search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
subunit: Support formatting compatible with upstream subunit, for consistency.
[Samba/gebeck_regimport.git] / source4 / torture / rpc / netlogon.c
blobc469de9ec99b0a5cdb5899647df287fbd7bfe7d1
1 /*
2 Unix SMB/CIFS implementation.
3
4 test suite for netlogon rpc operations
5
6 Copyright (C) Andrew Tridgell 2003
7 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2003-2004
8 Copyright (C) Tim Potter 2003
9 Copyright (C) Matthias Dieter Wallnöfer 2009-2010
10
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 3 of the License, or
14 (at your option) any later version.
15
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
20
21 You should have received a copy of the GNU General Public License
22 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 */
24
25 #include "includes.h"
26 #include "lib/events/events.h"
27 #include "lib/cmdline/popt_common.h"
28 #include "torture/rpc/rpc.h"
29 #include "../lib/crypto/crypto.h"
30 #include "libcli/auth/libcli_auth.h"
31 #include "librpc/gen_ndr/ndr_netlogon_c.h"
32 #include "librpc/gen_ndr/ndr_lsa_c.h"
33 #include "param/param.h"
34 #include "libcli/security/security.h"
35 #include "lib/ldb/include/ldb.h"
36 #include "lib/util/util_ldb.h"
37 #include "lib/ldb_wrap.h"
38
39 #define TEST_MACHINE_NAME "torturetest"
40
41 static bool test_LogonUasLogon(struct torture_context *tctx,
42 struct dcerpc_pipe *p)
43 {
44 NTSTATUS status;
45 struct netr_LogonUasLogon r;
46 struct netr_UasInfo *info = NULL;
47 struct dcerpc_binding_handle *b = p->binding_handle;
48
49 r.in.server_name = NULL;
50 r.in.account_name = cli_credentials_get_username(cmdline_credentials);
51 r.in.workstation = TEST_MACHINE_NAME;
52 r.out.info = &info;
53
54 status = dcerpc_netr_LogonUasLogon_r(b, tctx, &r);
55 torture_assert_ntstatus_ok(tctx, status, "LogonUasLogon");
56
57 return true;
58 }
59
60 static bool test_LogonUasLogoff(struct torture_context *tctx,
61 struct dcerpc_pipe *p)
62 {
63 NTSTATUS status;
64 struct netr_LogonUasLogoff r;
65 struct netr_UasLogoffInfo info;
66 struct dcerpc_binding_handle *b = p->binding_handle;
67
68 r.in.server_name = NULL;
69 r.in.account_name = cli_credentials_get_username(cmdline_credentials);
70 r.in.workstation = TEST_MACHINE_NAME;
71 r.out.info = &info;
72
73 status = dcerpc_netr_LogonUasLogoff_r(b, tctx, &r);
74 torture_assert_ntstatus_ok(tctx, status, "LogonUasLogoff");
75
76 return true;
77 }
78
79 bool test_SetupCredentials(struct dcerpc_pipe *p, struct torture_context *tctx,
80 struct cli_credentials *credentials,
81 struct netlogon_creds_CredentialState **creds_out)
82 {
83 struct netr_ServerReqChallenge r;
84 struct netr_ServerAuthenticate a;
85 struct netr_Credential credentials1, credentials2, credentials3;
86 struct netlogon_creds_CredentialState *creds;
87 const struct samr_Password *mach_password;
88 const char *machine_name;
89 struct dcerpc_binding_handle *b = p->binding_handle;
90
91 mach_password = cli_credentials_get_nt_hash(credentials, tctx);
92 machine_name = cli_credentials_get_workstation(credentials);
93
94 torture_comment(tctx, "Testing ServerReqChallenge\n");
95
96 r.in.server_name = NULL;
97 r.in.computer_name = machine_name;
98 r.in.credentials = &credentials1;
99 r.out.return_credentials = &credentials2;
100
101 generate_random_buffer(credentials1.data, sizeof(credentials1.data));
102
103 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b, tctx, &r),
104 "ServerReqChallenge failed");
105 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerReqChallenge failed");
106
107 a.in.server_name = NULL;
108 a.in.account_name = talloc_asprintf(tctx, "%s$", machine_name);
109 a.in.secure_channel_type = cli_credentials_get_secure_channel_type(credentials);
110 a.in.computer_name = machine_name;
111 a.in.credentials = &credentials3;
112 a.out.return_credentials = &credentials3;
113
114 creds = netlogon_creds_client_init(tctx, a.in.account_name,
115 a.in.computer_name,
116 &credentials1, &credentials2,
117 mach_password, &credentials3,
118 0);
119 torture_assert(tctx, creds != NULL, "memory allocation");
120
121
122 torture_comment(tctx, "Testing ServerAuthenticate\n");
123
124 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerAuthenticate_r(b, tctx, &a),
125 "ServerAuthenticate failed");
126
127 /* This allows the tests to continue against the more fussy windows 2008 */
128 if (NT_STATUS_EQUAL(a.out.result, NT_STATUS_DOWNGRADE_DETECTED)) {
129 return test_SetupCredentials2(p, tctx, NETLOGON_NEG_AUTH2_ADS_FLAGS,
130 credentials,
131 cli_credentials_get_secure_channel_type(credentials),
132 creds_out);
133 }
134
135 torture_assert_ntstatus_ok(tctx, a.out.result, "ServerAuthenticate");
136
137 torture_assert(tctx, netlogon_creds_client_check(creds, &credentials3),
138 "Credential chaining failed");
139
140 *creds_out = creds;
141 return true;
142 }
143
144 bool test_SetupCredentials2(struct dcerpc_pipe *p, struct torture_context *tctx,
145 uint32_t negotiate_flags,
146 struct cli_credentials *machine_credentials,
147 int sec_chan_type,
148 struct netlogon_creds_CredentialState **creds_out)
149 {
150 struct netr_ServerReqChallenge r;
151 struct netr_ServerAuthenticate2 a;
152 struct netr_Credential credentials1, credentials2, credentials3;
153 struct netlogon_creds_CredentialState *creds;
154 const struct samr_Password *mach_password;
155 const char *machine_name;
156 struct dcerpc_binding_handle *b = p->binding_handle;
157
158 mach_password = cli_credentials_get_nt_hash(machine_credentials, tctx);
159 machine_name = cli_credentials_get_workstation(machine_credentials);
160
161 torture_comment(tctx, "Testing ServerReqChallenge\n");
162
163
164 r.in.server_name = NULL;
165 r.in.computer_name = machine_name;
166 r.in.credentials = &credentials1;
167 r.out.return_credentials = &credentials2;
168
169 generate_random_buffer(credentials1.data, sizeof(credentials1.data));
170
171 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b, tctx, &r),
172 "ServerReqChallenge failed");
173 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerReqChallenge failed");
174
175 a.in.server_name = NULL;
176 a.in.account_name = talloc_asprintf(tctx, "%s$", machine_name);
177 a.in.secure_channel_type = sec_chan_type;
178 a.in.computer_name = machine_name;
179 a.in.negotiate_flags = &negotiate_flags;
180 a.out.negotiate_flags = &negotiate_flags;
181 a.in.credentials = &credentials3;
182 a.out.return_credentials = &credentials3;
183
184 creds = netlogon_creds_client_init(tctx, a.in.account_name,
185 a.in.computer_name,
186 &credentials1, &credentials2,
187 mach_password, &credentials3,
188 negotiate_flags);
189
190 torture_assert(tctx, creds != NULL, "memory allocation");
191
192 torture_comment(tctx, "Testing ServerAuthenticate2\n");
193
194 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerAuthenticate2_r(b, tctx, &a),
195 "ServerAuthenticate2 failed");
196 torture_assert_ntstatus_ok(tctx, a.out.result, "ServerAuthenticate2 failed");
197
198 torture_assert(tctx, netlogon_creds_client_check(creds, &credentials3),
199 "Credential chaining failed");
200
201 torture_comment(tctx, "negotiate_flags=0x%08x\n", negotiate_flags);
202
203 *creds_out = creds;
204 return true;
205 }
206
207
208 static bool test_SetupCredentials3(struct dcerpc_pipe *p, struct torture_context *tctx,
209 uint32_t negotiate_flags,
210 struct cli_credentials *machine_credentials,
211 struct netlogon_creds_CredentialState **creds_out)
212 {
213 struct netr_ServerReqChallenge r;
214 struct netr_ServerAuthenticate3 a;
215 struct netr_Credential credentials1, credentials2, credentials3;
216 struct netlogon_creds_CredentialState *creds;
217 struct samr_Password mach_password;
218 uint32_t rid;
219 const char *machine_name;
220 const char *plain_pass;
221 struct dcerpc_binding_handle *b = p->binding_handle;
222
223 machine_name = cli_credentials_get_workstation(machine_credentials);
224 plain_pass = cli_credentials_get_password(machine_credentials);
225
226 torture_comment(tctx, "Testing ServerReqChallenge\n");
227
228 r.in.server_name = NULL;
229 r.in.computer_name = machine_name;
230 r.in.credentials = &credentials1;
231 r.out.return_credentials = &credentials2;
232
233 generate_random_buffer(credentials1.data, sizeof(credentials1.data));
234
235 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b, tctx, &r),
236 "ServerReqChallenge failed");
237 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerReqChallenge failed");
238
239 E_md4hash(plain_pass, mach_password.hash);
240
241 a.in.server_name = NULL;
242 a.in.account_name = talloc_asprintf(tctx, "%s$", machine_name);
243 a.in.secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
244 a.in.computer_name = machine_name;
245 a.in.negotiate_flags = &negotiate_flags;
246 a.in.credentials = &credentials3;
247 a.out.return_credentials = &credentials3;
248 a.out.negotiate_flags = &negotiate_flags;
249 a.out.rid = &rid;
250
251 creds = netlogon_creds_client_init(tctx, a.in.account_name,
252 a.in.computer_name,
253 &credentials1, &credentials2,
254 &mach_password, &credentials3,
255 negotiate_flags);
256
257 torture_assert(tctx, creds != NULL, "memory allocation");
258
259 torture_comment(tctx, "Testing ServerAuthenticate3\n");
260
261 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerAuthenticate3_r(b, tctx, &a),
262 "ServerAuthenticate3 failed");
263 torture_assert_ntstatus_ok(tctx, a.out.result, "ServerAuthenticate3 failed");
264 torture_assert(tctx, netlogon_creds_client_check(creds, &credentials3), "Credential chaining failed");
265
266 torture_comment(tctx, "negotiate_flags=0x%08x\n", negotiate_flags);
267
268 /* Prove that requesting a challenge again won't break it */
269 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b, tctx, &r),
270 "ServerReqChallenge failed");
271 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerReqChallenge failed");
272
273 *creds_out = creds;
274 return true;
275 }
276
277 /*
278 try a change password for our machine account
279 */
280 static bool test_SetPassword(struct torture_context *tctx,
281 struct dcerpc_pipe *p,
282 struct cli_credentials *machine_credentials)
283 {
284 struct netr_ServerPasswordSet r;
285 const char *password;
286 struct netlogon_creds_CredentialState *creds;
287 struct netr_Authenticator credential, return_authenticator;
288 struct samr_Password new_password;
289 struct dcerpc_binding_handle *b = p->binding_handle;
290
291 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
292 return false;
293 }
294
295 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
296 r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
297 r.in.secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
298 r.in.computer_name = TEST_MACHINE_NAME;
299 r.in.credential = &credential;
300 r.in.new_password = &new_password;
301 r.out.return_authenticator = &return_authenticator;
302
303 password = generate_random_password(tctx, 8, 255);
304 E_md4hash(password, new_password.hash);
305
306 netlogon_creds_des_encrypt(creds, &new_password);
307
308 torture_comment(tctx, "Testing ServerPasswordSet on machine account\n");
309 torture_comment(tctx, "Changing machine account password to '%s'\n",
310 password);
311
312 netlogon_creds_client_authenticator(creds, &credential);
313
314 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerPasswordSet_r(b, tctx, &r),
315 "ServerPasswordSet failed");
316 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerPasswordSet failed");
317
318 if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
319 torture_comment(tctx, "Credential chaining failed\n");
320 }
321
322 /* by changing the machine password twice we test the
323 credentials chaining fully, and we verify that the server
324 allows the password to be set to the same value twice in a
325 row (match win2k3) */
326 torture_comment(tctx,
327 "Testing a second ServerPasswordSet on machine account\n");
328 torture_comment(tctx,
329 "Changing machine account password to '%s' (same as previous run)\n", password);
330
331 netlogon_creds_client_authenticator(creds, &credential);
332
333 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerPasswordSet_r(b, tctx, &r),
334 "ServerPasswordSet (2) failed");
335 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerPasswordSet (2) failed");
336
337 if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
338 torture_comment(tctx, "Credential chaining failed\n");
339 }
340
341 cli_credentials_set_password(machine_credentials, password, CRED_SPECIFIED);
342
343 torture_assert(tctx,
344 test_SetupCredentials(p, tctx, machine_credentials, &creds),
345 "ServerPasswordSet failed to actually change the password");
346
347 return true;
348 }
349
350 /*
351 try a change password for our machine account
352 */
353 static bool test_SetPassword_flags(struct torture_context *tctx,
354 struct dcerpc_pipe *p,
355 struct cli_credentials *machine_credentials,
356 uint32_t negotiate_flags)
357 {
358 struct netr_ServerPasswordSet r;
359 const char *password;
360 struct netlogon_creds_CredentialState *creds;
361 struct netr_Authenticator credential, return_authenticator;
362 struct samr_Password new_password;
363 struct dcerpc_binding_handle *b = p->binding_handle;
364
365 if (!test_SetupCredentials2(p, tctx, negotiate_flags,
366 machine_credentials,
367 cli_credentials_get_secure_channel_type(machine_credentials),
368 &creds)) {
369 return false;
370 }
371
372 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
373 r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
374 r.in.secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
375 r.in.computer_name = TEST_MACHINE_NAME;
376 r.in.credential = &credential;
377 r.in.new_password = &new_password;
378 r.out.return_authenticator = &return_authenticator;
379
380 password = generate_random_password(tctx, 8, 255);
381 E_md4hash(password, new_password.hash);
382
383 netlogon_creds_des_encrypt(creds, &new_password);
384
385 torture_comment(tctx, "Testing ServerPasswordSet on machine account\n");
