2 Unix SMB/CIFS implementation.
4 test suite for netlogon rpc operations
6 Copyright (C) Andrew Tridgell 2003
7 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2003-2004
8 Copyright (C) Tim Potter 2003
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 2 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program; if not, write to the Free Software
22 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
26 #include "torture/torture.h"
27 #include "lib/events/events.h"
28 #include "auth/auth.h"
29 #include "lib/cmdline/popt_common.h"
30 #include "torture/rpc/rpc.h"
31 #include "libcli/auth/libcli_auth.h"
32 #include "librpc/gen_ndr/ndr_netlogon_c.h"
33 #include "librpc/gen_ndr/ndr_lsa_c.h"
35 static const char *machine_password;
37 #define TEST_MACHINE_NAME "torturetest"
39 static BOOL test_LogonUasLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
42 struct netr_LogonUasLogon r;
44 r.in.server_name = NULL;
45 r.in.account_name = cli_credentials_get_username(cmdline_credentials);
46 r.in.workstation = TEST_MACHINE_NAME;
48 printf("Testing LogonUasLogon\n");
50 status = dcerpc_netr_LogonUasLogon(p, mem_ctx, &r);
51 if (!NT_STATUS_IS_OK(status)) {
52 printf("LogonUasLogon - %s\n", nt_errstr(status));
60 static BOOL test_LogonUasLogoff(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
63 struct netr_LogonUasLogoff r;
65 r.in.server_name = NULL;
66 r.in.account_name = cli_credentials_get_username(cmdline_credentials);
67 r.in.workstation = TEST_MACHINE_NAME;
69 printf("Testing LogonUasLogoff\n");
71 status = dcerpc_netr_LogonUasLogoff(p, mem_ctx, &r);
72 if (!NT_STATUS_IS_OK(status)) {
73 printf("LogonUasLogoff - %s\n", nt_errstr(status));
81 static BOOL test_SetupCredentials(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
82 const char *machine_name,
83 const char *plain_pass,
84 struct creds_CredentialState **creds_out)
87 struct netr_ServerReqChallenge r;
88 struct netr_ServerAuthenticate a;
89 struct netr_Credential credentials1, credentials2, credentials3;
90 struct creds_CredentialState *creds;
91 struct samr_Password mach_password;
93 printf("Testing ServerReqChallenge\n");
95 creds = talloc(mem_ctx, struct creds_CredentialState);
100 r.in.server_name = NULL;
101 r.in.computer_name = machine_name;
102 r.in.credentials = &credentials1;
103 r.out.credentials = &credentials2;
105 generate_random_buffer(credentials1.data, sizeof(credentials1.data));
107 status = dcerpc_netr_ServerReqChallenge(p, mem_ctx, &r);
108 if (!NT_STATUS_IS_OK(status)) {
109 printf("ServerReqChallenge - %s\n", nt_errstr(status));
113 E_md4hash(plain_pass, mach_password.hash);
115 a.in.server_name = NULL;
116 a.in.account_name = talloc_asprintf(mem_ctx, "%s$", machine_name);
117 a.in.secure_channel_type = SEC_CHAN_BDC;
118 a.in.computer_name = machine_name;
119 a.in.credentials = &credentials3;
120 a.out.credentials = &credentials3;
122 creds_client_init(creds, &credentials1, &credentials2,
123 &mach_password, &credentials3,
126 printf("Testing ServerAuthenticate\n");
128 status = dcerpc_netr_ServerAuthenticate(p, mem_ctx, &a);
129 if (!NT_STATUS_IS_OK(status)) {
130 printf("ServerAuthenticate - %s\n", nt_errstr(status));
134 if (!creds_client_check(creds, &credentials3)) {
135 printf("Credential chaining failed\n");
143 static BOOL test_SetupCredentials2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
144 uint32_t negotiate_flags,
145 const char *machine_name,
146 const char *plain_pass,
148 struct creds_CredentialState **creds_out)
151 struct netr_ServerReqChallenge r;
152 struct netr_ServerAuthenticate2 a;
153 struct netr_Credential credentials1, credentials2, credentials3;
154 struct creds_CredentialState *creds;
155 struct samr_Password mach_password;
157 printf("Testing ServerReqChallenge\n");
159 creds = talloc(mem_ctx, struct creds_CredentialState);
164 r.in.server_name = NULL;
165 r.in.computer_name = machine_name;
166 r.in.credentials = &credentials1;
167 r.out.credentials = &credentials2;
169 generate_random_buffer(credentials1.data, sizeof(credentials1.data));
171 status = dcerpc_netr_ServerReqChallenge(p, mem_ctx, &r);
172 if (!NT_STATUS_IS_OK(status)) {
173 printf("ServerReqChallenge - %s\n", nt_errstr(status));
177 E_md4hash(plain_pass, mach_password.hash);
179 a.in.server_name = NULL;
180 a.in.account_name = talloc_asprintf(mem_ctx, "%s$", machine_name);
181 a.in.secure_channel_type = sec_chan_type;
182 a.in.computer_name = machine_name;
183 a.in.negotiate_flags = &negotiate_flags;
184 a.out.negotiate_flags = &negotiate_flags;
185 a.in.credentials = &credentials3;
186 a.out.credentials = &credentials3;
188 creds_client_init(creds, &credentials1, &credentials2,
189 &mach_password, &credentials3,
192 printf("Testing ServerAuthenticate2\n");
194 status = dcerpc_netr_ServerAuthenticate2(p, mem_ctx, &a);
195 if (!NT_STATUS_IS_OK(status)) {
