diff options
-rw-r--r-- | source4/torture/rpc/samsync.c | 268 |
1 files changed, 142 insertions, 126 deletions
diff --git a/source4/torture/rpc/samsync.c b/source4/torture/rpc/samsync.c index 806375a8d8..bf3dba54ee 100644 --- a/source4/torture/rpc/samsync.c +++ b/source4/torture/rpc/samsync.c @@ -44,7 +44,8 @@ /* try a netlogon SamLogon */ -static NTSTATUS test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, +static NTSTATUS test_SamLogon(struct torture_context *tctx, + struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct netlogon_creds_CredentialState *creds, const char *domain, const char *account_name, const char *workstation, @@ -106,7 +107,7 @@ static NTSTATUS test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, status = dcerpc_netr_LogonSamLogon_r(b, mem_ctx, &r); if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) { - printf("Credential chaining failed\n"); + torture_comment(tctx, "Credential chaining failed\n"); } if (info3) { @@ -150,7 +151,8 @@ struct samsync_trusted_domain { const char *name; }; -static struct policy_handle *samsync_open_domain(TALLOC_CTX *mem_ctx, +static struct policy_handle *samsync_open_domain(struct torture_context *tctx, + TALLOC_CTX *mem_ctx, struct samsync_state *samsync_state, const char *domain, struct dom_sid **sid_p) @@ -169,7 +171,7 @@ static struct policy_handle *samsync_open_domain(TALLOC_CTX *mem_ctx, nt_status = dcerpc_samr_LookupDomain_r(samsync_state->b_samr, mem_ctx, &l); if (!NT_STATUS_IS_OK(nt_status)) { - printf("LookupDomain failed - %s\n", nt_errstr(nt_status)); + torture_comment(tctx, "LookupDomain failed - %s\n", nt_errstr(nt_status)); return NULL; } @@ -184,14 +186,15 @@ static struct policy_handle *samsync_open_domain(TALLOC_CTX *mem_ctx, nt_status = dcerpc_samr_OpenDomain_r(samsync_state->b_samr, mem_ctx, &o); if (!NT_STATUS_IS_OK(nt_status)) { - printf("OpenDomain failed - %s\n", nt_errstr(nt_status)); + torture_comment(tctx, "OpenDomain failed - %s\n", nt_errstr(nt_status)); return NULL; } return domain_handle; } -static struct sec_desc_buf *samsync_query_samr_sec_desc(TALLOC_CTX *mem_ctx, +static struct sec_desc_buf *samsync_query_samr_sec_desc(struct torture_context *tctx, + TALLOC_CTX *mem_ctx, struct samsync_state *samsync_state, struct policy_handle *handle) { @@ -205,14 +208,15 @@ static struct sec_desc_buf *samsync_query_samr_sec_desc(TALLOC_CTX *mem_ctx, status = dcerpc_samr_QuerySecurity_r(samsync_state->b_samr, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { - printf("SAMR QuerySecurity failed - %s\n", nt_errstr(status)); + torture_comment(tctx, "SAMR QuerySecurity failed - %s\n", nt_errstr(status)); return NULL; } return sdbuf; } -static struct sec_desc_buf *samsync_query_lsa_sec_desc(TALLOC_CTX *mem_ctx, +static struct sec_desc_buf *samsync_query_lsa_sec_desc(struct torture_context *tctx, + TALLOC_CTX *mem_ctx, struct samsync_state *samsync_state, struct policy_handle *handle) { @@ -226,7 +230,7 @@ static struct sec_desc_buf *samsync_query_lsa_sec_desc(TALLOC_CTX *mem_ctx, status = dcerpc_lsa_QuerySecurity_r(samsync_state->b_lsa, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { - printf("LSA QuerySecurity failed - %s\n", nt_errstr(status)); + torture_comment(tctx, "LSA QuerySecurity failed - %s\n", nt_errstr(status)); return NULL; } @@ -235,7 +239,7 @@ static struct sec_desc_buf *samsync_query_lsa_sec_desc(TALLOC_CTX *mem_ctx, #define TEST_UINT64_EQUAL(i1, i2) do {\ if (i1 != i2) {\ - printf("%s: uint64 mismatch: " #i1 ": 0x%016llx (%lld) != " #i2 ": 0x%016llx (%lld)\n", \ + torture_comment(tctx, "%s: uint64 mismatch: " #i1 ": 0x%016llx (%lld) != " #i2 ": 0x%016llx (%lld)\n", \ __location__, \ (long long)i1, (long long)i1, \ (long long)i2, (long long)i2);\ @@ -244,14 +248,14 @@ static struct sec_desc_buf *samsync_query_lsa_sec_desc(TALLOC_CTX *mem_ctx, } while (0) #define TEST_INT_EQUAL(i1, i2) do {\ if (i1 != i2) {\ - printf("%s: integer mismatch: " #i1 ": 0x%08x (%d) != " #i2 ": 0x%08x (%d)\n", \ + torture_comment(tctx, "%s: integer mismatch: " #i1 ": 0x%08x (%d) != " #i2 ": 0x%08x (%d)\n", \ __location__, i1, i1, i2, i2); \ ret = false;\ } \ } while (0) #define TEST_TIME_EQUAL(t1, t2) do {\ if (t1 != t2) {\ - printf("%s: NTTIME mismatch: " #t1 ":%s != " #t2 ": %s\n", \ + torture_comment(tctx, "%s: NTTIME mismatch: " #t1 ":%s != " #t2 ": %s\n", \ __location__, nt_time_string(mem_ctx, t1), nt_time_string(mem_ctx, t2));\ ret = false;\ } \ @@ -260,7 +264,7 @@ static struct sec_desc_buf *samsync_query_lsa_sec_desc(TALLOC_CTX *mem_ctx, #define TEST_STRING_EQUAL(s1, s2) do {\ if (!