search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
smbd: Clarify smb2 lock checks
[Samba.git] / source4 / torture / rpc / netlogon.c
blob90bfe7e1eb23bf44f9a58227b9e2694a05bf52ac
1 /*
2 Unix SMB/CIFS implementation.
3
4 test suite for netlogon rpc operations
5
6 Copyright (C) Andrew Tridgell 2003
7 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2003-2004
8 Copyright (C) Tim Potter 2003
9 Copyright (C) Matthias Dieter Wallnöfer 2009-2010
10
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 3 of the License, or
14 (at your option) any later version.
15
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
20
21 You should have received a copy of the GNU General Public License
22 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 */
24
25 #include "includes.h"
26 #include "lib/events/events.h"
27 #include "lib/cmdline/popt_common.h"
28 #include "torture/rpc/torture_rpc.h"
29 #include "../lib/crypto/crypto.h"
30 #include "libcli/auth/libcli_auth.h"
31 #include "librpc/gen_ndr/ndr_netlogon_c.h"
32 #include "librpc/gen_ndr/ndr_lsa_c.h"
33 #include "param/param.h"
34 #include "libcli/security/security.h"
35 #include <ldb.h>
36 #include "lib/util/util_ldb.h"
37 #include "ldb_wrap.h"
38 #include "lib/replace/system/network.h"
39 #include "dsdb/samdb/samdb.h"
40
41 #define TEST_MACHINE_NAME "torturetest"
42
43 static bool test_netr_broken_binding_handle(struct torture_context *tctx,
44 struct dcerpc_pipe *p)
45 {
46 NTSTATUS status;
47 struct netr_DsRGetSiteName r;
48 const char *site = NULL;
49 struct dcerpc_binding_handle *b = p->binding_handle;
50
51 r.in.computer_name = talloc_asprintf(tctx, "\\\\%s",
52 dcerpc_server_name(p));
53 r.out.site = &site;
54
55 torture_comment(tctx,
56 "Testing netlogon request with correct binding handle: %s\n",
57 r.in.computer_name);
58
59 status = dcerpc_netr_DsRGetSiteName_r(b, tctx, &r);
60 torture_assert_ntstatus_ok(tctx, status,
61 "Netlogon request with broken binding handle");
62 torture_assert_werr_ok(tctx, r.out.result,
63 "Netlogon request with broken binding handle");
64
65 if (torture_setting_bool(tctx, "samba3", false) ||
66 torture_setting_bool(tctx, "samba4", false)) {
67 torture_skip(tctx,
68 "Skipping broken binding handle check against Samba");
69 }
70
71 r.in.computer_name = talloc_asprintf(tctx, "\\\\\\\\%s",
72 dcerpc_server_name(p));
73
74 torture_comment(tctx,
75 "Testing netlogon request with broken binding handle: %s\n",
76 r.in.computer_name);
77
78 status = dcerpc_netr_DsRGetSiteName_r(b, tctx, &r);
79 torture_assert_ntstatus_ok(tctx, status,
80 "Netlogon request with broken binding handle");
81 torture_assert_werr_equal(tctx, r.out.result,
82 WERR_INVALID_COMPUTERNAME,
83 "Netlogon request with broken binding handle");
84
85 r.in.computer_name = "\\\\\\\\THIS_IS_NOT_VALID";
86
87 torture_comment(tctx,
88 "Testing netlogon request with broken binding handle: %s\n",
89 r.in.computer_name);
90
91 status = dcerpc_netr_DsRGetSiteName_r(b, tctx, &r);
92 torture_assert_ntstatus_ok(tctx, status,
93 "Netlogon request with broken binding handle");
94 torture_assert_werr_equal(tctx, r.out.result,
95 WERR_INVALID_COMPUTERNAME,
96 "Netlogon request with broken binding handle");
97
98 return true;
99 }
100
101 static bool test_LogonUasLogon(struct torture_context *tctx,
102 struct dcerpc_pipe *p)
103 {
104 NTSTATUS status;
105 struct netr_LogonUasLogon r;
106 struct netr_UasInfo *info = NULL;
107 struct dcerpc_binding_handle *b = p->binding_handle;
108
109 r.in.server_name = NULL;
110 r.in.account_name = cli_credentials_get_username(cmdline_credentials);
111 r.in.workstation = TEST_MACHINE_NAME;
112 r.out.info = &info;
113
114 status = dcerpc_netr_LogonUasLogon_r(b, tctx, &r);
115 torture_assert_ntstatus_ok(tctx, status, "LogonUasLogon");
116
117 return true;
118 }
119
120 static bool test_LogonUasLogoff(struct torture_context *tctx,
121 struct dcerpc_pipe *p)
122 {
123 NTSTATUS status;
124 struct netr_LogonUasLogoff r;
125 struct netr_UasLogoffInfo info;
126 struct dcerpc_binding_handle *b = p->binding_handle;
127
128 r.in.server_name = NULL;
129 r.in.account_name = cli_credentials_get_username(cmdline_credentials);
130 r.in.workstation = TEST_MACHINE_NAME;
131 r.out.info = &info;
132
133 status = dcerpc_netr_LogonUasLogoff_r(b, tctx, &r);
134 torture_assert_ntstatus_ok(tctx, status, "LogonUasLogoff");
135
136 return true;
137 }
138
139 bool test_SetupCredentials(struct dcerpc_pipe *p, struct torture_context *tctx,
140 struct cli_credentials *credentials,
141 struct netlogon_creds_CredentialState **creds_out)
142 {
143 struct netr_ServerReqChallenge r;
144 struct netr_ServerAuthenticate a;
145 struct netr_Credential credentials1, credentials2, credentials3;
146 struct netlogon_creds_CredentialState *creds;
147 const struct samr_Password *mach_password;
148 const char *machine_name;
149 struct dcerpc_binding_handle *b = p->binding_handle;
150
151 mach_password = cli_credentials_get_nt_hash(credentials, tctx);
152 machine_name = cli_credentials_get_workstation(credentials);
153
154 torture_comment(tctx, "Testing ServerReqChallenge\n");
155
156 r.in.server_name = NULL;
157 r.in.computer_name = machine_name;
158 r.in.credentials = &credentials1;
159 r.out.return_credentials = &credentials2;
160
161 generate_random_buffer(credentials1.data, sizeof(credentials1.data));
162
163 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b, tctx, &r),
164 "ServerReqChallenge failed");
165 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerReqChallenge failed");
166
167 a.in.server_name = NULL;
168 a.in.account_name = talloc_asprintf(tctx, "%s$", machine_name);
169 a.in.secure_channel_type = cli_credentials_get_secure_channel_type(credentials);
170 a.in.computer_name = machine_name;
171 a.in.credentials = &credentials3;
172 a.out.return_credentials = &credentials3;
173
174 creds = netlogon_creds_client_init(tctx, a.in.account_name,
175 a.in.computer_name,
176 a.in.secure_channel_type,
177 &credentials1, &credentials2,
178 mach_password, &credentials3,
179 0);
180 torture_assert(tctx, creds != NULL, "memory allocation");
181
182
183 torture_comment(tctx, "Testing ServerAuthenticate\n");
184
185 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerAuthenticate_r(b, tctx, &a),
186 "ServerAuthenticate failed");
187
188 /* This allows the tests to continue against the more fussy windows 2008 */
189 if (NT_STATUS_EQUAL(a.out.result, NT_STATUS_DOWNGRADE_DETECTED)) {
190 return test_SetupCredentials2(p, tctx, NETLOGON_NEG_AUTH2_ADS_FLAGS,
191 credentials,
192 cli_credentials_get_secure_channel_type(credentials),
193 creds_out);
194 }
195
196 torture_assert_ntstatus_ok(tctx, a.out.result, "ServerAuthenticate");
197
198 torture_assert(tctx, netlogon_creds_client_check(creds, &credentials3),
199 "Credential chaining failed");
200
201 *creds_out = creds;
202 return true;
203 }
204
205 bool test_SetupCredentials2ex(struct dcerpc_pipe *p, struct torture_context *tctx,
206 uint32_t negotiate_flags,
207 struct cli_credentials *machine_credentials,
208 const char *computer_name,
209 enum netr_SchannelType sec_chan_type,
210 NTSTATUS expected_result,
211 struct netlogon_creds_CredentialState **creds_out)
212 {
213 struct netr_ServerReqChallenge r;
214 struct netr_ServerAuthenticate2 a;
215 struct netr_Credential credentials1, credentials2, credentials3;
216 struct netlogon_creds_CredentialState *creds;
217 const struct samr_Password *mach_password;
218 struct dcerpc_binding_handle *b = p->binding_handle;
219 const char *account_name = cli_credentials_get_username(machine_credentials);
220
221 mach_password = cli_credentials_get_nt_hash(machine_credentials, tctx);
222
223 torture_comment(tctx, "Testing ServerReqChallenge\n");
224
225 r.in.server_name = NULL;
226 r.in.computer_name = computer_name;
227 r.in.credentials = &credentials1;
228 r.out.return_credentials = &credentials2;
229
230 generate_random_buffer(credentials1.data, sizeof(credentials1.data));
231
232 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b, tctx, &r),
233 "ServerReqChallenge failed");
234 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerReqChallenge failed");
235
236 a.in.server_name = NULL;
237 a.in.account_name = account_name;
238 a.in.secure_channel_type = sec_chan_type;
239 a.in.computer_name = computer_name;
240 a.in.negotiate_flags = &negotiate_flags;
241 a.out.negotiate_flags = &negotiate_flags;
242 a.in.credentials = &credentials3;
243 a.out.return_credentials = &credentials3;
244
245 creds = netlogon_creds_client_init(tctx, a.in.account_name,
246 a.in.computer_name,
247 a.in.secure_channel_type,
248 &credentials1, &credentials2,
249 mach_password, &credentials3,
250 negotiate_flags);
251
252 torture_assert(tctx, creds != NULL, "memory allocation");
253
254 torture_comment(tctx, "Testing ServerAuthenticate2\n");
255
256 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerAuthenticate2_r(b, tctx, &a),
257 "ServerAuthenticate2 failed");
258 torture_assert_ntstatus_equal(tctx, a.out.result, expected_result,
259 "ServerAuthenticate2 unexpected");
260
261 if (NT_STATUS_IS_OK(expected_result)) {
262 torture_assert(tctx, netlogon_creds_client_check(creds, &credentials3),
263 "Credential chaining failed");
264 } else {
265 torture_assert(tctx, !netlogon_creds_client_check(creds, &credentials3),
266 "Credential chaining passed unexptected");
267 }
268
269 torture_comment(tctx, "negotiate_flags=0x%08x\n", negotiate_flags);
270
271 *creds_out = creds;
272 return true;
273 }
274
275 bool test_SetupCredentials2(struct dcerpc_pipe *p, struct torture_context *tctx,
276 uint32_t negotiate_flags,
277 struct cli_credentials *machine_credentials,
278 enum netr_SchannelType sec_chan_type,
279 struct netlogon_creds_CredentialState **creds_out)
280 {
281 const char *computer_name =
282 cli_credentials_get_workstation(machine_credentials);
283
284 return test_SetupCredentials2ex(p, tctx, negotiate_flags,
285 machine_credentials,
286 computer_name,
287 sec_chan_type,
288 NT_STATUS_OK,
289 creds_out);
290 }
291
292 bool test_SetupCredentials3(struct dcerpc_pipe *p, struct torture_context *tctx,
293 uint32_t negotiate_flags,
294 struct cli_credentials *machine_credentials,
295 struct netlogon_creds_CredentialState **creds_out)
296 {
297 struct netr_ServerReqChallenge r;
298 struct netr_ServerAuthenticate3 a;
299 struct netr_Credential credentials1, credentials2, credentials3;
300 struct netlogon_creds_CredentialState *creds;
301 struct samr_Password mach_password;
302 uint32_t rid;
303 const char *machine_name;
304 const char *plain_pass;
305 struct dcerpc_binding_handle *b = p->binding_handle;
306
307 machine_name = cli_credentials_get_workstation(machine_credentials);
308 plain_pass = cli_credentials_get_password(machine_credentials);
309
310 torture_comment(tctx, "Testing ServerReqChallenge\n");
311
312 r.in.server_name = NULL;
313 r.in.computer_name = machine_name;
314 r.in.credentials = &credentials1;
315 r.out.return_credentials = &credentials2;
316
317 generate_random_buffer(credentials1.data, sizeof(credentials1.data));
318
319 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b, tctx, &r),
320 "ServerReqChallenge failed");
321 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerReqChallenge failed");
322
323 E_md4hash(plain_pass, mach_password.hash);
324
325 a.in.server_name = NULL;
326 a.in.account_name = talloc_asprintf(tctx, "%s$", machine_name);
327 a.in.secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
328 a.in.computer_name = machine_name;
329 a.in.negotiate_flags = &negotiate_flags;
330 a.in.credentials = &credentials3;
331 a.out.return_credentials = &credentials3;
332 a.out.negotiate_flags = &negotiate_flags;
333 a.out.rid = &rid;
334
335 creds = netlogon_creds_client_init(tctx, a.in.account_name,
336 a.in.computer_name,
337 a.in.secure_channel_type,
338 &credentials1, &credentials2,
339 &mach_password, &credentials3,
340 negotiate_flags);
341
342 torture_assert(tctx, creds != NULL, "memory allocation");
343
344 torture_comment(tctx, "Testing ServerAuthenticate3\n");
345
346 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerAuthenticate3_r(b, tctx, &a),
347 "ServerAuthenticate3 failed");
348 torture_assert_ntstatus_ok(tctx, a.out.result, "ServerAuthenticate3 failed");
349 torture_assert(tctx, netlogon_creds_client_check(creds, &credentials3), "Credential chaining failed");
350
351 torture_comment(tctx, "negotiate_flags=0x%08x\n", negotiate_flags);
352
353 /* Prove that requesting a challenge again won't break it */
354 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b, tctx, &r),
355 "ServerReqChallenge failed");
356 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerReqChallenge failed");
357
358 *creds_out = creds;
359 return true;
360 }
361
362 /*
363 try a change password for our machine account
364 */
365 static bool test_SetPassword(struct torture_context *tctx,
366 struct dcerpc_pipe *p,
367 struct cli_credentials *machine_credentials)
368 {
369 struct netr_ServerPasswordSet r;
370 const char *password;
371 struct netlogon_creds_CredentialState *creds;
372 struct netr_Authenticator credential, return_authenticator;
373 struct samr_Password new_password;
374 struct dcerpc_binding_handle *b = p->binding_handle;
375
376 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
377 return false;
378 }
379
380 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
381 r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
382 r.in.secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
383 r.in.computer_name = TEST_MACHINE_NAME;
384 r.in.credential = &credential;
385 r.in.new_password = &new_password;
386 r.out.return_authenticator = &return_authenticator;
387
388 password = generate_random_password(tctx, 8, 255);
389 E_md4hash(password, new_password.hash);
390
391 netlogon_creds_des_encrypt(creds, &new_password);
392
393 torture_comment(tctx, "Testing ServerPasswordSet on machine account\n");
394 torture_comment(tctx, "Changing machine account password to '%s'\n",
395 password);
396
397 netlogon_creds_client_authenticator(creds, &credential);
398
399 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerPasswordSet_r(b, tctx, &r),
400 "ServerPasswordSet failed");
401 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerPasswordSet failed");
402
403 if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
404 torture_comment(tctx, "Credential chaining failed\n");
405 }
406
407 /* by changing the machine password twice we test the
408 credentials chaining fully, and we verify that the server
409 allows the password to be set to the same value twice in a
410 row (match win2k3) */
411 torture_comment(tctx,
412 "Testing a second ServerPasswordSet on machine account\n");
413 torture_comment(tctx,
414 "Changing machine account password to '%s' (same as previous run)\n", password);
415
416 netlogon_creds_client_authenticator(creds, &credential);
417
418 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerPasswordSet_r(b, tctx, &r),
419 "ServerPasswordSet (2) failed");
420 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerPasswordSet (2) failed");
421
422 if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
423 torture_comment(tctx, "Credential chaining failed\n");
424 }
425
426 cli_credentials_set_password(machine_credentials, password, CRED_SPECIFIED);
427
428 torture_assert(tctx,
429 test_SetupCredentials(p, tctx, machine_credentials, &creds),
430 "ServerPasswordSet failed to actually change the password");
431
432 return true;
433 }
434
435 /*
436 try a change password for our machine account
437 */
438 static bool test_SetPassword_flags(struct torture_context *tctx,
439 struct dcerpc_pipe *p,
440 struct cli_credentials *machine_credentials,
441 uint32_t negotiate_flags)
442 {
443 struct netr_ServerPasswordSet r;
444 const char *password;
445 struct netlogon_creds_CredentialState *creds;
446 struct netr_Authenticator credential, return_authenticator;
447 struct samr_Password new_password;
448 struct dcerpc_binding_handle *b = p->binding_handle;
449
450 if (!test_SetupCredentials2(p, tctx, negotiate_flags,
451 machine_credentials,
452 cli_credentials_get_secure_channel_type(machine_credentials),
453 &creds)) {
454 return false;
455 }
456
457 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
458 r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
459 r.in.secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
460 r.in.computer_name = TEST_MACHINE_NAME;
461 r.in.credential = &credential;
462 r.in.new_password = &new_password;
463 r.out.return_authenticator = &return_authenticator;
464
465 password = generate_random_password(tctx, 8, 255);
466 E_md4hash(password, new_password.hash);
467
468 netlogon_creds_des_encrypt(creds, &new_password);
469
470 torture_comment(tctx, "Testing ServerPasswordSet on machine account\n");
471 torture_comment(tctx, "Changing machine account password to '%s'\n",
472 password);
473
474 netlogon_creds_client_authenticator(creds, &credential);
475
476 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerPasswordSet_r(b, tctx, &r),
477 "ServerPasswordSet failed");
478 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerPasswordSet failed");
479
480 if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
481 torture_comment(tctx, "Credential chaining failed\n");
482 }
483
484 /* by changing the machine password twice we test the
485 credentials chaining fully, and we verify that the server
486 allows the password to be set to the same value twice in a
487 row (match win2k3) */
488 torture_comment(tctx,
489 "Testing a second ServerPasswordSet on machine account\n");
490 torture_comment(tctx,
491 "Changing machine account password to '%s' (same as previous run)\n", password);
492
493 netlogon_creds_client_authenticator(creds, &credential);
494
495 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerPasswordSet_r(b, tctx, &r),
496 "ServerPasswordSet (2) failed");
497 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerPasswordSet (2) failed");
498
499 if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
500 torture_comment(tctx, "Credential chaining failed\n");
501 }
502
503 cli_credentials_set_password(machine_credentials, password, CRED_SPECIFIED);
504
505 torture_assert(tctx,
506 test_SetupCredentials(p, tctx, machine_credentials, &creds),
507 "ServerPasswordSet failed to actually change the password");
508
509 return true;
510 }
511
512
513 /*
514 generate a random password for password change tests
515 */
516 static DATA_BLOB netlogon_very_rand_pass(TALLOC_CTX *mem_ctx, int len)
517 {
518 int i;
519 DATA_BLOB password = data_blob_talloc(mem_ctx, NULL, len * 2 /* number of unicode chars */);
