2 Unix SMB/CIFS implementation.
4 test suite for netlogon rpc operations
6 Copyright (C) Andrew Tridgell 2003
7 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2003-2004
8 Copyright (C) Tim Potter 2003
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
25 #include "torture/torture.h"
26 #include "lib/events/events.h"
27 #include "auth/auth.h"
28 #include "lib/cmdline/popt_common.h"
29 #include "torture/rpc/rpc.h"
30 #include "libcli/auth/libcli_auth.h"
31 #include "librpc/gen_ndr/ndr_netlogon_c.h"
32 #include "librpc/gen_ndr/ndr_lsa_c.h"
33 #include "param/param.h"
35 #define TEST_MACHINE_NAME "torturetest"
37 static bool test_LogonUasLogon(struct torture_context *tctx,
38 struct dcerpc_pipe *p)
41 struct netr_LogonUasLogon r;
43 r.in.server_name = NULL;
44 r.in.account_name = cli_credentials_get_username(cmdline_credentials);
45 r.in.workstation = TEST_MACHINE_NAME;
47 status = dcerpc_netr_LogonUasLogon(p, tctx, &r);
48 torture_assert_ntstatus_ok(tctx, status, "LogonUasLogon");
53 static bool test_LogonUasLogoff(struct torture_context *tctx,
54 struct dcerpc_pipe *p)
57 struct netr_LogonUasLogoff r;
59 r.in.server_name = NULL;
60 r.in.account_name = cli_credentials_get_username(cmdline_credentials);
61 r.in.workstation = TEST_MACHINE_NAME;
63 status = dcerpc_netr_LogonUasLogoff(p, tctx, &r);
64 torture_assert_ntstatus_ok(tctx, status, "LogonUasLogoff");
69 static bool test_SetupCredentials(struct dcerpc_pipe *p, struct torture_context *tctx,
70 struct cli_credentials *credentials,
71 struct creds_CredentialState **creds_out)
74 struct netr_ServerReqChallenge r;
75 struct netr_ServerAuthenticate a;
76 struct netr_Credential credentials1, credentials2, credentials3;
77 struct creds_CredentialState *creds;
78 struct samr_Password mach_password;
79 const char *plain_pass;
80 const char *machine_name;
82 plain_pass = cli_credentials_get_password(credentials);
83 machine_name = cli_credentials_get_workstation(credentials);
85 torture_comment(tctx, "Testing ServerReqChallenge\n");
87 creds = talloc(tctx, struct creds_CredentialState);
88 torture_assert(tctx, creds != NULL, "memory allocation");
90 r.in.server_name = NULL;
91 r.in.computer_name = machine_name;
92 r.in.credentials = &credentials1;
93 r.out.credentials = &credentials2;
95 generate_random_buffer(credentials1.data, sizeof(credentials1.data));
97 status = dcerpc_netr_ServerReqChallenge(p, tctx, &r);
98 torture_assert_ntstatus_ok(tctx, status, "ServerReqChallenge");
100 E_md4hash(plain_pass, mach_password.hash);
102 a.in.server_name = NULL;
103 a.in.account_name = talloc_asprintf(tctx, "%s$", machine_name);
104 a.in.secure_channel_type = SEC_CHAN_BDC;
105 a.in.computer_name = machine_name;
106 a.in.credentials = &credentials3;
107 a.out.credentials = &credentials3;
109 creds_client_init(creds, &credentials1, &credentials2,
110 &mach_password, &credentials3,
113 torture_comment(tctx, "Testing ServerAuthenticate\n");
115 status = dcerpc_netr_ServerAuthenticate(p, tctx, &a);
116 torture_assert_ntstatus_ok(tctx, status, "ServerAuthenticate");
118 torture_assert(tctx, creds_client_check(creds, &credentials3),
119 "Credential chaining failed");
125 static bool test_SetupCredentials2(struct dcerpc_pipe *p, struct torture_context *tctx,
126 uint32_t negotiate_flags,
127 struct cli_credentials *machine_credentials,
129 struct creds_CredentialState **creds_out)
132 struct netr_ServerReqChallenge r;
133 struct netr_ServerAuthenticate2 a;
134 struct netr_Credential credentials1, credentials2, credentials3;
135 struct creds_CredentialState *creds;
136 struct samr_Password mach_password;
137 const char *machine_name;
138 const char *plain_pass;
140 machine_name = cli_credentials_get_workstation(machine_credentials);
141 plain_pass = cli_credentials_get_password(machine_credentials);
143 torture_comment(tctx, "Testing ServerReqChallenge\n");
145 creds = talloc(tctx, struct creds_CredentialState);
146 torture_assert(tctx, creds != NULL, "memory allocation");
148 r.in.server_name = NULL;
149 r.in.computer_name = machine_name;
150 r.in.credentials = &credentials1;
151 r.out.credentials = &credentials2;
153 generate_random_buffer(credentials1.data, sizeof(credentials1.data));
155 status = dcerpc_netr_ServerReqChallenge(p, tctx, &r);
156 torture_assert_ntstatus_ok(tctx, status, "ServerReqChallenge");
158 E_md4hash(plain_pass, mach_password.hash);
160 a.in.server_name = NULL;
161 a.in.account_name = talloc_asprintf(tctx, "%s$", machine_name);
162 a.in.secure_channel_type = sec_chan_type;
163 a.in.computer_name = machine_name;
164 a.in.negotiate_flags = &negotiate_flags;
165 a.out.negotiate_flags = &negotiate_flags;
166 a.in.credentials = &credentials3;
167 a.out.credentials = &credentials3;
169 creds_client_init(creds, &credentials1, &credentials2,
170 &mach_password, &credentials3,
173 torture_comment(tctx, "Testing ServerAuthenticate2\n");
175 status = dcerpc_netr_ServerAuthenticate2(p, tctx, &a);
176 torture_assert_ntstatus_ok(tctx, status, "ServerAuthenticate2");
178 torture_assert(tctx, creds_client_check(creds, &credentials3),
179 "Credential chaining failed");
181 torture_comment(tctx, "negotiate_flags=0x%08x\n", negotiate_flags);
188 static bool test_SetupCredentials3(struct dcerpc_pipe *p, struct torture_context *tctx,
189 uint32_t negotiate_flags,
190 struct cli_credentials *machine_credentials,