((!s1.string || s1.string[0]=='\0') && (!s2.string || s2.string[0]=='\0')) \ && strcmp_safe(s1.string, s2.string) != 0) {\ - printf("%s: string mismatch: " #s1 ":%s != " #s2 ": %s\n", \ + torture_comment(tctx, "%s: string mismatch: " #s1 ":%s != " #s2 ": %s\n", \ __location__, s1.string, s2.string);\ ret = false;\ } \ @@ -269,7 +273,7 @@ static struct sec_desc_buf *samsync_query_lsa_sec_desc(TALLOC_CTX *mem_ctx, #define TEST_BINARY_STRING_EQUAL(s1, s2) do {\ if (!((!s1.array || s1.array[0]=='\0') && (!s2.array || s2.array[0]=='\0')) \ && memcmp(s1.array, s2.array, s1.length * 2) != 0) {\ - printf("%s: string mismatch: " #s1 ":%s != " #s2 ": %s\n", \ + torture_comment(tctx, "%s: string mismatch: " #s1 ":%s != " #s2 ": %s\n", \ __location__, (const char *)s1.array, (const char *)s2.array);\ ret = false;\ } \ @@ -277,7 +281,7 @@ static struct sec_desc_buf *samsync_query_lsa_sec_desc(TALLOC_CTX *mem_ctx, #define TEST_SID_EQUAL(s1, s2) do {\ if (!dom_sid_equal(s1, s2)) {\ - printf("%s: dom_sid mismatch: " #s1 ":%s != " #s2 ": %s\n", \ + torture_comment(tctx, "%s: dom_sid mismatch: " #s1 ":%s != " #s2 ": %s\n", \ __location__, dom_sid_string(mem_ctx, s1), dom_sid_string(mem_ctx, s2));\ ret = false;\ } \ @@ -287,15 +291,15 @@ static struct sec_desc_buf *samsync_query_lsa_sec_desc(TALLOC_CTX *mem_ctx, * get back the SACL part of the SD when we ask over SAMR */ #define TEST_SEC_DESC_EQUAL(sd1, pipe, handle) do {\ - struct sec_desc_buf *sdbuf = samsync_query_ ##pipe## _sec_desc(mem_ctx, samsync_state, \ + struct sec_desc_buf *sdbuf = samsync_query_ ##pipe## _sec_desc(tctx, mem_ctx, samsync_state, \ handle); \ if (!sdbuf || !sdbuf->sd) { \ - printf("Could not obtain security descriptor to match " #sd1 "\n");\ + torture_comment(tctx, "Could not obtain security descriptor to match " #sd1 "\n");\ ret = false; \ } else {\ if (!security_descriptor_mask_equal(sd1.sd, sdbuf->sd, \ ~SEC_DESC_SACL_PRESENT)) {\ - printf("Security Descriptor Mismatch for %s:\n", #sd1);\ + torture_comment(tctx, "Security Descriptor Mismatch for %s:\n", #sd1);\ ndr_print_debug((ndr_print_fn_t)ndr_print_security_descriptor, "SamSync", sd1.sd);\ ndr_print_debug((ndr_print_fn_t)ndr_print_security_descriptor, "SamR", sdbuf->sd);\ ret = false;\ @@ -303,7 +307,7 @@ static struct sec_desc_buf *samsync_query_lsa_sec_desc(TALLOC_CTX *mem_ctx, }\ } while (0) -static bool samsync_handle_domain(TALLOC_CTX *mem_ctx, struct samsync_state *samsync_state, +static bool samsync_handle_domain(struct torture_context *tctx, TALLOC_CTX *mem_ctx, struct samsync_state *samsync_state, int database_id, struct netr_DELTA_ENUM *delta) { struct netr_DELTA_DOMAIN *domain = delta->delta_union.domain; @@ -322,11 +326,11 @@ static bool samsync_handle_domain(TALLOC_CTX *mem_ctx, struct samsync_state *sam break; case SAM_DATABASE_BUILTIN: if (strcasecmp_m("BUILTIN", domain->domain_name.string) != 0) { - printf("BUILTIN domain has different name: %s\n", domain->domain_name.string); + torture_comment(tctx, "BUILTIN domain has different name: %s\n", domain->domain_name.string); } break; case SAM_DATABASE_PRIVS: - printf("DOMAIN entry on privs DB!\n"); + torture_comment(tctx, "DOMAIN entry on privs DB!\n"); return false; break; } @@ -336,7 +340,7 @@ static bool samsync_handle_domain(TALLOC_CTX *mem_ctx, struct samsync_state *sam talloc_reference(samsync_state, domain->domain_name.string); } else { if (strcasecmp_m(samsync_state->domain_name[database_id], domain->domain_name.string) != 0) { - printf("Domain has name varies!: %s != %s\n", samsync_state->domain_name[database_id], + torture_comment(tctx, "Domain has name varies!: %s != %s\n", samsync_state->domain_name[database_id], domain->domain_name.string); return false; } @@ -345,14 +349,15 @@ static bool samsync_handle_domain(TALLOC_CTX *mem_ctx, struct samsync_state *sam if (!samsync_state->domain_handle[database_id]) { samsync_state->domain_handle[database_id] = talloc_reference(samsync_state, - samsync_open_domain(mem_ctx, samsync_state, samsync_state->domain_name[database_id], + samsync_open_domain(tctx, + mem_ctx, samsync_state, samsync_state->domain_name[database_id], &dom_sid)); } if (samsync_state->domain_handle[database_id]) { samsync_state->sid[database_id] = talloc_reference(samsync_state, dom_sid); } - printf("\tsequence_nums[%d/%s]=%llu\n", + torture_comment(tctx, "\tsequence_nums[%d/%s]=%llu\n", database_id, domain->domain_name.string, (long long)samsync_state->seq_num[database_id]); @@ -365,7 +370,7 @@ static bool samsync_handle_domain(TALLOC_CTX *mem_ctx, struct samsync_state *sam nt_status = dcerpc_samr_QueryDomainInfo_r(samsync_state->b_samr, mem_ctx, &q[levels[i]]); if (!NT_STATUS_IS_OK(nt_status)) { - printf("QueryDomainInfo level %u failed - %s\n", + torture_comment(tctx, "QueryDomainInfo level %u failed - %s\n", q[levels[i]].in.level, nt_errstr(nt_status)); return false; } @@ -395,7 +400,8 @@ static bool samsync_handle_domain(TALLOC_CTX *mem_ctx, struct samsync_state *sam return ret; } -static bool samsync_handle_policy(TALLOC_CTX *mem_ctx, struct samsync_state *samsync_state, +static bool samsync_handle_policy(struct torture_context *tctx, + TALLOC_CTX *mem_ctx, struct samsync_state *samsync_state, int database_id, struct netr_DELTA_ENUM *delta) { struct netr_DELTA_POLICY *policy = delta->delta_union.policy; @@ -408,19 +414,19 @@ static bool samsync_handle_policy(TALLOC_CTX *mem_ctx, struct samsync_state *sam talloc_reference(samsync_state, policy->primary_domain_name.string); } else { if (strcasecmp_m(samsync_state->domain_name[SAM_DATABASE_DOMAIN], policy->primary_domain_name.string) != 0) { - printf("PRIMARY domain has name varies between DOMAIN and POLICY!: %s != %s\n", samsync_state->domain_name[SAM_DATABASE_DOMAIN], + torture_comment(tctx, "PRIMARY domain has name varies between DOMAIN and POLICY!: %s != %s\n", samsync_state->domain_name[SAM_DATABASE_DOMAIN], policy->primary_domain_name.string); return false; } } if (!dom_sid_equal(samsync_state->sid[SAM_DATABASE_DOMAIN], policy->sid)) { - printf("Domain SID from POLICY (%s) does not match domain sid from SAMR (%s)\n", + torture_comment(tctx, "Domain SID from POLICY (%s) does not match domain sid from SAMR (%s)\n", dom_sid_string(mem_ctx, policy->sid), dom_sid_string(mem_ctx, samsync_state->sid[SAM_DATABASE_DOMAIN])); return false; } - printf("\tsequence_nums[%d/PRIVS]=%llu\n", + torture_comment(tctx, "\tsequence_nums[%d/PRIVS]=%llu\n", database_id, (long long)samsync_state->seq_num[database_id]); return true; @@ -450,7 +456,7 @@ static bool samsync_handle_user(struct torture_context *tctx, TALLOC_CTX *mem_ct struct samr_RidWithAttributeArray *rids; if (!samsync_state->domain_name || !samsync_state->domain_handle[database_id]) { - printf("SamSync needs domain information before the users\n"); + torture_comment(tctx, "SamSync needs domain information before the users\n"); return false; } @@ -461,7 +467,7 @@ static bool samsync_handle_user(struct torture_context *tctx, TALLOC_CTX *mem_ct nt_status = dcerpc_samr_OpenUser_r(samsync_state->b_samr, mem_ctx, &r); if (!NT_STATUS_IS_OK(nt_status)) { - printf("OpenUser(%u) failed - %s\n", rid, nt_errstr(nt_status)); + torture_comment(tctx, "OpenUser(%u) failed - %s\n", rid, nt_errstr(nt_status)); return false; } @@ -473,7 +479,7 @@ static bool samsync_handle_user(struct torture_context *tctx, TALLOC_CTX *mem_ct nt_status = dcerpc_samr_QueryUserInfo_r(samsync_state->b_samr, mem_ctx, &q); if (!NT_STATUS_IS_OK(nt_status)) { - printf("QueryUserInfo level %u failed - %s\n", + torture_comment(tctx, "QueryUserInfo level %u failed - %s\n", q.in.level, nt_errstr(nt_status)); ret = false; } @@ -483,13 +489,13 @@ static bool samsync_handle_user(struct torture_context *tctx, TALLOC_CTX *mem_ct nt_status = dcerpc_samr_GetGroupsForUser_r(samsync_state->b_samr, mem_ctx, &getgroups); if (!NT_STATUS_IS_OK(nt_status)) { - printf("GetGroupsForUser failed - %s\n", + torture_comment(tctx, "GetGroupsForUser failed - %s\n", nt_errstr(nt_status)); ret = false; } if (!test_samr_handle_Close(samsync_state->b_samr, mem_ctx, &user_handle)) { - printf("samr_handle_Close failed - %s\n", + torture_comment(tctx, "samr_handle_Close failed - %s\n", nt_errstr(nt_status)); ret = false; } @@ -498,7 +504,7 @@ static bool samsync_handle_user(struct torture_context *tctx, TALLOC_CTX *mem_ct } if (!NT_STATUS_IS_OK(nt_status)) { - printf("QueryUserInfo level %u failed - %s\n", + torture_comment(tctx, "QueryUserInfo level %u failed - %s\n", q.in.level, nt_errstr(nt_status)); return false; } @@ -522,7 +528,7 @@ static bool samsync_handle_user(struct torture_context *tctx, TALLOC_CTX *mem_ct if (ret) { if (memcmp(info->info21.logon_hours.bits, user->logon_hours.bits, info->info21.logon_hours.units_per_week/8) != 0) { - printf("Logon hours mismatch\n"); + torture_comment(tctx, "Logon hours mismatch\n"); ret = false; } } @@ -540,11 +546,11 @@ static bool samsync_handle_user(struct torture_context *tctx, TALLOC_CTX *mem_ct TEST_INT_EQUAL((info->info21.acct_flags & ~ACB_PW_EXPIRED), user->acct_flags); if (user->acct_flags & ACB_PWNOEXP) { if (info->info21.acct_flags & ACB_PW_EXPIRED) { - printf("ACB flags mismatch: both expired and no expiry!