search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
dbwrap: Prevent transactions on non-persistent dbs
[Samba/gebeck_regimport.git] / source4 / torture / rpc / drsuapi.c
blob86b0d3276853a0259cf5055a2ce23dc398c4c797
1 /*
2 Unix SMB/CIFS implementation.
3
4 DRSUapi tests
5
6 Copyright (C) Andrew Tridgell 2003
7 Copyright (C) Stefan (metze) Metzmacher 2004
8 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005-2006
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 */
23
24 #include "includes.h"
25 #include "librpc/gen_ndr/ndr_drsuapi_c.h"
26 #include "torture/rpc/torture_rpc.h"
27 #include "param/param.h"
28
29 #define TEST_MACHINE_NAME "torturetest"
30
31 bool test_DsBind(struct dcerpc_pipe *p,
32 struct torture_context *tctx,
33 struct DsPrivate *priv)
34 {
35 NTSTATUS status;
36 struct drsuapi_DsBind r;
37 struct drsuapi_DsBindInfo28 *bind_info28;
38 struct drsuapi_DsBindInfoCtr bind_info_ctr;
39
40 ZERO_STRUCT(bind_info_ctr);
41 bind_info_ctr.length = 28;
42
43 bind_info28 = &bind_info_ctr.info.info28;
44 bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_BASE;
45 bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION;
46 bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI;
47 bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2;
48 bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS;
49 bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1;
50 bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION;
51 bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE;
52 bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2;
53 bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION;
54 bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2;
55 bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD;
56 bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND;
57 bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO;
58 bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION;
59 bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01;
60 bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP;
61 bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY;
62 bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3;
63 bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2;
64 bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6;
65 bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS;
66 bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8;
67 bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5;
68 bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6;
69 bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3;
70 bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7;
71 bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT;
72
73 GUID_from_string(DRSUAPI_DS_BIND_GUID, &priv->bind_guid);
74
75 r.in.bind_guid = &priv->bind_guid;
76 r.in.bind_info = &bind_info_ctr;
77 r.out.bind_handle = &priv->bind_handle;
78
79 torture_comment(tctx, "Testing DsBind\n");
80
81 status = dcerpc_drsuapi_DsBind_r(p->binding_handle, tctx, &r);
82 torture_drsuapi_assert_call(tctx, p, status, &r, "dcerpc_drsuapi_DsBind");
83
84 /* cache server supported extensions, i.e. bind_info */
85 priv->srv_bind_info = r.out.bind_info->info.info28;
86
87 return true;
88 }
89
90 static bool test_DsGetDomainControllerInfo(struct torture_context *tctx,
91 struct DsPrivate *priv)
