search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3/docs: Raise version number up to 3.5.
[Samba/gebeck_regimport.git] / source4 / torture / rpc / netlogon.c
blobad94add071bbb945fcc27f9f4cbbed38e8db3d0e
1 /*
2 Unix SMB/CIFS implementation.
3
4 test suite for netlogon rpc operations
5
6 Copyright (C) Andrew Tridgell 2003
7 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2003-2004
8 Copyright (C) Tim Potter 2003
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 */
23
24 #include "includes.h"
25 #include "torture/torture.h"
26 #include "lib/events/events.h"
27 #include "auth/auth.h"
28 #include "auth/gensec/gensec.h"
29 #include "lib/cmdline/popt_common.h"
30 #include "torture/rpc/rpc.h"
31 #include "torture/rpc/netlogon.h"
32 #include "../lib/crypto/crypto.h"
33 #include "libcli/auth/libcli_auth.h"
34 #include "librpc/gen_ndr/ndr_netlogon_c.h"
35 #include "librpc/gen_ndr/ndr_netlogon.h"
36 #include "librpc/gen_ndr/ndr_lsa_c.h"
37 #include "param/param.h"
38 #include "libcli/security/security.h"
39
40 #define TEST_MACHINE_NAME "torturetest"
41
42 static bool test_LogonUasLogon(struct torture_context *tctx,
43 struct dcerpc_pipe *p)
44 {
45 NTSTATUS status;
46 struct netr_LogonUasLogon r;
47 struct netr_UasInfo *info = NULL;
48
49 r.in.server_name = NULL;
50 r.in.account_name = cli_credentials_get_username(cmdline_credentials);
51 r.in.workstation = TEST_MACHINE_NAME;
52 r.out.info = &info;
53
54 status = dcerpc_netr_LogonUasLogon(p, tctx, &r);
55 torture_assert_ntstatus_ok(tctx, status, "LogonUasLogon");
56
57 return true;
58 }
59
60 static bool test_LogonUasLogoff(struct torture_context *tctx,
61 struct dcerpc_pipe *p)
62 {
63 NTSTATUS status;
64 struct netr_LogonUasLogoff r;
65 struct netr_UasLogoffInfo info;
66
67 r.in.server_name = NULL;
68 r.in.account_name = cli_credentials_get_username(cmdline_credentials);
69 r.in.workstation = TEST_MACHINE_NAME;
70 r.out.info = &info;
71
72 status = dcerpc_netr_LogonUasLogoff(p, tctx, &r);
73 torture_assert_ntstatus_ok(tctx, status, "LogonUasLogoff");
74
75 return true;
76 }
77
78 bool test_SetupCredentials(struct dcerpc_pipe *p, struct torture_context *tctx,
79 struct cli_credentials *credentials,
80 struct creds_CredentialState **creds_out)
81 {
82 NTSTATUS status;
83 struct netr_ServerReqChallenge r;
84 struct netr_ServerAuthenticate a;
85 struct netr_Credential credentials1, credentials2, credentials3;
86 struct creds_CredentialState *creds;
87 const struct samr_Password *mach_password;
88 const char *machine_name;
89
90 mach_password = cli_credentials_get_nt_hash(credentials, tctx);
91 machine_name = cli_credentials_get_workstation(credentials);
92
93 torture_comment(tctx, "Testing ServerReqChallenge\n");
94
95 creds = talloc(tctx, struct creds_CredentialState);
96 torture_assert(tctx, creds != NULL, "memory allocation");
97
98 r.in.server_name = NULL;
99 r.in.computer_name = machine_name;
100 r.in.credentials = &credentials1;
101 r.out.return_credentials = &credentials2;
102
103 generate_random_buffer(credentials1.data, sizeof(credentials1.data));
104
105 status = dcerpc_netr_ServerReqChallenge(p, tctx, &r);
106 torture_assert_ntstatus_ok(tctx, status, "ServerReqChallenge");
107
108 a.in.server_name = NULL;
109 a.in.account_name = talloc_asprintf(tctx, "%s$", machine_name);
110 a.in.secure_channel_type = SEC_CHAN_BDC;
111 a.in.computer_name = machine_name;
112 a.in.credentials = &credentials3;
113 a.out.return_credentials = &credentials3;
114
115 creds_client_init(creds, &credentials1, &credentials2,
116 mach_password, &credentials3,
117 0);
118
119 torture_comment(tctx, "Testing ServerAuthenticate\n");
120
121 status = dcerpc_netr_ServerAuthenticate(p, tctx, &a);
122
123 /* This allows the tests to continue against the more fussy windows 2008 */
124 if (NT_STATUS_EQUAL(status, NT_STATUS_DOWNGRADE_DETECTED)) {
125 return test_SetupCredentials2(p, tctx, NETLOGON_NEG_AUTH2_ADS_FLAGS,
126 credentials, SEC_CHAN_BDC, creds_out);
127 }
128
129 torture_assert_ntstatus_ok(tctx, status, "ServerAuthenticate");
130
131 torture_assert(tctx, creds_client_check(creds, &credentials3),
132 "Credential chaining failed");
133
134 *creds_out = creds;
135 return true;
136 }
137
138 bool test_SetupCredentials2(struct dcerpc_pipe *p, struct torture_context *tctx,
139 uint32_t negotiate_flags,
140 struct cli_credentials *machine_credentials,
141 int sec_chan_type,
142 struct creds_CredentialState **creds_out)
143 {
144 NTSTATUS status;
145 struct netr_ServerReqChallenge r;
146 struct netr_ServerAuthenticate2 a;
147 struct netr_Credential credentials1, credentials2, credentials3;
148 struct creds_CredentialState *creds;
149 const struct samr_Password *mach_password;
150 const char *machine_name;
151
152 mach_password = cli_credentials_get_nt_hash(machine_credentials, tctx);
153 machine_name = cli_credentials_get_workstation(machine_credentials);
154
155 torture_comment(tctx, "Testing ServerReqChallenge\n");
156
157 creds = talloc(tctx, struct creds_CredentialState);
158 torture_assert(tctx, creds != NULL, "memory allocation");
159
160 r.in.server_name = NULL;
161 r.in.computer_name = machine_name;
162 r.in.credentials = &credentials1;
163 r.out.return_credentials = &credentials2;
164
165 generate_random_buffer(credentials1.data, sizeof(credentials1.data));
166
167 status = dcerpc_netr_ServerReqChallenge(p, tctx, &r);
168 torture_assert_ntstatus_ok(tctx, status, "ServerReqChallenge");
169
170 a.in.server_name = NULL;
171 a.in.account_name = talloc_asprintf(tctx, "%s$", machine_name);
172 a.in.secure_channel_type = sec_chan_type;
173 a.in.computer_name = machine_name;
174 a.in.negotiate_flags = &negotiate_flags;
175 a.out.negotiate_flags = &negotiate_flags;
176 a.in.credentials = &credentials3;
177 a.out.return_credentials = &credentials3;
178
179 creds_client_init(creds, &credentials1, &credentials2,
180 mach_password, &credentials3,
181 negotiate_flags);
182
183 torture_comment(tctx, "Testing ServerAuthenticate2\n");
184
185 status = dcerpc_netr_ServerAuthenticate2(p, tctx, &a);
186 torture_assert_ntstatus_ok(tctx, status, "ServerAuthenticate2");
187
188 torture_assert(tctx, creds_client_check(creds, &credentials3),
189 "Credential chaining failed");
190
191 torture_comment(tctx, "negotiate_flags=0x%08x\n", negotiate_flags);
192
193 *creds_out = creds;
194 return true;
195 }
196
197
198 static bool test_SetupCredentials3(struct dcerpc_pipe *p, struct torture_context *tctx,
199 uint32_t negotiate_flags,
200 struct cli_credentials *machine_credentials,
201 struct creds_CredentialState **creds_out)
202 {
203 NTSTATUS status;
204 struct netr_ServerReqChallenge r;
205 struct netr_ServerAuthenticate3 a;
206 struct netr_Credential credentials1, credentials2, credentials3;
207 struct creds_CredentialState *creds;
208 struct samr_Password mach_password;
209 uint32_t rid;
210 const char *machine_name;
211 const char *plain_pass;
212
213 machine_name = cli_credentials_get_workstation(machine_credentials);
214 plain_pass = cli_credentials_get_password(machine_credentials);
215
216 torture_comment(tctx, "Testing ServerReqChallenge\n");
217
218 creds = talloc(tctx, struct creds_CredentialState);
219 torture_assert(tctx, creds != NULL, "memory allocation");
220
221 r.in.server_name = NULL;
222 r.in.computer_name = machine_name;
223 r.in.credentials = &credentials1;
224 r.out.return_credentials = &credentials2;
225
226 generate_random_buffer(credentials1.data, sizeof(credentials1.data));
227
228 status = dcerpc_netr_ServerReqChallenge(p, tctx, &r);
229 torture_assert_ntstatus_ok(tctx, status, "ServerReqChallenge");
230
231 E_md4hash(plain_pass, mach_password.hash);
232
233 a.in.server_name = NULL;
234 a.in.account_name = talloc_asprintf(tctx, "%s$", machine_name);
235 a.in.secure_channel_type = SEC_CHAN_BDC;
236 a.in.computer_name = machine_name;
237 a.in.negotiate_flags = &negotiate_flags;
238 a.in.credentials = &credentials3;
239 a.out.return_credentials = &credentials3;
240 a.out.negotiate_flags = &negotiate_flags;
241 a.out.rid = &rid;
242
243 creds_client_init(creds, &credentials1, &credentials2,
244 &mach_password, &credentials3,
245 negotiate_flags);
246
247 torture_comment(tctx, "Testing ServerAuthenticate3\n");
248
249 status = dcerpc_netr_ServerAuthenticate3(p, tctx, &a);
250 torture_assert_ntstatus_ok(tctx, status, "ServerAuthenticate3");
251 torture_assert(tctx, creds_client_check(creds, &credentials3), "Credential chaining failed");
252
253 torture_comment(tctx, "negotiate_flags=0x%08x\n", negotiate_flags);
254
255 /* Prove that requesting a challenge again won't break it */
256 status = dcerpc_netr_ServerReqChallenge(p, tctx, &r);
257 torture_assert_ntstatus_ok(tctx, status, "ServerReqChallenge");
258
259 *creds_out = creds;
260 return true;
261 }
262
263 /*
264 try a change password for our machine account
265 */
266 static bool test_SetPassword(struct torture_context *tctx,
267 struct dcerpc_pipe *p,
268 struct cli_credentials *machine_credentials)
269 {
270 NTSTATUS status;
271 struct netr_ServerPasswordSet r;
272 const char *password;
273 struct creds_CredentialState *creds;
274 struct netr_Authenticator credential, return_authenticator;
275 struct samr_Password new_password;
276
277 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
278 return false;
279 }
280
281 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
282 r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
283 r.in.secure_channel_type = SEC_CHAN_BDC;
284 r.in.computer_name = TEST_MACHINE_NAME;
285 r.in.credential = &credential;
286 r.in.new_password = &new_password;