\n"); + torture_comment(tctx, "ACB flags mismatch: both expired and no expiry!\n"); ret = false; } if (info->info21.force_password_change != (NTTIME)0x7FFFFFFFFFFFFFFFULL) { - printf("ACB flags mismatch: no password expiry, but force password change 0x%016llx (%lld) != 0x%016llx (%lld)\n", + torture_comment(tctx, "ACB flags mismatch: no password expiry, but force password change 0x%016llx (%lld) != 0x%016llx (%lld)\n", (unsigned long long)info->info21.force_password_change, (unsigned long long)info->info21.force_password_change, (unsigned long long)0x7FFFFFFFFFFFFFFFULL, (unsigned long long)0x7FFFFFFFFFFFFFFFULL @@ -587,7 +593,7 @@ static bool samsync_handle_user(struct torture_context *tctx, TALLOC_CTX *mem_ct nt_hash_p = &nt_hash; } } else { - printf("Failed to parse Sensitive Data for %s:\n", username); + torture_comment(tctx, "Failed to parse Sensitive Data for %s:\n", username); #if 0 dump_data(0, data.data, data.length); #endif @@ -604,7 +610,8 @@ static bool samsync_handle_user(struct torture_context *tctx, TALLOC_CTX *mem_ct DEBUG(100,("ACCOUNT [%s\\%-25s] LMHASH %s\n", samsync_state->domain_name[0], username, data_blob_hex_string_upper(mem_ctx, &lm_hash_blob))); } - nt_status = test_SamLogon(samsync_state->p_netlogon_wksta, mem_ctx, samsync_state->creds_netlogon_wksta, + nt_status = test_SamLogon(tctx, + samsync_state->p_netlogon_wksta, mem_ctx, samsync_state->creds_netlogon_wksta, domain, username, TEST_WKSTA_MACHINE_NAME, @@ -705,21 +712,22 @@ static bool samsync_handle_user(struct torture_context *tctx, TALLOC_CTX *mem_ct for (i = 0; i < rids->count; i++) { if (matched[i] == false) { ret = false; - printf("Could not find group RID %u found in getgroups in NETLOGON reply\n", + torture_comment(tctx, "Could not find group RID %u found in getgroups in NETLOGON reply\n", rids->rids[i].rid); } } } return ret; } else { - printf("Could not validate password for user %s\\%s: %s\n", + torture_comment(tctx, "Could not validate password for user %s\\%s: %s\n", domain, username, nt_errstr(nt_status)); return false; } return false; } -static bool samsync_handle_alias(TALLOC_CTX *mem_ctx, struct samsync_state *samsync_state, +static bool samsync_handle_alias(struct torture_context *tctx, + TALLOC_CTX *mem_ctx, struct samsync_state *samsync_state, int database_id, struct netr_DELTA_ENUM *delta) { uint32_t rid = delta->delta_id_union.rid; @@ -733,7 +741,7 @@ static bool samsync_handle_alias(TALLOC_CTX *mem_ctx, struct samsync_state *sams struct policy_handle alias_handle; if (!samsync_state->domain_name || !samsync_state->domain_handle[database_id]) { - printf("SamSync needs domain information before the users\n"); + torture_comment(tctx, "SamSync needs domain information before the users\n"); return false; } @@ -744,7 +752,7 @@ static bool samsync_handle_alias(TALLOC_CTX *mem_ctx, struct samsync_state *sams nt_status = dcerpc_samr_OpenAlias_r(samsync_state->b_samr, mem_ctx, &r); if (!NT_STATUS_IS_OK(nt_status)) { - printf("OpenUser(%u) failed - %s\n", rid, nt_errstr(nt_status)); + torture_comment(tctx, "OpenUser(%u) failed - %s\n", rid, nt_errstr(nt_status)); return false; } @@ -760,7 +768,7 @@ static bool samsync_handle_alias(TALLOC_CTX *mem_ctx, struct samsync_state *sams } if (!NT_STATUS_IS_OK(nt_status)) { - printf("QueryAliasInfo level %u failed - %s\n", + torture_comment(tctx, "QueryAliasInfo level %u failed - %s\n", q.in.level, nt_errstr(nt_status)); return false; } @@ -770,7 +778,8 @@ static bool samsync_handle_alias(TALLOC_CTX *mem_ctx, struct samsync_state *sams return ret; } -static bool samsync_handle_group(TALLOC_CTX *mem_ctx, struct samsync_state *samsync_state, +static bool samsync_handle_group(struct torture_context *tctx, + TALLOC_CTX *mem_ctx, struct samsync_state *samsync_state, int database_id, struct netr_DELTA_ENUM *delta) { uint32_t rid = delta->delta_id_union.rid; @@ -784,7 +793,7 @@ static bool samsync_handle_group(TALLOC_CTX *mem_ctx, struct samsync_state *sams struct policy_handle group_handle; if (!samsync_state->domain_name || !samsync_state->domain_handle[database_id]) { - printf("SamSync needs domain information before the users\n"); + torture_comment(tctx, "SamSync needs domain information before the users\n"); return false; } @@ -795,7 +804,7 @@ static bool