196 printf("ServerAuthenticate2 - %s\n", nt_errstr(status));
200 if (!creds_client_check(creds, &credentials3)) {
201 printf("Credential chaining failed\n");
205 printf("negotiate_flags=0x%08x\n", negotiate_flags);
212 static BOOL test_SetupCredentials3(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
213 uint32_t negotiate_flags,
214 const char *machine_name,
215 const char *plain_pass,
216 struct creds_CredentialState **creds_out)
219 struct netr_ServerReqChallenge r;
220 struct netr_ServerAuthenticate3 a;
221 struct netr_Credential credentials1, credentials2, credentials3;
222 struct creds_CredentialState *creds;
223 struct samr_Password mach_password;
226 printf("Testing ServerReqChallenge\n");
228 creds = talloc(mem_ctx, struct creds_CredentialState);
233 r.in.server_name = NULL;
234 r.in.computer_name = machine_name;
235 r.in.credentials = &credentials1;
236 r.out.credentials = &credentials2;
238 generate_random_buffer(credentials1.data, sizeof(credentials1.data));
240 status = dcerpc_netr_ServerReqChallenge(p, mem_ctx, &r);
241 if (!NT_STATUS_IS_OK(status)) {
242 printf("ServerReqChallenge - %s\n", nt_errstr(status));
246 E_md4hash(plain_pass, mach_password.hash);
248 a.in.server_name = NULL;
249 a.in.account_name = talloc_asprintf(mem_ctx, "%s$", machine_name);
250 a.in.secure_channel_type = SEC_CHAN_BDC;
251 a.in.computer_name = machine_name;
252 a.in.negotiate_flags = &negotiate_flags;
253 a.in.credentials = &credentials3;
254 a.out.credentials = &credentials3;
255 a.out.negotiate_flags = &negotiate_flags;
258 creds_client_init(creds, &credentials1, &credentials2,
259 &mach_password, &credentials3,
262 printf("Testing ServerAuthenticate3\n");
264 status = dcerpc_netr_ServerAuthenticate3(p, mem_ctx, &a);
265 if (!NT_STATUS_IS_OK(status)) {
266 printf("ServerAuthenticate3 - %s\n", nt_errstr(status));
270 if (!creds_client_check(creds, &credentials3)) {
271 printf("Credential chaining failed\n");
275 printf("negotiate_flags=0x%08x\n", negotiate_flags);
282 try a change password for our machine account
284 static BOOL test_SetPassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
287 struct netr_ServerPasswordSet r;
288 const char *password;
289 struct creds_CredentialState *creds;
291 if (!test_SetupCredentials(p, mem_ctx, TEST_MACHINE_NAME,
292 machine_password, &creds)) {
296 r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
297 r.in.account_name = talloc_asprintf(mem_ctx, "%s$", TEST_MACHINE_NAME);
298 r.in.secure_channel_type = SEC_CHAN_BDC;
299 r.in.computer_name = TEST_MACHINE_NAME;
301 password = generate_random_str(mem_ctx, 8);
302 E_md4hash(password, r.in.new_password.hash);
304 creds_des_encrypt(creds, &r.in.new_password);
306 printf("Testing ServerPasswordSet on machine account\n");
307 d_printf("Changing machine account password to '%s'\n", password);
309 creds_client_authenticator(creds, &r.in.credential);
311 status = dcerpc_netr_ServerPasswordSet(p, mem_ctx, &r);
312 if (!NT_STATUS_IS_OK(status)) {
313 printf("ServerPasswordSet - %s\n", nt_errstr(status));
317 if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
318 printf("Credential chaining failed\n");
321 /* by changing the machine password twice we test the
322 credentials chaining fully, and we verify that the server
323 allows the password to be set to the same value twice in a
324 row (match win2k3) */
325 printf("Testing a second ServerPasswordSet on machine account\n");
326 d_printf("Changing machine account password to '%s' (same as previous run)\n", password);
328 creds_client_authenticator(creds, &r.in.credential);
330 status = dcerpc_netr_ServerPasswordSet(p, mem_ctx, &r);
331 if (!NT_STATUS_IS_OK(status)) {
332 printf("ServerPasswordSet (2) - %s\n", nt_errstr(status));
336 if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
337 printf("Credential chaining failed\n");
340 machine_password = password;
342 if (!test_SetupCredentials(p, mem_ctx, TEST_MACHINE_NAME, machine_password, &creds)) {
343 printf("ServerPasswordSet failed to actually change the password\n");
351 try a change password for our machine account
353 static BOOL test_SetPassword2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
356 struct netr_ServerPasswordSet2 r;
357 const char *password;
358 struct creds_CredentialState *creds;
359 struct samr_CryptPassword password_buf;
361 if (!test_SetupCredentials(p, mem_ctx, TEST_MACHINE_NAME,
362 machine_password, &creds)) {
366 r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
367 r.in.account_name = talloc_asprintf(mem_ctx, "%s$", TEST_MACHINE_NAME);
368 r.in.secure_channel_type = SEC_CHAN_BDC;
369 r.in.computer_name = TEST_MACHINE_NAME;
371 password = generate_random_str(mem_ctx, 8);
372 encode_pw_buffer(password_buf.data, password, STR_UNICODE);
373 creds_arcfour_crypt(creds, password_buf.data, 516);
375 memcpy(r.in.new_password.data, password_buf.data, 512);