287 r.out.return_authenticator = &return_authenticator;
288
289 password = generate_random_str(tctx, 8);
290 E_md4hash(password, new_password.hash);
291
292 creds_des_encrypt(creds, &new_password);
293
294 torture_comment(tctx, "Testing ServerPasswordSet on machine account\n");
295 torture_comment(tctx, "Changing machine account password to '%s'\n",
296 password);
297
298 creds_client_authenticator(creds, &credential);
299
300 status = dcerpc_netr_ServerPasswordSet(p, tctx, &r);
301 torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet");
302
303 if (!creds_client_check(creds, &r.out.return_authenticator->cred)) {
304 torture_comment(tctx, "Credential chaining failed\n");
305 }
306
307 /* by changing the machine password twice we test the
308 credentials chaining fully, and we verify that the server
309 allows the password to be set to the same value twice in a
310 row (match win2k3) */
311 torture_comment(tctx,
312 "Testing a second ServerPasswordSet on machine account\n");
313 torture_comment(tctx,
314 "Changing machine account password to '%s' (same as previous run)\n", password);
315
316 creds_client_authenticator(creds, &credential);
317
318 status = dcerpc_netr_ServerPasswordSet(p, tctx, &r);
319 torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet (2)");
320
321 if (!creds_client_check(creds, &r.out.return_authenticator->cred)) {
322 torture_comment(tctx, "Credential chaining failed\n");
323 }
324
325 cli_credentials_set_password(machine_credentials, password, CRED_SPECIFIED);
326
327 torture_assert(tctx,
328 test_SetupCredentials(p, tctx, machine_credentials, &creds),
329 "ServerPasswordSet failed to actually change the password");
330
331 return true;
332 }
333
334 /*
335 generate a random password for password change tests
336 */
337 static DATA_BLOB netlogon_very_rand_pass(TALLOC_CTX *mem_ctx, int len)
338 {
339 int i;
340 DATA_BLOB password = data_blob_talloc(mem_ctx, NULL, len * 2 /* number of unicode chars */);
341 generate_random_buffer(password.data, password.length);
342
343 for (i=0; i < len; i++) {
344 if (((uint16_t *)password.data)[i] == 0) {
345 ((uint16_t *)password.data)[i] = 1;
346 }
347 }
348
349 return password;
350 }
351
352 /*
353 try a change password for our machine account
354 */
355 static bool test_SetPassword2(struct torture_context *tctx,
356 struct dcerpc_pipe *p,
357 struct cli_credentials *machine_credentials)
358 {
359 NTSTATUS status;
360 struct netr_ServerPasswordSet2 r;
361 const char *password;
362 DATA_BLOB new_random_pass;
363 struct creds_CredentialState *creds;
364 struct samr_CryptPassword password_buf;
365 struct samr_Password nt_hash;
366 struct netr_Authenticator credential, return_authenticator;
367 struct netr_CryptPassword new_password;
368
369 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
370 return false;
371 }
372
373 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
374 r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
375 r.in.secure_channel_type = SEC_CHAN_BDC;
376 r.in.computer_name = TEST_MACHINE_NAME;
377 r.in.credential = &credential;
378 r.in.new_password = &new_password;
379 r.out.return_authenticator = &return_authenticator;
380
381 password = generate_random_str(tctx, 8);
382 encode_pw_buffer(password_buf.data, password, STR_UNICODE);
383 creds_arcfour_crypt(creds, password_buf.data, 516);
384
385 memcpy(new_password.data, password_buf.data, 512);
386 new_password.length = IVAL(password_buf.data, 512);
387
388 torture_comment(tctx, "Testing ServerPasswordSet2 on machine account\n");
389 torture_comment(tctx, "Changing machine account password to '%s'\n", password);
390
391 creds_client_authenticator(creds, &credential);
392
393 status = dcerpc_netr_ServerPasswordSet2(p, tctx, &r);
394 torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet2");
395
396 if (!creds_client_check(creds, &r.out.return_authenticator->cred)) {
397 torture_comment(tctx, "Credential chaining failed\n");
398 }
399
400 cli_credentials_set_password(machine_credentials, password, CRED_SPECIFIED);
401
402 if (!torture_setting_bool(tctx, "dangerous", false)) {
403 torture_comment(tctx,
404 "Not testing ability to set password to '', enable dangerous tests to perform this test\n");
405 } else {
406 /* by changing the machine password to ""
407 * we check if the server uses password restrictions
408 * for ServerPasswordSet2
409 * (win2k3 accepts "")
410 */
411 password = "";
412 encode_pw_buffer(password_buf.data, password, STR_UNICODE);
413 creds_arcfour_crypt(creds, password_buf.data, 516);
414
415 memcpy(new_password.data, password_buf.data, 512);
416 new_password.length = IVAL(password_buf.data, 512);
417
418 torture_comment(tctx,
419 "Testing ServerPasswordSet2 on machine account\n");
420 torture_comment(tctx,
421 "Changing machine account password to '%s'\n", password);
422
423 creds_client_authenticator(creds, &credential);
424
425 status = dcerpc_netr_ServerPasswordSet2(p, tctx, &r);
426 torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet2");
427
428 if (!creds_client_check(creds, &r.out.return_authenticator->cred)) {
429 torture_comment(tctx, "Credential chaining failed\n");
430 }
431
432 cli_credentials_set_password(machine_credentials, password, CRED_SPECIFIED);
433 }
434
435 torture_assert(tctx, test_SetupCredentials(p, tctx, machine_credentials, &creds),
436 "ServerPasswordSet failed to actually change the password");
437
438 /* now try a random password */
439 password = generate_random_str(tctx, 8);
440 encode_pw_buffer(password_buf.data, password, STR_UNICODE);
441 creds_arcfour_crypt(creds, password_buf.data, 516);
442
443 memcpy(new_password.data, password_buf.data, 512);
444 new_password.length = IVAL(password_buf.data, 512);
445
446 torture_comment(tctx, "Testing second ServerPasswordSet2 on machine account\n");
447 torture_comment(tctx, "Changing machine account password to '%s'\n", password);
448
449 creds_client_authenticator(creds, &credential);
450
451 status = dcerpc_netr_ServerPasswordSet2(p, tctx, &r);
452 torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet2 (2)");
453
454 if (!creds_client_check(creds, &r.out.return_authenticator->cred)) {
455 torture_comment(tctx, "Credential chaining failed\n");
456 }
457
458 /* by changing the machine password twice we test the
459 credentials chaining fully, and we verify that the server
460 allows the password to be set to the same value twice in a
461 row (match win2k3) */
462 torture_comment(tctx,
463 "Testing a second ServerPasswordSet2 on machine account\n");
464 torture_comment(tctx,
465 "Changing machine account password to '%s' (same as previous run)\n", password);
466
467 creds_client_authenticator(creds, &credential);
468
469 status = dcerpc_netr_ServerPasswordSet2(p, tctx, &r);
470 torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet (3)");
471
472 if (!creds_client_check(creds, &r.out.return_authenticator->cred)) {
473 torture_comment(tctx, "Credential chaining failed\n");
474 }
475
476 cli_credentials_set_password(machine_credentials, password, CRED_SPECIFIED);
477
478 torture_assert (tctx,
479 test_SetupCredentials(p, tctx, machine_credentials, &creds),
480 "ServerPasswordSet failed to actually change the password");
481
482 new_random_pass = netlogon_very_rand_pass(tctx, 128);
483
484 /* now try a random stream of bytes for a password */
485 set_pw_in_buffer(password_buf.data, &new_random_pass);
486
487 creds_arcfour_crypt(creds, password_buf.data, 516);
488
489 memcpy(new_password.data, password_buf.data, 512);
490 new_password.length = IVAL(password_buf.data, 512);
491
492 torture_comment(tctx,
493 "Testing a third ServerPasswordSet2 on machine account, with a compleatly random password\n");
494
495 creds_client_authenticator(creds, &credential);
496
497 status = dcerpc_netr_ServerPasswordSet2(p, tctx, &r);
498 torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet (3)");
499
500 if (!creds_client_check(creds, &r.out.return_authenticator->cred)) {
501 torture_comment(tctx, "Credential chaining failed\n");
502 }
503
504 mdfour(nt_hash.hash, new_random_pass.data, new_random_pass.length);
505
506 cli_credentials_set_password(machine_credentials, NULL, CRED_UNINITIALISED);
507 cli_credentials_set_nt_hash(machine_credentials, &nt_hash, CRED_SPECIFIED);
508
509 torture_assert (tctx,
510 test_SetupCredentials(p, tctx, machine_credentials, &creds),
511 "ServerPasswordSet failed to actually change the password");
512
513 return true;
514 }
515
516 static bool test_GetPassword(struct torture_context *tctx,
517 struct dcerpc_pipe *p,
518 struct cli_credentials *machine_credentials)
519 {
520 struct netr_ServerPasswordGet r;
521 struct creds_CredentialState *creds;
522 struct netr_Authenticator credential;
523 NTSTATUS status;
524 struct netr_Authenticator return_authenticator;
525 struct samr_Password password;
526
527 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
528 return false;
529 }
530
531 creds_client_authenticator(creds, &credential);
532
533 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
534 r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
535 r.in.secure_channel_type = SEC_CHAN_BDC;
536 r.in.computer_name = TEST_MACHINE_NAME;
537 r.in.credential = &credential;
538 r.out.return_authenticator = &return_authenticator;
539 r.out.password = &password;
540
541 status = dcerpc_netr_ServerPasswordGet(p, tctx, &r);
542 torture_assert_ntstatus_ok(tctx, status, "ServerPasswordGet");
543
544 return true;
545 }
546
547 static bool test_GetTrustPasswords(struct torture_context *tctx,
548 struct dcerpc_pipe *p,