386 torture_comment(tctx, "Changing machine account password to '%s'\n",
387 password);
388
389 netlogon_creds_client_authenticator(creds, &credential);
390
391 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerPasswordSet_r(b, tctx, &r),
392 "ServerPasswordSet failed");
393 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerPasswordSet failed");
394
395 if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
396 torture_comment(tctx, "Credential chaining failed\n");
397 }
398
399 /* by changing the machine password twice we test the
400 credentials chaining fully, and we verify that the server
401 allows the password to be set to the same value twice in a
402 row (match win2k3) */
403 torture_comment(tctx,
404 "Testing a second ServerPasswordSet on machine account\n");
405 torture_comment(tctx,
406 "Changing machine account password to '%s' (same as previous run)\n", password);
407
408 netlogon_creds_client_authenticator(creds, &credential);
409
410 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerPasswordSet_r(b, tctx, &r),
411 "ServerPasswordSet (2) failed");
412 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerPasswordSet (2) failed");
413
414 if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
415 torture_comment(tctx, "Credential chaining failed\n");
416 }
417
418 cli_credentials_set_password(machine_credentials, password, CRED_SPECIFIED);
419
420 torture_assert(tctx,
421 test_SetupCredentials(p, tctx, machine_credentials, &creds),
422 "ServerPasswordSet failed to actually change the password");
423
424 return true;
425 }
426
427
428 /*
429 generate a random password for password change tests
430 */
431 static DATA_BLOB netlogon_very_rand_pass(TALLOC_CTX *mem_ctx, int len)
432 {
433 int i;
434 DATA_BLOB password = data_blob_talloc(mem_ctx, NULL, len * 2 /* number of unicode chars */);
435 generate_random_buffer(password.data, password.length);
436
437 for (i=0; i < len; i++) {
438 if (((uint16_t *)password.data)[i] == 0) {
439 ((uint16_t *)password.data)[i] = 1;
440 }
441 }
442
443 return password;
444 }
445
446 /*
447 try a change password for our machine account
448 */
449 static bool test_SetPassword2(struct torture_context *tctx,
450 struct dcerpc_pipe *p,
451 struct cli_credentials *machine_credentials)
452 {
453 struct netr_ServerPasswordSet2 r;
454 const char *password;
455 DATA_BLOB new_random_pass;
456 struct netlogon_creds_CredentialState *creds;
457 struct samr_CryptPassword password_buf;
458 struct samr_Password nt_hash;
459 struct netr_Authenticator credential, return_authenticator;
460 struct netr_CryptPassword new_password;
461 struct dcerpc_binding_handle *b = p->binding_handle;
462
463 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
464 return false;
465 }
466
467 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
468 r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
469 r.in.secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
470 r.in.computer_name = TEST_MACHINE_NAME;
471 r.in.credential = &credential;
472 r.in.new_password = &new_password;
473 r.out.return_authenticator = &return_authenticator;
474
475 password = generate_random_password(tctx, 8, 255);
476 encode_pw_buffer(password_buf.data, password, STR_UNICODE);
477 netlogon_creds_arcfour_crypt(creds, password_buf.data, 516);
478
479 memcpy(new_password.data, password_buf.data, 512);
480 new_password.length = IVAL(password_buf.data, 512);
481
482 torture_comment(tctx, "Testing ServerPasswordSet2 on machine account\n");
483 torture_comment(tctx, "Changing machine account password to '%s'\n", password);
484
485 netlogon_creds_client_authenticator(creds, &credential);
486
487 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerPasswordSet2_r(b, tctx, &r),
488 "ServerPasswordSet2 failed");
489 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerPasswordSet2 failed");
490
491 if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
492 torture_comment(tctx, "Credential chaining failed\n");
493 }
494
495 cli_credentials_set_password(machine_credentials, password, CRED_SPECIFIED);
496
497 if (!torture_setting_bool(tctx, "dangerous", false)) {
498 torture_comment(tctx,
499 "Not testing ability to set password to '', enable dangerous tests to perform this test\n");
500 } else {
501 /* by changing the machine password to ""
502 * we check if the server uses password restrictions
503 * for ServerPasswordSet2
504 * (win2k3 accepts "")
505 */
506 password = "";
507 encode_pw_buffer(password_buf.data, password, STR_UNICODE);
508 netlogon_creds_arcfour_crypt(creds, password_buf.data, 516);
509
510 memcpy(new_password.data, password_buf.data, 512);
511 new_password.length = IVAL(password_buf.data, 512);
512
513 torture_comment(tctx,
514 "Testing ServerPasswordSet2 on machine account\n");
515 torture_comment(tctx,
516 "Changing machine account password to '%s'\n", password);
517
518 netlogon_creds_client_authenticator(creds, &credential);
519
520 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerPasswordSet2_r(b, tctx, &r),
521 "ServerPasswordSet2 failed");
522 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerPasswordSet2 failed");
523
524 if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
525 torture_comment(tctx, "Credential chaining failed\n");
526 }
527
528 cli_credentials_set_password(machine_credentials, password, CRED_SPECIFIED);
529 }
530
531 torture_assert(tctx, test_SetupCredentials(p, tctx, machine_credentials, &creds),
532 "ServerPasswordSet failed to actually change the password");
533
534 /* now try a random password */
535 password = generate_random_password(tctx, 8, 255);
536 encode_pw_buffer(password_buf.data, password, STR_UNICODE);
537 netlogon_creds_arcfour_crypt(creds, password_buf.data, 516);
538
539 memcpy(new_password.data, password_buf.data, 512);
540 new_password.length = IVAL(password_buf.data, 512);
541
542 torture_comment(tctx, "Testing second ServerPasswordSet2 on machine account\n");
543 torture_comment(tctx, "Changing machine account password to '%s'\n", password);
544
545 netlogon_creds_client_authenticator(creds, &credential);
546
547 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerPasswordSet2_r(b, tctx, &r),
548 "ServerPasswordSet2 (2) failed");
549 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerPasswordSet2 (2) failed");
550
551 if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
552 torture_comment(tctx, "Credential chaining failed\n");
553 }
554
555 /* by changing the machine password twice we test the
556 credentials chaining fully, and we verify that the server
557 allows the password to be set to the same value twice in a
558 row (match win2k3) */
559 torture_comment(tctx,
560 "Testing a second ServerPasswordSet2 on machine account\n");
561 torture_comment(tctx,
562 "Changing machine account password to '%s' (same as previous run)\n", password);
563
564 netlogon_creds_client_authenticator(creds, &credential);
565
566 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerPasswordSet2_r(b, tctx, &r),
567 "ServerPasswordSet (3) failed");
568 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerPasswordSet (3) failed");
569
570 if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
571 torture_comment(tctx, "Credential chaining failed\n");
572 }
573
574 cli_credentials_set_password(machine_credentials, password, CRED_SPECIFIED);
575
576 torture_assert (tctx,
577 test_SetupCredentials(p, tctx, machine_credentials, &creds),
578 "ServerPasswordSet failed to actually change the password");
579
580 new_random_pass = netlogon_very_rand_pass(tctx, 128);
581
582 /* now try a random stream of bytes for a password */
583 set_pw_in_buffer(password_buf.data, &new_random_pass);
584
585 netlogon_creds_arcfour_crypt(creds, password_buf.data, 516);
586
587 memcpy(new_password.data, password_buf.data, 512);
588 new_password.length = IVAL(password_buf.data, 512);
589
590 torture_comment(tctx,
591 "Testing a third ServerPasswordSet2 on machine account, with a compleatly random password\n");
592
593 netlogon_creds_client_authenticator(creds, &credential);
594
595 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerPasswordSet2_r(b, tctx, &r),
596 "ServerPasswordSet (3) failed");
597 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerPasswordSet (3) failed");
598
599 if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
600 torture_comment(tctx, "Credential chaining failed\n");
601 }
602
603 mdfour(nt_hash.hash, new_random_pass.data, new_random_pass.length);
604
605 cli_credentials_set_password(machine_credentials, NULL, CRED_UNINITIALISED);
606 cli_credentials_set_nt_hash(machine_credentials, &nt_hash, CRED_SPECIFIED);
607
608 torture_assert (tctx,
609 test_SetupCredentials(p, tctx, machine_credentials, &creds),
610 "ServerPasswordSet failed to actually change the password");
611
612 return true;
613 }
614
615 static bool test_GetPassword(struct torture_context *tctx,
616 struct dcerpc_pipe *p,
617 struct cli_credentials *machine_credentials)
618 {
619 struct netr_ServerPasswordGet r;
620 struct netlogon_creds_CredentialState *creds;
621 struct netr_Authenticator credential;
622 NTSTATUS status;
623 struct netr_Authenticator return_authenticator;
624 struct samr_Password password;
625 struct dcerpc_binding_handle *b = p->binding_handle;
626
627 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
628 return false;
629 }
630
631 netlogon_creds_client_authenticator(creds, &credential);
632
633 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
634 r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
635 r.in.secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
636 r.in.computer_name = TEST_MACHINE_NAME;
637 r.in.credential = &credential;
638 r.out.return_authenticator = &return_authenticator;
639 r.out.password = &password;
640
641 status = dcerpc_netr_ServerPasswordGet_r(b, tctx, &r);
642 torture_assert_ntstatus_ok(tctx, status, "ServerPasswordGet");
643
644 return true;
645 }
646
647 static bool test_GetTrustPasswords(struct torture_context *tctx,
648 struct dcerpc_pipe *p,
649 struct cli_credentials *machine_credentials)
650 {
651 struct netr_ServerTrustPasswordsGet r;
652 struct netlogon_creds_CredentialState *creds;
653 struct netr_Authenticator credential;
654 struct netr_Authenticator return_authenticator;
655 struct samr_Password password, password2;
656 struct dcerpc_binding_handle *b = p->binding_handle;
657
658 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
659 return false;
660 }
661
662 netlogon_creds_client_authenticator(creds, &credential);
663
664 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
665 r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
666 r.in.secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
667 r.in.computer_name = TEST_MACHINE_NAME;
668 r.in.credential = &credential;
669 r.out.return_authenticator = &return_authenticator;
670 r.out.password = &password;
671 r.out.password2 = &password2;
672
673 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerTrustPasswordsGet_r(b, tctx, &r),
674 "ServerTrustPasswordsGet failed");
675 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerTrustPasswordsGet failed");
676
677 return true;
678 }
679
680 /*
681 try a netlogon SamLogon
682 */
683 static bool test_netlogon_ops_args(struct dcerpc_pipe *p, struct torture_context *tctx,
684 struct cli_credentials *credentials,
685 struct netlogon_creds_CredentialState *creds,
686 bool null_domain)
687 {
688 NTSTATUS status;
689 struct netr_LogonSamLogon r;
690 struct netr_Authenticator auth, auth2;
691 union netr_LogonLevel logon;
692 union netr_Validation validation;
693 uint8_t authoritative;
694 struct netr_NetworkInfo ninfo;
695 DATA_BLOB names_blob, chal, lm_resp, nt_resp;
696 int i;
697 struct dcerpc_binding_handle *b = p->binding_handle;
698 int flags = CLI_CRED_NTLM_AUTH;
699 if (lp_client_lanman_auth(tctx->lp_ctx)) {
700 flags |= CLI_CRED_LANMAN_AUTH;
701 }
702
703 if (lp_client_ntlmv2_auth(tctx->lp_ctx)) {
704 flags |= CLI_CRED_NTLMv2_AUTH;
705 }
706
707 cli_credentials_get_ntlm_username_domain(cmdline_credentials, tctx,
708 &ninfo.identity_info.account_name.string,
709 &ninfo.identity_info.domain_name.string);
710
711 if (null_domain) {
712 ninfo.identity_info.domain_name.string = NULL;
713 }
714
715 generate_random_buffer(ninfo.challenge,
716 sizeof(ninfo.challenge));
717 chal = data_blob_const(ninfo.challenge,
718 sizeof(ninfo.challenge));
719
720 names_blob = NTLMv2_generate_names_blob(tctx, cli_credentials_get_workstation(credentials),
721 cli_credentials_get_domain(credentials));
722
723 status = cli_credentials_get_ntlm_response(cmdline_credentials, tctx,
724 &flags,
725 chal,
726 names_blob,
727 &lm_resp, &nt_resp,
728 NULL, NULL);
729 torture_assert_ntstatus_ok(tctx, status, "cli_credentials_get_ntlm_response failed");
730
731 ninfo.lm.data = lm_resp.data;
732 ninfo.lm.length = lm_resp.length;
733
734 ninfo.nt.data = nt_resp.data;
735 ninfo.nt.length = nt_resp.length;
736
737 ninfo.identity_info.parameter_control = 0;
738 ninfo.identity_info.logon_id_low = 0;
739 ninfo.identity_info.logon_id_high = 0;
740 ninfo.identity_info.workstation.string = cli_credentials_get_workstation(credentials);
741
742 logon.network = &ninfo;
743
744 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
745 r.in.computer_name = cli_credentials_get_workstation(credentials);
746 r.in.credential = &auth;
747 r.in.return_authenticator = &auth2;
748 r.in.logon_level = 2;
749 r.in.logon = &logon;
750 r.out.validation = &validation;
751 r.out.authoritative = &authoritative;
752
753 d_printf("Testing LogonSamLogon with name %s\n", ninfo.identity_info.account_name.string);
754
755 for (i=2;i<3;i++) {
756 ZERO_STRUCT(auth2);
757 netlogon_creds_client_authenticator(creds, &auth);
758
759 r.in.validation_level = i;
760
761 torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
762 "LogonSamLogon failed");
763 torture_assert_ntstatus_ok(tctx, r.out.result, "LogonSamLogon failed");
764
765 torture_assert(tctx, netlogon_creds_client_check(creds,
766 &r.out.return_authenticator->cred),
