#include "torture/torture.h"
#include "lib/events/events.h"
#include "auth/auth.h"
+#include "auth/gensec/gensec.h"
#include "lib/cmdline/popt_common.h"
#include "torture/rpc/rpc.h"
+#include "torture/rpc/netlogon.h"
+#include "../lib/crypto/crypto.h"
#include "libcli/auth/libcli_auth.h"
#include "librpc/gen_ndr/ndr_netlogon_c.h"
#include "librpc/gen_ndr/ndr_lsa_c.h"
{
NTSTATUS status;
struct netr_LogonUasLogon r;
+ struct netr_UasInfo *info = NULL;
r.in.server_name = NULL;
r.in.account_name = cli_credentials_get_username(cmdline_credentials);
r.in.workstation = TEST_MACHINE_NAME;
+ r.out.info = &info;
status = dcerpc_netr_LogonUasLogon(p, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "LogonUasLogon");
{
NTSTATUS status;
struct netr_LogonUasLogoff r;
+ struct netr_UasLogoffInfo info;
r.in.server_name = NULL;
r.in.account_name = cli_credentials_get_username(cmdline_credentials);
r.in.workstation = TEST_MACHINE_NAME;
+ r.out.info = &info;
status = dcerpc_netr_LogonUasLogoff(p, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "LogonUasLogoff");
}
static bool test_SetupCredentials(struct dcerpc_pipe *p, struct torture_context *tctx,
- struct cli_credentials *credentials,
- struct creds_CredentialState **creds_out)
+ struct cli_credentials *credentials,
+ struct creds_CredentialState **creds_out)
{
NTSTATUS status;
struct netr_ServerReqChallenge r;
struct netr_ServerAuthenticate a;
struct netr_Credential credentials1, credentials2, credentials3;
struct creds_CredentialState *creds;
- struct samr_Password mach_password;
- const char *plain_pass;
- const char *machine_name;
+ const struct samr_Password *mach_password;
+ const char *machine_name;
- plain_pass = cli_credentials_get_password(credentials);
+ mach_password = cli_credentials_get_nt_hash(credentials, tctx);
machine_name = cli_credentials_get_workstation(credentials);
torture_comment(tctx, "Testing ServerReqChallenge\n");
status = dcerpc_netr_ServerReqChallenge(p, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "ServerReqChallenge");
- E_md4hash(plain_pass, mach_password.hash);
-
a.in.server_name = NULL;
a.in.account_name = talloc_asprintf(tctx, "%s$", machine_name);
a.in.secure_channel_type = SEC_CHAN_BDC;
a.out.credentials = &credentials3;
creds_client_init(creds, &credentials1, &credentials2,
- &mach_password, &credentials3,
+ mach_password, &credentials3,
0);
torture_comment(tctx, "Testing ServerAuthenticate\n");
status = dcerpc_netr_ServerAuthenticate(p, tctx, &a);
+
+ /* This allows the tests to continue against the more fussy windows 2008 */
+ if (NT_STATUS_EQUAL(status, NT_STATUS_DOWNGRADE_DETECTED)) {
+ return test_SetupCredentials2(p, tctx, NETLOGON_NEG_AUTH2_ADS_FLAGS,
+ credentials, SEC_CHAN_BDC, creds_out);
+ }
+
torture_assert_ntstatus_ok(tctx, status, "ServerAuthenticate");
torture_assert(tctx, creds_client_check(creds, &credentials3),
return true;
}
-static bool test_SetupCredentials2(struct dcerpc_pipe *p, struct torture_context *tctx,
+bool test_SetupCredentials2(struct dcerpc_pipe *p, struct torture_context *tctx,
uint32_t negotiate_flags,
struct cli_credentials *machine_credentials,
int sec_chan_type,
struct netr_ServerAuthenticate2 a;
struct netr_Credential credentials1, credentials2, credentials3;
struct creds_CredentialState *creds;
- struct samr_Password mach_password;
+ const struct samr_Password *mach_password;