376 r.in.new_password.length = IVAL(password_buf.data, 512);
378 printf("Testing ServerPasswordSet2 on machine account\n");
379 d_printf("Changing machine account password to '%s'\n", password);
381 creds_client_authenticator(creds, &r.in.credential);
383 status = dcerpc_netr_ServerPasswordSet2(p, mem_ctx, &r);
384 if (!NT_STATUS_IS_OK(status)) {
385 printf("ServerPasswordSet2 - %s\n", nt_errstr(status));
389 if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
390 printf("Credential chaining failed\n");
393 machine_password = password;
395 if (!lp_parm_bool(-1, "torture", "dangerous", False)) {
396 printf("Not testing ability to set password to '', enable dangerous tests to perform this test\n");
398 /* by changing the machine password to ""
399 * we check if the server uses password restrictions
400 * for ServerPasswordSet2
401 * (win2k3 accepts "")
404 encode_pw_buffer(password_buf.data, password, STR_UNICODE);
405 creds_arcfour_crypt(creds, password_buf.data, 516);
407 memcpy(r.in.new_password.data, password_buf.data, 512);
408 r.in.new_password.length = IVAL(password_buf.data, 512);
410 printf("Testing ServerPasswordSet2 on machine account\n");
411 d_printf("Changing machine account password to '%s'\n", password);
413 creds_client_authenticator(creds, &r.in.credential);
415 status = dcerpc_netr_ServerPasswordSet2(p, mem_ctx, &r);
416 if (!NT_STATUS_IS_OK(status)) {
417 printf("ServerPasswordSet2 - %s\n", nt_errstr(status));
421 if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
422 printf("Credential chaining failed\n");
425 machine_password = password;
428 if (!test_SetupCredentials(p, mem_ctx, TEST_MACHINE_NAME, machine_password, &creds)) {
429 printf("ServerPasswordSet failed to actually change the password\n");
433 /* now try a random password */
434 password = generate_random_str(mem_ctx, 8);
435 encode_pw_buffer(password_buf.data, password, STR_UNICODE);
436 creds_arcfour_crypt(creds, password_buf.data, 516);
438 memcpy(r.in.new_password.data, password_buf.data, 512);
439 r.in.new_password.length = IVAL(password_buf.data, 512);
441 printf("Testing second ServerPasswordSet2 on machine account\n");
442 d_printf("Changing machine account password to '%s'\n", password);
444 creds_client_authenticator(creds, &r.in.credential);
446 status = dcerpc_netr_ServerPasswordSet2(p, mem_ctx, &r);
447 if (!NT_STATUS_IS_OK(status)) {
448 printf("ServerPasswordSet2 (2) - %s\n", nt_errstr(status));
452 if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
453 printf("Credential chaining failed\n");
456 /* by changing the machine password twice we test the
457 credentials chaining fully, and we verify that the server
458 allows the password to be set to the same value twice in a
459 row (match win2k3) */
460 printf("Testing a second ServerPasswordSet2 on machine account\n");
461 d_printf("Changing machine account password to '%s' (same as previous run)\n", password);
463 creds_client_authenticator(creds, &r.in.credential);
465 status = dcerpc_netr_ServerPasswordSet2(p, mem_ctx, &r);
466 if (!NT_STATUS_IS_OK(status)) {
467 printf("ServerPasswordSet (3) - %s\n", nt_errstr(status));
471 if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
472 printf("Credential chaining failed\n");
475 machine_password = password;
477 if (!test_SetupCredentials(p, mem_ctx, TEST_MACHINE_NAME, machine_password, &creds)) {
478 printf("ServerPasswordSet failed to actually change the password\n");
486 try a netlogon SamLogon
488 BOOL test_netlogon_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
489 struct cli_credentials *credentials,
490 struct creds_CredentialState *creds)
493 struct netr_LogonSamLogon r;
494 struct netr_Authenticator auth, auth2;
495 struct netr_NetworkInfo ninfo;
496 DATA_BLOB names_blob, chal, lm_resp, nt_resp;
499 int flags = CLI_CRED_NTLM_AUTH;
500 if (lp_client_lanman_auth()) {
501 flags |= CLI_CRED_LANMAN_AUTH;
504 if (lp_client_ntlmv2_auth()) {
505 flags |= CLI_CRED_NTLMv2_AUTH;
508 cli_credentials_get_ntlm_username_domain(cmdline_credentials, mem_ctx,
509 &ninfo.identity_info.account_name.string,
510 &ninfo.identity_info.domain_name.string);
512 generate_random_buffer(ninfo.challenge,
513 sizeof(ninfo.challenge));
514 chal = data_blob_const(ninfo.challenge,
515 sizeof(ninfo.challenge));
517 names_blob = NTLMv2_generate_names_blob(mem_ctx, cli_credentials_get_workstation(credentials),
518 cli_credentials_get_domain(credentials));
520 status = cli_credentials_get_ntlm_response(cmdline_credentials, mem_ctx,
526 if (!NT_STATUS_IS_OK(status)) {
527 printf("cli_credentials_get_ntlm_response failed: %s\n",
532 ninfo.lm.data = lm_resp.data;
533 ninfo.lm.length = lm_resp.length;
535 ninfo.nt.data = nt_resp.data;
536 ninfo.nt.length = nt_resp.length;
538 ninfo.identity_info.parameter_control = 0;
539 ninfo.identity_info.logon_id_low = 0;
540 ninfo.identity_info.logon_id_high = 0;
