2 Unix SMB/CIFS implementation.
4 test suite for netlogon rpc operations
6 Copyright (C) Andrew Tridgell 2003
7 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2003-2004
8 Copyright (C) Tim Potter 2003
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
25 #include "torture/torture.h"
26 #include "lib/events/events.h"
27 #include "auth/auth.h"
28 #include "lib/cmdline/popt_common.h"
29 #include "torture/rpc/rpc.h"
30 #include "libcli/auth/libcli_auth.h"
31 #include "librpc/gen_ndr/ndr_netlogon_c.h"
32 #include "librpc/gen_ndr/ndr_lsa_c.h"
33 #include "param/param.h"
35 #define TEST_MACHINE_NAME "torturetest"
37 static bool test_LogonUasLogon(struct torture_context *tctx,
38 struct dcerpc_pipe *p)
41 struct netr_LogonUasLogon r;
43 r.in.server_name = NULL;
44 r.in.account_name = cli_credentials_get_username(cmdline_credentials);
45 r.in.workstation = TEST_MACHINE_NAME;
47 status = dcerpc_netr_LogonUasLogon(p, tctx, &r);
48 torture_assert_ntstatus_ok(tctx, status, "LogonUasLogon");
53 static bool test_LogonUasLogoff(struct torture_context *tctx,
54 struct dcerpc_pipe *p)
57 struct netr_LogonUasLogoff r;
59 r.in.server_name = NULL;
60 r.in.account_name = cli_credentials_get_username(cmdline_credentials);
61 r.in.workstation = TEST_MACHINE_NAME;
63 status = dcerpc_netr_LogonUasLogoff(p, tctx, &r);
64 torture_assert_ntstatus_ok(tctx, status, "LogonUasLogoff");
69 static bool test_SetupCredentials(struct dcerpc_pipe *p, struct torture_context *tctx,
70 struct cli_credentials *credentials,
71 struct creds_CredentialState **creds_out)
74 struct netr_ServerReqChallenge r;
75 struct netr_ServerAuthenticate a;
76 struct netr_Credential credentials1, credentials2, credentials3;
77 struct creds_CredentialState *creds;
78 struct samr_Password mach_password;
79 const char *plain_pass;
80 const char *machine_name;
82 plain_pass = cli_credentials_get_password(credentials);
83 machine_name = cli_credentials_get_workstation(credentials);
85 torture_comment(tctx, "Testing ServerReqChallenge\n");
87 creds = talloc(tctx, struct creds_CredentialState);
88 torture_assert(tctx, creds != NULL, "memory allocation");
90 r.in.server_name = NULL;
91 r.in.computer_name = machine_name;
92 r.in.credentials = &credentials1;
93 r.out.credentials = &credentials2;
95 generate_random_buffer(credentials1.data, sizeof(credentials1.data));
97 status = dcerpc_netr_ServerReqChallenge(p, tctx, &r);
98 torture_assert_ntstatus_ok(tctx, status, "ServerReqChallenge");
100 E_md4hash(plain_pass, mach_password.hash);
102 a.in.server_name = NULL;
103 a.in.account_name = talloc_asprintf(tctx, "%s$", machine_name);
104 a.in.secure_channel_type = SEC_CHAN_BDC;
105 a.in.computer_name = machine_name;
106 a.in.credentials = &credentials3;
107 a.out.credentials = &credentials3;
109 creds_client_init(creds, &credentials1, &credentials2,
110 &mach_password, &credentials3,
113 torture_comment(tctx, "Testing ServerAuthenticate\n");
115 status = dcerpc_netr_ServerAuthenticate(p, tctx, &a);
116 torture_assert_ntstatus_ok(tctx, status, "ServerAuthenticate");
118 torture_assert(tctx, creds_client_check(creds, &credentials3),
119 "Credential chaining failed");
125 static bool test_SetupCredentials2(struct dcerpc_pipe *p, struct torture_context *tctx,
126 uint32_t negotiate_flags,
127 struct cli_credentials *machine_credentials,
129 struct creds_CredentialState **creds_out)
132 struct netr_ServerReqChallenge r;
133 struct netr_ServerAuthenticate2 a;
134 struct netr_Credential credentials1, credentials2, credentials3;
135 struct creds_CredentialState *creds;
136 struct samr_Password mach_password;
137 const char *machine_name;
138 const char *plain_pass;
140 machine_name = cli_credentials_get_workstation(machine_credentials);
141 plain_pass = cli_credentials_get_password(machine_credentials);
143 torture_comment(tctx, "Testing ServerReqChallenge\n");
145 creds = talloc(tctx, struct creds_CredentialState);
146 torture_assert(tctx, creds != NULL, "memory allocation");
148 r.in.server_name = NULL;
149 r.in.computer_name = machine_name;
150 r.in.credentials = &credentials1;
151 r.out.credentials = &credentials2;
153 generate_random_buffer(credentials1.data, sizeof(credentials1.data));
155 status = dcerpc_netr_ServerReqChallenge(p, tctx, &r);
156 torture_assert_ntstatus_ok(tctx, status, "ServerReqChallenge");
158 E_md4hash(plain_pass, mach_password.hash);
160 a.in.server_name = NULL;
161 a.in.account_name = talloc_asprintf(tctx, "%s$", machine_name);
162 a.in.secure_channel_type = sec_chan_type;
163 a.in.computer_name = machine_name;
164 a.in.negotiate_flags = &negotiate_flags;
165 a.out.negotiate_flags = &negotiate_flags;
166 a.in.credentials = &credentials3;
167 a.out.credentials = &credentials3;
169 creds_client_init(creds, &credentials1, &credentials2,
170 &mach_password, &credentials3,
173 torture_comment(tctx, "Testing ServerAuthenticate2\n");
175 status = dcerpc_netr_ServerAuthenticate2(p, tctx, &a);
176 torture_assert_ntstatus_ok(tctx, status, "ServerAuthenticate2");
178 torture_assert(tctx, creds_client_check(creds, &credentials3),
179 "Credential chaining failed");
181 torture_comment(tctx, "negotiate_flags=0x%08x\n", negotiate_flags);
188 static bool test_SetupCredentials3(struct dcerpc_pipe *p, struct torture_context *tctx,
189 uint32_t negotiate_flags,
190 struct cli_credentials *machine_credentials,
191 struct creds_CredentialState **creds_out)
194 struct netr_ServerReqChallenge r;
195 struct netr_ServerAuthenticate3 a;
196 struct netr_Credential credentials1, credentials2, credentials3;
197 struct creds_CredentialState *creds;
198 struct samr_Password mach_password;
200 const char *machine_name;
201 const char *plain_pass;
203 machine_name = cli_credentials_get_workstation(machine_credentials);