767 "Credential chaining failed");
768 }
769
770 r.in.credential = NULL;
771
772 for (i=2;i<=3;i++) {
773
774 r.in.validation_level = i;
775
776 torture_comment(tctx, "Testing SamLogon with validation level %d and a NULL credential\n", i);
777
778 torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogon_r(b, tctx, &r),
779 "LogonSamLogon failed");
780 torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_INVALID_PARAMETER,
781 "LogonSamLogon expected INVALID_PARAMETER");
782
783 }
784
785 return true;
786 }
787
788 bool test_netlogon_ops(struct dcerpc_pipe *p, struct torture_context *tctx,
789 struct cli_credentials *credentials,
790 struct netlogon_creds_CredentialState *creds)
791 {
792 return test_netlogon_ops_args(p, tctx, credentials, creds, false);
793 }
794
795 /*
796 try a netlogon SamLogon
797 */
798 static bool test_SamLogon(struct torture_context *tctx,
799 struct dcerpc_pipe *p,
800 struct cli_credentials *credentials)
801 {
802 struct netlogon_creds_CredentialState *creds;
803
804 if (!test_SetupCredentials(p, tctx, credentials, &creds)) {
805 return false;
806 }
807
808 return test_netlogon_ops(p, tctx, credentials, creds);
809 }
810
811 static bool test_SamLogon_NULL_domain(struct torture_context *tctx,
812 struct dcerpc_pipe *p,
813 struct cli_credentials *credentials)
814 {
815 struct netlogon_creds_CredentialState *creds;
816
817 if (!test_SetupCredentials(p, tctx, credentials, &creds)) {
818 return false;
819 }
820
821 return test_netlogon_ops_args(p, tctx, credentials, creds, true);
822 }
823
824 /* we remember the sequence numbers so we can easily do a DatabaseDelta */
825 static uint64_t sequence_nums[3];
826
827 /*
828 try a netlogon DatabaseSync
829 */
830 static bool test_DatabaseSync(struct torture_context *tctx,
831 struct dcerpc_pipe *p,
832 struct cli_credentials *machine_credentials)
833 {
834 struct netr_DatabaseSync r;
835 struct netlogon_creds_CredentialState *creds;
836 const uint32_t database_ids[] = {SAM_DATABASE_DOMAIN, SAM_DATABASE_BUILTIN, SAM_DATABASE_PRIVS};
837 int i;
838 struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
839 struct netr_Authenticator credential, return_authenticator;
840 struct dcerpc_binding_handle *b = p->binding_handle;
841
842 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
843 return false;
844 }
845
846 ZERO_STRUCT(return_authenticator);
847
848 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
849 r.in.computername = TEST_MACHINE_NAME;
850 r.in.preferredmaximumlength = (uint32_t)-1;
851 r.in.return_authenticator = &return_authenticator;
852 r.out.delta_enum_array = &delta_enum_array;
853 r.out.return_authenticator = &return_authenticator;
854
855 for (i=0;i<ARRAY_SIZE(database_ids);i++) {
856
857 uint32_t sync_context = 0;
858
859 r.in.database_id = database_ids[i];
860 r.in.sync_context = &sync_context;
861 r.out.sync_context = &sync_context;
862
863 torture_comment(tctx, "Testing DatabaseSync of id %d\n", r.in.database_id);
864
865 do {
866 netlogon_creds_client_authenticator(creds, &credential);
867
868 r.in.credential = &credential;
869
870 torture_assert_ntstatus_ok(tctx, dcerpc_netr_DatabaseSync_r(b, tctx, &r),
871 "DatabaseSync failed");
872 if (NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES))
873 break;
874
875 /* Native mode servers don't do this */
876 if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_NOT_SUPPORTED)) {
877 return true;
878 }
879 torture_assert_ntstatus_ok(tctx, r.out.result, "DatabaseSync");
880
881 if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
882 torture_comment(tctx, "Credential chaining failed\n");
883 }
884
885 if (delta_enum_array &&
886 delta_enum_array->num_deltas > 0 &&
887 delta_enum_array->delta_enum[0].delta_type == NETR_DELTA_DOMAIN &&
888 delta_enum_array->delta_enum[0].delta_union.domain) {
889 sequence_nums[r.in.database_id] =
890 delta_enum_array->delta_enum[0].delta_union.domain->sequence_num;
891 torture_comment(tctx, "\tsequence_nums[%d]=%llu\n",
892 r.in.database_id,
893 (unsigned long long)sequence_nums[r.in.database_id]);
894 }
895 } while (NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES));
896 }
897
898 return true;
899 }
900
901
902 /*
903 try a netlogon DatabaseDeltas
904 */
905 static bool test_DatabaseDeltas(struct torture_context *tctx,
906 struct dcerpc_pipe *p,
907 struct cli_credentials *machine_credentials)
908 {
909 struct netr_DatabaseDeltas r;
910 struct netlogon_creds_CredentialState *creds;
911 struct netr_Authenticator credential;
912 struct netr_Authenticator return_authenticator;
913 struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
914 const uint32_t database_ids[] = {0, 1, 2};
915 int i;
916 struct dcerpc_binding_handle *b = p->binding_handle;
917
918 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
919 return false;
920 }
921
922 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
923 r.in.computername = TEST_MACHINE_NAME;
924 r.in.preferredmaximumlength = (uint32_t)-1;
925 ZERO_STRUCT(r.in.return_authenticator);
926 r.out.return_authenticator = &return_authenticator;
927 r.out.delta_enum_array = &delta_enum_array;
928
929 for (i=0;i<ARRAY_SIZE(database_ids);i++) {
930 r.in.database_id = database_ids[i];
931 r.in.sequence_num = &sequence_nums[r.in.database_id];
932
933 if (*r.in.sequence_num == 0) continue;
934
935 *r.in.sequence_num -= 1;
936
937 torture_comment(tctx, "Testing DatabaseDeltas of id %d at %llu\n",
938 r.in.database_id, (unsigned long long)*r.in.sequence_num);
939
940 do {
941 netlogon_creds_client_authenticator(creds, &credential);
942
943 torture_assert_ntstatus_ok(tctx, dcerpc_netr_DatabaseDeltas_r(b, tctx, &r),
944 "DatabaseDeltas failed");
945 if (NT_STATUS_EQUAL(r.out.result,
946 NT_STATUS_SYNCHRONIZATION_REQUIRED)) {
947 torture_comment(tctx, "not considering %s to be an error\n",
948 nt_errstr(r.out.result));
949 return true;
950 }
951 if (NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES))
952 break;
953
954 torture_assert_ntstatus_ok(tctx, r.out.result, "DatabaseDeltas");
955
956 if (!netlogon_creds_client_check(creds, &return_authenticator.cred)) {
957 torture_comment(tctx, "Credential chaining failed\n");
958 }
959
960 (*r.in.sequence_num)++;
961 } while (NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES));
962 }
963
964 return true;
965 }
966
967 static bool test_DatabaseRedo(struct torture_context *tctx,
968 struct dcerpc_pipe *p,
969 struct cli_credentials *machine_credentials)
970 {
971 struct netr_DatabaseRedo r;
972 struct netlogon_creds_CredentialState *creds;
973 struct netr_Authenticator credential;
974 struct netr_Authenticator return_authenticator;
975 struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
976 struct netr_ChangeLogEntry e;
977 struct dom_sid null_sid, *sid;
978 int i,d;
979 struct dcerpc_binding_handle *b = p->binding_handle;
980
981 ZERO_STRUCT(null_sid);
982
983 sid = dom_sid_parse_talloc(tctx, "S-1-5-21-1111111111-2222222222-333333333-500");
984
985 {
986
987 struct {
988 uint32_t rid;
989 uint16_t flags;
990 uint8_t db_index;
991 uint8_t delta_type;
992 struct dom_sid sid;
993 const char *name;
994 NTSTATUS expected_error;
995 uint32_t expected_num_results;
996 uint8_t expected_delta_type_1;
997 uint8_t expected_delta_type_2;
998 const char *comment;
999 } changes[] = {
1000
1001 /* SAM_DATABASE_DOMAIN */
1002
1003 {
1004 .rid = 0,
1005 .flags = 0,
1006 .db_index = SAM_DATABASE_DOMAIN,
1007 .delta_type = NETR_DELTA_MODIFY_COUNT,
1008 .sid = null_sid,
1009 .name = NULL,
1010 .expected_error = NT_STATUS_SYNCHRONIZATION_REQUIRED,
1011 .expected_num_results = 0,
1012 .comment = "NETR_DELTA_MODIFY_COUNT"
1013 },
1014 {
1015 .rid = 0,
1016 .flags = 0,
1017 .db_index = SAM_DATABASE_DOMAIN,
1018 .delta_type = 0,
1019 .sid = null_sid,
1020 .name = NULL,
1021 .expected_error = NT_STATUS_OK,
1022 .expected_num_results = 1,
1023 .expected_delta_type_1 = NETR_DELTA_DOMAIN,
1024 .comment = "NULL DELTA"
1025 },
1026 {
1027 .rid = 0,
1028 .flags = 0,
1029 .db_index = SAM_DATABASE_DOMAIN,
1030 .delta_type = NETR_DELTA_DOMAIN,
1031 .sid = null_sid,
1032 .name = NULL,
1033 .expected_error = NT_STATUS_OK,
1034 .expected_num_results = 1,
1035 .expected_delta_type_1 = NETR_DELTA_DOMAIN,
1036 .comment = "NETR_DELTA_DOMAIN"
1037 },
1038 {
1039 .rid = DOMAIN_RID_ADMINISTRATOR,
1040 .flags = 0,
1041 .db_index = SAM_DATABASE_DOMAIN,
1042 .delta_type = NETR_DELTA_USER,
1043 .sid = null_sid,
1044 .name = NULL,
1045 .expected_error = NT_STATUS_OK,
1046 .expected_num_results = 1,
1047 .expected_delta_type_1 = NETR_DELTA_USER,
1048 .comment = "NETR_DELTA_USER by rid 500"
1049 },
1050 {
1051 .rid = DOMAIN_RID_GUEST,
1052 .flags = 0,
1053 .db_index = SAM_DATABASE_DOMAIN,
1054 .delta_type = NETR_DELTA_USER,
1055 .sid = null_sid,
1056 .name = NULL,
1057 .expected_error = NT_STATUS_OK,
1058 .expected_num_results = 1,
1059 .expected_delta_type_1 = NETR_DELTA_USER,
1060 .comment = "NETR_DELTA_USER by rid 501"
1061 },
1062 {
1063 .rid = 0,
1064 .flags = NETR_CHANGELOG_SID_INCLUDED,
1065 .db_index = SAM_DATABASE_DOMAIN,
1066 .delta_type = NETR_DELTA_USER,
1067 .sid = *sid,
1068 .name = NULL,
1069 .expected_error = NT_STATUS_OK,
1070 .expected_num_results = 1,
1071 .expected_delta_type_1 = NETR_DELTA_DELETE_USER,
1072 .comment = "NETR_DELTA_USER by sid and flags"
1073 },
1074 {
1075 .rid = 0,
1076 .flags = NETR_CHANGELOG_SID_INCLUDED,
1077 .db_index = SAM_DATABASE_DOMAIN,
1078 .delta_type = NETR_DELTA_USER,
1079 .sid = null_sid,
1080 .name = NULL,
1081 .expected_error = NT_STATUS_OK,
1082 .expected_num_results = 1,
1083 .expected_delta_type_1 = NETR_DELTA_DELETE_USER,
1084 .comment = "NETR_DELTA_USER by null_sid and flags"
1085 },
1086 {
1087 .rid = 0,
1088 .flags = NETR_CHANGELOG_NAME_INCLUDED,
1089 .db_index = SAM_DATABASE_DOMAIN,
1090 .delta_type = NETR_DELTA_USER,
1091 .sid = null_sid,
1092 .name = "administrator",
1093 .expected_error = NT_STATUS_OK,
1094 .expected_num_results = 1,
1095 .expected_delta_type_1 = NETR_DELTA_DELETE_USER,
1096 .comment = "NETR_DELTA_USER by name 'administrator'"
1097 },
1098 {
1099 .rid = DOMAIN_RID_ADMINS,
1100 .flags = 0,
1101 .db_index = SAM_DATABASE_DOMAIN,
1102 .delta_type = NETR_DELTA_GROUP,
1103 .sid = null_sid,
1104 .name = NULL,
1105 .expected_error = NT_STATUS_OK,
1106 .expected_num_results = 2,
1107 .expected_delta_type_1 = NETR_DELTA_GROUP,
1108 .expected_delta_type_2 = NETR_DELTA_GROUP_MEMBER,
1109 .comment = "NETR_DELTA_GROUP by rid 512"
1110 },
1111 {
1112 .rid = DOMAIN_RID_ADMINS,
1113 .flags = 0,
1114 .db_index = SAM_DATABASE_DOMAIN,
1115 .delta_type = NETR_DELTA_GROUP_MEMBER,
1116 .sid = null_sid,
1117 .name = NULL,
1118 .expected_error = NT_STATUS_OK,
1119 .expected_num_results = 2,
1120 .expected_delta_type_1 = NETR_DELTA_GROUP,
1121 .expected_delta_type_2 = NETR_DELTA_GROUP_MEMBER,
1122 .comment = "NETR_DELTA_GROUP_MEMBER by rid 512"
1123 },
1124
1125
1126 /* SAM_DATABASE_BUILTIN */
1127
1128 {
1129 .rid = 0,
1130 .flags = 0,
1131 .db_index = SAM_DATABASE_BUILTIN,
1132 .delta_type = NETR_DELTA_MODIFY_COUNT,
1133 .sid = null_sid,
1134 .name = NULL,
1135 .expected_error = NT_STATUS_SYNCHRONIZATION_REQUIRED,
1136 .expected_num_results = 0,
1137 .comment = "NETR_DELTA_MODIFY_COUNT"
1138 },
1139 {
1140 .rid = 0,
1141 .flags = 0,
1142 .db_index = SAM_DATABASE_BUILTIN,
1143 .delta_type = NETR_DELTA_DOMAIN,
1144 .sid = null_sid,
1145 .name = NULL,
1146 .expected_error = NT_STATUS_OK,
1147 .expected_num_results = 1,
1148 .expected_delta_type_1 = NETR_DELTA_DOMAIN,
1149 .comment = "NETR_DELTA_DOMAIN"
1150 },
1151 {
1152 .rid = DOMAIN_RID_ADMINISTRATOR,
1153 .flags = 0,
1154 .db_index = SAM_DATABASE_BUILTIN,
1155 .delta_type = NETR_DELTA_USER,
1156 .sid = null_sid,
1157 .name = NULL,
1158 .expected_error = NT_STATUS_OK,
1159 .expected_num_results = 1,
1160 .expected_delta_type_1 = NETR_DELTA_DELETE_USER,
1161 .comment = "NETR_DELTA_USER by rid 500"
1162 },
1163 {
1164 .rid = 0,
1165 .flags = 0,
1166 .db_index = SAM_DATABASE_BUILTIN,
1167 .delta_type = NETR_DELTA_USER,
1168 .sid = null_sid,
1169 .name = NULL,
1170 .expected_error = NT_STATUS_OK,
1171 .expected_num_results = 1,
1172 .expected_delta_type_1 = NETR_DELTA_DELETE_USER,
1173 .comment = "NETR_DELTA_USER"
1174 },
1175 {
1176 .rid = 544,
1177 .flags = 0,
1178 .db_index = SAM_DATABASE_BUILTIN,
1179 .delta_type = NETR_DELTA_ALIAS,
1180 .sid = null_sid,
1181 .name = NULL,
1182 .expected_error = NT_STATUS_OK,
1183 .expected_num_results = 2,
1184 .expected_delta_type_1 = NETR_DELTA_ALIAS,
1185 .expected_delta_type_2 = NETR_DELTA_ALIAS_MEMBER,
1186 .comment = "NETR_DELTA_ALIAS by rid 544"
1187 },
1188 {
1189 .rid = 544,
1190 .flags = 0,
1191 .db_index = SAM_DATABASE_BUILTIN,
1192 .delta_type = NETR_DELTA_ALIAS_MEMBER,
1193 .sid = null_sid,
1194 .name = NULL,
1195 .expected_error = NT_STATUS_OK,
1196 .expected_num_results = 2,
1197 .expected_delta_type_1 = NETR_DELTA_ALIAS,
1198 .expected_delta_type_2 = NETR_DELTA_ALIAS_MEMBER,
1199 .comment = "NETR_DELTA_ALIAS_MEMBER by rid 544"
1200 },
1201 {
1202 .rid = 544,
1203 .flags = 0,
1204 .db_index = SAM_DATABASE_BUILTIN,
1205 .delta_type = 0,
1206 .sid = null_sid,
1207 .name = NULL,
1208 .expected_error = NT_STATUS_OK,
1209 .expected_num_results = 1,
1210 .expected_delta_type_1 = NETR_DELTA_DOMAIN,
1211 .comment = "NULL DELTA by rid 544"
1212 },
1213 {
1214 .rid = 544,
1215 .flags = NETR_CHANGELOG_SID_INCLUDED,
1216 .db_index = SAM_DATABASE_BUILTIN,
1217 .delta_type = 0,
1218 .sid = *dom_sid_parse_talloc(tctx, "S-1-5-32-544"),
1219 .name = NULL,
1220 .expected_error = NT_STATUS_OK,
1221 .expected_num_results = 1,
1222 .expected_delta_type_1 = NETR_DELTA_DOMAIN,
1223 .comment = "NULL DELTA by rid 544 sid S-1-5-32-544 and flags"
1224 },
1225 {
1226 .rid = 544,
1227 .flags = NETR_CHANGELOG_SID_INCLUDED,
1228 .db_index = SAM_DATABASE_BUILTIN,
1229 .delta_type = NETR_DELTA_ALIAS,
1230 .sid = *dom_sid_parse_talloc(tctx, "S-1-5-32-544"),
1231 .name = NULL,
1232 .expected_error = NT_STATUS_OK,
1233 .expected_num_results = 2,
1234 .expected_delta_type_1 = NETR_DELTA_ALIAS,