520 generate_random_buffer(password.data, password.length);
521
522 for (i=0; i < len; i++) {
523 if (((uint16_t *)password.data)[i] == 0) {
524 ((uint16_t *)password.data)[i] = 1;
525 }
526 }
527
528 return password;
529 }
530
531 /*
532 try a change password for our machine account
533 */
534 static bool test_SetPassword2_with_flags(struct torture_context *tctx,
535 struct dcerpc_pipe *p,
536 struct cli_credentials *machine_credentials,
537 uint32_t flags)
538 {
539 struct netr_ServerPasswordSet2 r;
540 const char *password;
541 DATA_BLOB new_random_pass;
542 struct netlogon_creds_CredentialState *creds;
543 struct samr_CryptPassword password_buf;
544 struct samr_Password nt_hash;
545 struct netr_Authenticator credential, return_authenticator;
546 struct netr_CryptPassword new_password;
547 struct dcerpc_binding_handle *b = p->binding_handle;
548
549 if (!test_SetupCredentials2(p, tctx, flags, machine_credentials, cli_credentials_get_secure_channel_type(machine_credentials), &creds)) {
550 return false;
551 }
552
553 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
554 r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
555 r.in.secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
556 r.in.computer_name = TEST_MACHINE_NAME;
557 r.in.credential = &credential;
558 r.in.new_password = &new_password;
559 r.out.return_authenticator = &return_authenticator;
560
561 password = generate_random_password(tctx, 8, 255);
562 encode_pw_buffer(password_buf.data, password, STR_UNICODE);
563 if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
564 netlogon_creds_aes_encrypt(creds, password_buf.data, 516);
565 } else {
566 netlogon_creds_arcfour_crypt(creds, password_buf.data, 516);
567 }
568
569 memcpy(new_password.data, password_buf.data, 512);
570 new_password.length = IVAL(password_buf.data, 512);
571
572 torture_comment(tctx, "Testing ServerPasswordSet2 on machine account\n");
573 torture_comment(tctx, "Changing machine account password to '%s'\n", password);
574
575 netlogon_creds_client_authenticator(creds, &credential);
576
577 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerPasswordSet2_r(b, tctx, &r),
578 "ServerPasswordSet2 failed");
579 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerPasswordSet2 failed");
580
581 if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
582 torture_comment(tctx, "Credential chaining failed\n");
583 }
584
585 cli_credentials_set_password(machine_credentials, password, CRED_SPECIFIED);
586
587 if (!torture_setting_bool(tctx, "dangerous", false)) {
588 torture_comment(tctx,
589 "Not testing ability to set password to '', enable dangerous tests to perform this test\n");
590 } else {
591 /* by changing the machine password to ""
592 * we check if the server uses password restrictions
593 * for ServerPasswordSet2
594 * (win2k3 accepts "")
595 */
596 password = "";
597 encode_pw_buffer(password_buf.data, password, STR_UNICODE);
598 if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
599 netlogon_creds_aes_encrypt(creds, password_buf.data, 516);
600 } else {
601 netlogon_creds_arcfour_crypt(creds, password_buf.data, 516);
602 }
603 memcpy(new_password.data, password_buf.data, 512);
604 new_password.length = IVAL(password_buf.data, 512);
605
606 torture_comment(tctx,
607 "Testing ServerPasswordSet2 on machine account\n");
608 torture_comment(tctx,
609 "Changing machine account password to '%s'\n", password);
610
611 netlogon_creds_client_authenticator(creds, &credential);
612
613 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerPasswordSet2_r(b, tctx, &r),
614 "ServerPasswordSet2 failed");
615 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerPasswordSet2 failed");
616
617 if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
618 torture_comment(tctx, "Credential chaining failed\n");
619 }
620
621 cli_credentials_set_password(machine_credentials, password, CRED_SPECIFIED);
622 }
623
624 torture_assert(tctx, test_SetupCredentials(p, tctx, machine_credentials, &creds),
625 "ServerPasswordSet failed to actually change the password");
626
627 /* now try a random password */
628 password = generate_random_password(tctx, 8, 255);
629 encode_pw_buffer(password_buf.data, password, STR_UNICODE);
630 if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
631 netlogon_creds_aes_encrypt(creds, password_buf.data, 516);
632 } else {
633 netlogon_creds_arcfour_crypt(creds, password_buf.data, 516);
634 }
635 memcpy(new_password.data, password_buf.data, 512);
636 new_password.length = IVAL(password_buf.data, 512);
637
638 torture_comment(tctx, "Testing second ServerPasswordSet2 on machine account\n");
639 torture_comment(tctx, "Changing machine account password to '%s'\n", password);
640
641 netlogon_creds_client_authenticator(creds, &credential);
642
643 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerPasswordSet2_r(b, tctx, &r),
644 "ServerPasswordSet2 (2) failed");
645 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerPasswordSet2 (2) failed");
646
647 if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
648 torture_comment(tctx, "Credential chaining failed\n");
649 }
650
651 /* by changing the machine password twice we test the
652 credentials chaining fully, and we verify that the server
653 allows the password to be set to the same value twice in a
654 row (match win2k3) */
655 torture_comment(tctx,
656 "Testing a second ServerPasswordSet2 on machine account\n");
657 torture_comment(tctx,
658 "Changing machine account password to '%s' (same as previous run)\n", password);
659
660 netlogon_creds_client_authenticator(creds, &credential);
661
662 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerPasswordSet2_r(b, tctx, &r),
663 "ServerPasswordSet (3) failed");
664 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerPasswordSet (3) failed");
665
666 if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
667 torture_comment(tctx, "Credential chaining failed\n");
668 }
669
670 cli_credentials_set_password(machine_credentials, password, CRED_SPECIFIED);
671
672 torture_assert (tctx,
673 test_SetupCredentials(p, tctx, machine_credentials, &creds),
674 "ServerPasswordSet failed to actually change the password");
675
676 new_random_pass = netlogon_very_rand_pass(tctx, 128);
677
678 /* now try a random stream of bytes for a password */
679 set_pw_in_buffer(password_buf.data, &new_random_pass);
680
681 if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
682 netlogon_creds_aes_encrypt(creds, password_buf.data, 516);
683 } else {
684 netlogon_creds_arcfour_crypt(creds, password_buf.data, 516);
685 }
686
687 memcpy(new_password.data, password_buf.data, 512);
688 new_password.length = IVAL(password_buf.data, 512);
689
690 torture_comment(tctx,
691 "Testing a third ServerPasswordSet2 on machine account, with a completely random password\n");
692
693 netlogon_creds_client_authenticator(creds, &credential);
694
695 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerPasswordSet2_r(b, tctx, &r),
696 "ServerPasswordSet (3) failed");
697 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerPasswordSet (3) failed");
698
699 if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
700 torture_comment(tctx, "Credential chaining failed\n");
701 }
702
703 mdfour(nt_hash.hash, new_random_pass.data, new_random_pass.length);
704
705 cli_credentials_set_password(machine_credentials, NULL, CRED_UNINITIALISED);
706 cli_credentials_set_nt_hash(machine_credentials, &nt_hash, CRED_SPECIFIED);
707
708 torture_assert (tctx,
709 test_SetupCredentials(p, tctx, machine_credentials, &creds),
710 "ServerPasswordSet failed to actually change the password");
711
712 return true;
713 }
714
715 static bool test_SetPassword2(struct torture_context *tctx,
716 struct dcerpc_pipe *p,
717 struct cli_credentials *machine_credentials)
718 {
719 return test_SetPassword2_with_flags(tctx, p, machine_credentials, NETLOGON_NEG_AUTH2_ADS_FLAGS);
720 }
721
722 static bool test_SetPassword2_AES(struct torture_context *tctx,
723 struct dcerpc_pipe *p,
724 struct cli_credentials *machine_credentials)
725 {
726 return test_SetPassword2_with_flags(tctx, p, machine_credentials, NETLOGON_NEG_AUTH2_ADS_FLAGS | NETLOGON_NEG_SUPPORTS_AES);
727 }
728
729 static bool test_GetPassword(struct torture_context *tctx,
730 struct dcerpc_pipe *p,
731 struct cli_credentials *machine_credentials)
732 {
733 struct netr_ServerPasswordGet r;
734 struct netlogon_creds_CredentialState *creds;
735 struct netr_Authenticator credential;
736 NTSTATUS status;
737 struct netr_Authenticator return_authenticator;
738 struct samr_Password password;
739 struct dcerpc_binding_handle *b = p->binding_handle;
740
741 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
742 return false;
743 }
744
745 netlogon_creds_client_authenticator(creds, &credential);
746
747 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
748 r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
749 r.in.secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
750 r.in.computer_name = TEST_MACHINE_NAME;
751 r.in.credential = &credential;
752 r.out.return_authenticator = &return_authenticator;
753 r.out.password = &password;
754
755 status = dcerpc_netr_ServerPasswordGet_r(b, tctx, &r);
756 torture_assert_ntstatus_ok(tctx, status, "ServerPasswordGet");
757
758 return true;
759 }
760
761 static bool test_GetTrustPasswords(struct torture_context *tctx,
762 struct dcerpc_pipe *p,
763 struct cli_credentials *machine_credentials)
764 {
765 struct netr_ServerTrustPasswordsGet r;
766 struct netlogon_creds_CredentialState *creds;
767 struct netr_Authenticator credential;
768 struct netr_Authenticator return_authenticator;
769 struct samr_Password password, password2;
770 struct dcerpc_binding_handle *b = p->binding_handle;
771
772 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
773 return false;
774 }
775
776 netlogon_creds_client_authenticator(creds, &credential);
777
778 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
779 r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
780 r.in.secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
781 r.in.computer_name = TEST_MACHINE_NAME;
782 r.in.credential = &credential;
783 r.out.return_authenticator = &return_authenticator;
784 r.out.password = &password;
785 r.out.password2 = &password2;
786
787 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerTrustPasswordsGet_r(b, tctx, &r),
788 "ServerTrustPasswordsGet failed");
789 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerTrustPasswordsGet failed");
790
791 return true;
792 }
793
794 /*
795 try a netlogon SamLogon
796 */
797 static bool test_netlogon_ops_args(struct dcerpc_pipe *p, struct torture_context *tctx,
798 struct cli_credentials *credentials,
799 struct netlogon_creds_CredentialState *creds,
800 bool null_domain)
801 {
802 NTSTATUS status;
803 struct netr_LogonSamLogon r;
804 struct netr_Authenticator auth, auth2;
805 static const struct netr_Authenticator auth_zero;
806 union netr_LogonLevel logon;
807 union netr_Validation validation;
808 uint8_t authoritative;
809 struct netr_NetworkInfo ninfo;
810 DATA_BLOB names_blob, chal, lm_resp, nt_resp;
811 int i;
812 struct dcerpc_binding_handle *b = p->binding_handle;
813 int flags = CLI_CRED_NTLM_AUTH;
814 if (lpcfg_client_lanman_auth(tctx->lp_ctx)) {
815 flags |= CLI_CRED_LANMAN_AUTH;
816 }
817
818 if (lpcfg_client_ntlmv2_auth(tctx->lp_ctx) && !null_domain) {
819 flags |= CLI_CRED_NTLMv2_AUTH;
820 }
821
822 cli_credentials_get_ntlm_username_domain(cmdline_credentials, tctx,
823 &ninfo.identity_info.account_name.string,
824 &ninfo.identity_info.domain_name.string);
825
826 if (null_domain) {
827 ninfo.identity_info.domain_name.string = NULL;
828 }
829
830 generate_random_buffer(ninfo.challenge,
831 sizeof(ninfo.challenge));
832 chal = data_blob_const(ninfo.challenge,
833 sizeof(ninfo.challenge));
834
835 names_blob = NTLMv2_generate_names_blob(tctx, cli_credentials_get_workstation(credentials),
836 cli_credentials_get_domain(credentials));
837
838 status = cli_credentials_get_ntlm_response(cmdline_credentials, tctx,
839 &flags,
840 chal,
841 names_blob,
842 &lm_resp, &nt_resp,
843 NULL, NULL);
844 torture_assert_ntstatus_ok(tctx, status, "cli_credentials_get_ntlm_response failed");
845
846 ninfo.lm.data = lm_resp.data;
847 ninfo.lm.length = lm_resp.length;
848
849 ninfo.nt.data = nt_resp.data;
850 ninfo.nt.length = nt_resp.length;
851
852 ninfo.identity_info.parameter_control = 0;
853 ninfo.identity_info.logon_id_low = 0;
854 ninfo.identity_info.logon_id_high = 0;
855 ninfo.identity_info.workstation.string = cli_credentials_get_workstation(credentials);
856
857 logon.network = &ninfo;
858
859 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
860 r.in.computer_name = cli_credentials_get_workstation(credentials);
861 r.in.credential = &auth;
862 r.in.return_authenticator = &auth2;
863 r.in.logon_level = NetlogonNetworkInformation;
864 r.in.logon = &logon;
865 r.out.validation = &validation;
866 r.out.authoritative = &authoritative;
867
868 d_printf("Testing LogonSamLogon with name %s\n", ninfo.identity_info.account_name.string);
869
870 for (i=2;i<=3;i++) {
871 ZERO_STRUCT(auth2);
872 netlogon_creds_client_authenticator(creds, &auth);
873
874 r.in.validation_level = i;
875
876 torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
877 "LogonSamLogon failed");
878 torture_assert_ntstatus_ok(tctx, r.out.result, "LogonSamLogon failed");
879
880 torture_assert(tctx, netlogon_creds_client_check(creds,
881 &r.out.return_authenticator->cred),
882 "Credential chaining failed");
883 torture_assert_int_equal(tctx, *r.out.authoritative, 1,
884 "LogonSamLogon invalid *r.out.authoritative");
885 }
886
887 /* this makes sure we get the unmarshalling right for invalid levels */
888 for (i=52;i<53;i++) {
889 ZERO_STRUCT(auth2);
890 /* the authenticator should be ignored by the server */
891 generate_random_buffer((uint8_t *) &auth, sizeof(auth));
892
893 r.in.validation_level = i;
894
895 torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
896 "LogonSamLogon failed");
897 torture_assert_ntstatus_equal(tctx, r.out.result,
898 NT_STATUS_INVALID_INFO_CLASS,
899 "LogonSamLogon failed");
900
901 torture_assert_int_equal(tctx, *r.out.authoritative, 1,
902 "LogonSamLogon invalid *r.out.authoritative");
903 torture_assert(tctx,
904 memcmp(&auth2, &auth_zero, sizeof(auth2)) == 0,
905 "Return authenticator non zero");
906 }
907
908 for (i=2;i<=3;i++) {
909 ZERO_STRUCT(auth2);
910 netlogon_creds_client_authenticator(creds, &auth);
911
912 r.in.validation_level = i;
913
914 torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
915 "LogonSamLogon failed");
916 torture_assert_ntstatus_ok(tctx, r.out.result, "LogonSamLogon failed");
917
918 torture_assert(tctx, netlogon_creds_client_check(creds,
919 &r.out.return_authenticator->cred),
920 "Credential chaining failed");
921 torture_assert_int_equal(tctx, *r.out.authoritative, 1,
922 "LogonSamLogon invalid *r.out.authoritative");
923 }
924
925 r.in.logon_level = 52;
926
927 for (i=2;i<=3;i++) {
928 ZERO_STRUCT(auth2);
929 /* the authenticator should be ignored by the server */
930 generate_random_buffer((uint8_t *) &auth, sizeof(auth));
931
932 r.in.validation_level = i;
933
934 torture_comment(tctx, "Testing SamLogon with validation level %d and a NULL credential\n", i);
935
936 torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
937 "LogonSamLogon failed");
938 torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_INVALID_PARAMETER,
939 "LogonSamLogon expected INVALID_PARAMETER");
940
941 torture_assert(tctx,
942 memcmp(&auth2, &auth_zero, sizeof(auth2)) == 0,
943 "Return authenticator non zero");
944 torture_assert_int_equal(tctx, *r.out.authoritative, 1,
945 "LogonSamLogon invalid *r.out.authoritative");
946 }
947
948 r.in.credential = NULL;
949
950 for (i=2;i<=3;i++) {
951 ZERO_STRUCT(auth2);
952
953 r.in.validation_level = i;
954
955 torture_comment(tctx, "Testing SamLogon with validation level %d and a NULL credential\n", i);
956
957 torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
958 "LogonSamLogon failed");
959 torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_INVALID_PARAMETER,
960 "LogonSamLogon expected INVALID_PARAMETER");
961
962 torture_assert(tctx,
963 memcmp(&auth2, &auth_zero, sizeof(auth2)) == 0,
964 "Return authenticator non zero");
965 torture_assert_int_equal(tctx, *r.out.authoritative, 1,
966 "LogonSamLogon invalid *r.out.authoritative");
967 }
968
969 r.in.logon_level = NetlogonNetworkInformation;
970 r.in.credential = &auth;
971
972 for (i=2;i<=3;i++) {
973 ZERO_STRUCT(auth2);
974 netlogon_creds_client_authenticator(creds, &auth);
975
976 r.in.validation_level = i;
977
978 torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
979 "LogonSamLogon failed");
980 torture_assert_ntstatus_ok(tctx, r.out.result, "LogonSamLogon failed");
981
982 torture_assert(tctx, netlogon_creds_client_check(creds,
983 &r.out.return_authenticator->cred),
984 "Credential chaining failed");
985 torture_assert_int_equal(tctx, *r.out.authoritative, 1,
986 "LogonSamLogon invalid *r.out.authoritative");
987 }
988
989 return true;
990 }
991
992 bool test_netlogon_ops(struct dcerpc_pipe *p, struct torture_context *tctx,
993 struct cli_credentials *credentials,
994 struct netlogon_creds_CredentialState *creds)
995 {
996 return test_netlogon_ops_args(p, tctx, credentials, creds, false);
997 }
998
999 /*
1000 try a netlogon GetCapabilities
1001 */
1002 bool test_netlogon_capabilities(struct dcerpc_pipe *p, struct torture_context *tctx,
1003 struct cli_credentials *credentials,
1004 struct netlogon_creds_CredentialState *creds)
1005 {
1006 NTSTATUS status;
1007 struct netr_LogonGetCapabilities r;
1008 union netr_Capabilities capabilities;
1009 struct netr_Authenticator auth, return_auth;
1010 struct netlogon_creds_CredentialState tmp_creds;
1011 struct dcerpc_binding_handle *b = p->binding_handle;
1012
1013 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1014 r.in.computer_name = cli_credentials_get_workstation(credentials);
1015 r.in.credential = &auth;
1016 r.in.return_authenticator = &return_auth;
1017 r.in.query_level = 1;
1018 r.out.capabilities = &capabilities;
1019 r.out.return_authenticator = &return_auth;
1020
1021 torture_comment(tctx, "Testing LogonGetCapabilities\n");
1022
1023 ZERO_STRUCT(return_auth);
1024
1025 /*
1026 * we need to operate on a temporary copy of creds
1027 * because dcerpc_netr_LogonGetCapabilities was
1028 * dcerpc_netr_DummyFunction and returns NT_STATUS_NOT_IMPLEMENTED
1029 * without looking a the authenticator.