549 struct cli_credentials *machine_credentials)
550 {
551 struct netr_ServerTrustPasswordsGet r;
552 struct creds_CredentialState *creds;
553 struct netr_Authenticator credential;
554 NTSTATUS status;
555 struct netr_Authenticator return_authenticator;
556 struct samr_Password password, password2;
557
558 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
559 return false;
560 }
561
562 creds_client_authenticator(creds, &credential);
563
564 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
565 r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
566 r.in.secure_channel_type = SEC_CHAN_BDC;
567 r.in.computer_name = TEST_MACHINE_NAME;
568 r.in.credential = &credential;
569 r.out.return_authenticator = &return_authenticator;
570 r.out.password = &password;
571 r.out.password2 = &password2;
572
573 status = dcerpc_netr_ServerTrustPasswordsGet(p, tctx, &r);
574 torture_assert_ntstatus_ok(tctx, status, "ServerTrustPasswordsGet");
575
576 return true;
577 }
578
579 /*
580 try a netlogon SamLogon
581 */
582 bool test_netlogon_ops(struct dcerpc_pipe *p, struct torture_context *tctx,
583 struct cli_credentials *credentials,
584 struct creds_CredentialState *creds)
585 {
586 NTSTATUS status;
587 struct netr_LogonSamLogon r;
588 struct netr_Authenticator auth, auth2;
589 union netr_LogonLevel logon;
590 union netr_Validation validation;
591 uint8_t authoritative;
592 struct netr_NetworkInfo ninfo;
593 DATA_BLOB names_blob, chal, lm_resp, nt_resp;
594 int i;
595 int flags = CLI_CRED_NTLM_AUTH;
596 if (lp_client_lanman_auth(tctx->lp_ctx)) {
597 flags |= CLI_CRED_LANMAN_AUTH;
598 }
599
600 if (lp_client_ntlmv2_auth(tctx->lp_ctx)) {
601 flags |= CLI_CRED_NTLMv2_AUTH;
602 }
603
604 cli_credentials_get_ntlm_username_domain(cmdline_credentials, tctx,
605 &ninfo.identity_info.account_name.string,
606 &ninfo.identity_info.domain_name.string);
607
608 generate_random_buffer(ninfo.challenge,
609 sizeof(ninfo.challenge));
610 chal = data_blob_const(ninfo.challenge,
611 sizeof(ninfo.challenge));
612
613 names_blob = NTLMv2_generate_names_blob(tctx, cli_credentials_get_workstation(credentials),
614 cli_credentials_get_domain(credentials));
615
616 status = cli_credentials_get_ntlm_response(cmdline_credentials, tctx,
617 &flags,
618 chal,
619 names_blob,
620 &lm_resp, &nt_resp,
621 NULL, NULL);
622 torture_assert_ntstatus_ok(tctx, status, "cli_credentials_get_ntlm_response failed");
623
624 ninfo.lm.data = lm_resp.data;
625 ninfo.lm.length = lm_resp.length;
626
627 ninfo.nt.data = nt_resp.data;
628 ninfo.nt.length = nt_resp.length;
629
630 ninfo.identity_info.parameter_control = 0;
631 ninfo.identity_info.logon_id_low = 0;
632 ninfo.identity_info.logon_id_high = 0;
633 ninfo.identity_info.workstation.string = cli_credentials_get_workstation(credentials);
634
635 logon.network = &ninfo;
636
637 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
638 r.in.computer_name = cli_credentials_get_workstation(credentials);
639 r.in.credential = &auth;
640 r.in.return_authenticator = &auth2;
641 r.in.logon_level = 2;
642 r.in.logon = &logon;
643 r.out.validation = &validation;
644 r.out.authoritative = &authoritative;
645
646 d_printf("Testing LogonSamLogon with name %s\n", ninfo.identity_info.account_name.string);
647
648 for (i=2;i<3;i++) {
649 ZERO_STRUCT(auth2);
650 creds_client_authenticator(creds, &auth);
651
652 r.in.validation_level = i;
653
654 status = dcerpc_netr_LogonSamLogon(p, tctx, &r);
655 torture_assert_ntstatus_ok(tctx, status, "LogonSamLogon failed");
656
657 torture_assert(tctx, creds_client_check(creds, &r.out.return_authenticator->cred),
658 "Credential chaining failed");
659 }
660
661 r.in.credential = NULL;
662
663 for (i=2;i<=3;i++) {
664
665 r.in.validation_level = i;
666
667 torture_comment(tctx, "Testing SamLogon with validation level %d and a NULL credential\n", i);
668
669 status = dcerpc_netr_LogonSamLogon(p, tctx, &r);
670 torture_assert_ntstatus_equal(tctx, status, NT_STATUS_INVALID_PARAMETER,
671 "LogonSamLogon expected INVALID_PARAMETER");
672
673 }
674
675 return true;
676 }
677
678 /*
679 try a netlogon SamLogon
680 */
681 static bool test_SamLogon(struct torture_context *tctx,
682 struct dcerpc_pipe *p,
683 struct cli_credentials *credentials)
684 {
685 struct creds_CredentialState *creds;
686
687 if (!test_SetupCredentials(p, tctx, credentials, &creds)) {
688 return false;
689 }
690
691 return test_netlogon_ops(p, tctx, credentials, creds);
692 }
693
694 /* we remember the sequence numbers so we can easily do a DatabaseDelta */
695 static uint64_t sequence_nums[3];
696
697 /*
698 try a netlogon DatabaseSync
699 */
700 static bool test_DatabaseSync(struct torture_context *tctx,
701 struct dcerpc_pipe *p,
702 struct cli_credentials *machine_credentials)
703 {
704 NTSTATUS status;
705 struct netr_DatabaseSync r;
706 struct creds_CredentialState *creds;
707 const uint32_t database_ids[] = {SAM_DATABASE_DOMAIN, SAM_DATABASE_BUILTIN, SAM_DATABASE_PRIVS};
708 int i;
709 struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
710 struct netr_Authenticator credential, return_authenticator;
711
712 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
713 return false;
714 }
715
716 ZERO_STRUCT(return_authenticator);
717
718 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
719 r.in.computername = TEST_MACHINE_NAME;
720 r.in.preferredmaximumlength = (uint32_t)-1;
721 r.in.return_authenticator = &return_authenticator;
722 r.out.delta_enum_array = &delta_enum_array;
723 r.out.return_authenticator = &return_authenticator;
724
725 for (i=0;i<ARRAY_SIZE(database_ids);i++) {
726
727 uint32_t sync_context = 0;
728
729 r.in.database_id = database_ids[i];
730 r.in.sync_context = &sync_context;
731 r.out.sync_context = &sync_context;
732
733 torture_comment(tctx, "Testing DatabaseSync of id %d\n", r.in.database_id);
734
735 do {
736 creds_client_authenticator(creds, &credential);
737
738 r.in.credential = &credential;
739
740 status = dcerpc_netr_DatabaseSync(p, tctx, &r);
741 if (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES))
742 break;
743
744 /* Native mode servers don't do this */
745 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
746 return true;
747 }
748 torture_assert_ntstatus_ok(tctx, status, "DatabaseSync");
749
750 if (!creds_client_check(creds, &r.out.return_authenticator->cred)) {
751 torture_comment(tctx, "Credential chaining failed\n");
752 }
753
754 if (delta_enum_array &&
755 delta_enum_array->num_deltas > 0 &&
756 delta_enum_array->delta_enum[0].delta_type == NETR_DELTA_DOMAIN &&
757 delta_enum_array->delta_enum[0].delta_union.domain) {
758 sequence_nums[r.in.database_id] =
759 delta_enum_array->delta_enum[0].delta_union.domain->sequence_num;
760 torture_comment(tctx, "\tsequence_nums[%d]=%llu\n",
761 r.in.database_id,
762 (unsigned long long)sequence_nums[r.in.database_id]);
763 }
764 } while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES));
765 }
766
767 return true;
768 }
769
770
771 /*
772 try a netlogon DatabaseDeltas
773 */
774 static bool test_DatabaseDeltas(struct torture_context *tctx,
775 struct dcerpc_pipe *p,
776 struct cli_credentials *machine_credentials)
777 {
778 NTSTATUS status;
779 struct netr_DatabaseDeltas r;
780 struct creds_CredentialState *creds;
781 struct netr_Authenticator credential;
782 struct netr_Authenticator return_authenticator;
783 struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
784 const uint32_t database_ids[] = {0, 1, 2};
785 int i;
786
787 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
788 return false;
789 }
790
791 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
792 r.in.computername = TEST_MACHINE_NAME;
793 r.in.preferredmaximumlength = (uint32_t)-1;
794 ZERO_STRUCT(r.in.return_authenticator);
795 r.out.return_authenticator = &return_authenticator;
796 r.out.delta_enum_array = &delta_enum_array;
797
798 for (i=0;i<ARRAY_SIZE(database_ids);i++) {
799 r.in.database_id = database_ids[i];
800 r.in.sequence_num = &sequence_nums[r.in.database_id];
801
802 if (*r.in.sequence_num == 0) continue;
803
804 *r.in.sequence_num -= 1;
805
806 torture_comment(tctx, "Testing DatabaseDeltas of id %d at %llu\n",
807 r.in.database_id, (unsigned long long)*r.in.sequence_num);
808
809 do {
810 creds_client_authenticator(creds, &credential);
811
812 status = dcerpc_netr_DatabaseDeltas(p, tctx, &r);
813 if (NT_STATUS_EQUAL(status,
814 NT_STATUS_SYNCHRONIZATION_REQUIRED)) {
815 torture_comment(tctx, "not considering %s to be an error\n",
816 nt_errstr(status));
817 return true;
818 }
819 if (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES))
820 break;
821
822 torture_assert_ntstatus_ok(tctx, status, "DatabaseDeltas");
823
824 if (!creds_client_check(creds, &return_authenticator.cred)) {
825 torture_comment(tctx, "Credential chaining failed\n");
826 }
827
828 (*r.in.sequence_num)++;
829 } while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES));
830 }
831
832 return true;
833 }
834
835 static bool test_DatabaseRedo(struct torture_context *tctx,
836 struct dcerpc_pipe *p,
837 struct cli_credentials *machine_credentials)
838 {
839 NTSTATUS status;
840 struct netr_DatabaseRedo r;
841 struct creds_CredentialState *creds;
842 struct netr_Authenticator credential;
843 struct netr_Authenticator return_authenticator;
844 struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
845 struct netr_ChangeLogEntry e;
846 struct dom_sid null_sid, *sid;
847 int i,d;
848
849 ZERO_STRUCT(null_sid);
850
851 sid = dom_sid_parse_talloc(tctx, "S-1-5-21-1111111111-2222222222-333333333-500");
852
853 {
854
855 struct {
856 uint32_t rid;