1235 .expected_delta_type_2 = NETR_DELTA_ALIAS_MEMBER,
1236 .comment = "NETR_DELTA_ALIAS by rid 544 and sid S-1-5-32-544 and flags"
1237 },
1238 {
1239 .rid = 0,
1240 .flags = NETR_CHANGELOG_SID_INCLUDED,
1241 .db_index = SAM_DATABASE_BUILTIN,
1242 .delta_type = NETR_DELTA_ALIAS,
1243 .sid = *dom_sid_parse_talloc(tctx, "S-1-5-32-544"),
1244 .name = NULL,
1245 .expected_error = NT_STATUS_OK,
1246 .expected_num_results = 1,
1247 .expected_delta_type_1 = NETR_DELTA_DELETE_ALIAS,
1248 .comment = "NETR_DELTA_ALIAS by sid S-1-5-32-544 and flags"
1249 },
1250
1251 /* SAM_DATABASE_PRIVS */
1252
1253 {
1254 .rid = 0,
1255 .flags = 0,
1256 .db_index = SAM_DATABASE_PRIVS,
1257 .delta_type = 0,
1258 .sid = null_sid,
1259 .name = NULL,
1260 .expected_error = NT_STATUS_ACCESS_DENIED,
1261 .expected_num_results = 0,
1262 .comment = "NULL DELTA"
1263 },
1264 {
1265 .rid = 0,
1266 .flags = 0,
1267 .db_index = SAM_DATABASE_PRIVS,
1268 .delta_type = NETR_DELTA_MODIFY_COUNT,
1269 .sid = null_sid,
1270 .name = NULL,
1271 .expected_error = NT_STATUS_SYNCHRONIZATION_REQUIRED,
1272 .expected_num_results = 0,
1273 .comment = "NETR_DELTA_MODIFY_COUNT"
1274 },
1275 {
1276 .rid = 0,
1277 .flags = 0,
1278 .db_index = SAM_DATABASE_PRIVS,
1279 .delta_type = NETR_DELTA_POLICY,
1280 .sid = null_sid,
1281 .name = NULL,
1282 .expected_error = NT_STATUS_OK,
1283 .expected_num_results = 1,
1284 .expected_delta_type_1 = NETR_DELTA_POLICY,
1285 .comment = "NETR_DELTA_POLICY"
1286 },
1287 {
1288 .rid = 0,
1289 .flags = NETR_CHANGELOG_SID_INCLUDED,
1290 .db_index = SAM_DATABASE_PRIVS,
1291 .delta_type = NETR_DELTA_POLICY,
1292 .sid = null_sid,
1293 .name = NULL,
1294 .expected_error = NT_STATUS_OK,
1295 .expected_num_results = 1,
1296 .expected_delta_type_1 = NETR_DELTA_POLICY,
1297 .comment = "NETR_DELTA_POLICY by null sid and flags"
1298 },
1299 {
1300 .rid = 0,
1301 .flags = NETR_CHANGELOG_SID_INCLUDED,
1302 .db_index = SAM_DATABASE_PRIVS,
1303 .delta_type = NETR_DELTA_POLICY,
1304 .sid = *dom_sid_parse_talloc(tctx, "S-1-5-32"),
1305 .name = NULL,
1306 .expected_error = NT_STATUS_OK,
1307 .expected_num_results = 1,
1308 .expected_delta_type_1 = NETR_DELTA_POLICY,
1309 .comment = "NETR_DELTA_POLICY by sid S-1-5-32 and flags"
1310 },
1311 {
1312 .rid = DOMAIN_RID_ADMINISTRATOR,
1313 .flags = 0,
1314 .db_index = SAM_DATABASE_PRIVS,
1315 .delta_type = NETR_DELTA_ACCOUNT,
1316 .sid = null_sid,
1317 .name = NULL,
1318 .expected_error = NT_STATUS_SYNCHRONIZATION_REQUIRED, /* strange */
1319 .expected_num_results = 0,
1320 .comment = "NETR_DELTA_ACCOUNT by rid 500"
1321 },
1322 {
1323 .rid = 0,
1324 .flags = NETR_CHANGELOG_SID_INCLUDED,
1325 .db_index = SAM_DATABASE_PRIVS,
1326 .delta_type = NETR_DELTA_ACCOUNT,
1327 .sid = *dom_sid_parse_talloc(tctx, "S-1-1-0"),
1328 .name = NULL,
1329 .expected_error = NT_STATUS_OK,
1330 .expected_num_results = 1,
1331 .expected_delta_type_1 = NETR_DELTA_ACCOUNT,
1332 .comment = "NETR_DELTA_ACCOUNT by sid S-1-1-0 and flags"
1333 },
1334 {
1335 .rid = 0,
1336 .flags = NETR_CHANGELOG_SID_INCLUDED |
1337 NETR_CHANGELOG_IMMEDIATE_REPL_REQUIRED,
1338 .db_index = SAM_DATABASE_PRIVS,
1339 .delta_type = NETR_DELTA_ACCOUNT,
1340 .sid = *dom_sid_parse_talloc(tctx, "S-1-1-0"),
1341 .name = NULL,
1342 .expected_error = NT_STATUS_OK,
1343 .expected_num_results = 1,
1344 .expected_delta_type_1 = NETR_DELTA_ACCOUNT,
1345 .comment = "NETR_DELTA_ACCOUNT by sid S-1-1-0 and 2 flags"
1346 },
1347 {
1348 .rid = 0,
1349 .flags = NETR_CHANGELOG_SID_INCLUDED |
1350 NETR_CHANGELOG_NAME_INCLUDED,
1351 .db_index = SAM_DATABASE_PRIVS,
1352 .delta_type = NETR_DELTA_ACCOUNT,
1353 .sid = *dom_sid_parse_talloc(tctx, "S-1-1-0"),
1354 .name = NULL,
1355 .expected_error = NT_STATUS_INVALID_PARAMETER,
1356 .expected_num_results = 0,
1357 .comment = "NETR_DELTA_ACCOUNT by sid S-1-1-0 and invalid flags"
1358 },
1359 {
1360 .rid = DOMAIN_RID_ADMINISTRATOR,
1361 .flags = NETR_CHANGELOG_SID_INCLUDED,
1362 .db_index = SAM_DATABASE_PRIVS,
1363 .delta_type = NETR_DELTA_ACCOUNT,
1364 .sid = *sid,
1365 .name = NULL,
1366 .expected_error = NT_STATUS_OK,
1367 .expected_num_results = 1,
1368 .expected_delta_type_1 = NETR_DELTA_DELETE_ACCOUNT,
1369 .comment = "NETR_DELTA_ACCOUNT by rid 500, sid and flags"
1370 },
1371 {
1372 .rid = 0,
1373 .flags = NETR_CHANGELOG_NAME_INCLUDED,
1374 .db_index = SAM_DATABASE_PRIVS,
1375 .delta_type = NETR_DELTA_SECRET,
1376 .sid = null_sid,
1377 .name = "IsurelydontexistIhope",
1378 .expected_error = NT_STATUS_OK,
1379 .expected_num_results = 1,
1380 .expected_delta_type_1 = NETR_DELTA_DELETE_SECRET,
1381 .comment = "NETR_DELTA_SECRET by name 'IsurelydontexistIhope' and flags"
1382 },
1383 {
1384 .rid = 0,
1385 .flags = NETR_CHANGELOG_NAME_INCLUDED,
1386 .db_index = SAM_DATABASE_PRIVS,
1387 .delta_type = NETR_DELTA_SECRET,
1388 .sid = null_sid,
1389 .name = "G$BCKUPKEY_P",
1390 .expected_error = NT_STATUS_OK,
1391 .expected_num_results = 1,
1392 .expected_delta_type_1 = NETR_DELTA_SECRET,
1393 .comment = "NETR_DELTA_SECRET by name 'G$BCKUPKEY_P' and flags"
1394 }
1395 };
1396
1397 ZERO_STRUCT(return_authenticator);
1398
1399 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1400 r.in.computername = TEST_MACHINE_NAME;
1401 r.in.return_authenticator = &return_authenticator;
1402 r.out.return_authenticator = &return_authenticator;
1403 r.out.delta_enum_array = &delta_enum_array;
1404
1405 for (d=0; d<3; d++) {
1406 const char *database = NULL;
1407
1408 switch (d) {
1409 case 0:
1410 database = "SAM";
1411 break;
1412 case 1:
1413 database = "BUILTIN";
1414 break;
1415 case 2:
1416 database = "LSA";
1417 break;
1418 default:
1419 break;
1420 }
1421
1422 torture_comment(tctx, "Testing DatabaseRedo\n");
1423
1424 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
1425 return false;
1426 }
1427
1428 for (i=0;i<ARRAY_SIZE(changes);i++) {
1429
1430 if (d != changes[i].db_index) {
1431 continue;
1432 }
1433
1434 netlogon_creds_client_authenticator(creds, &credential);
1435
1436 r.in.credential = &credential;
1437
1438 e.serial_number1 = 0;
1439 e.serial_number2 = 0;
1440 e.object_rid = changes[i].rid;
1441 e.flags = changes[i].flags;
1442 e.db_index = changes[i].db_index;
1443 e.delta_type = changes[i].delta_type;
1444
1445 switch (changes[i].flags & (NETR_CHANGELOG_NAME_INCLUDED | NETR_CHANGELOG_SID_INCLUDED)) {
1446 case NETR_CHANGELOG_SID_INCLUDED:
1447 e.object.object_sid = changes[i].sid;
1448 break;
1449 case NETR_CHANGELOG_NAME_INCLUDED:
1450 e.object.object_name = changes[i].name;
1451 break;
1452 default:
1453 break;
1454 }
1455
1456 r.in.change_log_entry = e;
1457
1458 torture_comment(tctx, "Testing DatabaseRedo with database %s and %s\n",
1459 database, changes[i].comment);
1460
1461 torture_assert_ntstatus_ok(tctx, dcerpc_netr_DatabaseRedo_r(b, tctx, &r),
1462 "DatabaseRedo failed");
1463 if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_NOT_SUPPORTED)) {
1464 return true;
1465 }
1466
1467 torture_assert_ntstatus_equal(tctx, r.out.result, changes[i].expected_error, changes[i].comment);
1468 if (delta_enum_array) {
1469 torture_assert_int_equal(tctx,
1470 delta_enum_array->num_deltas,
1471 changes[i].expected_num_results,
1472 changes[i].comment);
1473 if (delta_enum_array->num_deltas > 0) {
1474 torture_assert_int_equal(tctx,
1475 delta_enum_array->delta_enum[0].delta_type,
1476 changes[i].expected_delta_type_1,
1477 changes[i].comment);
1478 }
1479 if (delta_enum_array->num_deltas > 1) {
1480 torture_assert_int_equal(tctx,
1481 delta_enum_array->delta_enum[1].delta_type,
1482 changes[i].expected_delta_type_2,
1483 changes[i].comment);
1484 }
1485 }
1486
1487 if (!netlogon_creds_client_check(creds, &return_authenticator.cred)) {
1488 torture_comment(tctx, "Credential chaining failed\n");
1489 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
1490 return false;
1491 }
1492 }
1493 }
1494 }
1495 }
1496
1497 return true;
1498 }
1499
1500 /*
1501 try a netlogon AccountDeltas
1502 */
1503 static bool test_AccountDeltas(struct torture_context *tctx,
1504 struct dcerpc_pipe *p,
1505 struct cli_credentials *machine_credentials)
1506 {
1507 struct netr_AccountDeltas r;
1508 struct netlogon_creds_CredentialState *creds;
1509
1510 struct netr_AccountBuffer buffer;
1511 uint32_t count_returned = 0;
1512 uint32_t total_entries = 0;
1513 struct netr_UAS_INFO_0 recordid;
1514 struct netr_Authenticator return_authenticator;
1515 struct dcerpc_binding_handle *b = p->binding_handle;
1516
1517 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
1518 return false;
1519 }
1520
1521 ZERO_STRUCT(return_authenticator);
1522
1523 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1524 r.in.computername = TEST_MACHINE_NAME;
1525 r.in.return_authenticator = &return_authenticator;
1526 netlogon_creds_client_authenticator(creds, &r.in.credential);
1527 ZERO_STRUCT(r.in.uas);
1528 r.in.count=10;
1529 r.in.level=0;
1530 r.in.buffersize=100;
1531 r.out.buffer = &buffer;
1532 r.out.count_returned = &count_returned;
1533 r.out.total_entries = &total_entries;
1534 r.out.recordid = &recordid;
1535 r.out.return_authenticator = &return_authenticator;
1536
1537 /* w2k3 returns "NOT IMPLEMENTED" for this call */
1538 torture_assert_ntstatus_ok(tctx, dcerpc_netr_AccountDeltas_r(b, tctx, &r),
1539 "AccountDeltas failed");
1540 torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_NOT_IMPLEMENTED, "AccountDeltas");
1541
1542 return true;
1543 }
1544
1545 /*
1546 try a netlogon AccountSync
1547 */
1548 static bool test_AccountSync(struct torture_context *tctx, struct dcerpc_pipe *p,
1549 struct cli_credentials *machine_credentials)
1550 {
1551 struct netr_AccountSync r;
1552 struct netlogon_creds_CredentialState *creds;
1553
1554 struct netr_AccountBuffer buffer;
1555 uint32_t count_returned = 0;
1556 uint32_t total_entries = 0;
1557 uint32_t next_reference = 0;
1558 struct netr_UAS_INFO_0 recordid;
1559 struct netr_Authenticator return_authenticator;
1560 struct dcerpc_binding_handle *b = p->binding_handle;
1561
1562 ZERO_STRUCT(recordid);
1563 ZERO_STRUCT(return_authenticator);
1564
1565 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
1566 return false;
1567 }
1568
1569 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1570 r.in.computername = TEST_MACHINE_NAME;
1571 r.in.return_authenticator = &return_authenticator;
1572 netlogon_creds_client_authenticator(creds, &r.in.credential);
1573 r.in.recordid = &recordid;
1574 r.in.reference=0;
1575 r.in.level=0;
1576 r.in.buffersize=100;
1577 r.out.buffer = &buffer;
1578 r.out.count_returned = &count_returned;
1579 r.out.total_entries = &total_entries;
1580 r.out.next_reference = &next_reference;
1581 r.out.recordid = &recordid;
1582 r.out.return_authenticator = &return_authenticator;
1583
1584 /* w2k3 returns "NOT IMPLEMENTED" for this call */
1585 torture_assert_ntstatus_ok(tctx, dcerpc_netr_AccountSync_r(b, tctx, &r),
1586 "AccountSync failed");
1587 torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_NOT_IMPLEMENTED, "AccountSync");
1588
1589 return true;
1590 }
1591
1592 /*
1593 try a netlogon GetDcName
1594 */
1595 static bool test_GetDcName(struct torture_context *tctx,
1596 struct dcerpc_pipe *p)
1597 {
1598 struct netr_GetDcName r;
1599 const char *dcname = NULL;
1600 struct dcerpc_binding_handle *b = p->binding_handle;
1601
1602 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1603 r.in.domainname = lp_workgroup(tctx->lp_ctx);
1604 r.out.dcname = &dcname;
1605
1606 torture_assert_ntstatus_ok(tctx, dcerpc_netr_GetDcName_r(b, tctx, &r),
1607 "GetDcName failed");
1608 torture_assert_werr_ok(tctx, r.out.result, "GetDcName failed");
1609
1610 torture_comment(tctx, "\tDC is at '%s'\n", dcname);
1611
1612 return true;
1613 }
1614
1615 static const char *function_code_str(TALLOC_CTX *mem_ctx,
1616 enum netr_LogonControlCode function_code)
1617 {
1618 switch (function_code) {
1619 case NETLOGON_CONTROL_QUERY:
1620 return "NETLOGON_CONTROL_QUERY";
1621 case NETLOGON_CONTROL_REPLICATE:
1622 return "NETLOGON_CONTROL_REPLICATE";
1623 case NETLOGON_CONTROL_SYNCHRONIZE:
1624 return "NETLOGON_CONTROL_SYNCHRONIZE";
1625 case NETLOGON_CONTROL_PDC_REPLICATE:
1626 return "NETLOGON_CONTROL_PDC_REPLICATE";
1627 case NETLOGON_CONTROL_REDISCOVER:
1628 return "NETLOGON_CONTROL_REDISCOVER";
1629 case NETLOGON_CONTROL_TC_QUERY:
1630 return "NETLOGON_CONTROL_TC_QUERY";
1631 case NETLOGON_CONTROL_TRANSPORT_NOTIFY:
1632 return "NETLOGON_CONTROL_TRANSPORT_NOTIFY";
1633 case NETLOGON_CONTROL_FIND_USER:
1634 return "NETLOGON_CONTROL_FIND_USER";
1635 case NETLOGON_CONTROL_CHANGE_PASSWORD:
1636 return "NETLOGON_CONTROL_CHANGE_PASSWORD";
1637 case NETLOGON_CONTROL_TC_VERIFY:
1638 return "NETLOGON_CONTROL_TC_VERIFY";
1639 case NETLOGON_CONTROL_FORCE_DNS_REG:
1640 return "NETLOGON_CONTROL_FORCE_DNS_REG";
1641 case NETLOGON_CONTROL_QUERY_DNS_REG:
1642 return "NETLOGON_CONTROL_QUERY_DNS_REG";
1643 case NETLOGON_CONTROL_BACKUP_CHANGE_LOG:
1644 return "NETLOGON_CONTROL_BACKUP_CHANGE_LOG";
1645 case NETLOGON_CONTROL_TRUNCATE_LOG:
1646 return "NETLOGON_CONTROL_TRUNCATE_LOG";
1647 case NETLOGON_CONTROL_SET_DBFLAG:
1648 return "NETLOGON_CONTROL_SET_DBFLAG";
1649 case NETLOGON_CONTROL_BREAKPOINT:
1650 return "NETLOGON_CONTROL_BREAKPOINT";
1651 default:
1652 return talloc_asprintf(mem_ctx, "unknown function code: %d",
1653 function_code);
1654 }
1655 }
1656
1657
1658 /*
1659 try a netlogon LogonControl
1660 */
1661 static bool test_LogonControl(struct torture_context *tctx,
1662 struct dcerpc_pipe *p,
1663 struct cli_credentials *machine_credentials)
1664
1665 {
1666 NTSTATUS status;
1667 struct netr_LogonControl r;
1668 union netr_CONTROL_QUERY_INFORMATION query;
1669 int i,f;
1670 enum netr_SchannelType secure_channel_type = SEC_CHAN_NULL;
1671 struct dcerpc_binding_handle *b = p->binding_handle;
1672
1673 uint32_t function_codes[] = {
1674 NETLOGON_CONTROL_QUERY,
1675 NETLOGON_CONTROL_REPLICATE,
1676 NETLOGON_CONTROL_SYNCHRONIZE,
1677 NETLOGON_CONTROL_PDC_REPLICATE,
1678 NETLOGON_CONTROL_REDISCOVER,
1679 NETLOGON_CONTROL_TC_QUERY,
1680 NETLOGON_CONTROL_TRANSPORT_NOTIFY,
