git.samba.org / samba.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Move DRSUAPI per-attribute decryption into a common file
[samba.git] / source4 / torture / rpc / dssync.c
diff --git a/source4/torture/rpc/dssync.c b/source4/torture/rpc/dssync.c
index 7c56a5220328bd15e9142c8f9bbc7382bf626abc..b47564cc91dc09bd8afc09c2ffaea709a41eb06d 100644 (file)
--- a/source4/torture/rpc/dssync.c
+++ b/source4/torture/rpc/dssync.c
@@ -23,16 +23,19 @@
 #include "includes.h"
 #include "lib/cmdline/popt_common.h"
 #include "librpc/gen_ndr/ndr_drsuapi_c.h"
+#include "librpc/gen_ndr/ndr_drsblobs.h"
 #include "libcli/cldap/cldap.h"
 #include "libcli/ldap/ldap_client.h"
 #include "torture/torture.h"
 #include "torture/ldap/proto.h"
 #include "libcli/auth/libcli_auth.h"
-#include "lib/crypto/crypto.h"
+#include "../lib/crypto/crypto.h"
+#include "../libcli/drsuapi/drsuapi.h"
 #include "auth/credentials/credentials.h"
 #include "libcli/auth/libcli_auth.h"
 #include "auth/gensec/gensec.h"
 #include "param/param.h"
+#include "dsdb/samdb/samdb.h"
 
 struct DsSyncBindInfo {
        struct dcerpc_pipe *pipe;
@@ -78,14 +81,14 @@ struct DsSyncTest {
        } old_dc;
 };
 
-static struct DsSyncTest *test_create_context(TALLOC_CTX *mem_ctx)
+static struct DsSyncTest *test_create_context(struct torture_context *tctx)
 {
        NTSTATUS status;
        struct DsSyncTest *ctx;
        struct drsuapi_DsBindInfo28 *our_bind_info28;
        struct drsuapi_DsBindInfoCtr *our_bind_info_ctr;
-       const char *binding = lp_parm_string(global_loadparm, NULL, "torture", "binding");
-       ctx = talloc_zero(mem_ctx, struct DsSyncTest);
+       const char *binding = torture_setting_string(tctx, "binding", NULL);
+       ctx = talloc_zero(tctx, struct DsSyncTest);
        if (!ctx) return NULL;
 
        status = dcerpc_parse_binding(ctx, binding, &ctx->drsuapi_binding);
@@ -104,7 +107,7 @@ static struct DsSyncTest *test_create_context(TALLOC_CTX *mem_ctx)
        our_bind_info28->supported_extensions   = 0xFFFFFFFF;
        our_bind_info28->supported_extensions   |= DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3;
        our_bind_info28->site_guid              = GUID_zero();
-       our_bind_info28->u1                     = 0;
+       our_bind_info28->pid                    = 0;
        our_bind_info28->repl_epoch             = 1;
 
        our_bind_info_ctr                       = &ctx->admin.drsuapi.our_bind_info_ctr;
@@ -149,11 +152,11 @@ static struct DsSyncTest *test_create_context(TALLOC_CTX *mem_ctx)
        our_bind_info28->supported_extensions   |= DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3;
        our_bind_info28->supported_extensions   |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7;
        our_bind_info28->supported_extensions   |= DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT;
-       if (lp_parm_bool(global_loadparm, NULL, "dssync", "xpress", false)) {
+       if (lp_parm_bool(tctx->lp_ctx, NULL, "dssync", "xpress", false)) {
                our_bind_info28->supported_extensions   |= DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS;
        }
        our_bind_info28->site_guid              = GUID_zero();
-       our_bind_info28->u1                     = 508;
+       our_bind_info28->pid                    = 0;
        our_bind_info28->repl_epoch             = 0;
 
        our_bind_info_ctr                       = &ctx->new_dc.drsuapi.our_bind_info_ctr;
@@ -173,16 +176,16 @@ static struct DsSyncTest *test_create_context(TALLOC_CTX *mem_ctx)
        return ctx;
 }
 
-static bool _test_DsBind(struct DsSyncTest *ctx, struct cli_credentials *credentials, struct DsSyncBindInfo *b)
+static bool _test_DsBind(struct torture_context *tctx,
+                        struct DsSyncTest *ctx, struct cli_credentials *credentials, struct DsSyncBindInfo *b)
 {
        NTSTATUS status;
        bool ret = true;
-       struct event_context *event = NULL;
 
        status = dcerpc_pipe_connect_b(ctx,
                                       &b->pipe, ctx->drsuapi_binding, 
                                       &ndr_table_drsuapi,
-                                      credentials, event);
+                                      credentials, tctx->ev, tctx->lp_ctx);
        
        if (!NT_STATUS_IS_OK(status)) {
                printf("Failed to connect to server as a BDC: %s\n", nt_errstr(status));
@@ -210,25 +213,38 @@ static bool _test_DsBind(struct DsSyncTest *ctx, struct cli_credentials *credent
                        info24 = &b->req.out.bind_info->info.info24;
                        b->peer_bind_info28.supported_extensions= info24->supported_extensions;
                        b->peer_bind_info28.site_guid           = info24->site_guid;
-                       b->peer_bind_info28.u1                  = info24->u1;
+                       b->peer_bind_info28.pid                 = info24->pid;
                        b->peer_bind_info28.repl_epoch          = 0;
                        break;
                }
+               case 48: {
+                       struct drsuapi_DsBindInfo48 *info48;
+                       info48 = &b->req.out.bind_info->info.info48;
+                       b->peer_bind_info28.supported_extensions= info48->supported_extensions;
+                       b->peer_bind_info28.site_guid           = info48->site_guid;
+                       b->peer_bind_info28.pid                 = info48->pid;
+                       b->peer_bind_info28.repl_epoch          = info48->repl_epoch;
+                       break;
+               }
                case 28:
                        b->peer_bind_info28 = b->req.out.bind_info->info.info28;
                        break;
+               default:
+                       printf("DsBind - warning: unknown BindInfo length: %u\n",
+                              b->req.out.bind_info->length);
                }
        }
 