92 {
93 NTSTATUS status;
94 struct dcerpc_pipe *p = priv->drs_pipe;
95 struct drsuapi_DsGetDomainControllerInfo r;
96 union drsuapi_DsGetDCInfoCtr ctr;
97 int32_t level_out = 0;
98 bool found = false;
99 int i, j, k;
100
101 struct {
102 const char *name;
103 WERROR expected;
104 } names[] = {
105 {
106 .name = torture_join_dom_netbios_name(priv->join),
107 .expected = WERR_OK
108 },
109 {
110 .name = torture_join_dom_dns_name(priv->join),
111 .expected = WERR_OK
112 },
113 {
114 .name = "__UNKNOWN_DOMAIN__",
115 .expected = WERR_DS_OBJ_NOT_FOUND
116 },
117 {
118 .name = "unknown.domain.samba.example.com",
119 .expected = WERR_DS_OBJ_NOT_FOUND
120 },
121 };
122 int levels[] = {1, 2};
123 int level;
124
125 for (i=0; i < ARRAY_SIZE(levels); i++) {
126 for (j=0; j < ARRAY_SIZE(names); j++) {
127 union drsuapi_DsGetDCInfoRequest req;
128 level = levels[i];
129 r.in.bind_handle = &priv->bind_handle;
130 r.in.level = 1;
131 r.in.req = &req;
132
133 r.in.req->req1.domain_name = names[j].name;
134 r.in.req->req1.level = level;
135
136 r.out.ctr = &ctr;
137 r.out.level_out = &level_out;
138
139 torture_comment(tctx,
140 "Testing DsGetDomainControllerInfo level %d on domainname '%s'\n",
141 r.in.req->req1.level, r.in.req->req1.domain_name);
142
143 status = dcerpc_drsuapi_DsGetDomainControllerInfo_r(p->binding_handle, tctx, &r);
144 torture_assert_ntstatus_ok(tctx, status,
145 "dcerpc_drsuapi_DsGetDomainControllerInfo with dns domain failed");
146 torture_assert_werr_equal(tctx,
147 r.out.result, names[j].expected,
148 "DsGetDomainControllerInfo level with dns domain failed");
149
150 if (!W_ERROR_IS_OK(r.out.result)) {
151 /* If this was an error, we can't read the result structure */
152 continue;
153 }
154
155 torture_assert_int_equal(tctx,
156 r.in.req->req1.level, *r.out.level_out,
157 "dcerpc_drsuapi_DsGetDomainControllerInfo in/out level differs");
158
159 switch (level) {
160 case 1:
161 for (k=0; k < r.out.ctr->ctr1.count; k++) {
162 if (strcasecmp_m(r.out.ctr->ctr1.array[k].netbios_name,
163 torture_join_netbios_name(priv->join)) == 0) {
164 found = true;
165 break;
166 }
167 }
168 break;
169 case 2:
170 for (k=0; k < r.out.ctr->ctr2.count; k++) {
171 if (strcasecmp_m(r.out.ctr->ctr2.array[k].netbios_name,
172 torture_join_netbios_name(priv->join)) == 0) {
173 found = true;
174 priv->dcinfo = r.out.ctr->ctr2.array[k];
175 break;
176 }
177 }
178 break;
179 }
180 torture_assert(tctx, found,
181 "dcerpc_drsuapi_DsGetDomainControllerInfo: Failed to find the domain controller we just created during the join");
182 }
183 }
184
185 r.in.bind_handle = &priv->bind_handle;
186 r.in.level = 1;
187
188 r.out.ctr = &ctr;
189 r.out.level_out = &level_out;
190
191 r.in.req->req1.domain_name = "__UNKNOWN_DOMAIN__"; /* This is clearly ignored for this level */
192 r.in.req->req1.level = -1;
193
194 torture_comment(tctx, "Testing DsGetDomainControllerInfo level %d on domainname '%s'\n",
195 r.in.req->req1.level, r.in.req->req1.domain_name);
196
197 status = dcerpc_drsuapi_DsGetDomainControllerInfo_r(p->binding_handle, tctx, &r);
198
199 torture_assert_ntstatus_ok(tctx, status,
200 "dcerpc_drsuapi_DsGetDomainControllerInfo with dns domain failed");
201 torture_assert_werr_ok(tctx, r.out.result,
202 "DsGetDomainControllerInfo with dns domain failed");
203
204 {
205 const char *dc_account = talloc_asprintf(tctx, "%s\\%s$",