samsync_handle_group(TALLOC_CTX *mem_ctx, struct samsync_state *sams nt_status = dcerpc_samr_OpenGroup_r(samsync_state->b_samr, mem_ctx, &r); if (!NT_STATUS_IS_OK(nt_status)) { - printf("OpenUser(%u) failed - %s\n", rid, nt_errstr(nt_status)); + torture_comment(tctx, "OpenUser(%u) failed - %s\n", rid, nt_errstr(nt_status)); return false; } @@ -811,7 +820,7 @@ static bool samsync_handle_group(TALLOC_CTX *mem_ctx, struct samsync_state *sams } if (!NT_STATUS_IS_OK(nt_status)) { - printf("QueryGroupInfo level %u failed - %s\n", + torture_comment(tctx, "QueryGroupInfo level %u failed - %s\n", q.in.level, nt_errstr(nt_status)); return false; } @@ -822,7 +831,8 @@ static bool samsync_handle_group(TALLOC_CTX *mem_ctx, struct samsync_state *sams return ret; } -static bool samsync_handle_secret(TALLOC_CTX *mem_ctx, struct samsync_state *samsync_state, +static bool samsync_handle_secret(struct torture_context *tctx, + TALLOC_CTX *mem_ctx, struct samsync_state *samsync_state, int database_id, struct netr_DELTA_ENUM *delta) { struct netr_DELTA_SECRET *secret = delta->delta_union.secret; @@ -858,7 +868,7 @@ static bool samsync_handle_secret(TALLOC_CTX *mem_ctx, struct samsync_state *sam status = dcerpc_lsa_OpenSecret_r(samsync_state->b_lsa, mem_ctx, &o); if (!NT_STATUS_IS_OK(status)) { - printf("OpenSecret failed - %s\n", nt_errstr(status)); + torture_comment(tctx, "OpenSecret failed - %s\n", nt_errstr(status)); return false; } @@ -868,7 +878,7 @@ static bool samsync_handle_secret(TALLOC_CTX *mem_ctx, struct samsync_state *sam */ status = dcerpc_fetch_session_key(samsync_state->p_lsa, &session_key); if (!NT_STATUS_IS_OK(status)) { - printf("dcerpc_fetch_session_key failed - %s\n", nt_errstr(status)); + torture_comment(tctx, "dcerpc_fetch_session_key failed - %s\n", nt_errstr(status)); return false; } @@ -891,7 +901,7 @@ static bool samsync_handle_secret(TALLOC_CTX *mem_ctx, struct samsync_state *sam /* some things are just off limits */ return true; } else if (!NT_STATUS_IS_OK(status)) { - printf("QuerySecret failed - %s\n", nt_errstr(status)); + torture_comment(tctx, "QuerySecret failed - %s\n", nt_errstr(status)); return false; } @@ -903,28 +913,28 @@ static bool samsync_handle_secret(TALLOC_CTX *mem_ctx, struct samsync_state *sam status = sess_decrypt_blob(mem_ctx, &lsa_blob1, &session_key, &lsa_blob_out); if (!NT_STATUS_IS_OK(status)) { - printf("Failed to decrypt secrets OLD blob: %s\n", nt_errstr(status)); + torture_comment(tctx, "Failed to decrypt secrets OLD blob: %s\n", nt_errstr(status)); return false; } if (!q.out.old_mtime) { - printf("OLD mtime not available on LSA for secret %s\n", old->name); + torture_comment(tctx, "OLD mtime not available on LSA for secret %s\n", old->name); ret = false; } if (old->mtime != *q.out.old_mtime) { - printf("OLD mtime on secret %s does not match between SAMSYNC (%s) and LSA (%s)\n", + torture_comment(tctx, "OLD mtime on secret %s does not match between SAMSYNC (%s) and LSA (%s)\n", old->name, nt_time_string(mem_ctx, old->mtime), nt_time_string(mem_ctx, *q.out.old_mtime)); ret = false; } if (old->secret.length != lsa_blob_out.length) { - printf("Returned secret %s doesn't match: %d != %d\n", + torture_comment(tctx, "Returned secret %s doesn't match: %d != %d\n", old->name, (int)old->secret.length, (int)lsa_blob_out.length); ret = false; } else if (memcmp(lsa_blob_out.data, old->secret.data, old->secret.length) != 0) { - printf("Returned secret %s doesn't match: \n", + torture_comment(tctx, "Returned secret %s doesn't match: \n", old->name); DEBUG(1, ("SamSync Secret:\n")); dump_data(1, old->secret.data, old->secret.length); @@ -943,28 +953,28 @@ static bool samsync_handle_secret(TALLOC_CTX *mem_ctx, struct samsync_state *sam status = sess_decrypt_blob(mem_ctx, &lsa_blob1, &session_key, &lsa_blob_out); if (!NT_STATUS_IS_OK(status)) { - printf("Failed to decrypt secrets OLD blob\n"); + torture_comment(tctx, "Failed to decrypt secrets OLD blob\n"); return false; } if (!q.out.new_mtime) { - printf("NEW mtime not available on LSA for secret %s\n", nsec->name); + torture_comment(tctx, "NEW mtime not available on LSA for secret %s\n", nsec->name); ret = false; } if (nsec->mtime != *q.out.new_mtime) { - printf("NEW mtime on secret %s does not match between SAMSYNC (%s) and LSA (%s)\n", + torture_comment(tctx, "NEW mtime on secret %s does not match between SAMSYNC (%s) and LSA (%s)\n", nsec->name, nt_time_string(mem_ctx, nsec->mtime), nt_time_string(mem_ctx, *q.out.new_mtime)); ret = false; } if (nsec->secret.length != lsa_blob_out.length) { - printf("Returned secret %s doesn't match: %d != %d\n", + torture_comment(tctx, "Returned secret %s doesn't match: %d != %d\n", nsec->name, (int)nsec->secret.length, (int)lsa_blob_out.length); ret = false; } else if (memcmp(lsa_blob_out.data, nsec->secret.data, nsec->secret.length) != 0) { - printf("Returned secret %s doesn't match: \n", + torture_comment(tctx, "Returned secret %s doesn't match: \n", nsec->name); DEBUG(1, ("SamSync Secret:\n")); dump_data(1, nsec->secret.data, nsec->secret.length); @@ -977,7 +987,8 @@ static bool samsync_handle_secret(TALLOC_CTX *mem_ctx, struct samsync_state *sam return ret; } -static bool samsync_handle_trusted_domain(TALLOC_CTX *mem_ctx, struct samsync_state *samsync_state, +static bool samsync_handle_trusted_domain(struct torture_context *tctx, + TALLOC_CTX *mem_ctx, struct samsync_state *samsync_state, int database_id, struct netr_DELTA_ENUM *delta) { NTSTATUS status; @@ -1004,7 +1015,7 @@ static bool samsync_handle_trusted_domain(TALLOC_CTX *mem_ctx, struct samsync_st status = dcerpc_lsa_OpenTrustedDomain_r(samsync_state->b_lsa, mem_ctx, &t); if (!NT_STATUS_IS_OK(status)) { - printf("OpenTrustedDomain failed - %s\n", nt_errstr(status)); + torture_comment(tctx, "OpenTrustedDomain failed - %s\n", nt_errstr(status)); return false; } @@ -1018,7 +1029,7 @@ static bool samsync_handle_trusted_domain(TALLOC_CTX *mem_ctx, struct samsync_st info[levels[i]] = NULL; continue; } - printf("QueryInfoTrustedDomain level %d failed - %s\n", + torture_comment(tctx, "QueryInfoTrustedDomain level %d failed - %s\n", levels[i], nt_errstr(status)); return false; } @@ -1041,7 +1052,8 @@ static bool samsync_handle_trusted_domain(TALLOC_CTX *mem_ctx, struct samsync_st return ret; } -static bool samsync_handle_account(TALLOC_CTX *mem_ctx, struct samsync_state *samsync_state, +static bool samsync_handle_account(struct torture_context *tctx, + TALLOC_CTX *mem_ctx, struct samsync_state *samsync_state, int database_id, struct netr_DELTA_ENUM *delta) { NTSTATUS status; @@ -1066,7 +1078,7 @@ static bool samsync_handle_account(TALLOC_CTX *mem_ctx, struct samsync_state *sa status = dcerpc_lsa_OpenAccount_r(samsync_state->b_lsa, mem_ctx, &a); if (!NT_STATUS_IS_OK(status)) { - printf("OpenTrustedDomain failed - %s\n", nt_errstr(status)); + torture_comment(tctx, "OpenTrustedDomain failed - %s\n", nt_errstr(status)); return false; } @@ -1079,18 +1091,18 @@ static bool samsync_handle_account(TALLOC_CTX *mem_ctx, struct samsync_state *sa status = dcerpc_lsa_EnumPrivsAccount_r(samsync_state->b_lsa, mem_ctx, &e); if (!NT_STATUS_IS_OK(status)) { - printf("EnumPrivsAccount failed - %s\n", nt_errstr(status)); + torture_comment(tctx, "EnumPrivsAccount failed - %s\n", nt_errstr(status)); return false; } if ((account->privilege_entries && !privs)) { - printf("Account %s has privileges in SamSync, but not LSA\n", + torture_comment(tctx, "Account %s has privileges in SamSync, but not LSA\n", dom_sid_string(mem_ctx, dom_sid)); return false; } if (!account->privilege_entries && privs && privs->count) { - printf("Account %s has privileges in LSA, but not SamSync\n", + torture_comment(tctx, "Account %s has privileges in LSA, but not SamSync\n", dom_sid_string(mem_ctx, dom_sid)); return false; } @@ -1107,12 +1119,12 @@ static bool samsync_handle_account(TALLOC_CTX *mem_ctx, struct samsync_state *sa status = dcerpc_lsa_LookupPrivName_r(samsync_state->b_lsa, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { - printf("\nLookupPrivName failed - %s\n", nt_errstr(status)); + torture_comment(tctx, "\nLookupPrivName failed - %s\n", nt_errstr(status)); return false; } if (!r.out.name) { - printf("\nLookupPrivName failed to return a name\n"); + torture_comment(tctx, "\nLookupPrivName failed to return a name\n"); return false; } for (j=0;j<account->privilege_entries; j++) { @@ -1124,7 +1136,7 @@ static bool samsync_handle_account(TALLOC_CTX *mem_ctx, struct samsync_state *sa } for (j=0;j<account->privilege_entries; j++) { if (!found_priv_in_lsa[j]) { - printf("Privilege %s on account %s not found in LSA\n", account->privilege_name[j].string, + torture_comment(tctx, "Privilege %s on account %s not found in LSA\n", account->privilege_name[j].string, dom_sid_string(mem_ctx, dom_sid)); ret = false; } @@ -1169,7 +1181,7 @@ static bool test_DatabaseSync(struct torture_context *tctx, r.in.sync_context = &sync_context; r.out.sync_context = &sync_context; - printf("Testing DatabaseSync of id %d\n", r.in.database_id); + torture_comment(tctx, "Testing DatabaseSync of id %d\n", r.in.database_id); do { loop_ctx = talloc_named(mem_ctx, 0, "DatabaseSync loop context"); @@ -1180,13 +1192,13 @@ static bool test_DatabaseSync(struct torture_context *tctx, status = dcerpc_netr_DatabaseSync_r(samsync_state->b, loop_ctx, &r); if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) { - printf("DatabaseSync - %s\n", nt_errstr(status)); + torture_comment(tctx, "DatabaseSync - %s\n", nt_errstr(status)); ret = false; break; } if (!netlogon_creds_client_check(samsync_state->creds, &r.out.return_authenticator->cred)) { - printf("Credential chaining failed\n"); + torture_comment(tctx, "Credential chaining failed\n"); } r.in.sync_context = r.out.sync_context; @@ -1197,64 +1209,64 @@ static bool test_DatabaseSync(struct torture_context *tctx, if (!NT_STATUS_IS_OK(samsync_fix_delta(delta_ctx, samsync_state->creds, r.in.database_id, &delta_enum_array->delta_enum[d]))) { - printf("Failed to decrypt delta\n"); + torture_comment(tctx, "Failed to decrypt delta\n"); ret = false; } switch (delta_enum_array->delta_enum[d].delta_type) { case NETR_DELTA_DOMAIN: - if (!samsync_handle_domain(delta_ctx, samsync_state, + if (!samsync_handle_domain(tctx, delta_ctx, samsync_state, r.in.database_id, &delta_enum_array->delta_enum[d])) { - printf("Failed to handle DELTA_DOMAIN\n"); + torture_comment(tctx, "Failed to handle DELTA_DOMAIN\n"); ret = false; } break; case NETR_DELTA_GROUP: - if (!samsync_handle_group(delta_ctx, samsync_state, + if (!samsync_handle_group(tctx, delta_ctx, samsync_state, r.in.database_id, &delta_enum_array->delta_enum[d])) { - printf("Failed to handle DELTA_USER\n"); + torture_comment(tctx, "Failed to handle DELTA_USER\n"); ret = false; } break; case NETR_DELTA_USER: if (!samsync_handle_user(tctx, delta_ctx, samsync_state, r.in.database_id, &delta_enum_array->delta_enum[d])) { - printf("Failed to handle DELTA_USER\n"); + torture_comment(tctx, "Failed to handle DELTA_USER\n"); ret = false; } break; case NETR_DELTA_ALIAS: - if (!samsync_handle_alias(delta_ctx, samsync_state, + if (!samsync_handle_alias(tctx, delta_ctx, samsync_state, r.in.database_id, &delta_enum_array->delta_enum[d])) { - printf("Failed to handle DELTA_ALIAS\n"); + torture_comment(tctx, "Failed to handle DELTA_ALIAS\n"); ret = false; } break; case NETR_DELTA_POLICY: - if (!samsync_handle_policy(delta_ctx, samsync_state, + if (!samsync_handle_policy(tctx, delta_ctx, samsync_state, r.in.database_id, &delta_enum_array->delta_enum[d])) { - printf("Failed to handle DELTA_POLICY\n"); + torture_comment(tctx, "Failed to handle DELTA_POLICY\n"); ret = false; } break; case NETR_DELTA_TRUSTED_DOMAIN: - if (!samsync_handle_trusted_domain(delta_ctx, samsync_state, + if (!samsync_handle_trusted_domain(tctx, delta_ctx, samsync_state, r.in.database_id, &delta_enum_array->delta_enum[d])) { - printf("Failed to handle DELTA_TRUSTED_DOMAIN\n"); + torture_comment(tctx, "Failed to handle DELTA_TRUSTED_DOMAIN\n"); ret = false; } break; case NETR_DELTA_ACCOUNT: - if (!samsync_handle_account(delta_ctx, samsync_state, + if (!samsync_handle_account(tctx, delta_ctx, samsync_state, r.in.database_id, &delta_enum_array->delta_enum[d])) { - printf("Failed to handle DELTA_ACCOUNT\n"); + torture_comment(tctx, "Failed to handle DELTA_ACCOUNT\n"); ret = false; } break; case NETR_DELTA_SECRET: - if (!samsync_handle_secret(delta_ctx, samsync_state, + if (!samsync_handle_secret(tctx, delta_ctx, samsync_state, r.in.database_id, &delta_enum_array->delta_enum[d])) { - printf("Failed to handle DELTA_SECRET\n"); + torture_comment(tctx, "Failed to handle DELTA_SECRET\n"); ret = false; } break; @@ -1275,7 +1287,7 @@ static bool test_DatabaseSync(struct torture_context *tctx, case NETR_DELTA_DELETE_USER2: case NETR_DELTA_MODIFY_COUNT: default: - printf("Uxpected delta type %d\n", delta_enum_array->delta_enum[d].delta_type); + torture_comment(tctx, "Uxpected delta type %d\n", delta_enum_array->delta_enum[d].delta_type); ret = false; break; } @@ -1288,7 +1300,7 @@ static bool test_DatabaseSync(struct torture_context *tctx, domain = samsync_state->domain_name[SAM_DATABASE_DOMAIN]; if (!domain) { - printf("Never got a DOMAIN object in samsync!\n"); + torture_comment(tctx, "Never got a DOMAIN object in samsync!