const char *machine_name;
const char *plain_pass;
+ mach_password = cli_credentials_get_nt_hash(machine_credentials, tctx);
machine_name = cli_credentials_get_workstation(machine_credentials);
- plain_pass = cli_credentials_get_password(machine_credentials);
torture_comment(tctx, "Testing ServerReqChallenge\n");
status = dcerpc_netr_ServerReqChallenge(p, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "ServerReqChallenge");
- E_md4hash(plain_pass, mach_password.hash);
-
a.in.server_name = NULL;
a.in.account_name = talloc_asprintf(tctx, "%s$", machine_name);
a.in.secure_channel_type = sec_chan_type;
a.out.credentials = &credentials3;
creds_client_init(creds, &credentials1, &credentials2,
- &mach_password, &credentials3,
+ mach_password, &credentials3,
negotiate_flags);
torture_comment(tctx, "Testing ServerAuthenticate2\n");
torture_assert(tctx, creds_client_check(creds, &credentials3), "Credential chaining failed");
torture_comment(tctx, "negotiate_flags=0x%08x\n", negotiate_flags);
+
+ /* Prove that requesting a challenge again won't break it */
+ status = dcerpc_netr_ServerReqChallenge(p, tctx, &r);
+ torture_assert_ntstatus_ok(tctx, status, "ServerReqChallenge");
*creds_out = creds;
return true;
return true;
}
+/*
+ generate a random password for password change tests
+*/
+static DATA_BLOB netlogon_very_rand_pass(TALLOC_CTX *mem_ctx, int len)
+{
+ int i;
+ DATA_BLOB password = data_blob_talloc(mem_ctx, NULL, len * 2 /* number of unicode chars */);
+ generate_random_buffer(password.data, password.length);
+
+ for (i=0; i < len; i++) {
+ if (((uint16_t *)password.data)[i] == 0) {
+ ((uint16_t *)password.data)[i] = 1;
+ }
+ }
+
+ return password;
+}
+
/*
try a change password for our machine account
*/
NTSTATUS status;
struct netr_ServerPasswordSet2 r;
const char *password;
+ DATA_BLOB new_random_pass;
struct creds_CredentialState *creds;
struct samr_CryptPassword password_buf;
+ struct samr_Password nt_hash;
if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
return false;
test_SetupCredentials(p, tctx, machine_credentials, &creds),
"ServerPasswordSet failed to actually change the password");
+ new_random_pass = netlogon_very_rand_pass(tctx, 128);
+
+ /* now try a random stream of bytes for a password */
+ set_pw_in_buffer(password_buf.data, &new_random_pass);
+
+ creds_arcfour_crypt(creds, password_buf.data, 516);
+
+ memcpy(r.in.new_password.data, password_buf.data, 512);
+ r.in.new_password.length = IVAL(password_buf.data, 512);
+
+ torture_comment(tctx,
+ "Testing a third ServerPasswordSet2 on machine account, with a compleatly random password\n");
+
+ creds_client_authenticator(creds, &r.in.credential);
+
+ status = dcerpc_netr_ServerPasswordSet2(p, tctx, &r);
+ torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet (3)");
+
+ if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
+ torture_comment(tctx, "Credential chaining failed\n");
+ }
+
+ mdfour(nt_hash.hash, new_random_pass.data, new_random_pass.length);
+
+ cli_credentials_set_password(machine_credentials, NULL, CRED_UNINITIALISED);
+ cli_credentials_set_nt_hash(machine_credentials, &nt_hash, CRED_SPECIFIED);
+
+ torture_assert (tctx,
+ test_SetupCredentials(p, tctx, machine_credentials, &creds),
+ "ServerPasswordSet failed to actually change the password");
+
+ return true;
+}
+