206 torture_join_dom_netbios_name(priv->join),
207 priv->dcinfo.netbios_name);
208 torture_comment(tctx, "%s: Enum active LDAP sessions searching for %s\n", __func__, dc_account);
209 for (k=0; k < r.out.ctr->ctr01.count; k++) {
210 if (strcasecmp_m(r.out.ctr->ctr01.array[k].client_account,
211 dc_account)) {
212 found = true;
213 break;
214 }
215 }
216 torture_assert(tctx, found,
217 "dcerpc_drsuapi_DsGetDomainControllerInfo level: Failed to find the domain controller in last logon records");
218 }
219
220
221 return true;
222 }
223
224 static bool test_DsWriteAccountSpn(struct torture_context *tctx,
225 struct DsPrivate *priv)
226 {
227 NTSTATUS status;
228 struct dcerpc_pipe *p = priv->drs_pipe;
229 struct drsuapi_DsWriteAccountSpn r;
230 union drsuapi_DsWriteAccountSpnRequest req;
231 struct drsuapi_DsNameString names[2];
232 union drsuapi_DsWriteAccountSpnResult res;
233 uint32_t level_out;
234
235 r.in.bind_handle = &priv->bind_handle;
236 r.in.level = 1;
237 r.in.req = &req;
238
239 torture_comment(tctx, "Testing DsWriteAccountSpn\n");
240
241 r.in.req->req1.operation = DRSUAPI_DS_SPN_OPERATION_ADD;
242 r.in.req->req1.unknown1 = 0;
243 r.in.req->req1.object_dn = priv->dcinfo.computer_dn;
244 r.in.req->req1.count = 2;
245 r.in.req->req1.spn_names = names;
246 names[0].str = talloc_asprintf(tctx, "smbtortureSPN/%s",priv->dcinfo.netbios_name);
247 names[1].str = talloc_asprintf(tctx, "smbtortureSPN/%s",priv->dcinfo.dns_name);
248
249 r.out.res = &res;
250 r.out.level_out = &level_out;
251
252 status = dcerpc_drsuapi_DsWriteAccountSpn_r(p->binding_handle, tctx, &r);
253 torture_drsuapi_assert_call(tctx, p, status, &r, "dcerpc_drsuapi_DsWriteAccountSpn");
254
255 r.in.req->req1.operation = DRSUAPI_DS_SPN_OPERATION_DELETE;
256 r.in.req->req1.unknown1 = 0;
257
258 status = dcerpc_drsuapi_DsWriteAccountSpn_r(p->binding_handle, tctx, &r);
259 torture_drsuapi_assert_call(tctx, p, status, &r, "dcerpc_drsuapi_DsWriteAccountSpn");
260
261 return true;
262 }
263
264 static bool test_DsReplicaGetInfo(struct torture_context *tctx,
265 struct DsPrivate *priv)
266 {
267 NTSTATUS status;
268 struct dcerpc_pipe *p = priv->drs_pipe;
269 struct drsuapi_DsReplicaGetInfo r;
270 union drsuapi_DsReplicaGetInfoRequest req;
271 union drsuapi_DsReplicaInfo info;
272 enum drsuapi_DsReplicaInfoType info_type;
273 int i;
274 struct {
275 int32_t level;
276 int32_t infotype;
277 const char *obj_dn;
278 } array[] = {
279 {
280 DRSUAPI_DS_REPLICA_GET_INFO,
281 DRSUAPI_DS_REPLICA_INFO_NEIGHBORS,
282 NULL
283 },{
284 DRSUAPI_DS_REPLICA_GET_INFO,
285 DRSUAPI_DS_REPLICA_INFO_CURSORS,
286 NULL
287 },{
288 DRSUAPI_DS_REPLICA_GET_INFO,
289 DRSUAPI_DS_REPLICA_INFO_OBJ_METADATA,
290 NULL
291 },{
292 DRSUAPI_DS_REPLICA_GET_INFO,
293 DRSUAPI_DS_REPLICA_INFO_KCC_DSA_CONNECT_FAILURES,
294 NULL
295 },{
296 DRSUAPI_DS_REPLICA_GET_INFO,
297 DRSUAPI_DS_REPLICA_INFO_KCC_DSA_LINK_FAILURES,
298 NULL
299 },{
300 DRSUAPI_DS_REPLICA_GET_INFO,
301 DRSUAPI_DS_REPLICA_INFO_PENDING_OPS,
302 NULL
303 },{
304 DRSUAPI_DS_REPLICA_GET_INFO2,
305 DRSUAPI_DS_REPLICA_INFO_ATTRIBUTE_VALUE_METADATA,
306 NULL
307 },{
308 DRSUAPI_DS_REPLICA_GET_INFO2,
309 DRSUAPI_DS_REPLICA_INFO_CURSORS2,
310 NULL
311 },{
312 DRSUAPI_DS_REPLICA_GET_INFO2,
313 DRSUAPI_DS_REPLICA_INFO_CURSORS3,
314 NULL
315 },{
316 DRSUAPI_DS_REPLICA_GET_INFO2,
317 DRSUAPI_DS_REPLICA_INFO_OBJ_METADATA2,