541 ninfo.identity_info.workstation.string = cli_credentials_get_workstation(credentials);
543 r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
544 r.in.computer_name = cli_credentials_get_workstation(credentials);
545 r.in.credential = &auth;
546 r.in.return_authenticator = &auth2;
547 r.in.logon_level = 2;
548 r.in.logon.network = &ninfo;
550 d_printf("Testing LogonSamLogon with name %s\n", ninfo.identity_info.account_name.string);
554 creds_client_authenticator(creds, &auth);
556 r.in.validation_level = i;
558 status = dcerpc_netr_LogonSamLogon(p, mem_ctx, &r);
559 if (!NT_STATUS_IS_OK(status)) {
560 printf("LogonSamLogon failed: %s\n",
565 if (!creds_client_check(creds, &r.out.return_authenticator->cred)) {
566 printf("Credential chaining failed\n");
571 r.in.credential = NULL;
575 r.in.validation_level = i;
577 printf("Testing SamLogon with validation level %d and a NULL credential\n", i);
579 status = dcerpc_netr_LogonSamLogon(p, mem_ctx, &r);
580 if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
581 printf("LogonSamLogon expected INVALID_PARAMETER, got: %s\n", nt_errstr(status));
592 try a netlogon SamLogon
594 static BOOL test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
595 struct cli_credentials *credentials)
597 struct creds_CredentialState *creds;
599 if (!test_SetupCredentials(p, mem_ctx, cli_credentials_get_workstation(credentials),
600 cli_credentials_get_password(credentials), &creds)) {
604 return test_netlogon_ops(p, mem_ctx, credentials, creds);
607 /* we remember the sequence numbers so we can easily do a DatabaseDelta */
608 static uint64_t sequence_nums[3];
611 try a netlogon DatabaseSync
613 static BOOL test_DatabaseSync(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
616 struct netr_DatabaseSync r;
617 struct creds_CredentialState *creds;
618 const uint32_t database_ids[] = {SAM_DATABASE_DOMAIN, SAM_DATABASE_BUILTIN, SAM_DATABASE_PRIVS};
622 if (!test_SetupCredentials(p, mem_ctx, TEST_MACHINE_NAME, machine_password, &creds)) {
626 r.in.logon_server = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
627 r.in.computername = TEST_MACHINE_NAME;
628 r.in.preferredmaximumlength = (uint32_t)-1;
629 ZERO_STRUCT(r.in.return_authenticator);
631 for (i=0;i<ARRAY_SIZE(database_ids);i++) {
632 r.in.sync_context = 0;
633 r.in.database_id = database_ids[i];
635 printf("Testing DatabaseSync of id %d\n", r.in.database_id);
638 creds_client_authenticator(creds, &r.in.credential);
640 status = dcerpc_netr_DatabaseSync(p, mem_ctx, &r);
641 if (!NT_STATUS_IS_OK(status) &&
642 !NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
643 printf("DatabaseSync - %s\n", nt_errstr(status));
648 if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
649 printf("Credential chaining failed\n");
652 r.in.sync_context = r.out.sync_context;
654 if (r.out.delta_enum_array &&
655 r.out.delta_enum_array->num_deltas > 0 &&
656 r.out.delta_enum_array->delta_enum[0].delta_type == NETR_DELTA_DOMAIN &&
657 r.out.delta_enum_array->delta_enum[0].delta_union.domain) {
658 sequence_nums[r.in.database_id] =
659 r.out.delta_enum_array->delta_enum[0].delta_union.domain->sequence_num;
660 printf("\tsequence_nums[%d]=%llu\n",
662 (unsigned long long)sequence_nums[r.in.database_id]);
664 } while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES));
672 try a netlogon DatabaseDeltas
674 static BOOL test_DatabaseDeltas(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
677 struct netr_DatabaseDeltas r;
678 struct creds_CredentialState *creds;
679 const uint32_t database_ids[] = {0, 1, 2};
683 if (!test_SetupCredentials(p, mem_ctx, TEST_MACHINE_NAME, machine_password, &creds)) {
687 r.in.logon_server = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
688 r.in.computername = TEST_MACHINE_NAME;
689 r.in.preferredmaximumlength = (uint32_t)-1;
690 ZERO_STRUCT(r.in.return_authenticator);
692 for (i=0;i<ARRAY_SIZE(database_ids);i++) {
693 r.in.database_id = database_ids[i];
694 r.in.sequence_num = sequence_nums[r.in.database_id];
696 if (r.in.sequence_num == 0) continue;
698 r.in.sequence_num -= 1;
701 printf("Testing DatabaseDeltas of id %d at %llu\n",
702 r.in.database_id, (unsigned long long)r.in.sequence_num);
705 creds_client_authenticator(creds, &r.in.credential);
707 status = dcerpc_netr_DatabaseDeltas(p, mem_ctx, &r);
708 if (NT_STATUS_EQUAL(status,
709 NT_STATUS_SYNCHRONIZATION_REQUIRED)) {
710 printf("no considering %s to be an error\n",
714 if (!NT_STATUS_IS_OK(status) &&
715 !NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
716 printf("DatabaseDeltas - %s\n", nt_errstr(status));
721 if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
722 printf("Credential chaining failed\n");
726 } while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES));
734 try a netlogon AccountDeltas
736 static BOOL test_AccountDeltas(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