+static bool test_GetPassword(struct torture_context *tctx,
+ struct dcerpc_pipe *p,
+ struct cli_credentials *machine_credentials)
+{
+ struct netr_ServerPasswordGet r;
+ struct creds_CredentialState *creds;
+ struct netr_Authenticator credential;
+ NTSTATUS status;
+ struct netr_Authenticator return_authenticator;
+ struct samr_Password password;
+
+ if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
+ return false;
+ }
+
+ creds_client_authenticator(creds, &credential);
+
+ r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+ r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
+ r.in.secure_channel_type = SEC_CHAN_BDC;
+ r.in.computer_name = TEST_MACHINE_NAME;
+ r.in.credential = &credential;
+ r.out.return_authenticator = &return_authenticator;
+ r.out.password = &password;
+
+ status = dcerpc_netr_ServerPasswordGet(p, tctx, &r);
+ torture_assert_ntstatus_ok(tctx, status, "ServerPasswordGet");
+
+ return true;
+}
+
+static bool test_GetTrustPasswords(struct torture_context *tctx,
+ struct dcerpc_pipe *p,
+ struct cli_credentials *machine_credentials)
+{
+ struct netr_ServerTrustPasswordsGet r;
+ struct creds_CredentialState *creds;
+ struct netr_Authenticator credential;
+ NTSTATUS status;
+ struct netr_Authenticator return_authenticator;
+ struct samr_Password password, password2;
+
+ if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
+ return false;
+ }
+
+ creds_client_authenticator(creds, &credential);
+
+ r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+ r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
+ r.in.secure_channel_type = SEC_CHAN_BDC;
+ r.in.computer_name = TEST_MACHINE_NAME;
+ r.in.credential = &credential;
+ r.out.return_authenticator = &return_authenticator;
+ r.out.password = &password;
+ r.out.password2 = &password2;
+
+ status = dcerpc_netr_ServerTrustPasswordsGet(p, tctx, &r);
+ torture_assert_ntstatus_ok(tctx, status, "ServerTrustPasswordsGet");
+
return true;
}
DATA_BLOB names_blob, chal, lm_resp, nt_resp;
int i;
int flags = CLI_CRED_NTLM_AUTH;
- if (lp_client_lanman_auth(global_loadparm)) {
+ if (lp_client_lanman_auth(tctx->lp_ctx)) {
flags |= CLI_CRED_LANMAN_AUTH;
}
- if (lp_client_ntlmv2_auth(global_loadparm)) {
+ if (lp_client_ntlmv2_auth(tctx->lp_ctx)) {
flags |= CLI_CRED_NTLMv2_AUTH;
}
if (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES))
break;
+ /* Native mode servers don't do this */
+ if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
+ return true;
+ }
torture_assert_ntstatus_ok(tctx, status, "DatabaseSync");
if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
NTSTATUS status;
struct netr_DatabaseDeltas r;
struct creds_CredentialState *creds;
+ struct netr_Authenticator credential;
+ struct netr_Authenticator return_authenticator;
+ struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
const uint32_t database_ids[] = {0, 1, 2};
int i;
r.in.computername = TEST_MACHINE_NAME;
r.in.preferredmaximumlength = (uint32_t)-1;
ZERO_STRUCT(r.in.return_authenticator);
+ r.out.return_authenticator = &return_authenticator;
+ r.out.delta_enum_array = &delta_enum_array;
for (i=0;i<ARRAY_SIZE(database_ids);i++) {
r.in.database_id = database_ids[i];
- r.in.sequence_num = sequence_nums[r.in.database_id];
+ r.in.sequence_num = &sequence_nums[r.in.database_id];
- if (r.in.sequence_num == 0) continue;
+ if (*r.in.sequence_num == 0) continue;
- r.in.sequence_num -= 1;
