search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s4:torture/rpc: don't use the same names for 3 different tests
[Samba.git] / source4 / torture / rpc / netlogon.c
blob35d7027a512a0eae574ba8f4d74f3d6db803248b
1 /*
2 Unix SMB/CIFS implementation.
3
4 test suite for netlogon rpc operations
5
6 Copyright (C) Andrew Tridgell 2003
7 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2003-2004
8 Copyright (C) Tim Potter 2003
9 Copyright (C) Matthias Dieter Wallnöfer 2009-2010
10
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 3 of the License, or
14 (at your option) any later version.
15
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
20
21 You should have received a copy of the GNU General Public License
22 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 */
24
25 #include "includes.h"
26 #include "lib/events/events.h"
27 #include "lib/cmdline/popt_common.h"
28 #include "torture/rpc/torture_rpc.h"
29 #include "../lib/crypto/crypto.h"
30 #include "libcli/auth/libcli_auth.h"
31 #include "librpc/gen_ndr/ndr_netlogon_c.h"
32 #include "librpc/gen_ndr/ndr_lsa_c.h"
33 #include "param/param.h"
34 #include "libcli/security/security.h"
35 #include <ldb.h>
36 #include "lib/util/util_ldb.h"
37 #include "ldb_wrap.h"
38 #include "lib/replace/system/network.h"
39 #include "dsdb/samdb/samdb.h"
40
41 #define TEST_MACHINE_NAME "torturetest"
42
43 static bool test_netr_broken_binding_handle(struct torture_context *tctx,
44 struct dcerpc_pipe *p)
45 {
46 NTSTATUS status;
47 struct netr_DsRGetSiteName r;
48 const char *site = NULL;
49 struct dcerpc_binding_handle *b = p->binding_handle;
50
51 r.in.computer_name = talloc_asprintf(tctx, "\\\\%s",
52 dcerpc_server_name(p));
53 r.out.site = &site;
54
55 torture_comment(tctx,
56 "Testing netlogon request with correct binding handle: %s\n",
57 r.in.computer_name);
58
59 status = dcerpc_netr_DsRGetSiteName_r(b, tctx, &r);
60 torture_assert_ntstatus_ok(tctx, status,
61 "Netlogon request with broken binding handle");
62 torture_assert_werr_ok(tctx, r.out.result,
63 "Netlogon request with broken binding handle");
64
65 if (torture_setting_bool(tctx, "samba3", false) ||
66 torture_setting_bool(tctx, "samba4", false)) {
67 torture_skip(tctx,
68 "Skipping broken binding handle check against Samba");
69 }
70
71 r.in.computer_name = talloc_asprintf(tctx, "\\\\\\\\%s",
72 dcerpc_server_name(p));
73
74 torture_comment(tctx,
75 "Testing netlogon request with broken binding handle: %s\n",
76 r.in.computer_name);
77
78 status = dcerpc_netr_DsRGetSiteName_r(b, tctx, &r);
79 torture_assert_ntstatus_ok(tctx, status,
80 "Netlogon request with broken binding handle");
81 torture_assert_werr_equal(tctx, r.out.result,
82 WERR_INVALID_COMPUTERNAME,
83 "Netlogon request with broken binding handle");
84
85 r.in.computer_name = "\\\\\\\\THIS_IS_NOT_VALID";
86
87 torture_comment(tctx,
88 "Testing netlogon request with broken binding handle: %s\n",
89 r.in.computer_name);
90
91 status = dcerpc_netr_DsRGetSiteName_r(b, tctx, &r);
92 torture_assert_ntstatus_ok(tctx, status,
93 "Netlogon request with broken binding handle");
94 torture_assert_werr_equal(tctx, r.out.result,
95 WERR_INVALID_COMPUTERNAME,
96 "Netlogon request with broken binding handle");
97
98 return true;
99 }
100
101 static bool test_LogonUasLogon(struct torture_context *tctx,
102 struct dcerpc_pipe *p)
103 {
104 NTSTATUS status;
105 struct netr_LogonUasLogon r;
106 struct netr_UasInfo *info = NULL;
107 struct dcerpc_binding_handle *b = p->binding_handle;
108
109 r.in.server_name = NULL;
110 r.in.account_name = cli_credentials_get_username(cmdline_credentials);
111 r.in.workstation = TEST_MACHINE_NAME;
112 r.out.info = &info;
113
114 status = dcerpc_netr_LogonUasLogon_r(b, tctx, &r);
115 torture_assert_ntstatus_ok(tctx, status, "LogonUasLogon");
116
117 return true;
118 }
119
120 static bool test_LogonUasLogoff(struct torture_context *tctx,
121 struct dcerpc_pipe *p)
122 {
123 NTSTATUS status;
124 struct netr_LogonUasLogoff r;
125 struct netr_UasLogoffInfo info;
126 struct dcerpc_binding_handle *b = p->binding_handle;
127
128 r.in.server_name = NULL;
129 r.in.account_name = cli_credentials_get_username(cmdline_credentials);
130 r.in.workstation = TEST_MACHINE_NAME;
131 r.out.info = &info;
132
133 status = dcerpc_netr_LogonUasLogoff_r(b, tctx, &r);
134 torture_assert_ntstatus_ok(tctx, status, "LogonUasLogoff");
135
136 return true;
137 }
138
139 bool test_SetupCredentials(struct dcerpc_pipe *p, struct torture_context *tctx,
140 struct cli_credentials *credentials,
141 struct netlogon_creds_CredentialState **creds_out)
142 {
143 struct netr_ServerReqChallenge r;
144 struct netr_ServerAuthenticate a;
145 struct netr_Credential credentials1, credentials2, credentials3;
146 struct netlogon_creds_CredentialState *creds;
147 const struct samr_Password *mach_password;
148 const char *machine_name;
149 struct dcerpc_binding_handle *b = p->binding_handle;
150
151 mach_password = cli_credentials_get_nt_hash(credentials, tctx);
152 machine_name = cli_credentials_get_workstation(credentials);
153
154 torture_comment(tctx, "Testing ServerReqChallenge\n");
155
156 r.in.server_name = NULL;
157 r.in.computer_name = machine_name;
158 r.in.credentials = &credentials1;
159 r.out.return_credentials = &credentials2;
160
161 generate_random_buffer(credentials1.data, sizeof(credentials1.data));
162
163 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b, tctx, &r),
164 "ServerReqChallenge failed");
165 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerReqChallenge failed");
166
167 a.in.server_name = NULL;
168 a.in.account_name = talloc_asprintf(tctx, "%s$", machine_name);
169 a.in.secure_channel_type = cli_credentials_get_secure_channel_type(credentials);
170 a.in.computer_name = machine_name;
171 a.in.credentials = &credentials3;
172 a.out.return_credentials = &credentials3;
173
174 creds = netlogon_creds_client_init(tctx, a.in.account_name,
175 a.in.computer_name,
176 a.in.secure_channel_type,
177 &credentials1, &credentials2,
178 mach_password, &credentials3,
179 0);
180 torture_assert(tctx, creds != NULL, "memory allocation");
181
182
183 torture_comment(tctx, "Testing ServerAuthenticate\n");
184
185 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerAuthenticate_r(b, tctx, &a),
186 "ServerAuthenticate failed");
187
188 /* This allows the tests to continue against the more fussy windows 2008 */
189 if (NT_STATUS_EQUAL(a.out.result, NT_STATUS_DOWNGRADE_DETECTED)) {
190 return test_SetupCredentials2(p, tctx, NETLOGON_NEG_AUTH2_ADS_FLAGS,
191 credentials,
192 cli_credentials_get_secure_channel_type(credentials),
193 creds_out);
194 }
195
196 torture_assert_ntstatus_ok(tctx, a.out.result, "ServerAuthenticate");
197
198 torture_assert(tctx, netlogon_creds_client_check(creds, &credentials3),
199 "Credential chaining failed");
200
201 *creds_out = creds;
202 return true;
203 }
204
205 bool test_SetupCredentials2ex(struct dcerpc_pipe *p, struct torture_context *tctx,
206 uint32_t negotiate_flags,
207 struct cli_credentials *machine_credentials,
208 const char *computer_name,
209 enum netr_SchannelType sec_chan_type,
210 NTSTATUS expected_result,
211 struct netlogon_creds_CredentialState **creds_out)
212 {
213 struct netr_ServerReqChallenge r;
214 struct netr_ServerAuthenticate2 a;
215 struct netr_Credential credentials1, credentials2, credentials3;
216 struct netlogon_creds_CredentialState *creds;
217 const struct samr_Password *mach_password;
218 struct dcerpc_binding_handle *b = p->binding_handle;
219 const char *account_name = cli_credentials_get_username(machine_credentials);
220
221 mach_password = cli_credentials_get_nt_hash(machine_credentials, tctx);
222
223 torture_comment(tctx, "Testing ServerReqChallenge\n");
224
225 r.in.server_name = NULL;
226 r.in.computer_name = computer_name;
227 r.in.credentials = &credentials1;
228 r.out.return_credentials = &credentials2;
229
230 generate_random_buffer(credentials1.data, sizeof(credentials1.data));
231
232 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b, tctx, &r),
233 "ServerReqChallenge failed");
234 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerReqChallenge failed");
235
236 a.in.server_name = NULL;
237 a.in.account_name = account_name;
238 a.in.secure_channel_type = sec_chan_type;
239 a.in.computer_name = computer_name;
240 a.in.negotiate_flags = &negotiate_flags;
241 a.out.negotiate_flags = &negotiate_flags;
242 a.in.credentials = &credentials3;
243 a.out.return_credentials = &credentials3;
244
245 creds = netlogon_creds_client_init(tctx, a.in.account_name,
246 a.in.computer_name,
247 a.in.secure_channel_type,
248 &credentials1, &credentials2,
249 mach_password, &credentials3,
250 negotiate_flags);
251
252 torture_assert(tctx, creds != NULL, "memory allocation");
253
254 torture_comment(tctx, "Testing ServerAuthenticate2\n");
255
256 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerAuthenticate2_r(b, tctx, &a),
257 "ServerAuthenticate2 failed");
258 torture_assert_ntstatus_equal(tctx, a.out.result, expected_result,
259 "ServerAuthenticate2 unexpected");
260
261 if (NT_STATUS_IS_OK(expected_result)) {
262 torture_assert(tctx, netlogon_creds_client_check(creds, &credentials3),
263 "Credential chaining failed");
264 } else {
265 torture_assert(tctx, !netlogon_creds_client_check(creds, &credentials3),
266 "Credential chaining passed unexptected");
267 }
268
269 torture_comment(tctx, "negotiate_flags=0x%08x\n", negotiate_flags);
270
271 *creds_out = creds;
272 return true;
273 }
274
275 bool test_SetupCredentials2(struct dcerpc_pipe *p, struct torture_context *tctx,
276 uint32_t negotiate_flags,
277 struct cli_credentials *machine_credentials,
278 enum netr_SchannelType sec_chan_type,
279 struct netlogon_creds_CredentialState **creds_out)
280 {
281 const char *computer_name =
282 cli_credentials_get_workstation(machine_credentials);
283
284 return test_SetupCredentials2ex(p, tctx, negotiate_flags,
285 machine_credentials,
286 computer_name,
287 sec_chan_type,
288 NT_STATUS_OK,
289 creds_out);
290 }
291
292 bool test_SetupCredentials3(struct dcerpc_pipe *p, struct torture_context *tctx,
293 uint32_t negotiate_flags,
294 struct cli_credentials *machine_credentials,
295 struct netlogon_creds_CredentialState **creds_out)
296 {
297 struct netr_ServerReqChallenge r;
298 struct netr_ServerAuthenticate3 a;
299 struct netr_Credential credentials1, credentials2, credentials3;
300 struct netlogon_creds_CredentialState *creds;
301 struct samr_Password mach_password;
302 uint32_t rid;
303 const char *machine_name;
304 const char *plain_pass;
305 struct dcerpc_binding_handle *b = p->binding_handle;
306
307 machine_name = cli_credentials_get_workstation(machine_credentials);
308 plain_pass = cli_credentials_get_password(machine_credentials);
309
310 torture_comment(tctx, "Testing ServerReqChallenge\n");
311
312 r.in.server_name = NULL;
313 r.in.computer_name = machine_name;
314 r.in.credentials = &credentials1;
315 r.out.return_credentials = &credentials2;
316
317 generate_random_buffer(credentials1.data, sizeof(credentials1.data));
318
319 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b, tctx, &r),
320 "ServerReqChallenge failed");
321 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerReqChallenge failed");
322
323 E_md4hash(plain_pass, mach_password.hash);
324
325 a.in.server_name = NULL;
326 a.in.account_name = talloc_asprintf(tctx, "%s$", machine_name);
327 a.in.secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
328 a.in.computer_name = machine_name;
329 a.in.negotiate_flags = &negotiate_flags;
330 a.in.credentials = &credentials3;
331 a.out.return_credentials = &credentials3;
332 a.out.negotiate_flags = &negotiate_flags;
333 a.out.rid = &rid;
334
335 creds = netlogon_creds_client_init(tctx, a.in.account_name,
336 a.in.computer_name,
337 a.in.secure_channel_type,
338 &credentials1, &credentials2,
339 &mach_password, &credentials3,
340 negotiate_flags);
341
342 torture_assert(tctx, creds != NULL, "memory allocation");
343
344 torture_comment(tctx, "Testing ServerAuthenticate3\n");
345
346 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerAuthenticate3_r(b, tctx, &a),
347 "ServerAuthenticate3 failed");
348 torture_assert_ntstatus_ok(tctx, a.out.result, "ServerAuthenticate3 failed");
349 torture_assert(tctx, netlogon_creds_client_check(creds, &credentials3), "Credential chaining failed");
350
351 torture_comment(tctx, "negotiate_flags=0x%08x\n", negotiate_flags);
352
353 /* Prove that requesting a challenge again won't break it */
354 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b, tctx, &r),
355 "ServerReqChallenge failed");
356 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerReqChallenge failed");
357
358 *creds_out = creds;
359 return true;
360 }
361
362 /*
363 try a change password for our machine account
364 */
365 static bool test_SetPassword(struct torture_context *tctx,
366 struct dcerpc_pipe *p,
367 struct cli_credentials *machine_credentials)
368 {
369 struct netr_ServerPasswordSet r;
370 const char *password;
371 struct netlogon_creds_CredentialState *creds;
372 struct netr_Authenticator credential, return_authenticator;
373 struct samr_Password new_password;
374 struct dcerpc_binding_handle *b = p->binding_handle;
375
376 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
377 return false;
378 }
379
380 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
381 r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
382 r.in.secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
383 r.in.computer_name = TEST_MACHINE_NAME;
384 r.in.credential = &credential;
385 r.in.new_password = &new_password;
386 r.out.return_authenticator = &return_authenticator;
387
388 password = generate_random_password(tctx, 8, 255);
389 E_md4hash(password, new_password.hash);
390
391 netlogon_creds_des_encrypt(creds, &new_password);
392
393 torture_comment(tctx, "Testing ServerPasswordSet on machine account\n");
394 torture_comment(tctx, "Changing machine account password to '%s'\n",
395 password);
396
397 netlogon_creds_client_authenticator(creds, &credential);
398
399 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerPasswordSet_r(b, tctx, &r),
400 "ServerPasswordSet failed");
401 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerPasswordSet failed");
402
403 if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
404 torture_comment(tctx, "Credential chaining failed\n");
405 }
406
407 /* by changing the machine password twice we test the
408 credentials chaining fully, and we verify that the server
409 allows the password to be set to the same value twice in a
410 row (match win2k3) */
411 torture_comment(tctx,
412 "Testing a second ServerPasswordSet on machine account\n");
413 torture_comment(tctx,
414 "Changing machine account password to '%s' (same as previous run)\n", password);
415
416 netlogon_creds_client_authenticator(creds, &credential);
417
418 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerPasswordSet_r(b, tctx, &r),
419 "ServerPasswordSet (2) failed");
420 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerPasswordSet (2) failed");
421
422 if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
423 torture_comment(tctx, "Credential chaining failed\n");
424 }
425
426 cli_credentials_set_password(machine_credentials, password, CRED_SPECIFIED);
427
428 torture_assert(tctx,
429 test_SetupCredentials(p, tctx, machine_credentials, &creds),
430 "ServerPasswordSet failed to actually change the password");
431
432 return true;
433 }
434
435 /*
436 try a change password for our machine account
437 */
438 static bool test_SetPassword_flags(struct torture_context *tctx,
439 struct dcerpc_pipe *p,
440 struct cli_credentials *machine_credentials,
441 uint32_t negotiate_flags)
442 {
443 struct netr_ServerPasswordSet r;
444 const char *password;
445 struct netlogon_creds_CredentialState *creds;
446 struct netr_Authenticator credential, return_authenticator;
447 struct samr_Password new_password;
448 struct dcerpc_binding_handle *b = p->binding_handle;
449
450 if (!test_SetupCredentials2(p, tctx, negotiate_flags,
451 machine_credentials,
452 cli_credentials_get_secure_channel_type(machine_credentials),
453 &creds)) {
454 return false;
455 }
456
457 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
458 r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
459 r.in.secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
460 r.in.computer_name = TEST_MACHINE_NAME;
461 r.in.credential = &credential;
462 r.in.new_password = &new_password;
463 r.out.return_authenticator = &return_authenticator;
464
465 password = generate_random_password(tctx, 8, 255);
466 E_md4hash(password, new_password.hash);
467
468 netlogon_creds_des_encrypt(creds, &new_password);
469
470 torture_comment(tctx, "Testing ServerPasswordSet on machine account\n");
471 torture_comment(tctx, "Changing machine account password to '%s'\n",
472 password);
473
474 netlogon_creds_client_authenticator(creds, &credential);
475
476 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerPasswordSet_r(b, tctx, &r),
477 "ServerPasswordSet failed");
478 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerPasswordSet failed");
479
480 if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
481 torture_comment(tctx, "Credential chaining failed\n");
482 }
483
484 /* by changing the machine password twice we test the
485 credentials chaining fully, and we verify that the server
486 allows the password to be set to the same value twice in a
487 row (match win2k3) */
488 torture_comment(tctx,
489 "Testing a second ServerPasswordSet on machine account\n");
490 torture_comment(tctx,
491 "Changing machine account password to '%s' (same as previous run)\n", password);
492
493 netlogon_creds_client_authenticator(creds, &credential);
494
495 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerPasswordSet_r(b, tctx, &r),
496 "ServerPasswordSet (2) failed");
497 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerPasswordSet (2) failed");
498
499 if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
500 torture_comment(tctx, "Credential chaining failed\n");
501 }
502
503 cli_credentials_set_password(machine_credentials, password, CRED_SPECIFIED);
504
505 torture_assert(tctx,
506 test_SetupCredentials(p, tctx, machine_credentials, &creds),
507 "ServerPasswordSet failed to actually change the password");
508
509 return true;
510 }
511
512
513 /*
514 generate a random password for password change tests
515 */
516 static DATA_BLOB netlogon_very_rand_pass(TALLOC_CTX *mem_ctx, int len)
517 {
518 int i;
519 DATA_BLOB password = data_blob_talloc(mem_ctx, NULL, len * 2 /* number of unicode chars */);