        return ret;
 }
 
-static bool test_LDAPBind(struct DsSyncTest *ctx, struct cli_credentials *credentials, struct DsSyncLDAPInfo *l)
+static bool test_LDAPBind(struct torture_context *tctx, struct DsSyncTest *ctx, 
+                         struct cli_credentials *credentials, struct DsSyncLDAPInfo *l)
 {
        NTSTATUS status;
        bool ret = true;
 
-       status = torture_ldap_connection(ctx, &l->conn, ctx->ldap_url);
+       status = torture_ldap_connection(tctx, &l->conn, ctx->ldap_url);
        if (!NT_STATUS_IS_OK(status)) {
                printf("failed to connect to LDAP: %s\n", ctx->ldap_url);
                return false;
@@ -236,7 +252,7 @@ static bool test_LDAPBind(struct DsSyncTest *ctx, struct cli_credentials *creden
 
        printf("connected to LDAP: %s\n", ctx->ldap_url);
 
-       status = torture_ldap_bind_sasl(l->conn, credentials);
+       status = torture_ldap_bind_sasl(l->conn, credentials, tctx->lp_ctx);
        if (!NT_STATUS_IS_OK(status)) {
                printf("failed to bind to LDAP:\n");
                return false;
@@ -246,26 +262,39 @@ static bool test_LDAPBind(struct DsSyncTest *ctx, struct cli_credentials *creden
        return ret;
 }
 
-static bool test_GetInfo(struct DsSyncTest *ctx)
+static bool test_GetInfo(struct torture_context *tctx, struct DsSyncTest *ctx)
 {
        NTSTATUS status;
        struct drsuapi_DsCrackNames r;
+       union drsuapi_DsNameRequest req;
+       union drsuapi_DsNameCtr ctr;
+       int32_t level_out = 0;
        struct drsuapi_DsNameString names[1];
        bool ret = true;
-
-       struct cldap_socket *cldap = cldap_socket_init(ctx, NULL);
+       struct cldap_socket *cldap;
        struct cldap_netlogon search;
-       
+
+       status = cldap_socket_init(ctx, NULL, NULL, NULL, &cldap);
+       if (!NT_STATUS_IS_OK(status)) {
+               printf("failed to setup cldap socket - %s\n",
+                       nt_errstr(status));
+               return false;
+       }
+
        r.in.bind_handle                = &ctx->admin.drsuapi.bind_handle;
        r.in.level                      = 1;
-       r.in.req.req1.codepage          = 1252; /* western european */
-       r.in.req.req1.language          = 0x00000407; /* german */
-       r.in.req.req1.count             = 1;
-       r.in.req.req1.names             = names;
-       r.in.req.req1.format_flags      = DRSUAPI_DS_NAME_FLAG_NO_FLAGS;                
-       r.in.req.req1.format_offered    = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT;
-       r.in.req.req1.format_desired    = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
-       names[0].str = talloc_asprintf(ctx, "%s\\", lp_workgroup(global_loadparm));
+       r.in.req                        = &req;
+       r.in.req->req1.codepage         = 1252; /* western european */
+       r.in.req->req1.language         = 0x00000407; /* german */
+       r.in.req->req1.count            = 1;
+       r.in.req->req1.names            = names;
+       r.in.req->req1.format_flags     = DRSUAPI_DS_NAME_FLAG_NO_FLAGS;
+       r.in.req->req1.format_offered   = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT;
+       r.in.req->req1.format_desired   = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
+       names[0].str = talloc_asprintf(ctx, "%s\\", lp_workgroup(tctx->lp_ctx));
+
+       r.out.level_out                 = &level_out;
+       r.out.ctr                       = &ctr;
 
        status = dcerpc_drsuapi_DsCrackNames(ctx->admin.drsuapi.pipe, ctx, &r);
        if (!NT_STATUS_IS_OK(status)) {
@@ -280,151 +309,49 @@ static bool test_GetInfo(struct DsSyncTest *ctx)
                return false;
        }
 
-       ctx->domain_dn = r.out.ctr.ctr1->array[0].result_name;
+       ctx->domain_dn = r.out.ctr->ctr1->array[0].result_name;
        