+ *r.in.sequence_num -= 1;
torture_comment(tctx, "Testing DatabaseDeltas of id %d at %llu\n",
- r.in.database_id, (unsigned long long)r.in.sequence_num);
+ r.in.database_id, (unsigned long long)*r.in.sequence_num);
do {
- creds_client_authenticator(creds, &r.in.credential);
+ creds_client_authenticator(creds, &credential);
status = dcerpc_netr_DatabaseDeltas(p, tctx, &r);
if (NT_STATUS_EQUAL(status,
torture_assert_ntstatus_ok(tctx, status, "DatabaseDeltas");
- if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
+ if (!creds_client_check(creds, &return_authenticator.cred)) {
torture_comment(tctx, "Credential chaining failed\n");
}
- r.in.sequence_num++;
+ (*r.in.sequence_num)++;
} while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES));
}
struct netr_AccountDeltas r;
struct creds_CredentialState *creds;
+ struct netr_AccountBuffer buffer;
+ uint32_t count_returned = 0;
+ uint32_t total_entries = 0;
+ struct netr_UAS_INFO_0 recordid;
+ struct netr_Authenticator return_authenticator;
+
if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
return false;
}
+ ZERO_STRUCT(return_authenticator);
+
r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
r.in.computername = TEST_MACHINE_NAME;
- ZERO_STRUCT(r.in.return_authenticator);
+ r.in.return_authenticator = &return_authenticator;
creds_client_authenticator(creds, &r.in.credential);
ZERO_STRUCT(r.in.uas);
r.in.count=10;
r.in.level=0;
r.in.buffersize=100;
+ r.out.buffer = &buffer;
+ r.out.count_returned = &count_returned;
+ r.out.total_entries = &total_entries;
+ r.out.recordid = &recordid;
+ r.out.return_authenticator = &return_authenticator;
/* w2k3 returns "NOT IMPLEMENTED" for this call */
status = dcerpc_netr_AccountDeltas(p, tctx, &r);
{
NTSTATUS status;
struct netr_GetDcName r;
+ const char *dcname = NULL;
r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
- r.in.domainname = lp_workgroup(global_loadparm);
+ r.in.domainname = lp_workgroup(tctx->lp_ctx);
+ r.out.dcname = &dcname;
status = dcerpc_netr_GetDcName(p, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "GetDcName");
torture_assert_werr_ok(tctx, r.out.result, "GetDcName");
- torture_comment(tctx, "\tDC is at '%s'\n", r.out.dcname);
+ torture_comment(tctx, "\tDC is at '%s'\n", dcname);
return true;
}
{
NTSTATUS status;
struct netr_LogonControl r;
+ union netr_CONTROL_QUERY_INFORMATION info;
int i;
r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
r.in.function_code = 1;
+ r.out.info = &info;
for (i=1;i<4;i++) {
r.in.level = i;
{
NTSTATUS status;
struct netr_GetAnyDCName r;
+ const char *dcname = NULL;
r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
- r.in.domainname = lp_workgroup(global_loadparm);
+ r.in.domainname = lp_workgroup(tctx->lp_ctx);
+ r.out.dcname = &dcname;
status = dcerpc_netr_GetAnyDCName(p, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "GetAnyDCName");
- if (r.out.dcname) {
- torture_comment(tctx, "\tDC is at '%s'\n", r.out.dcname);
+ if (dcname) {
+ torture_comment(tctx, "\tDC is at '%s'\n", dcname);
}
return true;
{
NTSTATUS status;
struct netr_LogonControl2 r;
+ union netr_CONTROL_DATA_INFORMATION data;
+ union netr_CONTROL_QUERY_INFORMATION query;
int i;
+ data.domain = lp_workgroup(tctx->lp_ctx);
+
r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
r.in.function_code = NETLOGON_CONTROL_REDISCOVER;