1681 NETLOGON_CONTROL_FIND_USER,
1682 NETLOGON_CONTROL_CHANGE_PASSWORD,
1683 NETLOGON_CONTROL_TC_VERIFY,
1684 NETLOGON_CONTROL_FORCE_DNS_REG,
1685 NETLOGON_CONTROL_QUERY_DNS_REG,
1686 NETLOGON_CONTROL_BACKUP_CHANGE_LOG,
1687 NETLOGON_CONTROL_TRUNCATE_LOG,
1688 NETLOGON_CONTROL_SET_DBFLAG,
1689 NETLOGON_CONTROL_BREAKPOINT
1690 };
1691
1692 if (machine_credentials) {
1693 secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
1694 }
1695
1696 torture_comment(tctx, "Testing LogonControl with secure channel type: %d\n",
1697 secure_channel_type);
1698
1699 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1700 r.in.function_code = 1;
1701 r.out.query = &query;
1702
1703 for (f=0;f<ARRAY_SIZE(function_codes); f++) {
1704 for (i=1;i<5;i++) {
1705
1706 r.in.function_code = function_codes[f];
1707 r.in.level = i;
1708
1709 torture_comment(tctx, "Testing LogonControl function code %s (%d) level %d\n",
1710 function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
1711
1712 status = dcerpc_netr_LogonControl_r(b, tctx, &r);
1713 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
1714
1715 switch (r.in.level) {
1716 case 1:
1717 switch (r.in.function_code) {
1718 case NETLOGON_CONTROL_REPLICATE:
1719 case NETLOGON_CONTROL_SYNCHRONIZE:
1720 case NETLOGON_CONTROL_PDC_REPLICATE:
1721 case NETLOGON_CONTROL_BREAKPOINT:
1722 case NETLOGON_CONTROL_BACKUP_CHANGE_LOG:
1723 if ((secure_channel_type == SEC_CHAN_BDC) ||
1724 (secure_channel_type == SEC_CHAN_WKSTA)) {
1725 torture_assert_werr_equal(tctx, r.out.result, WERR_ACCESS_DENIED,
1726 "LogonControl returned unexpected error code");
1727 } else {
1728 torture_assert_werr_equal(tctx, r.out.result, WERR_NOT_SUPPORTED,
1729 "LogonControl returned unexpected error code");
1730 }
1731 break;
1732
1733 case NETLOGON_CONTROL_REDISCOVER:
1734 case NETLOGON_CONTROL_TC_QUERY:
1735 case NETLOGON_CONTROL_TRANSPORT_NOTIFY:
1736 case NETLOGON_CONTROL_FIND_USER:
1737 case NETLOGON_CONTROL_CHANGE_PASSWORD:
1738 case NETLOGON_CONTROL_TC_VERIFY:
1739 case NETLOGON_CONTROL_FORCE_DNS_REG:
1740 case NETLOGON_CONTROL_QUERY_DNS_REG:
1741 case NETLOGON_CONTROL_SET_DBFLAG:
1742 torture_assert_werr_equal(tctx, r.out.result, WERR_NOT_SUPPORTED,
1743 "LogonControl returned unexpected error code");
1744 break;
1745 case NETLOGON_CONTROL_TRUNCATE_LOG:
1746 if ((secure_channel_type == SEC_CHAN_BDC) ||
1747 (secure_channel_type == SEC_CHAN_WKSTA)) {
1748 torture_assert_werr_equal(tctx, r.out.result, WERR_ACCESS_DENIED,
1749 "LogonControl returned unexpected error code");
1750 } else {
1751 torture_assert_werr_ok(tctx, r.out.result,
1752 "LogonControl returned unexpected result");
1753 }
1754 break;
1755 default:
1756 torture_assert_werr_ok(tctx, r.out.result,
1757 "LogonControl returned unexpected result");
1758 break;
1759 }
1760 break;
1761 case 2:
1762 torture_assert_werr_equal(tctx, r.out.result, WERR_NOT_SUPPORTED,
1763 "LogonControl returned unexpected error code");
1764 break;
1765 default:
1766 torture_assert_werr_equal(tctx, r.out.result, WERR_UNKNOWN_LEVEL,
1767 "LogonControl returned unexpected error code");
1768 break;
1769 }
1770 }
1771 }
1772
1773 return true;
1774 }
1775
1776
1777 /*
1778 try a netlogon GetAnyDCName
1779 */
1780 static bool test_GetAnyDCName(struct torture_context *tctx,
1781 struct dcerpc_pipe *p)
1782 {
1783 NTSTATUS status;
1784 struct netr_GetAnyDCName r;
1785 const char *dcname = NULL;
1786 struct dcerpc_binding_handle *b = p->binding_handle;
1787
1788 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1789 r.in.domainname = lp_workgroup(tctx->lp_ctx);
1790 r.out.dcname = &dcname;
1791
1792 status = dcerpc_netr_GetAnyDCName_r(b, tctx, &r);
1793 torture_assert_ntstatus_ok(tctx, status, "GetAnyDCName");
1794 torture_assert_werr_ok(tctx, r.out.result, "GetAnyDCName");
1795
1796 if (dcname) {
1797 torture_comment(tctx, "\tDC is at '%s'\n", dcname);
1798 }
1799
1800 return true;
1801 }
1802
1803
1804 /*
1805 try a netlogon LogonControl2
1806 */
1807 static bool test_LogonControl2(struct torture_context *tctx,
1808 struct dcerpc_pipe *p,
1809 struct cli_credentials *machine_credentials)
1810
1811 {
1812 NTSTATUS status;
1813 struct netr_LogonControl2 r;
1814 union netr_CONTROL_DATA_INFORMATION data;
1815 union netr_CONTROL_QUERY_INFORMATION query;
1816 int i;
1817 struct dcerpc_binding_handle *b = p->binding_handle;
1818
1819 data.domain = lp_workgroup(tctx->lp_ctx);
1820
1821 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1822
1823 r.in.function_code = NETLOGON_CONTROL_REDISCOVER;
1824 r.in.data = &data;
1825 r.out.query = &query;
1826
1827 for (i=1;i<4;i++) {
1828 r.in.level = i;
1829
1830 torture_comment(tctx, "Testing LogonControl2 level %d function %d\n",
1831 i, r.in.function_code);
1832
1833 status = dcerpc_netr_LogonControl2_r(b, tctx, &r);
1834 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
1835 }
1836
1837 data.domain = lp_workgroup(tctx->lp_ctx);
1838
1839 r.in.function_code = NETLOGON_CONTROL_TC_QUERY;
1840 r.in.data = &data;
1841
1842 for (i=1;i<4;i++) {
1843 r.in.level = i;
1844
1845 torture_comment(tctx, "Testing LogonControl2 level %d function %d\n",
1846 i, r.in.function_code);
1847
1848 status = dcerpc_netr_LogonControl2_r(b, tctx, &r);
1849 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
1850 }
1851
1852 data.domain = lp_workgroup(tctx->lp_ctx);
1853
1854 r.in.function_code = NETLOGON_CONTROL_TRANSPORT_NOTIFY;
1855 r.in.data = &data;
1856
1857 for (i=1;i<4;i++) {
1858 r.in.level = i;
1859
1860 torture_comment(tctx, "Testing LogonControl2 level %d function %d\n",
1861 i, r.in.function_code);
1862
1863 status = dcerpc_netr_LogonControl2_r(b, tctx, &r);
1864 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
1865 }
1866
1867 data.debug_level = ~0;
1868
1869 r.in.function_code = NETLOGON_CONTROL_SET_DBFLAG;
1870 r.in.data = &data;
1871
1872 for (i=1;i<4;i++) {
1873 r.in.level = i;
1874
1875 torture_comment(tctx, "Testing LogonControl2 level %d function %d\n",
1876 i, r.in.function_code);
1877
1878 status = dcerpc_netr_LogonControl2_r(b, tctx, &r);
1879 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
1880 }
1881
1882 return true;
1883 }
1884
1885 /*
1886 try a netlogon DatabaseSync2
1887 */
1888 static bool test_DatabaseSync2(struct torture_context *tctx,
1889 struct dcerpc_pipe *p,
1890 struct cli_credentials *machine_credentials)
1891 {
1892 struct netr_DatabaseSync2 r;
1893 struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
1894 struct netr_Authenticator return_authenticator, credential;
1895
1896 struct netlogon_creds_CredentialState *creds;
1897 const uint32_t database_ids[] = {0, 1, 2};
1898 int i;
1899 struct dcerpc_binding_handle *b = p->binding_handle;
1900
1901 if (!test_SetupCredentials2(p, tctx, NETLOGON_NEG_AUTH2_FLAGS,
1902 machine_credentials,
1903 cli_credentials_get_secure_channel_type(machine_credentials),
1904 &creds)) {
1905 return false;
1906 }
1907
1908 ZERO_STRUCT(return_authenticator);
1909
1910 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1911 r.in.computername = TEST_MACHINE_NAME;
1912 r.in.preferredmaximumlength = (uint32_t)-1;
1913 r.in.return_authenticator = &return_authenticator;
1914 r.out.return_authenticator = &return_authenticator;
1915 r.out.delta_enum_array = &delta_enum_array;
1916
1917 for (i=0;i<ARRAY_SIZE(database_ids);i++) {
1918
1919 uint32_t sync_context = 0;
1920
1921 r.in.database_id = database_ids[i];
1922 r.in.sync_context = &sync_context;
1923 r.out.sync_context = &sync_context;
1924 r.in.restart_state = 0;
1925
1926 torture_comment(tctx, "Testing DatabaseSync2 of id %d\n", r.in.database_id);
1927
1928 do {
1929 netlogon_creds_client_authenticator(creds, &credential);
1930
1931 r.in.credential = &credential;
1932
1933 torture_assert_ntstatus_ok(tctx, dcerpc_netr_DatabaseSync2_r(b, tctx, &r),
1934 "DatabaseSync2 failed");
1935 if (NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES))
1936 break;
1937
1938 /* Native mode servers don't do this */
1939 if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_NOT_SUPPORTED)) {
1940 return true;
1941 }
1942
1943 torture_assert_ntstatus_ok(tctx, r.out.result, "DatabaseSync2");
1944
1945 if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) {
1946 torture_comment(tctx, "Credential chaining failed\n");
1947 }
1948
1949 } while (NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES));
1950 }
1951
1952 return true;
1953 }
1954
1955
1956 /*
1957 try a netlogon LogonControl2Ex
1958 */
1959 static bool test_LogonControl2Ex(struct torture_context *tctx,
1960 struct dcerpc_pipe *p,
1961 struct cli_credentials *machine_credentials)
1962
1963 {
1964 NTSTATUS status;
1965 struct netr_LogonControl2Ex r;
1966 union netr_CONTROL_DATA_INFORMATION data;
1967 union netr_CONTROL_QUERY_INFORMATION query;
1968 int i;
1969 struct dcerpc_binding_handle *b = p->binding_handle;
1970
1971 data.domain = lp_workgroup(tctx->lp_ctx);
1972
1973 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1974
1975 r.in.function_code = NETLOGON_CONTROL_REDISCOVER;
1976 r.in.data = &data;
1977 r.out.query = &query;
1978
1979 for (i=1;i<4;i++) {
1980 r.in.level = i;
1981
1982 torture_comment(tctx, "Testing LogonControl2Ex level %d function %d\n",
1983 i, r.in.function_code);
1984
1985 status = dcerpc_netr_LogonControl2Ex_r(b, tctx, &r);
1986 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
1987 }
1988
1989 data.domain = lp_workgroup(tctx->lp_ctx);
1990
1991 r.in.function_code = NETLOGON_CONTROL_TC_QUERY;
1992 r.in.data = &data;
1993
1994 for (i=1;i<4;i++) {
1995 r.in.level = i;
1996
1997 torture_comment(tctx, "Testing LogonControl2Ex level %d function %d\n",
1998 i, r.in.function_code);
1999
2000 status = dcerpc_netr_LogonControl2Ex_r(b, tctx, &r);
2001 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
2002 }
2003
2004 data.domain = lp_workgroup(tctx->lp_ctx);
2005
2006 r.in.function_code = NETLOGON_CONTROL_TRANSPORT_NOTIFY;
2007 r.in.data = &data;
2008
2009 for (i=1;i<4;i++) {
2010 r.in.level = i;
2011
2012 torture_comment(tctx, "Testing LogonControl2Ex level %d function %d\n",
2013 i, r.in.function_code);
2014
2015 status = dcerpc_netr_LogonControl2Ex_r(b, tctx, &r);
2016 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
2017 }
2018
2019 data.debug_level = ~0;
2020
2021 r.in.function_code = NETLOGON_CONTROL_SET_DBFLAG;
2022 r.in.data = &data;
2023
2024 for (i=1;i<4;i++) {
2025 r.in.level = i;
2026
2027 torture_comment(tctx, "Testing LogonControl2Ex level %d function %d\n",
2028 i, r.in.function_code);
2029
2030 status = dcerpc_netr_LogonControl2Ex_r(b, tctx, &r);
2031 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
2032 }
2033
2034 return true;
2035 }
2036
2037 static bool test_netr_DsRGetForestTrustInformation(struct torture_context *tctx,
2038 struct dcerpc_pipe *p, const char *trusted_domain_name)
2039 {
2040 NTSTATUS status;
2041 struct netr_DsRGetForestTrustInformation r;
2042 struct lsa_ForestTrustInformation info, *info_ptr;
2043 struct dcerpc_binding_handle *b = p->binding_handle;
2044
2045 info_ptr = &info;
2046
2047 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
2048 r.in.trusted_domain_name = trusted_domain_name;
2049 r.in.flags = 0;
2050 r.out.forest_trust_info = &info_ptr;
2051
2052 torture_comment(tctx ,"Testing netr_DsRGetForestTrustInformation\n");
2053
2054 status = dcerpc_netr_DsRGetForestTrustInformation_r(b, tctx, &r);
2055 torture_assert_ntstatus_ok(tctx, status, "DsRGetForestTrustInformation");
2056 torture_assert_werr_ok(tctx, r.out.result, "DsRGetForestTrustInformation");
2057
2058 return true;
2059 }
2060
2061 /*
2062 try a netlogon netr_DsrEnumerateDomainTrusts
2063 */
2064 static bool test_DsrEnumerateDomainTrusts(struct torture_context *tctx,
2065 struct dcerpc_pipe *p)
2066 {
2067 NTSTATUS status;
2068 struct netr_DsrEnumerateDomainTrusts r;
2069 struct netr_DomainTrustList trusts;
2070 int i;
2071 struct dcerpc_binding_handle *b = p->binding_handle;
2072
2073 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
2074 r.in.trust_flags = 0x3f;
2075 r.out.trusts = &trusts;
2076
2077 status = dcerpc_netr_DsrEnumerateDomainTrusts_r(b, tctx, &r);
2078 torture_assert_ntstatus_ok(tctx, status, "DsrEnumerateDomaintrusts");
2079 torture_assert_werr_ok(tctx, r.out.result, "DsrEnumerateDomaintrusts");
2080
2081 /* when trusted_domain_name is NULL, netr_DsRGetForestTrustInformation
2082 * will show non-forest trusts and all UPN suffixes of the own forest
2083 * as LSA_FOREST_TRUST_TOP_LEVEL_NAME types */
2084
2085 if (r.out.trusts->count) {
2086 if (!test_netr_DsRGetForestTrustInformation(tctx, p, NULL)) {
2087 return false;
2088 }
2089 }
2090
2091 for (i=0; i<r.out.trusts->count; i++) {
2092
2093 /* get info for transitive forest trusts */
2094
2095 if (r.out.trusts->array[i].trust_attributes & NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE) {
2096 if (!test_netr_DsRGetForestTrustInformation(tctx, p,
2097 r.out.trusts->array[i].dns_name)) {
2098 return false;
2099 }
2100 }
2101 }
2102
2103 return true;
2104 }
2105
2106 static bool test_netr_NetrEnumerateTrustedDomains(struct torture_context *tctx,
2107 struct dcerpc_pipe *p)
2108 {
2109 NTSTATUS status;
2110 struct netr_NetrEnumerateTrustedDomains r;
2111 struct netr_Blob trusted_domains_blob;
2112 struct dcerpc_binding_handle *b = p->binding_handle;
2113
2114 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
2115 r.out.trusted_domains_blob = &trusted_domains_blob;
2116
2117 status = dcerpc_netr_NetrEnumerateTrustedDomains_r(b, tctx, &r);
2118 torture_assert_ntstatus_ok(tctx, status, "netr_NetrEnumerateTrustedDomains");
2119 torture_assert_werr_ok(tctx, r.out.result, "NetrEnumerateTrustedDomains");
2120
2121 return true;
2122 }
2123
2124 static bool test_netr_NetrEnumerateTrustedDomainsEx(struct torture_context *tctx,
2125 struct dcerpc_pipe *p)
2126 {
2127 NTSTATUS status;
2128 struct netr_NetrEnumerateTrustedDomainsEx r;
2129 struct netr_DomainTrustList dom_trust_list;
2130 struct dcerpc_binding_handle *b = p->binding_handle;
2131
2132 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