204 plain_pass = cli_credentials_get_password(machine_credentials);
206 torture_comment(tctx, "Testing ServerReqChallenge\n");
208 creds = talloc(tctx, struct creds_CredentialState);
209 torture_assert(tctx, creds != NULL, "memory allocation");
211 r.in.server_name = NULL;
212 r.in.computer_name = machine_name;
213 r.in.credentials = &credentials1;
214 r.out.credentials = &credentials2;
216 generate_random_buffer(credentials1.data, sizeof(credentials1.data));
218 status = dcerpc_netr_ServerReqChallenge(p, tctx, &r);
219 torture_assert_ntstatus_ok(tctx, status, "ServerReqChallenge");
221 E_md4hash(plain_pass, mach_password.hash);
223 a.in.server_name = NULL;
224 a.in.account_name = talloc_asprintf(tctx, "%s$", machine_name);
225 a.in.secure_channel_type = SEC_CHAN_BDC;
226 a.in.computer_name = machine_name;
227 a.in.negotiate_flags = &negotiate_flags;
228 a.in.credentials = &credentials3;
229 a.out.credentials = &credentials3;
230 a.out.negotiate_flags = &negotiate_flags;
233 creds_client_init(creds, &credentials1, &credentials2,
234 &mach_password, &credentials3,
237 torture_comment(tctx, "Testing ServerAuthenticate3\n");
239 status = dcerpc_netr_ServerAuthenticate3(p, tctx, &a);
240 torture_assert_ntstatus_ok(tctx, status, "ServerAuthenticate3");
241 torture_assert(tctx, creds_client_check(creds, &credentials3), "Credential chaining failed");
243 torture_comment(tctx, "negotiate_flags=0x%08x\n", negotiate_flags);
250 try a change password for our machine account
252 static bool test_SetPassword(struct torture_context *tctx,
253 struct dcerpc_pipe *p,
254 struct cli_credentials *machine_credentials)
257 struct netr_ServerPasswordSet r;
258 const char *password;
259 struct creds_CredentialState *creds;
261 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
265 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
266 r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
267 r.in.secure_channel_type = SEC_CHAN_BDC;
268 r.in.computer_name = TEST_MACHINE_NAME;
270 password = generate_random_str(tctx, 8);
271 E_md4hash(password, r.in.new_password.hash);
273 creds_des_encrypt(creds, &r.in.new_password);
275 torture_comment(tctx, "Testing ServerPasswordSet on machine account\n");
276 torture_comment(tctx, "Changing machine account password to '%s'\n",
279 creds_client_authenticator(creds, &r.in.credential);
281 status = dcerpc_netr_ServerPasswordSet(p, tctx, &r);
282 torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet");
284 if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
285 torture_comment(tctx, "Credential chaining failed\n");
288 /* by changing the machine password twice we test the
289 credentials chaining fully, and we verify that the server
290 allows the password to be set to the same value twice in a
291 row (match win2k3) */
292 torture_comment(tctx,
293 "Testing a second ServerPasswordSet on machine account\n");
294 torture_comment(tctx,
295 "Changing machine account password to '%s' (same as previous run)\n", password);
297 creds_client_authenticator(creds, &r.in.credential);
299 status = dcerpc_netr_ServerPasswordSet(p, tctx, &r);
300 torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet (2)");
302 if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
303 torture_comment(tctx, "Credential chaining failed\n");
306 cli_credentials_set_password(machine_credentials, password, CRED_SPECIFIED);
309 test_SetupCredentials(p, tctx, machine_credentials, &creds),
310 "ServerPasswordSet failed to actually change the password");
316 try a change password for our machine account
318 static bool test_SetPassword2(struct torture_context *tctx,
319 struct dcerpc_pipe *p,
320 struct cli_credentials *machine_credentials)
323 struct netr_ServerPasswordSet2 r;
324 const char *password;
325 struct creds_CredentialState *creds;
326 struct samr_CryptPassword password_buf;
328 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
332 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
333 r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
334 r.in.secure_channel_type = SEC_CHAN_BDC;
335 r.in.computer_name = TEST_MACHINE_NAME;
337 password = generate_random_str(tctx, 8);
338 encode_pw_buffer(password_buf.data, password, STR_UNICODE);
339 creds_arcfour_crypt(creds, password_buf.data, 516);
341 memcpy(r.in.new_password.data, password_buf.data, 512);
342 r.in.new_password.length = IVAL(password_buf.data, 512);
344 torture_comment(tctx, "Testing ServerPasswordSet2 on machine account\n");
345 torture_comment(tctx, "Changing machine account password to '%s'\n", password);
347 creds_client_authenticator(creds, &r.in.credential);
349 status = dcerpc_netr_ServerPasswordSet2(p, tctx, &r);
350 torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet2");
352 if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
353 torture_comment(tctx, "Credential chaining failed\n");
356 cli_credentials_set_password(machine_credentials, password, CRED_SPECIFIED);
358 if (!torture_setting_bool(tctx, "dangerous", false)) {
359 torture_comment(tctx,
360 "Not testing ability to set password to '', enable dangerous tests to perform this test\n");
362 /* by changing the machine password to ""
363 * we check if the server uses password restrictions
364 * for ServerPasswordSet2
365 * (win2k3 accepts "")
368 encode_pw_buffer(password_buf.data, password, STR_UNICODE);
369 creds_arcfour_crypt(creds, password_buf.data, 516);
371 memcpy(r.in.new_password.data, password_buf.data, 512);
372 r.in.new_password.length = IVAL(password_buf.data, 512);
374 torture_comment(tctx,
375 "Testing ServerPasswordSet2 on machine account\n");
376 torture_comment(tctx,
377 "Changing machine account password to '%s'\n", password);
379 creds_client_authenticator(creds, &r.in.credential);