191 struct creds_CredentialState **creds_out)
194 struct netr_ServerReqChallenge r;
195 struct netr_ServerAuthenticate3 a;
196 struct netr_Credential credentials1, credentials2, credentials3;
197 struct creds_CredentialState *creds;
198 struct samr_Password mach_password;
200 const char *machine_name;
201 const char *plain_pass;
203 machine_name = cli_credentials_get_workstation(machine_credentials);
204 plain_pass = cli_credentials_get_password(machine_credentials);
206 torture_comment(tctx, "Testing ServerReqChallenge\n");
208 creds = talloc(tctx, struct creds_CredentialState);
209 torture_assert(tctx, creds != NULL, "memory allocation");
211 r.in.server_name = NULL;
212 r.in.computer_name = machine_name;
213 r.in.credentials = &credentials1;
214 r.out.credentials = &credentials2;
216 generate_random_buffer(credentials1.data, sizeof(credentials1.data));
218 status = dcerpc_netr_ServerReqChallenge(p, tctx, &r);
219 torture_assert_ntstatus_ok(tctx, status, "ServerReqChallenge");
221 E_md4hash(plain_pass, mach_password.hash);
223 a.in.server_name = NULL;
224 a.in.account_name = talloc_asprintf(tctx, "%s$", machine_name);
225 a.in.secure_channel_type = SEC_CHAN_BDC;
226 a.in.computer_name = machine_name;
227 a.in.negotiate_flags = &negotiate_flags;
228 a.in.credentials = &credentials3;
229 a.out.credentials = &credentials3;
230 a.out.negotiate_flags = &negotiate_flags;
233 creds_client_init(creds, &credentials1, &credentials2,
234 &mach_password, &credentials3,
237 torture_comment(tctx, "Testing ServerAuthenticate3\n");
239 status = dcerpc_netr_ServerAuthenticate3(p, tctx, &a);
240 torture_assert_ntstatus_ok(tctx, status, "ServerAuthenticate3");
241 torture_assert(tctx, creds_client_check(creds, &credentials3), "Credential chaining failed");
243 torture_comment(tctx, "negotiate_flags=0x%08x\n", negotiate_flags);
250 try a change password for our machine account
252 static bool test_SetPassword(struct torture_context *tctx,
253 struct dcerpc_pipe *p,
254 struct cli_credentials *machine_credentials)
257 struct netr_ServerPasswordSet r;
258 const char *password;
259 struct creds_CredentialState *creds;
261 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
265 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
266 r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
267 r.in.secure_channel_type = SEC_CHAN_BDC;
268 r.in.computer_name = TEST_MACHINE_NAME;
270 password = generate_random_str(tctx, 8);
271 E_md4hash(password, r.in.new_password.hash);
273 creds_des_encrypt(creds, &r.in.new_password);
275 torture_comment(tctx, "Testing ServerPasswordSet on machine account\n");
276 torture_comment(tctx, "Changing machine account password to '%s'\n",
279 creds_client_authenticator(creds, &r.in.credential);
281 status = dcerpc_netr_ServerPasswordSet(p, tctx, &r);
282 torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet");
284 if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
285 torture_comment(tctx, "Credential chaining failed\n");
288 /* by changing the machine password twice we test the
289 credentials chaining fully, and we verify that the server
290 allows the password to be set to the same value twice in a
291 row (match win2k3) */
292 torture_comment(tctx,
293 "Testing a second ServerPasswordSet on machine account\n");
294 torture_comment(tctx,
295 "Changing machine account password to '%s' (same as previous run)\n", password);
297 creds_client_authenticator(creds, &r.in.credential);
299 status = dcerpc_netr_ServerPasswordSet(p, tctx, &r);
300 torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet (2)");
302 if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
303 torture_comment(tctx, "Credential chaining failed\n");
306 cli_credentials_set_password(machine_credentials, password, CRED_SPECIFIED);
309 test_SetupCredentials(p, tctx, machine_credentials, &creds),
310 "ServerPasswordSet failed to actually change the password");
316 try a change password for our machine account
318 static bool test_SetPassword2(struct torture_context *tctx,
319 struct dcerpc_pipe *p,
320 struct cli_credentials *machine_credentials)
323 struct netr_ServerPasswordSet2 r;
324 const char *password;
325 struct creds_CredentialState *creds;
326 struct samr_CryptPassword password_buf;
328 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
332 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
333 r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
334 r.in.secure_channel_type = SEC_CHAN_BDC;
335 r.in.computer_name = TEST_MACHINE_NAME;
337 password = generate_random_str(tctx, 8);
338 encode_pw_buffer(password_buf.data, password, STR_UNICODE);
339 creds_arcfour_crypt(creds, password_buf.data, 516);
341 memcpy(r.in.new_password.data, password_buf.data, 512);
342 r.in.new_password.length = IVAL(password_buf.data, 512);
344 torture_comment(tctx, "Testing ServerPasswordSet2 on machine account\n");
345 torture_comment(tctx, "Changing machine account password to '%s'\n", password);
347 creds_client_authenticator(creds, &r.in.credential);
349 status = dcerpc_netr_ServerPasswordSet2(p, tctx, &r);
350 torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet2");
352 if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
353 torture_comment(tctx, "Credential chaining failed\n");
356 cli_credentials_set_password(machine_credentials, password, CRED_SPECIFIED);
