(tctx,
1304 "Testing netr_LogonGetDomainInfo - async count %d OK\n", *async_counter);
1306 torture_assert_int_equal(tctx, (*async_counter), ASYNC_COUNT, "int");
1311 static bool test_ManyGetDCName(struct torture_context *tctx,
1312 struct dcerpc_pipe *p)
1315 struct dcerpc_pipe *p2;
1316 struct lsa_ObjectAttribute attr;
1317 struct lsa_QosInfo qos;
1318 struct lsa_OpenPolicy2 o;
1319 struct policy_handle lsa_handle;
1320 struct lsa_DomainList domains;
1322 struct lsa_EnumTrustDom t;
1323 uint32_t resume_handle = 0;
1324 struct netr_GetAnyDCName d;
1328 if (p->conn->transport.transport != NCACN_NP) {
1332 torture_comment(tctx, "Torturing GetDCName\n");
1334 status = dcerpc_secondary_connection(p, &p2, p->binding);
1335 torture_assert_ntstatus_ok(tctx, status, "Failed to create secondary connection");
1337 status = dcerpc_bind_auth_none(p2, &ndr_table_lsarpc);
1338 torture_assert_ntstatus_ok(tctx, status, "Failed to create bind on secondary connection");
1341 qos.impersonation_level = 2;
1342 qos.context_mode = 1;
1343 qos.effective_only = 0;
1346 attr.root_dir = NULL;
1347 attr.object_name = NULL;
1348 attr.attributes = 0;
1349 attr.sec_desc = NULL;
1350 attr.sec_qos = &qos;
1352 o.in.system_name = "\\";
1354 o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
1355 o.out.handle = &lsa_handle;
1357 status = dcerpc_lsa_OpenPolicy2(p2, tctx, &o);
1358 torture_assert_ntstatus_ok(tctx, status, "OpenPolicy2 failed");
1360 t.in.handle = &lsa_handle;
1361 t.in.resume_handle = &resume_handle;
1362 t.in.max_size = 1000;
1363 t.out.domains = &domains;
1364 t.out.resume_handle = &resume_handle;
1366 status = dcerpc_lsa_EnumTrustDom(p2, tctx, &t);
1368 if ((!NT_STATUS_IS_OK(status) &&
1369 (!NT_STATUS_EQUAL(status, NT_STATUS_NO_MORE_ENTRIES))))
1370 torture_fail(tctx, "Could not list domains");
1374 d.in.logon_server = talloc_asprintf(tctx, "\\\\%s",
1375 dcerpc_server_name(p));
1377 for (i=0; i<domains.count * 4; i++) {
1378 struct lsa_DomainInfo *info =
1379 &domains.domains[rand()%domains.count];
1381 d.in.domainname = info->name.string;
1383 status = dcerpc_netr_GetAnyDCName(p, tctx, &d);
1384 torture_assert_ntstatus_ok(tctx, status, "GetAnyDCName");
1386 torture_comment(tctx, "\tDC for domain %s is %s\n", info->name.string,
1387 d.out.dcname ? d.out.dcname : "unknown");
1393 struct torture_suite *torture_rpc_netlogon(TALLOC_CTX *mem_ctx)
1395 struct torture_suite *suite = torture_suite_create(mem_ctx, "NETLOGON");
1396 struct torture_rpc_tcase *tcase;
1397 struct torture_test *test;
1399 tcase = torture_suite_add_machine_rpc_iface_tcase(suite, "netlogon",
1400 &ndr_table_netlogon, TEST_MACHINE_NAME);
1402 torture_rpc_tcase_add_test(tcase, "LogonUasLogon", test_LogonUasLogon);
1403 torture_rpc_tcase_add_test(tcase, "LogonUasLogoff", test_LogonUasLogoff);
1404 torture_rpc_tcase_add_test_creds(tcase, "SamLogon", test_SamLogon);
1405 torture_rpc_tcase_add_test_creds(tcase, "SetPassword", test_SetPassword);
1406 torture_rpc_tcase_add_test_creds(tcase, "SetPassword2", test_SetPassword2);
1407 torture_rpc_tcase_add_test_creds(tcase, "GetDomainInfo", test_GetDomainInfo);
1408 torture_rpc_tcase_add_test_creds(tcase, "DatabaseSync", test_DatabaseSync);
1409 torture_rpc_tcase_add_test_creds(tcase, "DatabaseDeltas", test_DatabaseDeltas);
1410 torture_rpc_tcase_add_test_creds(tcase, "AccountDeltas", test_AccountDeltas);
1411 torture_rpc_tcase_add_test_creds(tcase, "AccountSync", test_AccountSync);
1412 torture_rpc_tcase_add_test(tcase, "GetDcName", test_GetDcName);
1413 torture_rpc_tcase_add_test(tcase, "ManyGetDCName", test_ManyGetDCName);
1414 torture_rpc_tcase_add_test(tcase, "LogonControl", test_LogonControl);
1415 torture_rpc_tcase_add_test(tcase, "GetAnyDCName", test_GetAnyDCName);
1416 torture_rpc_tcase_add_test(tcase, "LogonControl2", test_LogonControl2);
1417 torture_rpc_tcase_add_test_creds(tcase, "DatabaseSync2", test_DatabaseSync2);
1418 torture_rpc_tcase_add_test(tcase, "LogonControl2Ex", test_LogonControl2Ex);
1419 torture_rpc_tcase_add_test(tcase, "DsrEnumerateDomainTrusts", test_DsrEnumerateDomainTrusts);
1420 test = torture_rpc_tcase_add_test_creds(tcase, "GetDomainInfo_async", test_GetDomainInfo_async);
1421 test->dangerous = true;
1422 torture_rpc_tcase_add_test(tcase, "DsRGetDCName", test_netr_DsRGetDCName);
1423 torture_rpc_tcase_add_test(tcase, "DsRGetDCNameEx", test_netr_DsRGetDCNameEx);
1424 torture_rpc_tcase_add_test(tcase, "DsRGetDCNameEx2", test_netr_DsRGetDCNameEx2);
1425 torture_rpc_tcase_add_test(tcase, "DsrGetDcSiteCoverageW", test_netr_DsrGetDcSiteCoverageW);