520 generate_random_buffer(password.data, password.length);
521
522 for (i=0; i < len; i++) {
523 if (((uint16_t *)password.data)[i] == 0) {
524 ((uint16_t *)password.data)[i] = 1;
525 }
526 }
527
528 return password;
529 }
530
531 /*
532 try a change password for our machine account
533 */
534 static bool test_SetPassword2_with_flags(struct torture_context *tctx,
535 struct dcerpc_pipe *p,
536 struct cli_credentials *machine_credentials,
537 uint32_t flags)
538 {
539 struct netr_ServerPasswordSet2 r;
540 const char *password;
541 DATA_BLOB new_random_pass;
542 struct netlogon_creds_CredentialState *creds;
543 struct samr_CryptPassword password_buf;
544 struct samr_Password nt_hash;
545 struct netr_Authenticator credential, return_authenticator;
546 struct netr_CryptPassword new_password;
547 struct dcerpc_binding_handle *b = p->binding_handle;
548
549 if (!test_SetupCredentials2(p, tctx, flags, machine_credentials, cli_credentials_get_secure_channel_type(machine_credentials), &creds)) {
550 return false;
551 }
552
553 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
554 r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
555 r.in.secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
556 r.in.computer_name = TEST_MACHINE_NAME;
557 r.in.credential = &credential;
558 r.in.new_password = &new_password;
559 r.out.return_authenticator = &return_authenticator;
560
561 password = generate_random_password(tctx, 8, 255);
562 encode_pw_buffer(password_buf.data, password, STR_UNICODE);
563 if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
564 netlogon_creds_aes_encrypt(creds, password_buf.data, 516);
565 } else {
566 netlogon_creds_arcfour_crypt(creds, password_buf.data, 516);
567 }
568
569 memcpy(new_password.data, password_buf.data, 512);
570 new_password.length = IVAL(password_buf.data, 512);
571
572 torture_comment(tctx, "Testing ServerPasswordSet2 on machine account\n");
573 torture_comment(tctx, "Changing machine account password to '%s'\n", password);
574
575 netlogon_creds_client_authenticator(creds, &credential);
576
577 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerPasswordSet2_r(b, tctx, &r),
578 "ServerPasswordSet2 failed");
579 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerPasswordSet2 failed");
580
581 if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
582 torture_comment(tctx, "Credential chaining failed\n");
583 }
584
585 cli_credentials_set_password(machine_credentials, password, CRED_SPECIFIED);
586
587 if (!torture_setting_bool(tctx, "dangerous", false)) {
588 torture_comment(tctx,
589 "Not testing ability to set password to '', enable dangerous tests to perform this test\n");
590 } else {
591 /* by changing the machine password to ""
592 * we check if the server uses password restrictions
593 * for ServerPasswordSet2
594 * (win2k3 accepts "")
595 */
596 password = "";
597 encode_pw_buffer(password_buf.data, password, STR_UNICODE);
598 if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
599 netlogon_creds_aes_encrypt(creds, password_buf.data, 516);
600 } else {
601 netlogon_creds_arcfour_crypt(creds, password_buf.data, 516);
602 }
603 memcpy(new_password.data, password_buf.data, 512);
604 new_password.length = IVAL(password_buf.data, 512);
605
606 torture_comment(tctx,
607 "Testing ServerPasswordSet2 on machine account\n");
608 torture_comment(tctx,
609 "Changing machine account password to '%s'\n", password);
610
611 netlogon_creds_client_authenticator(creds, &credential);
612
613 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerPasswordSet2_r(b, tctx, &r),
614 "ServerPasswordSet2 failed");
615 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerPasswordSet2 failed");
616
617 if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
618 torture_comment(tctx, "Credential chaining failed\n");
619 }
620
621 cli_credentials_set_password(machine_credentials, password, CRED_SPECIFIED);
622 }
623
624 torture_assert(tctx, test_SetupCredentials(p, tctx, machine_credentials, &creds),
625 "ServerPasswordSet failed to actually change the password");
626
627 /* now try a random password */
628 password = generate_random_password(tctx, 8, 255);
629 encode_pw_buffer(password_buf.data, password, STR_UNICODE);
630 if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
631 netlogon_creds_aes_encrypt(creds, password_buf.data, 516);
632 } else {
633 netlogon_creds_arcfour_crypt(creds, password_buf.data, 516);
634 }
635 memcpy(new_password.data, password_buf.data, 512);
636 new_password.length = IVAL(password_buf.data, 512);
637
638 torture_comment(tctx, "Testing second ServerPasswordSet2 on machine account\n");
639 torture_comment(tctx, "Changing machine account password to '%s'\n", password);
640
641 netlogon_creds_client_authenticator(creds, &credential);
642
643 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerPasswordSet2_r(b, tctx, &r),
644 "ServerPasswordSet2 (2) failed");
645 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerPasswordSet2 (2) failed");
646
647 if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
648 torture_comment(tctx, "Credential chaining failed\n");
649 }
650
651 /* by changing the machine password twice we test the
652 credentials chaining fully, and we verify that the server
653 allows the password to be set to the same value twice in a
654 row (match win2k3) */
655 torture_comment(tctx,
656 "Testing a second ServerPasswordSet2 on machine account\n");
657 torture_comment(tctx,
658 "Changing machine account password to '%s' (same as previous run)\n", password);
659
660 netlogon_creds_client_authenticator(creds, &credential);
661
662 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerPasswordSet2_r(b, tctx, &r),
663 "ServerPasswordSet (3) failed");
664 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerPasswordSet (3) failed");
665
666 if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
667 torture_comment(tctx, "Credential chaining failed\n");
668 }
669
670 cli_credentials_set_password(machine_credentials, password, CRED_SPECIFIED);
671
672 torture_assert (tctx,
673 test_SetupCredentials(p, tctx, machine_credentials, &creds),
674 "ServerPasswordSet failed to actually change the password");
675
676 new_random_pass = netlogon_very_rand_pass(tctx, 128);
677
678 /* now try a random stream of bytes for a password */
679 set_pw_in_buffer(password_buf.data, &new_random_pass);
680
681 if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
682 netlogon_creds_aes_encrypt(creds, password_buf.data, 516);
683 } else {
684 netlogon_creds_arcfour_crypt(creds, password_buf.data, 516);
685 }
686
687 memcpy(new_password.data, password_buf.data, 512);
688 new_password.length = IVAL(password_buf.data, 512);
689
690 torture_comment(tctx,
691 "Testing a third ServerPasswordSet2 on machine account, with a completely random password\n");
692
693 netlogon_creds_client_authenticator(creds, &credential);
694
695 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerPasswordSet2_r(b, tctx, &r),
696 "ServerPasswordSet (3) failed");
697 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerPasswordSet (3) failed");
698
699 if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
700 torture_comment(tctx, "Credential chaining failed\n");
701 }
702
703 mdfour(nt_hash.hash, new_random_pass.data, new_random_pass.length);
704
705 cli_credentials_set_password(machine_credentials, NULL, CRED_UNINITIALISED);
706 cli_credentials_set_nt_hash(machine_credentials, &nt_hash, CRED_SPECIFIED);
707
708 torture_assert (tctx,
709 test_SetupCredentials(p, tctx, machine_credentials, &creds),
710 "ServerPasswordSet failed to actually change the password");
711
712 return true;
713 }
714
715 static bool test_SetPassword2(struct torture_context *tctx,
716 struct dcerpc_pipe *p,
717 struct cli_credentials *machine_credentials)
718 {
719 return test_SetPassword2_with_flags(tctx, p, machine_credentials, NETLOGON_NEG_AUTH2_ADS_FLAGS);
720 }
721
722 static bool test_SetPassword2_AES(struct torture_context *tctx,
723 struct dcerpc_pipe *p,
724 struct cli_credentials *machine_credentials)
725 {
726 return test_SetPassword2_with_flags(tctx, p, machine_credentials, NETLOGON_NEG_AUTH2_ADS_FLAGS | NETLOGON_NEG_SUPPORTS_AES);
727 }
728
729 static bool test_GetPassword(struct torture_context *tctx,
730 struct dcerpc_pipe *p,
731 struct cli_credentials *machine_credentials)
732 {
733 struct netr_ServerPasswordGet r;
734 struct netlogon_creds_CredentialState *creds;
735 struct netr_Authenticator credential;
736 NTSTATUS status;
737 struct netr_Authenticator return_authenticator;
738 struct samr_Password password;
739 struct dcerpc_binding_handle *b = p->binding_handle;
740
741 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
742 return false;
743 }
744
745 netlogon_creds_client_authenticator(creds, &credential);
746
747 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
748 r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
749 r.in.secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
750 r.in.computer_name = TEST_MACHINE_NAME;
751 r.in.credential = &credential;
752 r.out.return_authenticator = &return_authenticator;
753 r.out.password = &password;
754
755 status = dcerpc_netr_ServerPasswordGet_r(b, tctx, &r);
756 torture_assert_ntstatus_ok(tctx, status, "ServerPasswordGet");
757 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerPasswordGet");
758
759 return true;
760 }
761
762 static bool test_GetTrustPasswords(struct torture_context *tctx,
763 struct dcerpc_pipe *p,
764 struct cli_credentials *machine_credentials)
765 {
766 struct netr_ServerTrustPasswordsGet r;
767 struct netlogon_creds_CredentialState *creds;
768 struct netr_Authenticator credential;
769 struct netr_Authenticator return_authenticator;
770 struct samr_Password password, password2;
771 struct dcerpc_binding_handle *b = p->binding_handle;
772
773 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
774 return false;
775 }
776
777 netlogon_creds_client_authenticator(creds, &credential);
778
779 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
780 r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
781 r.in.secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
782 r.in.computer_name = TEST_MACHINE_NAME;
783 r.in.credential = &credential;
784 r.out.return_authenticator = &return_authenticator;
785 r.out.new_owf_password = &password;
786 r.out.old_owf_password = &password2;
787
788 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerTrustPasswordsGet_r(b, tctx, &r),
789 "ServerTrustPasswordsGet failed");
790 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerTrustPasswordsGet failed");
791
792 return true;
793 }
794
795 /*
796 try a netlogon SamLogon
797 */
798 static bool test_netlogon_ops_args(struct dcerpc_pipe *p, struct torture_context *tctx,
799 struct cli_credentials *credentials,
800 struct netlogon_creds_CredentialState *creds,
801 bool null_domain)
802 {
803 NTSTATUS status;
804 struct netr_LogonSamLogon r;
805 struct netr_Authenticator auth, auth2;
806 static const struct netr_Authenticator auth_zero;
807 union netr_LogonLevel logon;
808 union netr_Validation validation;
809 uint8_t authoritative;
810 struct netr_NetworkInfo ninfo;
811 DATA_BLOB names_blob, chal, lm_resp, nt_resp;
812 int i;
813 struct dcerpc_binding_handle *b = p->binding_handle;
814 int flags = CLI_CRED_NTLM_AUTH;
815 if (lpcfg_client_lanman_auth(tctx->lp_ctx)) {
816 flags |= CLI_CRED_LANMAN_AUTH;
817 }
818
819 if (lpcfg_client_ntlmv2_auth(tctx->lp_ctx) && !null_domain) {
820 flags |= CLI_CRED_NTLMv2_AUTH;
821 }
822
823 cli_credentials_get_ntlm_username_domain(cmdline_credentials, tctx,
824 &ninfo.identity_info.account_name.string,
825 &ninfo.identity_info.domain_name.string);
826
827 if (null_domain) {
828 ninfo.identity_info.domain_name.string = NULL;
829 }
830
831 generate_random_buffer(ninfo.challenge,
832 sizeof(ninfo.challenge));
833 chal = data_blob_const(ninfo.challenge,
834 sizeof(ninfo.challenge));
835
836 names_blob = NTLMv2_generate_names_blob(tctx, cli_credentials_get_workstation(credentials),
837 cli_credentials_get_domain(credentials));
838
839 status = cli_credentials_get_ntlm_response(cmdline_credentials, tctx,
840 &flags,
841 chal,
842 names_blob,
843 &lm_resp, &nt_resp,
844 NULL, NULL);
845 torture_assert_ntstatus_ok(tctx, status, "cli_credentials_get_ntlm_response failed");
846
847 ninfo.lm.data = lm_resp.data;
848 ninfo.lm.length = lm_resp.length;
849
850 ninfo.nt.data = nt_resp.data;
851 ninfo.nt.length = nt_resp.length;
852
853 ninfo.identity_info.parameter_control = 0;
854 ninfo.identity_info.logon_id_low = 0;
855 ninfo.identity_info.logon_id_high = 0;
856 ninfo.identity_info.workstation.string = cli_credentials_get_workstation(credentials);
857
858 logon.network = &ninfo;
859
860 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
861 r.in.computer_name = cli_credentials_get_workstation(credentials);
862 r.in.credential = &auth;
863 r.in.return_authenticator = &auth2;
864 r.in.logon_level = NetlogonNetworkInformation;
865 r.in.logon = &logon;
866 r.out.validation = &validation;
867 r.out.authoritative = &authoritative;
868
869 d_printf("Testing LogonSamLogon with name %s\n", ninfo.identity_info.account_name.string);
870
871 for (i=2;i<=3;i++) {
872 ZERO_STRUCT(auth2);
873 netlogon_creds_client_authenticator(creds, &auth);
874
875 r.in.validation_level = i;
876
877 torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
878 "LogonSamLogon failed");
879 torture_assert_ntstatus_ok(tctx, r.out.result, "LogonSamLogon failed");
880
881 torture_assert(tctx, netlogon_creds_client_check(creds,
882 &r.out.return_authenticator->cred),
883 "Credential chaining failed");
884 torture_assert_int_equal(tctx, *r.out.authoritative, 1,
885 "LogonSamLogon invalid *r.out.authoritative");
886 }
887
888 /* this makes sure we get the unmarshalling right for invalid levels */
889 for (i=52;i<53;i++) {
890 ZERO_STRUCT(auth2);
891 /* the authenticator should be ignored by the server */
892 generate_random_buffer((uint8_t *) &auth, sizeof(auth));
893
894 r.in.validation_level = i;
895
896 torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
897 "LogonSamLogon failed");
898 torture_assert_ntstatus_equal(tctx, r.out.result,
899 NT_STATUS_INVALID_INFO_CLASS,
900 "LogonSamLogon failed");
901
902 torture_assert_int_equal(tctx, *r.out.authoritative, 1,
903 "LogonSamLogon invalid *r.out.authoritative");
904 torture_assert(tctx,
905 memcmp(&auth2, &auth_zero, sizeof(auth2)) == 0,
906 "Return authenticator non zero");
907 }
908
909 for (i=2;i<=3;i++) {
910 ZERO_STRUCT(auth2);
911 netlogon_creds_client_authenticator(creds, &auth);
912
913 r.in.validation_level = i;
914
915 torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
916 "LogonSamLogon failed");
917 torture_assert_ntstatus_ok(tctx, r.out.result, "LogonSamLogon failed");
918
919 torture_assert(tctx, netlogon_creds_client_check(creds,
920 &r.out.return_authenticator->cred),
921 "Credential chaining failed");
922 torture_assert_int_equal(tctx, *r.out.authoritative, 1,
923 "LogonSamLogon invalid *r.out.authoritative");
924 }
925
926 r.in.logon_level = 52;
927
928 for (i=2;i<=3;i++) {
929 ZERO_STRUCT(auth2);
930 /* the authenticator should be ignored by the server */
931 generate_random_buffer((uint8_t *) &auth, sizeof(auth));
932
933 r.in.validation_level = i;
934
935 torture_comment(tctx, "Testing SamLogon with validation level %d and a NULL credential\n", i);
936
937 torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
938 "LogonSamLogon failed");
939 torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_INVALID_PARAMETER,
940 "LogonSamLogon expected INVALID_PARAMETER");
941
942 torture_assert(tctx,
943 memcmp(&auth2, &auth_zero, sizeof(auth2)) == 0,
944 "Return authenticator non zero");
945 torture_assert_int_equal(tctx, *r.out.authoritative, 1,
946 "LogonSamLogon invalid *r.out.authoritative");
947 }
948
949 r.in.credential = NULL;
950
951 for (i=2;i<=3;i++) {
952 ZERO_STRUCT(auth2);
953
954 r.in.validation_level = i;
955
956 torture_comment(tctx, "Testing SamLogon with validation level %d and a NULL credential\n", i);
957
958 torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
959 "LogonSamLogon failed");
960 torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_INVALID_PARAMETER,
961 "LogonSamLogon expected INVALID_PARAMETER");
962
963 torture_assert(tctx,
964 memcmp(&auth2, &auth_zero, sizeof(auth2)) == 0,
965 "Return authenticator non zero");
966 torture_assert_int_equal(tctx, *r.out.authoritative, 1,
967 "LogonSamLogon invalid *r.out.authoritative");
968 }
969
970 r.in.logon_level = NetlogonNetworkInformation;
971 r.in.credential = &auth;
972
973 for (i=2;i<=3;i++) {
974 ZERO_STRUCT(auth2);
975 netlogon_creds_client_authenticator(creds, &auth);
976
977 r.in.validation_level = i;
978
979 torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
980 "LogonSamLogon failed");
981 torture_assert_ntstatus_ok(tctx, r.out.result, "LogonSamLogon failed");
982
983 torture_assert(tctx, netlogon_creds_client_check(creds,
984 &r.out.return_authenticator->cred),
985 "Credential chaining failed");
986 torture_assert_int_equal(tctx, *r.out.authoritative, 1,
987 "LogonSamLogon invalid *r.out.authoritative");
988 }
989
990 return true;
991 }
992
993 bool test_netlogon_ops(struct dcerpc_pipe *p, struct torture_context *tctx,
994 struct cli_credentials *credentials,
995 struct netlogon_creds_CredentialState *creds)
996 {
997 return test_netlogon_ops_args(p, tctx, credentials, creds, false);
998 }
999
1000 /*
1001 try a netlogon GetCapabilities
1002 */
1003 bool test_netlogon_capabilities(struct dcerpc_pipe *p, struct torture_context *tctx,
1004 struct cli_credentials *credentials,
1005 struct netlogon_creds_CredentialState *creds)
1006 {
1007 NTSTATUS status;
1008 struct netr_LogonGetCapabilities r;
1009 union netr_Capabilities capabilities;
1010 struct netr_Authenticator auth, return_auth;
1011 struct netlogon_creds_CredentialState tmp_creds;
1012 struct dcerpc_binding_handle *b = p->binding_handle;
1013
1014 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1015 r.in.computer_name = cli_credentials_get_workstation(credentials);
1016 r.in.credential = &auth;
1017 r.in.return_authenticator = &return_auth;
1018 r.in.query_level = 1;
1019 r.out.capabilities = &capabilities;
1020 r.out.return_authenticator = &return_auth;
1021
1022 torture_comment(tctx, "Testing LogonGetCapabilities\n");
1023
1024 ZERO_STRUCT(return_auth);
1025
1026 /*
1027 * we need to operate on a temporary copy of creds
1028 * because dcerpc_netr_LogonGetCapabilities was
1029 * dcerpc_netr_DummyFunction and returns NT_STATUS_NOT_IMPLEMENTED
1030 * without looking a the authenticator.