- r.in.data.domain = lp_workgroup(global_loadparm);
+ r.in.data = &data;
+ r.out.query = &query;
for (i=1;i<4;i++) {
r.in.level = i;
torture_assert_ntstatus_ok(tctx, status, "LogonControl");
}
+ data.domain = lp_workgroup(tctx->lp_ctx);
+
r.in.function_code = NETLOGON_CONTROL_TC_QUERY;
- r.in.data.domain = lp_workgroup(global_loadparm);
+ r.in.data = &data;
for (i=1;i<4;i++) {
r.in.level = i;
torture_assert_ntstatus_ok(tctx, status, "LogonControl");
}
+ data.domain = lp_workgroup(tctx->lp_ctx);
+
r.in.function_code = NETLOGON_CONTROL_TRANSPORT_NOTIFY;
- r.in.data.domain = lp_workgroup(global_loadparm);
+ r.in.data = &data;
for (i=1;i<4;i++) {
r.in.level = i;
torture_assert_ntstatus_ok(tctx, status, "LogonControl");
}
+ data.debug_level = ~0;
+
r.in.function_code = NETLOGON_CONTROL_SET_DBFLAG;
- r.in.data.debug_level = ~0;
+ r.in.data = &data;
for (i=1;i<4;i++) {
r.in.level = i;
if (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES))
break;
+ /* Native mode servers don't do this */
+ if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
+ return true;
+ }
+
torture_assert_ntstatus_ok(tctx, status, "DatabaseSync2");
if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
{
NTSTATUS status;
struct netr_LogonControl2Ex r;
+ union netr_CONTROL_QUERY_INFORMATION query;
int i;
r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
r.in.function_code = NETLOGON_CONTROL_REDISCOVER;
- r.in.data.domain = lp_workgroup(global_loadparm);
+ r.in.data.domain = lp_workgroup(tctx->lp_ctx);
+ r.out.query = &query;
for (i=1;i<4;i++) {
r.in.level = i;
}
r.in.function_code = NETLOGON_CONTROL_TC_QUERY;
- r.in.data.domain = lp_workgroup(global_loadparm);
+ r.in.data.domain = lp_workgroup(tctx->lp_ctx);
for (i=1;i<4;i++) {
r.in.level = i;
}
r.in.function_code = NETLOGON_CONTROL_TRANSPORT_NOTIFY;
- r.in.data.domain = lp_workgroup(global_loadparm);
+ r.in.data.domain = lp_workgroup(tctx->lp_ctx);
for (i=1;i<4;i++) {
r.in.level = i;
{
NTSTATUS status;
struct netr_DsrEnumerateDomainTrusts r;
+ struct netr_DomainTrustList trusts;
int i;
r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
r.in.trust_flags = 0x3f;
+ r.out.trusts = &trusts;
status = dcerpc_netr_DsrEnumerateDomainTrusts(p, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "DsrEnumerateDomaintrusts");
* will show non-forest trusts and all UPN suffixes of the own forest
* as LSA_FOREST_TRUST_TOP_LEVEL_NAME types */
- if (r.out.count) {
+ if (r.out.trusts->count) {
if (!test_netr_DsRGetForestTrustInformation(tctx, p, NULL)) {
return false;
}
}
- for (i=0; i<r.out.count; i++) {
+ for (i=0; i<r.out.trusts->count; i++) {
/* get info for transitive forest trusts */
- if (r.out.trusts[i].trust_attributes & NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE) {
+ if (r.out.trusts->array[i].trust_attributes & NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE) {
if (!test_netr_DsRGetForestTrustInformation(tctx, p,
- r.out.trusts[i].dns_name)) {
+ r.out.trusts->array[i].dns_name)) {
return false;
}
}
return true;
}
+static bool test_netr_NetrEnumerateTrustedDomains(struct torture_context *tctx,
+ struct dcerpc_pipe *p)
+{
+ NTSTATUS status;
+ struct netr_NetrEnumerateTrustedDomains r;
+ struct netr_Blob trusted_domains_blob;
+
+ r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+ r.out.trusted_domains_blob = &trusted_domains_blob;
+