318 NULL
319 },{
320 DRSUAPI_DS_REPLICA_GET_INFO2,
321 DRSUAPI_DS_REPLICA_INFO_ATTRIBUTE_VALUE_METADATA2,
322 NULL
323 },{
324 DRSUAPI_DS_REPLICA_GET_INFO2,
325 DRSUAPI_DS_REPLICA_INFO_REPSTO,
326 NULL
327 },{
328 DRSUAPI_DS_REPLICA_GET_INFO2,
329 DRSUAPI_DS_REPLICA_INFO_CLIENT_CONTEXTS,
330 "__IGNORED__"
331 },{
332 DRSUAPI_DS_REPLICA_GET_INFO2,
333 DRSUAPI_DS_REPLICA_INFO_UPTODATE_VECTOR_V1,
334 NULL
335 },{
336 DRSUAPI_DS_REPLICA_GET_INFO2,
337 DRSUAPI_DS_REPLICA_INFO_SERVER_OUTGOING_CALLS,
338 NULL
339 }
340 };
341
342 if (torture_setting_bool(tctx, "samba4", false)) {
343 torture_comment(tctx, "skipping DsReplicaGetInfo test against Samba4\n");
344 return true;
345 }
346
347 r.in.bind_handle = &priv->bind_handle;
348 r.in.req = &req;
349
350 for (i=0; i < ARRAY_SIZE(array); i++) {
351 const char *object_dn;
352
353 torture_comment(tctx, "Testing DsReplicaGetInfo level %d infotype %d\n",
354 array[i].level, array[i].infotype);
355
356 object_dn = (array[i].obj_dn ? array[i].obj_dn : priv->domain_obj_dn);
357
358 r.in.level = array[i].level;
359 switch(r.in.level) {
360 case DRSUAPI_DS_REPLICA_GET_INFO:
361 r.in.req->req1.info_type = array[i].infotype;
362 r.in.req->req1.object_dn = object_dn;
363 ZERO_STRUCT(r.in.req->req1.source_dsa_guid);
364 break;
365 case DRSUAPI_DS_REPLICA_GET_INFO2:
366 r.in.req->req2.info_type = array[i].infotype;
367 r.in.req->req2.object_dn = object_dn;
368 ZERO_STRUCT(r.in.req->req2.source_dsa_guid);
369 r.in.req->req2.flags = 0;
370 r.in.req->req2.attribute_name = NULL;
371 r.in.req->req2.value_dn_str = NULL;
372 r.in.req->req2.enumeration_context = 0;
373 break;
374 }
375
376 r.out.info = &info;
377 r.out.info_type = &info_type;
378
379 status = dcerpc_drsuapi_DsReplicaGetInfo_r(p->binding_handle, tctx, &r);
380 torture_drsuapi_assert_call(tctx, p, status, &r, "dcerpc_drsuapi_DsReplicaGetInfo");
381 if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE)) {
382 torture_comment(tctx,
383 "DsReplicaGetInfo level %d and/or infotype %d not supported by server\n",
384 array[i].level, array[i].infotype);
385 } else {
386 torture_drsuapi_assert_call(tctx, p, status, &r, "dcerpc_drsuapi_DsReplicaGetInfo");
387 }
388 }
389
390 return true;
391 }
392
393 static bool test_DsReplicaSync(struct torture_context *tctx,
394 struct DsPrivate *priv)
395 {
396 NTSTATUS status;
397 struct dcerpc_pipe *p = priv->drs_pipe;
398 int i;
399 struct drsuapi_DsReplicaSync r;
400 union drsuapi_DsReplicaSyncRequest sync_req;
401 struct drsuapi_DsReplicaObjectIdentifier nc;
402 struct GUID null_guid;
403 struct dom_sid null_sid;
404 struct {
405 int32_t level;
406 } array[] = {
407 {
408 1
409 }
410 };
411
412 if (!torture_setting_bool(tctx, "dangerous", false)) {
413 torture_comment(tctx, "DsReplicaSync disabled - enable dangerous tests to use\n");
414 return true;
415 }
416
417 if (torture_setting_bool(tctx, "samba4", false)) {
418 torture_comment(tctx, "skipping DsReplicaSync test against Samba4\n");
419 return true;
420 }
421
422 ZERO_STRUCT(null_guid);
423 ZERO_STRUCT(null_sid);
424
425 r.in.bind_handle = &priv->bind_handle;
426
427 for (i=0; i < ARRAY_SIZE(array); i++) {
428 torture_comment(tctx, "Testing DsReplicaSync level %d\n",
429 array[i].level);
430
431 r.in.level = array[i].level;
432 switch(r.in.level) {
433 case 1:
434 nc.guid = null_guid;
435 nc.sid = null_sid;