1030 */
1031 tmp_creds = *creds;
1032 netlogon_creds_client_authenticator(&tmp_creds, &auth);
1033
1034 status = dcerpc_netr_LogonGetCapabilities_r(b, tctx, &r);
1035 torture_assert_ntstatus_ok(tctx, status, "LogonGetCapabilities failed");
1036 if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_NOT_IMPLEMENTED)) {
1037 return true;
1038 }
1039
1040 *creds = tmp_creds;
1041
1042 torture_assert(tctx, netlogon_creds_client_check(creds,
1043 &r.out.return_authenticator->cred),
1044 "Credential chaining failed");
1045
1046 torture_assert_int_equal(tctx, creds->negotiate_flags,
1047 capabilities.server_capabilities,
1048 "negotiate flags");
1049
1050 return true;
1051 }
1052
1053 /*
1054 try a netlogon SamLogon
1055 */
1056 static bool test_SamLogon(struct torture_context *tctx,
1057 struct dcerpc_pipe *p,
1058 struct cli_credentials *credentials)
1059 {
1060 struct netlogon_creds_CredentialState *creds;
1061
1062 if (!test_SetupCredentials(p, tctx, credentials, &creds)) {
1063 return false;
1064 }
1065
1066 return test_netlogon_ops(p, tctx, credentials, creds);
1067 }
1068
1069 static bool test_invalidAuthenticate2(struct torture_context *tctx,
1070 struct dcerpc_pipe *p,
1071 struct cli_credentials *credentials)
1072 {
1073 struct netlogon_creds_CredentialState *creds;
1074 uint32_t flags = NETLOGON_NEG_AUTH2_FLAGS | NETLOGON_NEG_SUPPORTS_AES;
1075
1076 torture_comment(tctx, "Testing invalidAuthenticate2\n");
1077
1078 if (!test_SetupCredentials2(p, tctx, flags,
1079 credentials,
1080 cli_credentials_get_secure_channel_type(credentials),
1081 &creds)) {
1082 return false;
1083 }
1084
1085 if (!test_SetupCredentials2ex(p, tctx, flags,
1086 credentials,
1087 "1234567890123456",
1088 cli_credentials_get_secure_channel_type(credentials),
1089 STATUS_BUFFER_OVERFLOW,
1090 &creds)) {
1091 return false;
1092 }
1093
1094 if (!test_SetupCredentials2ex(p, tctx, flags,
1095 credentials,
1096 "123456789012345",
1097 cli_credentials_get_secure_channel_type(credentials),
1098 NT_STATUS_OK,
1099 &creds)) {
1100 return false;
1101 }
1102
1103 return true;
1104 }
1105
1106 static bool test_SamLogon_NULL_domain(struct torture_context *tctx,
1107 struct dcerpc_pipe *p,
1108 struct cli_credentials *credentials)
1109 {
1110 struct netlogon_creds_CredentialState *creds;
1111
1112 if (!test_SetupCredentials(p, tctx, credentials, &creds)) {
1113 return false;
1114 }
1115
1116 return test_netlogon_ops_args(p, tctx, credentials, creds, true);
1117 }
1118
1119 /* we remember the sequence numbers so we can easily do a DatabaseDelta */
1120 static uint64_t sequence_nums[3];
1121
1122 /*
1123 try a netlogon DatabaseSync
1124 */
1125 static bool test_DatabaseSync(struct torture_context *tctx,
1126 struct dcerpc_pipe *p,
1127 struct cli_credentials *machine_credentials)
1128 {
1129 struct netr_DatabaseSync r;
1130 struct netlogon_creds_CredentialState *creds;
1131 const uint32_t database_ids[] = {SAM_DATABASE_DOMAIN, SAM_DATABASE_BUILTIN, SAM_DATABASE_PRIVS};
1132 int i;
1133 struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
1134 struct netr_Authenticator credential, return_authenticator;
1135 struct dcerpc_binding_handle *b = p->binding_handle;
1136
1137 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
1138 return false;
1139 }
1140
1141 ZERO_STRUCT(return_authenticator);
1142
1143 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1144 r.in.computername = TEST_MACHINE_NAME;
1145 r.in.preferredmaximumlength = (uint32_t)-1;
1146 r.in.return_authenticator = &return_authenticator;
1147 r.out.delta_enum_array = &delta_enum_array;
1148 r.out.return_authenticator = &return_authenticator;
1149
1150 for (i=0;i<ARRAY_SIZE(database_ids);i++) {
1151
1152 uint32_t sync_context = 0;
1153
1154 r.in.database_id = database_ids[i];
1155 r.in.sync_context = &sync_context;
1156 r.out.sync_context = &sync_context;
1157
1158 torture_comment(tctx, "Testing DatabaseSync of id %d\n", r.in.database_id);
1159
1160 do {
1161 netlogon_creds_client_authenticator(creds, &credential);
1162
1163 r.in.credential = &credential;
1164
1165 torture_assert_ntstatus_ok(tctx, dcerpc_netr_DatabaseSync_r(b, tctx, &r),
1166 "DatabaseSync failed");
1167 if (NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES))
1168 break;
1169
1170 /* Native mode servers don't do this */
1171 if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_NOT_SUPPORTED)) {
1172 return true;
1173 }
1174 torture_assert_ntstatus_ok(tctx, r.out.result, "DatabaseSync");
1175
1176 if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
1177 torture_comment(tctx, "Credential chaining failed\n");
1178 }
1179
1180 if (delta_enum_array &&
1181 delta_enum_array->num_deltas > 0 &&
1182 delta_enum_array->delta_enum[0].delta_type == NETR_DELTA_DOMAIN &&
1183 delta_enum_array->delta_enum[0].delta_union.domain) {
1184 sequence_nums[r.in.database_id] =
1185 delta_enum_array->delta_enum[0].delta_union.domain->sequence_num;
1186 torture_comment(tctx, "\tsequence_nums[%d]=%llu\n",
1187 r.in.database_id,
1188 (unsigned long long)sequence_nums[r.in.database_id]);
1189 }
1190 } while (NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES));
1191 }
1192
1193 return true;
1194 }
1195
1196
1197 /*
1198 try a netlogon DatabaseDeltas
1199 */
1200 static bool test_DatabaseDeltas(struct torture_context *tctx,
1201 struct dcerpc_pipe *p,
1202 struct cli_credentials *machine_credentials)
1203 {
1204 struct netr_DatabaseDeltas r;
1205 struct netlogon_creds_CredentialState *creds;
1206 struct netr_Authenticator credential;
1207 struct netr_Authenticator return_authenticator;
1208 struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
1209 const uint32_t database_ids[] = {0, 1, 2};
1210 int i;
1211 struct dcerpc_binding_handle *b = p->binding_handle;
1212
1213 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
1214 return false;
1215 }
1216
1217 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1218 r.in.computername = TEST_MACHINE_NAME;
1219 r.in.preferredmaximumlength = (uint32_t)-1;
1220 ZERO_STRUCT(r.in.return_authenticator);
1221 r.out.return_authenticator = &return_authenticator;
1222 r.out.delta_enum_array = &delta_enum_array;
1223
1224 for (i=0;i<ARRAY_SIZE(database_ids);i++) {
1225 r.in.database_id = database_ids[i];
1226 r.in.sequence_num = &sequence_nums[r.in.database_id];
1227
1228 if (*r.in.sequence_num == 0) continue;
1229
1230 *r.in.sequence_num -= 1;
1231
1232 torture_comment(tctx, "Testing DatabaseDeltas of id %d at %llu\n",
1233 r.in.database_id, (unsigned long long)*r.in.sequence_num);
1234
1235 do {
1236 netlogon_creds_client_authenticator(creds, &credential);
1237
1238 torture_assert_ntstatus_ok(tctx, dcerpc_netr_DatabaseDeltas_r(b, tctx, &r),
1239 "DatabaseDeltas failed");
1240 if (NT_STATUS_EQUAL(r.out.result,
1241 NT_STATUS_SYNCHRONIZATION_REQUIRED)) {
1242 torture_comment(tctx, "not considering %s to be an error\n",
1243 nt_errstr(r.out.result));
1244 return true;
1245 }
1246 if (NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES))
1247 break;
1248
1249 torture_assert_ntstatus_ok(tctx, r.out.result, "DatabaseDeltas");
1250
1251 if (!netlogon_creds_client_check(creds, &return_authenticator.cred)) {
1252 torture_comment(tctx, "Credential chaining failed\n");
1253 }
1254
1255 (*r.in.sequence_num)++;
1256 } while (NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES));
1257 }
1258
1259 return true;
1260 }
1261
1262 static bool test_DatabaseRedo(struct torture_context *tctx,
1263 struct dcerpc_pipe *p,
1264 struct cli_credentials *machine_credentials)
1265 {
1266 struct netr_DatabaseRedo r;
1267 struct netlogon_creds_CredentialState *creds;
1268 struct netr_Authenticator credential;
1269 struct netr_Authenticator return_authenticator;
1270 struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
1271 struct netr_ChangeLogEntry e;
1272 struct dom_sid null_sid, *sid;
1273 int i,d;
1274 struct dcerpc_binding_handle *b = p->binding_handle;
1275
1276 ZERO_STRUCT(null_sid);
1277
1278 sid = dom_sid_parse_talloc(tctx, "S-1-5-21-1111111111-2222222222-333333333-500");
1279
1280 {
1281
1282 struct {
1283 uint32_t rid;
1284 uint16_t flags;
1285 uint8_t db_index;
1286 uint8_t delta_type;
1287 struct dom_sid sid;
1288 const char *name;
1289 NTSTATUS expected_error;
1290 uint32_t expected_num_results;
1291 uint8_t expected_delta_type_1;
1292 uint8_t expected_delta_type_2;
1293 const char *comment;
1294 } changes[] = {
1295
1296 /* SAM_DATABASE_DOMAIN */
1297
1298 {
1299 .rid = 0,
1300 .flags = 0,
1301 .db_index = SAM_DATABASE_DOMAIN,
1302 .delta_type = NETR_DELTA_MODIFY_COUNT,
1303 .sid = null_sid,
1304 .name = NULL,
1305 .expected_error = NT_STATUS_SYNCHRONIZATION_REQUIRED,
1306 .expected_num_results = 0,
1307 .comment = "NETR_DELTA_MODIFY_COUNT"
1308 },
1309 {
1310 .rid = 0,
1311 .flags = 0,
1312 .db_index = SAM_DATABASE_DOMAIN,
1313 .delta_type = 0,
1314 .sid = null_sid,
1315 .name = NULL,
1316 .expected_error = NT_STATUS_OK,
1317 .expected_num_results = 1,
1318 .expected_delta_type_1 = NETR_DELTA_DOMAIN,
1319 .comment = "NULL DELTA"
1320 },
1321 {
1322 .rid = 0,
1323 .flags = 0,
1324 .db_index = SAM_DATABASE_DOMAIN,
1325 .delta_type = NETR_DELTA_DOMAIN,
1326 .sid = null_sid,
1327 .name = NULL,
1328 .expected_error = NT_STATUS_OK,
1329 .expected_num_results = 1,
1330 .expected_delta_type_1 = NETR_DELTA_DOMAIN,
1331 .comment = "NETR_DELTA_DOMAIN"
1332 },
1333 {
1334 .rid = DOMAIN_RID_ADMINISTRATOR,
1335 .flags = 0,
1336 .db_index = SAM_DATABASE_DOMAIN,
1337 .delta_type = NETR_DELTA_USER,
1338 .sid = null_sid,
1339 .name = NULL,
1340 .expected_error = NT_STATUS_OK,
1341 .expected_num_results = 1,
1342 .expected_delta_type_1 = NETR_DELTA_USER,
1343 .comment = "NETR_DELTA_USER by rid 500"
1344 },
1345 {
1346 .rid = DOMAIN_RID_GUEST,
1347 .flags = 0,
1348 .db_index = SAM_DATABASE_DOMAIN,
1349 .delta_type = NETR_DELTA_USER,
1350 .sid = null_sid,
1351 .name = NULL,
1352 .expected_error = NT_STATUS_OK,
1353 .expected_num_results = 1,
1354 .expected_delta_type_1 = NETR_DELTA_USER,
1355 .comment = "NETR_DELTA_USER by rid 501"
1356 },
1357 {
1358 .rid = 0,
1359 .flags = NETR_CHANGELOG_SID_INCLUDED,
1360 .db_index = SAM_DATABASE_DOMAIN,
1361 .delta_type = NETR_DELTA_USER,
1362 .sid = *sid,
1363 .name = NULL,
1364 .expected_error = NT_STATUS_OK,
1365 .expected_num_results = 1,
1366 .expected_delta_type_1 = NETR_DELTA_DELETE_USER,
1367 .comment = "NETR_DELTA_USER by sid and flags"
1368 },
1369 {
1370 .rid = 0,
1371 .flags = NETR_CHANGELOG_SID_INCLUDED,
1372 .db_index = SAM_DATABASE_DOMAIN,
1373 .delta_type = NETR_DELTA_USER,
1374 .sid = null_sid,
1375 .name = NULL,
1376 .expected_error = NT_STATUS_OK,
1377 .expected_num_results = 1,
1378 .expected_delta_type_1 = NETR_DELTA_DELETE_USER,
1379 .comment = "NETR_DELTA_USER by null_sid and flags"
1380 },
1381 {
1382 .rid = 0,
1383 .flags = NETR_CHANGELOG_NAME_INCLUDED,
1384 .db_index = SAM_DATABASE_DOMAIN,
1385 .delta_type = NETR_DELTA_USER,
1386 .sid = null_sid,
1387 .name = "administrator",
1388 .expected_error = NT_STATUS_OK,
1389 .expected_num_results = 1,
1390 .expected_delta_type_1 = NETR_DELTA_DELETE_USER,
1391 .comment = "NETR_DELTA_USER by name 'administrator'"
1392 },
1393 {
1394 .rid = DOMAIN_RID_ADMINS,
1395 .flags = 0,
1396 .db_index = SAM_DATABASE_DOMAIN,
1397 .delta_type = NETR_DELTA_GROUP,
1398 .sid = null_sid,
1399 .name = NULL,
1400 .expected_error = NT_STATUS_OK,
1401 .expected_num_results = 2,
1402 .expected_delta_type_1 = NETR_DELTA_GROUP,
1403 .expected_delta_type_2 = NETR_DELTA_GROUP_MEMBER,
1404 .comment = "NETR_DELTA_GROUP by rid 512"
1405 },
1406 {
1407 .rid = DOMAIN_RID_ADMINS,
1408 .flags = 0,
1409 .db_index = SAM_DATABASE_DOMAIN,
1410 .delta_type = NETR_DELTA_GROUP_MEMBER,
1411 .sid = null_sid,
1412 .name = NULL,
1413 .expected_error = NT_STATUS_OK,
1414 .expected_num_results = 2,
1415 .expected_delta_type_1 = NETR_DELTA_GROUP,
1416 .expected_delta_type_2 = NETR_DELTA_GROUP_MEMBER,
1417 .comment = "NETR_DELTA_GROUP_MEMBER by rid 512"
1418 },
1419
1420
1421 /* SAM_DATABASE_BUILTIN */
1422
1423 {
1424 .rid = 0,
1425 .flags = 0,
1426 .db_index = SAM_DATABASE_BUILTIN,
1427 .delta_type = NETR_DELTA_MODIFY_COUNT,
1428 .sid = null_sid,
1429 .name = NULL,
1430 .expected_error = NT_STATUS_SYNCHRONIZATION_REQUIRED,
1431 .expected_num_results = 0,
1432 .comment = "NETR_DELTA_MODIFY_COUNT"
1433 },
1434 {
1435 .rid = 0,
1436 .flags = 0,
1437 .db_index = SAM_DATABASE_BUILTIN,
1438 .delta_type = NETR_DELTA_DOMAIN,
1439 .sid = null_sid,
1440 .name = NULL,
1441 .expected_error = NT_STATUS_OK,
1442 .expected_num_results = 1,
1443 .expected_delta_type_1 = NETR_DELTA_DOMAIN,
1444 .comment = "NETR_DELTA_DOMAIN"
1445 },
1446 {
1447 .rid = DOMAIN_RID_ADMINISTRATOR,
1448 .flags = 0,
1449 .db_index = SAM_DATABASE_BUILTIN,
1450 .delta_type = NETR_DELTA_USER,
1451 .sid = null_sid,
1452 .name = NULL,
1453 .expected_error = NT_STATUS_OK,
1454 .expected_num_results = 1,
1455 .expected_delta_type_1 = NETR_DELTA_DELETE_USER,
1456 .comment = "NETR_DELTA_USER by rid 500"
1457 },
1458 {
1459 .rid = 0,
1460 .flags = 0,
1461 .db_index = SAM_DATABASE_BUILTIN,
1462 .delta_type = NETR_DELTA_USER,
1463 .sid = null_sid,
1464 .name = NULL,
1465 .expected_error = NT_STATUS_OK,
1466 .expected_num_results = 1,
1467 .expected_delta_type_1 = NETR_DELTA_DELETE_USER,
1468 .comment = "NETR_DELTA_USER"
1469 },
1470 {
1471 .rid = 544,
1472 .flags = 0,
1473 .db_index = SAM_DATABASE_BUILTIN,
1474 .delta_type = NETR_DELTA_ALIAS,
1475 .sid = null_sid,
1476 .name = NULL,
1477 .expected_error = NT_STATUS_OK,
1478 .expected_num_results = 2,
1479 .expected_delta_type_1 = NETR_DELTA_ALIAS,
1480 .expected_delta_type_2 = NETR_DELTA_ALIAS_MEMBER,
1481 .comment = "NETR_DELTA_ALIAS by rid 544"
1482 },
1483 {
1484 .rid = 544,
1485 .flags = 0,
1486 .db_index = SAM_DATABASE_BUILTIN,
1487 .delta_type = NETR_DELTA_ALIAS_MEMBER,
1488 .sid = null_sid,
1489 .name = NULL,
1490 .expected_error = NT_STATUS_OK,
1491 .expected_num_results = 2,
1492 .expected_delta_type_1 = NETR_DELTA_ALIAS,
1493 .expected_delta_type_2 = NETR_DELTA_ALIAS_MEMBER,
1494 .comment = "NETR_DELTA_ALIAS_MEMBER by rid 544"
1495 },
1496 {
1497 .rid = 544,
1498 .flags = 0,
1499 .db_index = SAM_DATABASE_BUILTIN,
1500 .delta_type = 0,
1501 .sid = null_sid,
1502 .name = NULL,
1503 .expected_error = NT_STATUS_OK,
1504 .expected_num_results = 1,
1505 .expected_delta_type_1 = NETR_DELTA_DOMAIN,
1506 .comment = "NULL DELTA by rid 544"
1507 },
1508 {
1509 .rid = 544,
1510 .flags = NETR_CHANGELOG_SID_INCLUDED,
1511 .db_index = SAM_DATABASE_BUILTIN,
1512 .delta_type = 0,
1513 .sid = *dom_sid_parse_talloc(tctx, "S-1-5-32-544"),
1514 .name = NULL,
1515 .expected_error = NT_STATUS_OK,
1516 .expected_num_results = 1,
1517 .expected_delta_type_1 = NETR_DELTA_DOMAIN,
1518 .comment = "NULL DELTA by rid 544 sid S-1-5-32-544 and flags"
1519 },
1520 {
1521 .rid = 544,
1522 .flags = NETR_CHANGELOG_SID_INCLUDED,
1523 .db_index = SAM_DATABASE_BUILTIN,
1524 .delta_type = NETR_DELTA_ALIAS,
1525 .sid = *dom_sid_parse_talloc(tctx, "S-1-5-32-544"),
1526 .name = NULL,
1527 .expected_error = NT_STATUS_OK,
1528 .expected_num_results = 2,
1529 .expected_delta_type_1 = NETR_DELTA_ALIAS,
1530 .expected_delta_type_2 = NETR_DELTA_ALIAS_MEMBER,
1531 .comment = "NETR_DELTA_ALIAS by rid 544 and sid S-1-5-32-544 and flags"
1532 },
1533 {
1534 .rid = 0,
1535 .flags = NETR_CHANGELOG_SID_INCLUDED,
1536 .db_index = SAM_DATABASE_BUILTIN,
1537 .delta_type = NETR_DELTA_ALIAS,
1538 .sid = *dom_sid_parse_talloc(tctx, "S-1-5-32-544"),
1539 .name = NULL,
1540 .expected_error = NT_STATUS_OK,
1541 .expected_num_results = 1,
1542 .expected_delta_type_1 = NETR_DELTA_DELETE_ALIAS,
1543 .comment = "NETR_DELTA_ALIAS by sid S-1-5-32-544 and flags"
1544 },
1545
1546 /* SAM_DATABASE_PRIVS */
1547
1548 {
1549 .rid = 0,
1550 .flags = 0,
1551 .db_index = SAM_DATABASE_PRIVS,
1552 .delta_type = 0,
1553 .sid = null_sid,
1554 .name = NULL,
1555 .expected_error = NT_STATUS_ACCESS_DENIED,
1556 .expected_num_results = 0,
1557 .comment = "NULL DELTA"
1558 },
1559 {
1560 .rid = 0,
1561 .flags = 0,
1562 .db_index = SAM_DATABASE_PRIVS,
1563 .delta_type = NETR_DELTA_MODIFY_COUNT,
1564 .sid = null_sid,
1565 .name = NULL,
1566 .expected_error = NT_STATUS_SYNCHRONIZATION_REQUIRED,
1567 .expected_num_results = 0,
1568 .comment = "NETR_DELTA_MODIFY_COUNT"
1569 },
1570 {
1571 .rid = 0,
1572 .flags = 0,
1573 .db_index = SAM_DATABASE_PRIVS,
1574 .delta_type = NETR_DELTA_POLICY,
1575 .sid = null_sid,
1576 .name = NULL,
1577 .expected_error = NT_STATUS_OK,
1578 .expected_num_results = 1,
1579 .expected_delta_type_1 = NETR_DELTA_POLICY,
1580 .comment = "NETR_DELTA_POLICY"
1581 },
1582 {
1583 .rid = 0,
1584 .flags = NETR_CHANGELOG_SID_INCLUDED,
1585 .db_index = SAM_DATABASE_PRIVS,
1586 .delta_type = NETR_DELTA_POLICY,
1587 .sid = null_sid,
1588 .name = NULL,
1589 .expected_error = NT_STATUS_OK,
1590 .expected_num_results = 1,
1591 .expected_delta_type_1 = NETR_DELTA_POLICY,
1592 .comment = "NETR_DELTA_POLICY by null sid and flags"
1593 },
1594 {
1595 .rid = 0,
1596 .flags = NETR_CHANGELOG_SID_INCLUDED,
1597 .db_index = SAM_DATABASE_PRIVS,
1598 .delta_type = NETR_DELTA_POLICY,
1599 .sid = *dom_sid_parse_talloc(tctx, "S-1-5-32"),
1600 .name = NULL,
1601 .expected_error = NT_STATUS_OK,
1602 .expected_num_results = 1,
1603 .expected_delta_type_1 = NETR_DELTA_POLICY,
1604 .comment = "NETR_DELTA_POLICY by sid S-1-5-32 and flags"
1605 },
1606 {