739 struct netr_AccountDeltas r;
740 struct creds_CredentialState *creds;
743 if (!test_SetupCredentials(p, mem_ctx, TEST_MACHINE_NAME, machine_password, &creds)) {
747 r.in.logon_server = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
748 r.in.computername = TEST_MACHINE_NAME;
749 ZERO_STRUCT(r.in.return_authenticator);
750 creds_client_authenticator(creds, &r.in.credential);
751 ZERO_STRUCT(r.in.uas);
756 printf("Testing AccountDeltas\n");
758 /* w2k3 returns "NOT IMPLEMENTED" for this call */
759 status = dcerpc_netr_AccountDeltas(p, mem_ctx, &r);
760 if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)) {
761 printf("AccountDeltas - %s\n", nt_errstr(status));
769 try a netlogon AccountSync
771 static BOOL test_AccountSync(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
774 struct netr_AccountSync r;
775 struct creds_CredentialState *creds;
778 if (!test_SetupCredentials(p, mem_ctx, TEST_MACHINE_NAME, machine_password, &creds)) {
782 r.in.logon_server = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
783 r.in.computername = TEST_MACHINE_NAME;
784 ZERO_STRUCT(r.in.return_authenticator);
785 creds_client_authenticator(creds, &r.in.credential);
786 ZERO_STRUCT(r.in.recordid);
791 printf("Testing AccountSync\n");
793 /* w2k3 returns "NOT IMPLEMENTED" for this call */
794 status = dcerpc_netr_AccountSync(p, mem_ctx, &r);
795 if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)) {
796 printf("AccountSync - %s\n", nt_errstr(status));
804 try a netlogon GetDcName
806 static BOOL test_GetDcName(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
809 struct netr_GetDcName r;
811 r.in.logon_server = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
812 r.in.domainname = lp_workgroup();
814 printf("Testing GetDcName\n");
816 status = dcerpc_netr_GetDcName(p, mem_ctx, &r);
817 if (!NT_STATUS_IS_OK(status)) {
818 printf("GetDcName - %s\n", nt_errstr(status));
822 d_printf("\tDC is at '%s'\n", r.out.dcname);
828 try a netlogon LogonControl
830 static BOOL test_LogonControl(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
833 struct netr_LogonControl r;
837 r.in.logon_server = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
838 r.in.function_code = 1;
843 printf("Testing LogonControl level %d\n", i);
845 status = dcerpc_netr_LogonControl(p, mem_ctx, &r);
846 if (!NT_STATUS_IS_OK(status)) {
847 printf("LogonControl - %s\n", nt_errstr(status));
857 try a netlogon GetAnyDCName
859 static BOOL test_GetAnyDCName(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
862 struct netr_GetAnyDCName r;
864 r.in.logon_server = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
865 r.in.domainname = lp_workgroup();
867 printf("Testing GetAnyDCName\n");
869 status = dcerpc_netr_GetAnyDCName(p, mem_ctx, &r);
870 if (!NT_STATUS_IS_OK(status)) {
871 printf("GetAnyDCName - %s\n", nt_errstr(status));
876 printf("\tDC is at '%s'\n", r.out.dcname);
884 try a netlogon LogonControl2
886 static BOOL test_LogonControl2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
889 struct netr_LogonControl2 r;
893 r.in.logon_server = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
895 r.in.function_code = NETLOGON_CONTROL_REDISCOVER;
896 r.in.data.domain = lp_workgroup();
901 printf("Testing LogonControl2 level %d function %d\n",
902 i, r.in.function_code);
904 status = dcerpc_netr_LogonControl2(p, mem_ctx, &r);
905 if (!NT_STATUS_IS_OK(status)) {
906 printf("LogonControl - %s\n", nt_errstr(status));
911 r.in.function_code = NETLOGON_CONTROL_TC_QUERY;
912 r.in.data.domain = lp_workgroup();
917 printf("Testing LogonControl2 level %d function %d\n",
918 i, r.in.function_code);
920 status = dcerpc_netr_LogonControl2(p, mem_ctx, &r);
921 if (!NT_STATUS_IS_OK(status)) {
922 printf("LogonControl - %s\n", nt_errstr(status));
927 r.in.function_code = NETLOGON_CONTROL_TRANSPORT_NOTIFY;
928 r.in.data.domain = lp_workgroup();
933 printf("Testing LogonControl2 level %d function %d\n",
934 i, r.in.function_code);
936 status = dcerpc_netr_LogonControl2(p, mem_ctx, &r);
937 if (!NT_STATUS_IS_OK(status)) {
938 printf("LogonControl - %s\n", nt_errstr(status));
943 r.in.function_code = NETLOGON_CONTROL_SET_DBFLAG;
944 r.in.data.debug_level = ~0;
949 printf("Testing LogonControl2 level %d function %d\n",
950 i, r.in.function_code);
952 status = dcerpc_netr_LogonControl2(p, mem_ctx, &r);
953 if (!NT_STATUS_IS_OK(status)) {
954 printf("LogonControl - %s\n", nt_errstr(status));
963 try a netlogon DatabaseSync2
965 static BOOL test_DatabaseSync2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
968 struct netr_DatabaseSync2 r;
969 struct creds_CredentialState *creds;
970 const uint32_t database_ids[] = {0, 1, 2};
974 if (!test_SetupCredentials2(p, mem_ctx, NETLOGON_NEG_AUTH2_FLAGS,
975 TEST_MACHINE_NAME, machine_password,
976 SEC_CHAN_BDC, &creds)) {