        ZERO_STRUCT(search);
        search.in.dest_address = ctx->drsuapi_binding->host;
+       search.in.dest_port = lp_cldap_port(tctx->lp_ctx);
        search.in.acct_control = -1;
-       search.in.version = 6;
-       status = cldap_netlogon(cldap, ctx, &search);
+       search.in.version               = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
+       search.in.map_response = true;
+       status = cldap_netlogon(cldap, lp_iconv_convenience(tctx->lp_ctx), ctx, &search);
        if (!NT_STATUS_IS_OK(status)) {
                const char *errstr = nt_errstr(status);
                ctx->site_name = talloc_asprintf(ctx, "%s", "Default-First-Site-Name");
                printf("cldap_netlogon() returned %s. Defaulting to Site-Name: %s\n", errstr, ctx->site_name);          
        } else {
-               ctx->site_name = talloc_steal(ctx, search.out.netlogon.logon5.client_site);
+               ctx->site_name = talloc_steal(ctx, search.out.netlogon.data.nt5_ex.client_site);
                printf("cldap_netlogon() returned Client Site-Name: %s.\n",ctx->site_name);
-               printf("cldap_netlogon() returned Server Site-Name: %s.\n",search.out.netlogon.logon5.server_site);
-       }
-
-       return ret;
-}
-
-static DATA_BLOB decrypt_blob(TALLOC_CTX *mem_ctx,
-                             const DATA_BLOB *gensec_skey,
-                             bool rcrypt,
-                             struct drsuapi_DsReplicaObjectIdentifier *id,
-                             uint32_t rid,
-                             const DATA_BLOB *buffer)
-{
-       DATA_BLOB confounder;
-       DATA_BLOB enc_buffer;
-
-       struct MD5Context md5;
-       uint8_t _enc_key[16];
-       DATA_BLOB enc_key;
-
-       DATA_BLOB dec_buffer;
-
-       uint32_t crc32_given;
-       uint32_t crc32_calc;
-       DATA_BLOB checked_buffer;
-
-       DATA_BLOB plain_buffer;
-
-       /*
-        * the combination "c[3] s[1] e[1] d[0]..."
-        * was successful!!!!!!!!!!!!!!!!!!!!!!!!!!
-        */
-
-       /* 
-        * the first 16 bytes at the beginning are the confounder
-        * followed by the 4 byte crc32 checksum
-        */
-       if (buffer->length < 20) {
-               return data_blob_const(NULL, 0);
-       }
-       confounder = data_blob_const(buffer->data, 16);
-       enc_buffer = data_blob_const(buffer->data + 16, buffer->length - 16);
-
-       /* 
-        * build the encryption key md5 over the session key followed
-        * by the confounder
-        * 
-        * here the gensec session key is used and
-        * not the dcerpc ncacn_ip_tcp "SystemLibraryDTC" key!
-        */
-       enc_key = data_blob_const(_enc_key, sizeof(_enc_key));
-       MD5Init(&md5);
-       MD5Update(&md5, gensec_skey->data, gensec_skey->length);
-       MD5Update(&md5, confounder.data, confounder.length);
-       MD5Final(enc_key.data, &md5);
-
-       /*
-        * copy the encrypted buffer part and 
-        * decrypt it using the created encryption key using arcfour
-        */
-       dec_buffer = data_blob_talloc(mem_ctx, enc_buffer.data, enc_buffer.length);
-       if (!dec_buffer.data) {
-               return data_blob_const(NULL, 0);
-       }
-       arcfour_crypt_blob(dec_buffer.data, dec_buffer.length, &enc_key);
-
-       /* 
-        * the first 4 byte are the crc32 checksum
-        * of the remaining bytes
-        */
-       crc32_given = IVAL(dec_buffer.data, 0);
-       crc32_calc = crc32_calc_buffer(dec_buffer.data + 4 , dec_buffer.length - 4);
-       if (crc32_given != crc32_calc) {
-               DEBUG(0,("CRC32: given[0x%08X] calc[0x%08X]\n",
-                     crc32_given, crc32_calc));
-               return data_blob_const(NULL, 0);
-       }
-       checked_buffer = data_blob_talloc(mem_ctx, dec_buffer.data + 4, dec_buffer.length - 4);
-       if (!checked_buffer.data) {
-               return data_blob_const(NULL, 0);
+               printf("cldap_netlogon() returned Server Site-Name: %s.\n",search.out.netlogon.data.nt5_ex.server_site);
        }
 
-       /*
-        * some attributes seem to be in a usable form after this decryption
-        * (supplementalCredentials, priorValue, currentValue, trustAuthOutgoing,
-        *  trustAuthIncoming, initialAuthOutgoing, initialAuthIncoming)
-        * At least supplementalCredentials contains plaintext
-        * like "Primary:Kerberos" (in unicode form)
-        *
-        * some attributes seem to have some additional encryption
-        * dBCSPwd, unicodePwd, ntPwdHistory, lmPwdHistory
-        *
-        * it's the sam_rid_crypt() function, as the value is constant,
-        * so it doesn't depend on sessionkeys.
-        */
-       if (rcrypt) {
-               uint32_t i, num_hashes;
-
-               if ((checked_buffer.length % 16) != 0) {
-                       return data_blob_const(NULL, 0);
-               }
-
-               plain_buffer = data_blob_talloc(mem_ctx, checked_buffer.data, checked_buffer.length);
-               if (!plain_buffer.data) {
-                       return data_blob_const(NULL, 0);
-               }
-                       
-               num_hashes = plain_buffer.length / 16;
-               for (i = 0; i < num_hashes; i++) {
-                       uint32_t offset = i * 16;
-                       sam_rid_crypt(rid, checked_buffer.data + offset, plain_buffer.data + offset, 0);
-               }
-       } else {
-               plain_buffer = checked_buffer;
+       if (!ctx->domain_dn) {
+               struct ldb_context *ldb = ldb_init(ctx, tctx->ev);
+               struct ldb_dn *dn = samdb_dns_domain_to_dn(ldb, ctx, search.out.netlogon.data.nt5_ex.dns_domain);
+               ctx->domain_dn = ldb_dn_alloc_linearized(ctx, dn);
+               talloc_free(dn);
+               talloc_free(ldb);
        }
 