1607 .rid = DOMAIN_RID_ADMINISTRATOR,
1608 .flags = 0,
1609 .db_index = SAM_DATABASE_PRIVS,
1610 .delta_type = NETR_DELTA_ACCOUNT,
1611 .sid = null_sid,
1612 .name = NULL,
1613 .expected_error = NT_STATUS_SYNCHRONIZATION_REQUIRED, /* strange */
1614 .expected_num_results = 0,
1615 .comment = "NETR_DELTA_ACCOUNT by rid 500"
1616 },
1617 {
1618 .rid = 0,
1619 .flags = NETR_CHANGELOG_SID_INCLUDED,
1620 .db_index = SAM_DATABASE_PRIVS,
1621 .delta_type = NETR_DELTA_ACCOUNT,
1622 .sid = *dom_sid_parse_talloc(tctx, "S-1-1-0"),
1623 .name = NULL,
1624 .expected_error = NT_STATUS_OK,
1625 .expected_num_results = 1,
1626 .expected_delta_type_1 = NETR_DELTA_ACCOUNT,
1627 .comment = "NETR_DELTA_ACCOUNT by sid S-1-1-0 and flags"
1628 },
1629 {
1630 .rid = 0,
1631 .flags = NETR_CHANGELOG_SID_INCLUDED |
1632 NETR_CHANGELOG_IMMEDIATE_REPL_REQUIRED,
1633 .db_index = SAM_DATABASE_PRIVS,
1634 .delta_type = NETR_DELTA_ACCOUNT,
1635 .sid = *dom_sid_parse_talloc(tctx, "S-1-1-0"),
1636 .name = NULL,
1637 .expected_error = NT_STATUS_OK,
1638 .expected_num_results = 1,
1639 .expected_delta_type_1 = NETR_DELTA_ACCOUNT,
1640 .comment = "NETR_DELTA_ACCOUNT by sid S-1-1-0 and 2 flags"
1641 },
1642 {
1643 .rid = 0,
1644 .flags = NETR_CHANGELOG_SID_INCLUDED |
1645 NETR_CHANGELOG_NAME_INCLUDED,
1646 .db_index = SAM_DATABASE_PRIVS,
1647 .delta_type = NETR_DELTA_ACCOUNT,
1648 .sid = *dom_sid_parse_talloc(tctx, "S-1-1-0"),
1649 .name = NULL,
1650 .expected_error = NT_STATUS_INVALID_PARAMETER,
1651 .expected_num_results = 0,
1652 .comment = "NETR_DELTA_ACCOUNT by sid S-1-1-0 and invalid flags"
1653 },
1654 {
1655 .rid = DOMAIN_RID_ADMINISTRATOR,
1656 .flags = NETR_CHANGELOG_SID_INCLUDED,
1657 .db_index = SAM_DATABASE_PRIVS,
1658 .delta_type = NETR_DELTA_ACCOUNT,
1659 .sid = *sid,
1660 .name = NULL,
1661 .expected_error = NT_STATUS_OK,
1662 .expected_num_results = 1,
1663 .expected_delta_type_1 = NETR_DELTA_DELETE_ACCOUNT,
1664 .comment = "NETR_DELTA_ACCOUNT by rid 500, sid and flags"
1665 },
1666 {
1667 .rid = 0,
1668 .flags = NETR_CHANGELOG_NAME_INCLUDED,
1669 .db_index = SAM_DATABASE_PRIVS,
1670 .delta_type = NETR_DELTA_SECRET,
1671 .sid = null_sid,
1672 .name = "IsurelydontexistIhope",
1673 .expected_error = NT_STATUS_OK,
1674 .expected_num_results = 1,
1675 .expected_delta_type_1 = NETR_DELTA_DELETE_SECRET,
1676 .comment = "NETR_DELTA_SECRET by name 'IsurelydontexistIhope' and flags"
1677 },
1678 {
1679 .rid = 0,
1680 .flags = NETR_CHANGELOG_NAME_INCLUDED,
1681 .db_index = SAM_DATABASE_PRIVS,
1682 .delta_type = NETR_DELTA_SECRET,
1683 .sid = null_sid,
1684 .name = "G$BCKUPKEY_P",
1685 .expected_error = NT_STATUS_OK,
1686 .expected_num_results = 1,
1687 .expected_delta_type_1 = NETR_DELTA_SECRET,
1688 .comment = "NETR_DELTA_SECRET by name 'G$BCKUPKEY_P' and flags"
1689 }
1690 };
1691
1692 ZERO_STRUCT(return_authenticator);
1693
1694 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1695 r.in.computername = TEST_MACHINE_NAME;
1696 r.in.return_authenticator = &return_authenticator;
1697 r.out.return_authenticator = &return_authenticator;
1698 r.out.delta_enum_array = &delta_enum_array;
1699
1700 for (d=0; d<3; d++) {
1701 const char *database = NULL;
1702
1703 switch (d) {
1704 case 0:
1705 database = "SAM";
1706 break;
1707 case 1:
1708 database = "BUILTIN";
1709 break;
1710 case 2:
1711 database = "LSA";
1712 break;
1713 default:
1714 break;
1715 }
1716
1717 torture_comment(tctx, "Testing DatabaseRedo\n");
1718
1719 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
1720 return false;
1721 }
1722
1723 for (i=0;i<ARRAY_SIZE(changes);i++) {
1724
1725 if (d != changes[i].db_index) {
1726 continue;
1727 }
1728
1729 netlogon_creds_client_authenticator(creds, &credential);
1730
1731 r.in.credential = &credential;
1732
1733 e.serial_number1 = 0;
1734 e.serial_number2 = 0;
1735 e.object_rid = changes[i].rid;
1736 e.flags = changes[i].flags;
1737 e.db_index = changes[i].db_index;
1738 e.delta_type = changes[i].delta_type;
1739
1740 switch (changes[i].flags & (NETR_CHANGELOG_NAME_INCLUDED | NETR_CHANGELOG_SID_INCLUDED)) {
1741 case NETR_CHANGELOG_SID_INCLUDED:
1742 e.object.object_sid = changes[i].sid;
1743 break;
1744 case NETR_CHANGELOG_NAME_INCLUDED:
1745 e.object.object_name = changes[i].name;
1746 break;
1747 default:
1748 break;
1749 }
1750
1751 r.in.change_log_entry = e;
1752
1753 torture_comment(tctx, "Testing DatabaseRedo with database %s and %s\n",
1754 database, changes[i].comment);
1755
1756 torture_assert_ntstatus_ok(tctx, dcerpc_netr_DatabaseRedo_r(b, tctx, &r),
1757 "DatabaseRedo failed");
1758 if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_NOT_SUPPORTED)) {
1759 return true;
1760 }
1761
1762 torture_assert_ntstatus_equal(tctx, r.out.result, changes[i].expected_error, changes[i].comment);
1763 if (delta_enum_array) {
1764 torture_assert_int_equal(tctx,
1765 delta_enum_array->num_deltas,
1766 changes[i].expected_num_results,
1767 changes[i].comment);
1768 if (delta_enum_array->num_deltas > 0) {
1769 torture_assert_int_equal(tctx,
1770 delta_enum_array->delta_enum[0].delta_type,
1771 changes[i].expected_delta_type_1,
1772 changes[i].comment);
1773 }
1774 if (delta_enum_array->num_deltas > 1) {
1775 torture_assert_int_equal(tctx,
1776 delta_enum_array->delta_enum[1].delta_type,
1777 changes[i].expected_delta_type_2,
1778 changes[i].comment);
1779 }
1780 }
1781
1782 if (!netlogon_creds_client_check(creds, &return_authenticator.cred)) {
1783 torture_comment(tctx, "Credential chaining failed\n");
1784 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
1785 return false;
1786 }
1787 }
1788 }
1789 }
1790 }
1791
1792 return true;
1793 }
1794
1795 /*
1796 try a netlogon AccountDeltas
1797 */
1798 static bool test_AccountDeltas(struct torture_context *tctx,
1799 struct dcerpc_pipe *p,
1800 struct cli_credentials *machine_credentials)
1801 {
1802 struct netr_AccountDeltas r;
1803 struct netlogon_creds_CredentialState *creds;
1804
1805 struct netr_AccountBuffer buffer;
1806 uint32_t count_returned = 0;
1807 uint32_t total_entries = 0;
1808 struct netr_UAS_INFO_0 recordid;
1809 struct netr_Authenticator return_authenticator;
1810 struct dcerpc_binding_handle *b = p->binding_handle;
1811
1812 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
1813 return false;
1814 }
1815
1816 ZERO_STRUCT(return_authenticator);
1817
1818 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1819 r.in.computername = TEST_MACHINE_NAME;
1820 r.in.return_authenticator = &return_authenticator;
1821 netlogon_creds_client_authenticator(creds, &r.in.credential);
1822 ZERO_STRUCT(r.in.uas);
1823 r.in.count=10;
1824 r.in.level=0;
1825 r.in.buffersize=100;
1826 r.out.buffer = &buffer;
1827 r.out.count_returned = &count_returned;
1828 r.out.total_entries = &total_entries;
1829 r.out.recordid = &recordid;
1830 r.out.return_authenticator = &return_authenticator;
1831
1832 /* w2k3 returns "NOT IMPLEMENTED" for this call */
1833 torture_assert_ntstatus_ok(tctx, dcerpc_netr_AccountDeltas_r(b, tctx, &r),
1834 "AccountDeltas failed");
1835 torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_NOT_IMPLEMENTED, "AccountDeltas");
1836
1837 return true;
1838 }
1839
1840 /*
1841 try a netlogon AccountSync
1842 */
1843 static bool test_AccountSync(struct torture_context *tctx, struct dcerpc_pipe *p,
1844 struct cli_credentials *machine_credentials)
1845 {
1846 struct netr_AccountSync r;
1847 struct netlogon_creds_CredentialState *creds;
1848
1849 struct netr_AccountBuffer buffer;
1850 uint32_t count_returned = 0;
1851 uint32_t total_entries = 0;
1852 uint32_t next_reference = 0;
1853 struct netr_UAS_INFO_0 recordid;
1854 struct netr_Authenticator return_authenticator;
1855 struct dcerpc_binding_handle *b = p->binding_handle;
1856
1857 ZERO_STRUCT(recordid);
1858 ZERO_STRUCT(return_authenticator);
1859
1860 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
1861 return false;
1862 }
1863
1864 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1865 r.in.computername = TEST_MACHINE_NAME;
1866 r.in.return_authenticator = &return_authenticator;
1867 netlogon_creds_client_authenticator(creds, &r.in.credential);
1868 r.in.recordid = &recordid;
1869 r.in.reference=0;
1870 r.in.level=0;
1871 r.in.buffersize=100;
1872 r.out.buffer = &buffer;
1873 r.out.count_returned = &count_returned;
1874 r.out.total_entries = &total_entries;
1875 r.out.next_reference = &next_reference;
1876 r.out.recordid = &recordid;
1877 r.out.return_authenticator = &return_authenticator;
1878
1879 /* w2k3 returns "NOT IMPLEMENTED" for this call */
1880 torture_assert_ntstatus_ok(tctx, dcerpc_netr_AccountSync_r(b, tctx, &r),
1881 "AccountSync failed");
1882 torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_NOT_IMPLEMENTED, "AccountSync");
1883
1884 return true;
1885 }
1886
1887 /*
1888 try a netlogon GetDcName
1889 */
1890 static bool test_GetDcName(struct torture_context *tctx,
1891 struct dcerpc_pipe *p)
1892 {
1893 struct netr_GetDcName r;
1894 const char *dcname = NULL;
1895 struct dcerpc_binding_handle *b = p->binding_handle;
1896
1897 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1898 r.in.domainname = lpcfg_workgroup(tctx->lp_ctx);
1899 r.out.dcname = &dcname;
1900
1901 torture_assert_ntstatus_ok(tctx, dcerpc_netr_GetDcName_r(b, tctx, &r),
1902 "GetDcName failed");
1903 torture_assert_werr_ok(tctx, r.out.result, "GetDcName failed");
1904
1905 torture_comment(tctx, "\tDC is at '%s'\n", dcname);
1906
1907 return true;
1908 }
1909
1910 static const char *function_code_str(TALLOC_CTX *mem_ctx,
1911 enum netr_LogonControlCode function_code)
1912 {
1913 switch (function_code) {
1914 case NETLOGON_CONTROL_QUERY:
1915 return "NETLOGON_CONTROL_QUERY";
1916 case NETLOGON_CONTROL_REPLICATE:
1917 return "NETLOGON_CONTROL_REPLICATE";
1918 case NETLOGON_CONTROL_SYNCHRONIZE:
1919 return "NETLOGON_CONTROL_SYNCHRONIZE";
1920 case NETLOGON_CONTROL_PDC_REPLICATE:
1921 return "NETLOGON_CONTROL_PDC_REPLICATE";
1922 case NETLOGON_CONTROL_REDISCOVER:
1923 return "NETLOGON_CONTROL_REDISCOVER";
1924 case NETLOGON_CONTROL_TC_QUERY:
1925 return "NETLOGON_CONTROL_TC_QUERY";
1926 case NETLOGON_CONTROL_TRANSPORT_NOTIFY:
1927 return "NETLOGON_CONTROL_TRANSPORT_NOTIFY";
1928 case NETLOGON_CONTROL_FIND_USER:
1929 return "NETLOGON_CONTROL_FIND_USER";
1930 case NETLOGON_CONTROL_CHANGE_PASSWORD:
1931 return "NETLOGON_CONTROL_CHANGE_PASSWORD";
1932 case NETLOGON_CONTROL_TC_VERIFY:
1933 return "NETLOGON_CONTROL_TC_VERIFY";
1934 case NETLOGON_CONTROL_FORCE_DNS_REG:
1935 return "NETLOGON_CONTROL_FORCE_DNS_REG";
1936 case NETLOGON_CONTROL_QUERY_DNS_REG:
1937 return "NETLOGON_CONTROL_QUERY_DNS_REG";
1938 case NETLOGON_CONTROL_BACKUP_CHANGE_LOG:
1939 return "NETLOGON_CONTROL_BACKUP_CHANGE_LOG";
1940 case NETLOGON_CONTROL_TRUNCATE_LOG:
1941 return "NETLOGON_CONTROL_TRUNCATE_LOG";
1942 case NETLOGON_CONTROL_SET_DBFLAG:
1943 return "NETLOGON_CONTROL_SET_DBFLAG";
1944 case NETLOGON_CONTROL_BREAKPOINT:
1945 return "NETLOGON_CONTROL_BREAKPOINT";
1946 default:
1947 return talloc_asprintf(mem_ctx, "unknown function code: %d",
1948 function_code);
1949 }
1950 }
1951
1952
1953 /*
1954 try a netlogon LogonControl
1955 */
1956 static bool test_LogonControl(struct torture_context *tctx,
1957 struct dcerpc_pipe *p,
1958 struct cli_credentials *machine_credentials)
1959
1960 {
1961 NTSTATUS status;
1962 struct netr_LogonControl r;
1963 union netr_CONTROL_QUERY_INFORMATION query;
1964 int i,f;
1965 enum netr_SchannelType secure_channel_type = SEC_CHAN_NULL;
1966 struct dcerpc_binding_handle *b = p->binding_handle;
1967
1968 uint32_t function_codes[] = {
1969 NETLOGON_CONTROL_QUERY,
1970 NETLOGON_CONTROL_REPLICATE,
1971 NETLOGON_CONTROL_SYNCHRONIZE,
1972 NETLOGON_CONTROL_PDC_REPLICATE,
1973 NETLOGON_CONTROL_REDISCOVER,
1974 NETLOGON_CONTROL_TC_QUERY,
1975 NETLOGON_CONTROL_TRANSPORT_NOTIFY,
1976 NETLOGON_CONTROL_FIND_USER,
1977 NETLOGON_CONTROL_CHANGE_PASSWORD,
1978 NETLOGON_CONTROL_TC_VERIFY,
1979 NETLOGON_CONTROL_FORCE_DNS_REG,
1980 NETLOGON_CONTROL_QUERY_DNS_REG,
1981 NETLOGON_CONTROL_BACKUP_CHANGE_LOG,
1982 NETLOGON_CONTROL_TRUNCATE_LOG,
1983 NETLOGON_CONTROL_SET_DBFLAG,
1984 NETLOGON_CONTROL_BREAKPOINT
1985 };
1986
1987 if (machine_credentials) {
1988 secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
1989 }
1990
1991 torture_comment(tctx, "Testing LogonControl with secure channel type: %d\n",
1992 secure_channel_type);
1993
1994 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1995 r.in.function_code = 1;
1996 r.out.query = &query;
1997
1998 for (f=0;f<ARRAY_SIZE(function_codes); f++) {
1999 for (i=1;i<5;i++) {
2000
2001 r.in.function_code = function_codes[f];
2002 r.in.level = i;
2003
2004 torture_comment(tctx, "Testing LogonControl function code %s (%d) level %d\n",
2005 function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
2006
2007 status = dcerpc_netr_LogonControl_r(b, tctx, &r);
2008 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
2009
2010 switch (r.in.level) {
2011 case 1:
2012 switch (r.in.function_code) {
2013 case NETLOGON_CONTROL_REPLICATE:
2014 case NETLOGON_CONTROL_SYNCHRONIZE:
2015 case NETLOGON_CONTROL_PDC_REPLICATE:
2016 case NETLOGON_CONTROL_BREAKPOINT:
2017 case NETLOGON_CONTROL_BACKUP_CHANGE_LOG:
2018 if ((secure_channel_type == SEC_CHAN_BDC) ||
2019 (secure_channel_type == SEC_CHAN_WKSTA)) {
2020 torture_assert_werr_equal(tctx, r.out.result, WERR_ACCESS_DENIED,
2021 "LogonControl returned unexpected error code");
2022 } else {
2023 torture_assert_werr_equal(tctx, r.out.result, WERR_NOT_SUPPORTED,
2024 "LogonControl returned unexpected error code");
2025 }
2026 break;
2027
2028 case NETLOGON_CONTROL_REDISCOVER:
2029 case NETLOGON_CONTROL_TC_QUERY:
2030 case NETLOGON_CONTROL_TRANSPORT_NOTIFY:
2031 case NETLOGON_CONTROL_FIND_USER:
2032 case NETLOGON_CONTROL_CHANGE_PASSWORD:
2033 case NETLOGON_CONTROL_TC_VERIFY:
2034 case NETLOGON_CONTROL_FORCE_DNS_REG:
2035 case NETLOGON_CONTROL_QUERY_DNS_REG:
2036 case NETLOGON_CONTROL_SET_DBFLAG:
2037 torture_assert_werr_equal(tctx, r.out.result, WERR_NOT_SUPPORTED,
2038 "LogonControl returned unexpected error code");
2039 break;
2040 case NETLOGON_CONTROL_TRUNCATE_LOG:
2041 if ((secure_channel_type == SEC_CHAN_BDC) ||
2042 (secure_channel_type == SEC_CHAN_WKSTA)) {
2043 torture_assert_werr_equal(tctx, r.out.result, WERR_ACCESS_DENIED,
2044 "LogonControl returned unexpected error code");
2045 } else {
2046 torture_assert_werr_ok(tctx, r.out.result,
2047 "LogonControl returned unexpected result");
2048 }
2049 break;
2050 default:
2051 torture_assert_werr_ok(tctx, r.out.result,
2052 "LogonControl returned unexpected result");
2053 break;
2054 }
2055 break;
2056 case 2:
2057 torture_assert_werr_equal(tctx, r.out.result, WERR_NOT_SUPPORTED,
2058 "LogonControl returned unexpected error code");
2059 break;
2060 default:
2061 torture_assert_werr_equal(tctx, r.out.result, WERR_UNKNOWN_LEVEL,
2062 "LogonControl returned unexpected error code");
2063 break;
2064 }
2065 }
2066 }
2067
2068 r.in.level = 52;
2069 torture_comment(tctx, "Testing LogonControl function code %s (%d) level %d\n",
2070 function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
2071 status = dcerpc_netr_LogonControl_r(b, tctx, &r);
2072 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
2073 torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_LEVEL, "LogonControl");
2074
2075 return true;
2076 }
2077
2078
2079 /*
2080 try a netlogon GetAnyDCName
2081 */
2082 static bool test_GetAnyDCName(struct torture_context *tctx,
2083 struct dcerpc_pipe *p)
2084 {
2085 NTSTATUS status;
2086 struct netr_GetAnyDCName r;
2087 const char *dcname = NULL;
2088 struct dcerpc_binding_handle *b = p->binding_handle;
2089
2090 r.in.domainname = lpcfg_workgroup(tctx->lp_ctx);
2091 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
2092 r.out.dcname = &dcname;
2093
2094 status = dcerpc_netr_GetAnyDCName_r(b, tctx, &r);
2095 torture_assert_ntstatus_ok(tctx, status, "GetAnyDCName");
2096 if ((!W_ERROR_IS_OK(r.out.result)) &&
2097 (!W_ERROR_EQUAL(r.out.result, WERR_NO_SUCH_DOMAIN))) {
2098 return false;
2099 }
2100
2101 if (dcname) {
2102 torture_comment(tctx, "\tDC is at '%s'\n", dcname);
2103 }
2104
2105 r.in.domainname = NULL;
2106
2107 status = dcerpc_netr_GetAnyDCName_r(b, tctx, &r);
2108 torture_assert_ntstatus_ok(tctx, status, "GetAnyDCName");
2109 if ((!W_ERROR_IS_OK(r.out.result)) &&
2110 (!W_ERROR_EQUAL(r.out.result, WERR_NO_SUCH_DOMAIN))) {
2111 return false;
2112 }
2113
2114 r.in.domainname = "";
2115
2116 status = dcerpc_netr_GetAnyDCName_r(b, tctx, &r);
2117 torture_assert_ntstatus_ok(tctx, status, "GetAnyDCName");
2118 if ((!W_ERROR_IS_OK(r.out.result)) &&
2119 (!W_ERROR_EQUAL(r.out.result, WERR_NO_SUCH_DOMAIN))) {
2120 return false;
2121 }
2122
2123 return true;
2124 }
2125
2126
2127 /*
2128 try a netlogon LogonControl2
2129 */
2130 static bool test_LogonControl2(struct torture_context *tctx,
2131 struct dcerpc_pipe *p,
2132 struct cli_credentials *machine_credentials)
2133
2134 {
2135 NTSTATUS status;
2136 struct netr_LogonControl2 r;
2137 union netr_CONTROL_DATA_INFORMATION data;
2138 union netr_CONTROL_QUERY_INFORMATION query;
2139 int i;
2140 struct dcerpc_binding_handle *b = p->binding_handle;
2141
2142 data.domain = lpcfg_workgroup(tctx->lp_ctx);
2143
2144 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
2145
2146 r.in.function_code = NETLOGON_CONTROL_REDISCOVER;
2147 r.in.data = &data;
2148 r.out.query = &query;