358 if (!torture_setting_bool(tctx, "dangerous", false)) {
359 torture_comment(tctx,
360 "Not testing ability to set password to '', enable dangerous tests to perform this test\n");
362 /* by changing the machine password to ""
363 * we check if the server uses password restrictions
364 * for ServerPasswordSet2
365 * (win2k3 accepts "")
368 encode_pw_buffer(password_buf.data, password, STR_UNICODE);
369 creds_arcfour_crypt(creds, password_buf.data, 516);
371 memcpy(r.in.new_password.data, password_buf.data, 512);
372 r.in.new_password.length = IVAL(password_buf.data, 512);
374 torture_comment(tctx,
375 "Testing ServerPasswordSet2 on machine account\n");
376 torture_comment(tctx,
377 "Changing machine account password to '%s'\n", password);
379 creds_client_authenticator(creds, &r.in.credential);
381 status = dcerpc_netr_ServerPasswordSet2(p, tctx, &r);
382 torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet2");
384 if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
385 torture_comment(tctx, "Credential chaining failed\n");
388 cli_credentials_set_password(machine_credentials, password, CRED_SPECIFIED);
391 torture_assert(tctx, test_SetupCredentials(p, tctx, machine_credentials, &creds),
392 "ServerPasswordSet failed to actually change the password");
394 /* now try a random password */
395 password = generate_random_str(tctx, 8);
396 encode_pw_buffer(password_buf.data, password, STR_UNICODE);
397 creds_arcfour_crypt(creds, password_buf.data, 516);
399 memcpy(r.in.new_password.data, password_buf.data, 512);
400 r.in.new_password.length = IVAL(password_buf.data, 512);
402 torture_comment(tctx, "Testing second ServerPasswordSet2 on machine account\n");
403 torture_comment(tctx, "Changing machine account password to '%s'\n", password);
405 creds_client_authenticator(creds, &r.in.credential);
407 status = dcerpc_netr_ServerPasswordSet2(p, tctx, &r);
408 torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet2 (2)");
410 if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
411 torture_comment(tctx, "Credential chaining failed\n");
414 /* by changing the machine password twice we test the
415 credentials chaining fully, and we verify that the server
416 allows the password to be set to the same value twice in a
417 row (match win2k3) */
418 torture_comment(tctx,
419 "Testing a second ServerPasswordSet2 on machine account\n");
420 torture_comment(tctx,
421 "Changing machine account password to '%s' (same as previous run)\n", password);
423 creds_client_authenticator(creds, &r.in.credential);
425 status = dcerpc_netr_ServerPasswordSet2(p, tctx, &r);
426 torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet (3)");
428 if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
429 torture_comment(tctx, "Credential chaining failed\n");
432 cli_credentials_set_password(machine_credentials, password, CRED_SPECIFIED);
434 torture_assert (tctx,
435 test_SetupCredentials(p, tctx, machine_credentials, &creds),
436 "ServerPasswordSet failed to actually change the password");
442 try a netlogon SamLogon
444 bool test_netlogon_ops(struct dcerpc_pipe *p, struct torture_context *tctx,
445 struct cli_credentials *credentials,
446 struct creds_CredentialState *creds)
449 struct netr_LogonSamLogon r;
450 struct netr_Authenticator auth, auth2;
451 struct netr_NetworkInfo ninfo;
452 DATA_BLOB names_blob, chal, lm_resp, nt_resp;
454 int flags = CLI_CRED_NTLM_AUTH;
455 if (lp_client_lanman_auth(global_loadparm)) {
456 flags |= CLI_CRED_LANMAN_AUTH;
459 if (lp_client_ntlmv2_auth(global_loadparm)) {
460 flags |= CLI_CRED_NTLMv2_AUTH;
463 cli_credentials_get_ntlm_username_domain(cmdline_credentials, tctx,
464 &ninfo.identity_info.account_name.string,
465 &ninfo.identity_info.domain_name.string);
467 generate_random_buffer(ninfo.challenge,
468 sizeof(ninfo.challenge));
469 chal = data_blob_const(ninfo.challenge,
470 sizeof(ninfo.challenge));
472 names_blob = NTLMv2_generate_names_blob(tctx, cli_credentials_get_workstation(credentials),
473 cli_credentials_get_domain(credentials));
475 status = cli_credentials_get_ntlm_response(cmdline_credentials, tctx,
481 torture_assert_ntstatus_ok(tctx, status, "cli_credentials_get_ntlm_response failed");
483 ninfo.lm.data = lm_resp.data;
484 ninfo.lm.length = lm_resp.length;
486 ninfo.nt.data = nt_resp.data;
487 ninfo.nt.length = nt_resp.length;
489 ninfo.identity_info.parameter_control = 0;
490 ninfo.identity_info.logon_id_low = 0;
491 ninfo.identity_info.logon_id_high = 0;
492 ninfo.identity_info.workstation.string = cli_credentials_get_workstation(credentials);
494 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
495 r.in.computer_name = cli_credentials_get_workstation(credentials);
496 r.in.credential = &auth;
497 r.in.return_authenticator = &auth2;
498 r.in.logon_level = 2;
499 r.in.logon.network = &ninfo;
501 d_printf("Testing LogonSamLogon with name %s\n", ninfo.identity_info.account_name.string);
505 creds_client_authenticator(creds, &auth);
507 r.in.validation_level = i;
509 status = dcerpc_netr_LogonSamLogon(p, tctx, &r);
510 torture_assert_ntstatus_ok(tctx, status, "LogonSamLogon failed");
512 torture_assert(tctx, creds_client_check(creds, &r.out.return_authenticator->cred),
513 "Credential chaining failed");
516 r.in.credential = NULL;
520 r.in.validation_level = i;