1031 */
1032 tmp_creds = *creds;
1033 netlogon_creds_client_authenticator(&tmp_creds, &auth);
1034
1035 status = dcerpc_netr_LogonGetCapabilities_r(b, tctx, &r);
1036 torture_assert_ntstatus_ok(tctx, status, "LogonGetCapabilities failed");
1037 if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_NOT_IMPLEMENTED)) {
1038 return true;
1039 }
1040
1041 *creds = tmp_creds;
1042
1043 torture_assert(tctx, netlogon_creds_client_check(creds,
1044 &r.out.return_authenticator->cred),
1045 "Credential chaining failed");
1046
1047 torture_assert_int_equal(tctx, creds->negotiate_flags,
1048 capabilities.server_capabilities,
1049 "negotiate flags");
1050
1051 return true;
1052 }
1053
1054 /*
1055 try a netlogon SamLogon
1056 */
1057 static bool test_SamLogon(struct torture_context *tctx,
1058 struct dcerpc_pipe *p,
1059 struct cli_credentials *credentials)
1060 {
1061 struct netlogon_creds_CredentialState *creds;
1062
1063 if (!test_SetupCredentials(p, tctx, credentials, &creds)) {
1064 return false;
1065 }
1066
1067 return test_netlogon_ops(p, tctx, credentials, creds);
1068 }
1069
1070 static bool test_invalidAuthenticate2(struct torture_context *tctx,
1071 struct dcerpc_pipe *p,
1072 struct cli_credentials *credentials)
1073 {
1074 struct netlogon_creds_CredentialState *creds;
1075 uint32_t flags = NETLOGON_NEG_AUTH2_FLAGS | NETLOGON_NEG_SUPPORTS_AES;
1076
1077 torture_comment(tctx, "Testing invalidAuthenticate2\n");
1078
1079 if (!test_SetupCredentials2(p, tctx, flags,
1080 credentials,
1081 cli_credentials_get_secure_channel_type(credentials),
1082 &creds)) {
1083 return false;
1084 }
1085
1086 if (!test_SetupCredentials2ex(p, tctx, flags,
1087 credentials,
1088 "1234567890123456",
1089 cli_credentials_get_secure_channel_type(credentials),
1090 STATUS_BUFFER_OVERFLOW,
1091 &creds)) {
1092 return false;
1093 }
1094
1095 if (!test_SetupCredentials2ex(p, tctx, flags,
1096 credentials,
1097 "123456789012345",
1098 cli_credentials_get_secure_channel_type(credentials),
1099 NT_STATUS_OK,
1100 &creds)) {
1101 return false;
1102 }
1103
1104 return true;
1105 }
1106
1107 static bool test_ServerReqChallengeGlobal(struct torture_context *tctx,
1108 struct dcerpc_pipe *p1,
1109 struct cli_credentials *machine_credentials)
1110 {
1111 uint32_t flags = NETLOGON_NEG_AUTH2_FLAGS | NETLOGON_NEG_SUPPORTS_AES;
1112 struct netr_ServerReqChallenge r;
1113 struct netr_ServerAuthenticate3 a;
1114 struct netr_Credential credentials1, credentials2, credentials3;
1115 struct netlogon_creds_CredentialState *creds;
1116 struct samr_Password mach_password;
1117 uint32_t rid;
1118 const char *machine_name;
1119 const char *plain_pass;
1120 struct dcerpc_binding_handle *b1 = p1->binding_handle;
1121 struct dcerpc_pipe *p2 = NULL;
1122 struct dcerpc_binding_handle *b2 = NULL;
1123
1124 machine_name = cli_credentials_get_workstation(machine_credentials);
1125 plain_pass = cli_credentials_get_password(machine_credentials);
1126
1127 torture_comment(tctx, "Testing ServerReqChallenge on b1\n");
1128
1129 torture_assert_ntstatus_ok(tctx,
1130 dcerpc_pipe_connect_b(tctx, &p2, p1->binding,
1131 &ndr_table_netlogon,
1132 machine_credentials,
1133 tctx->ev, tctx->lp_ctx),
1134 "dcerpc_pipe_connect_b failed");
1135 b2 = p2->binding_handle;
1136
1137 r.in.server_name = NULL;
1138 r.in.computer_name = machine_name;
1139 r.in.credentials = &credentials1;
1140 r.out.return_credentials = &credentials2;
1141
1142 generate_random_buffer(credentials1.data, sizeof(credentials1.data));
1143
1144 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b1, tctx, &r),
1145 "ServerReqChallenge failed on b1");
1146 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerReqChallenge failed on b1");
1147
1148 E_md4hash(plain_pass, mach_password.hash);
1149
1150 a.in.server_name = NULL;
1151 a.in.account_name = talloc_asprintf(tctx, "%s$", machine_name);
1152 a.in.secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
1153 a.in.computer_name = machine_name;
1154 a.in.negotiate_flags = &flags;
1155 a.in.credentials = &credentials3;
1156 a.out.return_credentials = &credentials3;
1157 a.out.negotiate_flags = &flags;
1158 a.out.rid = &rid;
1159
1160 creds = netlogon_creds_client_init(tctx, a.in.account_name,
1161 a.in.computer_name,
1162 a.in.secure_channel_type,
1163 &credentials1, &credentials2,
1164 &mach_password, &credentials3,
1165 flags);
1166
1167 torture_assert(tctx, creds != NULL, "memory allocation");
1168
1169 torture_comment(tctx, "Testing ServerAuthenticate3 on b2\n");
1170
1171 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerAuthenticate3_r(b2, tctx, &a),
1172 "ServerAuthenticate3 failed on b2");
1173 torture_assert_ntstatus_ok(tctx, a.out.result, "ServerAuthenticate3 failed on b2");
1174 torture_assert(tctx, netlogon_creds_client_check(creds, &credentials3), "Credential chaining failed");
1175
1176 return true;
1177 }
1178
1179 static bool test_SamLogon_NULL_domain(struct torture_context *tctx,
1180 struct dcerpc_pipe *p,
1181 struct cli_credentials *credentials)
1182 {
1183 struct netlogon_creds_CredentialState *creds;
1184
1185 if (!test_SetupCredentials(p, tctx, credentials, &creds)) {
1186 return false;
1187 }
1188
1189 return test_netlogon_ops_args(p, tctx, credentials, creds, true);
1190 }
1191
1192 /* we remember the sequence numbers so we can easily do a DatabaseDelta */
1193 static uint64_t sequence_nums[3];
1194
1195 /*
1196 try a netlogon DatabaseSync
1197 */
1198 static bool test_DatabaseSync(struct torture_context *tctx,
1199 struct dcerpc_pipe *p,
1200 struct cli_credentials *machine_credentials)
1201 {
1202 struct netr_DatabaseSync r;
1203 struct netlogon_creds_CredentialState *creds;
1204 const uint32_t database_ids[] = {SAM_DATABASE_DOMAIN, SAM_DATABASE_BUILTIN, SAM_DATABASE_PRIVS};
1205 int i;
1206 struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
1207 struct netr_Authenticator credential, return_authenticator;
1208 struct dcerpc_binding_handle *b = p->binding_handle;
1209
1210 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
1211 return false;
1212 }
1213
1214 ZERO_STRUCT(return_authenticator);
1215
1216 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1217 r.in.computername = TEST_MACHINE_NAME;
1218 r.in.preferredmaximumlength = (uint32_t)-1;
1219 r.in.return_authenticator = &return_authenticator;
1220 r.out.delta_enum_array = &delta_enum_array;
1221 r.out.return_authenticator = &return_authenticator;
1222
1223 for (i=0;i<ARRAY_SIZE(database_ids);i++) {
1224
1225 uint32_t sync_context = 0;
1226
1227 r.in.database_id = database_ids[i];
1228 r.in.sync_context = &sync_context;
1229 r.out.sync_context = &sync_context;
1230
1231 torture_comment(tctx, "Testing DatabaseSync of id %d\n", r.in.database_id);
1232
1233 do {
1234 netlogon_creds_client_authenticator(creds, &credential);
1235
1236 r.in.credential = &credential;
1237
1238 torture_assert_ntstatus_ok(tctx, dcerpc_netr_DatabaseSync_r(b, tctx, &r),
1239 "DatabaseSync failed");
1240 if (NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES))
1241 break;
1242
1243 /* Native mode servers don't do this */
1244 if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_NOT_SUPPORTED)) {
1245 return true;
1246 }
1247 torture_assert_ntstatus_ok(tctx, r.out.result, "DatabaseSync");
1248
1249 if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
1250 torture_comment(tctx, "Credential chaining failed\n");
1251 }
1252
1253 if (delta_enum_array &&
1254 delta_enum_array->num_deltas > 0 &&
1255 delta_enum_array->delta_enum[0].delta_type == NETR_DELTA_DOMAIN &&
1256 delta_enum_array->delta_enum[0].delta_union.domain) {
1257 sequence_nums[r.in.database_id] =
1258 delta_enum_array->delta_enum[0].delta_union.domain->sequence_num;
1259 torture_comment(tctx, "\tsequence_nums[%d]=%llu\n",
1260 r.in.database_id,
1261 (unsigned long long)sequence_nums[r.in.database_id]);
1262 }
1263 } while (NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES));
1264 }
1265
1266 return true;
1267 }
1268
1269
1270 /*
1271 try a netlogon DatabaseDeltas
1272 */
1273 static bool test_DatabaseDeltas(struct torture_context *tctx,
1274 struct dcerpc_pipe *p,
1275 struct cli_credentials *machine_credentials)
1276 {
1277 struct netr_DatabaseDeltas r;
1278 struct netlogon_creds_CredentialState *creds;
1279 struct netr_Authenticator credential;
1280 struct netr_Authenticator return_authenticator;
1281 struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
1282 const uint32_t database_ids[] = {0, 1, 2};
1283 int i;
1284 struct dcerpc_binding_handle *b = p->binding_handle;
1285
1286 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
1287 return false;
1288 }
1289
1290 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1291 r.in.computername = TEST_MACHINE_NAME;
1292 r.in.preferredmaximumlength = (uint32_t)-1;
1293 ZERO_STRUCT(r.in.return_authenticator);
1294 r.out.return_authenticator = &return_authenticator;
1295 r.out.delta_enum_array = &delta_enum_array;
1296
1297 for (i=0;i<ARRAY_SIZE(database_ids);i++) {
1298 r.in.database_id = database_ids[i];
1299 r.in.sequence_num = &sequence_nums[r.in.database_id];
1300
1301 if (*r.in.sequence_num == 0) continue;
1302
1303 *r.in.sequence_num -= 1;
1304
1305 torture_comment(tctx, "Testing DatabaseDeltas of id %d at %llu\n",
1306 r.in.database_id, (unsigned long long)*r.in.sequence_num);
1307
1308 do {
1309 netlogon_creds_client_authenticator(creds, &credential);
1310
1311 torture_assert_ntstatus_ok(tctx, dcerpc_netr_DatabaseDeltas_r(b, tctx, &r),
1312 "DatabaseDeltas failed");
1313 if (NT_STATUS_EQUAL(r.out.result,
1314 NT_STATUS_SYNCHRONIZATION_REQUIRED)) {
1315 torture_comment(tctx, "not considering %s to be an error\n",
1316 nt_errstr(r.out.result));
1317 return true;
1318 }
1319 if (NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES))
1320 break;
1321
1322 torture_assert_ntstatus_ok(tctx, r.out.result, "DatabaseDeltas");
1323
1324 if (!netlogon_creds_client_check(creds, &return_authenticator.cred)) {
1325 torture_comment(tctx, "Credential chaining failed\n");
1326 }
1327
1328 (*r.in.sequence_num)++;
1329 } while (NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES));
1330 }
1331
1332 return true;
1333 }
1334
1335 static bool test_DatabaseRedo(struct torture_context *tctx,
1336 struct dcerpc_pipe *p,
1337 struct cli_credentials *machine_credentials)
1338 {
1339 struct netr_DatabaseRedo r;
1340 struct netlogon_creds_CredentialState *creds;
1341 struct netr_Authenticator credential;
1342 struct netr_Authenticator return_authenticator;
1343 struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
1344 struct netr_ChangeLogEntry e;
1345 struct dom_sid null_sid, *sid;
1346 int i,d;
1347 struct dcerpc_binding_handle *b = p->binding_handle;
1348
1349 ZERO_STRUCT(null_sid);
1350
1351 sid = dom_sid_parse_talloc(tctx, "S-1-5-21-1111111111-2222222222-333333333-500");
1352
1353 {
1354
1355 struct {
1356 uint32_t rid;
1357 uint16_t flags;
1358 uint8_t db_index;
1359 uint8_t delta_type;
1360 struct dom_sid sid;
1361 const char *name;
1362 NTSTATUS expected_error;
1363 uint32_t expected_num_results;
1364 uint8_t expected_delta_type_1;
1365 uint8_t expected_delta_type_2;
1366 const char *comment;
1367 } changes[] = {
1368
1369 /* SAM_DATABASE_DOMAIN */
1370
1371 {
1372 .rid = 0,
1373 .flags = 0,
1374 .db_index = SAM_DATABASE_DOMAIN,
1375 .delta_type = NETR_DELTA_MODIFY_COUNT,
1376 .sid = null_sid,
1377 .name = NULL,
1378 .expected_error = NT_STATUS_SYNCHRONIZATION_REQUIRED,
1379 .expected_num_results = 0,
1380 .comment = "NETR_DELTA_MODIFY_COUNT"
1381 },
1382 {
1383 .rid = 0,
1384 .flags = 0,
1385 .db_index = SAM_DATABASE_DOMAIN,
1386 .delta_type = 0,
1387 .sid = null_sid,
1388 .name = NULL,
1389 .expected_error = NT_STATUS_OK,
1390 .expected_num_results = 1,
1391 .expected_delta_type_1 = NETR_DELTA_DOMAIN,
1392 .comment = "NULL DELTA"
1393 },
1394 {
1395 .rid = 0,
1396 .flags = 0,
1397 .db_index = SAM_DATABASE_DOMAIN,
1398 .delta_type = NETR_DELTA_DOMAIN,
1399 .sid = null_sid,
1400 .name = NULL,
1401 .expected_error = NT_STATUS_OK,
1402 .expected_num_results = 1,
1403 .expected_delta_type_1 = NETR_DELTA_DOMAIN,
1404 .comment = "NETR_DELTA_DOMAIN"
1405 },
1406 {
1407 .rid = DOMAIN_RID_ADMINISTRATOR,
1408 .flags = 0,
1409 .db_index = SAM_DATABASE_DOMAIN,
1410 .delta_type = NETR_DELTA_USER,
1411 .sid = null_sid,
1412 .name = NULL,
1413 .expected_error = NT_STATUS_OK,
1414 .expected_num_results = 1,
1415 .expected_delta_type_1 = NETR_DELTA_USER,
1416 .comment = "NETR_DELTA_USER by rid 500"
1417 },
1418 {
1419 .rid = DOMAIN_RID_GUEST,
1420 .flags = 0,
1421 .db_index = SAM_DATABASE_DOMAIN,
1422 .delta_type = NETR_DELTA_USER,
1423 .sid = null_sid,
1424 .name = NULL,
1425 .expected_error = NT_STATUS_OK,
1426 .expected_num_results = 1,
1427 .expected_delta_type_1 = NETR_DELTA_USER,
1428 .comment = "NETR_DELTA_USER by rid 501"
1429 },
1430 {
1431 .rid = 0,
1432 .flags = NETR_CHANGELOG_SID_INCLUDED,
1433 .db_index = SAM_DATABASE_DOMAIN,
1434 .delta_type = NETR_DELTA_USER,
1435 .sid = *sid,
1436 .name = NULL,
1437 .expected_error = NT_STATUS_OK,
1438 .expected_num_results = 1,
1439 .expected_delta_type_1 = NETR_DELTA_DELETE_USER,
1440 .comment = "NETR_DELTA_USER by sid and flags"
1441 },
1442 {
1443 .rid = 0,
1444 .flags = NETR_CHANGELOG_SID_INCLUDED,
1445 .db_index = SAM_DATABASE_DOMAIN,
1446 .delta_type = NETR_DELTA_USER,
1447 .sid = null_sid,
1448 .name = NULL,
1449 .expected_error = NT_STATUS_OK,
1450 .expected_num_results = 1,
1451 .expected_delta_type_1 = NETR_DELTA_DELETE_USER,
1452 .comment = "NETR_DELTA_USER by null_sid and flags"
1453 },
1454 {
1455 .rid = 0,
1456 .flags = NETR_CHANGELOG_NAME_INCLUDED,
1457 .db_index = SAM_DATABASE_DOMAIN,
1458 .delta_type = NETR_DELTA_USER,
1459 .sid = null_sid,
1460 .name = "administrator",
1461 .expected_error = NT_STATUS_OK,
1462 .expected_num_results = 1,
1463 .expected_delta_type_1 = NETR_DELTA_DELETE_USER,
1464 .comment = "NETR_DELTA_USER by name 'administrator'"
1465 },
1466 {
1467 .rid = DOMAIN_RID_ADMINS,
1468 .flags = 0,
1469 .db_index = SAM_DATABASE_DOMAIN,
1470 .delta_type = NETR_DELTA_GROUP,
1471 .sid = null_sid,
1472 .name = NULL,
1473 .expected_error = NT_STATUS_OK,
1474 .expected_num_results = 2,
1475 .expected_delta_type_1 = NETR_DELTA_GROUP,
1476 .expected_delta_type_2 = NETR_DELTA_GROUP_MEMBER,
1477 .comment = "NETR_DELTA_GROUP by rid 512"
1478 },
1479 {
1480 .rid = DOMAIN_RID_ADMINS,
1481 .flags = 0,
1482 .db_index = SAM_DATABASE_DOMAIN,
1483 .delta_type = NETR_DELTA_GROUP_MEMBER,
1484 .sid = null_sid,
1485 .name = NULL,
1486 .expected_error = NT_STATUS_OK,
1487 .expected_num_results = 2,
1488 .expected_delta_type_1 = NETR_DELTA_GROUP,
1489 .expected_delta_type_2 = NETR_DELTA_GROUP_MEMBER,
1490 .comment = "NETR_DELTA_GROUP_MEMBER by rid 512"
1491 },
1492
1493
1494 /* SAM_DATABASE_BUILTIN */
1495
1496 {
1497 .rid = 0,
1498 .flags = 0,
1499 .db_index = SAM_DATABASE_BUILTIN,
1500 .delta_type = NETR_DELTA_MODIFY_COUNT,
1501 .sid = null_sid,
1502 .name = NULL,
1503 .expected_error = NT_STATUS_SYNCHRONIZATION_REQUIRED,
1504 .expected_num_results = 0,
1505 .comment = "NETR_DELTA_MODIFY_COUNT"
1506 },
1507 {
1508 .rid = 0,
1509 .flags = 0,
1510 .db_index = SAM_DATABASE_BUILTIN,
1511 .delta_type = NETR_DELTA_DOMAIN,
1512 .sid = null_sid,
1513 .name = NULL,
1514 .expected_error = NT_STATUS_OK,
1515 .expected_num_results = 1,
1516 .expected_delta_type_1 = NETR_DELTA_DOMAIN,
1517 .comment = "NETR_DELTA_DOMAIN"
1518 },
1519 {
1520 .rid = DOMAIN_RID_ADMINISTRATOR,
1521 .flags = 0,
1522 .db_index = SAM_DATABASE_BUILTIN,
1523 .delta_type = NETR_DELTA_USER,
1524 .sid = null_sid,
1525 .name = NULL,
1526 .expected_error = NT_STATUS_OK,
1527 .expected_num_results = 1,
1528 .expected_delta_type_1 = NETR_DELTA_DELETE_USER,
1529 .comment = "NETR_DELTA_USER by rid 500"
1530 },
1531 {
1532 .rid = 0,
1533 .flags = 0,
1534 .db_index = SAM_DATABASE_BUILTIN,
1535 .delta_type = NETR_DELTA_USER,
1536 .sid = null_sid,
1537 .name = NULL,
1538 .expected_error = NT_STATUS_OK,
1539 .expected_num_results = 1,
1540 .expected_delta_type_1 = NETR_DELTA_DELETE_USER,
1541 .comment = "NETR_DELTA_USER"
1542 },
1543 {
1544 .rid = 544,
1545 .flags = 0,
1546 .db_index = SAM_DATABASE_BUILTIN,
1547 .delta_type = NETR_DELTA_ALIAS,
1548 .sid = null_sid,
1549 .name = NULL,
1550 .expected_error = NT_STATUS_OK,
1551 .expected_num_results = 2,
1552 .expected_delta_type_1 = NETR_DELTA_ALIAS,
1553 .expected_delta_type_2 = NETR_DELTA_ALIAS_MEMBER,
1554 .comment = "NETR_DELTA_ALIAS by rid 544"
1555 },
1556 {
1557 .rid = 544,
1558 .flags = 0,
1559 .db_index = SAM_DATABASE_BUILTIN,
1560 .delta_type = NETR_DELTA_ALIAS_MEMBER,
1561 .sid = null_sid,
1562 .name = NULL,
1563 .expected_error = NT_STATUS_OK,
1564 .expected_num_results = 2,
1565 .expected_delta_type_1 = NETR_DELTA_ALIAS,
1566 .expected_delta_type_2 = NETR_DELTA_ALIAS_MEMBER,
1567 .comment = "NETR_DELTA_ALIAS_MEMBER by rid 544"
1568 },
1569 {
1570 .rid = 544,
1571 .flags = 0,
1572 .db_index = SAM_DATABASE_BUILTIN,
1573 .delta_type = 0,
1574 .sid = null_sid,
1575 .name = NULL,
1576 .expected_error = NT_STATUS_OK,
1577 .expected_num_results = 1,
1578 .expected_delta_type_1 = NETR_DELTA_DOMAIN,
1579 .comment = "NULL DELTA by rid 544"
1580 },
1581 {
1582 .rid = 544,
1583 .flags = NETR_CHANGELOG_SID_INCLUDED,
1584 .db_index = SAM_DATABASE_BUILTIN,
1585 .delta_type = 0,
1586 .sid = *dom_sid_parse_talloc(tctx, "S-1-5-32-544"),
1587 .name = NULL,
1588 .expected_error = NT_STATUS_OK,
1589 .expected_num_results = 1,
1590 .expected_delta_type_1 = NETR_DELTA_DOMAIN,
1591 .comment = "NULL DELTA by rid 544 sid S-1-5-32-544 and flags"
1592 },
1593 {
1594 .rid = 544,
1595 .flags = NETR_CHANGELOG_SID_INCLUDED,
1596 .db_index = SAM_DATABASE_BUILTIN,
1597 .delta_type = NETR_DELTA_ALIAS,
1598 .sid = *dom_sid_parse_talloc(tctx, "S-1-5-32-544"),
1599 .name = NULL,
1600 .expected_error = NT_STATUS_OK,
1601 .expected_num_results = 2,