2149
2150 for (i=1;i<4;i++) {
2151 r.in.level = i;
2152
2153 torture_comment(tctx, "Testing LogonControl2 function code %s (%d) level %d\n",
2154 function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
2155
2156 status = dcerpc_netr_LogonControl2_r(b, tctx, &r);
2157 torture_assert_ntstatus_ok(tctx, status, "LogonControl2");
2158 }
2159
2160 data.domain = lpcfg_workgroup(tctx->lp_ctx);
2161
2162 r.in.function_code = NETLOGON_CONTROL_TC_QUERY;
2163 r.in.data = &data;
2164
2165 for (i=1;i<4;i++) {
2166 r.in.level = i;
2167
2168 torture_comment(tctx, "Testing LogonControl2 function code %s (%d) level %d\n",
2169 function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
2170
2171 status = dcerpc_netr_LogonControl2_r(b, tctx, &r);
2172 torture_assert_ntstatus_ok(tctx, status, "LogonControl2");
2173 }
2174
2175 data.domain = lpcfg_workgroup(tctx->lp_ctx);
2176
2177 r.in.function_code = NETLOGON_CONTROL_TRANSPORT_NOTIFY;
2178 r.in.data = &data;
2179
2180 for (i=1;i<4;i++) {
2181 r.in.level = i;
2182
2183 torture_comment(tctx, "Testing LogonControl2 function code %s (%d) level %d\n",
2184 function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
2185
2186 status = dcerpc_netr_LogonControl2_r(b, tctx, &r);
2187 torture_assert_ntstatus_ok(tctx, status, "LogonControl2");
2188 }
2189
2190 data.debug_level = ~0;
2191
2192 r.in.function_code = NETLOGON_CONTROL_SET_DBFLAG;
2193 r.in.data = &data;
2194
2195 for (i=1;i<4;i++) {
2196 r.in.level = i;
2197
2198 torture_comment(tctx, "Testing LogonControl2 function code %s (%d) level %d\n",
2199 function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
2200
2201 status = dcerpc_netr_LogonControl2_r(b, tctx, &r);
2202 torture_assert_ntstatus_ok(tctx, status, "LogonControl2");
2203 }
2204
2205 ZERO_STRUCT(data);
2206 r.in.function_code = 52;
2207 r.in.data = &data;
2208
2209 torture_comment(tctx, "Testing LogonControl2 function code %s (%d) level %d\n",
2210 function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
2211
2212 status = dcerpc_netr_LogonControl2_r(b, tctx, &r);
2213 torture_assert_ntstatus_ok(tctx, status, "LogonControl2");
2214 torture_assert_werr_equal(tctx, r.out.result, WERR_UNKNOWN_LEVEL, "LogonControl2");
2215
2216 data.debug_level = ~0;
2217
2218 r.in.function_code = NETLOGON_CONTROL_SET_DBFLAG;
2219 r.in.data = &data;
2220
2221 r.in.level = 52;
2222 torture_comment(tctx, "Testing LogonControl2 function code %s (%d) level %d\n",
2223 function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
2224
2225 status = dcerpc_netr_LogonControl2_r(b, tctx, &r);
2226 torture_assert_ntstatus_ok(tctx, status, "LogonControl2");
2227 torture_assert_werr_equal(tctx, r.out.result, WERR_UNKNOWN_LEVEL, "LogonControl2");
2228
2229 return true;
2230 }
2231
2232 /*
2233 try a netlogon DatabaseSync2
2234 */
2235 static bool test_DatabaseSync2(struct torture_context *tctx,
2236 struct dcerpc_pipe *p,
2237 struct cli_credentials *machine_credentials)
2238 {
2239 struct netr_DatabaseSync2 r;
2240 struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
2241 struct netr_Authenticator return_authenticator, credential;
2242
2243 struct netlogon_creds_CredentialState *creds;
2244 const uint32_t database_ids[] = {0, 1, 2};
2245 int i;
2246 struct dcerpc_binding_handle *b = p->binding_handle;
2247
2248 if (!test_SetupCredentials2(p, tctx, NETLOGON_NEG_AUTH2_FLAGS,
2249 machine_credentials,
2250 cli_credentials_get_secure_channel_type(machine_credentials),
2251 &creds)) {
2252 return false;
2253 }
2254
2255 ZERO_STRUCT(return_authenticator);
2256
2257 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
2258 r.in.computername = TEST_MACHINE_NAME;
2259 r.in.preferredmaximumlength = (uint32_t)-1;
2260 r.in.return_authenticator = &return_authenticator;
2261 r.out.return_authenticator = &return_authenticator;
2262 r.out.delta_enum_array = &delta_enum_array;
2263
2264 for (i=0;i<ARRAY_SIZE(database_ids);i++) {
2265
2266 uint32_t sync_context = 0;
2267
2268 r.in.database_id = database_ids[i];
2269 r.in.sync_context = &sync_context;
2270 r.out.sync_context = &sync_context;
2271 r.in.restart_state = 0;
2272
2273 torture_comment(tctx, "Testing DatabaseSync2 of id %d\n", r.in.database_id);
2274
2275 do {
2276 netlogon_creds_client_authenticator(creds, &credential);
2277
2278 r.in.credential = &credential;
2279
2280 torture_assert_ntstatus_ok(tctx, dcerpc_netr_DatabaseSync2_r(b, tctx, &r),
2281 "DatabaseSync2 failed");
2282 if (NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES))
2283 break;
2284
2285 /* Native mode servers don't do this */
2286 if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_NOT_SUPPORTED)) {
2287 return true;
2288 }
2289
2290 torture_assert_ntstatus_ok(tctx, r.out.result, "DatabaseSync2");
2291
2292 if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
2293 torture_comment(tctx, "Credential chaining failed\n");
2294 }
2295
2296 } while (NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES));
2297 }
2298
2299 return true;
2300 }
2301
2302
2303 /*
2304 try a netlogon LogonControl2Ex
2305 */
2306 static bool test_LogonControl2Ex(struct torture_context *tctx,
2307 struct dcerpc_pipe *p,
2308 struct cli_credentials *machine_credentials)
2309
2310 {
2311 NTSTATUS status;
2312 struct netr_LogonControl2Ex r;
2313 union netr_CONTROL_DATA_INFORMATION data;
2314 union netr_CONTROL_QUERY_INFORMATION query;
2315 int i;
2316 struct dcerpc_binding_handle *b = p->binding_handle;
2317
2318 data.domain = lpcfg_workgroup(tctx->lp_ctx);
2319
2320 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
2321
2322 r.in.function_code = NETLOGON_CONTROL_REDISCOVER;
2323 r.in.data = &data;
2324 r.out.query = &query;
2325
2326 for (i=1;i<4;i++) {
2327 r.in.level = i;
2328
2329 torture_comment(tctx, "Testing LogonControl2Ex level %d function %d\n",
2330 i, r.in.function_code);
2331
2332 status = dcerpc_netr_LogonControl2Ex_r(b, tctx, &r);
2333 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
2334 }
2335
2336 data.domain = lpcfg_workgroup(tctx->lp_ctx);
2337
2338 r.in.function_code = NETLOGON_CONTROL_TC_QUERY;
2339 r.in.data = &data;
2340
2341 for (i=1;i<4;i++) {
2342 r.in.level = i;
2343
2344 torture_comment(tctx, "Testing LogonControl2Ex level %d function %d\n",
2345 i, r.in.function_code);
2346
2347 status = dcerpc_netr_LogonControl2Ex_r(b, tctx, &r);
2348 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
2349 }
2350
2351 data.domain = lpcfg_workgroup(tctx->lp_ctx);
2352
2353 r.in.function_code = NETLOGON_CONTROL_TRANSPORT_NOTIFY;
2354 r.in.data = &data;
2355
2356 for (i=1;i<4;i++) {
2357 r.in.level = i;
2358
2359 torture_comment(tctx, "Testing LogonControl2Ex level %d function %d\n",
2360 i, r.in.function_code);
2361
2362 status = dcerpc_netr_LogonControl2Ex_r(b, tctx, &r);
2363 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
2364 }
2365
2366 data.debug_level = ~0;
2367
2368 r.in.function_code = NETLOGON_CONTROL_SET_DBFLAG;
2369 r.in.data = &data;
2370
2371 for (i=1;i<4;i++) {
2372 r.in.level = i;
2373
2374 torture_comment(tctx, "Testing LogonControl2Ex level %d function %d\n",
2375 i, r.in.function_code);
2376
2377 status = dcerpc_netr_LogonControl2Ex_r(b, tctx, &r);
2378 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
2379 }
2380
2381 return true;
2382 }
2383
2384 static bool test_netr_GetForestTrustInformation(struct torture_context *tctx,
2385 struct dcerpc_pipe *p,
2386 struct cli_credentials *machine_credentials)
2387 {
2388 struct netr_GetForestTrustInformation r;
2389 struct netlogon_creds_CredentialState *creds;
2390 struct netr_Authenticator a;
2391 struct netr_Authenticator return_authenticator;
2392 struct lsa_ForestTrustInformation *forest_trust_info;
2393 struct dcerpc_binding_handle *b = p->binding_handle;
2394
2395 if (!test_SetupCredentials3(p, tctx, NETLOGON_NEG_AUTH2_ADS_FLAGS,
2396 machine_credentials, &creds)) {
2397 return false;
2398 }
2399
2400 netlogon_creds_client_authenticator(creds, &a);
2401
2402 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
2403 r.in.computer_name = TEST_MACHINE_NAME;
2404 r.in.credential = &a;
2405 r.in.flags = 0;
2406 r.out.return_authenticator = &return_authenticator;
2407 r.out.forest_trust_info = &forest_trust_info;
2408
2409 torture_assert_ntstatus_ok(tctx,
2410 dcerpc_netr_GetForestTrustInformation_r(b, tctx, &r),
2411 "netr_GetForestTrustInformation failed");
2412 if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_NOT_IMPLEMENTED)) {
2413 torture_comment(tctx, "not considering NT_STATUS_NOT_IMPLEMENTED as an error\n");
2414 } else {
2415 torture_assert_ntstatus_ok(tctx, r.out.result,
2416 "netr_GetForestTrustInformation failed");
2417 }
2418
2419 torture_assert(tctx,
2420 netlogon_creds_client_check(creds, &return_authenticator.cred),
2421 "Credential chaining failed");
2422
2423 return true;
2424 }
2425
2426 static bool test_netr_DsRGetForestTrustInformation(struct torture_context *tctx,
2427 struct dcerpc_pipe *p, const char *trusted_domain_name)
2428 {
2429 NTSTATUS status;
2430 struct netr_DsRGetForestTrustInformation r;
2431 struct lsa_ForestTrustInformation info, *info_ptr;
2432 struct dcerpc_binding_handle *b = p->binding_handle;
2433
2434 info_ptr = &info;
2435
2436 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
2437 r.in.trusted_domain_name = trusted_domain_name;
2438 r.in.flags = 0;
2439 r.out.forest_trust_info = &info_ptr;
2440
2441 torture_comment(tctx ,"Testing netr_DsRGetForestTrustInformation\n");
2442
2443 status = dcerpc_netr_DsRGetForestTrustInformation_r(b, tctx, &r);
2444 torture_assert_ntstatus_ok(tctx, status, "DsRGetForestTrustInformation");
2445 torture_assert_werr_ok(tctx, r.out.result, "DsRGetForestTrustInformation");
2446
2447 return true;
2448 }
2449
2450 /*
2451 try a netlogon netr_DsrEnumerateDomainTrusts
2452 */
2453 static bool test_DsrEnumerateDomainTrusts(struct torture_context *tctx,
2454 struct dcerpc_pipe *p)
2455 {
2456 NTSTATUS status;
2457 struct netr_DsrEnumerateDomainTrusts r;
2458 struct netr_DomainTrustList trusts;
2459 int i;
2460 struct dcerpc_binding_handle *b = p->binding_handle;
2461
2462 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
2463 r.in.trust_flags = 0x3f;
2464 r.out.trusts = &trusts;
2465
2466 status = dcerpc_netr_DsrEnumerateDomainTrusts_r(b, tctx, &r);
2467 torture_assert_ntstatus_ok(tctx, status, "DsrEnumerateDomaintrusts");
2468 torture_assert_werr_ok(tctx, r.out.result, "DsrEnumerateDomaintrusts");
2469
2470 /* when trusted_domain_name is NULL, netr_DsRGetForestTrustInformation
2471 * will show non-forest trusts and all UPN suffixes of the own forest
2472 * as LSA_FOREST_TRUST_TOP_LEVEL_NAME types */
2473
2474 if (r.out.trusts->count) {
2475 if (!test_netr_DsRGetForestTrustInformation(tctx, p, NULL)) {
2476 return false;
2477 }
2478 }
2479
2480 for (i=0; i<r.out.trusts->count; i++) {
2481
2482 /* get info for transitive forest trusts */
2483
2484 if (r.out.trusts->array[i].trust_attributes & NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE) {
2485 if (!test_netr_DsRGetForestTrustInformation(tctx, p,
2486 r.out.trusts->array[i].dns_name)) {
2487 return false;
2488 }
2489 }
2490 }
2491
2492 return true;
2493 }
2494
2495 static bool test_netr_NetrEnumerateTrustedDomains(struct torture_context *tctx,
2496 struct dcerpc_pipe *p)
2497 {
2498 NTSTATUS status;
2499 struct netr_NetrEnumerateTrustedDomains r;
2500 struct netr_Blob trusted_domains_blob;
2501 struct dcerpc_binding_handle *b = p->binding_handle;
2502
2503 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
2504 r.out.trusted_domains_blob = &trusted_domains_blob;
2505
2506 status = dcerpc_netr_NetrEnumerateTrustedDomains_r(b, tctx, &r);
2507 torture_assert_ntstatus_ok(tctx, status, "netr_NetrEnumerateTrustedDomains");
2508 torture_assert_ntstatus_ok(tctx, r.out.result, "NetrEnumerateTrustedDomains");
2509
2510 return true;
2511 }
2512
2513 static bool test_netr_NetrEnumerateTrustedDomainsEx(struct torture_context *tctx,
2514 struct dcerpc_pipe *p)
2515 {
2516 NTSTATUS status;
2517 struct netr_NetrEnumerateTrustedDomainsEx r;
2518 struct netr_DomainTrustList dom_trust_list;
2519 struct dcerpc_binding_handle *b = p->binding_handle;
2520
2521 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
2522 r.out.dom_trust_list = &dom_trust_list;
2523
2524 status = dcerpc_netr_NetrEnumerateTrustedDomainsEx_r(b, tctx, &r);
2525 torture_assert_ntstatus_ok(tctx, status, "netr_NetrEnumerateTrustedDomainsEx");
2526 torture_assert_werr_ok(tctx, r.out.result, "NetrEnumerateTrustedDomainsEx");
2527
2528 return true;
2529 }
2530
2531
2532 static bool test_netr_DsRGetSiteName(struct dcerpc_pipe *p, struct torture_context *tctx,
2533 const char *computer_name,
2534 const char *expected_site)
2535 {
2536 NTSTATUS status;
2537 struct netr_DsRGetSiteName r;
2538 const char *site = NULL;
2539 struct dcerpc_binding_handle *b = p->binding_handle;
2540
2541 r.in.computer_name = computer_name;
2542 r.out.site = &site;
2543 torture_comment(tctx, "Testing netr_DsRGetSiteName\n");
2544
2545 status = dcerpc_netr_DsRGetSiteName_r(b, tctx, &r);
2546 torture_assert_ntstatus_ok(tctx, status, "DsRGetSiteName");
2547 torture_assert_werr_ok(tctx, r.out.result, "DsRGetSiteName");
2548 torture_assert_str_equal(tctx, expected_site, site, "netr_DsRGetSiteName");
2549
2550 return true;
2551 }
2552
2553 /*
2554 try a netlogon netr_DsRGetDCName
2555 */
2556 static bool test_netr_DsRGetDCName(struct torture_context *tctx,
2557 struct dcerpc_pipe *p)
2558 {
2559 NTSTATUS status;
2560 struct netr_DsRGetDCName r;
2561 struct netr_DsRGetDCNameInfo *info = NULL;
2562 struct dcerpc_binding_handle *b = p->binding_handle;
2563
2564 r.in.server_unc = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
2565 r.in.domain_name = lpcfg_dnsdomain(tctx->lp_ctx);
2566 r.in.domain_guid = NULL;
2567 r.in.site_guid = NULL;
2568 r.in.flags = DS_RETURN_DNS_NAME;
2569 r.out.info = &info;
2570
2571 status = dcerpc_netr_DsRGetDCName_r(b, tctx, &r);
2572 torture_assert_ntstatus_ok(tctx, status, "DsRGetDCName");
2573 torture_assert_werr_ok(tctx, r.out.result, "DsRGetDCName");
2574
2575 torture_assert_int_equal(tctx,
2576 (info->dc_flags & (DS_DNS_CONTROLLER)),
2577 DS_DNS_CONTROLLER,
2578 "DsRGetDCName");
2579 torture_assert_int_equal(tctx,
2580 (info->dc_flags & (DS_DNS_DOMAIN)),
2581 DS_DNS_DOMAIN,
2582 "DsRGetDCName");
2583 torture_assert_int_equal(tctx,
2584 (info->dc_flags & (DS_DNS_FOREST_ROOT)),
2585 DS_DNS_FOREST_ROOT,
2586 "DsRGetDCName");
2587
2588 r.in.domain_name = lpcfg_workgroup(tctx->lp_ctx);
2589 r.in.flags = 0;
2590
2591 status = dcerpc_netr_DsRGetDCName_r(b, tctx, &r);
2592 torture_assert_ntstatus_ok(tctx, status, "DsRGetDCName");
2593 torture_assert_werr_ok(tctx, r.out.result, "DsRGetDCName");
2594
2595 torture_assert_int_equal(tctx,
2596 (info->dc_flags & (DS_DNS_CONTROLLER)), 0,
2597 "DsRGetDCName");
2598 torture_assert_int_equal(tctx,
2599 (info->dc_flags & (DS_DNS_DOMAIN)), 0,
2600 "DsRGetDCName");
2601 torture_assert_int_equal(tctx,
2602 (info->dc_flags & (DS_DNS_FOREST_ROOT)),
2603 DS_DNS_FOREST_ROOT,
2604 "DsRGetDCName");
2605
2606 if (strcasecmp(info->dc_site_name, info->client_site_name) == 0) {
2607 torture_assert_int_equal(tctx,
2608 (info->dc_flags & (DS_SERVER_CLOSEST)),
2609 DS_SERVER_CLOSEST,
2610 "DsRGetDCName");
2611 }
2612
2613 return test_netr_DsRGetSiteName(p, tctx,
2614 info->dc_unc,
2615 info->dc_site_name);
2616 }
2617
2618 /*
2619 try a netlogon netr_DsRGetDCNameEx
2620 */
2621 static bool test_netr_DsRGetDCNameEx(struct torture_context *tctx,
2622 struct dcerpc_pipe *p)
2623 {
2624 NTSTATUS status;
2625 struct netr_DsRGetDCNameEx r;
2626 struct netr_DsRGetDCNameInfo *info = NULL;
2627 struct dcerpc_binding_handle *b = p->binding_handle;
2628
2629 r.in.server_unc = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
2630 r.in.domain_name = lpcfg_dnsdomain(tctx->lp_ctx);
2631 r.in.domain_guid = NULL;
2632 r.in.site_name = NULL;
2633 r.in.flags = DS_RETURN_DNS_NAME;
2634 r.out.info = &info;
2635
2636 status = dcerpc_netr_DsRGetDCNameEx_r(b, tctx, &r);
2637 torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx");
2638 torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx");
2639
2640 torture_assert_int_equal(tctx,
2641 (info->dc_flags & (DS_DNS_CONTROLLER)),
2642 DS_DNS_CONTROLLER,
2643 "DsRGetDCNameEx");
2644 torture_assert_int_equal(tctx,
2645 (info->dc_flags & (DS_DNS_DOMAIN)),
2646 DS_DNS_DOMAIN,
2647 "DsRGetDCNameEx");
2648 torture_assert_int_equal(tctx,
2649 (info->dc_flags & (DS_DNS_FOREST_ROOT)),
2650 DS_DNS_FOREST_ROOT,
2651 "DsRGetDCNameEx");
2652
2653 r.in.domain_name = lpcfg_workgroup(tctx->lp_ctx);
2654 r.in.flags = 0;
2655
2656 status = dcerpc_netr_DsRGetDCNameEx_r(b, tctx, &r);
2657 torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx");
2658 torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx");
2659
2660 torture_assert_int_equal(tctx,
2661 (info->dc_flags & (DS_DNS_CONTROLLER)), 0,
2662 "DsRGetDCNameEx");
2663 torture_assert_int_equal(tctx,
2664 (info->dc_flags & (DS_DNS_DOMAIN)), 0,
2665 "DsRGetDCNameEx");
2666 torture_assert_int_equal(tctx,
2667 (info->dc_flags & (DS_DNS_FOREST_ROOT)),
2668 DS_DNS_FOREST_ROOT,
2669 "DsRGetDCNameEx");
2670
2671 if (strcasecmp(info->dc_site_name, info->client_site_name) == 0) {
2672 torture_assert_int_equal(tctx,
2673 (info->dc_flags & (DS_SERVER_CLOSEST)),
2674 DS_SERVER_CLOSEST,
2675 "DsRGetDCNameEx");
2676 }
2677