522 torture_comment(tctx, "Testing SamLogon with validation level %d and a NULL credential\n", i);
524 status = dcerpc_netr_LogonSamLogon(p, tctx, &r);
525 torture_assert_ntstatus_equal(tctx, status, NT_STATUS_INVALID_PARAMETER,
526 "LogonSamLogon expected INVALID_PARAMETER");
534 try a netlogon SamLogon
536 static bool test_SamLogon(struct torture_context *tctx,
537 struct dcerpc_pipe *p,
538 struct cli_credentials *credentials)
540 struct creds_CredentialState *creds;
542 if (!test_SetupCredentials(p, tctx, credentials, &creds)) {
546 return test_netlogon_ops(p, tctx, credentials, creds);
549 /* we remember the sequence numbers so we can easily do a DatabaseDelta */
550 static uint64_t sequence_nums[3];
553 try a netlogon DatabaseSync
555 static bool test_DatabaseSync(struct torture_context *tctx,
556 struct dcerpc_pipe *p,
557 struct cli_credentials *machine_credentials)
560 struct netr_DatabaseSync r;
561 struct creds_CredentialState *creds;
562 const uint32_t database_ids[] = {SAM_DATABASE_DOMAIN, SAM_DATABASE_BUILTIN, SAM_DATABASE_PRIVS};
565 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
569 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
570 r.in.computername = TEST_MACHINE_NAME;
571 r.in.preferredmaximumlength = (uint32_t)-1;
572 ZERO_STRUCT(r.in.return_authenticator);
574 for (i=0;i<ARRAY_SIZE(database_ids);i++) {
575 r.in.sync_context = 0;
576 r.in.database_id = database_ids[i];
578 torture_comment(tctx, "Testing DatabaseSync of id %d\n", r.in.database_id);
581 creds_client_authenticator(creds, &r.in.credential);
583 status = dcerpc_netr_DatabaseSync(p, tctx, &r);
584 if (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES))
587 torture_assert_ntstatus_ok(tctx, status, "DatabaseSync");
589 if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
590 torture_comment(tctx, "Credential chaining failed\n");
593 r.in.sync_context = r.out.sync_context;
595 if (r.out.delta_enum_array &&
596 r.out.delta_enum_array->num_deltas > 0 &&
597 r.out.delta_enum_array->delta_enum[0].delta_type == NETR_DELTA_DOMAIN &&
598 r.out.delta_enum_array->delta_enum[0].delta_union.domain) {
599 sequence_nums[r.in.database_id] =
600 r.out.delta_enum_array->delta_enum[0].delta_union.domain->sequence_num;
601 torture_comment(tctx, "\tsequence_nums[%d]=%llu\n",
603 (unsigned long long)sequence_nums[r.in.database_id]);
605 } while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES));
613 try a netlogon DatabaseDeltas
615 static bool test_DatabaseDeltas(struct torture_context *tctx,
616 struct dcerpc_pipe *p,
617 struct cli_credentials *machine_credentials)
620 struct netr_DatabaseDeltas r;
621 struct creds_CredentialState *creds;
622 const uint32_t database_ids[] = {0, 1, 2};
625 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
629 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
630 r.in.computername = TEST_MACHINE_NAME;
631 r.in.preferredmaximumlength = (uint32_t)-1;
632 ZERO_STRUCT(r.in.return_authenticator);
634 for (i=0;i<ARRAY_SIZE(database_ids);i++) {
635 r.in.database_id = database_ids[i];
636 r.in.sequence_num = sequence_nums[r.in.database_id];
638 if (r.in.sequence_num == 0) continue;
640 r.in.sequence_num -= 1;
642 torture_comment(tctx, "Testing DatabaseDeltas of id %d at %llu\n",
643 r.in.database_id, (unsigned long long)r.in.sequence_num);
646 creds_client_authenticator(creds, &r.in.credential);
648 status = dcerpc_netr_DatabaseDeltas(p, tctx, &r);
649 if (NT_STATUS_EQUAL(status,
650 NT_STATUS_SYNCHRONIZATION_REQUIRED)) {
651 torture_comment(tctx, "not considering %s to be an error\n",
655 if (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES))
658 torture_assert_ntstatus_ok(tctx, status, "DatabaseDeltas");
660 if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
661 torture_comment(tctx, "Credential chaining failed\n");
665 } while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES));
673 try a netlogon AccountDeltas
675 static bool test_AccountDeltas(struct torture_context *tctx,
676 struct dcerpc_pipe *p,
677 struct cli_credentials *machine_credentials)
680 struct netr_AccountDeltas r;
681 struct creds_CredentialState *creds;
683 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
687 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
688 r.in.computername = TEST_MACHINE_NAME;
689 ZERO_STRUCT(r.in.return_authenticator);
690 creds_client_authenticator(creds, &r.in.credential);
691 ZERO_STRUCT(r.in.uas);
696 /* w2k3 returns "NOT IMPLEMENTED" for this call */
697 status = dcerpc_netr_AccountDeltas(p, tctx, &r);
698 torture_assert_ntstatus_equal(tctx, status, NT_STATUS_NOT_IMPLEMENTED, "AccountDeltas");
704 try a netlogon AccountSync
706 static bool test_AccountSync(struct torture_context *tctx, struct dcerpc_pipe *p,
707 struct cli_credentials *machine_credentials)
710 struct netr_AccountSync r;
711 struct creds_CredentialState *creds;
713 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
717 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
718 r.in.computername = TEST_MACHINE_NAME;
719 ZERO_STRUCT(r.in.return_authenticator);
720 creds_client_authenticator(creds, &r.in.credential);
721 ZERO_STRUCT(r.in.recordid);
726 /* w2k3 returns "NOT IMPLEMENTED" for this call */
727 status = dcerpc_netr_AccountSync(p, tctx, &r);
728 torture_assert_ntstatus_equal(tctx, status, NT_STATUS_NOT_IMPLEMENTED, "AccountSync");