980 r.in.logon_server = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
981 r.in.computername = TEST_MACHINE_NAME;
982 r.in.preferredmaximumlength = (uint32_t)-1;
983 ZERO_STRUCT(r.in.return_authenticator);
985 for (i=0;i<ARRAY_SIZE(database_ids);i++) {
986 r.in.sync_context = 0;
987 r.in.database_id = database_ids[i];
988 r.in.restart_state = 0;
990 printf("Testing DatabaseSync2 of id %d\n", r.in.database_id);
993 creds_client_authenticator(creds, &r.in.credential);
995 status = dcerpc_netr_DatabaseSync2(p, mem_ctx, &r);
996 if (!NT_STATUS_IS_OK(status) &&
997 !NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
998 printf("DatabaseSync2 - %s\n", nt_errstr(status));
1003 if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
1004 printf("Credential chaining failed\n");
1007 r.in.sync_context = r.out.sync_context;
1008 } while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES));
1016 try a netlogon LogonControl2Ex
1018 static BOOL test_LogonControl2Ex(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
1021 struct netr_LogonControl2Ex r;
1025 r.in.logon_server = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
1027 r.in.function_code = NETLOGON_CONTROL_REDISCOVER;
1028 r.in.data.domain = lp_workgroup();
1033 printf("Testing LogonControl2Ex level %d function %d\n",
1034 i, r.in.function_code);
1036 status = dcerpc_netr_LogonControl2Ex(p, mem_ctx, &r);
1037 if (!NT_STATUS_IS_OK(status)) {
1038 printf("LogonControl - %s\n", nt_errstr(status));
1043 r.in.function_code = NETLOGON_CONTROL_TC_QUERY;
1044 r.in.data.domain = lp_workgroup();
1049 printf("Testing LogonControl2Ex level %d function %d\n",
1050 i, r.in.function_code);
1052 status = dcerpc_netr_LogonControl2Ex(p, mem_ctx, &r);
1053 if (!NT_STATUS_IS_OK(status)) {
1054 printf("LogonControl - %s\n", nt_errstr(status));
1059 r.in.function_code = NETLOGON_CONTROL_TRANSPORT_NOTIFY;
1060 r.in.data.domain = lp_workgroup();
1065 printf("Testing LogonControl2Ex level %d function %d\n",
1066 i, r.in.function_code);
1068 status = dcerpc_netr_LogonControl2Ex(p, mem_ctx, &r);
1069 if (!NT_STATUS_IS_OK(status)) {
1070 printf("LogonControl - %s\n", nt_errstr(status));
1075 r.in.function_code = NETLOGON_CONTROL_SET_DBFLAG;
1076 r.in.data.debug_level = ~0;
1081 printf("Testing LogonControl2Ex level %d function %d\n",
1082 i, r.in.function_code);
1084 status = dcerpc_netr_LogonControl2Ex(p, mem_ctx, &r);
1085 if (!NT_STATUS_IS_OK(status)) {
1086 printf("LogonControl - %s\n", nt_errstr(status));
1096 try a netlogon netr_DsrEnumerateDomainTrusts
1098 static BOOL test_DsrEnumerateDomainTrusts(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
1101 struct netr_DsrEnumerateDomainTrusts r;
1103 r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
1104 r.in.trust_flags = 0x3f;
1106 printf("Testing netr_DsrEnumerateDomainTrusts\n");
1108 status = dcerpc_netr_DsrEnumerateDomainTrusts(p, mem_ctx, &r);
1109 if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(r.out.result)) {
1110 printf("netr_DsrEnumerateDomainTrusts - %s/%s\n",
1111 nt_errstr(status), win_errstr(r.out.result));
1118 static BOOL test_netr_DsRGetSiteName(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
1119 const char *computer_name,
1120 const char *expected_site)
1123 struct netr_DsRGetSiteName r;
1126 r.in.computer_name = computer_name;
1127 printf("Testing netr_DsRGetSiteName\n");
1129 status = dcerpc_netr_DsRGetSiteName(p, mem_ctx, &r);
1130 if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(r.out.result)) {
1131 printf("netr_DsRGetSiteName - %s/%s\n",
1132 nt_errstr(status), win_errstr(r.out.result));
1135 if (strcmp(expected_site, r.out.site) != 0) {
1136 d_printf("netr_DsRGetSiteName - unexpected result: %s, expected %s\n",
1137 r.out.site, expected_site);
1142 r.in.computer_name = talloc_asprintf(mem_ctx, "\\\\%s", computer_name);
1143 d_printf("Testing netr_DsRGetSiteName with broken computer name: %s\n", r.in.computer_name);
1145 status = dcerpc_netr_DsRGetSiteName(p, mem_ctx, &r);
1146 if (!NT_STATUS_IS_OK(status)) {
1147 printf("netr_DsRGetSiteName - %s\n",
1150 } else if (!W_ERROR_EQUAL(r.out.result, WERR_INVALID_COMPUTERNAME)) {
1151 printf("netr_DsRGetSiteName - incorrect error return %s, expected %s\n",
1152 win_errstr(r.out.result), win_errstr(WERR_INVALID_COMPUTERNAME));
1159 try a netlogon netr_DsRGetDCName
1161 static BOOL test_netr_DsRGetDCName(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
1164 struct netr_DsRGetDCName r;
1167 r.in.server_unc = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
1168 r.in.domain_name = talloc_asprintf(mem_ctx, "%s", lp_realm());
1169 r.in.domain_guid = NULL;
1170 r.in.site_guid = NULL;
1171 r.in.flags = 0x40000000;
1173 printf("Testing netr_DsRGetDCName\n");
1175 status = dcerpc_netr_DsRGetDCName(p, mem_ctx, &r);
1176 if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(r.out.result)) {