+ status = dcerpc_netr_NetrEnumerateTrustedDomains(p, tctx, &r);
+ torture_assert_ntstatus_ok(tctx, status, "netr_NetrEnumerateTrustedDomains");
+ torture_assert_werr_ok(tctx, r.out.result, "NetrEnumerateTrustedDomains");
+
+ return true;
+}
+
+static bool test_netr_NetrEnumerateTrustedDomainsEx(struct torture_context *tctx,
+ struct dcerpc_pipe *p)
+{
+ NTSTATUS status;
+ struct netr_NetrEnumerateTrustedDomainsEx r;
+ struct netr_DomainTrustList dom_trust_list;
+
+ r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+ r.out.dom_trust_list = &dom_trust_list;
+
+ status = dcerpc_netr_NetrEnumerateTrustedDomainsEx(p, tctx, &r);
+ torture_assert_ntstatus_ok(tctx, status, "netr_NetrEnumerateTrustedDomainsEx");
+ torture_assert_werr_ok(tctx, r.out.result, "NetrEnumerateTrustedDomainsEx");
+
+ return true;
+}
+
+
static bool test_netr_DsRGetSiteName(struct dcerpc_pipe *p, struct torture_context *tctx,
const char *computer_name,
const char *expected_site)
{
NTSTATUS status;
struct netr_DsRGetSiteName r;
+ const char *site = NULL;
if (torture_setting_bool(tctx, "samba4", false))
torture_skip(tctx, "skipping DsRGetSiteName test against Samba4");
r.in.computer_name = computer_name;
+ r.out.site = &site;
torture_comment(tctx, "Testing netr_DsRGetSiteName\n");
status = dcerpc_netr_DsRGetSiteName(p, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "DsRGetSiteName");
torture_assert_werr_ok(tctx, r.out.result, "DsRGetSiteName");
- torture_assert_str_equal(tctx, expected_site, r.out.site, "netr_DsRGetSiteName");
+ torture_assert_str_equal(tctx, expected_site, site, "netr_DsRGetSiteName");
r.in.computer_name = talloc_asprintf(tctx, "\\\\%s", computer_name);
torture_comment(tctx,
{
NTSTATUS status;
struct netr_DsRGetDCName r;
+ struct netr_DsRGetDCNameInfo *info = NULL;
r.in.server_unc = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
- r.in.domain_name = talloc_asprintf(tctx, "%s", lp_realm(global_loadparm));
+ r.in.domain_name = talloc_asprintf(tctx, "%s", lp_realm(tctx->lp_ctx));
r.in.domain_guid = NULL;
r.in.site_guid = NULL;
r.in.flags = DS_RETURN_DNS_NAME;
+ r.out.info = &info;
status = dcerpc_netr_DsRGetDCName(p, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "DsRGetDCName");
torture_assert_werr_ok(tctx, r.out.result, "DsRGetDCName");
return test_netr_DsRGetSiteName(p, tctx,
- r.out.info->dc_unc,
- r.out.info->dc_site_name);
+ info->dc_unc,
+ info->dc_site_name);
}
/*
{
NTSTATUS status;
struct netr_DsRGetDCNameEx r;
+ struct netr_DsRGetDCNameInfo *info = NULL;
r.in.server_unc = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
- r.in.domain_name = talloc_asprintf(tctx, "%s", lp_realm(global_loadparm));
+ r.in.domain_name = talloc_asprintf(tctx, "%s", lp_realm(tctx->lp_ctx));
r.in.domain_guid = NULL;
r.in.site_name = NULL;
r.in.flags = DS_RETURN_DNS_NAME;
+ r.out.info = &info;
status = dcerpc_netr_DsRGetDCNameEx(p, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx");
torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx");
- return test_netr_DsRGetSiteName(p, tctx, r.out.info->dc_unc,
- r.out.info->dc_site_name);
+ return test_netr_DsRGetSiteName(p, tctx, info->dc_unc,
+ info->dc_site_name);
}
/*
{
NTSTATUS status;
struct netr_DsRGetDCNameEx2 r;
+ struct netr_DsRGetDCNameInfo *info = NULL;
r.in.server_unc = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
r.in.client_account = NULL;
r.in.mask = 0x00000000;