857 uint16_t flags;
858 uint8_t db_index;
859 uint8_t delta_type;
860 struct dom_sid sid;
861 const char *name;
862 NTSTATUS expected_error;
863 uint32_t expected_num_results;
864 uint8_t expected_delta_type_1;
865 uint8_t expected_delta_type_2;
866 const char *comment;
867 } changes[] = {
868
869 /* SAM_DATABASE_DOMAIN */
870
871 {
872 .rid = 0,
873 .flags = 0,
874 .db_index = SAM_DATABASE_DOMAIN,
875 .delta_type = NETR_DELTA_MODIFY_COUNT,
876 .sid = null_sid,
877 .name = NULL,
878 .expected_error = NT_STATUS_SYNCHRONIZATION_REQUIRED,
879 .expected_num_results = 0,
880 .comment = "NETR_DELTA_MODIFY_COUNT"
881 },
882 {
883 .rid = 0,
884 .flags = 0,
885 .db_index = SAM_DATABASE_DOMAIN,
886 .delta_type = 0,
887 .sid = null_sid,
888 .name = NULL,
889 .expected_error = NT_STATUS_OK,
890 .expected_num_results = 1,
891 .expected_delta_type_1 = NETR_DELTA_DOMAIN,
892 .comment = "NULL DELTA"
893 },
894 {
895 .rid = 0,
896 .flags = 0,
897 .db_index = SAM_DATABASE_DOMAIN,
898 .delta_type = NETR_DELTA_DOMAIN,
899 .sid = null_sid,
900 .name = NULL,
901 .expected_error = NT_STATUS_OK,
902 .expected_num_results = 1,
903 .expected_delta_type_1 = NETR_DELTA_DOMAIN,
904 .comment = "NETR_DELTA_DOMAIN"
905 },
906 {
907 .rid = DOMAIN_RID_ADMINISTRATOR,
908 .flags = 0,
909 .db_index = SAM_DATABASE_DOMAIN,
910 .delta_type = NETR_DELTA_USER,
911 .sid = null_sid,
912 .name = NULL,
913 .expected_error = NT_STATUS_OK,
914 .expected_num_results = 1,
915 .expected_delta_type_1 = NETR_DELTA_USER,
916 .comment = "NETR_DELTA_USER by rid 500"
917 },
918 {
919 .rid = DOMAIN_RID_GUEST,
920 .flags = 0,
921 .db_index = SAM_DATABASE_DOMAIN,
922 .delta_type = NETR_DELTA_USER,
923 .sid = null_sid,
924 .name = NULL,
925 .expected_error = NT_STATUS_OK,
926 .expected_num_results = 1,
927 .expected_delta_type_1 = NETR_DELTA_USER,
928 .comment = "NETR_DELTA_USER by rid 501"
929 },
930 {
931 .rid = 0,
932 .flags = NETR_CHANGELOG_SID_INCLUDED,
933 .db_index = SAM_DATABASE_DOMAIN,
934 .delta_type = NETR_DELTA_USER,
935 .sid = *sid,
936 .name = NULL,
937 .expected_error = NT_STATUS_OK,
938 .expected_num_results = 1,
939 .expected_delta_type_1 = NETR_DELTA_DELETE_USER,
940 .comment = "NETR_DELTA_USER by sid and flags"
941 },
942 {
943 .rid = 0,
944 .flags = NETR_CHANGELOG_SID_INCLUDED,
945 .db_index = SAM_DATABASE_DOMAIN,
946 .delta_type = NETR_DELTA_USER,
947 .sid = null_sid,
948 .name = NULL,
949 .expected_error = NT_STATUS_OK,
950 .expected_num_results = 1,
951 .expected_delta_type_1 = NETR_DELTA_DELETE_USER,
952 .comment = "NETR_DELTA_USER by null_sid and flags"
953 },
954 {
955 .rid = 0,
956 .flags = NETR_CHANGELOG_NAME_INCLUDED,
957 .db_index = SAM_DATABASE_DOMAIN,
958 .delta_type = NETR_DELTA_USER,
959 .sid = null_sid,
960 .name = "administrator",
961 .expected_error = NT_STATUS_OK,
962 .expected_num_results = 1,
963 .expected_delta_type_1 = NETR_DELTA_DELETE_USER,
964 .comment = "NETR_DELTA_USER by name 'administrator'"
965 },
966 {
967 .rid = DOMAIN_RID_ADMINS,
968 .flags = 0,
969 .db_index = SAM_DATABASE_DOMAIN,
970 .delta_type = NETR_DELTA_GROUP,
971 .sid = null_sid,
972 .name = NULL,
973 .expected_error = NT_STATUS_OK,
974 .expected_num_results = 2,
975 .expected_delta_type_1 = NETR_DELTA_GROUP,
976 .expected_delta_type_2 = NETR_DELTA_GROUP_MEMBER,
977 .comment = "NETR_DELTA_GROUP by rid 512"
978 },
979 {
980 .rid = DOMAIN_RID_ADMINS,
981 .flags = 0,
982 .db_index = SAM_DATABASE_DOMAIN,
983 .delta_type = NETR_DELTA_GROUP_MEMBER,
984 .sid = null_sid,
985 .name = NULL,
986 .expected_error = NT_STATUS_OK,
987 .expected_num_results = 2,
988 .expected_delta_type_1 = NETR_DELTA_GROUP,
989 .expected_delta_type_2 = NETR_DELTA_GROUP_MEMBER,
990 .comment = "NETR_DELTA_GROUP_MEMBER by rid 512"
991 },
992
993
994 /* SAM_DATABASE_BUILTIN */
995
996 {
997 .rid = 0,
998 .flags = 0,
999 .db_index = SAM_DATABASE_BUILTIN,
1000 .delta_type = NETR_DELTA_MODIFY_COUNT,
1001 .sid = null_sid,
1002 .name = NULL,
1003 .expected_error = NT_STATUS_SYNCHRONIZATION_REQUIRED,
1004 .expected_num_results = 0,
1005 .comment = "NETR_DELTA_MODIFY_COUNT"
1006 },
1007 {
1008 .rid = 0,
1009 .flags = 0,
1010 .db_index = SAM_DATABASE_BUILTIN,
1011 .delta_type = NETR_DELTA_DOMAIN,
1012 .sid = null_sid,
1013 .name = NULL,
1014 .expected_error = NT_STATUS_OK,
1015 .expected_num_results = 1,
1016 .expected_delta_type_1 = NETR_DELTA_DOMAIN,
1017 .comment = "NETR_DELTA_DOMAIN"
1018 },
1019 {
1020 .rid = DOMAIN_RID_ADMINISTRATOR,
1021 .flags = 0,
1022 .db_index = SAM_DATABASE_BUILTIN,
1023 .delta_type = NETR_DELTA_USER,
1024 .sid = null_sid,
1025 .name = NULL,
1026 .expected_error = NT_STATUS_OK,
1027 .expected_num_results = 1,
1028 .expected_delta_type_1 = NETR_DELTA_DELETE_USER,
1029 .comment = "NETR_DELTA_USER by rid 500"
1030 },
1031 {
1032 .rid = 0,
1033 .flags = 0,
1034 .db_index = SAM_DATABASE_BUILTIN,
1035 .delta_type = NETR_DELTA_USER,
1036 .sid = null_sid,
1037 .name = NULL,
1038 .expected_error = NT_STATUS_OK,
1039 .expected_num_results = 1,
1040 .expected_delta_type_1 = NETR_DELTA_DELETE_USER,
1041 .comment = "NETR_DELTA_USER"
1042 },
1043 {
1044 .rid = 544,
1045 .flags = 0,
1046 .db_index = SAM_DATABASE_BUILTIN,
1047 .delta_type = NETR_DELTA_ALIAS,
1048 .sid = null_sid,
1049 .name = NULL,
1050 .expected_error = NT_STATUS_OK,
1051 .expected_num_results = 2,
1052 .expected_delta_type_1 = NETR_DELTA_ALIAS,
1053 .expected_delta_type_2 = NETR_DELTA_ALIAS_MEMBER,
1054 .comment = "NETR_DELTA_ALIAS by rid 544"
1055 },
1056 {
1057 .rid = 544,
1058 .flags = 0,
1059 .db_index = SAM_DATABASE_BUILTIN,
1060 .delta_type = NETR_DELTA_ALIAS_MEMBER,
1061 .sid = null_sid,
1062 .name = NULL,
1063 .expected_error = NT_STATUS_OK,
1064 .expected_num_results = 2,
1065 .expected_delta_type_1 = NETR_DELTA_ALIAS,
1066 .expected_delta_type_2 = NETR_DELTA_ALIAS_MEMBER,
1067 .comment = "NETR_DELTA_ALIAS_MEMBER by rid 544"
1068 },
1069 {
1070 .rid = 544,
1071 .flags = 0,
1072 .db_index = SAM_DATABASE_BUILTIN,
1073 .delta_type = 0,
1074 .sid = null_sid,
1075 .name = NULL,
1076 .expected_error = NT_STATUS_OK,
1077 .expected_num_results = 1,
1078 .expected_delta_type_1 = NETR_DELTA_DOMAIN,
1079 .comment = "NULL DELTA by rid 544"
1080 },
1081 {
1082 .rid = 544,
1083 .flags = NETR_CHANGELOG_SID_INCLUDED,
1084 .db_index = SAM_DATABASE_BUILTIN,
1085 .delta_type = 0,
1086 .sid = *dom_sid_parse_talloc(tctx, "S-1-5-32-544"),
1087 .name = NULL,
1088 .expected_error = NT_STATUS_OK,
1089 .expected_num_results = 1,
1090 .expected_delta_type_1 = NETR_DELTA_DOMAIN,
1091 .comment = "NULL DELTA by rid 544 sid S-1-5-32-544 and flags"
1092 },
1093 {
1094 .rid = 544,
1095 .flags = NETR_CHANGELOG_SID_INCLUDED,
1096 .db_index = SAM_DATABASE_BUILTIN,
1097 .delta_type = NETR_DELTA_ALIAS,
1098 .sid = *dom_sid_parse_talloc(tctx, "S-1-5-32-544"),
1099 .name = NULL,
1100 .expected_error = NT_STATUS_OK,
1101 .expected_num_results = 2,
1102 .expected_delta_type_1 = NETR_DELTA_ALIAS,
1103 .expected_delta_type_2 = NETR_DELTA_ALIAS_MEMBER,
1104 .comment = "NETR_DELTA_ALIAS by rid 544 and sid S-1-5-32-544 and flags"
1105 },
1106 {
1107 .rid = 0,
1108 .flags = NETR_CHANGELOG_SID_INCLUDED,
1109 .db_index = SAM_DATABASE_BUILTIN,
1110 .delta_type = NETR_DELTA_ALIAS,
1111 .sid = *dom_sid_parse_talloc(tctx, "S-1-5-32-544"),
1112 .name = NULL,
1113 .expected_error = NT_STATUS_OK,
1114 .expected_num_results = 1,
1115 .expected_delta_type_1 = NETR_DELTA_DELETE_ALIAS,
1116 .comment = "NETR_DELTA_ALIAS by sid S-1-5-32-544 and flags"
1117 },
1118
1119 /* SAM_DATABASE_PRIVS */
1120
1121 {
1122 .rid = 0,
1123 .flags = 0,
1124 .db_index = SAM_DATABASE_PRIVS,
1125 .delta_type = 0,
1126 .sid = null_sid,
1127 .name = NULL,
1128 .expected_error = NT_STATUS_ACCESS_DENIED,
1129 .expected_num_results = 0,
1130 .comment = "NULL DELTA"
1131 },
1132 {
1133 .rid = 0,
1134 .flags = 0,
1135 .db_index = SAM_DATABASE_PRIVS,
1136 .delta_type = NETR_DELTA_MODIFY_COUNT,
1137 .sid = null_sid,
1138 .name = NULL,
1139 .expected_error = NT_STATUS_SYNCHRONIZATION_REQUIRED,
1140 .expected_num_results = 0,
1141 .comment = "NETR_DELTA_MODIFY_COUNT"
1142 },
1143 {
1144 .rid = 0,
1145 .flags = 0,
1146 .db_index = SAM_DATABASE_PRIVS,
1147 .delta_type = NETR_DELTA_POLICY,
1148 .sid = null_sid,
1149 .name = NULL,
1150 .expected_error = NT_STATUS_OK,
1151 .expected_num_results = 1,
1152 .expected_delta_type_1 = NETR_DELTA_POLICY,
1153 .comment = "NETR_DELTA_POLICY"
1154 },
1155 {
1156 .rid = 0,
1157 .flags = NETR_CHANGELOG_SID_INCLUDED,
1158 .db_index = SAM_DATABASE_PRIVS,
1159 .delta_type = NETR_DELTA_POLICY,
1160 .sid = null_sid,
1161 .name = NULL,
1162 .expected_error = NT_STATUS_OK,
1163 .expected_num_results = 1,
1164 .expected_delta_type_1 = NETR_DELTA_POLICY,
1165 .comment = "NETR_DELTA_POLICY by null sid and flags"
1166 },
1167 {
1168 .rid = 0,
1169 .flags = NETR_CHANGELOG_SID_INCLUDED,
1170 .db_index = SAM_DATABASE_PRIVS,
1171 .delta_type = NETR_DELTA_POLICY,
1172 .sid = *dom_sid_parse_talloc(tctx, "S-1-5-32"),
1173 .name = NULL,
1174 .expected_error = NT_STATUS_OK,
1175 .expected_num_results = 1,
1176 .expected_delta_type_1 = NETR_DELTA_POLICY,
1177 .comment = "NETR_DELTA_POLICY by sid S-1-5-32 and flags"
1178 },
1179 {
1180 .rid = DOMAIN_RID_ADMINISTRATOR,
1181 .flags = 0,
1182 .db_index = SAM_DATABASE_PRIVS,
1183 .delta_type = NETR_DELTA_ACCOUNT,
1184 .sid = null_sid,
1185 .name = NULL,
1186 .expected_error = NT_STATUS_SYNCHRONIZATION_REQUIRED, /* strange */
1187 .expected_num_results = 0,
1188 .comment = "NETR_DELTA_ACCOUNT by rid 500"
1189 },
1190 {
1191 .rid = 0,
1192 .flags = NETR_CHANGELOG_SID_INCLUDED,
1193 .db_index = SAM_DATABASE_PRIVS,
1194 .delta_type = NETR_DELTA_ACCOUNT,