-       return plain_buffer;
+       return ret;
 }
 
-static void test_analyse_objects(struct DsSyncTest *ctx,
+static void test_analyse_objects(struct torture_context *tctx, 
+                                struct DsSyncTest *ctx,
                                 const DATA_BLOB *gensec_skey,
                                 struct drsuapi_DsReplicaObjectListItemEx *cur)
 {
        static uint32_t object_id;
        const char *save_values_dir;
 
-       if (!lp_parm_bool(global_loadparm, NULL, "dssync", "print_pwd_blobs", false)) {
+       if (!lp_parm_bool(tctx->lp_ctx, NULL, "dssync", "print_pwd_blobs", false)) {
                return; 
        }
 
-       save_values_dir = lp_parm_string(global_loadparm, NULL, "dssync", "save_pwd_blobs_dir");
+       save_values_dir = lp_parm_string(tctx->lp_ctx, NULL, "dssync", "save_pwd_blobs_dir");
 
        for (; cur; cur = cur->next_object) {
                const char *dn;
@@ -442,11 +369,15 @@ static void test_analyse_objects(struct DsSyncTest *ctx,
                }
 
                for (i=0; i < cur->object.attribute_ctr.num_attributes; i++) {
+                       WERROR werr;
                        const char *name = NULL;
                        bool rcrypt = false;
                        DATA_BLOB *enc_data = NULL;
                        DATA_BLOB plain_data;
                        struct drsuapi_DsReplicaAttribute *attr;
+                       ndr_pull_flags_fn_t pull_fn = NULL;
+                       ndr_print_fn_t print_fn = NULL;
+                       void *ptr = NULL;
                        attr = &cur->object.attribute_ctr.attributes[i];
 
                        switch (attr->attid) {
@@ -468,6 +399,9 @@ static void test_analyse_objects(struct DsSyncTest *ctx,
                                break;
                        case DRSUAPI_ATTRIBUTE_supplementalCredentials:
                                name    = "supplementalCredentials";
+                               pull_fn = (ndr_pull_flags_fn_t)ndr_pull_supplementalCredentialsBlob;
+                               print_fn = (ndr_print_fn_t)ndr_print_supplementalCredentialsBlob;
+                               ptr = talloc(ctx, struct supplementalCredentialsBlob);
                                break;
                        case DRSUAPI_ATTRIBUTE_priorValue:
                                name    = "priorValue";
@@ -477,9 +411,15 @@ static void test_analyse_objects(struct DsSyncTest *ctx,
                                break;
                        case DRSUAPI_ATTRIBUTE_trustAuthOutgoing:
                                name    = "trustAuthOutgoing";
+                               pull_fn = (ndr_pull_flags_fn_t)ndr_pull_trustAuthInOutBlob;
+                               print_fn = (ndr_print_fn_t)ndr_print_trustAuthInOutBlob;
+                               ptr = talloc(ctx, struct trustAuthInOutBlob);
                                break;
                        case DRSUAPI_ATTRIBUTE_trustAuthIncoming:
                                name    = "trustAuthIncoming";
+                               pull_fn = (ndr_pull_flags_fn_t)ndr_pull_trustAuthInOutBlob;
+                               print_fn = (ndr_print_fn_t)ndr_print_trustAuthInOutBlob;
+                               ptr = talloc(ctx, struct trustAuthInOutBlob);
                                break;
                        case DRSUAPI_ATTRIBUTE_initialAuthOutgoing:
                                name    = "initialAuthOutgoing";
@@ -498,9 +438,13 @@ static void test_analyse_objects(struct DsSyncTest *ctx,
                        enc_data = attr->value_ctr.values[0].blob;
                        ZERO_STRUCT(plain_data);
 
-                       plain_data = decrypt_blob(ctx, gensec_skey, rcrypt,
-                                                 cur->object.identifier, rid,
-                                                 enc_data);
+                       werr = drsuapi_decrypt_attribute_value(ctx, gensec_skey, rcrypt,
+                                                              rid,
+                                                              enc_data, &plain_data);
+                       if (!W_ERROR_IS_OK(werr)) {
+                               DEBUG(0, ("Failed to decrypt %s\n", name));
+                               continue;
+                       }
                        if (!dn_printed) {
                                object_id++;
                                DEBUG(0,("DN[%u] %s\n", object_id, dn));
@@ -509,6 +453,7 @@ static void test_analyse_objects(struct DsSyncTest *ctx,
                        DEBUGADD(0,("ATTR: %s enc.length=%lu plain.length=%lu\n",
                                    name, (long)enc_data->length, (long)plain_data.length));
                        if (plain_data.length) {
+                               enum ndr_err_code ndr_err;
                                dump_data(0, plain_data.data, plain_data.length);
                                if (save_values_dir) {
                                        char *fname;
@@ -524,14 +469,27 @@ static void test_analyse_objects(struct DsSyncTest *ctx,
                                        }
                                        talloc_free(fname);
                                }
+
+                               if (pull_fn) {
+                                       /* Can't use '_all' because of PIDL bugs with relative pointers */
+                                       ndr_err = ndr_pull_struct_blob(&plain_data, ptr,
+                                                                      lp_iconv_convenience(tctx->lp_ctx), ptr,
+                                                                      pull_fn);
+                                       if (NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+                                               ndr_print_debug(print_fn, name, ptr);
+                                       } else {
+                                               DEBUG(0, ("Failed to decode %s\n", name));
+                                       }
+                               }
                        } else {
                                dump_data(0, enc_data->data, enc_data->length);
                        }
+                       talloc_free(ptr);
                }
        }
 }
 
