summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2005-10-03 23:46:21 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:39:20 -0500
commit099c3d532736d5836d0d5d3236cd1e502897076c (patch)
tree794c93933c694ffc92386cdea8fc0c56ba78b97e
parentb7a47635caeb326cc8a5c2bd2307334a4a2ff416 (diff)
downloadsamba-099c3d532736d5836d0d5d3236cd1e502897076c.tar.gz
samba-099c3d532736d5836d0d5d3236cd1e502897076c.tar.bz2
samba-099c3d532736d5836d0d5d3236cd1e502897076c.zip
r10697: Change the torture join code to return a credentials structure, as
that is what most of the callers want anyway. Remove and re-add the account for the torture case, rather than just modify it. Test with a user account (needs work to change the password). Andrew Bartlett (This used to be commit 38bebef02454164cbe882347d80e03abee656205)
-rw-r--r--source4/torture/nbt/dgram.c4
-rw-r--r--source4/torture/rpc/join.c10
-rw-r--r--source4/torture/rpc/netlogon.c5
-rw-r--r--source4/torture/rpc/samlogon.c37
-rw-r--r--source4/torture/rpc/schannel.c22
-rw-r--r--source4/torture/rpc/testjoin.c52
6 files changed, 71 insertions, 59 deletions
diff --git a/source4/torture/nbt/dgram.c b/source4/torture/nbt/dgram.c
index b3249524ca..ded2b49ea8 100644
--- a/source4/torture/nbt/dgram.c
+++ b/source4/torture/nbt/dgram.c
@@ -214,11 +214,11 @@ static BOOL nbt_test_ntlogon(TALLOC_CTX *mem_ctx,
struct timeval tv = timeval_current();
int replies = 0;
struct test_join *join_ctx;
- const char *password;
+ struct cli_credentials *machine_credentials;
const char *dom_sid;
join_ctx = torture_join_domain(TEST_NAME,
- ACB_WSTRUST, &password);
+ ACB_WSTRUST, &machine_credentials);
if (join_ctx == NULL) {
printf("Failed to join domain %s as %s\n", lp_workgroup(), TEST_NAME);
talloc_free(dgmsock);
diff --git a/source4/torture/rpc/join.c b/source4/torture/rpc/join.c
index beb313c3d2..7aed76abf4 100644
--- a/source4/torture/rpc/join.c
+++ b/source4/torture/rpc/join.c
@@ -9,12 +9,12 @@
BOOL torture_rpc_join(void)
{
struct test_join *tj;
- const char *machine_password;
+ struct cli_credentials *machine_account;
/* Join domain as a member server. */
tj = torture_join_domain(TORTURE_NETBIOS_NAME,
ACB_WSTRUST,
- &machine_password);
+ &machine_account);
if (!tj) {
DEBUG(0, ("%s failed to join domain\n",
@@ -28,10 +28,10 @@ BOOL torture_rpc_join(void)
/* Join domain as a domain controller. */
tj = torture_join_domain(TORTURE_NETBIOS_NAME,
ACB_SVRTRUST,
- &machine_password);
+ &machine_account);
if (!tj) {
- DEBUG(0, ("%s failed to join domain %s.\n",
- TORTURE_NETBIOS_NAME, lp_workgroup()));
+ DEBUG(0, ("%s failed to join domain\n",
+ TORTURE_NETBIOS_NAME));
return False;
}
diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c
index 966a0f2e5b..185a032b3c 100644
--- a/source4/torture/rpc/netlogon.c
+++ b/source4/torture/rpc/netlogon.c
@@ -1358,17 +1358,20 @@ BOOL torture_rpc_netlogon(void)
TALLOC_CTX *mem_ctx;
BOOL ret = True;
struct test_join *join_ctx;
+ struct cli_credentials *machine_credentials;
mem_ctx = talloc_init("torture_rpc_netlogon");