436 nc.dn = priv->domain_obj_dn?priv->domain_obj_dn:"";
437
438 sync_req.req1.naming_context = &nc;
439 sync_req.req1.source_dsa_guid = priv->dcinfo.ntds_guid;
440 sync_req.req1.source_dsa_dns = NULL;
441 sync_req.req1.options = 16;
442
443 r.in.req = &sync_req;
444 break;
445 }
446
447 status = dcerpc_drsuapi_DsReplicaSync_r(p->binding_handle, tctx, &r);
448 torture_drsuapi_assert_call(tctx, p, status, &r, "dcerpc_drsuapi_DsReplicaSync");
449 }
450
451 return true;
452 }
453
454 static bool test_DsReplicaUpdateRefs(struct torture_context *tctx,
455 struct DsPrivate *priv)
456 {
457 NTSTATUS status;
458 struct dcerpc_pipe *p = priv->drs_pipe;
459 struct drsuapi_DsReplicaUpdateRefs r;
460 struct drsuapi_DsReplicaObjectIdentifier nc;
461 struct GUID null_guid;
462 struct GUID dest_dsa_guid;
463 const char *dest_dsa_guid_str;
464 struct dom_sid null_sid;
465
466 ZERO_STRUCT(null_guid);
467 ZERO_STRUCT(null_sid);
468 dest_dsa_guid = GUID_random();
469 dest_dsa_guid_str = GUID_string(tctx, &dest_dsa_guid);
470
471 r.in.bind_handle = &priv->bind_handle;
472 r.in.level = 1; /* Only version 1 is defined presently */
473
474 /* setup NC */
475 nc.guid = priv->domain_obj_dn ? null_guid : priv->domain_guid;
476 nc.sid = null_sid;
477 nc.dn = priv->domain_obj_dn ? priv->domain_obj_dn : "";
478
479 /* default setup for request */
480 r.in.req.req1.naming_context = &nc;
481 r.in.req.req1.dest_dsa_dns_name = talloc_asprintf(tctx, "%s._msdn.%s",
482 dest_dsa_guid_str,
483 priv->domain_dns_name);
484 r.in.req.req1.dest_dsa_guid = dest_dsa_guid;
485
486 /* 1. deleting replica dest should fail */
487 torture_comment(tctx, "delete: %s\n", r.in.req.req1.dest_dsa_dns_name);
488 r.in.req.req1.options = DRSUAPI_DRS_DEL_REF;
489 status = dcerpc_drsuapi_DsReplicaUpdateRefs_r(p->binding_handle, tctx, &r);
490 torture_drsuapi_assert_call_werr(tctx, p,
491 status, WERR_DS_DRA_REF_NOT_FOUND, &r,
492 "dcerpc_drsuapi_DsReplicaUpdateRefs");
493
494 /* 2. hopefully adding random replica dest should succeed */
495 torture_comment(tctx, "add : %s\n", r.in.req.req1.dest_dsa_dns_name);
496 r.in.req.req1.options = DRSUAPI_DRS_ADD_REF;
497 status = dcerpc_drsuapi_DsReplicaUpdateRefs_r(p->binding_handle, tctx, &r);
498 torture_drsuapi_assert_call_werr(tctx, p,
499 status, WERR_OK, &r,
500 "dcerpc_drsuapi_DsReplicaUpdateRefs");
501
502 /* 3. try adding same replica dest - should fail */
503 torture_comment(tctx, "add : %s\n", r.in.req.req1.dest_dsa_dns_name);
504 r.in.req.req1.options = DRSUAPI_DRS_ADD_REF;
505 status = dcerpc_drsuapi_DsReplicaUpdateRefs_r(p->binding_handle, tctx, &r);
506 torture_drsuapi_assert_call_werr(tctx, p,
507 status, WERR_DS_DRA_REF_ALREADY_EXISTS, &r,
508 "dcerpc_drsuapi_DsReplicaUpdateRefs");
509
510 /* 4. try resetting same replica dest - should succeed */
511 torture_comment(tctx, "reset : %s\n", r.in.req.req1.dest_dsa_dns_name);
512 r.in.req.req1.options = DRSUAPI_DRS_DEL_REF | DRSUAPI_DRS_ADD_REF;
513 status = dcerpc_drsuapi_DsReplicaUpdateRefs_r(p->binding_handle, tctx, &r);
514 torture_drsuapi_assert_call_werr(tctx, p,
515 status, WERR_OK, &r,
516 "dcerpc_drsuapi_DsReplicaUpdateRefs");
517
518 /* 5. delete random replicate added at step 2. */
519 torture_comment(tctx, "delete : %s\n", r.in.req.req1.dest_dsa_dns_name);
520 r.in.req.req1.options = DRSUAPI_DRS_DEL_REF;