- r.in.domain_name = talloc_asprintf(tctx, "%s", lp_realm(global_loadparm));
+ r.in.domain_name = talloc_asprintf(tctx, "%s", lp_realm(tctx->lp_ctx));
r.in.domain_guid = NULL;
r.in.site_name = NULL;
r.in.flags = DS_RETURN_DNS_NAME;
+ r.out.info = &info;
torture_comment(tctx, "Testing netr_DsRGetDCNameEx2 without client account\n");
r.in.client_account = TEST_MACHINE_NAME"$";
r.in.mask = ACB_SVRTRUST;
r.in.flags = DS_RETURN_FLAT_NAME;
+ r.out.info = &info;
status = dcerpc_netr_DsRGetDCNameEx2(p, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx2");
torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx2");
- return test_netr_DsRGetSiteName(p, tctx, r.out.info->dc_unc,
- r.out.info->dc_site_name);
+ return test_netr_DsRGetSiteName(p, tctx, info->dc_unc,
+ info->dc_site_name);
}
static bool test_netr_DsrGetDcSiteCoverageW(struct torture_context *tctx,
{
NTSTATUS status;
struct netr_DsrGetDcSiteCoverageW r;
+ struct DcSitesCtr *ctr = NULL;
r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+ r.out.ctr = &ctr;
status = dcerpc_netr_DsrGetDcSiteCoverageW(p, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "failed");
return true;
}
+static bool test_netr_DsRAddressToSitenamesW(struct torture_context *tctx,
+ struct dcerpc_pipe *p)
+{
+ NTSTATUS status;
+ struct netr_DsRAddressToSitenamesW r;
+ struct netr_DsRAddress addr;
+ struct netr_DsRAddressToSitenamesWCtr *ctr;
+
+ ctr = talloc(tctx, struct netr_DsRAddressToSitenamesWCtr);
+
+ addr.size = 16;
+ addr.buffer = talloc_zero_array(tctx, uint8_t, addr.size);
+
+ addr.buffer[0] = 2; /* AF_INET */
+ addr.buffer[4] = 127;
+ addr.buffer[5] = 0;
+ addr.buffer[6] = 0;
+ addr.buffer[7] = 1;
+
+ r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+ r.in.count = 1;
+ r.in.addresses = talloc_zero_array(tctx, struct netr_DsRAddress, r.in.count);
+ r.in.addresses[0] = addr;
+ r.out.ctr = &ctr;
+
+ status = dcerpc_netr_DsRAddressToSitenamesW(p, tctx, &r);
+ torture_assert_ntstatus_ok(tctx, status, "failed");
+ torture_assert_werr_ok(tctx, r.out.result, "failed");
+
+ return true;
+}
+
+static bool test_netr_DsRAddressToSitenamesExW(struct torture_context *tctx,
+ struct dcerpc_pipe *p)
+{
+ NTSTATUS status;
+ struct netr_DsRAddressToSitenamesExW r;
+ struct netr_DsRAddress addr;
+ struct netr_DsRAddressToSitenamesExWCtr *ctr;
+
+ ctr = talloc(tctx, struct netr_DsRAddressToSitenamesExWCtr);
+
+ addr.size = 16;
+ addr.buffer = talloc_zero_array(tctx, uint8_t, addr.size);
+
+ addr.buffer[0] = 2; /* AF_INET */
+ addr.buffer[4] = 127;
+ addr.buffer[5] = 0;
+ addr.buffer[6] = 0;
+ addr.buffer[7] = 1;
+
+ r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+ r.in.count = 1;
+ r.in.addresses = talloc_zero_array(tctx, struct netr_DsRAddress, r.in.count);
+ r.in.addresses[0] = addr;
+ r.out.ctr = &ctr;
+
+ status = dcerpc_netr_DsRAddressToSitenamesExW(p, tctx, &r);
+ torture_assert_ntstatus_ok(tctx, status, "failed");
+ torture_assert_werr_ok(tctx, r.out.result, "failed");
+
+ return true;
+}
static bool test_GetDomainInfo(struct torture_context *tctx,
struct dcerpc_pipe *p,
struct netr_DomainQuery1 q1;
struct netr_Authenticator a;
struct creds_CredentialState *creds;
+ union netr_DomainInfo info;
if (!test_SetupCredentials3(p, tctx, NETLOGON_NEG_AUTH2_ADS_FLAGS,
machine_credentials, &creds)) {
r.in.credential = &a;
r.in.return_authenticator = &a;