-static bool test_FetchData(struct DsSyncTest *ctx)
+static bool test_FetchData(struct torture_context *tctx, struct DsSyncTest *ctx)
 {
        NTSTATUS status;
        bool ret = true;
@@ -539,6 +497,7 @@ static bool test_FetchData(struct DsSyncTest *ctx)
        uint64_t highest_usn = 0;
        const char *partition = NULL;
        struct drsuapi_DsGetNCChanges r;
+       union drsuapi_DsGetNCChangesRequest req;
        struct drsuapi_DsReplicaObjectIdentifier nc;
        struct drsuapi_DsGetNCChangesCtr1 *ctr1 = NULL;
        struct drsuapi_DsGetNCChangesCtr6 *ctr6 = NULL;
@@ -560,17 +519,17 @@ static bool test_FetchData(struct DsSyncTest *ctx)
        ZERO_STRUCT(null_guid);
        ZERO_STRUCT(null_sid);
 
-       partition = lp_parm_string(global_loadparm, NULL, "dssync", "partition");
+       partition = lp_parm_string(tctx->lp_ctx, NULL, "dssync", "partition");
        if (partition == NULL) {
                partition = ctx->domain_dn;
                printf("dssync:partition not specified, defaulting to %s.\n", ctx->domain_dn);
        }
 
-       highest_usn = lp_parm_int(global_loadparm, NULL, "dssync", "highest_usn", 0);
+       highest_usn = lp_parm_int(tctx->lp_ctx, NULL, "dssync", "highest_usn", 0);
 
-       array[0].level = lp_parm_int(global_loadparm, NULL, "dssync", "get_nc_changes_level", array[0].level);
+       array[0].level = lp_parm_int(tctx->lp_ctx, NULL, "dssync", "get_nc_changes_level", array[0].level);
 
-       if (lp_parm_bool(global_loadparm, NULL, "dssync", "print_pwd_blobs", false)) {
+       if (lp_parm_bool(tctx->lp_ctx, NULL, "dssync", "print_pwd_blobs", false)) {
                const struct samr_Password *nthash;
                nthash = cli_credentials_get_nt_hash(ctx->new_dc.credentials, ctx);
                if (nthash) {
@@ -589,37 +548,38 @@ static bool test_FetchData(struct DsSyncTest *ctx)
                        array[i].level);
 
                r.in.bind_handle        = &ctx->new_dc.drsuapi.bind_handle;
-               r.in.level              = &array[i].level;
+               r.in.level              = array[i].level;
 
-               switch (*r.in.level) {
+               switch (r.in.level) {
                case 5:
                        nc.guid = null_guid;
                        nc.sid  = null_sid;
                        nc.dn   = partition; 
 
-                       r.in.req.req5.destination_dsa_guid              = ctx->new_dc.invocation_id;
-                       r.in.req.req5.source_dsa_invocation_id          = null_guid;
-                       r.in.req.req5.naming_context                    = &nc;
-                       r.in.req.req5.highwatermark.tmp_highest_usn     = highest_usn;
-                       r.in.req.req5.highwatermark.reserved_usn        = 0;
-                       r.in.req.req5.highwatermark.highest_usn         = highest_usn;
-                       r.in.req.req5.uptodateness_vector               = NULL;
-                       r.in.req.req5.replica_flags                     = 0;
-                       if (lp_parm_bool(global_loadparm, NULL, "dssync", "compression", false)) {
-                               r.in.req.req5.replica_flags             |= DRSUAPI_DS_REPLICA_NEIGHBOUR_COMPRESS_CHANGES;
+                       r.in.req                                        = &req;
+                       r.in.req->req5.destination_dsa_guid             = ctx->new_dc.invocation_id;
+                       r.in.req->req5.source_dsa_invocation_id         = null_guid;
+                       r.in.req->req5.naming_context                   = &nc;
+                       r.in.req->req5.highwatermark.tmp_highest_usn    = highest_usn;
+                       r.in.req->req5.highwatermark.reserved_usn       = 0;
+                       r.in.req->req5.highwatermark.highest_usn        = highest_usn;
+                       r.in.req->req5.uptodateness_vector              = NULL;
+                       r.in.req->req5.replica_flags                    = 0;
+                       if (lp_parm_bool(tctx->lp_ctx, NULL, "dssync", "compression", false)) {
+                               r.in.req->req5.replica_flags            |= DRSUAPI_DS_REPLICA_NEIGHBOUR_COMPRESS_CHANGES;
                        }
-                       if (lp_parm_bool(global_loadparm, NULL, "dssync", "neighbour_writeable", true)) {
-                               r.in.req.req5.replica_flags             |= DRSUAPI_DS_REPLICA_NEIGHBOUR_WRITEABLE;
+                       if (lp_parm_bool(tctx->lp_ctx, NULL, "dssync", "neighbour_writeable", true)) {
+                               r.in.req->req5.replica_flags            |= DRSUAPI_DS_REPLICA_NEIGHBOUR_WRITEABLE;
                        }
-                       r.in.req.req5.replica_flags                     |= DRSUAPI_DS_REPLICA_NEIGHBOUR_SYNC_ON_STARTUP
+                       r.in.req->req5.replica_flags                    |= DRSUAPI_DS_REPLICA_NEIGHBOUR_SYNC_ON_STARTUP
                                                                        | DRSUAPI_DS_REPLICA_NEIGHBOUR_DO_SCHEDULED_SYNCS
                                                                        | DRSUAPI_DS_REPLICA_NEIGHBOUR_RETURN_OBJECT_PARENTS
                                                                        | DRSUAPI_DS_REPLICA_NEIGHBOUR_NEVER_SYNCED
                                                                        ;
-                       r.in.req.req5.max_object_count                  = 133;
-                       r.in.req.req5.max_ndr_size                      = 1336770;
-                       r.in.req.req5.unknown4                          = 0;
-                       r.in.req.req5.h1                                = 0;
+                       r.in.req->req5.max_object_count                 = 133;
+                       r.in.req->req5.max_ndr_size                     = 1336770;
+                       r.in.req->req5.extended_op                      = DRSUAPI_EXOP_NONE;
+                       r.in.req->req5.fsmo_info                        = 0;
 