1195 .sid = *dom_sid_parse_talloc(tctx, "S-1-1-0"),
1196 .name = NULL,
1197 .expected_error = NT_STATUS_OK,
1198 .expected_num_results = 1,
1199 .expected_delta_type_1 = NETR_DELTA_ACCOUNT,
1200 .comment = "NETR_DELTA_ACCOUNT by sid S-1-1-0 and flags"
1201 },
1202 {
1203 .rid = 0,
1204 .flags = NETR_CHANGELOG_SID_INCLUDED |
1205 NETR_CHANGELOG_IMMEDIATE_REPL_REQUIRED,
1206 .db_index = SAM_DATABASE_PRIVS,
1207 .delta_type = NETR_DELTA_ACCOUNT,
1208 .sid = *dom_sid_parse_talloc(tctx, "S-1-1-0"),
1209 .name = NULL,
1210 .expected_error = NT_STATUS_OK,
1211 .expected_num_results = 1,
1212 .expected_delta_type_1 = NETR_DELTA_ACCOUNT,
1213 .comment = "NETR_DELTA_ACCOUNT by sid S-1-1-0 and 2 flags"
1214 },
1215 {
1216 .rid = 0,
1217 .flags = NETR_CHANGELOG_SID_INCLUDED |
1218 NETR_CHANGELOG_NAME_INCLUDED,
1219 .db_index = SAM_DATABASE_PRIVS,
1220 .delta_type = NETR_DELTA_ACCOUNT,
1221 .sid = *dom_sid_parse_talloc(tctx, "S-1-1-0"),
1222 .name = NULL,
1223 .expected_error = NT_STATUS_INVALID_PARAMETER,
1224 .expected_num_results = 0,
1225 .comment = "NETR_DELTA_ACCOUNT by sid S-1-1-0 and invalid flags"
1226 },
1227 {
1228 .rid = DOMAIN_RID_ADMINISTRATOR,
1229 .flags = NETR_CHANGELOG_SID_INCLUDED,
1230 .db_index = SAM_DATABASE_PRIVS,
1231 .delta_type = NETR_DELTA_ACCOUNT,
1232 .sid = *sid,
1233 .name = NULL,
1234 .expected_error = NT_STATUS_OK,
1235 .expected_num_results = 1,
1236 .expected_delta_type_1 = NETR_DELTA_DELETE_ACCOUNT,
1237 .comment = "NETR_DELTA_ACCOUNT by rid 500, sid and flags"
1238 },
1239 {
1240 .rid = 0,
1241 .flags = NETR_CHANGELOG_NAME_INCLUDED,
1242 .db_index = SAM_DATABASE_PRIVS,
1243 .delta_type = NETR_DELTA_SECRET,
1244 .sid = null_sid,
1245 .name = "IsurelydontexistIhope",
1246 .expected_error = NT_STATUS_OK,
1247 .expected_num_results = 1,
1248 .expected_delta_type_1 = NETR_DELTA_DELETE_SECRET,
1249 .comment = "NETR_DELTA_SECRET by name 'IsurelydontexistIhope' and flags"
1250 },
1251 {
1252 .rid = 0,
1253 .flags = NETR_CHANGELOG_NAME_INCLUDED,
1254 .db_index = SAM_DATABASE_PRIVS,
1255 .delta_type = NETR_DELTA_SECRET,
1256 .sid = null_sid,
1257 .name = "G$BCKUPKEY_P",
1258 .expected_error = NT_STATUS_OK,
1259 .expected_num_results = 1,
1260 .expected_delta_type_1 = NETR_DELTA_SECRET,
1261 .comment = "NETR_DELTA_SECRET by name 'G$BCKUPKEY_P' and flags"
1262 }
1263 };
1264
1265 ZERO_STRUCT(return_authenticator);
1266
1267 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1268 r.in.computername = TEST_MACHINE_NAME;
1269 r.in.return_authenticator = &return_authenticator;
1270 r.out.return_authenticator = &return_authenticator;
1271 r.out.delta_enum_array = &delta_enum_array;
1272
1273 for (d=0; d<3; d++) {
1274
1275 const char *database;
1276
1277 switch (d) {
1278 case 0:
1279 database = "SAM";
1280 break;
1281 case 1:
1282 database = "BUILTIN";
1283 break;
1284 case 2:
1285 database = "LSA";
1286 break;
1287 default:
1288 break;
1289 }
1290
1291 torture_comment(tctx, "Testing DatabaseRedo\n");
1292
1293 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
1294 return false;
1295 }
1296
1297 for (i=0;i<ARRAY_SIZE(changes);i++) {
1298
1299 if (d != changes[i].db_index) {
1300 continue;
1301 }
1302
1303 creds_client_authenticator(creds, &credential);
1304
1305 r.in.credential = &credential;
1306
1307 e.serial_number1 = 0;
1308 e.serial_number2 = 0;
1309 e.object_rid = changes[i].rid;
1310 e.flags = changes[i].flags;
1311 e.db_index = changes[i].db_index;
1312 e.delta_type = changes[i].delta_type;
1313
1314 switch (changes[i].flags & (NETR_CHANGELOG_NAME_INCLUDED | NETR_CHANGELOG_SID_INCLUDED)) {
1315 case NETR_CHANGELOG_SID_INCLUDED:
1316 e.object.object_sid = changes[i].sid;
1317 break;
1318 case NETR_CHANGELOG_NAME_INCLUDED:
1319 e.object.object_name = changes[i].name;
1320 break;
1321 default:
1322 break;
1323 }
1324
1325 r.in.change_log_entry = e;
1326
1327 torture_comment(tctx, "Testing DatabaseRedo with database %s and %s\n",
1328 database, changes[i].comment);
1329
1330 status = dcerpc_netr_DatabaseRedo(p, tctx, &r);
1331 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
1332 return true;
1333 }
1334
1335 torture_assert_ntstatus_equal(tctx, status, changes[i].expected_error, changes[i].comment);
1336 if (delta_enum_array) {
1337 torture_assert_int_equal(tctx,
1338 delta_enum_array->num_deltas,
1339 changes[i].expected_num_results,
1340 changes[i].comment);
1341 if (delta_enum_array->num_deltas > 0) {
1342 torture_assert_int_equal(tctx,
1343 delta_enum_array->delta_enum[0].delta_type,
1344 changes[i].expected_delta_type_1,
1345 changes[i].comment);
1346 }
1347 if (delta_enum_array->num_deltas > 1) {
1348 torture_assert_int_equal(tctx,
1349 delta_enum_array->delta_enum[1].delta_type,
1350 changes[i].expected_delta_type_2,
1351 changes[i].comment);
1352 }
1353 }
1354
1355 if (!creds_client_check(creds, &return_authenticator.cred)) {
1356 torture_comment(tctx, "Credential chaining failed\n");
1357 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
1358 return false;
1359 }
1360 }
1361 }
1362 }
1363 }
1364
1365 return true;
1366 }
1367
1368 /*
1369 try a netlogon AccountDeltas
1370 */
1371 static bool test_AccountDeltas(struct torture_context *tctx,
1372 struct dcerpc_pipe *p,
1373 struct cli_credentials *machine_credentials)
1374 {
1375 NTSTATUS status;
1376 struct netr_AccountDeltas r;
1377 struct creds_CredentialState *creds;
1378
1379 struct netr_AccountBuffer buffer;
1380 uint32_t count_returned = 0;
1381 uint32_t total_entries = 0;
1382 struct netr_UAS_INFO_0 recordid;
1383 struct netr_Authenticator return_authenticator;
1384
1385 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
1386 return false;
1387 }
1388
1389 ZERO_STRUCT(return_authenticator);
1390
1391 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1392 r.in.computername = TEST_MACHINE_NAME;
1393 r.in.return_authenticator = &return_authenticator;
1394 creds_client_authenticator(creds, &r.in.credential);
1395 ZERO_STRUCT(r.in.uas);
1396 r.in.count=10;
1397 r.in.level=0;
1398 r.in.buffersize=100;
1399 r.out.buffer = &buffer;
1400 r.out.count_returned = &count_returned;
1401 r.out.total_entries = &total_entries;
1402 r.out.recordid = &recordid;
1403 r.out.return_authenticator = &return_authenticator;
1404
1405 /* w2k3 returns "NOT IMPLEMENTED" for this call */
1406 status = dcerpc_netr_AccountDeltas(p, tctx, &r);
1407 torture_assert_ntstatus_equal(tctx, status, NT_STATUS_NOT_IMPLEMENTED, "AccountDeltas");
1408
1409 return true;
1410 }
1411
1412 /*
1413 try a netlogon AccountSync
1414 */
1415 static bool test_AccountSync(struct torture_context *tctx, struct dcerpc_pipe *p,
1416 struct cli_credentials *machine_credentials)
1417 {
1418 NTSTATUS status;
1419 struct netr_AccountSync r;
1420 struct creds_CredentialState *creds;
1421
1422 struct netr_AccountBuffer buffer;
1423 uint32_t count_returned = 0;
1424 uint32_t total_entries = 0;
1425 uint32_t next_reference = 0;
1426 struct netr_UAS_INFO_0 recordid;
1427 struct netr_Authenticator return_authenticator;
1428
1429 ZERO_STRUCT(recordid);
1430 ZERO_STRUCT(return_authenticator);
1431
1432 if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
1433 return false;
1434 }
1435
1436 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1437 r.in.computername = TEST_MACHINE_NAME;
1438 r.in.return_authenticator = &return_authenticator;
1439 creds_client_authenticator(creds, &r.in.credential);
1440 r.in.recordid = &recordid;
1441 r.in.reference=0;
1442 r.in.level=0;
1443 r.in.buffersize=100;
1444 r.out.buffer = &buffer;
1445 r.out.count_returned = &count_returned;
1446 r.out.total_entries = &total_entries;
1447 r.out.next_reference = &next_reference;
1448 r.out.recordid = &recordid;
1449 r.out.return_authenticator = &return_authenticator;
1450
1451 /* w2k3 returns "NOT IMPLEMENTED" for this call */
1452 status = dcerpc_netr_AccountSync(p, tctx, &r);
1453 torture_assert_ntstatus_equal(tctx, status, NT_STATUS_NOT_IMPLEMENTED, "AccountSync");
1454
1455 return true;
1456 }
1457
1458 /*
1459 try a netlogon GetDcName
1460 */
1461 static bool test_GetDcName(struct torture_context *tctx,
1462 struct dcerpc_pipe *p)
1463 {
1464 NTSTATUS status;
1465 struct netr_GetDcName r;
1466 const char *dcname = NULL;
1467
1468 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1469 r.in.domainname = lp_workgroup(tctx->lp_ctx);
1470 r.out.dcname = &dcname;
1471
1472 status = dcerpc_netr_GetDcName(p, tctx, &r);
1473 torture_assert_ntstatus_ok(tctx, status, "GetDcName");
1474 torture_assert_werr_ok(tctx, r.out.result, "GetDcName");
1475
1476 torture_comment(tctx, "\tDC is at '%s'\n", dcname);
1477
1478 return true;
1479 }
1480
1481 /*
1482 try a netlogon LogonControl
1483 */
1484 static bool test_LogonControl(struct torture_context *tctx,
1485 struct dcerpc_pipe *p)
1486 {
1487 NTSTATUS status;
1488 struct netr_LogonControl r;
1489 union netr_CONTROL_QUERY_INFORMATION info;
1490 int i;
1491
1492 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1493 r.in.function_code = 1;
1494 r.out.info = &info;
1495
1496 for (i=1;i<4;i++) {
1497 r.in.level = i;
1498
1499 torture_comment(tctx, "Testing LogonControl level %d\n", i);
1500
1501 status = dcerpc_netr_LogonControl(p, tctx, &r);
1502 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
1503 }
1504
1505 return true;
1506 }
1507
1508
1509 /*
1510 try a netlogon GetAnyDCName
1511 */
1512 static bool test_GetAnyDCName(struct torture_context *tctx,
1513 struct dcerpc_pipe *p)
1514 {
1515 NTSTATUS status;
1516 struct netr_GetAnyDCName r;
1517 const char *dcname = NULL;
1518