1602 .expected_delta_type_1 = NETR_DELTA_ALIAS,
1603 .expected_delta_type_2 = NETR_DELTA_ALIAS_MEMBER,
1604 .comment = "NETR_DELTA_ALIAS by rid 544 and sid S-1-5-32-544 and flags"
1605 },
1606 {
1607 .rid = 0,
1608 .flags = NETR_CHANGELOG_SID_INCLUDED,
1609 .db_index = SAM_DATABASE_BUILTIN,
1610 .delta_type = NETR_DELTA_ALIAS,
1611 .sid = *dom_sid_parse_talloc(tctx, "S-1-5-32-544"),
1612 .name = NULL,
1613 .expected_error = NT_STATUS_OK,
1614 .expected_num_results = 1,
1615 .expected_delta_type_1 = NETR_DELTA_DELETE_ALIAS,
1616 .comment = "NETR_DELTA_ALIAS by sid S-1-5-32-544 and flags"
1617 },
1618
1619 /* SAM_DATABASE_PRIVS */
1620
1621 {
1622 .rid = 0,
1623 .flags = 0,
1624 .db_index = SAM_DATABASE_PRIVS,
1625 .delta_type = 0,
1626 .sid = null_sid,
1627 .name = NULL,
1628 .expected_error = NT_STATUS_ACCESS_DENIED,
1629 .expected_num_results = 0,
1630 .comment = "NULL DELTA"
1631 },
1632 {
1633 .rid = 0,
1634 .flags = 0,
1635 .db_index = SAM_DATABASE_PRIVS,
1636 .delta_type = NETR_DELTA_MODIFY_COUNT,
1637 .sid = null_sid,
1638 .name = NULL,
1639 .expected_error = NT_STATUS_SYNCHRONIZATION_REQUIRED,
1640 .expected_num_results = 0,
1641 .comment = "NETR_DELTA_MODIFY_COUNT"
1642 },
1643 {
1644 .rid = 0,
1645 .flags = 0,
1646 .db_index = SAM_DATABASE_PRIVS,
1647 .delta_type = NETR_DELTA_POLICY,
1648 .sid = null_sid,
1649 .name = NULL,
1650 .expected_error = NT_STATUS_OK,
1651 .expected_num_results = 1,
1652 .expected_delta_type_1 = NETR_DELTA_POLICY,
1653 .comment = "NETR_DELTA_POLICY"
1654 },
1655 {
1656 .rid = 0,
1657 .flags = NETR_CHANGELOG_SID_INCLUDED,
1658 .db_index = SAM_DATABASE_PRIVS,
1659 .delta_type = NETR_DELTA_POLICY,
1660 .sid = null_sid,
1661 .name = NULL,
1662 .expected_error = NT_STATUS_OK,
1663 .expected_num_results = 1,
1664 .expected_delta_type_1 = NETR_DELTA_POLICY,
1665 .comment = "NETR_DELTA_POLICY by null sid and flags"
1666 },
1667 {
1668 .rid = 0,
1669 .flags = NETR_CHANGELOG_SID_INCLUDED,
1670 .db_index = SAM_DATABASE_PRIVS,
1671 .delta_type = NETR_DELTA_POLICY,
1672 .sid = *dom_sid_parse_talloc(tctx, "S-1-5-32"),
1673 .name = NULL,
1674 .expected_error = NT_STATUS_OK,
1675 .expected_num_results = 1,
1676 .expected_delta_type_1 = NETR_DELTA_POLICY,
1677 .comment = "NETR_DELTA_POLICY by sid S-1-5-32 and flags"
1678 },
1679 {
1680 .rid = DOMAIN_RID_ADMINISTRATOR,
1681 .flags = 0,
1682 .db_index = SAM_DATABASE_PRIVS,
1683 .delta_type = NETR_DELTA_ACCOUNT,
1684 .sid = null_sid,
1685 .name = NULL,
1686 .expected_error = NT_STATUS_SYNCHRONIZATION_REQUIRED, /* strange */
1687 .expected_num_results = 0,
1688 .comment = "NETR_DELTA_ACCOUNT by rid 500"
1689 },
1690 {
1691 .rid = 0,
1692 .flags = NETR_CHANGELOG_SID_INCLUDED,
1693 .db_index = SAM_DATABASE_PRIVS,
1694 .delta_type = NETR_DELTA_ACCOUNT,
1695 .sid = *dom_sid_parse_talloc(tctx, "S-1-1-0"),
1696 .name = NULL,
1697 .expected_error = NT_STATUS_OK,
1698 .expected_num_results = 1,
1699 .expected_delta_type_1 = NETR_DELTA_ACCOUNT,
1700 .comment = "NETR_DELTA_ACCOUNT by sid S-1-1-0 and flags"
1701 },
1702 {
1703 .rid = 0,
1704 .flags = NETR_CHANGELOG_SID_INCLUDED |
1705 NETR_CHANGELOG_IMMEDIATE_REPL_REQUIRED,
1706 .db_index = SAM_DATABASE_PRIVS,
1707 .delta_type = NETR_DELTA_ACCOUNT,
1708 .sid = *dom_sid_parse_talloc(tctx, "S-1-1-0"),
1709 .name = NULL,
1710 .expected_error = NT_STATUS_OK,
1711 .expected_num_results = 1,
1712 .expected_delta_type_1 = NETR_DELTA_ACCOUNT,
1713 .comment = "NETR_DELTA_ACCOUNT by sid S-1-1-0 and 2 flags"
1714 },
1715 {
1716 .rid = 0,
1717 .flags = NETR_CHANGELOG_SID_INCLUDED |
1718 NETR_CHANGELOG_NAME_INCLUDED,
1719 .db_index = SAM_DATABASE_PRIVS,
1720 .delta_type = NETR_DELTA_ACCOUNT,
1721 .sid = *dom_sid_parse_talloc(tctx, "S-1-1-0"),
1722 .name = NULL,
1723 .expected_error = NT_STATUS_INVALID_PARAMETER,
1724 .expected_num_results = 0,
1725 .comment = "NETR_DELTA_ACCOUNT by sid S-1-1-0 and invalid flags"
1726 },
1727 {
1728 .rid = DOMAIN_RID_ADMINISTRATOR,
1729 .flags = NETR_CHANGELOG_SID_INCLUDED,
1730 .db_index = SAM_DATABASE_PRIVS,
1731 .delta_type = NETR_DELTA_ACCOUNT,
1732 .sid = *sid,
1733 .name = NULL,
1734 .expected_error = NT_STATUS_OK,
1735 .expected_num_results = 1,
1736 .expected_delta_type_1 = NETR_DELTA_DELETE_ACCOUNT,
1737 .comment = "NETR_DELTA_ACCOUNT by rid 500, sid and flags"
1738 },
1739 {
1740 .rid = 0,
1741 .flags = NETR_CHANGELOG_NAME_INCLUDED,
1742 .db_index = SAM_DATABASE_PRIVS,
1743 .delta_type = NETR_DELTA_SECRET,
1744 .sid = null_sid,
1745 .name = "IsurelydontexistIhope",
1746 .expected_error = NT_STATUS_OK,
1747 .expected_num_results = 1,
1748 .expected_delta_type_1 = NETR_DELTA_DELETE_SECRET,
1749 .comment = "NETR_DELTA_SECRET by name 'IsurelydontexistIhope' and flags"
1750 },
1751 {
1752 .rid = 0,
1753 .flags = NETR_CHANGELOG_NAME_INCLUDED,
1754 .db_index = SAM_DATABASE_PRIVS,
1755 .delta_type = NETR_DELTA_SECRET,
1756 .sid = null_sid,
1757 .name = "G$BCKUPKEY_P",
1758 .expected_error = NT_STATUS_OK,
1759 .expected_num_results = 1,
1760 .expected_delta_type_1 = NETR_DELTA_SECRET,
1761 .comment = "NETR_DELTA_SECRET by name 'G$BCKUPKEY_P' and flags"
1762 }
1763 };
1764
1765 ZERO_STRUCT(return_authenticator);
1766
1767 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1768 r.in.computername = TEST_MACHINE_NAME;
1769 r.in.return_authenticator = &return_authenticator;
1770 r.out.return_authenticator = &return_authenticator;
1771 r.out.delta_enum_array = &delta_enum_array;
1772
1773 for (d=0; d<3; d++) {
1774 const char *database = NULL;
1775
1776 switch (d) {
1777 case 0:
1778 database = "SAM";
1779 break;
1780 case 1:
1781 database = "BUILTIN";
1782 break;
1783 case 2:
1784 database = "LSA";
1785 break;
1786 default:
1787 break;
1788 }
1789
1790 torture_comment(tctx, "Testing DatabaseRedo\n");
1791
1792 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
1793 return false;
1794 }
1795
1796 for (i=0;i<ARRAY_SIZE(changes);i++) {
1797
1798 if (d != changes[i].db_index) {
1799 continue;
1800 }
1801
1802 netlogon_creds_client_authenticator(creds, &credential);
1803
1804 r.in.credential = &credential;
1805
1806 e.serial_number1 = 0;
1807 e.serial_number2 = 0;
1808 e.object_rid = changes[i].rid;
1809 e.flags = changes[i].flags;
1810 e.db_index = changes[i].db_index;
1811 e.delta_type = changes[i].delta_type;
1812
1813 switch (changes[i].flags & (NETR_CHANGELOG_NAME_INCLUDED | NETR_CHANGELOG_SID_INCLUDED)) {
1814 case NETR_CHANGELOG_SID_INCLUDED:
1815 e.object.object_sid = changes[i].sid;
1816 break;
1817 case NETR_CHANGELOG_NAME_INCLUDED:
1818 e.object.object_name = changes[i].name;
1819 break;
1820 default:
1821 break;
1822 }
1823
1824 r.in.change_log_entry = e;
1825
1826 torture_comment(tctx, "Testing DatabaseRedo with database %s and %s\n",
1827 database, changes[i].comment);
1828
1829 torture_assert_ntstatus_ok(tctx, dcerpc_netr_DatabaseRedo_r(b, tctx, &r),
1830 "DatabaseRedo failed");
1831 if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_NOT_SUPPORTED)) {
1832 return true;
1833 }
1834
1835 torture_assert_ntstatus_equal(tctx, r.out.result, changes[i].expected_error, changes[i].comment);
1836 if (delta_enum_array) {
1837 torture_assert_int_equal(tctx,
1838 delta_enum_array->num_deltas,
1839 changes[i].expected_num_results,
1840 changes[i].comment);
1841 if (delta_enum_array->num_deltas > 0) {
1842 torture_assert_int_equal(tctx,
1843 delta_enum_array->delta_enum[0].delta_type,
1844 changes[i].expected_delta_type_1,
1845 changes[i].comment);
1846 }
1847 if (delta_enum_array->num_deltas > 1) {
1848 torture_assert_int_equal(tctx,
1849 delta_enum_array->delta_enum[1].delta_type,
1850 changes[i].expected_delta_type_2,
1851 changes[i].comment);
1852 }
1853 }
1854
1855 if (!netlogon_creds_client_check(creds, &return_authenticator.cred)) {
1856 torture_comment(tctx, "Credential chaining failed\n");
1857 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
1858 return false;
1859 }
1860 }
1861 }
1862 }
1863 }
1864
1865 return true;
1866 }
1867
1868 /*
1869 try a netlogon AccountDeltas
1870 */
1871 static bool test_AccountDeltas(struct torture_context *tctx,
1872 struct dcerpc_pipe *p,
1873 struct cli_credentials *machine_credentials)
1874 {
1875 struct netr_AccountDeltas r;
1876 struct netlogon_creds_CredentialState *creds;
1877
1878 struct netr_AccountBuffer buffer;
1879 uint32_t count_returned = 0;
1880 uint32_t total_entries = 0;
1881 struct netr_UAS_INFO_0 recordid;
1882 struct netr_Authenticator return_authenticator;
1883 struct dcerpc_binding_handle *b = p->binding_handle;
1884
1885 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
1886 return false;
1887 }
1888
1889 ZERO_STRUCT(return_authenticator);
1890
1891 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1892 r.in.computername = TEST_MACHINE_NAME;
1893 r.in.return_authenticator = &return_authenticator;
1894 netlogon_creds_client_authenticator(creds, &r.in.credential);
1895 ZERO_STRUCT(r.in.uas);
1896 r.in.count=10;
1897 r.in.level=0;
1898 r.in.buffersize=100;
1899 r.out.buffer = &buffer;
1900 r.out.count_returned = &count_returned;
1901 r.out.total_entries = &total_entries;
1902 r.out.recordid = &recordid;
1903 r.out.return_authenticator = &return_authenticator;
1904
1905 /* w2k3 returns "NOT IMPLEMENTED" for this call */
1906 torture_assert_ntstatus_ok(tctx, dcerpc_netr_AccountDeltas_r(b, tctx, &r),
1907 "AccountDeltas failed");
1908 torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_NOT_IMPLEMENTED, "AccountDeltas");
1909
1910 return true;
1911 }
1912
1913 /*
1914 try a netlogon AccountSync
1915 */
1916 static bool test_AccountSync(struct torture_context *tctx, struct dcerpc_pipe *p,
1917 struct cli_credentials *machine_credentials)
1918 {
1919 struct netr_AccountSync r;
1920 struct netlogon_creds_CredentialState *creds;
1921
1922 struct netr_AccountBuffer buffer;
1923 uint32_t count_returned = 0;
1924 uint32_t total_entries = 0;
1925 uint32_t next_reference = 0;
1926 struct netr_UAS_INFO_0 recordid;
1927 struct netr_Authenticator return_authenticator;
1928 struct dcerpc_binding_handle *b = p->binding_handle;
1929
1930 ZERO_STRUCT(recordid);
1931 ZERO_STRUCT(return_authenticator);
1932
1933 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
1934 return false;
1935 }
1936
1937 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1938 r.in.computername = TEST_MACHINE_NAME;
1939 r.in.return_authenticator = &return_authenticator;
1940 netlogon_creds_client_authenticator(creds, &r.in.credential);
1941 r.in.recordid = &recordid;
1942 r.in.reference=0;
1943 r.in.level=0;
1944 r.in.buffersize=100;
1945 r.out.buffer = &buffer;
1946 r.out.count_returned = &count_returned;
1947 r.out.total_entries = &total_entries;
1948 r.out.next_reference = &next_reference;
1949 r.out.recordid = &recordid;
1950 r.out.return_authenticator = &return_authenticator;
1951
1952 /* w2k3 returns "NOT IMPLEMENTED" for this call */
1953 torture_assert_ntstatus_ok(tctx, dcerpc_netr_AccountSync_r(b, tctx, &r),
1954 "AccountSync failed");
1955 torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_NOT_IMPLEMENTED, "AccountSync");
1956
1957 return true;
1958 }
1959
1960 /*
1961 try a netlogon GetDcName
1962 */
1963 static bool test_GetDcName(struct torture_context *tctx,
1964 struct dcerpc_pipe *p)
1965 {
1966 struct netr_GetDcName r;
1967 const char *dcname = NULL;
1968 struct dcerpc_binding_handle *b = p->binding_handle;
1969
1970 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1971 r.in.domainname = lpcfg_workgroup(tctx->lp_ctx);
1972 r.out.dcname = &dcname;
1973
1974 torture_assert_ntstatus_ok(tctx, dcerpc_netr_GetDcName_r(b, tctx, &r),
1975 "GetDcName failed");
1976 torture_assert_werr_ok(tctx, r.out.result, "GetDcName failed");
1977
1978 torture_comment(tctx, "\tDC is at '%s'\n", dcname);
1979
1980 return true;
1981 }
1982
1983 static const char *function_code_str(TALLOC_CTX *mem_ctx,
1984 enum netr_LogonControlCode function_code)
1985 {
1986 switch (function_code) {
1987 case NETLOGON_CONTROL_QUERY:
1988 return "NETLOGON_CONTROL_QUERY";
1989 case NETLOGON_CONTROL_REPLICATE:
1990 return "NETLOGON_CONTROL_REPLICATE";
1991 case NETLOGON_CONTROL_SYNCHRONIZE:
1992 return "NETLOGON_CONTROL_SYNCHRONIZE";
1993 case NETLOGON_CONTROL_PDC_REPLICATE:
1994 return "NETLOGON_CONTROL_PDC_REPLICATE";
1995 case NETLOGON_CONTROL_REDISCOVER:
1996 return "NETLOGON_CONTROL_REDISCOVER";
1997 case NETLOGON_CONTROL_TC_QUERY:
1998 return "NETLOGON_CONTROL_TC_QUERY";
1999 case NETLOGON_CONTROL_TRANSPORT_NOTIFY:
2000 return "NETLOGON_CONTROL_TRANSPORT_NOTIFY";
2001 case NETLOGON_CONTROL_FIND_USER:
2002 return "NETLOGON_CONTROL_FIND_USER";
2003 case NETLOGON_CONTROL_CHANGE_PASSWORD:
2004 return "NETLOGON_CONTROL_CHANGE_PASSWORD";
2005 case NETLOGON_CONTROL_TC_VERIFY:
2006 return "NETLOGON_CONTROL_TC_VERIFY";
2007 case NETLOGON_CONTROL_FORCE_DNS_REG:
2008 return "NETLOGON_CONTROL_FORCE_DNS_REG";
2009 case NETLOGON_CONTROL_QUERY_DNS_REG:
2010 return "NETLOGON_CONTROL_QUERY_DNS_REG";
2011 case NETLOGON_CONTROL_BACKUP_CHANGE_LOG:
2012 return "NETLOGON_CONTROL_BACKUP_CHANGE_LOG";
2013 case NETLOGON_CONTROL_TRUNCATE_LOG:
2014 return "NETLOGON_CONTROL_TRUNCATE_LOG";
2015 case NETLOGON_CONTROL_SET_DBFLAG:
2016 return "NETLOGON_CONTROL_SET_DBFLAG";
2017 case NETLOGON_CONTROL_BREAKPOINT:
2018 return "NETLOGON_CONTROL_BREAKPOINT";
2019 default:
2020 return talloc_asprintf(mem_ctx, "unknown function code: %d",
2021 function_code);
2022 }
2023 }
2024
2025
2026 /*
2027 try a netlogon LogonControl
2028 */
2029 static bool test_LogonControl(struct torture_context *tctx,
2030 struct dcerpc_pipe *p,
2031 struct cli_credentials *machine_credentials)
2032
2033 {
2034 NTSTATUS status;
2035 struct netr_LogonControl r;
2036 union netr_CONTROL_QUERY_INFORMATION query;
2037 int i,f;
2038 enum netr_SchannelType secure_channel_type = SEC_CHAN_NULL;
2039 struct dcerpc_binding_handle *b = p->binding_handle;
2040
2041 uint32_t function_codes[] = {
2042 NETLOGON_CONTROL_QUERY,
2043 NETLOGON_CONTROL_REPLICATE,
2044 NETLOGON_CONTROL_SYNCHRONIZE,
2045 NETLOGON_CONTROL_PDC_REPLICATE,
2046 NETLOGON_CONTROL_REDISCOVER,
2047 NETLOGON_CONTROL_TC_QUERY,
2048 NETLOGON_CONTROL_TRANSPORT_NOTIFY,
2049 NETLOGON_CONTROL_FIND_USER,
2050 NETLOGON_CONTROL_CHANGE_PASSWORD,
2051 NETLOGON_CONTROL_TC_VERIFY,
2052 NETLOGON_CONTROL_FORCE_DNS_REG,
2053 NETLOGON_CONTROL_QUERY_DNS_REG,
2054 NETLOGON_CONTROL_BACKUP_CHANGE_LOG,
2055 NETLOGON_CONTROL_TRUNCATE_LOG,
2056 NETLOGON_CONTROL_SET_DBFLAG,
2057 NETLOGON_CONTROL_BREAKPOINT
2058 };
2059
2060 if (machine_credentials) {
2061 secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
2062 }
2063
2064 torture_comment(tctx, "Testing LogonControl with secure channel type: %d\n",
2065 secure_channel_type);
2066
2067 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
2068 r.in.function_code = 1;
2069 r.out.query = &query;
2070
2071 for (f=0;f<ARRAY_SIZE(function_codes); f++) {
2072 for (i=1;i<5;i++) {
2073
2074 r.in.function_code = function_codes[f];
2075 r.in.level = i;
2076
2077 torture_comment(tctx, "Testing LogonControl function code %s (%d) level %d\n",
2078 function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
2079
2080 status = dcerpc_netr_LogonControl_r(b, tctx, &r);
2081 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
2082
2083 switch (r.in.level) {
2084 case 1:
2085 switch (r.in.function_code) {
2086 case NETLOGON_CONTROL_REPLICATE:
2087 case NETLOGON_CONTROL_SYNCHRONIZE:
2088 case NETLOGON_CONTROL_PDC_REPLICATE:
2089 case NETLOGON_CONTROL_BREAKPOINT:
2090 case NETLOGON_CONTROL_BACKUP_CHANGE_LOG:
2091 if ((secure_channel_type == SEC_CHAN_BDC) ||
2092 (secure_channel_type == SEC_CHAN_WKSTA)) {
2093 torture_assert_werr_equal(tctx, r.out.result, WERR_ACCESS_DENIED,
2094 "LogonControl returned unexpected error code");
2095 } else {
2096 torture_assert_werr_equal(tctx, r.out.result, WERR_NOT_SUPPORTED,
2097 "LogonControl returned unexpected error code");
2098 }
2099 break;
2100
2101 case NETLOGON_CONTROL_REDISCOVER:
2102 case NETLOGON_CONTROL_TC_QUERY:
2103 case NETLOGON_CONTROL_TRANSPORT_NOTIFY:
2104 case NETLOGON_CONTROL_FIND_USER:
2105 case NETLOGON_CONTROL_CHANGE_PASSWORD:
2106 case NETLOGON_CONTROL_TC_VERIFY:
2107 case NETLOGON_CONTROL_FORCE_DNS_REG:
2108 case NETLOGON_CONTROL_QUERY_DNS_REG:
2109 case NETLOGON_CONTROL_SET_DBFLAG:
2110 torture_assert_werr_equal(tctx, r.out.result, WERR_NOT_SUPPORTED,
2111 "LogonControl returned unexpected error code");
2112 break;
2113 case NETLOGON_CONTROL_TRUNCATE_LOG:
2114 if ((secure_channel_type == SEC_CHAN_BDC) ||
2115 (secure_channel_type == SEC_CHAN_WKSTA)) {
2116 torture_assert_werr_equal(tctx, r.out.result, WERR_ACCESS_DENIED,
2117 "LogonControl returned unexpected error code");
2118 } else {
2119 torture_assert_werr_ok(tctx, r.out.result,
2120 "LogonControl returned unexpected result");
2121 }
2122 break;
2123 default:
2124 torture_assert_werr_ok(tctx, r.out.result,
2125 "LogonControl returned unexpected result");
2126 break;
2127 }
2128 break;
2129 case 2:
2130 torture_assert_werr_equal(tctx, r.out.result, WERR_NOT_SUPPORTED,
2131 "LogonControl returned unexpected error code");
2132 break;
2133 default:
2134 torture_assert_werr_equal(tctx, r.out.result, WERR_UNKNOWN_LEVEL,
2135 "LogonControl returned unexpected error code");
2136 break;
2137 }
2138 }
2139 }
2140
2141 r.in.level = 52;
2142 torture_comment(tctx, "Testing LogonControl function code %s (%d) level %d\n",
2143 function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
2144 status = dcerpc_netr_LogonControl_r(b, tctx, &r);
2145 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
2146 torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_LEVEL, "LogonControl");
2147
2148 return true;
2149 }
2150
2151
2152 /*
2153 try a netlogon GetAnyDCName
2154 */
2155 static bool test_GetAnyDCName(struct torture_context *tctx,
2156 struct dcerpc_pipe *p)
2157 {
2158 NTSTATUS status;
2159 struct netr_GetAnyDCName r;
2160 const char *dcname = NULL;
