summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
authorVolker Lendecke <vlendec@samba.org>2005-01-07 18:13:53 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:08:31 -0500
commite357b5b64a897e3b3570714da0584f966e6a0d42 (patch)
treeb9d7c37d0e99fc3ae6263cbe77faaf2379d09485 /source4
parent297a63b6c96446ecc1619554809c12fd8c81dfdf (diff)
downloadsamba-e357b5b64a897e3b3570714da0584f966e6a0d42.tar.gz
samba-e357b5b64a897e3b3570714da0584f966e6a0d42.tar.bz2
samba-e357b5b64a897e3b3570714da0584f966e6a0d42.zip
r4597: Recently I've come across a case where I suspect the GetAnyDCName request to
kill the domain controller I'm asking. In samba4 torturing the DC is just so easy, commit the test to randomized ask for DCs for all trusted domains. Volker (This used to be commit edb918762e1e46909520f13e28dcf8cedb2919b1)
Diffstat (limited to 'source4')
-rw-r--r--source4/torture/rpc/netlogon.c94
1 files changed, 94 insertions, 0 deletions
diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c
index 7bfd3a9a6c..dd6a6917f9 100644
--- a/source4/torture/rpc/netlogon.c
+++ b/source4/torture/rpc/netlogon.c
@@ -1091,6 +1091,99 @@ static BOOL test_GetDomainInfo_async(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
return (*async_counter) == ASYNC_COUNT;
}
+static BOOL test_ManyGetDCName(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
+{
+ NTSTATUS status;
+ struct dcerpc_pipe *p2;
+ struct lsa_ObjectAttribute attr;
+ struct lsa_QosInfo qos;
+ struct lsa_OpenPolicy2 o;
+ struct policy_handle lsa_handle;
+ struct lsa_DomainList domains;
+
+ struct lsa_EnumTrustDom t;
+ uint32_t resume_handle = 0;
+ struct netr_GetAnyDCName d;
+
+ int i;
+ BOOL ret = True;
+
+ if (p->transport.transport != NCACN_NP) {
+ return True;
+ }
+
+ printf("Torturing GetDCName\n");
+
+ status = dcerpc_secondary_connection(p, &p2,
+ DCERPC_LSARPC_NAME,
+ DCERPC_LSARPC_UUID,
+ DCERPC_LSARPC_VERSION);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("Failed to create secondary connection\n");
+ return False;
+ }
+
+ qos.len = 0;
+ qos.impersonation_level = 2;
+ qos.context_mode = 1;
+ qos.effective_only = 0;
+
+ attr.len = 0;
+ attr.root_dir = NULL;
+ attr.object_name = NULL;
+ attr.attributes = 0;
+ attr.sec_desc = NULL;
+ attr.sec_qos = &qos;
+
+ o.in.system_name = "\\";
+ o.in.attr = &attr;
+ o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+ o.out.handle = &lsa_handle;
+
+ status = dcerpc_lsa_OpenPolicy2(p2, mem_ctx, &o);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("OpenPolicy2 failed - %s\n", nt_errstr(status));
+ return False;
+ }
+
+ t.in.handle = &lsa_handle;
+ t.in.resume_handle = &resume_handle;
+ t.in.num_entries = 1000;
+ t.out.domains = &domains;
+ t.out.resume_handle = &resume_handle;
+
+ status = dcerpc_lsa_EnumTrustDom(p2, mem_ctx, &t);
+
+ if ((!NT_STATUS_IS_OK(status) &&
+ (!NT_STATUS_EQUAL(status, NT_STATUS_NO_MORE_ENTRIES)))) {
+ printf("Could not list domains\n");
+ return False;
+ }
+
+ dcerpc_pipe_close(p2);
+
+ d.in.logon_server = talloc_asprintf(mem_ctx, "\\\\%s",
+ dcerpc_server_name(p));
+
+ for (i=0; i<domains.count * 4; i++) {
+ struct lsa_DomainInformation *info =
+ &domains.domains[rand()%domains.count];
+
+ d.in.domainname = info->name.string;
+
+ status = dcerpc_netr_GetAnyDCName(p, mem_ctx, &d);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("GetAnyDCName - %s\n", nt_errstr(status));
+ continue;
+ }
+
+ printf("\tDC for domain %s is %s\n", info->name.string,
+ d.out.dcname ? d.out.dcname : "unknown");
+ }
+
+ return ret;
+}
+
BOOL torture_rpc_netlogon(void)
{
@@ -1127,6 +1220,7 @@ BOOL torture_rpc_netlogon(void)
ret &= test_AccountDeltas(p, mem_ctx);
ret &= test_AccountSync(p, mem_ctx);
ret &= test_GetDcName(p, mem_ctx);
+ ret &= test_ManyGetDCName(p, mem_ctx);
ret &= test_LogonControl(p, mem_ctx);
ret &= test_GetAnyDCName(p, mem_ctx);
ret &= test_LogonControl2(p, mem_ctx);