join_ctx = torture_join_domain(TEST_MACHINE_NAME, ACB_SVRTRUST,
- &machine_password);
+ &machine_credentials);
if (!join_ctx) {
talloc_free(mem_ctx);
printf("Failed to join as BDC\n");
return False;
}
+ machine_password = cli_credentials_get_password(machine_credentials);
+
status = torture_rpc_connection(mem_ctx, &p,
DCERPC_NETLOGON_NAME,
DCERPC_NETLOGON_UUID,
diff --git a/source4/torture/rpc/samlogon.c b/source4/torture/rpc/samlogon.c
index ef0ccd9037..00b3c56408 100644
--- a/source4/torture/rpc/samlogon.c
+++ b/source4/torture/rpc/samlogon.c
@@ -1379,13 +1379,11 @@ BOOL torture_rpc_samlogon(void)
TALLOC_CTX *mem_ctx = talloc_init("torture_rpc_netlogon");
BOOL ret = True;
struct test_join *join_ctx;
-#if 0
struct test_join *user_ctx;
const char *user_password;
-#endif
char *test_machine_account;
- const char *machine_password;
const char *binding = lp_parm_string(-1, "torture", "binding");
+ const char *userdomain;
int i;
int ci;
@@ -1399,21 +1397,24 @@ BOOL torture_rpc_samlogon(void)
struct creds_CredentialState *creds;
- machine_credentials = cli_credentials_init(mem_ctx);
-
test_machine_account = talloc_asprintf(mem_ctx, "%s$", TEST_MACHINE_NAME);
/* We only need to join as a workstation here, and in future,
* if we wish to test against trusted domains, we must be a
* workstation here */
- join_ctx = torture_create_testuser(test_machine_account, lp_workgroup(), ACB_WSTRUST,
- &machine_password);
+ join_ctx = torture_join_domain(TEST_MACHINE_NAME, ACB_WSTRUST,
+ &machine_credentials);
if (!join_ctx) {
printf("Failed to join as Workstation\n");
return False;
}
-#if 0
+
+ userdomain = lp_parm_string(-1, "torture", "userdomain");
+ if (!userdomain) {
+ userdomain = lp_workgroup();
+ }
+
user_ctx = torture_create_testuser(TEST_USER_NAME,
- lp_parm_string(-1, "torture", "userdomain"),
+ userdomain,
ACB_NORMAL,
&user_password);
if (!user_ctx) {
@@ -1421,8 +1422,6 @@ BOOL torture_rpc_samlogon(void)
return False;
}
-#endif
-
status = dcerpc_parse_binding(mem_ctx, binding, &b);
if (!NT_STATUS_IS_OK(status)) {
printf("Bad binding string %s\n", binding);
@@ -1436,14 +1435,6 @@ BOOL torture_rpc_samlogon(void)
b->flags &= ~DCERPC_AUTH_OPTIONS;
b->flags |= DCERPC_SCHANNEL | DCERPC_SIGN | DCERPC_SCHANNEL_128;
- cli_credentials_set_workstation(machine_credentials, TEST_MACHINE_NAME, CRED_SPECIFIED);
- cli_credentials_set_domain(machine_credentials, lp_workgroup(), CRED_SPECIFIED);
- cli_credentials_set_realm(machine_credentials, lp_realm(), CRED_SPECIFIED);
- cli_credentials_set_username(machine_credentials, test_machine_account, CRED_SPECIFIED);
- cli_credentials_set_password(machine_credentials, machine_password, CRED_SPECIFIED);
- cli_credentials_set_secure_channel_type(machine_credentials,
- SEC_CHAN_WKSTA);
-
status = dcerpc_pipe_connect_b(mem_ctx, &p, b,
DCERPC_NETLOGON_UUID,
DCERPC_NETLOGON_VERSION,
@@ -1551,9 +1542,8 @@ BOOL torture_rpc_samlogon(void)
NT_STATUS_NO_SUCH_USER,
NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT
},
-#if 0
{
- lp_parm_string(-1, "torture", "userdomain"),
+ userdomain,