381 status = dcerpc_netr_ServerPasswordSet2(p, tctx, &r);
382 torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet2");
384 if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
385 torture_comment(tctx, "Credential chaining failed\n");
388 cli_credentials_set_password(machine_credentials, password, CRED_SPECIFIED);
391 torture_assert(tctx, test_SetupCredentials(p, tctx, machine_credentials, &creds),
392 "ServerPasswordSet failed to actually change the password");
394 /* now try a random password */
395 password = generate_random_str(tctx, 8);
396 encode_pw_buffer(password_buf.data, password, STR_UNICODE);
397 creds_arcfour_crypt(creds, password_buf.data, 516);
399 memcpy(r.in.new_password.data, password_buf.data, 512);
400 r.in.new_password.length = IVAL(password_buf.data, 512);
402 torture_comment(tctx, "Testing second ServerPasswordSet2 on machine account\n");
403 torture_comment(tctx, "Changing machine account password to '%s'\n", password);
405 creds_client_authenticator(creds, &r.in.credential);
407 status = dcerpc_netr_ServerPasswordSet2(p, tctx, &r);
408 torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet2 (2)");
410 if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
411 torture_comment(tctx, "Credential chaining failed\n");
414 /* by changing the machine password twice we test the
415 credentials chaining fully, and we verify that the server
416 allows the password to be set to the same value twice in a
417 row (match win2k3) */
418 torture_comment(tctx,
419 "Testing a second ServerPasswordSet2 on machine account\n");
420 torture_comment(tctx,
421 "Changing machine account password to '%s' (same as previous run)\n", password);
423 creds_client_authenticator(creds, &r.in.credential);
425 status = dcerpc_netr_ServerPasswordSet2(p, tctx, &r);
426 torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet (3)");
428 if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
429 torture_comment(tctx, "Credential chaining failed\n");
432 cli_credentials_set_password(machine_credentials, password, CRED_SPECIFIED);
434 torture_assert (tctx,
435 test_SetupCredentials(p, tctx, machine_credentials, &creds),
436 "ServerPasswordSet failed to actually change the password");
441 static bool test_GetPassword(struct torture_context *tctx,
442 struct dcerpc_pipe *p,
443 struct cli_credentials *machine_credentials)
445 struct netr_ServerPasswordGet r;
446 struct creds_CredentialState *creds;
447 struct netr_Authenticator credential;
449 struct netr_Authenticator return_authenticator;
450 struct samr_Password password;
452 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
456 creds_client_authenticator(creds, &credential);
458 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
459 r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
460 r.in.secure_channel_type = SEC_CHAN_BDC;
461 r.in.computer_name = TEST_MACHINE_NAME;
462 r.in.credential = &credential;
463 r.out.return_authenticator = &return_authenticator;
464 r.out.password = &password;
466 status = dcerpc_netr_ServerPasswordGet(p, tctx, &r);
467 torture_assert_ntstatus_ok(tctx, status, "ServerPasswordGet");
472 static bool test_GetTrustPasswords(struct torture_context *tctx,
473 struct dcerpc_pipe *p,
474 struct cli_credentials *machine_credentials)
476 struct netr_ServerTrustPasswordsGet r;
477 struct creds_CredentialState *creds;
478 struct netr_Authenticator credential;
480 struct netr_Authenticator return_authenticator;
481 struct samr_Password password, password2;
483 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
487 creds_client_authenticator(creds, &credential);
489 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
490 r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
491 r.in.secure_channel_type = SEC_CHAN_BDC;
492 r.in.computer_name = TEST_MACHINE_NAME;
493 r.in.credential = &credential;
494 r.out.return_authenticator = &return_authenticator;
495 r.out.password = &password;
496 r.out.password2 = &password2;
498 status = dcerpc_netr_ServerTrustPasswordsGet(p, tctx, &r);
499 torture_assert_ntstatus_ok(tctx, status, "ServerTrustPasswordsGet");
505 try a netlogon SamLogon
507 bool test_netlogon_ops(struct dcerpc_pipe *p, struct torture_context *tctx,
508 struct cli_credentials *credentials,
509 struct creds_CredentialState *creds)
512 struct netr_LogonSamLogon r;
513 struct netr_Authenticator auth, auth2;
514 struct netr_NetworkInfo ninfo;
515 DATA_BLOB names_blob, chal, lm_resp, nt_resp;
517 int flags = CLI_CRED_NTLM_AUTH;
518 if (lp_client_lanman_auth(tctx->lp_ctx)) {
519 flags |= CLI_CRED_LANMAN_AUTH;
522 if (lp_client_ntlmv2_auth(tctx->lp_ctx)) {
523 flags |= CLI_CRED_NTLMv2_AUTH;
526 cli_credentials_get_ntlm_username_domain(cmdline_credentials, tctx,
527 &ninfo.identity_info.account_name.string,
528 &ninfo.identity_info.domain_name.string);
530 generate_random_buffer(ninfo.challenge,
531 sizeof(ninfo.challenge));
532 chal = data_blob_const(ninfo.challenge,
533 sizeof(ninfo.challenge));
535 names_blob = NTLMv2_generate_names_blob(tctx, cli_credentials_get_workstation(credentials),
536 cli_credentials_get_domain(credentials));
538 status = cli_credentials_get_ntlm_response(cmdline_credentials, tctx,
544 torture_assert_ntstatus_ok(tctx, status, "cli_credentials_get_ntlm_response failed");
546 ninfo.lm.data = lm_resp.data;
547 ninfo.lm.length = lm_resp.length;
549 ninfo.nt.data = nt_resp.data;
550 ninfo.nt.length = nt_resp.length;
552 ninfo.identity_info.parameter_control = 0;
553 ninfo.identity_info.logon_id_low = 0;
554 ninfo.identity_info.logon_id_high = 0;
555 ninfo.identity_info.workstation.string = cli_credentials_get_workstation(credentials);
557 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
558 r.in.computer_name = cli_credentials_get_workstation(credentials);