2678 return test_netr_DsRGetSiteName(p, tctx, info->dc_unc,
2679 info->dc_site_name);
2680 }
2681
2682 /*
2683 try a netlogon netr_DsRGetDCNameEx2
2684 */
2685 static bool test_netr_DsRGetDCNameEx2(struct torture_context *tctx,
2686 struct dcerpc_pipe *p)
2687 {
2688 NTSTATUS status;
2689 struct netr_DsRGetDCNameEx2 r;
2690 struct netr_DsRGetDCNameInfo *info = NULL;
2691 struct dcerpc_binding_handle *b = p->binding_handle;
2692
2693 torture_comment(tctx, "Testing netr_DsRGetDCNameEx2 with no inputs\n");
2694 ZERO_STRUCT(r.in);
2695 r.in.flags = DS_RETURN_DNS_NAME;
2696 r.out.info = &info;
2697
2698 status = dcerpc_netr_DsRGetDCNameEx2_r(b, tctx, &r);
2699 torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx2");
2700 torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx2");
2701
2702 torture_assert_int_equal(tctx,
2703 (info->dc_flags & (DS_DNS_CONTROLLER)),
2704 DS_DNS_CONTROLLER,
2705 "DsRGetDCNameEx2");
2706 torture_assert_int_equal(tctx,
2707 (info->dc_flags & (DS_DNS_DOMAIN)),
2708 DS_DNS_DOMAIN,
2709 "DsRGetDCNameEx2");
2710 torture_assert_int_equal(tctx,
2711 (info->dc_flags & (DS_DNS_FOREST_ROOT)),
2712 DS_DNS_FOREST_ROOT,
2713 "DsRGetDCNameEx2");
2714
2715 r.in.server_unc = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
2716 r.in.client_account = NULL;
2717 r.in.mask = 0x00000000;
2718 r.in.domain_name = lpcfg_dnsdomain(tctx->lp_ctx);
2719 r.in.domain_guid = NULL;
2720 r.in.site_name = NULL;
2721 r.in.flags = DS_RETURN_DNS_NAME;
2722 r.out.info = &info;
2723
2724 torture_comment(tctx, "Testing netr_DsRGetDCNameEx2 without client account\n");
2725
2726 status = dcerpc_netr_DsRGetDCNameEx2_r(b, tctx, &r);
2727 torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx2");
2728 torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx2");
2729
2730 r.in.domain_name = lpcfg_workgroup(tctx->lp_ctx);
2731 r.in.flags = 0;
2732
2733 status = dcerpc_netr_DsRGetDCNameEx2_r(b, tctx, &r);
2734 torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx2");
2735 torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx2");
2736
2737 torture_assert_int_equal(tctx,
2738 (info->dc_flags & (DS_DNS_CONTROLLER)), 0,
2739 "DsRGetDCNameEx2");
2740 torture_assert_int_equal(tctx,
2741 (info->dc_flags & (DS_DNS_DOMAIN)), 0,
2742 "DsRGetDCNameEx2");
2743 torture_assert_int_equal(tctx,
2744 (info->dc_flags & (DS_DNS_FOREST_ROOT)),
2745 DS_DNS_FOREST_ROOT,
2746 "DsRGetDCNameEx2");
2747
2748 if (strcasecmp(info->dc_site_name, info->client_site_name) == 0) {
2749 torture_assert_int_equal(tctx,
2750 (info->dc_flags & (DS_SERVER_CLOSEST)),
2751 DS_SERVER_CLOSEST,
2752 "DsRGetDCNameEx2");
2753 }
2754
2755 torture_comment(tctx, "Testing netr_DsRGetDCNameEx2 with client account\n");
2756 r.in.client_account = TEST_MACHINE_NAME"$";
2757 r.in.mask = ACB_SVRTRUST;
2758 r.in.flags = DS_RETURN_FLAT_NAME;
2759 r.out.info = &info;
2760
2761 status = dcerpc_netr_DsRGetDCNameEx2_r(b, tctx, &r);
2762 torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx2");
2763 torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx2");
2764
2765 return test_netr_DsRGetSiteName(p, tctx, info->dc_unc,
2766 info->dc_site_name);
2767 }
2768
2769 /* This is a substitution for "samdb_server_site_name" which relies on the
2770 * correct "lp_ctx" and therefore can't be used here. */
2771 static const char *server_site_name(struct torture_context *tctx,
2772 struct ldb_context *ldb)
2773 {
2774 TALLOC_CTX *tmp_ctx;
2775 struct ldb_dn *dn, *server_dn;
2776 const struct ldb_val *site_name_val;
2777 const char *server_dn_str, *site_name;
2778
2779 tmp_ctx = talloc_new(ldb);
2780 if (tmp_ctx == NULL) {
2781 goto failed;
2782 }
2783
2784 dn = ldb_dn_new(tmp_ctx, ldb, "");
2785 if (dn == NULL) {
2786 goto failed;
2787 }
2788
2789 server_dn_str = samdb_search_string(ldb, tmp_ctx, dn, "serverName",
2790 NULL);
2791 if (server_dn_str == NULL) {
2792 goto failed;
2793 }
2794
2795 server_dn = ldb_dn_new(tmp_ctx, ldb, server_dn_str);
2796 if (server_dn == NULL) {
2797 goto failed;
2798 }
2799
2800 /* CN=<Server name>, CN=Servers, CN=<Site name>, CN=Sites, ... */
2801 site_name_val = ldb_dn_get_component_val(server_dn, 2);
2802 if (site_name_val == NULL) {
2803 goto failed;
2804 }
2805
2806 site_name = (const char *) site_name_val->data;
2807
2808 talloc_steal(tctx, site_name);
2809 talloc_free(tmp_ctx);
2810
2811 return site_name;
2812
2813 failed:
2814 talloc_free(tmp_ctx);
2815 return NULL;
2816 }
2817
2818 static bool test_netr_DsrGetDcSiteCoverageW(struct torture_context *tctx,
2819 struct dcerpc_pipe *p)
2820 {
2821 char *url;
2822 struct ldb_context *sam_ctx = NULL;
2823 NTSTATUS status;
2824 struct netr_DsrGetDcSiteCoverageW r;
2825 struct DcSitesCtr *ctr = NULL;
2826 struct dcerpc_binding_handle *b = p->binding_handle;
2827
2828 torture_comment(tctx, "This does only pass with the default site\n");
2829
2830 /* We won't double-check this when we are over 'local' transports */
2831 if (dcerpc_server_name(p)) {
2832 /* Set up connection to SAMDB on DC */
2833 url = talloc_asprintf(tctx, "ldap://%s", dcerpc_server_name(p));
2834 sam_ctx = ldb_wrap_connect(tctx, tctx->ev, tctx->lp_ctx, url,
2835 NULL,
2836 cmdline_credentials,
2837 0);
2838
2839 torture_assert(tctx, sam_ctx, "Connection to the SAMDB on DC failed!");
2840 }
2841
2842 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
2843 r.out.ctr = &ctr;
2844
2845 status = dcerpc_netr_DsrGetDcSiteCoverageW_r(b, tctx, &r);
2846 torture_assert_ntstatus_ok(tctx, status, "failed");
2847 torture_assert_werr_ok(tctx, r.out.result, "failed");
2848
2849 torture_assert(tctx, ctr->num_sites == 1,
2850 "we should per default only get the default site");
2851 if (sam_ctx != NULL) {
2852 torture_assert_casestr_equal(tctx, ctr->sites[0].string,
2853 server_site_name(tctx, sam_ctx),
2854 "didn't return default site");
2855 }
2856
2857 return true;
2858 }
2859
2860 static bool test_netr_DsRAddressToSitenamesW(struct torture_context *tctx,
2861 struct dcerpc_pipe *p)
2862 {
2863 char *url;
2864 struct ldb_context *sam_ctx = NULL;
2865 NTSTATUS status;
2866 struct netr_DsRAddressToSitenamesW r;
2867 struct netr_DsRAddress addrs[6];
2868 struct sockaddr_in *addr;
2869 #ifdef HAVE_IPV6
2870 struct sockaddr_in6 *addr6;
2871 #endif
2872 struct netr_DsRAddressToSitenamesWCtr *ctr;
2873 struct dcerpc_binding_handle *b = p->binding_handle;
2874 uint32_t i;
2875 int ret;
2876
2877 torture_comment(tctx, "This does only pass with the default site\n");
2878
2879 /* We won't double-check this when we are over 'local' transports */
2880 if (dcerpc_server_name(p)) {
2881 /* Set up connection to SAMDB on DC */
2882 url = talloc_asprintf(tctx, "ldap://%s", dcerpc_server_name(p));
2883 sam_ctx = ldb_wrap_connect(tctx, tctx->ev, tctx->lp_ctx, url,
2884 NULL,
2885 cmdline_credentials,
2886 0);
2887
2888 torture_assert(tctx, sam_ctx, "Connection to the SAMDB on DC failed!");
2889 }
2890
2891 /* First try valid IP addresses */
2892
2893 addrs[0].size = sizeof(struct sockaddr_in);
2894 addrs[0].buffer = talloc_zero_array(tctx, uint8_t, addrs[0].size);
2895 addr = (struct sockaddr_in *) addrs[0].buffer;
2896 addrs[0].buffer[0] = AF_INET;
2897 ret = inet_pton(AF_INET, "127.0.0.1", &addr->sin_addr);
2898 torture_assert(tctx, ret > 0, "inet_pton failed");
2899
2900 addrs[1].size = sizeof(struct sockaddr_in);
2901 addrs[1].buffer = talloc_zero_array(tctx, uint8_t, addrs[1].size);
2902 addr = (struct sockaddr_in *) addrs[1].buffer;
2903 addrs[1].buffer[0] = AF_INET;
2904 ret = inet_pton(AF_INET, "0.0.0.0", &addr->sin_addr);
2905 torture_assert(tctx, ret > 0, "inet_pton failed");
2906
2907 addrs[2].size = sizeof(struct sockaddr_in);
2908 addrs[2].buffer = talloc_zero_array(tctx, uint8_t, addrs[2].size);
2909 addr = (struct sockaddr_in *) addrs[2].buffer;
2910 addrs[2].buffer[0] = AF_INET;
2911 ret = inet_pton(AF_INET, "255.255.255.255", &addr->sin_addr);
2912 torture_assert(tctx, ret > 0, "inet_pton failed");
2913
2914 #ifdef HAVE_IPV6
2915 addrs[3].size = sizeof(struct sockaddr_in6);
2916 addrs[3].buffer = talloc_zero_array(tctx, uint8_t, addrs[3].size);
2917 addr6 = (struct sockaddr_in6 *) addrs[3].buffer;
2918 addrs[3].buffer[0] = AF_INET6;
2919 ret = inet_pton(AF_INET6, "::1", &addr6->sin6_addr);
2920 torture_assert(tctx, ret > 0, "inet_pton failed");
2921
2922 addrs[4].size = sizeof(struct sockaddr_in6);
2923 addrs[4].buffer = talloc_zero_array(tctx, uint8_t, addrs[4].size);
2924 addr6 = (struct sockaddr_in6 *) addrs[4].buffer;
2925 addrs[4].buffer[0] = AF_INET6;
2926 ret = inet_pton(AF_INET6, "::", &addr6->sin6_addr);
2927 torture_assert(tctx, ret > 0, "inet_pton failed");
2928
2929 addrs[5].size = sizeof(struct sockaddr_in6);
2930 addrs[5].buffer = talloc_zero_array(tctx, uint8_t, addrs[5].size);
2931 addr6 = (struct sockaddr_in6 *) addrs[5].buffer;
2932 addrs[5].buffer[0] = AF_INET6;
2933 ret = inet_pton(AF_INET6, "ff02::1", &addr6->sin6_addr);
2934 torture_assert(tctx, ret > 0, "inet_pton failed");
2935 #else
2936 /* the test cases are repeated to have exactly 6. This is for
2937 * compatibility with IPv4-only machines */
2938 addrs[3].size = sizeof(struct sockaddr_in);
2939 addrs[3].buffer = talloc_zero_array(tctx, uint8_t, addrs[3].size);
2940 addr = (struct sockaddr_in *) addrs[3].buffer;
2941 addrs[3].buffer[0] = AF_INET;
2942 ret = inet_pton(AF_INET, "127.0.0.1", &addr->sin_addr);
2943 torture_assert(tctx, ret > 0, "inet_pton failed");
2944
2945 addrs[4].size = sizeof(struct sockaddr_in);
2946 addrs[4].buffer = talloc_zero_array(tctx, uint8_t, addrs[4].size);
2947 addr = (struct sockaddr_in *) addrs[4].buffer;
2948 addrs[4].buffer[0] = AF_INET;
2949 ret = inet_pton(AF_INET, "0.0.0.0", &addr->sin_addr);
2950 torture_assert(tctx, ret > 0, "inet_pton failed");
2951
2952 addrs[5].size = sizeof(struct sockaddr_in);
2953 addrs[5].buffer = talloc_zero_array(tctx, uint8_t, addrs[5].size);
2954 addr = (struct sockaddr_in *) addrs[5].buffer;
2955 addrs[5].buffer[0] = AF_INET;
2956 ret = inet_pton(AF_INET, "255.255.255.255", &addr->sin_addr);
2957 torture_assert(tctx, ret > 0, "inet_pton failed");
2958 #endif
2959
2960 ctr = talloc(tctx, struct netr_DsRAddressToSitenamesWCtr);
2961
2962 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
2963 r.in.count = 6;
2964 r.in.addresses = addrs;
2965 r.out.ctr = &ctr;
2966
2967 status = dcerpc_netr_DsRAddressToSitenamesW_r(b, tctx, &r);
2968 torture_assert_ntstatus_ok(tctx, status, "failed");
2969 torture_assert_werr_ok(tctx, r.out.result, "failed");
2970
2971 if (sam_ctx != NULL) {
2972 for (i = 0; i < 3; i++) {
2973 torture_assert_casestr_equal(tctx,
2974 ctr->sitename[i].string,
2975 server_site_name(tctx, sam_ctx),
2976 "didn't return default site");
2977 }
2978 for (i = 3; i < 6; i++) {
2979 /* Windows returns "NULL" for the sitename if it isn't
2980 * IPv6 configured */
2981 if (torture_setting_bool(tctx, "samba4", false)) {
2982 torture_assert_casestr_equal(tctx,
2983 ctr->sitename[i].string,
2984 server_site_name(tctx, sam_ctx),
2985 "didn't return default site");
2986 }
2987 }
2988 }
2989
2990 /* Now try invalid ones (too short buffers) */
2991
2992 addrs[0].size = 0;
2993 addrs[1].size = 1;
2994 addrs[2].size = 4;
2995
2996 addrs[3].size = 0;
2997 addrs[4].size = 1;
2998 addrs[5].size = 4;
2999
3000 status = dcerpc_netr_DsRAddressToSitenamesW_r(b, tctx, &r);
3001 torture_assert_ntstatus_ok(tctx, status, "failed");
3002 torture_assert_werr_ok(tctx, r.out.result, "failed");
3003
3004 for (i = 0; i < 6; i++) {
3005 torture_assert(tctx, ctr->sitename[i].string == NULL,
3006 "sitename should be null");
3007 }
3008
3009 /* Now try invalid ones (wrong address types) */
3010
3011 addrs[0].size = 10;
3012 addrs[0].buffer[0] = AF_UNSPEC;
3013 addrs[1].size = 10;
3014 addrs[1].buffer[0] = AF_UNIX; /* AF_LOCAL = AF_UNIX */
3015 addrs[2].size = 10;
3016 addrs[2].buffer[0] = AF_UNIX;
3017
3018 addrs[3].size = 10;
3019 addrs[3].buffer[0] = 250;
3020 addrs[4].size = 10;
3021 addrs[4].buffer[0] = 251;
3022 addrs[5].size = 10;
3023 addrs[5].buffer[0] = 252;
3024
3025 status = dcerpc_netr_DsRAddressToSitenamesW_r(b, tctx, &r);
3026 torture_assert_ntstatus_ok(tctx, status, "failed");
3027 torture_assert_werr_ok(tctx, r.out.result, "failed");
3028
3029 for (i = 0; i < 6; i++) {
3030 torture_assert(tctx, ctr->sitename[i].string == NULL,
3031 "sitename should be null");
3032 }
3033
3034 return true;
3035 }
3036
3037 static bool test_netr_DsRAddressToSitenamesExW(struct torture_context *tctx,
3038 struct dcerpc_pipe *p)
3039 {
3040 char *url;
3041 struct ldb_context *sam_ctx = NULL;
3042 NTSTATUS status;
3043 struct netr_DsRAddressToSitenamesExW r;
3044 struct netr_DsRAddress addrs[6];
3045 struct sockaddr_in *addr;
3046 #ifdef HAVE_IPV6
3047 struct sockaddr_in6 *addr6;
3048 #endif
3049 struct netr_DsRAddressToSitenamesExWCtr *ctr;
3050 struct dcerpc_binding_handle *b = p->binding_handle;
3051 uint32_t i;
3052 int ret;
3053
3054 torture_comment(tctx, "This does pass with the default site\n");
3055
3056 /* We won't double-check this when we are over 'local' transports */
3057 if (dcerpc_server_name(p)) {
3058 /* Set up connection to SAMDB on DC */
3059 url = talloc_asprintf(tctx, "ldap://%s", dcerpc_server_name(p));
3060 sam_ctx = ldb_wrap_connect(tctx, tctx->ev, tctx->lp_ctx, url,
3061 NULL,
3062 cmdline_credentials,
3063 0);
3064
3065 torture_assert(tctx, sam_ctx, "Connection to the SAMDB on DC failed!");
3066 }
3067
3068 /* First try valid IP addresses */
3069
3070 addrs[0].size = sizeof(struct sockaddr_in);
3071 addrs[0].buffer = talloc_zero_array(tctx, uint8_t, addrs[0].size);
3072 addr = (struct sockaddr_in *) addrs[0].buffer;
3073 addrs[0].buffer[0] = AF_INET;
3074 ret = inet_pton(AF_INET, "127.0.0.1", &addr->sin_addr);
3075 torture_assert(tctx, ret > 0, "inet_pton failed");
3076
3077 addrs[1].size = sizeof(struct sockaddr_in);
3078 addrs[1].buffer = talloc_zero_array(tctx, uint8_t, addrs[1].size);
3079 addr = (struct sockaddr_in *) addrs[1].buffer;
3080 addrs[1].buffer[0] = AF_INET;
3081 ret = inet_pton(AF_INET, "0.0.0.0", &addr->sin_addr);
3082 torture_assert(tctx, ret > 0, "inet_pton failed");
3083
3084 addrs[2].size = sizeof(struct sockaddr_in);
3085 addrs[2].buffer = talloc_zero_array(tctx, uint8_t, addrs[2].size);
3086 addr = (struct sockaddr_in *) addrs[2].buffer;
3087 addrs[2].buffer[0] = AF_INET;
3088 ret = inet_pton(AF_INET, "255.255.255.255", &addr->sin_addr);
3089 torture_assert(tctx, ret > 0, "inet_pton failed");
3090
3091 #ifdef HAVE_IPV6
3092 addrs[3].size = sizeof(struct sockaddr_in6);
3093 addrs[3].buffer = talloc_zero_array(tctx, uint8_t, addrs[3].size);
3094 addr6 = (struct sockaddr_in6 *) addrs[3].buffer;
3095 addrs[3].buffer[0] = AF_INET6;
3096 ret = inet_pton(AF_INET6, "::1", &addr6->sin6_addr);
3097 torture_assert(tctx, ret > 0, "inet_pton failed");
3098
3099 addrs[4].size = sizeof(struct sockaddr_in6);
3100 addrs[4].buffer = talloc_zero_array(tctx, uint8_t, addrs[4].size);
3101 addr6 = (struct sockaddr_in6 *) addrs[4].buffer;
3102 addrs[4].buffer[0] = AF_INET6;
3103 ret = inet_pton(AF_INET6, "::", &addr6->sin6_addr);
3104 torture_assert(tctx, ret > 0, "inet_pton failed");
3105
3106 addrs[5].size = sizeof(struct sockaddr_in6);
3107 addrs[5].buffer = talloc_zero_array(tctx, uint8_t, addrs[5].size);
3108 addr6 = (struct sockaddr_in6 *) addrs[5].buffer;
3109 addrs[5].buffer[0] = AF_INET6;
3110 ret = inet_pton(AF_INET6, "ff02::1", &addr6->sin6_addr);
3111 torture_assert(tctx, ret > 0, "inet_pton failed");
3112 #else
3113 /* the test cases are repeated to have exactly 6. This is for
3114 * compatibility with IPv4-only machines */
3115 addrs[3].size = sizeof(struct sockaddr_in);
3116 addrs[3].buffer = talloc_zero_array(tctx, uint8_t, addrs[3].size);
3117 addr = (struct sockaddr_in *) addrs[3].buffer;
3118 addrs[3].buffer[0] = AF_INET;
3119 ret = inet_pton(AF_INET, "127.0.0.1", &addr->sin_addr);
3120 torture_assert(tctx, ret > 0, "inet_pton failed");
3121
3122 addrs[4].size = sizeof(struct sockaddr_in);
3123 addrs[4].buffer = talloc_zero_array(tctx, uint8_t, addrs[4].size);
3124 addr = (struct sockaddr_in *) addrs[4].buffer;
3125 addrs[4].buffer[0] = AF_INET;
3126 ret = inet_pton(AF_INET, "0.0.0.0", &addr->sin_addr);
3127 torture_assert(tctx, ret > 0, "inet_pton failed");
3128
3129 addrs[5].size = sizeof(struct sockaddr_in);
3130 addrs[5].buffer = talloc_zero_array(tctx, uint8_t, addrs[5].size);
3131 addr = (struct sockaddr_in *) addrs[5].buffer;
3132 addrs[5].buffer[0] = AF_INET;
3133 ret = inet_pton(AF_INET, "255.255.255.255", &addr->sin_addr);
3134 torture_assert(tctx, ret > 0, "inet_pton failed");
3135 #endif
3136
3137 ctr = talloc(tctx, struct netr_DsRAddressToSitenamesExWCtr);
3138
3139 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
3140 r.in.count = 6;
3141 r.in.addresses = addrs;
3142 r.out.ctr = &ctr;
3143
3144 status = dcerpc_netr_DsRAddressToSitenamesExW_r(b, tctx, &r);
3145 torture_assert_ntstatus_ok(tctx, status, "failed");
3146 torture_assert_werr_ok(tctx, r.out.result, "failed");
3147
3148 if (sam_ctx != NULL) {
3149 for (i = 0; i < 3; i++) {
3150 torture_assert_casestr_equal(tctx,
3151 ctr->sitename[i].string,
3152 server_site_name(tctx, sam_ctx),
3153 "didn't return default site");
3154 torture_assert(tctx, ctr->subnetname[i].string == NULL,
3155 "subnet should be null");
3156 }
3157 for (i = 3; i < 6; i++) {
3158 /* Windows returns "NULL" for the sitename if it isn't
3159 * IPv6 configured */