2161 struct dcerpc_binding_handle *b = p->binding_handle;
2162
2163 r.in.domainname = lpcfg_workgroup(tctx->lp_ctx);
2164 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
2165 r.out.dcname = &dcname;
2166
2167 status = dcerpc_netr_GetAnyDCName_r(b, tctx, &r);
2168 torture_assert_ntstatus_ok(tctx, status, "GetAnyDCName");
2169 if ((!W_ERROR_IS_OK(r.out.result)) &&
2170 (!W_ERROR_EQUAL(r.out.result, WERR_NO_SUCH_DOMAIN))) {
2171 return false;
2172 }
2173
2174 if (dcname) {
2175 torture_comment(tctx, "\tDC is at '%s'\n", dcname);
2176 }
2177
2178 r.in.domainname = NULL;
2179
2180 status = dcerpc_netr_GetAnyDCName_r(b, tctx, &r);
2181 torture_assert_ntstatus_ok(tctx, status, "GetAnyDCName");
2182 if ((!W_ERROR_IS_OK(r.out.result)) &&
2183 (!W_ERROR_EQUAL(r.out.result, WERR_NO_SUCH_DOMAIN))) {
2184 return false;
2185 }
2186
2187 r.in.domainname = "";
2188
2189 status = dcerpc_netr_GetAnyDCName_r(b, tctx, &r);
2190 torture_assert_ntstatus_ok(tctx, status, "GetAnyDCName");
2191 if ((!W_ERROR_IS_OK(r.out.result)) &&
2192 (!W_ERROR_EQUAL(r.out.result, WERR_NO_SUCH_DOMAIN))) {
2193 return false;
2194 }
2195
2196 return true;
2197 }
2198
2199
2200 /*
2201 try a netlogon LogonControl2
2202 */
2203 static bool test_LogonControl2(struct torture_context *tctx,
2204 struct dcerpc_pipe *p,
2205 struct cli_credentials *machine_credentials)
2206
2207 {
2208 NTSTATUS status;
2209 struct netr_LogonControl2 r;
2210 union netr_CONTROL_DATA_INFORMATION data;
2211 union netr_CONTROL_QUERY_INFORMATION query;
2212 int i;
2213 struct dcerpc_binding_handle *b = p->binding_handle;
2214
2215 data.domain = lpcfg_workgroup(tctx->lp_ctx);
2216
2217 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
2218
2219 r.in.function_code = NETLOGON_CONTROL_REDISCOVER;
2220 r.in.data = &data;
2221 r.out.query = &query;
2222
2223 for (i=1;i<4;i++) {
2224 r.in.level = i;
2225
2226 torture_comment(tctx, "Testing LogonControl2 function code %s (%d) level %d\n",
2227 function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
2228
2229 status = dcerpc_netr_LogonControl2_r(b, tctx, &r);
2230 torture_assert_ntstatus_ok(tctx, status, "LogonControl2");
2231 }
2232
2233 data.domain = lpcfg_workgroup(tctx->lp_ctx);
2234
2235 r.in.function_code = NETLOGON_CONTROL_TC_QUERY;
2236 r.in.data = &data;
2237
2238 for (i=1;i<4;i++) {
2239 r.in.level = i;
2240
2241 torture_comment(tctx, "Testing LogonControl2 function code %s (%d) level %d\n",
2242 function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
2243
2244 status = dcerpc_netr_LogonControl2_r(b, tctx, &r);
2245 torture_assert_ntstatus_ok(tctx, status, "LogonControl2");
2246 }
2247
2248 data.domain = lpcfg_workgroup(tctx->lp_ctx);
2249
2250 r.in.function_code = NETLOGON_CONTROL_TRANSPORT_NOTIFY;
2251 r.in.data = &data;
2252
2253 for (i=1;i<4;i++) {
2254 r.in.level = i;
2255
2256 torture_comment(tctx, "Testing LogonControl2 function code %s (%d) level %d\n",
2257 function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
2258
2259 status = dcerpc_netr_LogonControl2_r(b, tctx, &r);
2260 torture_assert_ntstatus_ok(tctx, status, "LogonControl2");
2261 }
2262
2263 data.debug_level = ~0;
2264
2265 r.in.function_code = NETLOGON_CONTROL_SET_DBFLAG;
2266 r.in.data = &data;
2267
2268 for (i=1;i<4;i++) {
2269 r.in.level = i;
2270
2271 torture_comment(tctx, "Testing LogonControl2 function code %s (%d) level %d\n",
2272 function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
2273
2274 status = dcerpc_netr_LogonControl2_r(b, tctx, &r);
2275 torture_assert_ntstatus_ok(tctx, status, "LogonControl2");
2276 }
2277
2278 ZERO_STRUCT(data);
2279 r.in.function_code = 52;
2280 r.in.data = &data;
2281
2282 torture_comment(tctx, "Testing LogonControl2 function code %s (%d) level %d\n",
2283 function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
2284
2285 status = dcerpc_netr_LogonControl2_r(b, tctx, &r);
2286 torture_assert_ntstatus_ok(tctx, status, "LogonControl2");
2287 torture_assert_werr_equal(tctx, r.out.result, WERR_UNKNOWN_LEVEL, "LogonControl2");
2288
2289 data.debug_level = ~0;
2290
2291 r.in.function_code = NETLOGON_CONTROL_SET_DBFLAG;
2292 r.in.data = &data;
2293
2294 r.in.level = 52;
2295 torture_comment(tctx, "Testing LogonControl2 function code %s (%d) level %d\n",
2296 function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
2297
2298 status = dcerpc_netr_LogonControl2_r(b, tctx, &r);
2299 torture_assert_ntstatus_ok(tctx, status, "LogonControl2");
2300 torture_assert_werr_equal(tctx, r.out.result, WERR_UNKNOWN_LEVEL, "LogonControl2");
2301
2302 return true;
2303 }
2304
2305 /*
2306 try a netlogon DatabaseSync2
2307 */
2308 static bool test_DatabaseSync2(struct torture_context *tctx,
2309 struct dcerpc_pipe *p,
2310 struct cli_credentials *machine_credentials)
2311 {
2312 struct netr_DatabaseSync2 r;
2313 struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
2314 struct netr_Authenticator return_authenticator, credential;
2315
2316 struct netlogon_creds_CredentialState *creds;
2317 const uint32_t database_ids[] = {0, 1, 2};
2318 int i;
2319 struct dcerpc_binding_handle *b = p->binding_handle;
2320
2321 if (!test_SetupCredentials2(p, tctx, NETLOGON_NEG_AUTH2_FLAGS,
2322 machine_credentials,
2323 cli_credentials_get_secure_channel_type(machine_credentials),
2324 &creds)) {
2325 return false;
2326 }
2327
2328 ZERO_STRUCT(return_authenticator);
2329
2330 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
2331 r.in.computername = TEST_MACHINE_NAME;
2332 r.in.preferredmaximumlength = (uint32_t)-1;
2333 r.in.return_authenticator = &return_authenticator;
2334 r.out.return_authenticator = &return_authenticator;
2335 r.out.delta_enum_array = &delta_enum_array;
2336
2337 for (i=0;i<ARRAY_SIZE(database_ids);i++) {
2338
2339 uint32_t sync_context = 0;
2340
2341 r.in.database_id = database_ids[i];
2342 r.in.sync_context = &sync_context;
2343 r.out.sync_context = &sync_context;
2344 r.in.restart_state = 0;
2345
2346 torture_comment(tctx, "Testing DatabaseSync2 of id %d\n", r.in.database_id);
2347
2348 do {
2349 netlogon_creds_client_authenticator(creds, &credential);
2350
2351 r.in.credential = &credential;
2352
2353 torture_assert_ntstatus_ok(tctx, dcerpc_netr_DatabaseSync2_r(b, tctx, &r),
2354 "DatabaseSync2 failed");
2355 if (NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES))
2356 break;
2357
2358 /* Native mode servers don't do this */
2359 if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_NOT_SUPPORTED)) {
2360 return true;
2361 }
2362
2363 torture_assert_ntstatus_ok(tctx, r.out.result, "DatabaseSync2");
2364
2365 if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
2366 torture_comment(tctx, "Credential chaining failed\n");
2367 }
2368
2369 } while (NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES));
2370 }
2371
2372 return true;
2373 }
2374
2375
2376 /*
2377 try a netlogon LogonControl2Ex
2378 */
2379 static bool test_LogonControl2Ex(struct torture_context *tctx,
2380 struct dcerpc_pipe *p,
2381 struct cli_credentials *machine_credentials)
2382
2383 {
2384 NTSTATUS status;
2385 struct netr_LogonControl2Ex r;
2386 union netr_CONTROL_DATA_INFORMATION data;
2387 union netr_CONTROL_QUERY_INFORMATION query;
2388 int i;
2389 struct dcerpc_binding_handle *b = p->binding_handle;
2390
2391 data.domain = lpcfg_workgroup(tctx->lp_ctx);
2392
2393 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
2394
2395 r.in.function_code = NETLOGON_CONTROL_REDISCOVER;
2396 r.in.data = &data;
2397 r.out.query = &query;
2398
2399 for (i=1;i<4;i++) {
2400 r.in.level = i;
2401
2402 torture_comment(tctx, "Testing LogonControl2Ex level %d function %d\n",
2403 i, r.in.function_code);
2404
2405 status = dcerpc_netr_LogonControl2Ex_r(b, tctx, &r);
2406 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
2407 }
2408
2409 data.domain = lpcfg_workgroup(tctx->lp_ctx);
2410
2411 r.in.function_code = NETLOGON_CONTROL_TC_QUERY;
2412 r.in.data = &data;
2413
2414 for (i=1;i<4;i++) {
2415 r.in.level = i;
2416
2417 torture_comment(tctx, "Testing LogonControl2Ex level %d function %d\n",
2418 i, r.in.function_code);
2419
2420 status = dcerpc_netr_LogonControl2Ex_r(b, tctx, &r);
2421 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
2422 }
2423
2424 data.domain = lpcfg_workgroup(tctx->lp_ctx);
2425
2426 r.in.function_code = NETLOGON_CONTROL_TRANSPORT_NOTIFY;
2427 r.in.data = &data;
2428
2429 for (i=1;i<4;i++) {
2430 r.in.level = i;
2431
2432 torture_comment(tctx, "Testing LogonControl2Ex level %d function %d\n",
2433 i, r.in.function_code);
2434
2435 status = dcerpc_netr_LogonControl2Ex_r(b, tctx, &r);
2436 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
2437 }
2438
2439 data.debug_level = ~0;
2440
2441 r.in.function_code = NETLOGON_CONTROL_SET_DBFLAG;
2442 r.in.data = &data;
2443
2444 for (i=1;i<4;i++) {
2445 r.in.level = i;
2446
2447 torture_comment(tctx, "Testing LogonControl2Ex level %d function %d\n",
2448 i, r.in.function_code);
2449
2450 status = dcerpc_netr_LogonControl2Ex_r(b, tctx, &r);
2451 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
2452 }
2453
2454 return true;
2455 }
2456
2457 static bool test_netr_GetForestTrustInformation(struct torture_context *tctx,
2458 struct dcerpc_pipe *p,
2459 struct cli_credentials *machine_credentials)
2460 {
2461 struct netr_GetForestTrustInformation r;
2462 struct netlogon_creds_CredentialState *creds;
2463 struct netr_Authenticator a;
2464 struct netr_Authenticator return_authenticator;
2465 struct lsa_ForestTrustInformation *forest_trust_info;
2466 struct dcerpc_binding_handle *b = p->binding_handle;
2467
2468 if (!test_SetupCredentials3(p, tctx, NETLOGON_NEG_AUTH2_ADS_FLAGS,
2469 machine_credentials, &creds)) {
2470 return false;
2471 }
2472
2473 netlogon_creds_client_authenticator(creds, &a);
2474
2475 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
2476 r.in.computer_name = TEST_MACHINE_NAME;
2477 r.in.credential = &a;
2478 r.in.flags = 0;
2479 r.out.return_authenticator = &return_authenticator;
2480 r.out.forest_trust_info = &forest_trust_info;
2481
2482 torture_assert_ntstatus_ok(tctx,
2483 dcerpc_netr_GetForestTrustInformation_r(b, tctx, &r),
2484 "netr_GetForestTrustInformation failed");
2485 if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_NOT_IMPLEMENTED)) {
2486 torture_comment(tctx, "not considering NT_STATUS_NOT_IMPLEMENTED as an error\n");
2487 } else {
2488 torture_assert_ntstatus_ok(tctx, r.out.result,
2489 "netr_GetForestTrustInformation failed");
2490 }
2491
2492 torture_assert(tctx,
2493 netlogon_creds_client_check(creds, &return_authenticator.cred),
2494 "Credential chaining failed");
2495
2496 return true;
2497 }
2498
2499 static bool test_netr_DsRGetForestTrustInformation(struct torture_context *tctx,
2500 struct dcerpc_pipe *p, const char *trusted_domain_name)
2501 {
2502 NTSTATUS status;
2503 struct netr_DsRGetForestTrustInformation r;
2504 struct lsa_ForestTrustInformation info, *info_ptr;
2505 struct dcerpc_binding_handle *b = p->binding_handle;
2506
2507 info_ptr = &info;
2508
2509 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
2510 r.in.trusted_domain_name = trusted_domain_name;
2511 r.in.flags = 0;
2512 r.out.forest_trust_info = &info_ptr;
2513
2514 torture_comment(tctx ,"Testing netr_DsRGetForestTrustInformation\n");
2515
2516 status = dcerpc_netr_DsRGetForestTrustInformation_r(b, tctx, &r);
2517 torture_assert_ntstatus_ok(tctx, status, "DsRGetForestTrustInformation");
2518 torture_assert_werr_ok(tctx, r.out.result, "DsRGetForestTrustInformation");
2519
2520 return true;
2521 }
2522
2523 /*
2524 try a netlogon netr_DsrEnumerateDomainTrusts
2525 */
2526 static bool test_DsrEnumerateDomainTrusts(struct torture_context *tctx,
2527 struct dcerpc_pipe *p)
2528 {
2529 NTSTATUS status;
2530 struct netr_DsrEnumerateDomainTrusts r;
2531 struct netr_DomainTrustList trusts;
2532 int i;
2533 struct dcerpc_binding_handle *b = p->binding_handle;
2534
2535 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
2536 r.in.trust_flags = 0x3f;
2537 r.out.trusts = &trusts;
2538
2539 status = dcerpc_netr_DsrEnumerateDomainTrusts_r(b, tctx, &r);
2540 torture_assert_ntstatus_ok(tctx, status, "DsrEnumerateDomaintrusts");
2541 torture_assert_werr_ok(tctx, r.out.result, "DsrEnumerateDomaintrusts");
2542
2543 /* when trusted_domain_name is NULL, netr_DsRGetForestTrustInformation
2544 * will show non-forest trusts and all UPN suffixes of the own forest
2545 * as LSA_FOREST_TRUST_TOP_LEVEL_NAME types */
2546
2547 if (r.out.trusts->count) {
2548 if (!test_netr_DsRGetForestTrustInformation(tctx, p, NULL)) {
2549 return false;
2550 }
2551 }
2552
2553 for (i=0; i<r.out.trusts->count; i++) {
2554
2555 /* get info for transitive forest trusts */
2556
2557 if (r.out.trusts->array[i].trust_attributes & LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE) {
2558 if (!test_netr_DsRGetForestTrustInformation(tctx, p,
2559 r.out.trusts->array[i].dns_name)) {
2560 return false;
2561 }
2562 }
2563 }
2564
2565 return true;
2566 }
2567
2568 static bool test_netr_NetrEnumerateTrustedDomains(struct torture_context *tctx,
2569 struct dcerpc_pipe *p)
2570 {
2571 NTSTATUS status;
2572 struct netr_NetrEnumerateTrustedDomains r;
2573 struct netr_Blob trusted_domains_blob;
2574 struct dcerpc_binding_handle *b = p->binding_handle;
2575
2576 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
2577 r.out.trusted_domains_blob = &trusted_domains_blob;
2578
2579 status = dcerpc_netr_NetrEnumerateTrustedDomains_r(b, tctx, &r);
2580 torture_assert_ntstatus_ok(tctx, status, "netr_NetrEnumerateTrustedDomains");
2581 torture_assert_ntstatus_ok(tctx, r.out.result, "NetrEnumerateTrustedDomains");
2582
2583 return true;
2584 }
2585
2586 static bool test_netr_NetrEnumerateTrustedDomainsEx(struct torture_context *tctx,
2587 struct dcerpc_pipe *p)
2588 {
2589 NTSTATUS status;
2590 struct netr_NetrEnumerateTrustedDomainsEx r;
2591 struct netr_DomainTrustList dom_trust_list;
2592 struct dcerpc_binding_handle *b = p->binding_handle;
2593
2594 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
2595 r.out.dom_trust_list = &dom_trust_list;
2596
2597 status = dcerpc_netr_NetrEnumerateTrustedDomainsEx_r(b, tctx, &r);
2598 torture_assert_ntstatus_ok(tctx, status, "netr_NetrEnumerateTrustedDomainsEx");
2599 torture_assert_werr_ok(tctx, r.out.result, "NetrEnumerateTrustedDomainsEx");
2600
2601 return true;
2602 }
2603
2604
2605 static bool test_netr_DsRGetSiteName(struct dcerpc_pipe *p, struct torture_context *tctx,
2606 const char *computer_name,
2607 const char *expected_site)
2608 {
2609 NTSTATUS status;
2610 struct netr_DsRGetSiteName r;
2611 const char *site = NULL;
2612 struct dcerpc_binding_handle *b = p->binding_handle;
2613
2614 r.in.computer_name = computer_name;
2615 r.out.site = &site;
2616 torture_comment(tctx, "Testing netr_DsRGetSiteName\n");
2617
2618 status = dcerpc_netr_DsRGetSiteName_r(b, tctx, &r);
2619 torture_assert_ntstatus_ok(tctx, status, "DsRGetSiteName");
2620 torture_assert_werr_ok(tctx, r.out.result, "DsRGetSiteName");
2621 torture_assert_str_equal(tctx, expected_site, site, "netr_DsRGetSiteName");
2622
2623 return true;
2624 }
2625
2626 /*
2627 try a netlogon netr_DsRGetDCName
2628 */
2629 static bool test_netr_DsRGetDCName(struct torture_context *tctx,
2630 struct dcerpc_pipe *p)
2631 {
2632 NTSTATUS status;
2633 struct netr_DsRGetDCName r;
2634 struct netr_DsRGetDCNameInfo *info = NULL;
2635 struct dcerpc_binding_handle *b = p->binding_handle;
2636
2637 r.in.server_unc = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
2638 r.in.domain_name = lpcfg_dnsdomain(tctx->lp_ctx);
2639 r.in.domain_guid = NULL;
2640 r.in.site_guid = NULL;
2641 r.in.flags = DS_RETURN_DNS_NAME;
2642 r.out.info = &info;
2643
2644 status = dcerpc_netr_DsRGetDCName_r(b, tctx, &r);
2645 torture_assert_ntstatus_ok(tctx, status, "DsRGetDCName");
2646 torture_assert_werr_ok(tctx, r.out.result, "DsRGetDCName");
2647
2648 torture_assert_int_equal(tctx,
2649 (info->dc_flags & (DS_DNS_CONTROLLER)),
2650 DS_DNS_CONTROLLER,
2651 "DsRGetDCName");
2652 torture_assert_int_equal(tctx,
2653 (info->dc_flags & (DS_DNS_DOMAIN)),
2654 DS_DNS_DOMAIN,
2655 "DsRGetDCName");
2656 torture_assert_int_equal(tctx,
2657 (info->dc_flags & (DS_DNS_FOREST_ROOT)),
2658 DS_DNS_FOREST_ROOT,
2659 "DsRGetDCName");
2660
2661 r.in.domain_name = lpcfg_workgroup(tctx->lp_ctx);
2662 r.in.flags = 0;
2663
2664 status = dcerpc_netr_DsRGetDCName_r(b, tctx, &r);
2665 torture_assert_ntstatus_ok(tctx, status, "DsRGetDCName");
2666 torture_assert_werr_ok(tctx, r.out.result, "DsRGetDCName");
2667
2668 torture_assert_int_equal(tctx,
2669 (info->dc_flags & (DS_DNS_CONTROLLER)), 0,
2670 "DsRGetDCName");
2671 torture_assert_int_equal(tctx,
2672 (info->dc_flags & (DS_DNS_DOMAIN)), 0,
2673 "DsRGetDCName");
2674 torture_assert_int_equal(tctx,
2675 (info->dc_flags & (DS_DNS_FOREST_ROOT)),
2676 DS_DNS_FOREST_ROOT,
2677 "DsRGetDCName");
2678
2679 if (strcasecmp(info->dc_site_name, info->client_site_name) == 0) {
2680 torture_assert_int_equal(tctx,
2681 (info->dc_flags & (DS_SERVER_CLOSEST)),
2682 DS_SERVER_CLOSEST,
2683 "DsRGetDCName");
2684 }
2685
2686 return test_netr_DsRGetSiteName(p, tctx,
2687 info->dc_unc,
2688 info->dc_site_name);
2689 }
2690
2691 /*
2692 try a netlogon netr_DsRGetDCNameEx
2693 */
2694 static bool test_netr_DsRGetDCNameEx(struct torture_context *tctx,
2695 struct dcerpc_pipe *p)
2696 {
2697 NTSTATUS status;
2698 struct netr_DsRGetDCNameEx r;
2699 struct netr_DsRGetDCNameInfo *info = NULL;
2700 struct dcerpc_binding_handle *b = p->binding_handle;
2701
2702 r.in.server_unc = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
2703 r.in.domain_name = lpcfg_dnsdomain(tctx->lp_ctx);
2704 r.in.domain_guid = NULL;
2705 r.in.site_name = NULL;
2706 r.in.flags = DS_RETURN_DNS_NAME;
2707 r.out.info = &info;
2708
2709 status = dcerpc_netr_DsRGetDCNameEx_r(b, tctx, &r);