559 r.in.credential = &auth;
560 r.in.return_authenticator = &auth2;
561 r.in.logon_level = 2;
562 r.in.logon.network = &ninfo;
564 d_printf("Testing LogonSamLogon with name %s\n", ninfo.identity_info.account_name.string);
568 creds_client_authenticator(creds, &auth);
570 r.in.validation_level = i;
572 status = dcerpc_netr_LogonSamLogon(p, tctx, &r);
573 torture_assert_ntstatus_ok(tctx, status, "LogonSamLogon failed");
575 torture_assert(tctx, creds_client_check(creds, &r.out.return_authenticator->cred),
576 "Credential chaining failed");
579 r.in.credential = NULL;
583 r.in.validation_level = i;
585 torture_comment(tctx, "Testing SamLogon with validation level %d and a NULL credential\n", i);
587 status = dcerpc_netr_LogonSamLogon(p, tctx, &r);
588 torture_assert_ntstatus_equal(tctx, status, NT_STATUS_INVALID_PARAMETER,
589 "LogonSamLogon expected INVALID_PARAMETER");
597 try a netlogon SamLogon
599 static bool test_SamLogon(struct torture_context *tctx,
600 struct dcerpc_pipe *p,
601 struct cli_credentials *credentials)
603 struct creds_CredentialState *creds;
605 if (!test_SetupCredentials(p, tctx, credentials, &creds)) {
609 return test_netlogon_ops(p, tctx, credentials, creds);
612 /* we remember the sequence numbers so we can easily do a DatabaseDelta */
613 static uint64_t sequence_nums[3];
616 try a netlogon DatabaseSync
618 static bool test_DatabaseSync(struct torture_context *tctx,
619 struct dcerpc_pipe *p,
620 struct cli_credentials *machine_credentials)
623 struct netr_DatabaseSync r;
624 struct creds_CredentialState *creds;
625 const uint32_t database_ids[] = {SAM_DATABASE_DOMAIN, SAM_DATABASE_BUILTIN, SAM_DATABASE_PRIVS};
628 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
632 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
633 r.in.computername = TEST_MACHINE_NAME;
634 r.in.preferredmaximumlength = (uint32_t)-1;
635 ZERO_STRUCT(r.in.return_authenticator);
637 for (i=0;i<ARRAY_SIZE(database_ids);i++) {
638 r.in.sync_context = 0;
639 r.in.database_id = database_ids[i];
641 torture_comment(tctx, "Testing DatabaseSync of id %d\n", r.in.database_id);
644 creds_client_authenticator(creds, &r.in.credential);
646 status = dcerpc_netr_DatabaseSync(p, tctx, &r);
647 if (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES))
650 torture_assert_ntstatus_ok(tctx, status, "DatabaseSync");
652 if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
653 torture_comment(tctx, "Credential chaining failed\n");
656 r.in.sync_context = r.out.sync_context;
658 if (r.out.delta_enum_array &&
659 r.out.delta_enum_array->num_deltas > 0 &&
660 r.out.delta_enum_array->delta_enum[0].delta_type == NETR_DELTA_DOMAIN &&
661 r.out.delta_enum_array->delta_enum[0].delta_union.domain) {
662 sequence_nums[r.in.database_id] =
663 r.out.delta_enum_array->delta_enum[0].delta_union.domain->sequence_num;
664 torture_comment(tctx, "\tsequence_nums[%d]=%llu\n",
666 (unsigned long long)sequence_nums[r.in.database_id]);
668 } while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES));
676 try a netlogon DatabaseDeltas
678 static bool test_DatabaseDeltas(struct torture_context *tctx,
679 struct dcerpc_pipe *p,
680 struct cli_credentials *machine_credentials)
683 struct netr_DatabaseDeltas r;
684 struct creds_CredentialState *creds;
685 const uint32_t database_ids[] = {0, 1, 2};
688 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
692 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
693 r.in.computername = TEST_MACHINE_NAME;
694 r.in.preferredmaximumlength = (uint32_t)-1;
695 ZERO_STRUCT(r.in.return_authenticator);
697 for (i=0;i<ARRAY_SIZE(database_ids);i++) {
698 r.in.database_id = database_ids[i];
699 r.in.sequence_num = sequence_nums[r.in.database_id];
701 if (r.in.sequence_num == 0) continue;
703 r.in.sequence_num -= 1;
705 torture_comment(tctx, "Testing DatabaseDeltas of id %d at %llu\n",
706 r.in.database_id, (unsigned long long)r.in.sequence_num);
709 creds_client_authenticator(creds, &r.in.credential);
711 status = dcerpc_netr_DatabaseDeltas(p, tctx, &r);
712 if (NT_STATUS_EQUAL(status,
713 NT_STATUS_SYNCHRONIZATION_REQUIRED)) {
714 torture_comment(tctx, "not considering %s to be an error\n",
718 if (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES))
721 torture_assert_ntstatus_ok(tctx, status, "DatabaseDeltas");
723 if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
724 torture_comment(tctx, "Credential chaining failed\n");
728 } while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES));
736 try a netlogon AccountDeltas
738 static bool test_AccountDeltas(struct torture_context *tctx,
739 struct dcerpc_pipe *p,
740 struct cli_credentials *machine_credentials)
743 struct netr_AccountDeltas r;
744 struct creds_CredentialState *creds;
746 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
750 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
751 r.in.computername = TEST_MACHINE_NAME;
752 ZERO_STRUCT(r.in.return_authenticator);
753 creds_client_authenticator(creds, &r.in.credential);
754 ZERO_STRUCT(r.in.uas);
759 /* w2k3 returns "NOT IMPLEMENTED" for this call */
760 status = dcerpc_netr_AccountDeltas(p, tctx, &r);
761 torture_assert_ntstatus_equal(tctx, status, NT_STATUS_NOT_IMPLEMENTED, "AccountDeltas");
767 try a netlogon AccountSync
769 static bool test_AccountSync(struct torture_context *tctx, struct dcerpc_pipe *p,
770 struct cli_credentials *machine_credentials)
773 struct netr_AccountSync r;
774 struct creds_CredentialState *creds;
776 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
780 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
781 r.in.computername = TEST_MACHINE_NAME;
782 ZERO_STRUCT(r.in.return_authenticator);
783 creds_client_authenticator(creds, &r.in.credential);
784 ZERO_STRUCT(r.in.recordid);