2133 r.out.dom_trust_list = &dom_trust_list;
2134
2135 status = dcerpc_netr_NetrEnumerateTrustedDomainsEx_r(b, tctx, &r);
2136 torture_assert_ntstatus_ok(tctx, status, "netr_NetrEnumerateTrustedDomainsEx");
2137 torture_assert_werr_ok(tctx, r.out.result, "NetrEnumerateTrustedDomainsEx");
2138
2139 return true;
2140 }
2141
2142
2143 static bool test_netr_DsRGetSiteName(struct dcerpc_pipe *p, struct torture_context *tctx,
2144 const char *computer_name,
2145 const char *expected_site)
2146 {
2147 NTSTATUS status;
2148 struct netr_DsRGetSiteName r;
2149 const char *site = NULL;
2150 struct dcerpc_binding_handle *b = p->binding_handle;
2151
2152 if (torture_setting_bool(tctx, "samba4", false))
2153 torture_skip(tctx, "skipping DsRGetSiteName test against Samba4");
2154
2155 r.in.computer_name = computer_name;
2156 r.out.site = &site;
2157 torture_comment(tctx, "Testing netr_DsRGetSiteName\n");
2158
2159 status = dcerpc_netr_DsRGetSiteName_r(b, tctx, &r);
2160 torture_assert_ntstatus_ok(tctx, status, "DsRGetSiteName");
2161 torture_assert_werr_ok(tctx, r.out.result, "DsRGetSiteName");
2162 torture_assert_str_equal(tctx, expected_site, site, "netr_DsRGetSiteName");
2163
2164 r.in.computer_name = talloc_asprintf(tctx, "\\\\%s", computer_name);
2165 torture_comment(tctx,
2166 "Testing netr_DsRGetSiteName with broken computer name: %s\n", r.in.computer_name);
2167
2168 status = dcerpc_netr_DsRGetSiteName_r(b, tctx, &r);
2169 torture_assert_ntstatus_ok(tctx, status, "DsRGetSiteName");
2170 torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_COMPUTERNAME, "netr_DsRGetSiteName");
2171
2172 return true;
2173 }
2174
2175 /*
2176 try a netlogon netr_DsRGetDCName
2177 */
2178 static bool test_netr_DsRGetDCName(struct torture_context *tctx,
2179 struct dcerpc_pipe *p)
2180 {
2181 NTSTATUS status;
2182 struct netr_DsRGetDCName r;
2183 struct netr_DsRGetDCNameInfo *info = NULL;
2184 struct dcerpc_binding_handle *b = p->binding_handle;
2185
2186 r.in.server_unc = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
2187 r.in.domain_name = lp_dnsdomain(tctx->lp_ctx);
2188 r.in.domain_guid = NULL;
2189 r.in.site_guid = NULL;
2190 r.in.flags = DS_RETURN_DNS_NAME;
2191 r.out.info = &info;
2192
2193 status = dcerpc_netr_DsRGetDCName_r(b, tctx, &r);
2194 torture_assert_ntstatus_ok(tctx, status, "DsRGetDCName");
2195 torture_assert_werr_ok(tctx, r.out.result, "DsRGetDCName");
2196 return test_netr_DsRGetSiteName(p, tctx,
2197 info->dc_unc,
2198 info->dc_site_name);
2199 }
2200
2201 /*
2202 try a netlogon netr_DsRGetDCNameEx
2203 */
2204 static bool test_netr_DsRGetDCNameEx(struct torture_context *tctx,
2205 struct dcerpc_pipe *p)
2206 {
2207 NTSTATUS status;
2208 struct netr_DsRGetDCNameEx r;
2209 struct netr_DsRGetDCNameInfo *info = NULL;
2210 struct dcerpc_binding_handle *b = p->binding_handle;
2211
2212 r.in.server_unc = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
2213 r.in.domain_name = lp_dnsdomain(tctx->lp_ctx);
2214 r.in.domain_guid = NULL;
2215 r.in.site_name = NULL;
2216 r.in.flags = DS_RETURN_DNS_NAME;
2217 r.out.info = &info;
2218
2219 status = dcerpc_netr_DsRGetDCNameEx_r(b, tctx, &r);
2220 torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx");
2221 torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx");
2222
2223 return test_netr_DsRGetSiteName(p, tctx, info->dc_unc,
2224 info->dc_site_name);
2225 }
2226
2227 /*
2228 try a netlogon netr_DsRGetDCNameEx2
2229 */
2230 static bool test_netr_DsRGetDCNameEx2(struct torture_context *tctx,
2231 struct dcerpc_pipe *p)
2232 {
2233 NTSTATUS status;
2234 struct netr_DsRGetDCNameEx2 r;
2235 struct netr_DsRGetDCNameInfo *info = NULL;
2236 struct dcerpc_binding_handle *b = p->binding_handle;
2237
2238 r.in.server_unc = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
2239 r.in.client_account = NULL;
2240 r.in.mask = 0x00000000;
2241 r.in.domain_name = lp_dnsdomain(tctx->lp_ctx);
2242 r.in.domain_guid = NULL;
2243 r.in.site_name = NULL;
2244 r.in.flags = DS_RETURN_DNS_NAME;
2245 r.out.info = &info;
2246
2247 torture_comment(tctx, "Testing netr_DsRGetDCNameEx2 without client account\n");
2248
2249 status = dcerpc_netr_DsRGetDCNameEx2_r(b, tctx, &r);
2250 torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx2");
2251 torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx2");
2252
2253 torture_comment(tctx, "Testing netr_DsRGetDCNameEx2 with client acount\n");
2254 r.in.client_account = TEST_MACHINE_NAME"$";
2255 r.in.mask = ACB_SVRTRUST;
2256 r.in.flags = DS_RETURN_FLAT_NAME;
2257 r.out.info = &info;
2258
2259 status = dcerpc_netr_DsRGetDCNameEx2_r(b, tctx, &r);
2260 torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx2");
2261 torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx2");
2262 return test_netr_DsRGetSiteName(p, tctx, info->dc_unc,
2263 info->dc_site_name);
2264 }
2265
2266 static bool test_netr_DsrGetDcSiteCoverageW(struct torture_context *tctx,
2267 struct dcerpc_pipe *p)
2268 {
2269 NTSTATUS status;
2270 struct netr_DsrGetDcSiteCoverageW r;
2271 struct DcSitesCtr *ctr = NULL;
2272 struct dcerpc_binding_handle *b = p->binding_handle;
2273
2274 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
2275 r.out.ctr = &ctr;
2276
2277 status = dcerpc_netr_DsrGetDcSiteCoverageW_r(b, tctx, &r);
2278 torture_assert_ntstatus_ok(tctx, status, "failed");
2279 torture_assert_werr_ok(tctx, r.out.result, "failed");
2280
2281 return true;
2282 }
2283
2284 static bool test_netr_DsRAddressToSitenamesW(struct torture_context *tctx,
2285 struct dcerpc_pipe *p)
2286 {
2287 NTSTATUS status;
2288 struct netr_DsRAddressToSitenamesW r;
2289 struct netr_DsRAddress addr;
2290 struct netr_DsRAddressToSitenamesWCtr *ctr;
2291 struct dcerpc_binding_handle *b = p->binding_handle;
2292
2293 ctr = talloc(tctx, struct netr_DsRAddressToSitenamesWCtr);
2294
2295 addr.size = 16;
2296 addr.buffer = talloc_zero_array(tctx, uint8_t, addr.size);
2297
2298 addr.buffer[0] = 2; /* AF_INET */
2299 addr.buffer[4] = 127;
2300 addr.buffer[5] = 0;
2301 addr.buffer[6] = 0;
2302 addr.buffer[7] = 1;
2303
2304 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
2305 r.in.count = 1;
2306 r.in.addresses = talloc_zero_array(tctx, struct netr_DsRAddress, r.in.count);
2307 r.in.addresses[0] = addr;
2308 r.out.ctr = &ctr;
2309
2310 status = dcerpc_netr_DsRAddressToSitenamesW_r(b, tctx, &r);
2311 torture_assert_ntstatus_ok(tctx, status, "failed");
2312 torture_assert_werr_ok(tctx, r.out.result, "failed");
2313
2314 return true;
2315 }
2316
2317 static bool test_netr_DsRAddressToSitenamesExW(struct torture_context *tctx,
2318 struct dcerpc_pipe *p)
2319 {
2320 NTSTATUS status;
2321 struct netr_DsRAddressToSitenamesExW r;
2322 struct netr_DsRAddress addr;
2323 struct netr_DsRAddressToSitenamesExWCtr *ctr;
2324 struct dcerpc_binding_handle *b = p->binding_handle;
2325
2326 ctr = talloc(tctx, struct netr_DsRAddressToSitenamesExWCtr);
2327
2328 addr.size = 16;
2329 addr.buffer = talloc_zero_array(tctx, uint8_t, addr.size);
2330
2331 addr.buffer[0] = 2; /* AF_INET */
2332 addr.buffer[4] = 127;
2333 addr.buffer[5] = 0;
2334 addr.buffer[6] = 0;
2335 addr.buffer[7] = 1;
2336
2337 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
2338 r.in.count = 1;
2339 r.in.addresses = talloc_zero_array(tctx, struct netr_DsRAddress, r.in.count);
2340 r.in.addresses[0] = addr;
2341 r.out.ctr = &ctr;
2342
2343 status = dcerpc_netr_DsRAddressToSitenamesExW_r(b, tctx, &r);
2344 torture_assert_ntstatus_ok(tctx, status, "failed");
2345 torture_assert_werr_ok(tctx, r.out.result, "failed");
2346
2347 return true;
2348 }
2349
2350 static bool test_netr_ServerGetTrustInfo(struct torture_context *tctx,
2351 struct dcerpc_pipe *p,
2352 struct cli_credentials *machine_credentials)
2353 {
2354 struct netr_ServerGetTrustInfo r;
2355
2356 struct netr_Authenticator a;
2357 struct netr_Authenticator return_authenticator;
2358 struct samr_Password new_owf_password;
2359 struct samr_Password old_owf_password;
2360 struct netr_TrustInfo *trust_info;
2361
2362 struct netlogon_creds_CredentialState *creds;
2363 struct dcerpc_binding_handle *b = p->binding_handle;
2364
2365 if (!test_SetupCredentials3(p, tctx, NETLOGON_NEG_AUTH2_ADS_FLAGS,
2366 machine_credentials, &creds)) {
2367 return false;
2368 }
2369
2370 netlogon_creds_client_authenticator(creds, &a);
2371
2372 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
2373 r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
2374 r.in.secure_channel_type = cli_credentials_get_secure_channel_type(machine_credentials);
2375 r.in.computer_name = TEST_MACHINE_NAME;
2376 r.in.credential = &a;
2377
2378 r.out.return_authenticator = &return_authenticator;
2379 r.out.new_owf_password = &new_owf_password;
2380 r.out.old_owf_password = &old_owf_password;
2381 r.out.trust_info = &trust_info;
2382
2383 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerGetTrustInfo_r(b, tctx, &r),
2384 "ServerGetTrustInfo failed");
2385 torture_assert_ntstatus_ok(tctx, r.out.result, "ServerGetTrustInfo failed");
2386 torture_assert(tctx, netlogon_creds_client_check(creds, &return_authenticator.cred), "Credential chaining failed");
2387
2388 return true;
2389 }
2390
2391
2392 static bool test_GetDomainInfo(struct torture_context *tctx,
2393 struct dcerpc_pipe *p,
2394 struct cli_credentials *machine_credentials)
2395 {
2396 struct netr_LogonGetDomainInfo r;
2397 struct netr_WorkstationInformation q1;
2398 struct netr_Authenticator a;
2399 struct netlogon_creds_CredentialState *creds;
2400 struct netr_OsVersion os;
2401 union netr_WorkstationInfo query;
2402 union netr_DomainInfo info;
2403 const char* const attrs[] = { "dNSHostName", "operatingSystem",
2404 "operatingSystemServicePack", "operatingSystemVersion",
2405 "servicePrincipalName", NULL };
2406 char *url;
2407 struct ldb_context *sam_ctx = NULL;
2408 struct ldb_message **res;
2409 struct ldb_message_element *spn_el;
2410 int ret, i;
2411 char *version_str;
2412 const char *old_dnsname = NULL;
2413 char **spns = NULL;
2414 int num_spns = 0;
2415 char *temp_str;
2416 struct dcerpc_binding_handle *b = p->binding_handle;
2417
2418 torture_comment(tctx, "Testing netr_LogonGetDomainInfo\n");
2419
2420 if (!test_SetupCredentials3(p, tctx, NETLOGON_NEG_AUTH2_ADS_FLAGS,
2421 machine_credentials, &creds)) {
2422 return false;
2423 }
2424
2425 /* We won't double-check this when we are over 'local' transports */
2426 if (dcerpc_server_name(p)) {
2427 /* Set up connection to SAMDB on DC */
2428 url = talloc_asprintf(tctx, "ldap://%s", dcerpc_server_name(p));
2429 sam_ctx = ldb_wrap_connect(tctx, tctx->ev, tctx->lp_ctx, url,
2430 NULL,
2431 cmdline_credentials,
2432 0);
2433
2434 torture_assert(tctx, sam_ctx, "Connection to the SAMDB on DC failed!");
2435 }
2436
2437 torture_comment(tctx, "Testing netr_LogonGetDomainInfo 1st call (no variation of DNS hostname)\n");
2438 netlogon_creds_client_authenticator(creds, &a);
2439
2440 ZERO_STRUCT(r);
2441 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
2442 r.in.computer_name = TEST_MACHINE_NAME;
2443 r.in.credential = &a;
2444 r.in.level = 1;
2445 r.in.return_authenticator = &a;
2446 r.in.query = &query;
2447 r.out.return_authenticator = &a;
2448 r.out.info = &info;
2449
2450 ZERO_STRUCT(os);
2451 os.os.MajorVersion = 123;
2452 os.os.MinorVersion = 456;
2453 os.os.BuildNumber = 789;
2454 os.os.CSDVersion = "Service Pack 10";
2455 os.os.ServicePackMajor = 10;
2456 os.os.ServicePackMinor = 1;
2457 os.os.SuiteMask = NETR_VER_SUITE_SINGLEUSERTS;
2458 os.os.ProductType = NETR_VER_NT_SERVER;
2459 os.os.Reserved = 0;
2460
2461 version_str = talloc_asprintf(tctx, "%d.%d (%d)", os.os.MajorVersion,
2462 os.os.MinorVersion, os.os.BuildNumber);
2463
2464 ZERO_STRUCT(q1);
2465 q1.dns_hostname = talloc_asprintf(tctx, "%s.%s", TEST_MACHINE_NAME,
2466 lp_dnsdomain(tctx->lp_ctx));
2467 q1.sitename = "Default-First-Site-Name";
2468 q1.os_version.os = &os;
2469 q1.os_name.string = talloc_asprintf(tctx,
2470 "Tortured by Samba4 RPC-NETLOGON: %s",
2471 timestring(tctx, time(NULL)));
2472
2473 /* The workstation handles the "servicePrincipalName" and DNS hostname
2474 updates */
2475 q1.workstation_flags = NETR_WS_FLAG_HANDLES_SPN_UPDATE;
2476
2477 query.workstation_info = &q1;
2478
2479 if (sam_ctx) {
2480 /* Gets back the old DNS hostname in AD */
2481 ret = gendb_search(sam_ctx, tctx, NULL, &res, attrs,
2482 "(sAMAccountName=%s$)", TEST_MACHINE_NAME);
2483 old_dnsname =
2484 ldb_msg_find_attr_as_string(res[0], "dNSHostName", NULL);
2485
2486 /* Gets back the "servicePrincipalName"s in AD */
2487 spn_el = ldb_msg_find_element(res[0], "servicePrincipalName");
2488 if (spn_el != NULL) {
2489 for (i=0; i < spn_el->num_values; i++) {
2490 spns = talloc_realloc(tctx, spns, char *, i + 1);
2491 spns[i] = (char *) spn_el->values[i].data;
2492 }
2493 num_spns = i;
2494 }
2495 }
2496
2497 torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonGetDomainInfo_r(b, tctx, &r),
2498 "LogonGetDomainInfo failed");
2499 torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
2500 torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
2501
2502 msleep(250);
2503
2504 if (sam_ctx) {
2505 /* AD workstation infos entry check */
2506 ret = gendb_search(sam_ctx, tctx, NULL, &res, attrs,
2507 "(sAMAccountName=%s$)", TEST_MACHINE_NAME);
2508 torture_assert(tctx, ret == 1, "Test machine account not found in SAMDB on DC! Has the workstation been joined?");
2509 torture_assert_str_equal(tctx,
2510 ldb_msg_find_attr_as_string(res[0], "operatingSystem", NULL),
2511 q1.os_name.string, "'operatingSystem' wrong!");
2512 torture_assert_str_equal(tctx,
2513 ldb_msg_find_attr_as_string(res[0], "operatingSystemServicePack", NULL),
2514 os.os.CSDVersion, "'operatingSystemServicePack' wrong!");
2515 torture_assert_str_equal(tctx,
2516 ldb_msg_find_attr_as_string(res[0], "operatingSystemVersion", NULL),
2517 version_str, "'operatingSystemVersion' wrong!");
2518
2519 if (old_dnsname != NULL) {
2520 /* If before a DNS hostname was set then it should remain
2521 the same in combination with the "servicePrincipalName"s.