1519 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1520 r.in.domainname = lp_workgroup(tctx->lp_ctx);
1521 r.out.dcname = &dcname;
1522
1523 status = dcerpc_netr_GetAnyDCName(p, tctx, &r);
1524 torture_assert_ntstatus_ok(tctx, status, "GetAnyDCName");
1525 torture_assert_werr_ok(tctx, r.out.result, "GetAnyDCName");
1526
1527 if (dcname) {
1528 torture_comment(tctx, "\tDC is at '%s'\n", dcname);
1529 }
1530
1531 return true;
1532 }
1533
1534
1535 /*
1536 try a netlogon LogonControl2
1537 */
1538 static bool test_LogonControl2(struct torture_context *tctx,
1539 struct dcerpc_pipe *p)
1540 {
1541 NTSTATUS status;
1542 struct netr_LogonControl2 r;
1543 union netr_CONTROL_DATA_INFORMATION data;
1544 union netr_CONTROL_QUERY_INFORMATION query;
1545 int i;
1546
1547 data.domain = lp_workgroup(tctx->lp_ctx);
1548
1549 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1550
1551 r.in.function_code = NETLOGON_CONTROL_REDISCOVER;
1552 r.in.data = &data;
1553 r.out.query = &query;
1554
1555 for (i=1;i<4;i++) {
1556 r.in.level = i;
1557
1558 torture_comment(tctx, "Testing LogonControl2 level %d function %d\n",
1559 i, r.in.function_code);
1560
1561 status = dcerpc_netr_LogonControl2(p, tctx, &r);
1562 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
1563 }
1564
1565 data.domain = lp_workgroup(tctx->lp_ctx);
1566
1567 r.in.function_code = NETLOGON_CONTROL_TC_QUERY;
1568 r.in.data = &data;
1569
1570 for (i=1;i<4;i++) {
1571 r.in.level = i;
1572
1573 torture_comment(tctx, "Testing LogonControl2 level %d function %d\n",
1574 i, r.in.function_code);
1575
1576 status = dcerpc_netr_LogonControl2(p, tctx, &r);
1577 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
1578 }
1579
1580 data.domain = lp_workgroup(tctx->lp_ctx);
1581
1582 r.in.function_code = NETLOGON_CONTROL_TRANSPORT_NOTIFY;
1583 r.in.data = &data;
1584
1585 for (i=1;i<4;i++) {
1586 r.in.level = i;
1587
1588 torture_comment(tctx, "Testing LogonControl2 level %d function %d\n",
1589 i, r.in.function_code);
1590
1591 status = dcerpc_netr_LogonControl2(p, tctx, &r);
1592 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
1593 }
1594
1595 data.debug_level = ~0;
1596
1597 r.in.function_code = NETLOGON_CONTROL_SET_DBFLAG;
1598 r.in.data = &data;
1599
1600 for (i=1;i<4;i++) {
1601 r.in.level = i;
1602
1603 torture_comment(tctx, "Testing LogonControl2 level %d function %d\n",
1604 i, r.in.function_code);
1605
1606 status = dcerpc_netr_LogonControl2(p, tctx, &r);
1607 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
1608 }
1609
1610 return true;
1611 }
1612
1613 /*
1614 try a netlogon DatabaseSync2
1615 */
1616 static bool test_DatabaseSync2(struct torture_context *tctx,
1617 struct dcerpc_pipe *p,
1618 struct cli_credentials *machine_credentials)
1619 {
1620 NTSTATUS status;
1621 struct netr_DatabaseSync2 r;
1622 struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
1623 struct netr_Authenticator return_authenticator, credential;
1624
1625 struct creds_CredentialState *creds;
1626 const uint32_t database_ids[] = {0, 1, 2};
1627 int i;
1628
1629 if (!test_SetupCredentials2(p, tctx, NETLOGON_NEG_AUTH2_FLAGS,
1630 machine_credentials,
1631 SEC_CHAN_BDC, &creds)) {
1632 return false;
1633 }
1634
1635 ZERO_STRUCT(return_authenticator);
1636
1637 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1638 r.in.computername = TEST_MACHINE_NAME;
1639 r.in.preferredmaximumlength = (uint32_t)-1;
1640 r.in.return_authenticator = &return_authenticator;
1641 r.out.return_authenticator = &return_authenticator;
1642 r.out.delta_enum_array = &delta_enum_array;
1643
1644 for (i=0;i<ARRAY_SIZE(database_ids);i++) {
1645
1646 uint32_t sync_context = 0;
1647
1648 r.in.database_id = database_ids[i];
1649 r.in.sync_context = &sync_context;
1650 r.out.sync_context = &sync_context;
1651 r.in.restart_state = 0;
1652
1653 torture_comment(tctx, "Testing DatabaseSync2 of id %d\n", r.in.database_id);
1654
1655 do {
1656 creds_client_authenticator(creds, &credential);
1657
1658 r.in.credential = &credential;
1659
1660 status = dcerpc_netr_DatabaseSync2(p, tctx, &r);
1661 if (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES))
1662 break;
1663
1664 /* Native mode servers don't do this */
1665 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
1666 return true;
1667 }
1668
1669 torture_assert_ntstatus_ok(tctx, status, "DatabaseSync2");
1670
1671 if (!creds_client_check(creds, &r.out.return_authenticator->cred)) {
1672 torture_comment(tctx, "Credential chaining failed\n");
1673 }
1674
1675 } while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES));
1676 }
1677
1678 return true;
1679 }
1680
1681
1682 /*
1683 try a netlogon LogonControl2Ex
1684 */
1685 static bool test_LogonControl2Ex(struct torture_context *tctx,
1686 struct dcerpc_pipe *p)
1687 {
1688 NTSTATUS status;
1689 struct netr_LogonControl2Ex r;
1690 union netr_CONTROL_DATA_INFORMATION data;
1691 union netr_CONTROL_QUERY_INFORMATION query;
1692 int i;
1693
1694 data.domain = lp_workgroup(tctx->lp_ctx);
1695
1696 r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1697
1698 r.in.function_code = NETLOGON_CONTROL_REDISCOVER;
1699 r.in.data = &data;
1700 r.out.query = &query;
1701
1702 for (i=1;i<4;i++) {
1703 r.in.level = i;
1704
1705 torture_comment(tctx, "Testing LogonControl2Ex level %d function %d\n",
1706 i, r.in.function_code);
1707
1708 status = dcerpc_netr_LogonControl2Ex(p, tctx, &r);
1709 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
1710 }
1711
1712 data.domain = lp_workgroup(tctx->lp_ctx);
1713
1714 r.in.function_code = NETLOGON_CONTROL_TC_QUERY;
1715 r.in.data = &data;
1716
1717 for (i=1;i<4;i++) {
1718 r.in.level = i;
1719
1720 torture_comment(tctx, "Testing LogonControl2Ex level %d function %d\n",
1721 i, r.in.function_code);
1722
1723 status = dcerpc_netr_LogonControl2Ex(p, tctx, &r);
1724 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
1725 }
1726
1727 data.domain = lp_workgroup(tctx->lp_ctx);
1728
1729 r.in.function_code = NETLOGON_CONTROL_TRANSPORT_NOTIFY;
1730 r.in.data = &data;
1731
1732 for (i=1;i<4;i++) {
1733 r.in.level = i;
1734
1735 torture_comment(tctx, "Testing LogonControl2Ex level %d function %d\n",
1736 i, r.in.function_code);
1737
1738 status = dcerpc_netr_LogonControl2Ex(p, tctx, &r);
1739 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
1740 }
1741
1742 data.debug_level = ~0;
1743
1744 r.in.function_code = NETLOGON_CONTROL_SET_DBFLAG;
1745 r.in.data = &data;
1746
1747 for (i=1;i<4;i++) {
1748 r.in.level = i;
1749
1750 torture_comment(tctx, "Testing LogonControl2Ex level %d function %d\n",
1751 i, r.in.function_code);
1752
1753 status = dcerpc_netr_LogonControl2Ex(p, tctx, &r);
1754 torture_assert_ntstatus_ok(tctx, status, "LogonControl");
1755 }
1756
1757 return true;
1758 }
1759
1760 static bool test_netr_DsRGetForestTrustInformation(struct torture_context *tctx,
1761 struct dcerpc_pipe *p, const char *trusted_domain_name)
1762 {
1763 NTSTATUS status;
1764 struct netr_DsRGetForestTrustInformation r;
1765 struct lsa_ForestTrustInformation info, *info_ptr;
1766
1767 info_ptr = &info;
1768
1769 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1770 r.in.trusted_domain_name = trusted_domain_name;
1771 r.in.flags = 0;
1772 r.out.forest_trust_info = &info_ptr;
1773
1774 torture_comment(tctx ,"Testing netr_DsRGetForestTrustInformation\n");
1775
1776 status = dcerpc_netr_DsRGetForestTrustInformation(p, tctx, &r);
1777 torture_assert_ntstatus_ok(tctx, status, "DsRGetForestTrustInformation");
1778 torture_assert_werr_ok(tctx, r.out.result, "DsRGetForestTrustInformation");
1779
1780 return true;
1781 }
1782
1783 /*
1784 try a netlogon netr_DsrEnumerateDomainTrusts
1785 */
1786 static bool test_DsrEnumerateDomainTrusts(struct torture_context *tctx,
1787 struct dcerpc_pipe *p)
1788 {
1789 NTSTATUS status;
1790 struct netr_DsrEnumerateDomainTrusts r;
1791 struct netr_DomainTrustList trusts;
1792 int i;
1793
1794 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1795 r.in.trust_flags = 0x3f;
1796 r.out.trusts = &trusts;
1797
1798 status = dcerpc_netr_DsrEnumerateDomainTrusts(p, tctx, &r);
1799 torture_assert_ntstatus_ok(tctx, status, "DsrEnumerateDomaintrusts");
1800 torture_assert_werr_ok(tctx, r.out.result, "DsrEnumerateDomaintrusts");
1801
1802 /* when trusted_domain_name is NULL, netr_DsRGetForestTrustInformation
1803 * will show non-forest trusts and all UPN suffixes of the own forest
1804 * as LSA_FOREST_TRUST_TOP_LEVEL_NAME types */
1805
1806 if (r.out.trusts->count) {
1807 if (!test_netr_DsRGetForestTrustInformation(tctx, p, NULL)) {
1808 return false;
1809 }
1810 }
1811
1812 for (i=0; i<r.out.trusts->count; i++) {
1813
1814 /* get info for transitive forest trusts */
1815
1816 if (r.out.trusts->array[i].trust_attributes & NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE) {
1817 if (!test_netr_DsRGetForestTrustInformation(tctx, p,
1818 r.out.trusts->array[i].dns_name)) {
1819 return false;
1820 }
1821 }
1822 }
1823
1824 return true;
1825 }
1826
1827 static bool test_netr_NetrEnumerateTrustedDomains(struct torture_context *tctx,
1828 struct dcerpc_pipe *p)
1829 {
1830 NTSTATUS status;
1831 struct netr_NetrEnumerateTrustedDomains r;
1832 struct netr_Blob trusted_domains_blob;
1833
1834 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1835 r.out.trusted_domains_blob = &trusted_domains_blob;
1836
1837 status = dcerpc_netr_NetrEnumerateTrustedDomains(p, tctx, &r);
1838 torture_assert_ntstatus_ok(tctx, status, "netr_NetrEnumerateTrustedDomains");
1839 torture_assert_werr_ok(tctx, r.out.result, "NetrEnumerateTrustedDomains");
1840
1841 return true;
1842 }
1843