                        break;
                case 8:
@@ -627,35 +587,36 @@ static bool test_FetchData(struct DsSyncTest *ctx)
                        nc.sid  = null_sid;
                        nc.dn   = partition; 
                        /* nc.dn can be set to any other ad partition */
-                       
-                       r.in.req.req8.destination_dsa_guid              = ctx->new_dc.invocation_id;
-                       r.in.req.req8.source_dsa_invocation_id          = null_guid;
-                       r.in.req.req8.naming_context                    = &nc;
-                       r.in.req.req8.highwatermark.tmp_highest_usn     = highest_usn;
-                       r.in.req.req8.highwatermark.reserved_usn        = 0;
-                       r.in.req.req8.highwatermark.highest_usn         = highest_usn;
-                       r.in.req.req8.uptodateness_vector               = NULL;
-                       r.in.req.req8.replica_flags                     = 0;
-                       if (lp_parm_bool(global_loadparm, NULL, "dssync", "compression", false)) {
-                               r.in.req.req8.replica_flags             |= DRSUAPI_DS_REPLICA_NEIGHBOUR_COMPRESS_CHANGES;
+
+                       r.in.req                                        = &req;
+                       r.in.req->req8.destination_dsa_guid             = ctx->new_dc.invocation_id;
+                       r.in.req->req8.source_dsa_invocation_id         = null_guid;
+                       r.in.req->req8.naming_context                   = &nc;
+                       r.in.req->req8.highwatermark.tmp_highest_usn    = highest_usn;
+                       r.in.req->req8.highwatermark.reserved_usn       = 0;
+                       r.in.req->req8.highwatermark.highest_usn        = highest_usn;
+                       r.in.req->req8.uptodateness_vector              = NULL;
+                       r.in.req->req8.replica_flags                    = 0;
+                       if (lp_parm_bool(tctx->lp_ctx, NULL, "dssync", "compression", false)) {
+                               r.in.req->req8.replica_flags            |= DRSUAPI_DS_REPLICA_NEIGHBOUR_COMPRESS_CHANGES;
                        }
-                       if (lp_parm_bool(global_loadparm, NULL, "dssync", "neighbour_writeable", true)) {
-                               r.in.req.req8.replica_flags             |= DRSUAPI_DS_REPLICA_NEIGHBOUR_WRITEABLE;
+                       if (lp_parm_bool(tctx->lp_ctx, NULL, "dssync", "neighbour_writeable", true)) {
+                               r.in.req->req8.replica_flags            |= DRSUAPI_DS_REPLICA_NEIGHBOUR_WRITEABLE;
                        }
-                       r.in.req.req8.replica_flags                     |= DRSUAPI_DS_REPLICA_NEIGHBOUR_SYNC_ON_STARTUP
+                       r.in.req->req8.replica_flags                    |= DRSUAPI_DS_REPLICA_NEIGHBOUR_SYNC_ON_STARTUP
                                                                        | DRSUAPI_DS_REPLICA_NEIGHBOUR_DO_SCHEDULED_SYNCS
                                                                        | DRSUAPI_DS_REPLICA_NEIGHBOUR_RETURN_OBJECT_PARENTS
                                                                        | DRSUAPI_DS_REPLICA_NEIGHBOUR_NEVER_SYNCED
                                                                        ;
-                       r.in.req.req8.max_object_count                  = 402;
-                       r.in.req.req8.max_ndr_size                      = 402116;
+                       r.in.req->req8.max_object_count                 = 402;
+                       r.in.req->req8.max_ndr_size                     = 402116;
 
-                       r.in.req.req8.unknown4                          = 0;
-                       r.in.req.req8.h1                                = 0;
-                       r.in.req.req8.unique_ptr1                       = 0;
-                       r.in.req.req8.unique_ptr2                       = 0;
-                       r.in.req.req8.mapping_ctr.num_mappings          = 0;
-                       r.in.req.req8.mapping_ctr.mappings              = NULL;
+                       r.in.req->req8.extended_op                      = DRSUAPI_EXOP_NONE;
+                       r.in.req->req8.fsmo_info                        = 0;
+                       r.in.req->req8.partial_attribute_set            = NULL;
+                       r.in.req->req8.partial_attribute_set_ex         = NULL;
+                       r.in.req->req8.mapping_ctr.num_mappings         = 0;
+                       r.in.req->req8.mapping_ctr.mappings             = NULL;
 