521 status = dcerpc_drsuapi_DsReplicaUpdateRefs_r(p->binding_handle, tctx, &r);
522 torture_drsuapi_assert_call_werr(tctx, p,
523 status, WERR_OK, &r,
524 "dcerpc_drsuapi_DsReplicaUpdateRefs");
525
526 /* 6. try replace on non-existing replica dest - should succeed */
527 torture_comment(tctx, "replace: %s\n", r.in.req.req1.dest_dsa_dns_name);
528 r.in.req.req1.options = DRSUAPI_DRS_DEL_REF | DRSUAPI_DRS_ADD_REF;
529 status = dcerpc_drsuapi_DsReplicaUpdateRefs_r(p->binding_handle, tctx, &r);
530 torture_drsuapi_assert_call_werr(tctx, p,
531 status, WERR_OK, &r,
532 "dcerpc_drsuapi_DsReplicaUpdateRefs");
533
534 /* 7. delete random replicate added at step 6. */
535 torture_comment(tctx, "delete : %s\n", r.in.req.req1.dest_dsa_dns_name);
536 r.in.req.req1.options = DRSUAPI_DRS_DEL_REF;
537 status = dcerpc_drsuapi_DsReplicaUpdateRefs_r(p->binding_handle, tctx, &r);
538 torture_drsuapi_assert_call_werr(tctx, p,
539 status, WERR_OK, &r,
540 "dcerpc_drsuapi_DsReplicaUpdateRefs");
541
542 return true;
543 }
544
545 static bool test_DsGetNCChanges(struct torture_context *tctx,
546 struct DsPrivate *priv)
547 {
548 NTSTATUS status;
549 struct dcerpc_pipe *p = priv->drs_pipe;
550 int i;
551 struct drsuapi_DsGetNCChanges r;
552 union drsuapi_DsGetNCChangesRequest req;
553 union drsuapi_DsGetNCChangesCtr ctr;
554 struct drsuapi_DsReplicaObjectIdentifier nc;
555 struct GUID null_guid;
556 struct dom_sid null_sid;
557 uint32_t level_out;
558 struct {
559 uint32_t level;
560 } array[] = {
561 {
562 5
563 },
564 {
565 8
566 }
567 };
568
569 if (torture_setting_bool(tctx, "samba4", false)) {
570 torture_comment(tctx, "skipping DsGetNCChanges test against Samba4\n");
571 return true;
572 }
573
574 ZERO_STRUCT(null_guid);
575 ZERO_STRUCT(null_sid);
576
577 for (i=0; i < ARRAY_SIZE(array); i++) {
578 torture_comment(tctx,
579 "Testing DsGetNCChanges level %d\n",
580 array[i].level);
581
582 r.in.bind_handle = &priv->bind_handle;
583 r.in.level = array[i].level;
584 r.out.level_out = &level_out;
585 r.out.ctr = &ctr;
586
587 switch (r.in.level) {
588 case 5:
589 nc.guid = null_guid;
590 nc.sid = null_sid;
591 nc.dn = priv->domain_obj_dn ? priv->domain_obj_dn : "";
592
593 r.in.req = &req;
594 r.in.req->req5.destination_dsa_guid = GUID_random();
595 r.in.req->req5.source_dsa_invocation_id = null_guid;
596 r.in.req->req5.naming_context = &nc;
597 r.in.req->req5.highwatermark.tmp_highest_usn = 0;
598 r.in.req->req5.highwatermark.reserved_usn = 0;
599 r.in.req->req5.highwatermark.highest_usn = 0;
600 r.in.req->req5.uptodateness_vector = NULL;
601 r.in.req->req5.replica_flags = 0;
602 if (lpcfg_parm_bool(tctx->lp_ctx, NULL, "drsuapi", "compression", false)) {
603 r.in.req->req5.replica_flags |= DRSUAPI_DRS_USE_COMPRESSION;
604 }
605 r.in.req->req5.max_object_count = 0;
606 r.in.req->req5.max_ndr_size = 0;
607 r.in.req->req5.extended_op = DRSUAPI_EXOP_NONE;
608 r.in.req->req5.fsmo_info = 0;
609
610 break;
611 case 8:
612 nc.guid = null_guid;
613 nc.sid = null_sid;
614 nc.dn = priv->domain_obj_dn ? priv->domain_obj_dn : "";
615
616 r.in.req = &req;
617 r.in.req->req8.destination_dsa_guid = GUID_random();
618 r.in.req->req8.source_dsa_invocation_id = null_guid;
619 r.in.req->req8.naming_context = &nc;
620 r.in.req->req8.highwatermark.tmp_highest_usn = 0;
621 r.in.req->req8.highwatermark.reserved_usn = 0;
622 r.in.req->req8.highwatermark.highest_usn = 0;