789 /* w2k3 returns "NOT IMPLEMENTED" for this call */
790 status = dcerpc_netr_AccountSync(p, tctx, &r);
791 torture_assert_ntstatus_equal(tctx, status, NT_STATUS_NOT_IMPLEMENTED, "AccountSync");
797 try a netlogon GetDcName
799 static bool test_GetDcName(struct torture_context *tctx,
800 struct dcerpc_pipe *p)
803 struct netr_GetDcName r;
805 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
806 r.in.domainname = lp_workgroup(tctx->lp_ctx);
808 status = dcerpc_netr_GetDcName(p, tctx, &r);
809 torture_assert_ntstatus_ok(tctx, status, "GetDcName");
810 torture_assert_werr_ok(tctx, r.out.result, "GetDcName");
812 torture_comment(tctx, "\tDC is at '%s'\n", r.out.dcname);
818 try a netlogon LogonControl
820 static bool test_LogonControl(struct torture_context *tctx,
821 struct dcerpc_pipe *p)
824 struct netr_LogonControl r;
827 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
828 r.in.function_code = 1;
833 torture_comment(tctx, "Testing LogonControl level %d\n", i);
835 status = dcerpc_netr_LogonControl(p, tctx, &r);
836 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
844 try a netlogon GetAnyDCName
846 static bool test_GetAnyDCName(struct torture_context *tctx,
847 struct dcerpc_pipe *p)
850 struct netr_GetAnyDCName r;
852 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
853 r.in.domainname = lp_workgroup(tctx->lp_ctx);
855 status = dcerpc_netr_GetAnyDCName(p, tctx, &r);
856 torture_assert_ntstatus_ok(tctx, status, "GetAnyDCName");
859 torture_comment(tctx, "\tDC is at '%s'\n", r.out.dcname);
867 try a netlogon LogonControl2
869 static bool test_LogonControl2(struct torture_context *tctx,
870 struct dcerpc_pipe *p)
873 struct netr_LogonControl2 r;
876 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
878 r.in.function_code = NETLOGON_CONTROL_REDISCOVER;
879 r.in.data.domain = lp_workgroup(tctx->lp_ctx);
884 torture_comment(tctx, "Testing LogonControl2 level %d function %d\n",
885 i, r.in.function_code);
887 status = dcerpc_netr_LogonControl2(p, tctx, &r);
888 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
891 r.in.function_code = NETLOGON_CONTROL_TC_QUERY;
892 r.in.data.domain = lp_workgroup(tctx->lp_ctx);
897 torture_comment(tctx, "Testing LogonControl2 level %d function %d\n",
898 i, r.in.function_code);
900 status = dcerpc_netr_LogonControl2(p, tctx, &r);
901 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
904 r.in.function_code = NETLOGON_CONTROL_TRANSPORT_NOTIFY;
905 r.in.data.domain = lp_workgroup(tctx->lp_ctx);
910 torture_comment(tctx, "Testing LogonControl2 level %d function %d\n",
911 i, r.in.function_code);
913 status = dcerpc_netr_LogonControl2(p, tctx, &r);
914 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
917 r.in.function_code = NETLOGON_CONTROL_SET_DBFLAG;
918 r.in.data.debug_level = ~0;
923 torture_comment(tctx, "Testing LogonControl2 level %d function %d\n",
924 i, r.in.function_code);
926 status = dcerpc_netr_LogonControl2(p, tctx, &r);
927 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
934 try a netlogon DatabaseSync2
936 static bool test_DatabaseSync2(struct torture_context *tctx,
937 struct dcerpc_pipe *p,
938 struct cli_credentials *machine_credentials)
941 struct netr_DatabaseSync2 r;
942 struct creds_CredentialState *creds;
943 const uint32_t database_ids[] = {0, 1, 2};
946 if (!test_SetupCredentials2(p, tctx, NETLOGON_NEG_AUTH2_FLAGS,
948 SEC_CHAN_BDC, &creds)) {
952 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
953 r.in.computername = TEST_MACHINE_NAME;
954 r.in.preferredmaximumlength = (uint32_t)-1;
955 ZERO_STRUCT(r.in.return_authenticator);
957 for (i=0;i<ARRAY_SIZE(database_ids);i++) {
958 r.in.sync_context = 0;
959 r.in.database_id = database_ids[i];
960 r.in.restart_state = 0;
962 torture_comment(tctx, "Testing DatabaseSync2 of id %d\n", r.in.database_id);
965 creds_client_authenticator(creds, &r.in.credential);
967 status = dcerpc_netr_DatabaseSync2(p, tctx, &r);
968 if (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES))
971 torture_assert_ntstatus_ok(tctx, status, "DatabaseSync2");
973 if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
974 torture_comment(tctx, "Credential chaining failed\n");
977 r.in.sync_context = r.out.sync_context;
978 } while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES));
986 try a netlogon LogonControl2Ex
988 static bool test_LogonControl2Ex(struct torture_context *tctx,
989 struct dcerpc_pipe *p)
992 struct netr_LogonControl2Ex r;
995 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
997 r.in.function_code = NETLOGON_CONTROL_REDISCOVER;
998 r.in.data.domain = lp_workgroup(tctx->lp_ctx);
1003 torture_comment(tctx, "Testing LogonControl2Ex level %d function %d\n",
1004 i, r.in.function_code);
1006 status = dcerpc_netr_LogonControl2Ex(p, tctx, &r);
1007 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
1010 r.in.function_code = NETLOGON_CONTROL_TC_QUERY;
1011 r.in.data.domain = lp_workgroup(tctx->lp_ctx);
1016 torture_comment(tctx, "Testing LogonControl2Ex level %d function %d\n",
1017 i, r.in.function_code);
1019 status = dcerpc_netr_LogonControl2Ex(p, tctx, &r);
1020 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
1023 r.in.function_code = NETLOGON_CONTROL_TRANSPORT_NOTIFY;
1024 r.in.data.domain = lp_workgroup(tctx->lp_ctx);
1029 torture_comment(tctx, "Testing LogonControl2Ex level %d function %d\n",
1030 i, r.in.function_code);
1032 status = dcerpc_netr_LogonControl2Ex(p, tctx, &r);
1033 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
1036 r.in.function_code = NETLOGON_CONTROL_SET_DBFLAG;
1037 r.in.data.debug_level = ~0;
1042 torture_comment(tctx, "Testing LogonControl2Ex level %d function %d\n",
1043 i, r.in.function_code);
1045 status = dcerpc_netr_LogonControl2Ex(p, tctx, &r);