                        break;
                }
@@ -663,19 +624,23 @@ static bool test_FetchData(struct DsSyncTest *ctx)
                printf("Dumping AD partition: %s\n", nc.dn);
                for (y=0; ;y++) {
                        int32_t _level = 0;
+                       union drsuapi_DsGetNCChangesCtr ctr;
+
                        ZERO_STRUCT(r.out);
-                       r.out.level = &_level;
 
-                       if (*r.in.level == 5) {
+                       r.out.level_out = &_level;
+                       r.out.ctr       = &ctr;
+
+                       if (r.in.level == 5) {
                                DEBUG(0,("start[%d] tmp_higest_usn: %llu , highest_usn: %llu\n",y,
-                                       (long long)r.in.req.req5.highwatermark.tmp_highest_usn,
-                                       (long long)r.in.req.req5.highwatermark.highest_usn));
+                                       (long long)r.in.req->req5.highwatermark.tmp_highest_usn,
+                                       (long long)r.in.req->req5.highwatermark.highest_usn));
                        }
 
-                       if (*r.in.level == 8) {
+                       if (r.in.level == 8) {
                                DEBUG(0,("start[%d] tmp_higest_usn: %llu , highest_usn: %llu\n",y,
-                                       (long long)r.in.req.req8.highwatermark.tmp_highest_usn,
-                                       (long long)r.in.req.req8.highwatermark.highest_usn));
+                                       (long long)r.in.req->req8.highwatermark.tmp_highest_usn,
+                                       (long long)r.in.req->req8.highwatermark.highest_usn));
                        }
 
                        status = dcerpc_drsuapi_DsGetNCChanges(ctx->new_dc.drsuapi.pipe, ctx, &r);
@@ -691,12 +656,13 @@ static bool test_FetchData(struct DsSyncTest *ctx)
                                ret = false;
                        }
 
-                       if (ret == true && *r.out.level == 1) {
+                       if (ret == true && *r.out.level_out == 1) {
                                out_level = 1;
-                               ctr1 = &r.out.ctr.ctr1;
-                       } else if (ret == true && *r.out.level == 2) {
+                               ctr1 = &r.out.ctr->ctr1;
+                       } else if (ret == true && *r.out.level_out == 2 &&
+                                  r.out.ctr->ctr2.mszip1.ts) {
                                out_level = 1;
-                               ctr1 = r.out.ctr.ctr2.ctr.mszip1.ctr1;
+                               ctr1 = &r.out.ctr->ctr2.mszip1.ts->ctr1;
                        }
 
                        if (out_level == 1) {
@@ -704,22 +670,29 @@ static bool test_FetchData(struct DsSyncTest *ctx)
                                        (long long)ctr1->new_highwatermark.tmp_highest_usn,
                                        (long long)ctr1->new_highwatermark.highest_usn));
 
-                               test_analyse_objects(ctx, &gensec_skey, ctr1->first_object);
+                               test_analyse_objects(tctx, ctx, &gensec_skey, ctr1->first_object);
 
-                               if (ctr1->new_highwatermark.tmp_highest_usn > ctr1->new_highwatermark.highest_usn) {
-                                       r.in.req.req5.highwatermark = ctr1->new_highwatermark;
+                               if (ctr1->more_data) {
+                                       r.in.req->req5.highwatermark = ctr1->new_highwatermark;
                                        continue;
                                }
                        }
 
-                       if (ret == true && *r.out.level == 6) {
+                       if (ret == true && *r.out.level_out == 6) {
+                               out_level = 6;
+                               ctr6 = &r.out.ctr->ctr6;
+                       } else if (ret == true && *r.out.level_out == 7
+                                  && r.out.ctr->ctr7.level == 6
+                                  && r.out.ctr->ctr7.type == DRSUAPI_COMPRESSION_TYPE_MSZIP
+                                  && r.out.ctr->ctr7.ctr.mszip6.ts) {
                                out_level = 6;
-                               ctr6 = &r.out.ctr.ctr6;
-                       } else if (ret == true && *r.out.level == 7
-                                  && r.out.ctr.ctr7.level == 6
-                                  && r.out.ctr.ctr7.type == DRSUAPI_COMPRESSION_TYPE_MSZIP) {
+                               ctr6 = &r.out.ctr->ctr7.ctr.mszip6.ts->ctr6;
+                       } else if (ret == true && *r.out.level_out == 7
+                                  && r.out.ctr->ctr7.level == 6
+                                  && r.out.ctr->ctr7.type == DRSUAPI_COMPRESSION_TYPE_XPRESS
+                                  && r.out.ctr->ctr7.ctr.xpress6.ts) {
                                out_level = 6;
-                               ctr6 = r.out.ctr.ctr7.ctr.mszip6.ctr6;
+                               ctr6 = &r.out.ctr->ctr7.ctr.xpress6.ts->ctr6;
                        }
 
                        if (out_level == 6) {
@@ -727,10 +700,10 @@ static bool test_FetchData(struct DsSyncTest *ctx)
                                        (long long)ctr6->new_highwatermark.tmp_highest_usn,
                                        (long long)ctr6->new_highwatermark.highest_usn));
 
-                               test_analyse_objects(ctx, &gensec_skey, ctr6->first_object);
+                               test_analyse_objects(tctx, ctx, &gensec_skey, ctr6->first_object);
 
-                               if (ctr6->new_highwatermark.tmp_highest_usn > ctr6->new_highwatermark.highest_usn) {
-                                       r.in.req.req8.highwatermark = ctr6->new_highwatermark;
+                               if (ctr6->more_data) {
+                                       r.in.req->req8.highwatermark = ctr6->new_highwatermark;
                                        continue;
                                }
                        }
@@ -742,11 +715,15 @@ static bool test_FetchData(struct DsSyncTest *ctx)
        return ret;
 }
 