734 try a netlogon GetDcName
736 static bool test_GetDcName(struct torture_context *tctx,
737 struct dcerpc_pipe *p)
740 struct netr_GetDcName r;
742 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
743 r.in.domainname = lp_workgroup(global_loadparm);
745 status = dcerpc_netr_GetDcName(p, tctx, &r);
746 torture_assert_ntstatus_ok(tctx, status, "GetDcName");
747 torture_assert_werr_ok(tctx, r.out.result, "GetDcName");
749 torture_comment(tctx, "\tDC is at '%s'\n", r.out.dcname);
755 try a netlogon LogonControl
757 static bool test_LogonControl(struct torture_context *tctx,
758 struct dcerpc_pipe *p)
761 struct netr_LogonControl r;
764 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
765 r.in.function_code = 1;
770 torture_comment(tctx, "Testing LogonControl level %d\n", i);
772 status = dcerpc_netr_LogonControl(p, tctx, &r);
773 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
781 try a netlogon GetAnyDCName
783 static bool test_GetAnyDCName(struct torture_context *tctx,
784 struct dcerpc_pipe *p)
787 struct netr_GetAnyDCName r;
789 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
790 r.in.domainname = lp_workgroup(global_loadparm);
792 status = dcerpc_netr_GetAnyDCName(p, tctx, &r);
793 torture_assert_ntstatus_ok(tctx, status, "GetAnyDCName");
796 torture_comment(tctx, "\tDC is at '%s'\n", r.out.dcname);
804 try a netlogon LogonControl2
806 static bool test_LogonControl2(struct torture_context *tctx,
807 struct dcerpc_pipe *p)
810 struct netr_LogonControl2 r;
813 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
815 r.in.function_code = NETLOGON_CONTROL_REDISCOVER;
816 r.in.data.domain = lp_workgroup(global_loadparm);
821 torture_comment(tctx, "Testing LogonControl2 level %d function %d\n",
822 i, r.in.function_code);
824 status = dcerpc_netr_LogonControl2(p, tctx, &r);
825 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
828 r.in.function_code = NETLOGON_CONTROL_TC_QUERY;
829 r.in.data.domain = lp_workgroup(global_loadparm);
834 torture_comment(tctx, "Testing LogonControl2 level %d function %d\n",
835 i, r.in.function_code);
837 status = dcerpc_netr_LogonControl2(p, tctx, &r);
838 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
841 r.in.function_code = NETLOGON_CONTROL_TRANSPORT_NOTIFY;
842 r.in.data.domain = lp_workgroup(global_loadparm);
847 torture_comment(tctx, "Testing LogonControl2 level %d function %d\n",
848 i, r.in.function_code);
850 status = dcerpc_netr_LogonControl2(p, tctx, &r);
851 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
854 r.in.function_code = NETLOGON_CONTROL_SET_DBFLAG;
855 r.in.data.debug_level = ~0;
860 torture_comment(tctx, "Testing LogonControl2 level %d function %d\n",
861 i, r.in.function_code);
863 status = dcerpc_netr_LogonControl2(p, tctx, &r);
864 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
871 try a netlogon DatabaseSync2
873 static bool test_DatabaseSync2(struct torture_context *tctx,
874 struct dcerpc_pipe *p,
875 struct cli_credentials *machine_credentials)
878 struct netr_DatabaseSync2 r;
879 struct creds_CredentialState *creds;
880 const uint32_t database_ids[] = {0, 1, 2};
883 if (!test_SetupCredentials2(p, tctx, NETLOGON_NEG_AUTH2_FLAGS,
885 SEC_CHAN_BDC, &creds)) {
889 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
890 r.in.computername = TEST_MACHINE_NAME;
891 r.in.preferredmaximumlength = (uint32_t)-1;
892 ZERO_STRUCT(r.in.return_authenticator);
894 for (i=0;i<ARRAY_SIZE(database_ids);i++) {
895 r.in.sync_context = 0;
896 r.in.database_id = database_ids[i];
897 r.in.restart_state = 0;
899 torture_comment(tctx, "Testing DatabaseSync2 of id %d\n", r.in.database_id);
902 creds_client_authenticator(creds, &r.in.credential);
904 status = dcerpc_netr_DatabaseSync2(p, tctx, &r);
905 if (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES))
908 torture_assert_ntstatus_ok(tctx, status, "DatabaseSync2");
910 if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
911 torture_comment(tctx, "Credential chaining failed\n");
914 r.in.sync_context = r.out.sync_context;
915 } while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES));
923 try a netlogon LogonControl2Ex
925 static bool test_LogonControl2Ex(struct torture_context *tctx,
926 struct dcerpc_pipe *p)
929 struct netr_LogonControl2Ex r;
932 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
934 r.in.function_code = NETLOGON_CONTROL_REDISCOVER;
935 r.in.data.domain = lp_workgroup(global_loadparm);
940 torture_comment(tctx, "Testing LogonControl2Ex level %d function %d\n",
941 i, r.in.function_code);
943 status = dcerpc_netr_LogonControl2Ex(p, tctx, &r);
944 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
947 r.in.function_code = NETLOGON_CONTROL_TC_QUERY;
948 r.in.data.domain = lp_workgroup(global_loadparm);
953 torture_comment(tctx, "Testing LogonControl2Ex level %d function %d\n",
954 i, r.in.function_code);
956 status = dcerpc_netr_LogonControl2Ex(p, tctx, &r);
957 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
960 r.in.function_code = NETLOGON_CONTROL_TRANSPORT_NOTIFY;
961 r.in.data.domain = lp_workgroup(global_loadparm);
966 torture_comment(tctx, "Testing LogonControl2Ex level %d function %d\n",
967 i, r.in.function_code);
969 status = dcerpc_netr_LogonControl2Ex(p, tctx, &r);
970 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