1046 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
1052 static bool test_netr_DsRGetForestTrustInformation(struct torture_context *tctx,
1053 struct dcerpc_pipe *p, const char *trusted_domain_name)
1056 struct netr_DsRGetForestTrustInformation r;
1057 struct lsa_ForestTrustInformation info, *info_ptr;
1061 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1062 r.in.trusted_domain_name = trusted_domain_name;
1064 r.out.forest_trust_info = &info_ptr;
1066 torture_comment(tctx ,"Testing netr_DsRGetForestTrustInformation\n");
1068 status = dcerpc_netr_DsRGetForestTrustInformation(p, tctx, &r);
1069 torture_assert_ntstatus_ok(tctx, status, "DsRGetForestTrustInformation");
1070 torture_assert_werr_ok(tctx, r.out.result, "DsRGetForestTrustInformation");
1076 try a netlogon netr_DsrEnumerateDomainTrusts
1078 static bool test_DsrEnumerateDomainTrusts(struct torture_context *tctx,
1079 struct dcerpc_pipe *p)
1082 struct netr_DsrEnumerateDomainTrusts r;
1085 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1086 r.in.trust_flags = 0x3f;
1088 status = dcerpc_netr_DsrEnumerateDomainTrusts(p, tctx, &r);
1089 torture_assert_ntstatus_ok(tctx, status, "DsrEnumerateDomaintrusts");
1090 torture_assert_werr_ok(tctx, r.out.result, "DsrEnumerateDomaintrusts");
1092 /* when trusted_domain_name is NULL, netr_DsRGetForestTrustInformation
1093 * will show non-forest trusts and all UPN suffixes of the own forest
1094 * as LSA_FOREST_TRUST_TOP_LEVEL_NAME types */
1097 if (!test_netr_DsRGetForestTrustInformation(tctx, p, NULL)) {
1102 for (i=0; i<r.out.count; i++) {
1104 /* get info for transitive forest trusts */
1106 if (r.out.trusts[i].trust_attributes & NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE) {
1107 if (!test_netr_DsRGetForestTrustInformation(tctx, p,
1108 r.out.trusts[i].dns_name)) {
1117 static bool test_netr_NetrEnumerateTrustedDomains(struct torture_context *tctx,
1118 struct dcerpc_pipe *p)
1121 struct netr_NetrEnumerateTrustedDomains r;
1122 struct netr_Blob trusted_domains_blob;
1124 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1125 r.out.trusted_domains_blob = &trusted_domains_blob;
1127 status = dcerpc_netr_NetrEnumerateTrustedDomains(p, tctx, &r);
1128 torture_assert_ntstatus_ok(tctx, status, "netr_NetrEnumerateTrustedDomains");
1129 torture_assert_werr_ok(tctx, r.out.result, "NetrEnumerateTrustedDomains");
1134 static bool test_netr_NetrEnumerateTrustedDomainsEx(struct torture_context *tctx,
1135 struct dcerpc_pipe *p)
1138 struct netr_NetrEnumerateTrustedDomainsEx r;
1139 struct netr_DomainTrustList dom_trust_list;
1141 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1142 r.out.dom_trust_list = &dom_trust_list;
1144 status = dcerpc_netr_NetrEnumerateTrustedDomainsEx(p, tctx, &r);
1145 torture_assert_ntstatus_ok(tctx, status, "netr_NetrEnumerateTrustedDomainsEx");
1146 torture_assert_werr_ok(tctx, r.out.result, "NetrEnumerateTrustedDomainsEx");
1152 static bool test_netr_DsRGetSiteName(struct dcerpc_pipe *p, struct torture_context *tctx,
1153 const char *computer_name,
1154 const char *expected_site)
1157 struct netr_DsRGetSiteName r;
1159 if (torture_setting_bool(tctx, "samba4", false))
1160 torture_skip(tctx, "skipping DsRGetSiteName test against Samba4");
1162 r.in.computer_name = computer_name;
1163 torture_comment(tctx, "Testing netr_DsRGetSiteName\n");
1165 status = dcerpc_netr_DsRGetSiteName(p, tctx, &r);
1166 torture_assert_ntstatus_ok(tctx, status, "DsRGetSiteName");
1167 torture_assert_werr_ok(tctx, r.out.result, "DsRGetSiteName");
1168 torture_assert_str_equal(tctx, expected_site, r.out.site, "netr_DsRGetSiteName");
1170 r.in.computer_name = talloc_asprintf(tctx, "\\\\%s", computer_name);
1171 torture_comment(tctx,
1172 "Testing netr_DsRGetSiteName with broken computer name: %s\n", r.in.computer_name);
1174 status = dcerpc_netr_DsRGetSiteName(p, tctx, &r);
1175 torture_assert_ntstatus_ok(tctx, status, "DsRGetSiteName");
1176 torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_COMPUTERNAME, "netr_DsRGetSiteName");
1182 try a netlogon netr_DsRGetDCName
1184 static bool test_netr_DsRGetDCName(struct torture_context *tctx,
1185 struct dcerpc_pipe *p)
1188 struct netr_DsRGetDCName r;
1190 r.in.server_unc = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1191 r.in.domain_name = talloc_asprintf(tctx, "%s", lp_realm(tctx->lp_ctx));
1192 r.in.domain_guid = NULL;
1193 r.in.site_guid = NULL;
1194 r.in.flags = DS_RETURN_DNS_NAME;
1196 status = dcerpc_netr_DsRGetDCName(p, tctx, &r);
1197 torture_assert_ntstatus_ok(tctx, status, "DsRGetDCName");
1198 torture_assert_werr_ok(tctx, r.out.result, "DsRGetDCName");
1199 return test_netr_DsRGetSiteName(p, tctx,
1201 r.out.info->dc_site_name);
1205 try a netlogon netr_DsRGetDCNameEx
1207 static bool test_netr_DsRGetDCNameEx(struct torture_context *tctx,
1208 struct dcerpc_pipe *p)
1211 struct netr_DsRGetDCNameEx r;
1213 r.in.server_unc = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1214 r.in.domain_name = talloc_asprintf(tctx, "%s", lp_realm(tctx->lp_ctx));
1215 r.in.domain_guid = NULL;
1216 r.in.site_name = NULL;
1217 r.in.flags = DS_RETURN_DNS_NAME;
1219 status = dcerpc_netr_DsRGetDCNameEx(p, tctx, &r);
1220 torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx");
1221 torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx");
1223 return test_netr_DsRGetSiteName(p, tctx, r.out.info->dc_unc,
1224 r.out.info->dc_site_name);
1228 try a netlogon netr_DsRGetDCNameEx2
1230 static bool test_netr_DsRGetDCNameEx2(struct torture_context *tctx,
1231 struct dcerpc_pipe *p)
1234 struct netr_DsRGetDCNameEx2 r;
1236 r.in.server_unc = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1237 r.in.client_account = NULL;
1238 r.in.mask = 0x00000000;
1239 r.in.domain_name = talloc_asprintf(tctx, "%s", lp_realm(tctx->lp_ctx));