3160 if (torture_setting_bool(tctx, "samba4", false)) {
3161 torture_assert_casestr_equal(tctx,
3162 ctr->sitename[i].string,
3163 server_site_name(tctx, sam_ctx),
3164 "didn't return default site");
3165 }
3166 torture_assert(tctx, ctr->subnetname[i].string == NULL,
3167 "subnet should be null");
3168 }
3169 }
3170
3171 /* Now try invalid ones (too short buffers) */
3172
3173 addrs[0].size = 0;
3174 addrs[1].size = 1;
3175 addrs[2].size = 4;
3176
3177 addrs[3].size = 0;
3178 addrs[4].size = 1;
3179 addrs[5].size = 4;
3180
3181 status = dcerpc_netr_DsRAddressToSitenamesExW_r(b, tctx, &r);
3182 torture_assert_ntstatus_ok(tctx, status, "failed");
3183 torture_assert_werr_ok(tctx, r.out.result, "failed");
3184
3185 for (i = 0; i < 6; i++) {
3186 torture_assert(tctx, ctr->sitename[i].string == NULL,
3187 "sitename should be null");
3188 torture_assert(tctx, ctr->subnetname[i].string == NULL,
3189 "subnet should be null");
3190 }
3191
3192 addrs[0].size = 10;
3193 addrs[0].buffer[0] = AF_UNSPEC;
3194 addrs[1].size = 10;
3195 addrs[1].buffer[0] = AF_UNIX; /* AF_LOCAL = AF_UNIX */
3196 addrs[2].size = 10;
3197 addrs[2].buffer[0] = AF_UNIX;
3198
3199 addrs[3].size = 10;
3200 addrs[3].buffer[0] = 250;
3201 addrs[4].size = 10;
3202 addrs[4].buffer[0] = 251;
3203 addrs[5].size = 10;
3204 addrs[5].buffer[0] = 252;
3205
3206 status = dcerpc_netr_DsRAddressToSitenamesExW_r(b, tctx, &r);
3207 torture_assert_ntstatus_ok(tctx, status, "failed");
3208 torture_assert_werr_ok(tctx, r.out.result, "failed");
3209
3210 for (i = 0; i < 6; i++) {
3211 torture_assert(tctx, ctr->sitename[i].string == NULL,
3212 "sitename should be null");
3213 torture_assert(tctx, ctr->subnetname[i].string == NULL,
3214 "subnet should be null");
3215 }
3216
3217 return true;
3218 }
3219
3220 static bool test_netr_ServerGetTrustInfo_flags(struct torture_context *tctx,
3221 struct dcerpc_pipe *p,
3222 struct cli_credentials *machine_credentials,
3223 uint32_t negotiate_flags)
3224 {
3225 struct netr_ServerGetTrustInfo r;
3226
3227 struct netr_Authenticator a;
3228 struct netr_Authenticator return_authenticator;
3229 struct samr_Password new_owf_password;
3230 struct samr_Password old_owf_password;
3231 struct netr_TrustInfo *trust_info;
3232
3233 struct netlogon_creds_CredentialState *creds;
3234 struct dcerpc_binding_handle *b = p->binding_handle;
3235
3236 struct samr_Password nt_hash;
3237
3238 if (!test_SetupCredentials3(p, tctx, negotiate_flags,
3239 machine_credentials, &creds)) {
3240 return false;
3241 }
3242
3243 netlogon_creds_client_authenticator(creds, &a);
3244
3245 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
3246 r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
3247 r.in.secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
3248 r.in.computer_name = TEST_MACHINE_NAME;
3249 r.in.credential = &a;
3250
3251 r.out.return_authenticator = &return_authenticator;
3252 r.out.new_owf_password = &new_owf_password;
3253 r.out.old_owf_password = &old_owf_password;
3254 r.out.trust_info = &trust_info;
3255
3256 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerGetTrustInfo_r(b, tctx, &r),
3257 "ServerGetTrustInfo failed");
3258 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerGetTrustInfo failed");
3259 torture_assert(tctx, netlogon_creds_client_check(creds, &return_authenticator.cred), "Credential chaining failed");
3260
3261 E_md4hash(cli_credentials_get_password(machine_credentials), nt_hash.hash);
3262
3263 netlogon_creds_des_decrypt(creds, &new_owf_password);
3264
3265 dump_data(1, new_owf_password.hash, 16);
3266 dump_data(1, nt_hash.hash, 16);
3267
3268 torture_assert_mem_equal(tctx, new_owf_password.hash, nt_hash.hash, 16,
3269 "received unexpected owf password\n");
3270
3271 return true;
3272 }
3273
3274 static bool test_netr_ServerGetTrustInfo(struct torture_context *tctx,
3275 struct dcerpc_pipe *p,
3276 struct cli_credentials *machine_credentials)
3277 {
3278 return test_netr_ServerGetTrustInfo_flags(tctx, p, machine_credentials,
3279 NETLOGON_NEG_AUTH2_ADS_FLAGS);
3280 }
3281
3282 static bool test_netr_ServerGetTrustInfo_AES(struct torture_context *tctx,
3283 struct dcerpc_pipe *p,
3284 struct cli_credentials *machine_credentials)
3285 {
3286 return test_netr_ServerGetTrustInfo_flags(tctx, p, machine_credentials,
3287 NETLOGON_NEG_AUTH2_ADS_FLAGS | NETLOGON_NEG_SUPPORTS_AES);
3288 }
3289
3290 static bool test_GetDomainInfo(struct torture_context *tctx,
3291 struct dcerpc_pipe *p,
3292 struct cli_credentials *machine_credentials)
3293 {
3294 struct netr_LogonGetDomainInfo r;
3295 struct netr_WorkstationInformation q1;
3296 struct netr_Authenticator a;
3297 struct netlogon_creds_CredentialState *creds;
3298 struct netr_OsVersion os;
3299 union netr_WorkstationInfo query;
3300 union netr_DomainInfo info;
3301 const char* const attrs[] = { "dNSHostName", "operatingSystem",
3302 "operatingSystemServicePack", "operatingSystemVersion",
3303 "servicePrincipalName", NULL };
3304 char *url;
3305 struct ldb_context *sam_ctx = NULL;
3306 struct ldb_message **res;
3307 struct ldb_message_element *spn_el;
3308 int ret, i;
3309 char *version_str;
3310 const char *old_dnsname = NULL;
3311 char **spns = NULL;
3312 int num_spns = 0;
3313 char *temp_str;
3314 struct dcerpc_binding_handle *b = p->binding_handle;
3315
3316 torture_comment(tctx, "Testing netr_LogonGetDomainInfo\n");
3317
3318 if (!test_SetupCredentials3(p, tctx, NETLOGON_NEG_AUTH2_ADS_FLAGS,
3319 machine_credentials, &creds)) {
3320 return false;
3321 }
3322
3323 /* We won't double-check this when we are over 'local' transports */
3324 if (dcerpc_server_name(p)) {
3325 /* Set up connection to SAMDB on DC */
3326 url = talloc_asprintf(tctx, "ldap://%s", dcerpc_server_name(p));
3327 sam_ctx = ldb_wrap_connect(tctx, tctx->ev, tctx->lp_ctx, url,
3328 NULL,
3329 cmdline_credentials,
3330 0);
3331
3332 torture_assert(tctx, sam_ctx, "Connection to the SAMDB on DC failed!");
3333 }
3334
3335 torture_comment(tctx, "Testing netr_LogonGetDomainInfo 1st call (no variation of DNS hostname)\n");
3336 netlogon_creds_client_authenticator(creds, &a);
3337
3338 ZERO_STRUCT(r);
3339 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
3340 r.in.computer_name = TEST_MACHINE_NAME;
3341 r.in.credential = &a;
3342 r.in.level = 1;
3343 r.in.return_authenticator = &a;
3344 r.in.query = &query;
3345 r.out.return_authenticator = &a;
3346 r.out.info = &info;
3347
3348 ZERO_STRUCT(os);
3349 os.os.MajorVersion = 123;
3350 os.os.MinorVersion = 456;
3351 os.os.BuildNumber = 789;
3352 os.os.CSDVersion = "Service Pack 10";
3353 os.os.ServicePackMajor = 10;
3354 os.os.ServicePackMinor = 1;
3355 os.os.SuiteMask = NETR_VER_SUITE_SINGLEUSERTS;
3356 os.os.ProductType = NETR_VER_NT_SERVER;
3357 os.os.Reserved = 0;
3358
3359 version_str = talloc_asprintf(tctx, "%d.%d (%d)", os.os.MajorVersion,
3360 os.os.MinorVersion, os.os.BuildNumber);
3361
3362 ZERO_STRUCT(q1);
3363 q1.dns_hostname = talloc_asprintf(tctx, "%s.%s", TEST_MACHINE_NAME,
3364 lpcfg_dnsdomain(tctx->lp_ctx));
3365 q1.sitename = "Default-First-Site-Name";
3366 q1.os_version.os = &os;
3367 q1.os_name.string = talloc_asprintf(tctx,
3368 "Tortured by Samba4 RPC-NETLOGON: %s",
3369 timestring(tctx, time(NULL)));
3370
3371 /* The workstation handles the "servicePrincipalName" and DNS hostname
3372 updates */
3373 q1.workstation_flags = NETR_WS_FLAG_HANDLES_SPN_UPDATE;
3374
3375 query.workstation_info = &q1;
3376
3377 if (sam_ctx) {
3378 /* Gets back the old DNS hostname in AD */
3379 ret = gendb_search(sam_ctx, tctx, NULL, &res, attrs,
3380 "(sAMAccountName=%s$)", TEST_MACHINE_NAME);
3381 old_dnsname =
3382 ldb_msg_find_attr_as_string(res[0], "dNSHostName", NULL);
3383
3384 /* Gets back the "servicePrincipalName"s in AD */
3385 spn_el = ldb_msg_find_element(res[0], "servicePrincipalName");
3386 if (spn_el != NULL) {
3387 for (i=0; i < spn_el->num_values; i++) {
3388 spns = talloc_realloc(tctx, spns, char *, i + 1);
3389 spns[i] = (char *) spn_el->values[i].data;
3390 }
3391 num_spns = i;
3392 }
3393 }
3394
3395 torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonGetDomainInfo_r(b, tctx, &r),
3396 "LogonGetDomainInfo failed");
3397 torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
3398 torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
3399
3400 smb_msleep(250);
3401
3402 if (sam_ctx) {
3403 /* AD workstation infos entry check */
3404 ret = gendb_search(sam_ctx, tctx, NULL, &res, attrs,
3405 "(sAMAccountName=%s$)", TEST_MACHINE_NAME);
3406 torture_assert(tctx, ret == 1, "Test machine account not found in SAMDB on DC! Has the workstation been joined?");
3407 torture_assert_str_equal(tctx,
3408 ldb_msg_find_attr_as_string(res[0], "operatingSystem", NULL),
3409 q1.os_name.string, "'operatingSystem' wrong!");
3410 torture_assert_str_equal(tctx,
3411 ldb_msg_find_attr_as_string(res[0], "operatingSystemServicePack", NULL),
3412 os.os.CSDVersion, "'operatingSystemServicePack' wrong!");
3413 torture_assert_str_equal(tctx,
3414 ldb_msg_find_attr_as_string(res[0], "operatingSystemVersion", NULL),
3415 version_str, "'operatingSystemVersion' wrong!");
3416
3417 if (old_dnsname != NULL) {
3418 /* If before a DNS hostname was set then it should remain
3419 the same in combination with the "servicePrincipalName"s.
3420 The DNS hostname should also be returned by our
3421 "LogonGetDomainInfo" call (in the domain info structure). */
3422
3423 torture_assert_str_equal(tctx,
3424 ldb_msg_find_attr_as_string(res[0], "dNSHostName", NULL),
3425 old_dnsname, "'DNS hostname' was not set!");
3426
3427 spn_el = ldb_msg_find_element(res[0], "servicePrincipalName");
3428 torture_assert(tctx, ((spns != NULL) && (spn_el != NULL)),
3429 "'servicePrincipalName's not set!");
3430 torture_assert(tctx, spn_el->num_values == num_spns,
3431 "'servicePrincipalName's incorrect!");
3432 for (i=0; (i < spn_el->num_values) && (i < num_spns); i++)
3433 torture_assert_str_equal(tctx,
3434 (char *) spn_el->values[i].data,
3435 spns[i], "'servicePrincipalName's incorrect!");
3436
3437 torture_assert_str_equal(tctx,
3438 info.domain_info->dns_hostname.string,
3439 old_dnsname,
3440 "Out 'DNS hostname' doesn't match the old one!");
3441 } else {
3442 /* If no DNS hostname was set then also now none should be set,
3443 the "servicePrincipalName"s should remain empty and no DNS
3444 hostname should be returned by our "LogonGetDomainInfo"
3445 call (in the domain info structure). */
3446
3447 torture_assert(tctx,
3448 ldb_msg_find_attr_as_string(res[0], "dNSHostName", NULL) == NULL,
3449 "'DNS hostname' was set!");
3450
3451 spn_el = ldb_msg_find_element(res[0], "servicePrincipalName");
3452 torture_assert(tctx, ((spns == NULL) && (spn_el == NULL)),
3453 "'servicePrincipalName's were set!");
3454
3455 torture_assert(tctx,
3456 info.domain_info->dns_hostname.string == NULL,
3457 "Out 'DNS host name' was set!");
3458 }
3459 }
3460
3461 /* Checks "workstation flags" */
3462 torture_assert(tctx,
3463 info.domain_info->workstation_flags
3464 == NETR_WS_FLAG_HANDLES_SPN_UPDATE,
3465 "Out 'workstation flags' don't match!");
3466
3467
3468 torture_comment(tctx, "Testing netr_LogonGetDomainInfo 2nd call (variation of DNS hostname doesn't work)\n");
3469 netlogon_creds_client_authenticator(creds, &a);
3470
3471 /* Wipe out the osVersion, and prove which values still 'stick' */
3472 q1.os_version.os = NULL;
3473
3474 /* Change also the DNS hostname to test differences in behaviour */
3475 talloc_free(discard_const_p(char, q1.dns_hostname));
3476 q1.dns_hostname = talloc_asprintf(tctx, "%s2.%s", TEST_MACHINE_NAME,
3477 lpcfg_dnsdomain(tctx->lp_ctx));
3478
3479 /* The workstation handles the "servicePrincipalName" and DNS hostname
3480 updates */
3481 q1.workstation_flags = NETR_WS_FLAG_HANDLES_SPN_UPDATE;
3482
3483 torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonGetDomainInfo_r(b, tctx, &r),
3484 "LogonGetDomainInfo failed");
3485 torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
3486
3487 torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
3488
3489 smb_msleep(250);
3490
3491 if (sam_ctx) {
3492 /* AD workstation infos entry check */
3493 ret = gendb_search(sam_ctx, tctx, NULL, &res, attrs,
3494 "(sAMAccountName=%s$)", TEST_MACHINE_NAME);
3495 torture_assert(tctx, ret == 1, "Test machine account not found in SAMDB on DC! Has the workstation been joined?");
3496
3497 torture_assert_str_equal(tctx,
3498 ldb_msg_find_attr_as_string(res[0], "operatingSystem", NULL),
3499 q1.os_name.string, "'operatingSystem' should stick!");
3500 torture_assert(tctx,
3501 ldb_msg_find_attr_as_string(res[0], "operatingSystemServicePack", NULL) == NULL,
3502 "'operatingSystemServicePack' shouldn't stick!");
3503 torture_assert(tctx,
3504 ldb_msg_find_attr_as_string(res[0], "operatingSystemVersion", NULL) == NULL,
3505 "'operatingSystemVersion' shouldn't stick!");
3506
3507 /* The DNS host name shouldn't have been updated by the server */
3508
3509 torture_assert_str_equal(tctx,
3510 ldb_msg_find_attr_as_string(res[0], "dNSHostName", NULL),
3511 old_dnsname, "'DNS host name' did change!");
3512
3513 /* Find the two "servicePrincipalName"s which the DC shouldn't have been
3514 updated (HOST/<Netbios name> and HOST/<FQDN name>) - see MS-NRPC
3515 3.5.4.3.9 */
3516 spn_el = ldb_msg_find_element(res[0], "servicePrincipalName");
3517 torture_assert(tctx, spn_el != NULL,
3518 "There should exist 'servicePrincipalName's in AD!");
3519 temp_str = talloc_asprintf(tctx, "HOST/%s", TEST_MACHINE_NAME);
3520 for (i=0; i < spn_el->num_values; i++)
3521 if (strcasecmp((char *) spn_el->values[i].data, temp_str) == 0)
3522 break;
3523 torture_assert(tctx, i != spn_el->num_values,
3524 "'servicePrincipalName' HOST/<Netbios name> not found!");
3525 temp_str = talloc_asprintf(tctx, "HOST/%s", old_dnsname);
3526 for (i=0; i < spn_el->num_values; i++)
3527 if (strcasecmp((char *) spn_el->values[i].data, temp_str) == 0)
3528 break;
3529 torture_assert(tctx, i != spn_el->num_values,
3530 "'servicePrincipalName' HOST/<FQDN name> not found!");
3531
3532 /* Check that the out DNS hostname was set properly */
3533 torture_assert_str_equal(tctx, info.domain_info->dns_hostname.string,
3534 old_dnsname, "Out 'DNS hostname' doesn't match the old one!");
3535 }
3536
3537 /* Checks "workstation flags" */
3538 torture_assert(tctx,
3539 info.domain_info->workstation_flags == NETR_WS_FLAG_HANDLES_SPN_UPDATE,
3540 "Out 'workstation flags' don't match!");
3541
3542
3543 /* Now try the same but the workstation flags set to 0 */
3544
3545 torture_comment(tctx, "Testing netr_LogonGetDomainInfo 3rd call (variation of DNS hostname doesn't work)\n");
3546 netlogon_creds_client_authenticator(creds, &a);
3547
3548 /* Change also the DNS hostname to test differences in behaviour */
3549 talloc_free(discard_const_p(char, q1.dns_hostname));
3550 q1.dns_hostname = talloc_asprintf(tctx, "%s2.%s", TEST_MACHINE_NAME,
3551 lpcfg_dnsdomain(tctx->lp_ctx));
3552
3553 /* Wipe out the osVersion, and prove which values still 'stick' */
3554 q1.os_version.os = NULL;
3555
3556 /* Let the DC handle the "servicePrincipalName" and DNS hostname
3557 updates */
3558 q1.workstation_flags = 0;
3559
3560 torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonGetDomainInfo_r(b, tctx, &r),
3561 "LogonGetDomainInfo failed");
3562 torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
3563 torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
3564
3565 smb_msleep(250);
3566
3567 if (sam_ctx) {
3568 /* AD workstation infos entry check */
3569 ret = gendb_search(sam_ctx, tctx, NULL, &res, attrs,
3570 "(sAMAccountName=%s$)", TEST_MACHINE_NAME);
3571 torture_assert(tctx, ret == 1, "Test machine account not found in SAMDB on DC! Has the workstation been joined?");
3572
3573 torture_assert_str_equal(tctx,
3574 ldb_msg_find_attr_as_string(res[0], "operatingSystem", NULL),
3575 q1.os_name.string, "'operatingSystem' should stick!");
3576 torture_assert(tctx,
3577 ldb_msg_find_attr_as_string(res[0], "operatingSystemServicePack", NULL) == NULL,
3578 "'operatingSystemServicePack' shouldn't stick!");
3579 torture_assert(tctx,
3580 ldb_msg_find_attr_as_string(res[0], "operatingSystemVersion", NULL) == NULL,
3581 "'operatingSystemVersion' shouldn't stick!");
3582
3583 /* The DNS host name shouldn't have been updated by the server */
3584
3585 torture_assert_str_equal(tctx,
3586 ldb_msg_find_attr_as_string(res[0], "dNSHostName", NULL),
3587 old_dnsname, "'DNS host name' did change!");
3588
3589 /* Find the two "servicePrincipalName"s which the DC shouldn't have been
3590 updated (HOST/<Netbios name> and HOST/<FQDN name>) - see MS-NRPC
3591 3.5.4.3.9 */
3592 spn_el = ldb_msg_find_element(res[0], "servicePrincipalName");
3593 torture_assert(tctx, spn_el != NULL,
3594 "There should exist 'servicePrincipalName's in AD!");
3595 temp_str = talloc_asprintf(tctx, "HOST/%s", TEST_MACHINE_NAME);
3596 for (i=0; i < spn_el->num_values; i++)
3597 if (strcasecmp((char *) spn_el->values[i].data, temp_str) == 0)
3598 break;
3599 torture_assert(tctx, i != spn_el->num_values,
3600 "'servicePrincipalName' HOST/<Netbios name> not found!");
3601 temp_str = talloc_asprintf(tctx, "HOST/%s", old_dnsname);
3602 for (i=0; i < spn_el->num_values; i++)
3603 if (strcasecmp((char *) spn_el->values[i].data, temp_str) == 0)
3604 break;
3605 torture_assert(tctx, i != spn_el->num_values,
3606 "'servicePrincipalName' HOST/<FQDN name> not found!");