623 r.in.req->req8.uptodateness_vector = NULL;
624 r.in.req->req8.replica_flags = 0;
625 if (lpcfg_parm_bool(tctx->lp_ctx, NULL, "drsuapi", "compression", false)) {
626 r.in.req->req8.replica_flags |= DRSUAPI_DRS_USE_COMPRESSION;
627 }
628 if (lpcfg_parm_bool(tctx->lp_ctx, NULL, "drsuapi", "neighbour_writeable", true)) {
629 r.in.req->req8.replica_flags |= DRSUAPI_DRS_WRIT_REP;
630 }
631 r.in.req->req8.replica_flags |= DRSUAPI_DRS_INIT_SYNC
632 | DRSUAPI_DRS_PER_SYNC
633 | DRSUAPI_DRS_GET_ANC
634 | DRSUAPI_DRS_NEVER_SYNCED
635 ;
636 r.in.req->req8.max_object_count = 402;
637 r.in.req->req8.max_ndr_size = 402116;
638 r.in.req->req8.extended_op = DRSUAPI_EXOP_NONE;
639 r.in.req->req8.fsmo_info = 0;
640 r.in.req->req8.partial_attribute_set = NULL;
641 r.in.req->req8.partial_attribute_set_ex = NULL;
642 r.in.req->req8.mapping_ctr.num_mappings = 0;
643 r.in.req->req8.mapping_ctr.mappings = NULL;
644
645 break;
646 }
647
648 status = dcerpc_drsuapi_DsGetNCChanges_r(p->binding_handle, tctx, &r);
649 torture_drsuapi_assert_call(tctx, p, status, &r, "dcerpc_drsuapi_DsGetNCChanges");
650 }
651
652 return true;
653 }
654
655 bool test_QuerySitesByCost(struct torture_context *tctx,
656 struct DsPrivate *priv)
657 {
658 NTSTATUS status;
659 struct dcerpc_pipe *p = priv->drs_pipe;
660 struct drsuapi_QuerySitesByCost r;
661 union drsuapi_QuerySitesByCostRequest req;
662
663 const char *my_site = "Default-First-Site-Name";
664 const char *remote_site1 = "smbtorture-nonexisting-site1";
665 const char *remote_site2 = "smbtorture-nonexisting-site2";
666
667 req.req1.site_from = talloc_strdup(tctx, my_site);
668 req.req1.num_req = 2;
669 req.req1.site_to = talloc_zero_array(tctx, const char *, 2);
670 req.req1.site_to[0] = talloc_strdup(tctx, remote_site1);
671 req.req1.site_to[1] = talloc_strdup(tctx, remote_site2);
672 req.req1.flags = 0;
673
674 r.in.bind_handle = &priv->bind_handle;
675 r.in.level = 1;
676 r.in.req = &req;
677
678 status = dcerpc_drsuapi_QuerySitesByCost_r(p->binding_handle, tctx, &r);
679 torture_drsuapi_assert_call(tctx, p, status, &r, "dcerpc_drsuapi_QuerySitesByCost");
680
681 if (W_ERROR_IS_OK(r.out.result)) {
682 torture_assert_werr_equal(tctx,
683 r.out.ctr->ctr1.info[0].error_code, WERR_DS_OBJ_NOT_FOUND,
684 "dcerpc_drsuapi_QuerySitesByCost");
685 torture_assert_werr_equal(tctx,
686 r.out.ctr->ctr1.info[1].error_code, WERR_DS_OBJ_NOT_FOUND,
687 "dcerpc_drsuapi_QuerySitesByCost expected error_code WERR_DS_OBJ_NOT_FOUND");
688
689 torture_assert_int_equal(tctx,
690 r.out.ctr->ctr1.info[0].site_cost, -1,
691 "dcerpc_drsuapi_QuerySitesByCost");
692 torture_assert_int_equal(tctx,
693 r.out.ctr->ctr1.info[1].site_cost, -1,
694 "dcerpc_drsuapi_QuerySitesByCost exptected site cost");
695 }
696
697 return true;
698
699
700 }
701
702 bool test_DsUnbind(struct dcerpc_pipe *p,
703 struct torture_context *tctx,
704 struct DsPrivate *priv)
705 {
706 NTSTATUS status;
707 struct drsuapi_DsUnbind r;
708
709 r.in.bind_handle = &priv->bind_handle;
710 r.out.bind_handle = &priv->bind_handle;
711
712 torture_comment(tctx, "Testing DsUnbind\n");
713
714 status = dcerpc_drsuapi_DsUnbind_r(p->binding_handle, tctx, &r);
715 torture_drsuapi_assert_call(tctx, p, status, &r, "dcerpc_drsuapi_DsUnbind");
716
717 return true;
718 }
719
720
721 /**
722 * Helper func to collect DC information for testing purposes.