973 r.in.function_code = NETLOGON_CONTROL_SET_DBFLAG;
974 r.in.data.debug_level = ~0;
979 torture_comment(tctx, "Testing LogonControl2Ex level %d function %d\n",
980 i, r.in.function_code);
982 status = dcerpc_netr_LogonControl2Ex(p, tctx, &r);
983 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
989 static bool test_netr_DsRGetForestTrustInformation(struct torture_context *tctx,
990 struct dcerpc_pipe *p, const char *trusted_domain_name)
993 struct netr_DsRGetForestTrustInformation r;
994 struct lsa_ForestTrustInformation info, *info_ptr;
998 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
999 r.in.trusted_domain_name = trusted_domain_name;
1001 r.out.forest_trust_info = &info_ptr;
1003 torture_comment(tctx ,"Testing netr_DsRGetForestTrustInformation\n");
1005 status = dcerpc_netr_DsRGetForestTrustInformation(p, tctx, &r);
1006 torture_assert_ntstatus_ok(tctx, status, "DsRGetForestTrustInformation");
1007 torture_assert_werr_ok(tctx, r.out.result, "DsRGetForestTrustInformation");
1013 try a netlogon netr_DsrEnumerateDomainTrusts
1015 static bool test_DsrEnumerateDomainTrusts(struct torture_context *tctx,
1016 struct dcerpc_pipe *p)
1019 struct netr_DsrEnumerateDomainTrusts r;
1022 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1023 r.in.trust_flags = 0x3f;
1025 status = dcerpc_netr_DsrEnumerateDomainTrusts(p, tctx, &r);
1026 torture_assert_ntstatus_ok(tctx, status, "DsrEnumerateDomaintrusts");
1027 torture_assert_werr_ok(tctx, r.out.result, "DsrEnumerateDomaintrusts");
1029 /* when trusted_domain_name is NULL, netr_DsRGetForestTrustInformation
1030 * will show non-forest trusts and all UPN suffixes of the own forest
1031 * as LSA_FOREST_TRUST_TOP_LEVEL_NAME types */
1034 if (!test_netr_DsRGetForestTrustInformation(tctx, p, NULL)) {
1039 for (i=0; i<r.out.count; i++) {
1041 /* get info for transitive forest trusts */
1043 if (r.out.trusts[i].trust_attributes & NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE) {
1044 if (!test_netr_DsRGetForestTrustInformation(tctx, p,
1045 r.out.trusts[i].dns_name)) {
1054 static bool test_netr_DsRGetSiteName(struct dcerpc_pipe *p, struct torture_context *tctx,
1055 const char *computer_name,
1056 const char *expected_site)
1059 struct netr_DsRGetSiteName r;
1061 if (torture_setting_bool(tctx, "samba4", false))
1062 torture_skip(tctx, "skipping DsRGetSiteName test against Samba4");
1064 r.in.computer_name = computer_name;
1065 torture_comment(tctx, "Testing netr_DsRGetSiteName\n");
1067 status = dcerpc_netr_DsRGetSiteName(p, tctx, &r);
1068 torture_assert_ntstatus_ok(tctx, status, "DsRGetSiteName");
1069 torture_assert_werr_ok(tctx, r.out.result, "DsRGetSiteName");
1070 torture_assert_str_equal(tctx, expected_site, r.out.site, "netr_DsRGetSiteName");
1072 r.in.computer_name = talloc_asprintf(tctx, "\\\\%s", computer_name);
1073 torture_comment(tctx,
1074 "Testing netr_DsRGetSiteName with broken computer name: %s\n", r.in.computer_name);
1076 status = dcerpc_netr_DsRGetSiteName(p, tctx, &r);
1077 torture_assert_ntstatus_ok(tctx, status, "DsRGetSiteName");
1078 torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_COMPUTERNAME, "netr_DsRGetSiteName");
1084 try a netlogon netr_DsRGetDCName
1086 static bool test_netr_DsRGetDCName(struct torture_context *tctx,
1087 struct dcerpc_pipe *p)
1090 struct netr_DsRGetDCName r;
1092 r.in.server_unc = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1093 r.in.domain_name = talloc_asprintf(tctx, "%s", lp_realm(global_loadparm));
1094 r.in.domain_guid = NULL;
1095 r.in.site_guid = NULL;
1096 r.in.flags = DS_RETURN_DNS_NAME;
1098 status = dcerpc_netr_DsRGetDCName(p, tctx, &r);
1099 torture_assert_ntstatus_ok(tctx, status, "DsRGetDCName");
1100 torture_assert_werr_ok(tctx, r.out.result, "DsRGetDCName");
1101 return test_netr_DsRGetSiteName(p, tctx,
1103 r.out.info->dc_site_name);
1107 try a netlogon netr_DsRGetDCNameEx
1109 static bool test_netr_DsRGetDCNameEx(struct torture_context *tctx,
1110 struct dcerpc_pipe *p)
1113 struct netr_DsRGetDCNameEx r;
1115 r.in.server_unc = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1116 r.in.domain_name = talloc_asprintf(tctx, "%s", lp_realm(global_loadparm));
1117 r.in.domain_guid = NULL;
1118 r.in.site_name = NULL;
1119 r.in.flags = DS_RETURN_DNS_NAME;
1121 status = dcerpc_netr_DsRGetDCNameEx(p, tctx, &r);
1122 torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx");
1123 torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx");
1125 return test_netr_DsRGetSiteName(p, tctx, r.out.info->dc_unc,
1126 r.out.info->dc_site_name);
1130 try a netlogon netr_DsRGetDCNameEx2
1132 static bool test_netr_DsRGetDCNameEx2(struct torture_context *tctx,
1133 struct dcerpc_pipe *p)
1136 struct netr_DsRGetDCNameEx2 r;
1138 r.in.server_unc = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1139 r.in.client_account = NULL;
1140 r.in.mask = 0x00000000;
1141 r.in.domain_name = talloc_asprintf(tctx, "%s", lp_realm(global_loadparm));
1142 r.in.domain_guid = NULL;
1143 r.in.site_name = NULL;
1144 r.in.flags = DS_RETURN_DNS_NAME;
1146 torture_comment(tctx, "Testing netr_DsRGetDCNameEx2 without client account\n");
1148 status = dcerpc_netr_DsRGetDCNameEx2(p, tctx, &r);
1149 torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx2");
1150 torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx2");