3607
3608 /* Here the server gives us NULL as the out DNS hostname */
3609 torture_assert(tctx, info.domain_info->dns_hostname.string == NULL,
3610 "Out 'DNS hostname' should be NULL!");
3611 }
3612
3613 /* Checks "workstation flags" */
3614 torture_assert(tctx,
3615 info.domain_info->workstation_flags == 0,
3616 "Out 'workstation flags' don't match!");
3617
3618
3619 torture_comment(tctx, "Testing netr_LogonGetDomainInfo 4th call (verification of DNS hostname and check for trusted domains)\n");
3620 netlogon_creds_client_authenticator(creds, &a);
3621
3622 /* Put the DNS hostname back */
3623 talloc_free(discard_const_p(char, q1.dns_hostname));
3624 q1.dns_hostname = talloc_asprintf(tctx, "%s.%s", TEST_MACHINE_NAME,
3625 lpcfg_dnsdomain(tctx->lp_ctx));
3626
3627 /* The workstation handles the "servicePrincipalName" and DNS hostname
3628 updates */
3629 q1.workstation_flags = NETR_WS_FLAG_HANDLES_SPN_UPDATE;
3630
3631 torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonGetDomainInfo_r(b, tctx, &r),
3632 "LogonGetDomainInfo failed");
3633 torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
3634 torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
3635
3636 smb_msleep(250);
3637
3638 /* Now the in/out DNS hostnames should be the same */
3639 torture_assert_str_equal(tctx,
3640 info.domain_info->dns_hostname.string,
3641 query.workstation_info->dns_hostname,
3642 "In/Out 'DNS hostnames' don't match!");
3643 old_dnsname = info.domain_info->dns_hostname.string;
3644
3645 /* Checks "workstation flags" */
3646 torture_assert(tctx,
3647 info.domain_info->workstation_flags
3648 == NETR_WS_FLAG_HANDLES_SPN_UPDATE,
3649 "Out 'workstation flags' don't match!");
3650
3651 /* Checks for trusted domains */
3652 torture_assert(tctx,
3653 (info.domain_info->trusted_domain_count != 0)
3654 && (info.domain_info->trusted_domains != NULL),
3655 "Trusted domains have been requested!");
3656
3657
3658 torture_comment(tctx, "Testing netr_LogonGetDomainInfo 5th call (check for trusted domains)\n");
3659 netlogon_creds_client_authenticator(creds, &a);
3660
3661 /* The workstation handles the "servicePrincipalName" and DNS hostname
3662 updates and requests inbound trusts */
3663 q1.workstation_flags = NETR_WS_FLAG_HANDLES_SPN_UPDATE
3664 | NETR_WS_FLAG_HANDLES_INBOUND_TRUSTS;
3665
3666 torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonGetDomainInfo_r(b, tctx, &r),
3667 "LogonGetDomainInfo failed");
3668 torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
3669 torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
3670
3671 smb_msleep(250);
3672
3673 /* Checks "workstation flags" */
3674 torture_assert(tctx,
3675 info.domain_info->workstation_flags
3676 == (NETR_WS_FLAG_HANDLES_SPN_UPDATE
3677 | NETR_WS_FLAG_HANDLES_INBOUND_TRUSTS),
3678 "Out 'workstation flags' don't match!");
3679
3680 /* Checks for trusted domains */
3681 torture_assert(tctx,
3682 (info.domain_info->trusted_domain_count != 0)
3683 && (info.domain_info->trusted_domains != NULL),
3684 "Trusted domains have been requested!");
3685
3686
3687 torture_comment(tctx, "Testing netr_LogonGetDomainInfo 6th call (no DNS hostname)\n");
3688 netlogon_creds_client_authenticator(creds, &a);
3689
3690 query.workstation_info->dns_hostname = NULL;
3691
3692 torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonGetDomainInfo_r(b, tctx, &r),
3693 "LogonGetDomainInfo failed");
3694 torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
3695 torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
3696
3697 /* The old DNS hostname should stick */
3698 torture_assert_str_equal(tctx,
3699 info.domain_info->dns_hostname.string,
3700 old_dnsname,
3701 "'DNS hostname' changed!");
3702
3703 torture_comment(tctx, "Testing netr_LogonGetDomainInfo 7th call (extra workstation flags)\n");
3704 netlogon_creds_client_authenticator(creds, &a);
3705
3706 q1.workstation_flags = NETR_WS_FLAG_HANDLES_SPN_UPDATE
3707 | NETR_WS_FLAG_HANDLES_INBOUND_TRUSTS | 0x4;
3708
3709 /* Put the DNS hostname back */
3710 talloc_free(discard_const_p(char, q1.dns_hostname));
3711 q1.dns_hostname = talloc_asprintf(tctx, "%s.%s", TEST_MACHINE_NAME,
3712 lpcfg_dnsdomain(tctx->lp_ctx));
3713
3714 torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonGetDomainInfo_r(b, tctx, &r),
3715 "LogonGetDomainInfo failed");
3716 torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
3717 torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
3718
3719 /* Checks "workstation flags" */
3720 torture_assert(tctx,
3721 info.domain_info->workstation_flags
3722 == (NETR_WS_FLAG_HANDLES_SPN_UPDATE
3723 | NETR_WS_FLAG_HANDLES_INBOUND_TRUSTS),
3724 "Out 'workstation flags' don't match!");
3725
3726 if (!torture_setting_bool(tctx, "dangerous", false)) {
3727 torture_comment(tctx, "Not testing netr_LogonGetDomainInfo 8th call (no workstation info) - enable dangerous tests in order to do so\n");
3728 } else {
3729 /* Try a call without the workstation information structure */
3730
3731 torture_comment(tctx, "Testing netr_LogonGetDomainInfo 8th call (no workstation info)\n");
3732 netlogon_creds_client_authenticator(creds, &a);
3733
3734 query.workstation_info = NULL;
3735
3736 torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonGetDomainInfo_r(b, tctx, &r),
3737 "LogonGetDomainInfo failed");
3738 torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
3739 torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
3740 }
3741
3742 return true;
3743 }
3744
3745 static bool test_GetDomainInfo_async(struct torture_context *tctx,
3746 struct dcerpc_pipe *p,
3747 struct cli_credentials *machine_credentials)
3748 {
3749 NTSTATUS status;
3750 struct netr_LogonGetDomainInfo r;
3751 struct netr_WorkstationInformation q1;
3752 struct netr_Authenticator a;
3753 #define ASYNC_COUNT 100
3754 struct netlogon_creds_CredentialState *creds;
3755 struct netlogon_creds_CredentialState *creds_async[ASYNC_COUNT];
3756 struct tevent_req *req[ASYNC_COUNT];
3757 int i;
3758 union netr_WorkstationInfo query;
3759 union netr_DomainInfo info;
3760
3761 torture_comment(tctx, "Testing netr_LogonGetDomainInfo - async count %d\n", ASYNC_COUNT);
3762
3763 if (!test_SetupCredentials3(p, tctx, NETLOGON_NEG_AUTH2_ADS_FLAGS,
3764 machine_credentials, &creds)) {
3765 return false;
3766 }
3767
3768 ZERO_STRUCT(r);
3769 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
3770 r.in.computer_name = TEST_MACHINE_NAME;
3771 r.in.credential = &a;
3772 r.in.level = 1;
3773 r.in.return_authenticator = &a;
3774 r.in.query = &query;
3775 r.out.return_authenticator = &a;
3776 r.out.info = &info;
3777
3778 ZERO_STRUCT(q1);
3779 q1.dns_hostname = talloc_asprintf(tctx, "%s.%s", TEST_MACHINE_NAME,
3780 lpcfg_dnsdomain(tctx->lp_ctx));
3781 q1.sitename = "Default-First-Site-Name";
3782 q1.os_name.string = "UNIX/Linux or similar";
3783
3784 query.workstation_info = &q1;
3785
3786 for (i=0;i<ASYNC_COUNT;i++) {
3787 netlogon_creds_client_authenticator(creds, &a);
3788
3789 creds_async[i] = (struct netlogon_creds_CredentialState *)talloc_memdup(creds, creds, sizeof(*creds));
3790 req[i] = dcerpc_netr_LogonGetDomainInfo_r_send(tctx, tctx->ev, p->binding_handle, &r);
3791
3792 /* even with this flush per request a w2k3 server seems to
3793 clag with multiple outstanding requests. bleergh. */
3794 torture_assert_int_equal(tctx, tevent_loop_once(tctx->ev), 0,
3795 "tevent_loop_once failed");
3796 }
3797
3798 for (i=0;i<ASYNC_COUNT;i++) {
3799 torture_assert_int_equal(tctx, tevent_req_poll(req[i], tctx->ev), true,
3800 "tevent_req_poll() failed");
3801
3802 status = dcerpc_netr_LogonGetDomainInfo_r_recv(req[i], tctx);
3803
3804 torture_assert_ntstatus_ok(tctx, status, "netr_LogonGetDomainInfo_async");
3805 torture_assert_ntstatus_ok(tctx, r.out.result, "netr_LogonGetDomainInfo_async");
3806
3807 torture_assert(tctx, netlogon_creds_client_check(creds_async[i], &a.cred),
3808 "Credential chaining failed at async");
3809 }
3810
3811 torture_comment(tctx,
3812 "Testing netr_LogonGetDomainInfo - async count %d OK\n", ASYNC_COUNT);
3813
3814 return true;
3815 }
3816
3817 static bool test_ManyGetDCName(struct torture_context *tctx,
3818 struct dcerpc_pipe *p)
3819 {
3820 NTSTATUS status;
3821 struct dcerpc_pipe *p2;
3822 struct lsa_ObjectAttribute attr;
3823 struct lsa_QosInfo qos;
3824 struct lsa_OpenPolicy2 o;
3825 struct policy_handle lsa_handle;
3826 struct lsa_DomainList domains;
3827
3828 struct lsa_EnumTrustDom t;
3829 uint32_t resume_handle = 0;
3830 struct netr_GetAnyDCName d;
3831 const char *dcname = NULL;
3832 struct dcerpc_binding_handle *b = p->binding_handle;
3833 struct dcerpc_binding_handle *b2;
3834
3835 int i;
3836
3837 if (p->conn->transport.transport != NCACN_NP) {
3838 return true;
3839 }
3840
3841 torture_comment(tctx, "Torturing GetDCName\n");
3842
3843 status = dcerpc_secondary_connection(p, &p2, p->binding);
3844 torture_assert_ntstatus_ok(tctx, status, "Failed to create secondary connection");
3845
3846 status = dcerpc_bind_auth_none(p2, &ndr_table_lsarpc);
3847 torture_assert_ntstatus_ok(tctx, status, "Failed to create bind on secondary connection");
3848 b2 = p2->binding_handle;
3849
3850 qos.len = 0;
3851 qos.impersonation_level = 2;
3852 qos.context_mode = 1;
3853 qos.effective_only = 0;
3854
3855 attr.len = 0;
3856 attr.root_dir = NULL;
3857 attr.object_name = NULL;
3858 attr.attributes = 0;
3859 attr.sec_desc = NULL;
3860 attr.sec_qos = &qos;
3861
3862 o.in.system_name = "\\";
3863 o.in.attr = &attr;
3864 o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
3865 o.out.handle = &lsa_handle;
3866
3867 torture_assert_ntstatus_ok(tctx, dcerpc_lsa_OpenPolicy2_r(b2, tctx, &o),
3868 "OpenPolicy2 failed");
3869 torture_assert_ntstatus_ok(tctx, o.out.result, "OpenPolicy2 failed");
3870
3871 t.in.handle = &lsa_handle;
3872 t.in.resume_handle = &resume_handle;
3873 t.in.max_size = 1000;
3874 t.out.domains = &domains;
3875 t.out.resume_handle = &resume_handle;
3876
3877 torture_assert_ntstatus_ok(tctx, dcerpc_lsa_EnumTrustDom_r(b2, tctx, &t),
3878 "EnumTrustDom failed");
3879
3880 if ((!NT_STATUS_IS_OK(t.out.result) &&
3881 (!NT_STATUS_EQUAL(t.out.result, NT_STATUS_NO_MORE_ENTRIES))))
3882 torture_fail(tctx, "Could not list domains");
3883
3884 talloc_free(p2);
3885
3886 d.in.logon_server = talloc_asprintf(tctx, "\\\\%s",
3887 dcerpc_server_name(p));
3888 d.out.dcname = &dcname;
3889
3890 for (i=0; i<domains.count * 4; i++) {
3891 struct lsa_DomainInfo *info =
3892 &domains.domains[rand()%domains.count];
3893
3894 d.in.domainname = info->name.string;
3895
3896 status = dcerpc_netr_GetAnyDCName_r(b, tctx, &d);
3897 torture_assert_ntstatus_ok(tctx, status, "GetAnyDCName");
3898
3899 torture_comment(tctx, "\tDC for domain %s is %s\n", info->name.string,
3900 dcname ? dcname : "unknown");
3901 }
3902
3903 return true;
3904 }
3905
3906 static bool test_SetPassword_with_flags(struct torture_context *tctx,
3907 struct dcerpc_pipe *p,
3908 struct cli_credentials *machine_credentials)
3909 {
3910 uint32_t flags[] = { 0, NETLOGON_NEG_STRONG_KEYS };
3911 struct netlogon_creds_CredentialState *creds;
3912 int i;
3913
3914 if (!test_SetupCredentials2(p, tctx, 0,
3915 machine_credentials,
3916 cli_credentials_get_secure_channel_type(machine_credentials),
3917 &creds)) {
3918 torture_skip(tctx, "DC does not support negotiation of 64bit session keys");
3919 }
3920
3921 for (i=0; i < ARRAY_SIZE(flags); i++) {
3922 torture_assert(tctx,
3923 test_SetPassword_flags(tctx, p, machine_credentials, flags[i]),
3924 talloc_asprintf(tctx, "failed to test SetPassword negotiating with 0x%08x flags", flags[i]));
3925 }
3926
3927 return true;
3928 }
3929
3930 struct torture_suite *torture_rpc_netlogon(TALLOC_CTX *mem_ctx)
3931 {
3932 struct torture_suite *suite = torture_suite_create(mem_ctx, "netlogon");
3933 struct torture_rpc_tcase *tcase;
3934 struct torture_test *test;
3935
3936 tcase = torture_suite_add_machine_bdc_rpc_iface_tcase(suite, "netlogon",
3937 &ndr_table_netlogon, TEST_MACHINE_NAME);
3938
3939 torture_rpc_tcase_add_test(tcase, "Broken RPC binding handle",
3940 test_netr_broken_binding_handle);
3941
3942 torture_rpc_tcase_add_test(tcase, "LogonUasLogon", test_LogonUasLogon);
3943 torture_rpc_tcase_add_test(tcase, "LogonUasLogoff", test_LogonUasLogoff);
3944 torture_rpc_tcase_add_test_creds(tcase, "SamLogon", test_SamLogon);
3945 torture_rpc_tcase_add_test_creds(tcase, "invalidAuthenticate2", test_invalidAuthenticate2);
3946 torture_rpc_tcase_add_test_creds(tcase, "SetPassword", test_SetPassword);
3947 torture_rpc_tcase_add_test_creds(tcase, "SetPassword2", test_SetPassword2);
3948 torture_rpc_tcase_add_test_creds(tcase, "SetPassword2_AES", test_SetPassword2_AES);
3949 torture_rpc_tcase_add_test_creds(tcase, "GetPassword", test_GetPassword);
3950 torture_rpc_tcase_add_test_creds(tcase, "GetTrustPasswords", test_GetTrustPasswords);
3951 torture_rpc_tcase_add_test_creds(tcase, "GetDomainInfo", test_GetDomainInfo);
3952 torture_rpc_tcase_add_test_creds(tcase, "DatabaseSync", test_DatabaseSync);
3953 torture_rpc_tcase_add_test_creds(tcase, "DatabaseDeltas", test_DatabaseDeltas);
3954 torture_rpc_tcase_add_test_creds(tcase, "DatabaseRedo", test_DatabaseRedo);
3955 torture_rpc_tcase_add_test_creds(tcase, "AccountDeltas", test_AccountDeltas);
3956 torture_rpc_tcase_add_test_creds(tcase, "AccountSync", test_AccountSync);
3957 torture_rpc_tcase_add_test(tcase, "GetDcName", test_GetDcName);
3958 torture_rpc_tcase_add_test(tcase, "ManyGetDCName", test_ManyGetDCName);
3959 torture_rpc_tcase_add_test(tcase, "GetAnyDCName", test_GetAnyDCName);
3960 torture_rpc_tcase_add_test_creds(tcase, "DatabaseSync2", test_DatabaseSync2);
3961 torture_rpc_tcase_add_test(tcase, "DsrEnumerateDomainTrusts", test_DsrEnumerateDomainTrusts);
3962 torture_rpc_tcase_add_test(tcase, "NetrEnumerateTrustedDomains", test_netr_NetrEnumerateTrustedDomains);
3963 torture_rpc_tcase_add_test(tcase, "NetrEnumerateTrustedDomainsEx", test_netr_NetrEnumerateTrustedDomainsEx);
3964 test = torture_rpc_tcase_add_test_creds(tcase, "GetDomainInfo_async", test_GetDomainInfo_async);
3965 test->dangerous = true;
3966 torture_rpc_tcase_add_test(tcase, "DsRGetDCName", test_netr_DsRGetDCName);
3967 torture_rpc_tcase_add_test(tcase, "DsRGetDCNameEx", test_netr_DsRGetDCNameEx);
3968 torture_rpc_tcase_add_test(tcase, "DsRGetDCNameEx2", test_netr_DsRGetDCNameEx2);
3969 torture_rpc_tcase_add_test(tcase, "DsrGetDcSiteCoverageW", test_netr_DsrGetDcSiteCoverageW);
3970 torture_rpc_tcase_add_test(tcase, "DsRAddressToSitenamesW", test_netr_DsRAddressToSitenamesW);
3971 torture_rpc_tcase_add_test(tcase, "DsRAddressToSitenamesExW", test_netr_DsRAddressToSitenamesExW);
3972 torture_rpc_tcase_add_test_creds(tcase, "ServerGetTrustInfo", test_netr_ServerGetTrustInfo);
3973 torture_rpc_tcase_add_test_creds(tcase, "ServerGetTrustInfo_AES", test_netr_ServerGetTrustInfo_AES);
3974 torture_rpc_tcase_add_test_creds(tcase, "GetForestTrustInformation", test_netr_GetForestTrustInformation);
3975
3976 return suite;
3977 }
3978
3979 struct torture_suite *torture_rpc_netlogon_s3(TALLOC_CTX *mem_ctx)
3980 {
3981 struct torture_suite *suite = torture_suite_create(mem_ctx, "netlogon-s3");
3982 struct torture_rpc_tcase *tcase;
3983
3984 tcase = torture_suite_add_machine_bdc_rpc_iface_tcase(suite, "netlogon",
3985 &ndr_table_netlogon, TEST_MACHINE_NAME);
3986
3987 torture_rpc_tcase_add_test_creds(tcase, "SamLogon", test_SamLogon);
3988 torture_rpc_tcase_add_test_creds(tcase, "SamLogon_NULL_domain", test_SamLogon_NULL_domain);
3989 torture_rpc_tcase_add_test_creds(tcase, "SetPassword", test_SetPassword);
3990 torture_rpc_tcase_add_test_creds(tcase, "SetPassword_with_flags", test_SetPassword_with_flags);
3991 torture_rpc_tcase_add_test_creds(tcase, "SetPassword2", test_SetPassword2);
3992 torture_rpc_tcase_add_test_creds(tcase, "SetPassword2_AES", test_SetPassword2_AES);
3993 torture_rpc_tcase_add_test(tcase, "NetrEnumerateTrustedDomains", test_netr_NetrEnumerateTrustedDomains);
3994
3995 return suite;
3996 }
3997
3998 struct torture_suite *torture_rpc_netlogon_admin(TALLOC_CTX *mem_ctx)
3999 {
4000 struct torture_suite *suite = torture_suite_create(mem_ctx, "netlogon.admin");
4001 struct torture_rpc_tcase *tcase;
4002
4003 tcase = torture_suite_add_machine_bdc_rpc_iface_tcase(suite, "netlogon",
4004 &ndr_table_netlogon, TEST_MACHINE_NAME);
4005 torture_rpc_tcase_add_test_creds(tcase, "LogonControl", test_LogonControl);
4006 torture_rpc_tcase_add_test_creds(tcase, "LogonControl2", test_LogonControl2);
4007 torture_rpc_tcase_add_test_creds(tcase, "LogonControl2Ex", test_LogonControl2Ex);
4008
4009 tcase = torture_suite_add_machine_workstation_rpc_iface_tcase(suite, "netlogon",
4010 &ndr_table_netlogon, TEST_MACHINE_NAME);
4011 torture_rpc_tcase_add_test_creds(tcase, "LogonControl", test_LogonControl);
4012 torture_rpc_tcase_add_test_creds(tcase, "LogonControl2", test_LogonControl2);
4013 torture_rpc_tcase_add_test_creds(tcase, "LogonControl2Ex", test_LogonControl2Ex);
4014
4015 tcase = torture_suite_add_rpc_iface_tcase(suite, "netlogon",
4016 &ndr_table_netlogon);
4017 torture_rpc_tcase_add_test_creds(tcase, "LogonControl", test_LogonControl);
4018 torture_rpc_tcase_add_test_creds(tcase, "LogonControl2", test_LogonControl2);
4019 torture_rpc_tcase_add_test_creds(tcase, "LogonControl2Ex", test_LogonControl2Ex);
4020
4021 return suite;
4022 }
Samba GIT mirror