TEST_USER_NAME,
user_password,
True,
@@ -1576,13 +1566,12 @@ BOOL torture_rpc_samlogon(void)
talloc_asprintf(mem_ctx,
"%s@%s",
TEST_USER_NAME,
- lp_parm_string(-1, "torture", "userdomain")),
+ userdomain),
user_password,
False,
NT_STATUS_OK,
NT_STATUS_OK
}
-#endif
};
/* Try all the tests for different username forms */
@@ -1640,8 +1629,6 @@ failed:
talloc_free(mem_ctx);
torture_leave_domain(join_ctx);
-#if 0
torture_leave_domain(user_ctx);
-#endif
return ret;
}
diff --git a/source4/torture/rpc/schannel.c b/source4/torture/rpc/schannel.c
index 90f5fb0361..d73dae08b4 100644
--- a/source4/torture/rpc/schannel.c
+++ b/source4/torture/rpc/schannel.c
@@ -147,7 +147,6 @@ static BOOL test_schannel(TALLOC_CTX *mem_ctx,
uint32_t schannel_type)
{
void *join_ctx;
- const char *machine_password;
NTSTATUS status;
const char *binding = lp_parm_string(-1, "torture", "binding");
struct dcerpc_binding *b;
@@ -157,10 +156,9 @@ static BOOL test_schannel(TALLOC_CTX *mem_ctx,
struct cli_credentials *credentials;
TALLOC_CTX *test_ctx = talloc_named(mem_ctx, 0, "test_schannel context");
- char *test_machine_account = talloc_asprintf(NULL, "%s$", TEST_MACHINE_NAME);
join_ctx = torture_join_domain(TEST_MACHINE_NAME,
- acct_flags, &machine_password);
+ acct_flags, &credentials);
if (!join_ctx) {
printf("Failed to join domain with acct_flags=0x%x\n", acct_flags);
talloc_free(test_ctx);
@@ -176,24 +174,6 @@ static BOOL test_schannel(TALLOC_CTX *mem_ctx,
b->flags &= ~DCERPC_AUTH_OPTIONS;
b->flags |= dcerpc_flags;
- credentials = cli_credentials_init(mem_ctx);
- cli_credentials_set_conf(credentials);
-
- cli_credentials_set_domain(credentials, lp_workgroup(), CRED_SPECIFIED);
- cli_credentials_set_workstation(credentials, TEST_MACHINE_NAME, CRED_SPECIFIED);
- cli_credentials_set_username(credentials, test_machine_account, CRED_SPECIFIED);
- cli_credentials_set_password(credentials, machine_password, CRED_SPECIFIED);
-
- if (acct_flags == ACB_WSTRUST) {
- cli_credentials_set_secure_channel_type(credentials,
- SEC_CHAN_WKSTA);
- } else if (acct_flags == ACB_SVRTRUST) {
- cli_credentials_set_secure_channel_type(credentials,
- SEC_CHAN_BDC);
- } else {
- goto failed;
- }
-
status = dcerpc_pipe_connect_b(test_ctx,
&p, b,
DCERPC_SAMR_UUID,
diff --git a/source4/torture/rpc/testjoin.c b/source4/torture/rpc/testjoin.c
index 7c62353f53..cfb34ad8ad 100644
--- a/source4/torture/rpc/testjoin.c
+++ b/source4/torture/rpc/testjoin.c
@@ -278,7 +278,7 @@ failed:
struct test_join *torture_join_domain(const char *machine_name,
uint32_t acct_flags,
- const char **machine_password)
+ struct cli_credentials **machine_credentials)
{
NTSTATUS status;
struct libnet_context *libnet_ctx;
@@ -308,6 +308,9 @@ struct test_join *torture_join_domain(const char *machine_name,
libnet_ctx->cred = cmdline_credentials;
libnet_r->in.binding = lp_parm_string(-1, "torture", "binding");
+ if (!libnet_r->in.binding) {
+ libnet_r->in.binding = talloc_asprintf(libnet_r, "ncacn_np:%s", lp_parm_string(-1, "torture", "host"));
+ }