1844 static bool test_netr_NetrEnumerateTrustedDomainsEx(struct torture_context *tctx,
1845 struct dcerpc_pipe *p)
1846 {
1847 NTSTATUS status;
1848 struct netr_NetrEnumerateTrustedDomainsEx r;
1849 struct netr_DomainTrustList dom_trust_list;
1850
1851 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1852 r.out.dom_trust_list = &dom_trust_list;
1853
1854 status = dcerpc_netr_NetrEnumerateTrustedDomainsEx(p, tctx, &r);
1855 torture_assert_ntstatus_ok(tctx, status, "netr_NetrEnumerateTrustedDomainsEx");
1856 torture_assert_werr_ok(tctx, r.out.result, "NetrEnumerateTrustedDomainsEx");
1857
1858 return true;
1859 }
1860
1861
1862 static bool test_netr_DsRGetSiteName(struct dcerpc_pipe *p, struct torture_context *tctx,
1863 const char *computer_name,
1864 const char *expected_site)
1865 {
1866 NTSTATUS status;
1867 struct netr_DsRGetSiteName r;
1868 const char *site = NULL;
1869
1870 if (torture_setting_bool(tctx, "samba4", false))
1871 torture_skip(tctx, "skipping DsRGetSiteName test against Samba4");
1872
1873 r.in.computer_name = computer_name;
1874 r.out.site = &site;
1875 torture_comment(tctx, "Testing netr_DsRGetSiteName\n");
1876
1877 status = dcerpc_netr_DsRGetSiteName(p, tctx, &r);
1878 torture_assert_ntstatus_ok(tctx, status, "DsRGetSiteName");
1879 torture_assert_werr_ok(tctx, r.out.result, "DsRGetSiteName");
1880 torture_assert_str_equal(tctx, expected_site, site, "netr_DsRGetSiteName");
1881
1882 r.in.computer_name = talloc_asprintf(tctx, "\\\\%s", computer_name);
1883 torture_comment(tctx,
1884 "Testing netr_DsRGetSiteName with broken computer name: %s\n", r.in.computer_name);
1885
1886 status = dcerpc_netr_DsRGetSiteName(p, tctx, &r);
1887 torture_assert_ntstatus_ok(tctx, status, "DsRGetSiteName");
1888 torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_COMPUTERNAME, "netr_DsRGetSiteName");
1889
1890 return true;
1891 }
1892
1893 /*
1894 try a netlogon netr_DsRGetDCName
1895 */
1896 static bool test_netr_DsRGetDCName(struct torture_context *tctx,
1897 struct dcerpc_pipe *p)
1898 {
1899 NTSTATUS status;
1900 struct netr_DsRGetDCName r;
1901 struct netr_DsRGetDCNameInfo *info = NULL;
1902
1903 r.in.server_unc = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1904 r.in.domain_name = talloc_asprintf(tctx, "%s", lp_realm(tctx->lp_ctx));
1905 r.in.domain_guid = NULL;
1906 r.in.site_guid = NULL;
1907 r.in.flags = DS_RETURN_DNS_NAME;
1908 r.out.info = &info;
1909
1910 status = dcerpc_netr_DsRGetDCName(p, tctx, &r);
1911 torture_assert_ntstatus_ok(tctx, status, "DsRGetDCName");
1912 torture_assert_werr_ok(tctx, r.out.result, "DsRGetDCName");
1913 return test_netr_DsRGetSiteName(p, tctx,
1914 info->dc_unc,
1915 info->dc_site_name);
1916 }
1917
1918 /*
1919 try a netlogon netr_DsRGetDCNameEx
1920 */
1921 static bool test_netr_DsRGetDCNameEx(struct torture_context *tctx,
1922 struct dcerpc_pipe *p)
1923 {
1924 NTSTATUS status;
1925 struct netr_DsRGetDCNameEx r;
1926 struct netr_DsRGetDCNameInfo *info = NULL;
1927
1928 r.in.server_unc = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1929 r.in.domain_name = talloc_asprintf(tctx, "%s", lp_realm(tctx->lp_ctx));
1930 r.in.domain_guid = NULL;
1931 r.in.site_name = NULL;
1932 r.in.flags = DS_RETURN_DNS_NAME;
1933 r.out.info = &info;
1934
1935 status = dcerpc_netr_DsRGetDCNameEx(p, tctx, &r);
1936 torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx");
1937 torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx");
1938
1939 return test_netr_DsRGetSiteName(p, tctx, info->dc_unc,
1940 info->dc_site_name);
1941 }
1942
1943 /*
1944 try a netlogon netr_DsRGetDCNameEx2
1945 */
1946 static bool test_netr_DsRGetDCNameEx2(struct torture_context *tctx,
1947 struct dcerpc_pipe *p)
1948 {
1949 NTSTATUS status;
1950 struct netr_DsRGetDCNameEx2 r;
1951 struct netr_DsRGetDCNameInfo *info = NULL;
1952
1953 r.in.server_unc = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1954 r.in.client_account = NULL;
1955 r.in.mask = 0x00000000;
1956 r.in.domain_name = talloc_asprintf(tctx, "%s", lp_realm(tctx->lp_ctx));
1957 r.in.domain_guid = NULL;
1958 r.in.site_name = NULL;
1959 r.in.flags = DS_RETURN_DNS_NAME;
1960 r.out.info = &info;
1961
1962 torture_comment(tctx, "Testing netr_DsRGetDCNameEx2 without client account\n");
1963
1964 status = dcerpc_netr_DsRGetDCNameEx2(p, tctx, &r);
1965 torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx2");
1966 torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx2");
1967
1968 torture_comment(tctx, "Testing netr_DsRGetDCNameEx2 with client acount\n");
1969 r.in.client_account = TEST_MACHINE_NAME"$";
1970 r.in.mask = ACB_SVRTRUST;
1971 r.in.flags = DS_RETURN_FLAT_NAME;
1972 r.out.info = &info;
1973
1974 status = dcerpc_netr_DsRGetDCNameEx2(p, tctx, &r);
1975 torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx2");
1976 torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx2");
1977 return test_netr_DsRGetSiteName(p, tctx, info->dc_unc,
1978 info->dc_site_name);
1979 }
1980
1981 static bool test_netr_DsrGetDcSiteCoverageW(struct torture_context *tctx,
1982 struct dcerpc_pipe *p)
1983 {
1984 NTSTATUS status;
1985 struct netr_DsrGetDcSiteCoverageW r;
1986 struct DcSitesCtr *ctr = NULL;
1987
1988 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
1989 r.out.ctr = &ctr;
1990
1991 status = dcerpc_netr_DsrGetDcSiteCoverageW(p, tctx, &r);
1992 torture_assert_ntstatus_ok(tctx, status, "failed");
1993 torture_assert_werr_ok(tctx, r.out.result, "failed");
1994
1995 return true;
1996 }
1997
1998 static bool test_netr_DsRAddressToSitenamesW(struct torture_context *tctx,
1999 struct dcerpc_pipe *p)
2000 {
2001 NTSTATUS status;
2002 struct netr_DsRAddressToSitenamesW r;
2003 struct netr_DsRAddress addr;
2004 struct netr_DsRAddressToSitenamesWCtr *ctr;
2005
2006 ctr = talloc(tctx, struct netr_DsRAddressToSitenamesWCtr);
2007
2008 addr.size = 16;
2009 addr.buffer = talloc_zero_array(tctx, uint8_t, addr.size);
2010
2011 addr.buffer[0] = 2; /* AF_INET */
2012 addr.buffer[4] = 127;
2013 addr.buffer[5] = 0;
2014 addr.buffer[6] = 0;
2015 addr.buffer[7] = 1;
2016
2017 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
2018 r.in.count = 1;
2019 r.in.addresses = talloc_zero_array(tctx, struct netr_DsRAddress, r.in.count);
2020 r.in.addresses[0] = addr;
2021 r.out.ctr = &ctr;
2022
2023 status = dcerpc_netr_DsRAddressToSitenamesW(p, tctx, &r);
2024 torture_assert_ntstatus_ok(tctx, status, "failed");
2025 torture_assert_werr_ok(tctx, r.out.result, "failed");
2026
2027 return true;
2028 }
2029
2030 static bool test_netr_DsRAddressToSitenamesExW(struct torture_context *tctx,
2031 struct dcerpc_pipe *p)
2032 {
2033 NTSTATUS status;
2034 struct netr_DsRAddressToSitenamesExW r;
2035 struct netr_DsRAddress addr;
2036 struct netr_DsRAddressToSitenamesExWCtr *ctr;
2037
2038 ctr = talloc(tctx, struct netr_DsRAddressToSitenamesExWCtr);
2039
2040 addr.size = 16;
2041 addr.buffer = talloc_zero_array(tctx, uint8_t, addr.size);
2042
2043 addr.buffer[0] = 2; /* AF_INET */
2044 addr.buffer[4] = 127;
2045 addr.buffer[5] = 0;
2046 addr.buffer[6] = 0;
2047 addr.buffer[7] = 1;
2048
2049 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
2050 r.in.count = 1;
2051 r.in.addresses = talloc_zero_array(tctx, struct netr_DsRAddress, r.in.count);
2052 r.in.addresses[0] = addr;
2053 r.out.ctr = &ctr;
2054
2055 status = dcerpc_netr_DsRAddressToSitenamesExW(p, tctx, &r);
2056 torture_assert_ntstatus_ok(tctx, status, "failed");
2057 torture_assert_werr_ok(tctx, r.out.result, "failed");
2058
2059 return true;
2060 }
2061
2062 static bool test_netr_ServerGetTrustInfo(struct torture_context *tctx,
2063 struct dcerpc_pipe *p,
2064 struct cli_credentials *machine_credentials)
2065 {
2066 NTSTATUS status;
2067 struct netr_ServerGetTrustInfo r;
2068
2069 struct netr_Authenticator a;
2070 struct netr_Authenticator return_authenticator;
2071 struct samr_Password new_owf_password;
2072 struct samr_Password old_owf_password;
2073 struct netr_TrustInfo *trust_info;
2074
2075 struct creds_CredentialState *creds;
2076
2077 if (!test_SetupCredentials3(p, tctx, NETLOGON_NEG_AUTH2_ADS_FLAGS,
2078 machine_credentials, &creds)) {
2079 return false;
2080 }
2081
2082 creds_client_authenticator(creds, &a);
2083
2084 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
2085 r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
2086 r.in.secure_channel_type = SEC_CHAN_BDC;
2087 r.in.computer_name = TEST_MACHINE_NAME;
2088 r.in.credential = &a;
2089
2090 r.out.return_authenticator = &return_authenticator;
2091 r.out.new_owf_password = &new_owf_password;
2092 r.out.old_owf_password = &old_owf_password;
2093 r.out.trust_info = &trust_info;
2094
2095 status = dcerpc_netr_ServerGetTrustInfo(p, tctx, &r);
2096 torture_assert_ntstatus_ok(tctx, status, "failed");
2097 torture_assert(tctx, creds_client_check(creds, &return_authenticator.cred), "Credential chaining failed");
2098
2099 return true;
2100 }
2101
2102
2103 static bool test_GetDomainInfo(struct torture_context *tctx,
2104 struct dcerpc_pipe *p,
2105 struct cli_credentials *machine_credentials)
2106 {
2107 NTSTATUS status;
2108 struct netr_LogonGetDomainInfo r;
2109 struct netr_DomainQuery1 q1;
2110 struct netr_Authenticator a;
2111 struct creds_CredentialState *creds;
2112 union netr_DomainInfo info;
2113
2114 if (!test_SetupCredentials3(p, tctx, NETLOGON_NEG_AUTH2_ADS_FLAGS,
2115 machine_credentials, &creds)) {
2116 return false;
2117 }
2118
2119 ZERO_STRUCT(r);
2120
2121 creds_client_authenticator(creds, &a);
2122
2123 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
2124 r.in.computer_name = TEST_MACHINE_NAME;
2125 r.in.level = 1;