2522 The DNS hostname should also be returned by our
2523 "LogonGetDomainInfo" call (in the domain info structure). */
2524
2525 torture_assert_str_equal(tctx,
2526 ldb_msg_find_attr_as_string(res[0], "dNSHostName", NULL),
2527 old_dnsname, "'DNS hostname' was not set!");
2528
2529 spn_el = ldb_msg_find_element(res[0], "servicePrincipalName");
2530 torture_assert(tctx, ((spns != NULL) && (spn_el != NULL)),
2531 "'servicePrincipalName's not set!");
2532 torture_assert(tctx, spn_el->num_values == num_spns,
2533 "'servicePrincipalName's incorrect!");
2534 for (i=0; (i < spn_el->num_values) && (i < num_spns); i++)
2535 torture_assert_str_equal(tctx,
2536 (char *) spn_el->values[i].data,
2537 spns[i], "'servicePrincipalName's incorrect!");
2538
2539 torture_assert_str_equal(tctx,
2540 info.domain_info->dns_hostname.string,
2541 old_dnsname,
2542 "Out 'DNS hostname' doesn't match the old one!");
2543 } else {
2544 /* If no DNS hostname was set then also now none should be set,
2545 the "servicePrincipalName"s should remain empty and no DNS
2546 hostname should be returned by our "LogonGetDomainInfo"
2547 call (in the domain info structure). */
2548
2549 torture_assert(tctx,
2550 ldb_msg_find_attr_as_string(res[0], "dNSHostName", NULL) == NULL,
2551 "'DNS hostname' was set!");
2552
2553 spn_el = ldb_msg_find_element(res[0], "servicePrincipalName");
2554 torture_assert(tctx, ((spns == NULL) && (spn_el == NULL)),
2555 "'servicePrincipalName's were set!");
2556
2557 torture_assert(tctx,
2558 info.domain_info->dns_hostname.string == NULL,
2559 "Out 'DNS host name' was set!");
2560 }
2561 }
2562
2563 /* Checks "workstation flags" */
2564 torture_assert(tctx,
2565 info.domain_info->workstation_flags
2566 == NETR_WS_FLAG_HANDLES_SPN_UPDATE,
2567 "Out 'workstation flags' don't match!");
2568
2569
2570 torture_comment(tctx, "Testing netr_LogonGetDomainInfo 2nd call (variation of DNS hostname doesn't work)\n");
2571 netlogon_creds_client_authenticator(creds, &a);
2572
2573 /* Wipe out the osVersion, and prove which values still 'stick' */
2574 q1.os_version.os = NULL;
2575
2576 /* Change also the DNS hostname to test differences in behaviour */
2577 talloc_free(discard_const_p(char, q1.dns_hostname));
2578 q1.dns_hostname = talloc_asprintf(tctx, "%s2.%s", TEST_MACHINE_NAME,
2579 lp_dnsdomain(tctx->lp_ctx));
2580
2581 /* The workstation handles the "servicePrincipalName" and DNS hostname
2582 updates */
2583 q1.workstation_flags = NETR_WS_FLAG_HANDLES_SPN_UPDATE;
2584
2585 torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonGetDomainInfo_r(b, tctx, &r),
2586 "LogonGetDomainInfo failed");
2587 torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
2588
2589 torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
2590
2591 msleep(250);
2592
2593 if (sam_ctx) {
2594 /* AD workstation infos entry check */
2595 ret = gendb_search(sam_ctx, tctx, NULL, &res, attrs,
2596 "(sAMAccountName=%s$)", TEST_MACHINE_NAME);
2597 torture_assert(tctx, ret == 1, "Test machine account not found in SAMDB on DC! Has the workstation been joined?");
2598
2599 torture_assert_str_equal(tctx,
2600 ldb_msg_find_attr_as_string(res[0], "operatingSystem", NULL),
2601 q1.os_name.string, "'operatingSystem' should stick!");
2602 torture_assert(tctx,
2603 ldb_msg_find_attr_as_string(res[0], "operatingSystemServicePack", NULL) == NULL,
2604 "'operatingSystemServicePack' shouldn't stick!");
2605 torture_assert(tctx,
2606 ldb_msg_find_attr_as_string(res[0], "operatingSystemVersion", NULL) == NULL,
2607 "'operatingSystemVersion' shouldn't stick!");
2608
2609 /* The DNS host name shouldn't have been updated by the server */
2610
2611 torture_assert_str_equal(tctx,
2612 ldb_msg_find_attr_as_string(res[0], "dNSHostName", NULL),
2613 old_dnsname, "'DNS host name' did change!");
2614
2615 /* Find the two "servicePrincipalName"s which the DC shouldn't have been
2616 updated (HOST/<Netbios name> and HOST/<FQDN name>) - see MS-NRPC
2617 3.5.4.3.9 */
2618 spn_el = ldb_msg_find_element(res[0], "servicePrincipalName");
2619 torture_assert(tctx, spn_el != NULL,
2620 "There should exist 'servicePrincipalName's in AD!");
2621 temp_str = talloc_asprintf(tctx, "HOST/%s", TEST_MACHINE_NAME);
2622 for (i=0; i < spn_el->num_values; i++)
2623 if (strcasecmp((char *) spn_el->values[i].data, temp_str) == 0)
2624 break;
2625 torture_assert(tctx, i != spn_el->num_values,
2626 "'servicePrincipalName' HOST/<Netbios name> not found!");
2627 temp_str = talloc_asprintf(tctx, "HOST/%s", old_dnsname);
2628 for (i=0; i < spn_el->num_values; i++)
2629 if (strcasecmp((char *) spn_el->values[i].data, temp_str) == 0)
2630 break;
2631 torture_assert(tctx, i != spn_el->num_values,
2632 "'servicePrincipalName' HOST/<FQDN name> not found!");
2633
2634 /* Check that the out DNS hostname was set properly */
2635 torture_assert_str_equal(tctx, info.domain_info->dns_hostname.string,
2636 old_dnsname, "Out 'DNS hostname' doesn't match the old one!");
2637 }
2638
2639 /* Checks "workstation flags" */
2640 torture_assert(tctx,
2641 info.domain_info->workstation_flags == NETR_WS_FLAG_HANDLES_SPN_UPDATE,
2642 "Out 'workstation flags' don't match!");
2643
2644
2645 /* Now try the same but the workstation flags set to 0 */
2646
2647 torture_comment(tctx, "Testing netr_LogonGetDomainInfo 3rd call (variation of DNS hostname doesn't work)\n");
2648 netlogon_creds_client_authenticator(creds, &a);
2649
2650 /* Change also the DNS hostname to test differences in behaviour */
2651 talloc_free(discard_const_p(char, q1.dns_hostname));
2652 q1.dns_hostname = talloc_asprintf(tctx, "%s2.%s", TEST_MACHINE_NAME,
2653 lp_dnsdomain(tctx->lp_ctx));
2654
2655 /* Wipe out the osVersion, and prove which values still 'stick' */
2656 q1.os_version.os = NULL;
2657
2658 /* Let the DC handle the "servicePrincipalName" and DNS hostname
2659 updates */
2660 q1.workstation_flags = 0;
2661
2662 torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonGetDomainInfo_r(b, tctx, &r),
2663 "LogonGetDomainInfo failed");
2664 torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
2665 torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
2666
2667 msleep(250);
2668
2669 if (sam_ctx) {
2670 /* AD workstation infos entry check */
2671 ret = gendb_search(sam_ctx, tctx, NULL, &res, attrs,
2672 "(sAMAccountName=%s$)", TEST_MACHINE_NAME);
2673 torture_assert(tctx, ret == 1, "Test machine account not found in SAMDB on DC! Has the workstation been joined?");
2674
2675 torture_assert_str_equal(tctx,
2676 ldb_msg_find_attr_as_string(res[0], "operatingSystem", NULL),
2677 q1.os_name.string, "'operatingSystem' should stick!");
2678 torture_assert(tctx,
2679 ldb_msg_find_attr_as_string(res[0], "operatingSystemServicePack", NULL) == NULL,
2680 "'operatingSystemServicePack' shouldn't stick!");
2681 torture_assert(tctx,
2682 ldb_msg_find_attr_as_string(res[0], "operatingSystemVersion", NULL) == NULL,
2683 "'operatingSystemVersion' shouldn't stick!");
2684
2685 /* The DNS host name shouldn't have been updated by the server */
2686
2687 torture_assert_str_equal(tctx,
2688 ldb_msg_find_attr_as_string(res[0], "dNSHostName", NULL),
2689 old_dnsname, "'DNS host name' did change!");
2690
2691 /* Find the two "servicePrincipalName"s which the DC shouldn't have been
2692 updated (HOST/<Netbios name> and HOST/<FQDN name>) - see MS-NRPC
2693 3.5.4.3.9 */
2694 spn_el = ldb_msg_find_element(res[0], "servicePrincipalName");
2695 torture_assert(tctx, spn_el != NULL,
2696 "There should exist 'servicePrincipalName's in AD!");
2697 temp_str = talloc_asprintf(tctx, "HOST/%s", TEST_MACHINE_NAME);
2698 for (i=0; i < spn_el->num_values; i++)
2699 if (strcasecmp((char *) spn_el->values[i].data, temp_str) == 0)
2700 break;
2701 torture_assert(tctx, i != spn_el->num_values,
2702 "'servicePrincipalName' HOST/<Netbios name> not found!");
2703 temp_str = talloc_asprintf(tctx, "HOST/%s", old_dnsname);
2704 for (i=0; i < spn_el->num_values; i++)
2705 if (strcasecmp((char *) spn_el->values[i].data, temp_str) == 0)
2706 break;
2707 torture_assert(tctx, i != spn_el->num_values,
2708 "'servicePrincipalName' HOST/<FQDN name> not found!");
2709
2710 /* Here the server gives us NULL as the out DNS hostname */
2711 torture_assert(tctx, info.domain_info->dns_hostname.string == NULL,
2712 "Out 'DNS hostname' should be NULL!");
2713 }
2714
2715 /* Checks "workstation flags" */
2716 torture_assert(tctx,
2717 info.domain_info->workstation_flags == 0,
2718 "Out 'workstation flags' don't match!");
2719
2720
2721 torture_comment(tctx, "Testing netr_LogonGetDomainInfo 4th call (verification of DNS hostname and check for trusted domains)\n");
2722 netlogon_creds_client_authenticator(creds, &a);
2723
2724 /* Put the DNS hostname back */
2725 talloc_free(discard_const_p(char, q1.dns_hostname));
2726 q1.dns_hostname = talloc_asprintf(tctx, "%s.%s", TEST_MACHINE_NAME,
2727 lp_dnsdomain(tctx->lp_ctx));
2728
2729 /* The workstation handles the "servicePrincipalName" and DNS hostname
2730 updates */
2731 q1.workstation_flags = NETR_WS_FLAG_HANDLES_SPN_UPDATE;
2732
2733 torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonGetDomainInfo_r(b, tctx, &r),
2734 "LogonGetDomainInfo failed");
2735 torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
2736 torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
2737
2738 msleep(250);
2739
2740 /* Now the in/out DNS hostnames should be the same */
2741 torture_assert_str_equal(tctx,
2742 info.domain_info->dns_hostname.string,
2743 query.workstation_info->dns_hostname,
2744 "In/Out 'DNS hostnames' don't match!");
2745
2746 /* Checks "workstation flags" */
2747 torture_assert(tctx,
2748 info.domain_info->workstation_flags
2749 == NETR_WS_FLAG_HANDLES_SPN_UPDATE,
2750 "Out 'workstation flags' don't match!");
2751
2752 /* Checks for trusted domains */
2753 torture_assert(tctx,
2754 (info.domain_info->trusted_domain_count != 0)
2755 && (info.domain_info->trusted_domains != NULL),
2756 "Trusted domains have been requested!");
2757
2758
2759 torture_comment(tctx, "Testing netr_LogonGetDomainInfo 5th call (check for trusted domains)\n");
2760 netlogon_creds_client_authenticator(creds, &a);
2761
2762 /* The workstation handles the "servicePrincipalName" and DNS hostname
2763 updates and requests inbound trusts */
2764 q1.workstation_flags = NETR_WS_FLAG_HANDLES_SPN_UPDATE
2765 | NETR_WS_FLAG_HANDLES_INBOUND_TRUSTS;
2766
2767 torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonGetDomainInfo_r(b, tctx, &r),
2768 "LogonGetDomainInfo failed");
2769 torture_assert_ntstatus_ok(tctx, r.out.result, "LogonGetDomainInfo failed");
2770 torture_assert(tctx, netlogon_creds_client_check(creds, &a.cred), "Credential chaining failed");
2771
2772 msleep(250);
2773
2774 /* Checks "workstation flags" */
2775 torture_assert(tctx,
2776 info.domain_info->workstation_flags
2777 == (NETR_WS_FLAG_HANDLES_SPN_UPDATE
2778 | NETR_WS_FLAG_HANDLES_INBOUND_TRUSTS),
2779 "Out 'workstation flags' don't match!");
2780
2781 /* Checks for trusted domains */
2782 torture_assert(tctx,
2783 (info.domain_info->trusted_domain_count != 0)
2784 && (info.domain_info->trusted_domains != NULL),
2785 "Trusted domains have been requested!");
2786
2787 return true;
2788 }
2789
2790 static bool test_GetDomainInfo_async(struct torture_context *tctx,