2710 torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx");
2711 torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx");
2712
2713 torture_assert_int_equal(tctx,
2714 (info->dc_flags & (DS_DNS_CONTROLLER)),
2715 DS_DNS_CONTROLLER,
2716 "DsRGetDCNameEx");
2717 torture_assert_int_equal(tctx,
2718 (info->dc_flags & (DS_DNS_DOMAIN)),
2719 DS_DNS_DOMAIN,
2720 "DsRGetDCNameEx");
2721 torture_assert_int_equal(tctx,
2722 (info->dc_flags & (DS_DNS_FOREST_ROOT)),
2723 DS_DNS_FOREST_ROOT,
2724 "DsRGetDCNameEx");
2725
2726 r.in.domain_name = lpcfg_workgroup(tctx->lp_ctx);
2727 r.in.flags = 0;
2728
2729 status = dcerpc_netr_DsRGetDCNameEx_r(b, tctx, &r);
2730 torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx");
2731 torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx");
2732
2733 torture_assert_int_equal(tctx,
2734 (info->dc_flags & (DS_DNS_CONTROLLER)), 0,
2735 "DsRGetDCNameEx");
2736 torture_assert_int_equal(tctx,
2737 (info->dc_flags & (DS_DNS_DOMAIN)), 0,
2738 "DsRGetDCNameEx");
2739 torture_assert_int_equal(tctx,
2740 (info->dc_flags & (DS_DNS_FOREST_ROOT)),
2741 DS_DNS_FOREST_ROOT,
2742 "DsRGetDCNameEx");
2743
2744 if (strcasecmp(info->dc_site_name, info->client_site_name) == 0) {
2745 torture_assert_int_equal(tctx,
2746 (info->dc_flags & (DS_SERVER_CLOSEST)),
2747 DS_SERVER_CLOSEST,
2748 "DsRGetDCNameEx");
2749 }
2750
2751 return test_netr_DsRGetSiteName(p, tctx, info->dc_unc,
2752 info->dc_site_name);
2753 }
2754
2755 /*
2756 try a netlogon netr_DsRGetDCNameEx2
2757 */
2758 static bool test_netr_DsRGetDCNameEx2(struct torture_context *tctx,
2759 struct dcerpc_pipe *p)
2760 {
2761 NTSTATUS status;
2762 struct netr_DsRGetDCNameEx2 r;
2763 struct netr_DsRGetDCNameInfo *info = NULL;
2764 struct dcerpc_binding_handle *b = p->binding_handle;
2765
2766 torture_comment(tctx, "Testing netr_DsRGetDCNameEx2 with no inputs\n");
2767 ZERO_STRUCT(r.in);
2768 r.in.flags = DS_RETURN_DNS_NAME;
2769 r.out.info = &info;
2770
2771 status = dcerpc_netr_DsRGetDCNameEx2_r(b, tctx, &r);
2772 torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx2");
2773 torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx2");
2774
2775 torture_assert_int_equal(tctx,
2776 (info->dc_flags & (DS_DNS_CONTROLLER)),
2777 DS_DNS_CONTROLLER,
2778 "DsRGetDCNameEx2");
2779 torture_assert_int_equal(tctx,
2780 (info->dc_flags & (DS_DNS_DOMAIN)),
2781 DS_DNS_DOMAIN,
2782 "DsRGetDCNameEx2");
2783 torture_assert_int_equal(tctx,
2784 (info->dc_flags & (DS_DNS_FOREST_ROOT)),
2785 DS_DNS_FOREST_ROOT,
2786 "DsRGetDCNameEx2");
2787
2788 r.in.server_unc = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
2789 r.in.client_account = NULL;
2790 r.in.mask = 0x00000000;
2791 r.in.domain_name = lpcfg_dnsdomain(tctx->lp_ctx);
2792 r.in.domain_guid = NULL;
2793 r.in.site_name = NULL;
2794 r.in.flags = DS_RETURN_DNS_NAME;
2795 r.out.info = &info;
2796
2797 torture_comment(tctx, "Testing netr_DsRGetDCNameEx2 without client account\n");
2798
2799 status = dcerpc_netr_DsRGetDCNameEx2_r(b, tctx, &r);
2800 torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx2");
2801 torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx2");
2802
2803 r.in.domain_name = lpcfg_workgroup(tctx->lp_ctx);
2804 r.in.flags = 0;
2805
2806 status = dcerpc_netr_DsRGetDCNameEx2_r(b, tctx, &r);
2807 torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx2");
2808 torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx2");
2809
2810 torture_assert_int_equal(tctx,
2811 (info->dc_flags & (DS_DNS_CONTROLLER)), 0,
2812 "DsRGetDCNameEx2");
2813 torture_assert_int_equal(tctx,
2814 (info->dc_flags & (DS_DNS_DOMAIN)), 0,
2815 "DsRGetDCNameEx2");
2816 torture_assert_int_equal(tctx,
2817 (info->dc_flags & (DS_DNS_FOREST_ROOT)),
2818 DS_DNS_FOREST_ROOT,
2819 "DsRGetDCNameEx2");
2820
2821 if (strcasecmp(info->dc_site_name, info->client_site_name) == 0) {
2822 torture_assert_int_equal(tctx,
2823 (info->dc_flags & (DS_SERVER_CLOSEST)),
2824 DS_SERVER_CLOSEST,
2825 "DsRGetDCNameEx2");
2826 }
2827
2828 torture_comment(tctx, "Testing netr_DsRGetDCNameEx2 with client account\n");
2829 r.in.client_account = TEST_MACHINE_NAME"$";
2830 r.in.mask = ACB_SVRTRUST;
2831 r.in.flags = DS_RETURN_FLAT_NAME;
2832 r.out.info = &info;
2833
2834 status = dcerpc_netr_DsRGetDCNameEx2_r(b, tctx, &r);
2835 torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx2");
2836 torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx2");
2837
2838 return test_netr_DsRGetSiteName(p, tctx, info->dc_unc,
2839 info->dc_site_name);
2840 }
2841
2842 /* This is a substitution for "samdb_server_site_name" which relies on the
2843 * correct "lp_ctx" and therefore can't be used here. */
2844 static const char *server_site_name(struct torture_context *tctx,
2845 struct ldb_context *ldb)
2846 {
2847 TALLOC_CTX *tmp_ctx;
2848 struct ldb_dn *dn, *server_dn;
2849 const struct ldb_val *site_name_val;
2850 const char *server_dn_str, *site_name;
2851
2852 tmp_ctx = talloc_new(ldb);
2853 if (tmp_ctx == NULL) {
2854 goto failed;
2855 }
2856
2857 dn = ldb_dn_new(tmp_ctx, ldb, "");
2858 if (dn == NULL) {
2859 goto failed;
2860 }
2861
2862 server_dn_str = samdb_search_string(ldb, tmp_ctx, dn, "serverName",
2863 NULL);
2864 if (server_dn_str == NULL) {
2865 goto failed;
2866 }
2867
2868 server_dn = ldb_dn_new(tmp_ctx, ldb, server_dn_str);
2869 if (server_dn == NULL) {
2870 goto failed;
2871 }
2872
2873 /* CN=<Server name>, CN=Servers, CN=<Site name>, CN=Sites, ... */
2874 site_name_val = ldb_dn_get_component_val(server_dn, 2);
2875 if (site_name_val == NULL) {
2876 goto failed;
2877 }
2878
2879 site_name = (const char *) site_name_val->data;
2880
2881 talloc_steal(tctx, site_name);
2882 talloc_free(tmp_ctx);
2883
2884 return site_name;
2885
2886 failed:
2887 talloc_free(tmp_ctx);
2888 return NULL;
2889 }
2890
2891 static bool test_netr_DsrGetDcSiteCoverageW(struct torture_context *tctx,
2892 struct dcerpc_pipe *p)
2893 {
2894 char *url;
2895 struct ldb_context *sam_ctx = NULL;
2896 NTSTATUS status;
2897 struct netr_DsrGetDcSiteCoverageW r;
2898 struct DcSitesCtr *ctr = NULL;
2899 struct dcerpc_binding_handle *b = p->binding_handle;
2900
2901 torture_comment(tctx, "This does only pass with the default site\n");
2902
2903 /* We won't double-check this when we are over 'local' transports */
2904 if (dcerpc_server_name(p)) {
2905 /* Set up connection to SAMDB on DC */
2906 url = talloc_asprintf(tctx, "ldap://%s", dcerpc_server_name(p));
2907 sam_ctx = ldb_wrap_connect(tctx, tctx->ev, tctx->lp_ctx, url,
2908 NULL,
2909 cmdline_credentials,
2910 0);
2911
2912 torture_assert(tctx, sam_ctx, "Connection to the SAMDB on DC failed!");
2913 }
2914
2915 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
2916 r.out.ctr = &ctr;
2917
2918 status = dcerpc_netr_DsrGetDcSiteCoverageW_r(b, tctx, &r);
2919 torture_assert_ntstatus_ok(tctx, status, "failed");
2920 torture_assert_werr_ok(tctx, r.out.result, "failed");
2921
2922 torture_assert(tctx, ctr->num_sites == 1,
2923 "we should per default only get the default site");
2924 if (sam_ctx != NULL) {
2925 torture_assert_casestr_equal(tctx, ctr->sites[0].string,
2926 server_site_name(tctx, sam_ctx),
2927 "didn't return default site");
2928 }
2929
2930 return true;
2931 }
2932
2933 static bool test_netr_DsRAddressToSitenamesW(struct torture_context *tctx,
2934 struct dcerpc_pipe *p)
2935 {
2936 char *url;
2937 struct ldb_context *sam_ctx = NULL;
2938 NTSTATUS status;
2939 struct netr_DsRAddressToSitenamesW r;
2940 struct netr_DsRAddress addrs[6];
2941 struct sockaddr_in *addr;
2942 #ifdef HAVE_IPV6
2943 struct sockaddr_in6 *addr6;
2944 #endif
2945 struct netr_DsRAddressToSitenamesWCtr *ctr;
2946 struct dcerpc_binding_handle *b = p->binding_handle;
2947 uint32_t i;
2948 int ret;
2949
2950 torture_comment(tctx, "This does only pass with the default site\n");
2951
2952 /* We won't double-check this when we are over 'local' transports */
2953 if (dcerpc_server_name(p)) {
2954 /* Set up connection to SAMDB on DC */
2955 url = talloc_asprintf(tctx, "ldap://%s", dcerpc_server_name(p));
2956 sam_ctx = ldb_wrap_connect(tctx, tctx->ev, tctx->lp_ctx, url,
2957 NULL,
2958 cmdline_credentials,
2959 0);
2960
2961 torture_assert(tctx, sam_ctx, "Connection to the SAMDB on DC failed!");
2962 }
2963
2964 /* First try valid IP addresses */
2965
2966 addrs[0].size = sizeof(struct sockaddr_in);
2967 addrs[0].buffer = talloc_zero_array(tctx, uint8_t, addrs[0].size);
2968 addr = (struct sockaddr_in *) addrs[0].buffer;
2969 addrs[0].buffer[0] = AF_INET;
2970 ret = inet_pton(AF_INET, "127.0.0.1", &addr->sin_addr);
2971 torture_assert(tctx, ret > 0, "inet_pton failed");
2972
2973 addrs[1].size = sizeof(struct sockaddr_in);
2974 addrs[1].buffer = talloc_zero_array(tctx, uint8_t, addrs[1].size);
2975 addr = (struct sockaddr_in *) addrs[1].buffer;
2976 addrs[1].buffer[0] = AF_INET;
2977 ret = inet_pton(AF_INET, "0.0.0.0", &addr->sin_addr);
2978 torture_assert(tctx, ret > 0, "inet_pton failed");
2979
2980 addrs[2].size = sizeof(struct sockaddr_in);
2981 addrs[2].buffer = talloc_zero_array(tctx, uint8_t, addrs[2].size);
2982 addr = (struct sockaddr_in *) addrs[2].buffer;
2983 addrs[2].buffer[0] = AF_INET;
2984 ret = inet_pton(AF_INET, "255.255.255.255", &addr->sin_addr);
2985 torture_assert(tctx, ret > 0, "inet_pton failed");
2986
2987 #ifdef HAVE_IPV6
2988 addrs[3].size = sizeof(struct sockaddr_in6);
2989 addrs[3].buffer = talloc_zero_array(tctx, uint8_t, addrs[3].size);
2990 addr6 = (struct sockaddr_in6 *) addrs[3].buffer;
2991 addrs[3].buffer[0] = AF_INET6;
2992 ret = inet_pton(AF_INET6, "::1", &addr6->sin6_addr);
2993 torture_assert(tctx, ret > 0, "inet_pton failed");
2994
2995 addrs[4].size = sizeof(struct sockaddr_in6);
2996 addrs[4].buffer = talloc_zero_array(tctx, uint8_t, addrs[4].size);
2997 addr6 = (struct sockaddr_in6 *) addrs[4].buffer;
2998 addrs[4].buffer[0] = AF_INET6;
2999 ret = inet_pton(AF_INET6, "::", &addr6->sin6_addr);
3000 torture_assert(tctx, ret > 0, "inet_pton failed");
3001
3002 addrs[5].size = sizeof(struct sockaddr_in6);
3003 addrs[5].buffer = talloc_zero_array(tctx, uint8_t, addrs[5].size);
3004 addr6 = (struct sockaddr_in6 *) addrs[5].buffer;
3005 addrs[5].buffer[0] = AF_INET6;
3006 ret = inet_pton(AF_INET6, "ff02::1", &addr6->sin6_addr);
3007 torture_assert(tctx, ret > 0, "inet_pton failed");
3008 #else
3009 /* the test cases are repeated to have exactly 6. This is for
3010 * compatibility with IPv4-only machines */
3011 addrs[3].size = sizeof(struct sockaddr_in);
3012 addrs[3].buffer = talloc_zero_array(tctx, uint8_t, addrs[3].size);
3013 addr = (struct sockaddr_in *) addrs[3].buffer;
3014 addrs[3].buffer[0] = AF_INET;
3015 ret = inet_pton(AF_INET, "127.0.0.1", &addr->sin_addr);
3016 torture_assert(tctx, ret > 0, "inet_pton failed");
3017
3018 addrs[4].size = sizeof(struct sockaddr_in);
3019 addrs[4].buffer = talloc_zero_array(tctx, uint8_t, addrs[4].size);
3020 addr = (struct sockaddr_in *) addrs[4].buffer;
3021 addrs[4].buffer[0] = AF_INET;
3022 ret = inet_pton(AF_INET, "0.0.0.0", &addr->sin_addr);
3023 torture_assert(tctx, ret > 0, "inet_pton failed");
3024
3025 addrs[5].size = sizeof(struct sockaddr_in);
3026 addrs[5].buffer = talloc_zero_array(tctx, uint8_t, addrs[5].size);
3027 addr = (struct sockaddr_in *) addrs[5].buffer;
3028 addrs[5].buffer[0] = AF_INET;
3029 ret = inet_pton(AF_INET, "255.255.255.255", &addr->sin_addr);
3030 torture_assert(tctx, ret > 0, "inet_pton failed");
3031 #endif
3032
3033 ctr = talloc(tctx, struct netr_DsRAddressToSitenamesWCtr);
3034
3035 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
3036 r.in.count = 6;
3037 r.in.addresses = addrs;
3038 r.out.ctr = &ctr;
3039
3040 status = dcerpc_netr_DsRAddressToSitenamesW_r(b, tctx, &r);
3041 torture_assert_ntstatus_ok(tctx, status, "failed");
3042 torture_assert_werr_ok(tctx, r.out.result, "failed");
3043
3044 if (sam_ctx != NULL) {
3045 for (i = 0; i < 3; i++) {
3046 torture_assert_casestr_equal(tctx,
3047 ctr->sitename[i].string,
3048 server_site_name(tctx, sam_ctx),
3049 "didn't return default site");
3050 }
3051 for (i = 3; i < 6; i++) {
3052 /* Windows returns "NULL" for the sitename if it isn't
3053 * IPv6 configured */
3054 if (torture_setting_bool(tctx, "samba4", false)) {
3055 torture_assert_casestr_equal(tctx,
3056 ctr->sitename[i].string,
3057 server_site_name(tctx, sam_ctx),
3058 "didn't return default site");
3059 }
3060 }
3061 }
3062
3063 /* Now try invalid ones (too short buffers) */
3064
3065 addrs[0].size = 0;
3066 addrs[1].size = 1;
3067 addrs[2].size = 4;
3068
3069 addrs[3].size = 0;
3070 addrs[4].size = 1;
3071 addrs[5].size = 4;
3072
3073 status = dcerpc_netr_DsRAddressToSitenamesW_r(b, tctx, &r);
3074 torture_assert_ntstatus_ok(tctx, status, "failed");
3075 torture_assert_werr_ok(tctx, r.out.result, "failed");
3076
3077 for (i = 0; i < 6; i++) {
3078 torture_assert(tctx, ctr->sitename[i].string == NULL,
3079 "sitename should be null");
3080 }
3081
3082 /* Now try invalid ones (wrong address types) */
3083
3084 addrs[0].size = 10;
3085 addrs[0].buffer[0] = AF_UNSPEC;
3086 addrs[1].size = 10;
3087 addrs[1].buffer[0] = AF_UNIX; /* AF_LOCAL = AF_UNIX */
3088 addrs[2].size = 10;
3089 addrs[2].buffer[0] = AF_UNIX;
3090
3091 addrs[3].size = 10;
3092 addrs[3].buffer[0] = 250;
3093 addrs[4].size = 10;
3094 addrs[4].buffer[0] = 251;
3095 addrs[5].size = 10;
3096 addrs[5].buffer[0] = 252;
3097
3098 status = dcerpc_netr_DsRAddressToSitenamesW_r(b, tctx, &r);
3099 torture_assert_ntstatus_ok(tctx, status, "failed");
3100 torture_assert_werr_ok(tctx, r.out.result, "failed");
3101
3102 for (i = 0; i < 6; i++) {
3103 torture_assert(tctx, ctr->sitename[i].string == NULL,
3104 "sitename should be null");
3105 }
3106
3107 return true;
3108 }
3109
3110 static bool test_netr_DsRAddressToSitenamesExW(struct torture_context *tctx,
3111 struct dcerpc_pipe *p)
3112 {
3113 char *url;
3114 struct ldb_context *sam_ctx = NULL;
3115 NTSTATUS status;
3116 struct netr_DsRAddressToSitenamesExW r;
3117 struct netr_DsRAddress addrs[6];
3118 struct sockaddr_in *addr;
3119 #ifdef HAVE_IPV6
3120 struct sockaddr_in6 *addr6;
3121 #endif
3122 struct netr_DsRAddressToSitenamesExWCtr *ctr;
3123 struct dcerpc_binding_handle *b = p->binding_handle;
3124 uint32_t i;
3125 int ret;
3126
3127 torture_comment(tctx, "This does pass with the default site\n");
3128
3129 /* We won't double-check this when we are over 'local' transports */
3130 if (dcerpc_server_name(p)) {
3131 /* Set up connection to SAMDB on DC */
3132 url = talloc_asprintf(tctx, "ldap://%s", dcerpc_server_name(p));
3133 sam_ctx = ldb_wrap_connect(tctx, tctx->ev, tctx->lp_ctx, url,
3134 NULL,
3135 cmdline_credentials,
3136 0);
3137
3138 torture_assert(tctx, sam_ctx, "Connection to the SAMDB on DC failed!");
3139 }
3140
3141 /* First try valid IP addresses */
3142
3143 addrs[0].size = sizeof(struct sockaddr_in);
3144 addrs[0].buffer = talloc_zero_array(tctx, uint8_t, addrs[0].size);
3145 addr = (struct sockaddr_in *) addrs[0].buffer;
3146 addrs[0].buffer[0] = AF_INET;
3147 ret = inet_pton(AF_INET, "127.0.0.1", &addr->sin_addr);
3148 torture_assert(tctx, ret > 0, "inet_pton failed");
3149
3150 addrs[1].size = sizeof(struct sockaddr_in);
3151 addrs[1].buffer = talloc_zero_array(tctx, uint8_t, addrs[1].size);
3152 addr = (struct sockaddr_in *) addrs[1].buffer;
3153 addrs[1].buffer[0] = AF_INET;
3154 ret = inet_pton(AF_INET, "0.0.0.0", &addr->sin_addr);
3155 torture_assert(tctx, ret > 0, "inet_pton failed");
3156
3157 addrs[2].size = sizeof(struct sockaddr_in);
3158 addrs[2].buffer = talloc_zero_array(tctx, uint8_t, addrs[2].size);
3159 addr = (struct sockaddr_in *) addrs[2].buffer;
3160 addrs[2].buffer[0] = AF_INET;
3161 ret = inet_pton(AF_INET, "255.255.255.255", &addr->sin_addr);
3162 torture_assert(tctx, ret > 0, "inet_pton failed");
3163
3164 #ifdef HAVE_IPV6
3165 addrs[3].size = sizeof(struct sockaddr_in6);
3166 addrs[3].buffer = talloc_zero_array(tctx, uint8_t, addrs[3].size);
3167 addr6 = (struct sockaddr_in6 *) addrs[3].buffer;
3168 addrs[3].buffer[0] = AF_INET6;
3169 ret = inet_pton(AF_INET6, "::1", &addr6->sin6_addr);
3170 torture_assert(tctx, ret > 0, "inet_pton failed");
3171
3172 addrs[4].size = sizeof(struct sockaddr_in6);
3173 addrs[4].buffer = talloc_zero_array(tctx, uint8_t, addrs[4].size);
3174 addr6 = (struct sockaddr_in6 *) addrs[4].buffer;
3175 addrs[4].buffer[0] = AF_INET6;
3176 ret = inet_pton(AF_INET6, "::", &addr6->sin6_addr);
3177 torture_assert(tctx, ret > 0, "inet_pton failed");
3178
3179 addrs[5].size = sizeof(struct sockaddr_in6);
3180 addrs[5].buffer = talloc_zero_array(tctx, uint8_t, addrs[5].size);
3181 addr6 = (struct sockaddr_in6 *) addrs[5].buffer;
3182 addrs[5].buffer[0] = AF_INET6;
3183 ret = inet_pton(AF_INET6, "ff02::1", &addr6->sin6_addr);
3184 torture_assert(tctx, ret > 0, "inet_pton failed");
3185 #else
3186 /* the test cases are repeated to have exactly 6. This is for
3187 * compatibility with IPv4-only machines */
3188 addrs[3].size = sizeof(struct sockaddr_in);
3189 addrs[3].buffer = talloc_zero_array(tctx, uint8_t, addrs[3].size);
3190 addr = (struct sockaddr_in *) addrs[3].buffer;
3191 addrs[3].buffer[0] = AF_INET;
3192 ret = inet_pton(AF_INET, "127.0.0.1", &addr->sin_addr);
3193 torture_assert(tctx, ret > 0, "inet_pton failed");
3194
3195 addrs[4].size = sizeof(struct sockaddr_in);
3196 addrs[4].buffer = talloc_zero_array(tctx, uint8_t, addrs[4].size);
3197 addr = (struct sockaddr_in *) addrs[4].buffer;
3198 addrs[4].buffer[0] = AF_INET;
3199 ret = inet_pton(AF_INET, "0.0.0.0", &addr->sin_addr);
3200 torture_assert(tctx, ret > 0, "inet_pton failed");
3201
3202 addrs[5].size = sizeof(struct sockaddr_in);
3203 addrs[5].buffer = talloc_zero_array(tctx, uint8_t, addrs[5].size);
3204 addr = (struct sockaddr_in *) addrs[5].buffer;
3205 addrs[5].buffer[0] = AF_INET;
3206 ret = inet_pton(AF_INET, "255.255.255.255", &addr->sin_addr);