1177 printf("netr_DsRGetDCName - %s/%s\n",
1178 nt_errstr(status), win_errstr(r.out.result));
1181 ret = test_netr_DsRGetSiteName(p, mem_ctx,
1183 r.out.info->dc_site_name);
1190 try a netlogon netr_DsRGetDCNameEx
1192 static BOOL test_netr_DsRGetDCNameEx(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
1195 struct netr_DsRGetDCNameEx r;
1198 r.in.server_unc = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
1199 r.in.domain_name = talloc_asprintf(mem_ctx, "%s", lp_realm());
1200 r.in.domain_guid = NULL;
1201 r.in.site_name = NULL;
1202 r.in.flags = 0x40000000;
1204 printf("Testing netr_DsRGetDCNameEx\n");
1206 status = dcerpc_netr_DsRGetDCNameEx(p, mem_ctx, &r);
1207 if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(r.out.result)) {
1208 printf("netr_DsRGetDCNameEx - %s/%s\n",
1209 nt_errstr(status), win_errstr(r.out.result));
1212 ret = test_netr_DsRGetSiteName(p, mem_ctx,
1214 r.out.info->dc_site_name);
1221 try a netlogon netr_DsRGetDCNameEx2
1223 static BOOL test_netr_DsRGetDCNameEx2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
1226 struct netr_DsRGetDCNameEx2 r;
1229 r.in.server_unc = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
1230 r.in.client_account = NULL;
1231 r.in.mask = 0x00000000;
1232 r.in.domain_name = talloc_asprintf(mem_ctx, "%s", lp_realm());
1233 r.in.domain_guid = NULL;
1234 r.in.site_name = NULL;
1235 r.in.flags = 0x40000000;
1237 printf("Testing netr_DsRGetDCNameEx2 without client account\n");
1239 status = dcerpc_netr_DsRGetDCNameEx2(p, mem_ctx, &r);
1240 if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(r.out.result)) {
1241 printf("netr_DsRGetDCNameEx2 - %s/%s\n",
1242 nt_errstr(status), win_errstr(r.out.result));
1246 printf("Testing netr_DsRGetDCNameEx2 with client acount\n");
1247 r.in.client_account = TEST_MACHINE_NAME"$";
1248 r.in.mask = 0x00002000;
1249 r.in.flags = 0x80000000;
1251 status = dcerpc_netr_DsRGetDCNameEx2(p, mem_ctx, &r);
1252 if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(r.out.result)) {
1253 printf("netr_DsRGetDCNameEx2 - %s/%s\n",
1254 nt_errstr(status), win_errstr(r.out.result));
1257 ret = test_netr_DsRGetSiteName(p, mem_ctx,
1259 r.out.info->dc_site_name);
1265 static BOOL test_GetDomainInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
1268 struct netr_LogonGetDomainInfo r;
1269 struct netr_DomainQuery1 q1;
1270 struct netr_Authenticator a;
1271 struct creds_CredentialState *creds;
1273 if (!test_SetupCredentials3(p, mem_ctx, NETLOGON_NEG_AUTH2_ADS_FLAGS,
1274 TEST_MACHINE_NAME, machine_password, &creds)) {
1280 creds_client_authenticator(creds, &a);
1282 r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
1283 r.in.computer_name = TEST_MACHINE_NAME;
1285 r.in.credential = &a;
1286 r.in.return_authenticator = &a;
1287 r.out.return_authenticator = &a;
1289 r.in.query.query1 = &q1;
1292 /* this should really be the fully qualified name */
1293 q1.workstation_domain = TEST_MACHINE_NAME;
1294 q1.workstation_site = "Default-First-Site-Name";
1295 q1.blob2.length = 0;
1297 q1.blob2.data = NULL;
1298 q1.product.string = "product string";
1300 printf("Testing netr_LogonGetDomainInfo\n");
1302 status = dcerpc_netr_LogonGetDomainInfo(p, mem_ctx, &r);
1303 if (!NT_STATUS_IS_OK(status)) {
1304 printf("netr_LogonGetDomainInfo - %s\n", nt_errstr(status));
1308 if (!creds_client_check(creds, &a.cred)) {
1309 printf("Credential chaining failed\n");
1317 static void async_callback(struct rpc_request *req)
1319 int *counter = req->async.private;
1320 if (NT_STATUS_IS_OK(req->status)) {
1325 static BOOL test_GetDomainInfo_async(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
1328 struct netr_LogonGetDomainInfo r;
1329 struct netr_DomainQuery1 q1;
1330 struct netr_Authenticator a;
1331 #define ASYNC_COUNT 100
1332 struct creds_CredentialState *creds;
1333 struct creds_CredentialState *creds_async[ASYNC_COUNT];
1334 struct rpc_request *req[ASYNC_COUNT];
1336 int *async_counter = talloc(mem_ctx, int);
1338 if (!lp_parm_bool(-1, "torture", "dangerous", False)) {
1339 printf("test_GetDomainInfo_async disabled - enable dangerous tests to use\n");
1343 if (!test_SetupCredentials3(p, mem_ctx, NETLOGON_NEG_AUTH2_ADS_FLAGS,
1344 TEST_MACHINE_NAME, machine_password, &creds)) {
1349 r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
1350 r.in.computer_name = TEST_MACHINE_NAME;
1352 r.in.credential = &a;
1353 r.in.return_authenticator = &a;
1354 r.out.return_authenticator = &a;
1356 r.in.query.query1 = &q1;
1359 /* this should really be the fully qualified name */
1360 q1.workstation_domain = TEST_MACHINE_NAME;
1361 q1.workstation_site = "Default-First-Site-Name";
1362 q1.blob2.length = 0;
1364 q1.blob2.data = NULL;
1365 q1.product.string = "product string";
1367 printf("Testing netr_LogonGetDomainInfo - async count %d\n", ASYNC_COUNT);
1371 for (i=0;i<ASYNC_COUNT;i++) {