r.out.return_authenticator = &a;
+ r.out.info = &info;
r.in.query.query1 = &q1;
ZERO_STRUCT(q1);
q1.blob2.data = NULL;
q1.product.string = "product string";
- torture_comment(tctx, "Testing netr_uogonGetDomainInfo\n");
+ torture_comment(tctx, "Testing netr_LogonGetDomainInfo\n");
+
+ status = dcerpc_netr_LogonGetDomainInfo(p, tctx, &r);
+ torture_assert_ntstatus_ok(tctx, status, "netr_LogonGetDomainInfo");
+ torture_assert(tctx, creds_client_check(creds, &a.cred), "Credential chaining failed");
+
+ torture_comment(tctx, "Testing netr_LogonGetDomainInfo 2nd call\n");
+ creds_client_authenticator(creds, &a);
status = dcerpc_netr_LogonGetDomainInfo(p, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "netr_LogonGetDomainInfo");
struct rpc_request *req[ASYNC_COUNT];
int i;
int *async_counter = talloc(tctx, int);
+ union netr_DomainInfo info;
if (!test_SetupCredentials3(p, tctx, NETLOGON_NEG_AUTH2_ADS_FLAGS,
machine_credentials, &creds)) {
r.in.credential = &a;
r.in.return_authenticator = &a;
r.out.return_authenticator = &a;
+ r.out.info = &info;
r.in.query.query1 = &q1;
ZERO_STRUCT(q1);
struct lsa_EnumTrustDom t;
uint32_t resume_handle = 0;
struct netr_GetAnyDCName d;
+ const char *dcname = NULL;
int i;
d.in.logon_server = talloc_asprintf(tctx, "\\\\%s",
dcerpc_server_name(p));
+ d.out.dcname = &dcname;
for (i=0; i<domains.count * 4; i++) {
struct lsa_DomainInfo *info =
torture_assert_ntstatus_ok(tctx, status, "GetAnyDCName");
torture_comment(tctx, "\tDC for domain %s is %s\n", info->name.string,
- d.out.dcname ? d.out.dcname : "unknown");
+ dcname ? dcname : "unknown");
}
return true;
torture_rpc_tcase_add_test_creds(tcase, "SamLogon", test_SamLogon);
torture_rpc_tcase_add_test_creds(tcase, "SetPassword", test_SetPassword);
torture_rpc_tcase_add_test_creds(tcase, "SetPassword2", test_SetPassword2);
+ torture_rpc_tcase_add_test_creds(tcase, "GetPassword", test_GetPassword);
+ torture_rpc_tcase_add_test_creds(tcase, "GetTrustPasswords", test_GetTrustPasswords);
torture_rpc_tcase_add_test_creds(tcase, "GetDomainInfo", test_GetDomainInfo);
torture_rpc_tcase_add_test_creds(tcase, "DatabaseSync", test_DatabaseSync);
torture_rpc_tcase_add_test_creds(tcase, "DatabaseDeltas", test_DatabaseDeltas);
torture_rpc_tcase_add_test_creds(tcase, "DatabaseSync2", test_DatabaseSync2);
torture_rpc_tcase_add_test(tcase, "LogonControl2Ex", test_LogonControl2Ex);
torture_rpc_tcase_add_test(tcase, "DsrEnumerateDomainTrusts", test_DsrEnumerateDomainTrusts);
+ torture_rpc_tcase_add_test(tcase, "NetrEnumerateTrustedDomains", test_netr_NetrEnumerateTrustedDomains);
+ torture_rpc_tcase_add_test(tcase, "NetrEnumerateTrustedDomainsEx", test_netr_NetrEnumerateTrustedDomainsEx);
test = torture_rpc_tcase_add_test_creds(tcase, "GetDomainInfo_async", test_GetDomainInfo_async);
test->dangerous = true;
torture_rpc_tcase_add_test(tcase, "DsRGetDCName", test_netr_DsRGetDCName);
torture_rpc_tcase_add_test(tcase, "DsRGetDCNameEx", test_netr_DsRGetDCNameEx);
torture_rpc_tcase_add_test(tcase, "DsRGetDCNameEx2", test_netr_DsRGetDCNameEx2);
torture_rpc_tcase_add_test(tcase, "DsrGetDcSiteCoverageW", test_netr_DsrGetDcSiteCoverageW);
+ torture_rpc_tcase_add_test(tcase, "DsRAddressToSitenamesW", test_netr_DsRAddressToSitenamesW);
+ torture_rpc_tcase_add_test(tcase, "DsRAddressToSitenamesExW", test_netr_DsRAddressToSitenamesExW);
return suite;
}