723 * This function is almost identical to test_DsGetDomainControllerInfo
724 */
725 bool torture_rpc_drsuapi_get_dcinfo(struct torture_context *torture,
726 struct DsPrivate *priv)
727 {
728 NTSTATUS status;
729 int32_t level_out = 0;
730 struct drsuapi_DsGetDomainControllerInfo r;
731 union drsuapi_DsGetDCInfoCtr ctr;
732 int j, k;
733 const char *names[] = {
734 torture_join_dom_netbios_name(priv->join),
735 torture_join_dom_dns_name(priv->join)};
736
737 for (j=0; j < ARRAY_SIZE(names); j++) {
738 union drsuapi_DsGetDCInfoRequest req;
739 struct dcerpc_binding_handle *b = priv->drs_pipe->binding_handle;
740 r.in.bind_handle = &priv->bind_handle;
741 r.in.level = 1;
742 r.in.req = &req;
743
744 r.in.req->req1.domain_name = names[j];
745 r.in.req->req1.level = 2;
746
747 r.out.ctr = &ctr;
748 r.out.level_out = &level_out;
749
750 status = dcerpc_drsuapi_DsGetDomainControllerInfo_r(b, torture, &r);
751 if (!NT_STATUS_IS_OK(status)) {
752 continue;
753 }
754 if (!W_ERROR_IS_OK(r.out.result)) {
755 /* If this was an error, we can't read the result structure */
756 continue;
757 }
758
759 for (k=0; k < r.out.ctr->ctr2.count; k++) {
760 if (strcasecmp_m(r.out.ctr->ctr2.array[k].netbios_name,
761 torture_join_netbios_name(priv->join)) == 0) {
762 priv->dcinfo = r.out.ctr->ctr2.array[k];
763 return true;
764 }
765 }
766 }
767
768 return false;
769 }
770
771 /**
772 * Common test case setup function to be used
773 * in DRS suit of test when appropriate
774 */
775 bool torture_drsuapi_tcase_setup_common(struct torture_context *tctx, struct DsPrivate *priv)
776 {
777 NTSTATUS status;
778 struct cli_credentials *machine_credentials;
779
780 torture_assert(tctx, priv, "Invalid argument");
781
782 torture_comment(tctx, "Create DRSUAPI pipe\n");
783 status = torture_rpc_connection(tctx,
784 &priv->drs_pipe,
785 &ndr_table_drsuapi);
786 torture_assert(tctx, NT_STATUS_IS_OK(status), "Unable to connect to DRSUAPI pipe");
787
788 torture_comment(tctx, "About to join domain\n");
789 priv->join = torture_join_domain(tctx, TEST_MACHINE_NAME, ACB_SVRTRUST,
790 &machine_credentials);
791 torture_assert(tctx, priv->join, "Failed to join as BDC");
792
793 if (!test_DsBind(priv->drs_pipe, tctx, priv)) {
794 /* clean up */
795 torture_drsuapi_tcase_teardown_common(tctx, priv);
796 torture_fail(tctx, "Failed execute test_DsBind()");
797 }
798
799 /* try collect some information for testing */
800 torture_rpc_drsuapi_get_dcinfo(tctx, priv);
801
802 return true;
803 }
804
805 /**
806 * Common test case teardown function to be used
807 * in DRS suit of test when appropriate
808 */
809 bool torture_drsuapi_tcase_teardown_common(struct torture_context *tctx, struct DsPrivate *priv)
810 {
811 if (priv->join) {
812 torture_leave_domain(tctx, priv->join);
813 }
814
815 return true;
816 }
817
818 /**
819 * Test case setup for DRSUAPI test case
820 */
821 static bool torture_drsuapi_tcase_setup(struct torture_context *tctx, void **data)
822 {
823 struct DsPrivate *priv;
824
825 *data = priv = talloc_zero(tctx, struct DsPrivate);
826
827 return torture_drsuapi_tcase_setup_common(tctx, priv);
828 }
829
830 /**
831 * Test case tear-down for DRSUAPI test case
832 */
833 static bool torture_drsuapi_tcase_teardown(struct torture_context *tctx, void *data)
834 {
835 bool ret;
836 struct DsPrivate *priv = talloc_get_type(data, struct DsPrivate);
837
838 ret = torture_drsuapi_tcase_teardown_common(tctx, priv);
839
840 talloc_free(priv);
841 return ret;
842 }
843
844 /**
845 * DRSUAPI test case implementation
846 */
847 void torture_rpc_drsuapi_tcase(struct torture_suite *suite)
848 {
849 typedef bool (*run_func) (struct torture_context *test, void *tcase_data);
850
851 struct torture_test *test;
852 struct torture_tcase *tcase = torture_suite_add_tcase(suite, "drsuapi");
853
854 torture_tcase_set_fixture(tcase, torture_drsuapi_tcase_setup,
855 torture_drsuapi_tcase_teardown);
856
857 #if 0
858 test = torture_tcase_add_simple_test(tcase, "QuerySitesByCost", (run_func)test_QuerySitesByCost);
859 #endif
860
861 test = torture_tcase_add_simple_test(tcase, "DsGetDomainControllerInfo", (run_func)test_DsGetDomainControllerInfo);
862
863 test = torture_tcase_add_simple_test(tcase, "DsCrackNames", (run_func)test_DsCrackNames);
864
865 test = torture_tcase_add_simple_test(tcase, "DsWriteAccountSpn", (run_func)test_DsWriteAccountSpn);
866
867 test = torture_tcase_add_simple_test(tcase, "DsReplicaGetInfo", (run_func)test_DsReplicaGetInfo);
868
869 test = torture_tcase_add_simple_test(tcase, "DsReplicaSync", (run_func)test_DsReplicaSync);
870
871 test = torture_tcase_add_simple_test(tcase, "DsReplicaUpdateRefs", (run_func)test_DsReplicaUpdateRefs);
872
873 test = torture_tcase_add_simple_test(tcase, "DsGetNCChanges", (run_func)test_DsGetNCChanges);
874 }
reg import