1372 creds_client_authenticator(creds, &a);
1374 creds_async[i] = talloc_memdup(creds, creds, sizeof(*creds));
1375 req[i] = dcerpc_netr_LogonGetDomainInfo_send(p, mem_ctx, &r);
1377 req[i]->async.callback = async_callback;
1378 req[i]->async.private = async_counter;
1380 /* even with this flush per request a w2k3 server seems to
1381 clag with multiple outstanding requests. bleergh. */
1382 if (event_loop_once(dcerpc_event_context(p)) != 0) {
1387 for (i=0;i<ASYNC_COUNT;i++) {
1388 status = dcerpc_ndr_request_recv(req[i]);
1389 if (!NT_STATUS_IS_OK(status) || !NT_STATUS_IS_OK(r.out.result)) {
1390 printf("netr_LogonGetDomainInfo_async(%d) - %s/%s\n",
1391 i, nt_errstr(status), nt_errstr(r.out.result));
1395 if (!creds_client_check(creds_async[i], &a.cred)) {
1396 printf("Credential chaining failed at async %d\n", i);
1401 printf("Testing netr_LogonGetDomainInfo - async count %d OK\n", *async_counter);
1403 return (*async_counter) == ASYNC_COUNT;
1406 static BOOL test_ManyGetDCName(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
1409 struct dcerpc_pipe *p2;
1410 struct lsa_ObjectAttribute attr;
1411 struct lsa_QosInfo qos;
1412 struct lsa_OpenPolicy2 o;
1413 struct policy_handle lsa_handle;
1414 struct lsa_DomainList domains;
1416 struct lsa_EnumTrustDom t;
1417 uint32_t resume_handle = 0;
1418 struct netr_GetAnyDCName d;
1423 if (p->conn->transport.transport != NCACN_NP) {
1427 printf("Torturing GetDCName\n");
1429 status = dcerpc_secondary_connection(p, &p2, p->binding);
1430 if (!NT_STATUS_IS_OK(status)) {
1431 printf("Failed to create secondary connection\n");
1435 status = dcerpc_bind_auth_none(p2, &dcerpc_table_lsarpc);
1436 if (!NT_STATUS_IS_OK(status)) {
1437 printf("Failed to create bind on secondary connection\n");
1442 qos.impersonation_level = 2;
1443 qos.context_mode = 1;
1444 qos.effective_only = 0;
1447 attr.root_dir = NULL;
1448 attr.object_name = NULL;
1449 attr.attributes = 0;
1450 attr.sec_desc = NULL;
1451 attr.sec_qos = &qos;
1453 o.in.system_name = "\\";
1455 o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
1456 o.out.handle = &lsa_handle;
1458 status = dcerpc_lsa_OpenPolicy2(p2, mem_ctx, &o);
1459 if (!NT_STATUS_IS_OK(status)) {
1460 printf("OpenPolicy2 failed - %s\n", nt_errstr(status));
1464 t.in.handle = &lsa_handle;
1465 t.in.resume_handle = &resume_handle;
1466 t.in.max_size = 1000;
1467 t.out.domains = &domains;
1468 t.out.resume_handle = &resume_handle;
1470 status = dcerpc_lsa_EnumTrustDom(p2, mem_ctx, &t);
1472 if ((!NT_STATUS_IS_OK(status) &&
1473 (!NT_STATUS_EQUAL(status, NT_STATUS_NO_MORE_ENTRIES)))) {
1474 printf("Could not list domains\n");
1480 d.in.logon_server = talloc_asprintf(mem_ctx, "\\\\%s",
1481 dcerpc_server_name(p));
1483 for (i=0; i<domains.count * 4; i++) {
1484 struct lsa_DomainInformation *info =
1485 &domains.domains[rand()%domains.count];
1487 d.in.domainname = info->name.string;
1489 status = dcerpc_netr_GetAnyDCName(p, mem_ctx, &d);
1490 if (!NT_STATUS_IS_OK(status)) {
1491 printf("GetAnyDCName - %s\n", nt_errstr(status));
1495 printf("\tDC for domain %s is %s\n", info->name.string,
1496 d.out.dcname ? d.out.dcname : "unknown");
1503 BOOL torture_rpc_netlogon(struct torture_context *torture)
1506 struct dcerpc_pipe *p;
1507 TALLOC_CTX *mem_ctx;
1509 struct test_join *join_ctx;
1510 struct cli_credentials *machine_credentials;
1512 mem_ctx = talloc_init("torture_rpc_netlogon");
1514 join_ctx = torture_join_domain(TEST_MACHINE_NAME, ACB_SVRTRUST,
1515 &machine_credentials);
1517 talloc_free(mem_ctx);
1518 printf("Failed to join as BDC\n");
1522 machine_password = cli_credentials_get_password(machine_credentials);
1524 status = torture_rpc_connection(mem_ctx, &p, &dcerpc_table_netlogon);
1525 if (!NT_STATUS_IS_OK(status)) {
1526 talloc_free(mem_ctx);
1530 ret &= test_LogonUasLogon(p, mem_ctx);
1531 ret &= test_LogonUasLogoff(p, mem_ctx);
1532 ret &= test_SamLogon(p, mem_ctx, machine_credentials);
1533 ret &= test_SetPassword(p, mem_ctx);
1534 ret &= test_SetPassword2(p, mem_ctx);
1535 ret &= test_GetDomainInfo(p, mem_ctx);
1536 ret &= test_DatabaseSync(p, mem_ctx);
1537 ret &= test_DatabaseDeltas(p, mem_ctx);
1538 ret &= test_AccountDeltas(p, mem_ctx);
1539 ret &= test_AccountSync(p, mem_ctx);
1540 ret &= test_GetDcName(p, mem_ctx);
1541 ret &= test_ManyGetDCName(p, mem_ctx);
1542 ret &= test_LogonControl(p, mem_ctx);
1543 ret &= test_GetAnyDCName(p, mem_ctx);
1544 ret &= test_LogonControl2(p, mem_ctx);
1545 ret &= test_DatabaseSync2(p, mem_ctx);
1546 ret &= test_LogonControl2Ex(p, mem_ctx);
1547 ret &= test_DsrEnumerateDomainTrusts(p, mem_ctx);
1548 ret &= test_GetDomainInfo_async(p, mem_ctx);
1549 ret &= test_netr_DsRGetDCName(p, mem_ctx);
1550 ret &= test_netr_DsRGetDCNameEx(p, mem_ctx);
1551 ret &= test_netr_DsRGetDCNameEx2(p, mem_ctx);
1553 talloc_free(mem_ctx);
1555 torture_leave_domain(join_ctx);