2791 struct dcerpc_pipe *p,
2792 struct cli_credentials *machine_credentials)
2793 {
2794 NTSTATUS status;
2795 struct netr_LogonGetDomainInfo r;
2796 struct netr_WorkstationInformation q1;
2797 struct netr_Authenticator a;
2798 #define ASYNC_COUNT 100
2799 struct netlogon_creds_CredentialState *creds;
2800 struct netlogon_creds_CredentialState *creds_async[ASYNC_COUNT];
2801 struct tevent_req *req[ASYNC_COUNT];
2802 int i;
2803 union netr_WorkstationInfo query;
2804 union netr_DomainInfo info;
2805
2806 torture_comment(tctx, "Testing netr_LogonGetDomainInfo - async count %d\n", ASYNC_COUNT);
2807
2808 if (!test_SetupCredentials3(p, tctx, NETLOGON_NEG_AUTH2_ADS_FLAGS,
2809 machine_credentials, &creds)) {
2810 return false;
2811 }
2812
2813 ZERO_STRUCT(r);
2814 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
2815 r.in.computer_name = TEST_MACHINE_NAME;
2816 r.in.credential = &a;
2817 r.in.level = 1;
2818 r.in.return_authenticator = &a;
2819 r.in.query = &query;
2820 r.out.return_authenticator = &a;
2821 r.out.info = &info;
2822
2823 ZERO_STRUCT(q1);
2824 q1.dns_hostname = talloc_asprintf(tctx, "%s.%s", TEST_MACHINE_NAME,
2825 lp_dnsdomain(tctx->lp_ctx));
2826 q1.sitename = "Default-First-Site-Name";
2827 q1.os_name.string = "UNIX/Linux or similar";
2828
2829 query.workstation_info = &q1;
2830
2831 for (i=0;i<ASYNC_COUNT;i++) {
2832 netlogon_creds_client_authenticator(creds, &a);
2833
2834 creds_async[i] = (struct netlogon_creds_CredentialState *)talloc_memdup(creds, creds, sizeof(*creds));
2835 req[i] = dcerpc_netr_LogonGetDomainInfo_r_send(tctx, tctx->ev, p->binding_handle, &r);
2836
2837 /* even with this flush per request a w2k3 server seems to
2838 clag with multiple outstanding requests. bleergh. */
2839 torture_assert_int_equal(tctx, event_loop_once(dcerpc_event_context(p)), 0,
2840 "event_loop_once failed");
2841 }
2842
2843 for (i=0;i<ASYNC_COUNT;i++) {
2844 torture_assert_int_equal(tctx, tevent_req_poll(req[i], tctx->ev), true,
2845 "tevent_req_poll() failed");
2846
2847 status = dcerpc_netr_LogonGetDomainInfo_r_recv(req[i], tctx);
2848
2849 torture_assert_ntstatus_ok(tctx, status, "netr_LogonGetDomainInfo_async");
2850 torture_assert_ntstatus_ok(tctx, r.out.result, "netr_LogonGetDomainInfo_async");
2851
2852 torture_assert(tctx, netlogon_creds_client_check(creds_async[i], &a.cred),
2853 "Credential chaining failed at async");
2854 }
2855
2856 torture_comment(tctx,
2857 "Testing netr_LogonGetDomainInfo - async count %d OK\n", ASYNC_COUNT);
2858
2859 return true;
2860 }
2861
2862 static bool test_ManyGetDCName(struct torture_context *tctx,
2863 struct dcerpc_pipe *p)
2864 {
2865 NTSTATUS status;
2866 struct dcerpc_pipe *p2;
2867 struct lsa_ObjectAttribute attr;
2868 struct lsa_QosInfo qos;
2869 struct lsa_OpenPolicy2 o;
2870 struct policy_handle lsa_handle;
2871 struct lsa_DomainList domains;
2872
2873 struct lsa_EnumTrustDom t;
2874 uint32_t resume_handle = 0;
2875 struct netr_GetAnyDCName d;
2876 const char *dcname = NULL;
2877 struct dcerpc_binding_handle *b = p->binding_handle;
2878 struct dcerpc_binding_handle *b2;
2879
2880 int i;
2881
2882 if (p->conn->transport.transport != NCACN_NP) {
2883 return true;
2884 }
2885
2886 torture_comment(tctx, "Torturing GetDCName\n");
2887
2888 status = dcerpc_secondary_connection(p, &p2, p->binding);
2889 torture_assert_ntstatus_ok(tctx, status, "Failed to create secondary connection");
2890
2891 status = dcerpc_bind_auth_none(p2, &ndr_table_lsarpc);
2892 torture_assert_ntstatus_ok(tctx, status, "Failed to create bind on secondary connection");
2893 b2 = p2->binding_handle;
2894
2895 qos.len = 0;
2896 qos.impersonation_level = 2;
2897 qos.context_mode = 1;
2898 qos.effective_only = 0;
2899
2900 attr.len = 0;
2901 attr.root_dir = NULL;
2902 attr.object_name = NULL;
2903 attr.attributes = 0;
2904 attr.sec_desc = NULL;
2905 attr.sec_qos = &qos;
2906
2907 o.in.system_name = "\\";
2908 o.in.attr = &attr;
2909 o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
2910 o.out.handle = &lsa_handle;
2911
2912 torture_assert_ntstatus_ok(tctx, dcerpc_lsa_OpenPolicy2_r(b2, tctx, &o),
2913 "OpenPolicy2 failed");
2914 torture_assert_ntstatus_ok(tctx, o.out.result, "OpenPolicy2 failed");
2915
2916 t.in.handle = &lsa_handle;
2917 t.in.resume_handle = &resume_handle;
2918 t.in.max_size = 1000;
2919 t.out.domains = &domains;
2920 t.out.resume_handle = &resume_handle;
2921
2922 torture_assert_ntstatus_ok(tctx, dcerpc_lsa_EnumTrustDom_r(b2, tctx, &t),
2923 "EnumTrustDom failed");
2924
2925 if ((!NT_STATUS_IS_OK(t.out.result) &&
2926 (!NT_STATUS_EQUAL(t.out.result, NT_STATUS_NO_MORE_ENTRIES))))
2927 torture_fail(tctx, "Could not list domains");
2928
2929 talloc_free(p2);
2930
2931 d.in.logon_server = talloc_asprintf(tctx, "\\\\%s",
2932 dcerpc_server_name(p));
2933 d.out.dcname = &dcname;
2934
2935 for (i=0; i<domains.count * 4; i++) {
2936 struct lsa_DomainInfo *info =
2937 &domains.domains[rand()%domains.count];
2938
2939 d.in.domainname = info->name.string;
2940
2941 status = dcerpc_netr_GetAnyDCName_r(b, tctx, &d);
2942 torture_assert_ntstatus_ok(tctx, status, "GetAnyDCName");
2943
2944 torture_comment(tctx, "\tDC for domain %s is %s\n", info->name.string,
2945 dcname ? dcname : "unknown");
2946 }
2947
2948 return true;
2949 }
2950
2951 static bool test_SetPassword_with_flags(struct torture_context *tctx,
2952 struct dcerpc_pipe *p,
2953 struct cli_credentials *machine_credentials)
2954 {
2955 uint32_t flags[] = { 0, NETLOGON_NEG_STRONG_KEYS };
2956 struct netlogon_creds_CredentialState *creds;
2957 int i;
2958
2959 if (!test_SetupCredentials2(p, tctx, 0,
2960 machine_credentials,
2961 cli_credentials_get_secure_channel_type(machine_credentials),
2962 &creds)) {
2963 torture_skip(tctx, "DC does not support negotiation of 64bit session keys");
2964 }
2965
2966 for (i=0; i < ARRAY_SIZE(flags); i++) {
2967 torture_assert(tctx,
2968 test_SetPassword_flags(tctx, p, machine_credentials, flags[i]),
2969 talloc_asprintf(tctx, "failed to test SetPassword negotiating with 0x%08x flags", flags[i]));
2970 }
2971
2972 return true;
2973 }
2974
2975 struct torture_suite *torture_rpc_netlogon(TALLOC_CTX *mem_ctx)
2976 {
2977 struct torture_suite *suite = torture_suite_create(mem_ctx, "NETLOGON");
2978 struct torture_rpc_tcase *tcase;
2979 struct torture_test *test;
2980
2981 tcase = torture_suite_add_machine_bdc_rpc_iface_tcase(suite, "netlogon",
2982 &ndr_table_netlogon, TEST_MACHINE_NAME);
2983
2984 torture_rpc_tcase_add_test(tcase, "LogonUasLogon", test_LogonUasLogon);
2985 torture_rpc_tcase_add_test(tcase, "LogonUasLogoff", test_LogonUasLogoff);
2986 torture_rpc_tcase_add_test_creds(tcase, "SamLogon", test_SamLogon);
2987 torture_rpc_tcase_add_test_creds(tcase, "SetPassword", test_SetPassword);
2988 torture_rpc_tcase_add_test_creds(tcase, "SetPassword2", test_SetPassword2);
2989 torture_rpc_tcase_add_test_creds(tcase, "GetPassword", test_GetPassword);
2990 torture_rpc_tcase_add_test_creds(tcase, "GetTrustPasswords", test_GetTrustPasswords);
2991 torture_rpc_tcase_add_test_creds(tcase, "GetDomainInfo", test_GetDomainInfo);
2992 torture_rpc_tcase_add_test_creds(tcase, "DatabaseSync", test_DatabaseSync);
2993 torture_rpc_tcase_add_test_creds(tcase, "DatabaseDeltas", test_DatabaseDeltas);
2994 torture_rpc_tcase_add_test_creds(tcase, "DatabaseRedo", test_DatabaseRedo);
2995 torture_rpc_tcase_add_test_creds(tcase, "AccountDeltas", test_AccountDeltas);
2996 torture_rpc_tcase_add_test_creds(tcase, "AccountSync", test_AccountSync);
2997 torture_rpc_tcase_add_test(tcase, "GetDcName", test_GetDcName);
2998 torture_rpc_tcase_add_test(tcase, "ManyGetDCName", test_ManyGetDCName);
2999 torture_rpc_tcase_add_test(tcase, "GetAnyDCName", test_GetAnyDCName);
3000 torture_rpc_tcase_add_test_creds(tcase, "DatabaseSync2", test_DatabaseSync2);
3001 torture_rpc_tcase_add_test(tcase, "DsrEnumerateDomainTrusts", test_DsrEnumerateDomainTrusts);
3002 torture_rpc_tcase_add_test(tcase, "NetrEnumerateTrustedDomains", test_netr_NetrEnumerateTrustedDomains);
3003 torture_rpc_tcase_add_test(tcase, "NetrEnumerateTrustedDomainsEx", test_netr_NetrEnumerateTrustedDomainsEx);
3004 test = torture_rpc_tcase_add_test_creds(tcase, "GetDomainInfo_async", test_GetDomainInfo_async);
3005 test->dangerous = true;
3006 torture_rpc_tcase_add_test(tcase, "DsRGetDCName", test_netr_DsRGetDCName);
3007 torture_rpc_tcase_add_test(tcase, "DsRGetDCNameEx", test_netr_DsRGetDCNameEx);
3008 torture_rpc_tcase_add_test(tcase, "DsRGetDCNameEx2", test_netr_DsRGetDCNameEx2);
3009 torture_rpc_tcase_add_test(tcase, "DsrGetDcSiteCoverageW", test_netr_DsrGetDcSiteCoverageW);
3010 torture_rpc_tcase_add_test(tcase, "DsRAddressToSitenamesW", test_netr_DsRAddressToSitenamesW);
3011 torture_rpc_tcase_add_test(tcase, "DsRAddressToSitenamesExW", test_netr_DsRAddressToSitenamesExW);
3012 torture_rpc_tcase_add_test_creds(tcase, "ServerGetTrustInfo", test_netr_ServerGetTrustInfo);
3013
3014 return suite;
3015 }
3016
3017 struct torture_suite *torture_rpc_netlogon_s3(TALLOC_CTX *mem_ctx)
3018 {
3019 struct torture_suite *suite = torture_suite_create(mem_ctx, "NETLOGON-S3");
3020 struct torture_rpc_tcase *tcase;
3021
3022 tcase = torture_suite_add_machine_bdc_rpc_iface_tcase(suite, "netlogon",
3023 &ndr_table_netlogon, TEST_MACHINE_NAME);
3024
3025 torture_rpc_tcase_add_test_creds(tcase, "SamLogon", test_SamLogon);
3026 torture_rpc_tcase_add_test_creds(tcase, "SamLogon_NULL_domain", test_SamLogon_NULL_domain);
3027 torture_rpc_tcase_add_test_creds(tcase, "SetPassword", test_SetPassword);
3028 torture_rpc_tcase_add_test_creds(tcase, "SetPassword_with_flags", test_SetPassword_with_flags);
3029 torture_rpc_tcase_add_test_creds(tcase, "SetPassword2", test_SetPassword2);
3030 torture_rpc_tcase_add_test(tcase, "NetrEnumerateTrustedDomains", test_netr_NetrEnumerateTrustedDomains);
3031
3032 return suite;
3033 }
3034
3035 struct torture_suite *torture_rpc_netlogon_admin(TALLOC_CTX *mem_ctx)
3036 {
3037 struct torture_suite *suite = torture_suite_create(mem_ctx, "NETLOGON-ADMIN");
3038 struct torture_rpc_tcase *tcase;
3039
3040 tcase = torture_suite_add_machine_bdc_rpc_iface_tcase(suite, "netlogon",
3041 &ndr_table_netlogon, TEST_MACHINE_NAME);
3042 torture_rpc_tcase_add_test_creds(tcase, "LogonControl", test_LogonControl);
3043 torture_rpc_tcase_add_test_creds(tcase, "LogonControl2", test_LogonControl2);
3044 torture_rpc_tcase_add_test_creds(tcase, "LogonControl2Ex", test_LogonControl2Ex);
3045
3046 tcase = torture_suite_add_machine_workstation_rpc_iface_tcase(suite, "netlogon",
3047 &ndr_table_netlogon, TEST_MACHINE_NAME);
3048 torture_rpc_tcase_add_test_creds(tcase, "LogonControl", test_LogonControl);
3049 torture_rpc_tcase_add_test_creds(tcase, "LogonControl2", test_LogonControl2);
3050 torture_rpc_tcase_add_test_creds(tcase, "LogonControl2Ex", test_LogonControl2Ex);
3051
3052 tcase = torture_suite_add_rpc_iface_tcase(suite, "netlogon",
3053 &ndr_table_netlogon);
3054 torture_rpc_tcase_add_test_creds(tcase, "LogonControl", test_LogonControl);
3055 torture_rpc_tcase_add_test_creds(tcase, "LogonControl2", test_LogonControl2);
3056 torture_rpc_tcase_add_test_creds(tcase, "LogonControl2Ex", test_LogonControl2Ex);
3057
3058 return suite;
3059 }
reg import