1240 r.in.domain_guid = NULL;
1241 r.in.site_name = NULL;
1242 r.in.flags = DS_RETURN_DNS_NAME;
1244 torture_comment(tctx, "Testing netr_DsRGetDCNameEx2 without client account\n");
1246 status = dcerpc_netr_DsRGetDCNameEx2(p, tctx, &r);
1247 torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx2");
1248 torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx2");
1250 torture_comment(tctx, "Testing netr_DsRGetDCNameEx2 with client acount\n");
1251 r.in.client_account = TEST_MACHINE_NAME"$";
1252 r.in.mask = ACB_SVRTRUST;
1253 r.in.flags = DS_RETURN_FLAT_NAME;
1255 status = dcerpc_netr_DsRGetDCNameEx2(p, tctx, &r);
1256 torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx2");
1257 torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx2");
1258 return test_netr_DsRGetSiteName(p, tctx, r.out.info->dc_unc,
1259 r.out.info->dc_site_name);
1262 static bool test_netr_DsrGetDcSiteCoverageW(struct torture_context *tctx,
1263 struct dcerpc_pipe *p)
1266 struct netr_DsrGetDcSiteCoverageW r;
1268 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1270 status = dcerpc_netr_DsrGetDcSiteCoverageW(p, tctx, &r);
1271 torture_assert_ntstatus_ok(tctx, status, "failed");
1272 torture_assert_werr_ok(tctx, r.out.result, "failed");
1277 static bool test_netr_DsRAddressToSitenamesW(struct torture_context *tctx,
1278 struct dcerpc_pipe *p)
1281 struct netr_DsRAddressToSitenamesW r;
1282 struct netr_DsRAddress addr;
1283 struct netr_DsRAddressToSitenamesWCtr *ctr;
1285 ctr = talloc(tctx, struct netr_DsRAddressToSitenamesWCtr);
1288 addr.buffer = talloc_zero_array(tctx, uint8_t, addr.size);
1290 addr.buffer[0] = 2; /* AF_INET */
1291 addr.buffer[4] = 127;
1296 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1298 r.in.addresses = talloc_zero_array(tctx, struct netr_DsRAddress, r.in.count);
1299 r.in.addresses[0] = addr;
1302 status = dcerpc_netr_DsRAddressToSitenamesW(p, tctx, &r);
1303 torture_assert_ntstatus_ok(tctx, status, "failed");
1304 torture_assert_werr_ok(tctx, r.out.result, "failed");
1309 static bool test_netr_DsRAddressToSitenamesExW(struct torture_context *tctx,
1310 struct dcerpc_pipe *p)
1313 struct netr_DsRAddressToSitenamesExW r;
1314 struct netr_DsRAddress addr;
1315 struct netr_DsRAddressToSitenamesExWCtr *ctr;
1317 ctr = talloc(tctx, struct netr_DsRAddressToSitenamesExWCtr);
1320 addr.buffer = talloc_zero_array(tctx, uint8_t, addr.size);
1322 addr.buffer[0] = 2; /* AF_INET */
1323 addr.buffer[4] = 127;
1328 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1330 r.in.addresses = talloc_zero_array(tctx, struct netr_DsRAddress, r.in.count);
1331 r.in.addresses[0] = addr;
1334 status = dcerpc_netr_DsRAddressToSitenamesExW(p, tctx, &r);
1335 torture_assert_ntstatus_ok(tctx, status, "failed");
1336 torture_assert_werr_ok(tctx, r.out.result, "failed");
1341 static bool test_GetDomainInfo(struct torture_context *tctx,
1342 struct dcerpc_pipe *p,
1343 struct cli_credentials *machine_credentials)
1346 struct netr_LogonGetDomainInfo r;
1347 struct netr_DomainQuery1 q1;
1348 struct netr_Authenticator a;
1349 struct creds_CredentialState *creds;
1351 if (!test_SetupCredentials3(p, tctx, NETLOGON_NEG_AUTH2_ADS_FLAGS,
1352 machine_credentials, &creds)) {
1358 creds_client_authenticator(creds, &a);
1360 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1361 r.in.computer_name = TEST_MACHINE_NAME;
1363 r.in.credential = &a;
1364 r.in.return_authenticator = &a;
1365 r.out.return_authenticator = &a;
1367 r.in.query.query1 = &q1;
1370 /* this should really be the fully qualified name */
1371 q1.workstation_domain = TEST_MACHINE_NAME;
1372 q1.workstation_site = "Default-First-Site-Name";
1373 q1.blob2.length = 0;
1375 q1.blob2.data = NULL;
1376 q1.product.string = "product string";
1378 torture_comment(tctx, "Testing netr_uogonGetDomainInfo\n");
1380 status = dcerpc_netr_LogonGetDomainInfo(p, tctx, &r);
1381 torture_assert_ntstatus_ok(tctx, status, "netr_LogonGetDomainInfo");
1382 torture_assert(tctx, creds_client_check(creds, &a.cred), "Credential chaining failed");
1388 static void async_callback(struct rpc_request *req)
1390 int *counter = (int *)req->async.private_data;
1391 if (NT_STATUS_IS_OK(req->status)) {
1396 static bool test_GetDomainInfo_async(struct torture_context *tctx,
1397 struct dcerpc_pipe *p,
1398 struct cli_credentials *machine_credentials)
1401 struct netr_LogonGetDomainInfo r;
1402 struct netr_DomainQuery1 q1;
1403 struct netr_Authenticator a;
1404 #define ASYNC_COUNT 100
1405 struct creds_CredentialState *creds;
1406 struct creds_CredentialState *creds_async[ASYNC_COUNT];
1407 struct rpc_request *req[ASYNC_COUNT];
1409 int *async_counter = talloc(tctx, int);
1411 if (!test_SetupCredentials3(p, tctx, NETLOGON_NEG_AUTH2_ADS_FLAGS,
1412 machine_credentials, &creds)) {
1417 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1418 r.in.computer_name = TEST_MACHINE_NAME;
1420 r.in.credential = &a;
1421 r.in.return_authenticator = &a;
1422 r.out.return_authenticator = &a;
1424 r.in.query.query1 = &q1;
1427 /* this should really be the fully qualified name */
1428 q1.workstation_domain = TEST_MACHINE_NAME;
1429 q1.workstation_site = "Default-First-Site-Name";
1430 q1.blob2.length = 0;
1432 q1.blob2.data = NULL;
1433 q1.product.string = "product string";
1435 torture_comment(tctx, "Testing netr_LogonGetDomainInfo - async count %d\n", ASYNC_COUNT);
1439 for (i=0;i<ASYNC_COUNT;i++) {
1440 creds_client_authenticator(creds, &a);
1442 creds_async[i] = (struct creds_CredentialState *)talloc_memdup(creds, creds, sizeof(*creds));
1443 req[i] = dcerpc_netr_LogonGetDomainInfo_send(p, tctx, &r);
1445 req[i]->async.callback = async_callback;
1446 req[i]->async.private_data = async_counter;
1448 /* even with this flush per request a w2k3 server seems to