1152 torture_comment(tctx, "Testing netr_DsRGetDCNameEx2 with client acount\n");
1153 r.in.client_account = TEST_MACHINE_NAME"$";
1154 r.in.mask = ACB_SVRTRUST;
1155 r.in.flags = DS_RETURN_FLAT_NAME;
1157 status = dcerpc_netr_DsRGetDCNameEx2(p, tctx, &r);
1158 torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx2");
1159 torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx2");
1160 return test_netr_DsRGetSiteName(p, tctx, r.out.info->dc_unc,
1161 r.out.info->dc_site_name);
1164 static bool test_netr_DsrGetDcSiteCoverageW(struct torture_context *tctx,
1165 struct dcerpc_pipe *p)
1168 struct netr_DsrGetDcSiteCoverageW r;
1170 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1172 status = dcerpc_netr_DsrGetDcSiteCoverageW(p, tctx, &r);
1173 torture_assert_ntstatus_ok(tctx, status, "failed");
1174 torture_assert_werr_ok(tctx, r.out.result, "failed");
1179 static bool test_netr_DsRAddressToSitenamesW(struct torture_context *tctx,
1180 struct dcerpc_pipe *p)
1183 struct netr_DsRAddressToSitenamesW r;
1184 struct netr_DsRAddress addr;
1185 struct netr_DsRAddressToSitenamesWCtr *ctr;
1187 ctr = talloc(tctx, struct netr_DsRAddressToSitenamesWCtr);
1190 addr.buffer = talloc_zero_array(tctx, uint8_t, addr.size);
1192 addr.buffer[0] = 2; /* AF_INET */
1193 addr.buffer[4] = 127;
1198 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1200 r.in.addresses = talloc_zero_array(tctx, struct netr_DsRAddress, r.in.count);
1201 r.in.addresses[0] = addr;
1204 status = dcerpc_netr_DsRAddressToSitenamesW(p, tctx, &r);
1205 torture_assert_ntstatus_ok(tctx, status, "failed");
1206 torture_assert_werr_ok(tctx, r.out.result, "failed");
1211 static bool test_netr_DsRAddressToSitenamesExW(struct torture_context *tctx,
1212 struct dcerpc_pipe *p)
1215 struct netr_DsRAddressToSitenamesExW r;
1216 struct netr_DsRAddress addr;
1217 struct netr_DsRAddressToSitenamesExWCtr *ctr;
1219 ctr = talloc(tctx, struct netr_DsRAddressToSitenamesExWCtr);
1222 addr.buffer = talloc_zero_array(tctx, uint8_t, addr.size);
1224 addr.buffer[0] = 2; /* AF_INET */
1225 addr.buffer[4] = 127;
1230 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1232 r.in.addresses = talloc_zero_array(tctx, struct netr_DsRAddress, r.in.count);
1233 r.in.addresses[0] = addr;
1236 status = dcerpc_netr_DsRAddressToSitenamesExW(p, tctx, &r);
1237 torture_assert_ntstatus_ok(tctx, status, "failed");
1238 torture_assert_werr_ok(tctx, r.out.result, "failed");
1243 static bool test_GetDomainInfo(struct torture_context *tctx,
1244 struct dcerpc_pipe *p,
1245 struct cli_credentials *machine_credentials)
1248 struct netr_LogonGetDomainInfo r;
1249 struct netr_DomainQuery1 q1;
1250 struct netr_Authenticator a;
1251 struct creds_CredentialState *creds;
1253 if (!test_SetupCredentials3(p, tctx, NETLOGON_NEG_AUTH2_ADS_FLAGS,
1254 machine_credentials, &creds)) {
1260 creds_client_authenticator(creds, &a);
1262 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1263 r.in.computer_name = TEST_MACHINE_NAME;
1265 r.in.credential = &a;
1266 r.in.return_authenticator = &a;
1267 r.out.return_authenticator = &a;
1269 r.in.query.query1 = &q1;
1272 /* this should really be the fully qualified name */
1273 q1.workstation_domain = TEST_MACHINE_NAME;
1274 q1.workstation_site = "Default-First-Site-Name";
1275 q1.blob2.length = 0;
1277 q1.blob2.data = NULL;
1278 q1.product.string = "product string";
1280 torture_comment(tctx, "Testing netr_uogonGetDomainInfo\n");
1282 status = dcerpc_netr_LogonGetDomainInfo(p, tctx, &r);
1283 torture_assert_ntstatus_ok(tctx, status, "netr_LogonGetDomainInfo");
1284 torture_assert(tctx, creds_client_check(creds, &a.cred), "Credential chaining failed");
1290 static void async_callback(struct rpc_request *req)
1292 int *counter = (int *)req->async.private_data;
1293 if (NT_STATUS_IS_OK(req->status)) {
1298 static bool test_GetDomainInfo_async(struct torture_context *tctx,
1299 struct dcerpc_pipe *p,
1300 struct cli_credentials *machine_credentials)
1303 struct netr_LogonGetDomainInfo r;
1304 struct netr_DomainQuery1 q1;
1305 struct netr_Authenticator a;
1306 #define ASYNC_COUNT 100
1307 struct creds_CredentialState *creds;
1308 struct creds_CredentialState *creds_async[ASYNC_COUNT];
1309 struct rpc_request *req[ASYNC_COUNT];
1311 int *async_counter = talloc(tctx, int);
1313 if (!test_SetupCredentials3(p, tctx, NETLOGON_NEG_AUTH2_ADS_FLAGS,
1314 machine_credentials, &creds)) {
1319 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1320 r.in.computer_name = TEST_MACHINE_NAME;
1322 r.in.credential = &a;
1323 r.in.return_authenticator = &a;
1324 r.out.return_authenticator = &a;
1326 r.in.query.query1 = &q1;
1329 /* this should really be the fully qualified name */
1330 q1.workstation_domain = TEST_MACHINE_NAME;
1331 q1.workstation_site = "Default-First-Site-Name";
1332 q1.blob2.length = 0;
1334 q1.blob2.data = NULL;
1335 q1.product.string = "product string";
1337 torture_comment(tctx, "Testing netr_LogonGetDomainInfo - async count %d\n", ASYNC_COUNT);
1341 for (i=0;i<ASYNC_COUNT;i++) {
1342 creds_client_authenticator(creds, &a);
1344 creds_async[i] = (struct creds_CredentialState *)talloc_memdup(creds, creds, sizeof(*creds));
1345 req[i] = dcerpc_netr_LogonGetDomainInfo_send(p, tctx, &r);
1347 req[i]->async.callback = async_callback;
1348 req[i]->async.private_data = async_counter;
1350 /* even with this flush per request a w2k3 server seems to