-static bool test_FetchNT4Data(struct DsSyncTest *ctx)
+static bool test_FetchNT4Data(struct torture_context *tctx, 
+                             struct DsSyncTest *ctx)
 {
        NTSTATUS status;
        bool ret = true;
        struct drsuapi_DsGetNT4ChangeLog r;
+       union drsuapi_DsGetNT4ChangeLogRequest req;
+       union drsuapi_DsGetNT4ChangeLogInfo info;
+       uint32_t level_out = 0;
        struct GUID null_guid;
        struct dom_sid null_sid;
        DATA_BLOB cookie;
@@ -758,16 +735,23 @@ static bool test_FetchNT4Data(struct DsSyncTest *ctx)
        ZERO_STRUCT(r);
        r.in.bind_handle        = &ctx->new_dc.drsuapi.bind_handle;
        r.in.level              = 1;
+       r.out.info              = &info;
+       r.out.level_out         = &level_out;
 
-       r.in.req.req1.unknown1  = lp_parm_int(global_loadparm, NULL, "dssync", "nt4-1", 3);
-       r.in.req.req1.unknown2  = lp_parm_int(global_loadparm, NULL, "dssync", "nt4-2", 0x00004000);
+       req.req1.unknown1       = lp_parm_int(tctx->lp_ctx, NULL, "dssync", "nt4-1", 3);
+       req.req1.unknown2       = lp_parm_int(tctx->lp_ctx, NULL, "dssync", "nt4-2", 0x00004000);
 
        while (1) {
-               r.in.req.req1.length    = cookie.length;
-               r.in.req.req1.data      = cookie.data;
+               req.req1.length = cookie.length;
+               req.req1.data   = cookie.data;
+
+               r.in.req = &req;
 
                status = dcerpc_drsuapi_DsGetNT4ChangeLog(ctx->new_dc.drsuapi.pipe, ctx, &r);
-               if (!NT_STATUS_IS_OK(status)) {
+               if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)) {
+                       printf("DsGetNT4ChangeLog not supported by target server\n");
+                       break;
+               } else if (!NT_STATUS_IS_OK(status)) {
                        const char *errstr = nt_errstr(status);
                        if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
                                errstr = dcerpc_errstr(ctx, ctx->new_dc.drsuapi.pipe->last_fault_code);
@@ -780,16 +764,16 @@ static bool test_FetchNT4Data(struct DsSyncTest *ctx)
                } else if (!W_ERROR_IS_OK(r.out.result)) {
                        printf("DsGetNT4ChangeLog failed - %s\n", win_errstr(r.out.result));
                        ret = false;
-               } else if (r.out.level != 1) {
-                       printf("DsGetNT4ChangeLog unknown level - %u\n", r.out.level);
+               } else if (*r.out.level_out != 1) {
+                       printf("DsGetNT4ChangeLog unknown level - %u\n", *r.out.level_out);
                        ret = false;
-               } else if (NT_STATUS_IS_OK(r.out.info.info1.status)) {
-               } else if (NT_STATUS_EQUAL(r.out.info.info1.status, STATUS_MORE_ENTRIES)) {
-                       cookie.length   = r.out.info.info1.length1;
-                       cookie.data     = r.out.info.info1.data1;
+               } else if (NT_STATUS_IS_OK(r.out.info->info1.status)) {
+               } else if (NT_STATUS_EQUAL(r.out.info->info1.status, STATUS_MORE_ENTRIES)) {
+                       cookie.length   = r.out.info->info1.length1;
+                       cookie.data     = r.out.info->info1.data1;
                        continue;
                } else {
-                       printf("DsGetNT4ChangeLog failed - %s\n", nt_errstr(r.out.info.info1.status));
+                       printf("DsGetNT4ChangeLog failed - %s\n", nt_errstr(r.out.info->info1.status));
                        ret = false;
                }
 
@@ -806,23 +790,23 @@ bool torture_rpc_dssync(struct torture_context *torture)
        struct DsSyncTest *ctx;
        
        mem_ctx = talloc_init("torture_rpc_dssync");
-       ctx = test_create_context(mem_ctx);
+       ctx = test_create_context(torture);
        
-       ret &= _test_DsBind(ctx, ctx->admin.credentials, &ctx->admin.drsuapi);
+       ret &= _test_DsBind(torture, ctx, ctx->admin.credentials, &ctx->admin.drsuapi);
        if (!ret) {
                return ret;
        }
-       ret &= test_LDAPBind(ctx, ctx->admin.credentials, &ctx->admin.ldap);
+       ret &= test_LDAPBind(torture, ctx, ctx->admin.credentials, &ctx->admin.ldap);
        if (!ret) {
                return ret;
        }
-       ret &= test_GetInfo(ctx);
-       ret &= _test_DsBind(ctx, ctx->new_dc.credentials, &ctx->new_dc.drsuapi);
+       ret &= test_GetInfo(torture, ctx);
+       ret &= _test_DsBind(torture, ctx, ctx->new_dc.credentials, &ctx->new_dc.drsuapi);
        if (!ret) {
                return ret;
        }
-       ret &= test_FetchData(ctx);
-       ret &= test_FetchNT4Data(ctx);
+       ret &= test_FetchData(torture, ctx);
+       ret &= test_FetchNT4Data(torture, ctx);
 
        return ret;
 }
Samba Shared Repository