2126 r.in.credential = &a;
2127 r.in.return_authenticator = &a;
2128 r.out.return_authenticator = &a;
2129 r.out.info = &info;
2130
2131 r.in.query.query1 = &q1;
2132 ZERO_STRUCT(q1);
2133
2134 /* this should really be the fully qualified name */
2135 q1.workstation_domain = TEST_MACHINE_NAME;
2136 q1.workstation_site = "Default-First-Site-Name";
2137 q1.blob2.length = 0;
2138 q1.blob2.size = 0;
2139 q1.blob2.array = NULL;
2140 q1.product.string = "product string";
2141
2142 torture_comment(tctx, "Testing netr_LogonGetDomainInfo\n");
2143
2144 status = dcerpc_netr_LogonGetDomainInfo(p, tctx, &r);
2145 torture_assert_ntstatus_ok(tctx, status, "netr_LogonGetDomainInfo");
2146 torture_assert(tctx, creds_client_check(creds, &a.cred), "Credential chaining failed");
2147
2148 torture_comment(tctx, "Testing netr_LogonGetDomainInfo 2nd call\n");
2149 creds_client_authenticator(creds, &a);
2150
2151 status = dcerpc_netr_LogonGetDomainInfo(p, tctx, &r);
2152 torture_assert_ntstatus_ok(tctx, status, "netr_LogonGetDomainInfo");
2153 torture_assert(tctx, creds_client_check(creds, &a.cred), "Credential chaining failed");
2154
2155 return true;
2156 }
2157
2158
2159 static void async_callback(struct rpc_request *req)
2160 {
2161 int *counter = (int *)req->async.private_data;
2162 if (NT_STATUS_IS_OK(req->status)) {
2163 (*counter)++;
2164 }
2165 }
2166
2167 static bool test_GetDomainInfo_async(struct torture_context *tctx,
2168 struct dcerpc_pipe *p,
2169 struct cli_credentials *machine_credentials)
2170 {
2171 NTSTATUS status;
2172 struct netr_LogonGetDomainInfo r;
2173 struct netr_DomainQuery1 q1;
2174 struct netr_Authenticator a;
2175 #define ASYNC_COUNT 100
2176 struct creds_CredentialState *creds;
2177 struct creds_CredentialState *creds_async[ASYNC_COUNT];
2178 struct rpc_request *req[ASYNC_COUNT];
2179 int i;
2180 int *async_counter = talloc(tctx, int);
2181 union netr_DomainInfo info;
2182
2183 if (!test_SetupCredentials3(p, tctx, NETLOGON_NEG_AUTH2_ADS_FLAGS,
2184 machine_credentials, &creds)) {
2185 return false;
2186 }
2187
2188 ZERO_STRUCT(r);
2189 r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
2190 r.in.computer_name = TEST_MACHINE_NAME;
2191 r.in.level = 1;
2192 r.in.credential = &a;
2193 r.in.return_authenticator = &a;
2194 r.out.return_authenticator = &a;
2195 r.out.info = &info;
2196
2197 r.in.query.query1 = &q1;
2198 ZERO_STRUCT(q1);
2199
2200 /* this should really be the fully qualified name */
2201 q1.workstation_domain = TEST_MACHINE_NAME;
2202 q1.workstation_site = "Default-First-Site-Name";
2203 q1.blob2.length = 0;
2204 q1.blob2.size = 0;
2205 q1.blob2.array = NULL;
2206 q1.product.string = "product string";
2207
2208 torture_comment(tctx, "Testing netr_LogonGetDomainInfo - async count %d\n", ASYNC_COUNT);
2209
2210 *async_counter = 0;
2211
2212 for (i=0;i<ASYNC_COUNT;i++) {
2213 creds_client_authenticator(creds, &a);
2214
2215 creds_async[i] = (struct creds_CredentialState *)talloc_memdup(creds, creds, sizeof(*creds));
2216 req[i] = dcerpc_netr_LogonGetDomainInfo_send(p, tctx, &r);
2217
2218 req[i]->async.callback = async_callback;
2219 req[i]->async.private_data = async_counter;
2220
2221 /* even with this flush per request a w2k3 server seems to
2222 clag with multiple outstanding requests. bleergh. */
2223 torture_assert_int_equal(tctx, event_loop_once(dcerpc_event_context(p)), 0,
2224 "event_loop_once failed");
2225 }
2226
2227 for (i=0;i<ASYNC_COUNT;i++) {
2228 status = dcerpc_ndr_request_recv(req[i]);
2229
2230 torture_assert_ntstatus_ok(tctx, status, "netr_LogonGetDomainInfo_async");
2231 torture_assert_ntstatus_ok(tctx, r.out.result, "netr_LogonGetDomainInfo_async");
2232
2233 torture_assert(tctx, creds_client_check(creds_async[i], &a.cred),
2234 "Credential chaining failed at async");
2235 }
2236
2237 torture_comment(tctx,
2238 "Testing netr_LogonGetDomainInfo - async count %d OK\n", *async_counter);
2239
2240 torture_assert_int_equal(tctx, (*async_counter), ASYNC_COUNT, "int");
2241
2242 return true;
2243 }
2244
2245 static bool test_ManyGetDCName(struct torture_context *tctx,
2246 struct dcerpc_pipe *p)
2247 {
2248 NTSTATUS status;
2249 struct dcerpc_pipe *p2;
2250 struct lsa_ObjectAttribute attr;
2251 struct lsa_QosInfo qos;
2252 struct lsa_OpenPolicy2 o;
2253 struct policy_handle lsa_handle;
2254 struct lsa_DomainList domains;
2255
2256 struct lsa_EnumTrustDom t;
2257 uint32_t resume_handle = 0;
2258 struct netr_GetAnyDCName d;
2259 const char *dcname = NULL;
2260
2261 int i;
2262
2263 if (p->conn->transport.transport != NCACN_NP) {
2264 return true;
2265 }
2266
2267 torture_comment(tctx, "Torturing GetDCName\n");
2268
2269 status = dcerpc_secondary_connection(p, &p2, p->binding);
2270 torture_assert_ntstatus_ok(tctx, status, "Failed to create secondary connection");
2271
2272 status = dcerpc_bind_auth_none(p2, &ndr_table_lsarpc);
2273 torture_assert_ntstatus_ok(tctx, status, "Failed to create bind on secondary connection");
2274
2275 qos.len = 0;
2276 qos.impersonation_level = 2;
2277 qos.context_mode = 1;
2278 qos.effective_only = 0;
2279
2280 attr.len = 0;
2281 attr.root_dir = NULL;
2282 attr.object_name = NULL;
2283 attr.attributes = 0;
2284 attr.sec_desc = NULL;
2285 attr.sec_qos = &qos;
2286
2287 o.in.system_name = "\\";
2288 o.in.attr = &attr;
2289 o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
2290 o.out.handle = &lsa_handle;
2291
2292 status = dcerpc_lsa_OpenPolicy2(p2, tctx, &o);
2293 torture_assert_ntstatus_ok(tctx, status, "OpenPolicy2 failed");
2294
2295 t.in.handle = &lsa_handle;
2296 t.in.resume_handle = &resume_handle;
2297 t.in.max_size = 1000;
2298 t.out.domains = &domains;
2299 t.out.resume_handle = &resume_handle;
2300
2301 status = dcerpc_lsa_EnumTrustDom(p2, tctx, &t);
2302
2303 if ((!NT_STATUS_IS_OK(status) &&
2304 (!NT_STATUS_EQUAL(status, NT_STATUS_NO_MORE_ENTRIES))))
2305 torture_fail(tctx, "Could not list domains");
2306
2307 talloc_free(p2);
2308
2309 d.in.logon_server = talloc_asprintf(tctx, "\\\\%s",
2310 dcerpc_server_name(p));
2311 d.out.dcname = &dcname;
2312
2313 for (i=0; i<domains.count * 4; i++) {
2314 struct lsa_DomainInfo *info =
2315 &domains.domains[rand()%domains.count];
2316
2317 d.in.domainname = info->name.string;
2318
2319 status = dcerpc_netr_GetAnyDCName(p, tctx, &d);
2320 torture_assert_ntstatus_ok(tctx, status, "GetAnyDCName");
2321
2322 torture_comment(tctx, "\tDC for domain %s is %s\n", info->name.string,
2323 dcname ? dcname : "unknown");
2324 }
2325
2326 return true;
2327 }
2328
2329 struct torture_suite *torture_rpc_netlogon(TALLOC_CTX *mem_ctx)
2330 {
2331 struct torture_suite *suite = torture_suite_create(mem_ctx, "NETLOGON");
2332 struct torture_rpc_tcase *tcase;
2333 struct torture_test *test;
2334
2335 tcase = torture_suite_add_machine_rpc_iface_tcase(suite, "netlogon",
2336 &ndr_table_netlogon, TEST_MACHINE_NAME);
2337
2338 torture_rpc_tcase_add_test(tcase, "LogonUasLogon", test_LogonUasLogon);
2339 torture_rpc_tcase_add_test(tcase, "LogonUasLogoff", test_LogonUasLogoff);
2340 torture_rpc_tcase_add_test_creds(tcase, "SamLogon", test_SamLogon);
2341 torture_rpc_tcase_add_test_creds(tcase, "SetPassword", test_SetPassword);
2342 torture_rpc_tcase_add_test_creds(tcase, "SetPassword2", test_SetPassword2);
2343 torture_rpc_tcase_add_test_creds(tcase, "GetPassword", test_GetPassword);
2344 torture_rpc_tcase_add_test_creds(tcase, "GetTrustPasswords", test_GetTrustPasswords);
2345 torture_rpc_tcase_add_test_creds(tcase, "GetDomainInfo", test_GetDomainInfo);
2346 torture_rpc_tcase_add_test_creds(tcase, "DatabaseSync", test_DatabaseSync);
2347 torture_rpc_tcase_add_test_creds(tcase, "DatabaseDeltas", test_DatabaseDeltas);
2348 torture_rpc_tcase_add_test_creds(tcase, "DatabaseRedo", test_DatabaseRedo);
2349 torture_rpc_tcase_add_test_creds(tcase, "AccountDeltas", test_AccountDeltas);
2350 torture_rpc_tcase_add_test_creds(tcase, "AccountSync", test_AccountSync);
2351 torture_rpc_tcase_add_test(tcase, "GetDcName", test_GetDcName);
2352 torture_rpc_tcase_add_test(tcase, "ManyGetDCName", test_ManyGetDCName);
2353 torture_rpc_tcase_add_test(tcase, "LogonControl", test_LogonControl);
2354 torture_rpc_tcase_add_test(tcase, "GetAnyDCName", test_GetAnyDCName);
2355 torture_rpc_tcase_add_test(tcase, "LogonControl2", test_LogonControl2);
2356 torture_rpc_tcase_add_test_creds(tcase, "DatabaseSync2", test_DatabaseSync2);
2357 torture_rpc_tcase_add_test(tcase, "LogonControl2Ex", test_LogonControl2Ex);
2358 torture_rpc_tcase_add_test(tcase, "DsrEnumerateDomainTrusts", test_DsrEnumerateDomainTrusts);
2359 torture_rpc_tcase_add_test(tcase, "NetrEnumerateTrustedDomains", test_netr_NetrEnumerateTrustedDomains);
2360 torture_rpc_tcase_add_test(tcase, "NetrEnumerateTrustedDomainsEx", test_netr_NetrEnumerateTrustedDomainsEx);
2361 test = torture_rpc_tcase_add_test_creds(tcase, "GetDomainInfo_async", test_GetDomainInfo_async);
2362 test->dangerous = true;
2363 torture_rpc_tcase_add_test(tcase, "DsRGetDCName", test_netr_DsRGetDCName);
2364 torture_rpc_tcase_add_test(tcase, "DsRGetDCNameEx", test_netr_DsRGetDCNameEx);
2365 torture_rpc_tcase_add_test(tcase, "DsRGetDCNameEx2", test_netr_DsRGetDCNameEx2);
2366 torture_rpc_tcase_add_test(tcase, "DsrGetDcSiteCoverageW", test_netr_DsrGetDcSiteCoverageW);
2367 torture_rpc_tcase_add_test(tcase, "DsRAddressToSitenamesW", test_netr_DsRAddressToSitenamesW);
2368 torture_rpc_tcase_add_test(tcase, "DsRAddressToSitenamesExW", test_netr_DsRAddressToSitenamesExW);
2369 torture_rpc_tcase_add_test_creds(tcase, "ServerGetTrustInfo", test_netr_ServerGetTrustInfo);
2370
2371 return suite;
2372 }
reg import