3207 torture_assert(tctx, ret > 0, "inet_pton failed");
3208 #endif
3209
3210 ctr = talloc(tctx, struct netr_DsRAddressToSitenamesExWCtr);
3211
3212 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
3213 r.in.count = 6;
3214 r.in.addresses = addrs;
3215 r.out.ctr = &ctr;
3216
3217 status = dcerpc_netr_DsRAddressToSitenamesExW_r(b, tctx, &r);
3218 torture_assert_ntstatus_ok(tctx, status, "failed");
3219 torture_assert_werr_ok(tctx, r.out.result, "failed");
3220
3221 if (sam_ctx != NULL) {
3222 for (i = 0; i < 3; i++) {
3223 torture_assert_casestr_equal(tctx,
3224 ctr->sitename[i].string,
3225 server_site_name(tctx, sam_ctx),
3226 "didn't return default site");
3227 torture_assert(tctx, ctr->subnetname[i].string == NULL,
3228 "subnet should be null");
3229 }
3230 for (i = 3; i < 6; i++) {
3231 /* Windows returns "NULL" for the sitename if it isn't
3232 * IPv6 configured */
3233 if (torture_setting_bool(tctx, "samba4", false)) {
3234 torture_assert_casestr_equal(tctx,
3235 ctr->sitename[i].string,
3236 server_site_name(tctx, sam_ctx),
3237 "didn't return default site");
3238 }
3239 torture_assert(tctx, ctr->subnetname[i].string == NULL,
3240 "subnet should be null");
3241 }
3242 }
3243
3244 /* Now try invalid ones (too short buffers) */
3245
3246 addrs[0].size = 0;
3247 addrs[1].size = 1;
3248 addrs[2].size = 4;
3249
3250 addrs[3].size = 0;
3251 addrs[4].size = 1;
3252 addrs[5].size = 4;
3253
3254 status = dcerpc_netr_DsRAddressToSitenamesExW_r(b, tctx, &r);
3255 torture_assert_ntstatus_ok(tctx, status, "failed");
3256 torture_assert_werr_ok(tctx, r.out.result, "failed");
3257
3258 for (i = 0; i < 6; i++) {
3259 torture_assert(tctx, ctr->sitename[i].string == NULL,
3260 "sitename should be null");
3261 torture_assert(tctx, ctr->subnetname[i].string == NULL,
3262 "subnet should be null");
3263 }
3264
3265 addrs[0].size = 10;
3266 addrs[0].buffer[0] = AF_UNSPEC;
3267 addrs[1].size = 10;
3268 addrs[1].buffer[0] = AF_UNIX; /* AF_LOCAL = AF_UNIX */
3269 addrs[2].size = 10;
3270 addrs[2].buffer[0] = AF_UNIX;
3271
3272 addrs[3].size = 10;
3273 addrs[3].buffer[0] = 250;
3274 addrs[4].size = 10;
3275 addrs[4].buffer[0] = 251;
3276 addrs[5].size = 10;
3277 addrs[5].buffer[0] = 252;
3278
3279 status = dcerpc_netr_DsRAddressToSitenamesExW_r(b, tctx, &r);
3280 torture_assert_ntstatus_ok(tctx, status, "failed");
3281 torture_assert_werr_ok(tctx, r.out.result, "failed");
3282
3283 for (i = 0; i < 6; i++) {
3284 torture_assert(tctx, ctr->sitename[i].string == NULL,
3285 "sitename should be null");
3286 torture_assert(tctx, ctr->subnetname[i].string == NULL,
3287 "subnet should be null");
3288 }
3289
3290 return true;
3291 }
3292
3293 static bool test_netr_ServerGetTrustInfo_flags(struct torture_context *tctx,
3294 struct dcerpc_pipe *p,
3295 struct cli_credentials *machine_credentials,
3296 uint32_t negotiate_flags)
3297 {
3298 struct netr_ServerGetTrustInfo r;
3299
3300 struct netr_Authenticator a;
3301 struct netr_Authenticator return_authenticator;
3302 struct samr_Password new_owf_password;
3303 struct samr_Password old_owf_password;
3304 struct netr_TrustInfo *trust_info;
3305
3306 struct netlogon_creds_CredentialState *creds;
3307 struct dcerpc_binding_handle *b = p->binding_handle;
3308
3309 struct samr_Password nt_hash;
3310
3311 if (!test_SetupCredentials3(p, tctx, negotiate_flags,
3312 machine_credentials, &creds)) {
3313 return false;
3314 }
3315
3316 netlogon_creds_client_authenticator(creds, &a);
3317
3318 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
3319 r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
3320 r.in.secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
3321 r.in.computer_name = TEST_MACHINE_NAME;
3322 r.in.credential = &a;
3323
3324 r.out.return_authenticator = &return_authenticator;
3325 r.out.new_owf_password = &new_owf_password;
3326 r.out.old_owf_password = &old_owf_password;
3327 r.out.trust_info = &trust_info;
3328
3329 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerGetTrustInfo_r(b, tctx, &r),
3330 "ServerGetTrustInfo failed");
3331 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerGetTrustInfo failed");
3332 torture_assert(tctx, netlogon_creds_client_check(creds, &return_authenticator.cred), "Credential chaining failed");
3333
3334 E_md4hash(cli_credentials_get_password(machine_credentials), nt_hash.hash);
3335
3336 netlogon_creds_des_decrypt(creds, &new_owf_password);
3337
3338 dump_data(1, new_owf_password.hash, 16);
3339 dump_data(1, nt_hash.hash, 16);
3340
3341 torture_assert_mem_equal(tctx, new_owf_password.hash, nt_hash.hash, 16,
3342 "received unexpected owf password\n");
3343
3344 return true;
3345 }
3346
3347 static bool test_netr_ServerGetTrustInfo(struct torture_context *tctx,
3348 struct dcerpc_pipe *p,
3349 struct cli_credentials *machine_credentials)
3350 {
3351 return test_netr_ServerGetTrustInfo_flags(tctx, p, machine_credentials,
3352 NETLOGON_NEG_AUTH2_ADS_FLAGS);
3353 }
3354
3355 static bool test_netr_ServerGetTrustInfo_AES(struct torture_context *tctx,
3356 struct dcerpc_pipe *p,
3357 struct cli_credentials *machine_credentials)
3358 {
3359 return test_netr_ServerGetTrustInfo_flags(tctx, p, machine_credentials,
3360 NETLOGON_NEG_AUTH2_ADS_FLAGS | NETLOGON_NEG_SUPPORTS_AES);
3361 }
3362
3363 static bool test_GetDomainInfo(struct torture_context *tctx,
3364 struct dcerpc_pipe *p,
3365 struct cli_credentials *machine_credentials)
3366 {
3367 struct netr_LogonGetDomainInfo r;
3368 struct netr_WorkstationInformation q1;
3369 struct netr_Authenticator a;
3370 struct netlogon_creds_CredentialState *creds;
3371 struct netr_OsVersion os;
3372 union netr_WorkstationInfo query;
3373 union netr_DomainInfo info;
3374 const char* const attrs[] = { "dNSHostName", "operatingSystem",
3375 "operatingSystemServicePack", "operatingSystemVersion",
3376 "servicePrincipalName", NULL };
3377 char *url;
3378 struct ldb_context *sam_ctx = NULL;
3379 struct ldb_message **res;
3380 struct ldb_message_element *spn_el;
3381 int ret, i;
3382 char *version_str;
3383 const char *old_dnsname = NULL;
3384 char **spns = NULL;
3385 int num_spns = 0;
3386 char *temp_str;
3387 struct dcerpc_binding_handle *b = p->binding_handle;
3388
3389 torture_comment(tctx, "Testing netr_LogonGetDomainInfo\n");
3390
3391 if (!test_SetupCredentials3(p, tctx, NETLOGON_NEG_AUTH2_ADS_FLAGS,
3392 machine_credentials, &creds)) {
3393 return false;
3394 }
3395
3396 /* We won't double-check this when we are over 'local' transports */
3397 if (dcerpc_server_name(p)) {
3398 /* Set up connection to SAMDB on DC */
3399 url = talloc_asprintf(tctx, "ldap://%s", dcerpc_server_name(p));
3400 sam_ctx = ldb_wrap_connect(tctx, tctx->ev, tctx->lp_ctx, url,
3401 NULL,
3402 cmdline_credentials,
3403 0);
3404
3405 torture_assert(tctx, sam_ctx, "Connection to the SAMDB on DC failed!");
3406 }
3407
3408 torture_comment(tctx, "Testing netr_LogonGetDomainInfo 1st call (no variation of DNS hostname)\n");
3409 netlogon_creds_client_authenticator(creds, &a);
3410
3411 ZERO_STRUCT(r);
3412 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
3413 r.in.computer_name = TEST_MACHINE_NAME;
3414 r.in.credential = &a;
3415 r.in.level = 1;
3416 r.in.return_authenticator = &a;
3417 r.in.query = &query;
3418 r.out.return_authenticator = &a;
3419 r.out.info = &info;
3420
3421 ZERO_STRUCT(os);
3422 os.os.MajorVersion = 123;
3423 os.os.MinorVersion = 456;
3424 os.os.BuildNumber = 789;
3425 os.os.CSDVersion = "Service Pack 10";
3426 os.os.ServicePackMajor = 10;
3427 os.os.ServicePackMinor = 1;
3428 os.os.SuiteMask = NETR_VER_SUITE_SINGLEUSERTS;
3429 os.os.ProductType = NETR_VER_NT_SERVER;
3430 os.os.Reserved = 0;
3431
3432 version_str = talloc_asprintf(tctx, "%d.%d (%d)", os.os.MajorVersion,
3433 os.os.MinorVersion, os.os.BuildNumber);
3434
3435 ZERO_STRUCT(q1);
3436 q1.dns_hostname = talloc_asprintf(tctx, "%s.%s", TEST_MACHINE_NAME,
3437 lpcfg_dnsdomain(tctx->lp_ctx));
3438 q1.sitename = "Default-First-Site-Name";
3439 q1.os_version.os = &os;
3440 q1.os_name.string = talloc_asprintf(tctx,
3441 "Tortured by Samba4 RPC-NETLOGON: %s",
3442 timestring(tctx, time(NULL)));
3443
3444 /* The workstation handles the "servicePrincipalName" and DNS hostname
3445 updates */
3446 q1.workstation_flags = NETR_WS_FLAG_HANDLES_SPN_UPDATE;
3447
3448 query.workstation_info = &q1;
3449
3450 if (sam_ctx) {
3451 /* Gets back the old DNS hostname in AD */
3452 ret = gendb_search(sam_ctx, tctx, NULL, &res, attrs,
3453 "(sAMAccountName=%s$)", TEST_MACHINE_NAME);
3454 old_dnsname =
3455 ldb_msg_find_attr_as_string(res[0], "dNSHostName", NULL);
3456
3457 /* Gets back the "servicePrincipalName"s in AD */
3458 spn_el = ldb_msg_find_element(res[0], "servicePrincipalName");
3459 if (spn_el != NULL) {
3460 for (i=0; i < spn_el->num_values; i++) {
3461 spns = talloc_realloc(tctx, spns, char *, i + 1);
3462 spns[i] = (char *) spn_el->values[i].data;
3463 }
3464 num_spns = i;
3465 }
3466 }
3467
3468 torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonGetDomainInfo_r(b, tctx, &r),
3469 "LogonGetDomainInfo failed");
3470 torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
3471 torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
3472
3473 smb_msleep(250);
3474
3475 if (sam_ctx) {
3476 /* AD workstation infos entry check */
3477 ret = gendb_search(sam_ctx, tctx, NULL, &res, attrs,
3478 "(sAMAccountName=%s$)", TEST_MACHINE_NAME);
3479 torture_assert(tctx, ret == 1, "Test machine account not found in SAMDB on DC! Has the workstation been joined?");
3480 torture_assert_str_equal(tctx,
3481 ldb_msg_find_attr_as_string(res[0], "operatingSystem", NULL),
3482 q1.os_name.string, "'operatingSystem' wrong!");
3483 torture_assert_str_equal(tctx,
3484 ldb_msg_find_attr_as_string(res[0], "operatingSystemServicePack", NULL),
3485 os.os.CSDVersion, "'operatingSystemServicePack' wrong!");
3486 torture_assert_str_equal(tctx,
3487 ldb_msg_find_attr_as_string(res[0], "operatingSystemVersion", NULL),
3488 version_str, "'operatingSystemVersion' wrong!");
3489
3490 if (old_dnsname != NULL) {
3491 /* If before a DNS hostname was set then it should remain
3492 the same in combination with the "servicePrincipalName"s.
3493 The DNS hostname should also be returned by our
3494 "LogonGetDomainInfo" call (in the domain info structure). */
3495
3496 torture_assert_str_equal(tctx,
3497 ldb_msg_find_attr_as_string(res[0], "dNSHostName", NULL),
3498 old_dnsname, "'DNS hostname' was not set!");
3499
3500 spn_el = ldb_msg_find_element(res[0], "servicePrincipalName");
3501 torture_assert(tctx, ((spns != NULL) && (spn_el != NULL)),
3502 "'servicePrincipalName's not set!");
3503 torture_assert(tctx, spn_el->num_values == num_spns,
3504 "'servicePrincipalName's incorrect!");
3505 for (i=0; (i < spn_el->num_values) && (i < num_spns); i++)
3506 torture_assert_str_equal(tctx,
3507 (char *) spn_el->values[i].data,
3508 spns[i], "'servicePrincipalName's incorrect!");
3509
3510 torture_assert_str_equal(tctx,
3511 info.domain_info->dns_hostname.string,
3512 old_dnsname,
3513 "Out 'DNS hostname' doesn't match the old one!");
3514 } else {
3515 /* If no DNS hostname was set then also now none should be set,
3516 the "servicePrincipalName"s should remain empty and no DNS
3517 hostname should be returned by our "LogonGetDomainInfo"
3518 call (in the domain info structure). */
3519
3520 torture_assert(tctx,
3521 ldb_msg_find_attr_as_string(res[0], "dNSHostName", NULL) == NULL,
3522 "'DNS hostname' was set!");
3523
3524 spn_el = ldb_msg_find_element(res[0], "servicePrincipalName");
3525 torture_assert(tctx, ((spns == NULL) && (spn_el == NULL)),
3526 "'servicePrincipalName's were set!");
3527
3528 torture_assert(tctx,
3529 info.domain_info->dns_hostname.string == NULL,
3530 "Out 'DNS host name' was set!");
3531 }
3532 }
3533
3534 /* Checks "workstation flags" */
3535 torture_assert(tctx,
3536 info.domain_info->workstation_flags
3537 == NETR_WS_FLAG_HANDLES_SPN_UPDATE,
3538 "Out 'workstation flags' don't match!");
3539
3540
3541 torture_comment(tctx, "Testing netr_LogonGetDomainInfo 2nd call (variation of DNS hostname doesn't work)\n");
3542 netlogon_creds_client_authenticator(creds, &a);
3543
3544 /* Wipe out the osVersion, and prove which values still 'stick' */
3545 q1.os_version.os = NULL;
3546
3547 /* Change also the DNS hostname to test differences in behaviour */
3548 talloc_free(discard_const_p(char, q1.dns_hostname));
3549 q1.dns_hostname = talloc_asprintf(tctx, "%s2.%s", TEST_MACHINE_NAME,
3550 lpcfg_dnsdomain(tctx->lp_ctx));
3551
3552 /* The workstation handles the "servicePrincipalName" and DNS hostname
3553 updates */
3554 q1.workstation_flags = NETR_WS_FLAG_HANDLES_SPN_UPDATE;
3555
3556 torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonGetDomainInfo_r(b, tctx, &r),
3557 "LogonGetDomainInfo failed");
3558 torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
3559
3560 torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
3561
3562 smb_msleep(250);
3563
3564 if (sam_ctx) {
3565 /* AD workstation infos entry check */
3566 ret = gendb_search(sam_ctx, tctx, NULL, &res, attrs,
3567 "(sAMAccountName=%s$)", TEST_MACHINE_NAME);
3568 torture_assert(tctx, ret == 1, "Test machine account not found in SAMDB on DC! Has the workstation been joined?");
3569
3570 torture_assert_str_equal(tctx,
3571 ldb_msg_find_attr_as_string(res[0], "operatingSystem", NULL),
3572 q1.os_name.string, "'operatingSystem' should stick!");
3573 torture_assert(tctx,
3574 ldb_msg_find_attr_as_string(res[0], "operatingSystemServicePack", NULL) == NULL,
3575 "'operatingSystemServicePack' shouldn't stick!");
3576 torture_assert(tctx,
3577 ldb_msg_find_attr_as_string(res[0], "operatingSystemVersion", NULL) == NULL,
3578 "'operatingSystemVersion' shouldn't stick!");
3579
3580 /* The DNS host name shouldn't have been updated by the server */
3581
3582 torture_assert_str_equal(tctx,
3583 ldb_msg_find_attr_as_string(res[0], "dNSHostName", NULL),
3584 old_dnsname, "'DNS host name' did change!");
3585
3586 /* Find the two "servicePrincipalName"s which the DC shouldn't have been
3587 updated (HOST/<Netbios name> and HOST/<FQDN name>) - see MS-NRPC
3588 3.5.4.3.9 */
3589 spn_el = ldb_msg_find_element(res[0], "servicePrincipalName");
3590 torture_assert(tctx, spn_el != NULL,
3591 "There should exist 'servicePrincipalName's in AD!");
3592 temp_str = talloc_asprintf(tctx, "HOST/%s", TEST_MACHINE_NAME);
3593 for (i=0; i < spn_el->num_values; i++)
3594 if (strcasecmp((char *) spn_el->values[i].data, temp_str) == 0)
3595 break;
3596 torture_assert(tctx, i != spn_el->num_values,
3597 "'servicePrincipalName' HOST/<Netbios name> not found!");
3598 temp_str = talloc_asprintf(tctx, "HOST/%s", old_dnsname);
3599 for (i=0; i < spn_el->num_values; i++)
3600 if (strcasecmp((char *) spn_el->values[i].data, temp_str) == 0)
3601 break;
3602 torture_assert(tctx, i != spn_el->num_values,
3603 "'servicePrincipalName' HOST/<FQDN name> not found!");
3604
3605 /* Check that the out DNS hostname was set properly */
3606 torture_assert_str_equal(tctx, info.domain_info->dns_hostname.string,
3607 old_dnsname, "Out 'DNS hostname' doesn't match the old one!");
3608 }
3609
3610 /* Checks "workstation flags" */
3611 torture_assert(tctx,
3612 info.domain_info->workstation_flags == NETR_WS_FLAG_HANDLES_SPN_UPDATE,
3613 "Out 'workstation flags' don't match!");
3614
3615
3616 /* Now try the same but the workstation flags set to 0 */
3617
3618 torture_comment(tctx, "Testing netr_LogonGetDomainInfo 3rd call (variation of DNS hostname doesn't work)\n");
3619 netlogon_creds_client_authenticator(creds, &a);
3620
3621 /* Change also the DNS hostname to test differences in behaviour */
3622 talloc_free(discard_const_p(char, q1.dns_hostname));
3623 q1.dns_hostname = talloc_asprintf(tctx, "%s2.%s", TEST_MACHINE_NAME,
3624 lpcfg_dnsdomain(tctx->lp_ctx));
3625
3626 /* Wipe out the osVersion, and prove which values still 'stick' */
3627 q1.os_version.os = NULL;
3628
3629 /* Let the DC handle the "servicePrincipalName" and DNS hostname
3630 updates */
3631 q1.workstation_flags = 0;
3632
3633 torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonGetDomainInfo_r(b, tctx, &r),
3634 "LogonGetDomainInfo failed");
3635 torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
3636 torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
3637
3638 smb_msleep(250);
3639
3640 if (sam_ctx) {
3641 /* AD workstation infos entry check */
3642 ret = gendb_search(sam_ctx, tctx, NULL, &res, attrs,
3643 "(sAMAccountName=%s$)", TEST_MACHINE_NAME);
3644 torture_assert(tctx, ret == 1, "Test machine account not found in SAMDB on DC! Has the workstation been joined?");
3645
3646 torture_assert_str_equal(tctx,
3647 ldb_msg_find_attr_as_string(res[0], "operatingSystem", NULL),
3648 q1.os_name.string, "'operatingSystem' should stick!");
3649 torture_assert(tctx,
3650 ldb_msg_find_attr_as_string(res[0], "operatingSystemServicePack", NULL) == NULL,
3651 "'operatingSystemServicePack' shouldn't stick!");
3652 torture_assert(tctx,
3653 ldb_msg_find_attr_as_string(res[0], "operatingSystemVersion", NULL) == NULL,
3654 "'operatingSystemVersion' shouldn't stick!");
3655
3656 /* The DNS host name shouldn't have been updated by the server */
3657
3658 torture_assert_str_equal(tctx,
3659 ldb_msg_find_attr_as_string(res[0], "dNSHostName", NULL),
3660 old_dnsname, "'DNS host name' did change!");
3661
3662 /* Find the two "servicePrincipalName"s which the DC shouldn't have been
3663 updated (HOST/<Netbios name> and HOST/<FQDN name>) - see MS-NRPC
3664 3.5.4.3.9 */
3665 spn_el = ldb_msg_find_element(res[0], "servicePrincipalName");
3666 torture_assert(tctx, spn_el != NULL,
3667 "There should exist 'servicePrincipalName's in AD!");
3668 temp_str = talloc_asprintf(tctx, "HOST/%s", TEST_MACHINE_NAME);
3669 for (i=0; i < spn_el->num_values; i++)
3670 if (strcasecmp((char *) spn_el->values[i].data, temp_str) == 0)
3671 break;