libnet_r->in.level = LIBNET_JOINDOMAIN_SPECIFIED;
libnet_r->in.netbios_name = machine_name;
libnet_r->in.account_name = talloc_asprintf(libnet_r, "%s$", machine_name);
@@ -319,15 +322,33 @@ struct test_join *torture_join_domain(const char *machine_name,
libnet_r->in.acct_type = acct_flags;
status = libnet_JoinDomain(libnet_ctx, libnet_r, libnet_r);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
+ struct samr_DeleteUser d;
+ d.in.user_handle = &libnet_r->out.user_handle;
+ d.out.user_handle = &libnet_r->out.user_handle;
+
+ /* Delete machine account */
+ status = dcerpc_samr_DeleteUser(libnet_r->out.samr_pipe, tj, &d);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("Delete of machine account failed\n");
+ } else {
+ printf("Delete of machine account was successful.\n");
+ }
+ status = libnet_JoinDomain(libnet_ctx, libnet_r, libnet_r);
+ }
+
if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0, ("Domain join failed - %s.\n", nt_errstr(status)));
+ if (libnet_r->out.error_string) {
+ DEBUG(0, ("Domain join failed - %s.\n", libnet_r->out.error_string));
+ } else {
+ DEBUG(0, ("Domain join failed - %s.\n", nt_errstr(status)));
+ }
talloc_free(tj);
return NULL;
}
tj->p = libnet_r->out.samr_pipe;
tj->user_handle = *libnet_r->out.user_handle;
tj->dom_sid = dom_sid_string(tj, libnet_r->out.domain_sid);
- *machine_password = libnet_r->out.join_password;
ZERO_STRUCT(u);
s.in.user_handle = &tj->user_handle;
@@ -358,6 +379,27 @@ struct test_join *torture_join_domain(const char *machine_name,
libnet_r->out.domain_name,
tj->dom_sid));
+ *machine_credentials = cli_credentials_init(tj);
+ cli_credentials_set_conf(*machine_credentials);
+ cli_credentials_set_workstation(*machine_credentials, machine_name, CRED_SPECIFIED);
+ cli_credentials_set_domain(*machine_credentials, libnet_r->out.domain_name, CRED_SPECIFIED);
+ if (libnet_r->out.realm) {
+ cli_credentials_set_realm(*machine_credentials, libnet_r->out.realm, CRED_SPECIFIED);
+ }
+ cli_credentials_set_username(*machine_credentials, libnet_r->in.account_name, CRED_SPECIFIED);
+ cli_credentials_set_password(*machine_credentials, libnet_r->out.join_password, CRED_SPECIFIED);
+ if (acct_flags & ACB_SVRTRUST) {
+ cli_credentials_set_secure_channel_type(*machine_credentials,
+ SEC_CHAN_BDC);
+ } else if (acct_flags & ACB_WSTRUST) {
+ cli_credentials_set_secure_channel_type(*machine_credentials,
+ SEC_CHAN_WKSTA);
+ } else {
+ DEBUG(0, ("Invalid account type specificed to torture_join_domain\n"));
+ talloc_free(*machine_credentials);
+ return NULL;
+ }
+
return tj;
}
@@ -480,7 +522,7 @@ struct test_join_ads_dc {
struct test_join_ads_dc *torture_join_domain_ads_dc(const char *machine_name,
const char *domain,
- const char **machine_password)
+ struct cli_credentials **machine_credentials)
{
struct test_join_ads_dc *join;
@@ -491,7 +533,7 @@ struct test_join_ads_dc *torture_join_domain_ads_dc(const char *machine_name,
join->join = torture_join_domain(machine_name,
ACB_SVRTRUST,
- machine_password);
+ machine_credentials);
if (!join->join) {
return NULL;