1449 clag with multiple outstanding requests. bleergh. */
1450 torture_assert_int_equal(tctx, event_loop_once(dcerpc_event_context(p)), 0,
1451 "event_loop_once failed");
1454 for (i=0;i<ASYNC_COUNT;i++) {
1455 status = dcerpc_ndr_request_recv(req[i]);
1457 torture_assert_ntstatus_ok(tctx, status, "netr_LogonGetDomainInfo_async");
1458 torture_assert_ntstatus_ok(tctx, r.out.result, "netr_LogonGetDomainInfo_async");
1460 torture_assert(tctx, creds_client_check(creds_async[i], &a.cred),
1461 "Credential chaining failed at async");
1464 torture_comment(tctx,
1465 "Testing netr_LogonGetDomainInfo - async count %d OK\n", *async_counter);
1467 torture_assert_int_equal(tctx, (*async_counter), ASYNC_COUNT, "int");
1472 static bool test_ManyGetDCName(struct torture_context *tctx,
1473 struct dcerpc_pipe *p)
1476 struct dcerpc_pipe *p2;
1477 struct lsa_ObjectAttribute attr;
1478 struct lsa_QosInfo qos;
1479 struct lsa_OpenPolicy2 o;
1480 struct policy_handle lsa_handle;
1481 struct lsa_DomainList domains;
1483 struct lsa_EnumTrustDom t;
1484 uint32_t resume_handle = 0;
1485 struct netr_GetAnyDCName d;
1489 if (p->conn->transport.transport != NCACN_NP) {
1493 torture_comment(tctx, "Torturing GetDCName\n");
1495 status = dcerpc_secondary_connection(p, &p2, p->binding);
1496 torture_assert_ntstatus_ok(tctx, status, "Failed to create secondary connection");
1498 status = dcerpc_bind_auth_none(p2, &ndr_table_lsarpc);
1499 torture_assert_ntstatus_ok(tctx, status, "Failed to create bind on secondary connection");
1502 qos.impersonation_level = 2;
1503 qos.context_mode = 1;
1504 qos.effective_only = 0;
1507 attr.root_dir = NULL;
1508 attr.object_name = NULL;
1509 attr.attributes = 0;
1510 attr.sec_desc = NULL;
1511 attr.sec_qos = &qos;
1513 o.in.system_name = "\\";
1515 o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
1516 o.out.handle = &lsa_handle;
1518 status = dcerpc_lsa_OpenPolicy2(p2, tctx, &o);
1519 torture_assert_ntstatus_ok(tctx, status, "OpenPolicy2 failed");
1521 t.in.handle = &lsa_handle;
1522 t.in.resume_handle = &resume_handle;
1523 t.in.max_size = 1000;
1524 t.out.domains = &domains;
1525 t.out.resume_handle = &resume_handle;
1527 status = dcerpc_lsa_EnumTrustDom(p2, tctx, &t);
1529 if ((!NT_STATUS_IS_OK(status) &&
1530 (!NT_STATUS_EQUAL(status, NT_STATUS_NO_MORE_ENTRIES))))
1531 torture_fail(tctx, "Could not list domains");
1535 d.in.logon_server = talloc_asprintf(tctx, "\\\\%s",
1536 dcerpc_server_name(p));
1538 for (i=0; i<domains.count * 4; i++) {
1539 struct lsa_DomainInfo *info =
1540 &domains.domains[rand()%domains.count];
1542 d.in.domainname = info->name.string;
1544 status = dcerpc_netr_GetAnyDCName(p, tctx, &d);
1545 torture_assert_ntstatus_ok(tctx, status, "GetAnyDCName");
1547 torture_comment(tctx, "\tDC for domain %s is %s\n", info->name.string,
1548 d.out.dcname ? d.out.dcname : "unknown");
1554 struct torture_suite *torture_rpc_netlogon(TALLOC_CTX *mem_ctx)
1556 struct torture_suite *suite = torture_suite_create(mem_ctx, "NETLOGON");
1557 struct torture_rpc_tcase *tcase;
1558 struct torture_test *test;
1560 tcase = torture_suite_add_machine_rpc_iface_tcase(suite, "netlogon",
1561 &ndr_table_netlogon, TEST_MACHINE_NAME);
1562 torture_rpc_tcase_add_test(tcase, "LogonUasLogon", test_LogonUasLogon);
1563 torture_rpc_tcase_add_test(tcase, "LogonUasLogoff", test_LogonUasLogoff);
1564 torture_rpc_tcase_add_test_creds(tcase, "SamLogon", test_SamLogon);
1565 torture_rpc_tcase_add_test_creds(tcase, "SetPassword", test_SetPassword);
1566 torture_rpc_tcase_add_test_creds(tcase, "SetPassword2", test_SetPassword2);
1567 torture_rpc_tcase_add_test_creds(tcase, "GetPassword", test_GetPassword);
1568 torture_rpc_tcase_add_test_creds(tcase, "GetTrustPasswords", test_GetTrustPasswords);
1569 torture_rpc_tcase_add_test_creds(tcase, "GetDomainInfo", test_GetDomainInfo);
1570 torture_rpc_tcase_add_test_creds(tcase, "DatabaseSync", test_DatabaseSync);
1571 torture_rpc_tcase_add_test_creds(tcase, "DatabaseDeltas", test_DatabaseDeltas);
1572 torture_rpc_tcase_add_test_creds(tcase, "AccountDeltas", test_AccountDeltas);
1573 torture_rpc_tcase_add_test_creds(tcase, "AccountSync", test_AccountSync);
1574 torture_rpc_tcase_add_test(tcase, "GetDcName", test_GetDcName);
1575 torture_rpc_tcase_add_test(tcase, "ManyGetDCName", test_ManyGetDCName);
1576 torture_rpc_tcase_add_test(tcase, "LogonControl", test_LogonControl);
1577 torture_rpc_tcase_add_test(tcase, "GetAnyDCName", test_GetAnyDCName);
1578 torture_rpc_tcase_add_test(tcase, "LogonControl2", test_LogonControl2);
1579 torture_rpc_tcase_add_test_creds(tcase, "DatabaseSync2", test_DatabaseSync2);
1580 torture_rpc_tcase_add_test(tcase, "LogonControl2Ex", test_LogonControl2Ex);
1581 torture_rpc_tcase_add_test(tcase, "DsrEnumerateDomainTrusts", test_DsrEnumerateDomainTrusts);
1582 torture_rpc_tcase_add_test(tcase, "NetrEnumerateTrustedDomains", test_netr_NetrEnumerateTrustedDomains);
1583 torture_rpc_tcase_add_test(tcase, "NetrEnumerateTrustedDomainsEx", test_netr_NetrEnumerateTrustedDomainsEx);
1584 test = torture_rpc_tcase_add_test_creds(tcase, "GetDomainInfo_async", test_GetDomainInfo_async);
1585 test->dangerous = true;
1586 torture_rpc_tcase_add_test(tcase, "DsRGetDCName", test_netr_DsRGetDCName);
1587 torture_rpc_tcase_add_test(tcase, "DsRGetDCNameEx", test_netr_DsRGetDCNameEx);
1588 torture_rpc_tcase_add_test(tcase, "DsRGetDCNameEx2", test_netr_DsRGetDCNameEx2);
1589 torture_rpc_tcase_add_test(tcase, "DsrGetDcSiteCoverageW", test_netr_DsrGetDcSiteCoverageW);
1590 torture_rpc_tcase_add_test(tcase, "DsRAddressToSitenamesW", test_netr_DsRAddressToSitenamesW);
1591 torture_rpc_tcase_add_test(tcase, "DsRAddressToSitenamesExW", test_netr_DsRAddressToSitenamesExW);
git.samba.org / samba.git / blob