1351 clag with multiple outstanding requests. bleergh. */
1352 torture_assert_int_equal(tctx, event_loop_once(dcerpc_event_context(p)), 0,
1353 "event_loop_once failed");
1356 for (i=0;i<ASYNC_COUNT;i++) {
1357 status = dcerpc_ndr_request_recv(req[i]);
1359 torture_assert_ntstatus_ok(tctx, status, "netr_LogonGetDomainInfo_async");
1360 torture_assert_ntstatus_ok(tctx, r.out.result, "netr_LogonGetDomainInfo_async");
1362 torture_assert(tctx, creds_client_check(creds_async[i], &a.cred),
1363 "Credential chaining failed at async");
1366 torture_comment(tctx,
1367 "Testing netr_LogonGetDomainInfo - async count %d OK\n", *async_counter);
1369 torture_assert_int_equal(tctx, (*async_counter), ASYNC_COUNT, "int");
1374 static bool test_ManyGetDCName(struct torture_context *tctx,
1375 struct dcerpc_pipe *p)
1378 struct dcerpc_pipe *p2;
1379 struct lsa_ObjectAttribute attr;
1380 struct lsa_QosInfo qos;
1381 struct lsa_OpenPolicy2 o;
1382 struct policy_handle lsa_handle;
1383 struct lsa_DomainList domains;
1385 struct lsa_EnumTrustDom t;
1386 uint32_t resume_handle = 0;
1387 struct netr_GetAnyDCName d;
1391 if (p->conn->transport.transport != NCACN_NP) {
1395 torture_comment(tctx, "Torturing GetDCName\n");
1397 status = dcerpc_secondary_connection(p, &p2, p->binding);
1398 torture_assert_ntstatus_ok(tctx, status, "Failed to create secondary connection");
1400 status = dcerpc_bind_auth_none(p2, &ndr_table_lsarpc);
1401 torture_assert_ntstatus_ok(tctx, status, "Failed to create bind on secondary connection");
1404 qos.impersonation_level = 2;
1405 qos.context_mode = 1;
1406 qos.effective_only = 0;
1409 attr.root_dir = NULL;
1410 attr.object_name = NULL;
1411 attr.attributes = 0;
1412 attr.sec_desc = NULL;
1413 attr.sec_qos = &qos;
1415 o.in.system_name = "\\";
1417 o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
1418 o.out.handle = &lsa_handle;
1420 status = dcerpc_lsa_OpenPolicy2(p2, tctx, &o);
1421 torture_assert_ntstatus_ok(tctx, status, "OpenPolicy2 failed");
1423 t.in.handle = &lsa_handle;
1424 t.in.resume_handle = &resume_handle;
1425 t.in.max_size = 1000;
1426 t.out.domains = &domains;
1427 t.out.resume_handle = &resume_handle;
1429 status = dcerpc_lsa_EnumTrustDom(p2, tctx, &t);
1431 if ((!NT_STATUS_IS_OK(status) &&
1432 (!NT_STATUS_EQUAL(status, NT_STATUS_NO_MORE_ENTRIES))))
1433 torture_fail(tctx, "Could not list domains");
1437 d.in.logon_server = talloc_asprintf(tctx, "\\\\%s",
1438 dcerpc_server_name(p));
1440 for (i=0; i<domains.count * 4; i++) {
1441 struct lsa_DomainInfo *info =
1442 &domains.domains[rand()%domains.count];
1444 d.in.domainname = info->name.string;
1446 status = dcerpc_netr_GetAnyDCName(p, tctx, &d);
1447 torture_assert_ntstatus_ok(tctx, status, "GetAnyDCName");
1449 torture_comment(tctx, "\tDC for domain %s is %s\n", info->name.string,
1450 d.out.dcname ? d.out.dcname : "unknown");
1456 struct torture_suite *torture_rpc_netlogon(TALLOC_CTX *mem_ctx)
1458 struct torture_suite *suite = torture_suite_create(mem_ctx, "NETLOGON");
1459 struct torture_rpc_tcase *tcase;
1460 struct torture_test *test;
1462 tcase = torture_suite_add_machine_rpc_iface_tcase(suite, "netlogon",
1463 &ndr_table_netlogon, TEST_MACHINE_NAME);
1464 torture_rpc_tcase_add_test(tcase, "LogonUasLogon", test_LogonUasLogon);
1465 torture_rpc_tcase_add_test(tcase, "LogonUasLogoff", test_LogonUasLogoff);
1466 torture_rpc_tcase_add_test_creds(tcase, "SamLogon", test_SamLogon);
1467 torture_rpc_tcase_add_test_creds(tcase, "SetPassword", test_SetPassword);
1468 torture_rpc_tcase_add_test_creds(tcase, "SetPassword2", test_SetPassword2);
1469 torture_rpc_tcase_add_test_creds(tcase, "GetDomainInfo", test_GetDomainInfo);
1470 torture_rpc_tcase_add_test_creds(tcase, "DatabaseSync", test_DatabaseSync);
1471 torture_rpc_tcase_add_test_creds(tcase, "DatabaseDeltas", test_DatabaseDeltas);
1472 torture_rpc_tcase_add_test_creds(tcase, "AccountDeltas", test_AccountDeltas);
1473 torture_rpc_tcase_add_test_creds(tcase, "AccountSync", test_AccountSync);
1474 torture_rpc_tcase_add_test(tcase, "GetDcName", test_GetDcName);
1475 torture_rpc_tcase_add_test(tcase, "ManyGetDCName", test_ManyGetDCName);
1476 torture_rpc_tcase_add_test(tcase, "LogonControl", test_LogonControl);
1477 torture_rpc_tcase_add_test(tcase, "GetAnyDCName", test_GetAnyDCName);
1478 torture_rpc_tcase_add_test(tcase, "LogonControl2", test_LogonControl2);
1479 torture_rpc_tcase_add_test_creds(tcase, "DatabaseSync2", test_DatabaseSync2);
1480 torture_rpc_tcase_add_test(tcase, "LogonControl2Ex", test_LogonControl2Ex);
1481 torture_rpc_tcase_add_test(tcase, "DsrEnumerateDomainTrusts", test_DsrEnumerateDomainTrusts);
1482 test = torture_rpc_tcase_add_test_creds(tcase, "GetDomainInfo_async", test_GetDomainInfo_async);
1483 test->dangerous = true;
1484 torture_rpc_tcase_add_test(tcase, "DsRGetDCName", test_netr_DsRGetDCName);
1485 torture_rpc_tcase_add_test(tcase, "DsRGetDCNameEx", test_netr_DsRGetDCNameEx);
1486 torture_rpc_tcase_add_test(tcase, "DsRGetDCNameEx2", test_netr_DsRGetDCNameEx2);
1487 torture_rpc_tcase_add_test(tcase, "DsrGetDcSiteCoverageW", test_netr_DsrGetDcSiteCoverageW);
1488 torture_rpc_tcase_add_test(tcase, "DsRAddressToSitenamesW", test_netr_DsRAddressToSitenamesW);
1489 torture_rpc_tcase_add_test(tcase, "DsRAddressToSitenamesExW", test_netr_DsRAddressToSitenamesExW);