3672 torture_assert(tctx, i != spn_el->num_values,
3673 "'servicePrincipalName' HOST/<Netbios name> not found!");
3674 temp_str = talloc_asprintf(tctx, "HOST/%s", old_dnsname);
3675 for (i=0; i < spn_el->num_values; i++)
3676 if (strcasecmp((char *) spn_el->values[i].data, temp_str) == 0)
3677 break;
3678 torture_assert(tctx, i != spn_el->num_values,
3679 "'servicePrincipalName' HOST/<FQDN name> not found!");
3680
3681 /* Here the server gives us NULL as the out DNS hostname */
3682 torture_assert(tctx, info.domain_info->dns_hostname.string == NULL,
3683 "Out 'DNS hostname' should be NULL!");
3684 }
3685
3686 /* Checks "workstation flags" */
3687 torture_assert(tctx,
3688 info.domain_info->workstation_flags == 0,
3689 "Out 'workstation flags' don't match!");
3690
3691
3692 torture_comment(tctx, "Testing netr_LogonGetDomainInfo 4th call (verification of DNS hostname and check for trusted domains)\n");
3693 netlogon_creds_client_authenticator(creds, &a);
3694
3695 /* Put the DNS hostname back */
3696 talloc_free(discard_const_p(char, q1.dns_hostname));
3697 q1.dns_hostname = talloc_asprintf(tctx, "%s.%s", TEST_MACHINE_NAME,
3698 lpcfg_dnsdomain(tctx->lp_ctx));
3699
3700 /* The workstation handles the "servicePrincipalName" and DNS hostname
3701 updates */
3702 q1.workstation_flags = NETR_WS_FLAG_HANDLES_SPN_UPDATE;
3703
3704 torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonGetDomainInfo_r(b, tctx, &r),
3705 "LogonGetDomainInfo failed");
3706 torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
3707 torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
3708
3709 smb_msleep(250);
3710
3711 /* Now the in/out DNS hostnames should be the same */
3712 torture_assert_str_equal(tctx,
3713 info.domain_info->dns_hostname.string,
3714 query.workstation_info->dns_hostname,
3715 "In/Out 'DNS hostnames' don't match!");
3716 old_dnsname = info.domain_info->dns_hostname.string;
3717
3718 /* Checks "workstation flags" */
3719 torture_assert(tctx,
3720 info.domain_info->workstation_flags
3721 == NETR_WS_FLAG_HANDLES_SPN_UPDATE,
3722 "Out 'workstation flags' don't match!");
3723
3724 /* Checks for trusted domains */
3725 torture_assert(tctx,
3726 (info.domain_info->trusted_domain_count != 0)
3727 && (info.domain_info->trusted_domains != NULL),
3728 "Trusted domains have been requested!");
3729
3730
3731 torture_comment(tctx, "Testing netr_LogonGetDomainInfo 5th call (check for trusted domains)\n");
3732 netlogon_creds_client_authenticator(creds, &a);
3733
3734 /* The workstation handles the "servicePrincipalName" and DNS hostname
3735 updates and requests inbound trusts */
3736 q1.workstation_flags = NETR_WS_FLAG_HANDLES_SPN_UPDATE
3737 | NETR_WS_FLAG_HANDLES_INBOUND_TRUSTS;
3738
3739 torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonGetDomainInfo_r(b, tctx, &r),
3740 "LogonGetDomainInfo failed");
3741 torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
3742 torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
3743
3744 smb_msleep(250);
3745
3746 /* Checks "workstation flags" */
3747 torture_assert(tctx,
3748 info.domain_info->workstation_flags
3749 == (NETR_WS_FLAG_HANDLES_SPN_UPDATE
3750 | NETR_WS_FLAG_HANDLES_INBOUND_TRUSTS),
3751 "Out 'workstation flags' don't match!");
3752
3753 /* Checks for trusted domains */
3754 torture_assert(tctx,
3755 (info.domain_info->trusted_domain_count != 0)
3756 && (info.domain_info->trusted_domains != NULL),
3757 "Trusted domains have been requested!");
3758
3759
3760 torture_comment(tctx, "Testing netr_LogonGetDomainInfo 6th call (no DNS hostname)\n");
3761 netlogon_creds_client_authenticator(creds, &a);
3762
3763 query.workstation_info->dns_hostname = NULL;
3764
3765 torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonGetDomainInfo_r(b, tctx, &r),
3766 "LogonGetDomainInfo failed");
3767 torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
3768 torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
3769
3770 /* The old DNS hostname should stick */
3771 torture_assert_str_equal(tctx,
3772 info.domain_info->dns_hostname.string,
3773 old_dnsname,
3774 "'DNS hostname' changed!");
3775
3776 torture_comment(tctx, "Testing netr_LogonGetDomainInfo 7th call (extra workstation flags)\n");
3777 netlogon_creds_client_authenticator(creds, &a);
3778
3779 q1.workstation_flags = NETR_WS_FLAG_HANDLES_SPN_UPDATE
3780 | NETR_WS_FLAG_HANDLES_INBOUND_TRUSTS | 0x4;
3781
3782 /* Put the DNS hostname back */
3783 talloc_free(discard_const_p(char, q1.dns_hostname));
3784 q1.dns_hostname = talloc_asprintf(tctx, "%s.%s", TEST_MACHINE_NAME,
3785 lpcfg_dnsdomain(tctx->lp_ctx));
3786
3787 torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonGetDomainInfo_r(b, tctx, &r),
3788 "LogonGetDomainInfo failed");
3789 torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
3790 torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
3791
3792 /* Checks "workstation flags" */
3793 torture_assert(tctx,
3794 info.domain_info->workstation_flags
3795 == (NETR_WS_FLAG_HANDLES_SPN_UPDATE
3796 | NETR_WS_FLAG_HANDLES_INBOUND_TRUSTS),
3797 "Out 'workstation flags' don't match!");
3798
3799 if (!torture_setting_bool(tctx, "dangerous", false)) {
3800 torture_comment(tctx, "Not testing netr_LogonGetDomainInfo 8th call (no workstation info) - enable dangerous tests in order to do so\n");
3801 } else {
3802 /* Try a call without the workstation information structure */
3803
3804 torture_comment(tctx, "Testing netr_LogonGetDomainInfo 8th call (no workstation info)\n");
3805 netlogon_creds_client_authenticator(creds, &a);
3806
3807 query.workstation_info = NULL;
3808
3809 torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonGetDomainInfo_r(b, tctx, &r),
3810 "LogonGetDomainInfo failed");
3811 torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
3812 torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
3813 }
3814
3815 return true;
3816 }
3817
3818 static bool test_GetDomainInfo_async(struct torture_context *tctx,
3819 struct dcerpc_pipe *p,
3820 struct cli_credentials *machine_credentials)
3821 {
3822 NTSTATUS status;
3823 struct netr_LogonGetDomainInfo r;
3824 struct netr_WorkstationInformation q1;
3825 struct netr_Authenticator a;
3826 #define ASYNC_COUNT 100
3827 struct netlogon_creds_CredentialState *creds;
3828 struct netlogon_creds_CredentialState *creds_async[ASYNC_COUNT];
3829 struct tevent_req *req[ASYNC_COUNT];
3830 int i;
3831 union netr_WorkstationInfo query;
3832 union netr_DomainInfo info;
3833
3834 torture_comment(tctx, "Testing netr_LogonGetDomainInfo - async count %d\n", ASYNC_COUNT);
3835
3836 if (!test_SetupCredentials3(p, tctx, NETLOGON_NEG_AUTH2_ADS_FLAGS,
3837 machine_credentials, &creds)) {
3838 return false;
3839 }
3840
3841 ZERO_STRUCT(r);
3842 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
3843 r.in.computer_name = TEST_MACHINE_NAME;
3844 r.in.credential = &a;
3845 r.in.level = 1;
3846 r.in.return_authenticator = &a;
3847 r.in.query = &query;
3848 r.out.return_authenticator = &a;
3849 r.out.info = &info;
3850
3851 ZERO_STRUCT(q1);
3852 q1.dns_hostname = talloc_asprintf(tctx, "%s.%s", TEST_MACHINE_NAME,
3853 lpcfg_dnsdomain(tctx->lp_ctx));
3854 q1.sitename = "Default-First-Site-Name";
3855 q1.os_name.string = "UNIX/Linux or similar";
3856
3857 query.workstation_info = &q1;
3858
3859 for (i=0;i<ASYNC_COUNT;i++) {
3860 netlogon_creds_client_authenticator(creds, &a);
3861
3862 creds_async[i] = (struct netlogon_creds_CredentialState *)talloc_memdup(creds, creds, sizeof(*creds));
3863 req[i] = dcerpc_netr_LogonGetDomainInfo_r_send(tctx, tctx->ev, p->binding_handle, &r);
3864
3865 /* even with this flush per request a w2k3 server seems to
3866 clag with multiple outstanding requests. bleergh. */
3867 torture_assert_int_equal(tctx, tevent_loop_once(tctx->ev), 0,
3868 "tevent_loop_once failed");
3869 }
3870
3871 for (i=0;i<ASYNC_COUNT;i++) {
3872 torture_assert_int_equal(tctx, tevent_req_poll(req[i], tctx->ev), true,
3873 "tevent_req_poll() failed");
3874
3875 status = dcerpc_netr_LogonGetDomainInfo_r_recv(req[i], tctx);
3876
3877 torture_assert_ntstatus_ok(tctx, status, "netr_LogonGetDomainInfo_async");
3878 torture_assert_ntstatus_ok(tctx, r.out.result, "netr_LogonGetDomainInfo_async");
3879
3880 torture_assert(tctx, netlogon_creds_client_check(creds_async[i], &a.cred),
3881 "Credential chaining failed at async");
3882 }
3883
3884 torture_comment(tctx,
3885 "Testing netr_LogonGetDomainInfo - async count %d OK\n", ASYNC_COUNT);
3886
3887 return true;
3888 }
3889
3890 static bool test_ManyGetDCName(struct torture_context *tctx,
3891 struct dcerpc_pipe *p)
3892 {
3893 NTSTATUS status;
3894 struct dcerpc_pipe *p2;
3895 struct lsa_ObjectAttribute attr;
3896 struct lsa_QosInfo qos;
3897 struct lsa_OpenPolicy2 o;
3898 struct policy_handle lsa_handle;
3899 struct lsa_DomainList domains;
3900
3901 struct lsa_EnumTrustDom t;
3902 uint32_t resume_handle = 0;
3903 struct netr_GetAnyDCName d;
3904 const char *dcname = NULL;
3905 struct dcerpc_binding_handle *b = p->binding_handle;
3906 struct dcerpc_binding_handle *b2;
3907
3908 int i;
3909
3910 if (p->conn->transport.transport != NCACN_NP) {
3911 return true;
3912 }
3913
3914 torture_comment(tctx, "Torturing GetDCName\n");
3915
3916 status = dcerpc_secondary_connection(p, &p2, p->binding);
3917 torture_assert_ntstatus_ok(tctx, status, "Failed to create secondary connection");
3918
3919 status = dcerpc_bind_auth_none(p2, &ndr_table_lsarpc);
3920 torture_assert_ntstatus_ok(tctx, status, "Failed to create bind on secondary connection");
3921 b2 = p2->binding_handle;
3922
3923 qos.len = 0;
3924 qos.impersonation_level = 2;
3925 qos.context_mode = 1;
3926 qos.effective_only = 0;
3927
3928 attr.len = 0;
3929 attr.root_dir = NULL;
3930 attr.object_name = NULL;
3931 attr.attributes = 0;
3932 attr.sec_desc = NULL;
3933 attr.sec_qos = &qos;
3934
3935 o.in.system_name = "\\";
3936 o.in.attr = &attr;
3937 o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
3938 o.out.handle = &lsa_handle;
3939
3940 torture_assert_ntstatus_ok(tctx, dcerpc_lsa_OpenPolicy2_r(b2, tctx, &o),
3941 "OpenPolicy2 failed");
3942 torture_assert_ntstatus_ok(tctx, o.out.result, "OpenPolicy2 failed");
3943
3944 t.in.handle = &lsa_handle;
3945 t.in.resume_handle = &resume_handle;
3946 t.in.max_size = 1000;
3947 t.out.domains = &domains;
3948 t.out.resume_handle = &resume_handle;
3949
3950 torture_assert_ntstatus_ok(tctx, dcerpc_lsa_EnumTrustDom_r(b2, tctx, &t),
3951 "EnumTrustDom failed");
3952
3953 if ((!NT_STATUS_IS_OK(t.out.result) &&
3954 (!NT_STATUS_EQUAL(t.out.result, NT_STATUS_NO_MORE_ENTRIES))))
3955 torture_fail(tctx, "Could not list domains");
3956
3957 talloc_free(p2);
3958
3959 d.in.logon_server = talloc_asprintf(tctx, "\\\\%s",
3960 dcerpc_server_name(p));
3961 d.out.dcname = &dcname;
3962
3963 for (i=0; i<domains.count * 4; i++) {
3964 struct lsa_DomainInfo *info =
3965 &domains.domains[rand()%domains.count];
3966
3967 d.in.domainname = info->name.string;
3968
3969 status = dcerpc_netr_GetAnyDCName_r(b, tctx, &d);
3970 torture_assert_ntstatus_ok(tctx, status, "GetAnyDCName");
3971
3972 torture_comment(tctx, "\tDC for domain %s is %s\n", info->name.string,
3973 dcname ? dcname : "unknown");
3974 }
3975
3976 return true;
3977 }
3978
3979 static bool test_SetPassword_with_flags(struct torture_context *tctx,
3980 struct dcerpc_pipe *p,
3981 struct cli_credentials *machine_credentials)
3982 {
3983 uint32_t flags[] = { 0, NETLOGON_NEG_STRONG_KEYS };
3984 struct netlogon_creds_CredentialState *creds;
3985 int i;
3986
3987 if (!test_SetupCredentials2(p, tctx, 0,
3988 machine_credentials,
3989 cli_credentials_get_secure_channel_type(machine_credentials),
3990 &creds)) {
3991 torture_skip(tctx, "DC does not support negotiation of 64bit session keys");
3992 }
3993
3994 for (i=0; i < ARRAY_SIZE(flags); i++) {
3995 torture_assert(tctx,
3996 test_SetPassword_flags(tctx, p, machine_credentials, flags[i]),
3997 talloc_asprintf(tctx, "failed to test SetPassword negotiating with 0x%08x flags", flags[i]));
3998 }
3999
4000 return true;
4001 }
4002
4003 struct torture_suite *torture_rpc_netlogon(TALLOC_CTX *mem_ctx)
4004 {
4005 struct torture_suite *suite = torture_suite_create(mem_ctx, "netlogon");
4006 struct torture_rpc_tcase *tcase;
4007 struct torture_test *test;
4008
4009 tcase = torture_suite_add_machine_bdc_rpc_iface_tcase(suite, "netlogon",
4010 &ndr_table_netlogon, TEST_MACHINE_NAME);
4011
4012 torture_rpc_tcase_add_test(tcase, "Broken RPC binding handle",
4013 test_netr_broken_binding_handle);
4014
4015 torture_rpc_tcase_add_test(tcase, "LogonUasLogon", test_LogonUasLogon);
4016 torture_rpc_tcase_add_test(tcase, "LogonUasLogoff", test_LogonUasLogoff);
4017 torture_rpc_tcase_add_test_creds(tcase, "SamLogon", test_SamLogon);
4018 torture_rpc_tcase_add_test_creds(tcase, "invalidAuthenticate2", test_invalidAuthenticate2);
4019 torture_rpc_tcase_add_test_creds(tcase, "ServerReqChallengeGlobal", test_ServerReqChallengeGlobal);
4020 torture_rpc_tcase_add_test_creds(tcase, "SetPassword", test_SetPassword);
4021 torture_rpc_tcase_add_test_creds(tcase, "SetPassword2", test_SetPassword2);
4022 torture_rpc_tcase_add_test_creds(tcase, "SetPassword2_AES", test_SetPassword2_AES);
4023 torture_rpc_tcase_add_test_creds(tcase, "GetPassword", test_GetPassword);
4024 torture_rpc_tcase_add_test_creds(tcase, "GetTrustPasswords", test_GetTrustPasswords);
4025 torture_rpc_tcase_add_test_creds(tcase, "GetDomainInfo", test_GetDomainInfo);
4026 torture_rpc_tcase_add_test_creds(tcase, "DatabaseSync", test_DatabaseSync);
4027 torture_rpc_tcase_add_test_creds(tcase, "DatabaseDeltas", test_DatabaseDeltas);
4028 torture_rpc_tcase_add_test_creds(tcase, "DatabaseRedo", test_DatabaseRedo);
4029 torture_rpc_tcase_add_test_creds(tcase, "AccountDeltas", test_AccountDeltas);
4030 torture_rpc_tcase_add_test_creds(tcase, "AccountSync", test_AccountSync);
4031 torture_rpc_tcase_add_test(tcase, "GetDcName", test_GetDcName);
4032 torture_rpc_tcase_add_test(tcase, "ManyGetDCName", test_ManyGetDCName);
4033 torture_rpc_tcase_add_test(tcase, "GetAnyDCName", test_GetAnyDCName);
4034 torture_rpc_tcase_add_test_creds(tcase, "DatabaseSync2", test_DatabaseSync2);
4035 torture_rpc_tcase_add_test(tcase, "DsrEnumerateDomainTrusts", test_DsrEnumerateDomainTrusts);
4036 torture_rpc_tcase_add_test(tcase, "NetrEnumerateTrustedDomains", test_netr_NetrEnumerateTrustedDomains);
4037 torture_rpc_tcase_add_test(tcase, "NetrEnumerateTrustedDomainsEx", test_netr_NetrEnumerateTrustedDomainsEx);
4038 test = torture_rpc_tcase_add_test_creds(tcase, "GetDomainInfo_async", test_GetDomainInfo_async);
4039 test->dangerous = true;
4040 torture_rpc_tcase_add_test(tcase, "DsRGetDCName", test_netr_DsRGetDCName);
4041 torture_rpc_tcase_add_test(tcase, "DsRGetDCNameEx", test_netr_DsRGetDCNameEx);
4042 torture_rpc_tcase_add_test(tcase, "DsRGetDCNameEx2", test_netr_DsRGetDCNameEx2);
4043 torture_rpc_tcase_add_test(tcase, "DsrGetDcSiteCoverageW", test_netr_DsrGetDcSiteCoverageW);
4044 torture_rpc_tcase_add_test(tcase, "DsRAddressToSitenamesW", test_netr_DsRAddressToSitenamesW);
4045 torture_rpc_tcase_add_test(tcase, "DsRAddressToSitenamesExW", test_netr_DsRAddressToSitenamesExW);
4046 torture_rpc_tcase_add_test_creds(tcase, "ServerGetTrustInfo", test_netr_ServerGetTrustInfo);
4047 torture_rpc_tcase_add_test_creds(tcase, "ServerGetTrustInfo_AES", test_netr_ServerGetTrustInfo_AES);
4048 torture_rpc_tcase_add_test_creds(tcase, "GetForestTrustInformation", test_netr_GetForestTrustInformation);
4049
4050 return suite;
4051 }
4052
4053 struct torture_suite *torture_rpc_netlogon_s3(TALLOC_CTX *mem_ctx)
4054 {
4055 struct torture_suite *suite = torture_suite_create(mem_ctx, "netlogon-s3");
4056 struct torture_rpc_tcase *tcase;
4057
4058 tcase = torture_suite_add_machine_bdc_rpc_iface_tcase(suite, "netlogon",
4059 &ndr_table_netlogon, TEST_MACHINE_NAME);
4060
4061 torture_rpc_tcase_add_test_creds(tcase, "SamLogon", test_SamLogon);
4062 torture_rpc_tcase_add_test_creds(tcase, "SamLogon_NULL_domain", test_SamLogon_NULL_domain);
4063 torture_rpc_tcase_add_test_creds(tcase, "SetPassword", test_SetPassword);
4064 torture_rpc_tcase_add_test_creds(tcase, "SetPassword_with_flags", test_SetPassword_with_flags);
4065 torture_rpc_tcase_add_test_creds(tcase, "SetPassword2", test_SetPassword2);
4066 torture_rpc_tcase_add_test_creds(tcase, "SetPassword2_AES", test_SetPassword2_AES);
4067 torture_rpc_tcase_add_test(tcase, "NetrEnumerateTrustedDomains", test_netr_NetrEnumerateTrustedDomains);
4068
4069 return suite;
4070 }
4071
4072 struct torture_suite *torture_rpc_netlogon_admin(TALLOC_CTX *mem_ctx)
4073 {
4074 struct torture_suite *suite = torture_suite_create(mem_ctx, "netlogon.admin");
4075 struct torture_rpc_tcase *tcase;
4076
4077 tcase = torture_suite_add_machine_bdc_rpc_iface_tcase(suite, "bdc",
4078 &ndr_table_netlogon, TEST_MACHINE_NAME);
4079 torture_rpc_tcase_add_test_creds(tcase, "LogonControl", test_LogonControl);
4080 torture_rpc_tcase_add_test_creds(tcase, "LogonControl2", test_LogonControl2);
4081 torture_rpc_tcase_add_test_creds(tcase, "LogonControl2Ex", test_LogonControl2Ex);
4082
4083 tcase = torture_suite_add_machine_workstation_rpc_iface_tcase(suite, "wkst",
4084 &ndr_table_netlogon, TEST_MACHINE_NAME);
4085 torture_rpc_tcase_add_test_creds(tcase, "LogonControl", test_LogonControl);
4086 torture_rpc_tcase_add_test_creds(tcase, "LogonControl2", test_LogonControl2);
4087 torture_rpc_tcase_add_test_creds(tcase, "LogonControl2Ex", test_LogonControl2Ex);
4088
4089 tcase = torture_suite_add_rpc_iface_tcase(suite, "admin",
4090 &ndr_table_netlogon);
4091 torture_rpc_tcase_add_test_creds(tcase, "LogonControl", test_LogonControl);
4092 torture_rpc_tcase_add_test_creds(tcase, "LogonControl2", test_LogonControl2);
4093 torture_rpc_tcase_add_test_creds(tcase, "LogonControl2Ex", test_LogonControl2Ex);
4094
4095 return suite;
4096 }
Samba GIT mirror