\n"); return false; } @@ -1303,8 +1315,9 @@ static bool test_DatabaseSync(struct torture_context *tctx, struct samr_Password nt_hash; mdfour(nt_hash.hash, s->secret.data, s->secret.length); - printf("Checking password for %s\\%s\n", t->name, username); - nt_status = test_SamLogon(samsync_state->p_netlogon_wksta, trustdom_ctx, samsync_state->creds_netlogon_wksta, + torture_comment(tctx, "Checking password for %s\\%s\n", t->name, username); + nt_status = test_SamLogon(tctx, + samsync_state->p_netlogon_wksta, trustdom_ctx, samsync_state->creds_netlogon_wksta, t->name, username, TEST_WKSTA_MACHINE_NAME, @@ -1312,20 +1325,21 @@ static bool test_DatabaseSync(struct torture_context *tctx, &nt_hash, NULL); if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_LOGON_SERVERS)) { - printf("Verifiction of trust password to %s failed: %s (the trusted domain is not available)\n", + torture_comment(tctx, "Verifiction of trust password to %s failed: %s (the trusted domain is not available)\n", t->name, nt_errstr(nt_status)); break; } if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT)) { - printf("Verifiction of trust password to %s: should have failed (nologon interdomain trust account), instead: %s\n", + torture_comment(tctx, "Verifiction of trust password to %s: should have failed (nologon interdomain trust account), instead: %s\n", t->name, nt_errstr(nt_status)); ret = false; } /* break it */ nt_hash.hash[0]++; - nt_status = test_SamLogon(samsync_state->p_netlogon_wksta, trustdom_ctx, samsync_state->creds_netlogon_wksta, + nt_status = test_SamLogon(tctx, + samsync_state->p_netlogon_wksta, trustdom_ctx, samsync_state->creds_netlogon_wksta, t->name, username, TEST_WKSTA_MACHINE_NAME, @@ -1334,7 +1348,7 @@ static bool test_DatabaseSync(struct torture_context *tctx, NULL); if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_WRONG_PASSWORD)) { - printf("Verifiction of trust password to %s: should have failed (wrong password), instead: %s\n", + torture_comment(tctx, "Verifiction of trust password to %s: should have failed (wrong password), instead: %s\n", t->name, nt_errstr(nt_status)); ret = false; } @@ -1351,7 +1365,8 @@ static bool test_DatabaseSync(struct torture_context *tctx, /* try a netlogon DatabaseDeltas */ -static bool test_DatabaseDeltas(struct samsync_state *samsync_state, TALLOC_CTX *mem_ctx) +static bool test_DatabaseDeltas(struct torture_context *tctx, + struct samsync_state *samsync_state, TALLOC_CTX *mem_ctx) { NTSTATUS status; TALLOC_CTX *loop_ctx; @@ -1389,7 +1404,7 @@ static bool test_DatabaseDeltas(struct samsync_state *samsync_state, TALLOC_CTX */ seq_num -= 10; - printf("Testing DatabaseDeltas of id %d at %llu\n", + torture_comment(tctx, "Testing DatabaseDeltas of id %d at %llu\n", r.in.database_id, (long long)seq_num); do { @@ -1400,12 +1415,12 @@ static bool test_DatabaseDeltas(struct samsync_state *samsync_state, TALLOC_CTX if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES) && !NT_STATUS_EQUAL(status, NT_STATUS_SYNCHRONIZATION_REQUIRED)) { - printf("DatabaseDeltas - %s\n", nt_errstr(status)); + torture_comment(tctx, "DatabaseDeltas - %s\n", nt_errstr(status)); ret = false; } if (!netlogon_creds_client_check(samsync_state->creds, &return_authenticator.cred)) { - printf("Credential chaining failed\n"); + torture_comment(tctx, "Credential chaining failed\n"); } seq_num++; @@ -1420,7 +1435,8 @@ static bool test_DatabaseDeltas(struct samsync_state *samsync_state, TALLOC_CTX /* try a netlogon DatabaseSync2 */ -static bool test_DatabaseSync2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, +static bool test_DatabaseSync2(struct torture_context *tctx, + struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct netlogon_creds_CredentialState *creds) { NTSTATUS status; @@ -1451,7 +1467,7 @@ static bool test_DatabaseSync2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, r.out.sync_context = &sync_context; r.in.restart_state = 0; - printf("Testing DatabaseSync2 of id %d\n", r.in.database_id); + torture_comment(tctx, "Testing DatabaseSync2 of id %d\n", r.in.database_id); do { loop_ctx = talloc_named(mem_ctx, 0, "test_DatabaseSync2 loop context"); @@ -1462,12 +1478,12 @@ static bool test_DatabaseSync2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, status = dcerpc_netr_DatabaseSync2_r(b, loop_ctx, &r); if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) { - printf("DatabaseSync2 - %s\n", nt_errstr(status)); + torture_comment(tctx, "DatabaseSync2 - %s\n", nt_errstr(status)); ret = false; } if (!netlogon_creds_client_check(creds, &r.out.return_authenticator->cred)) { - printf("Credential chaining failed\n"); + torture_comment(tctx, "Credential chaining failed\n"); } talloc_free(loop_ctx); @@ -1515,7 +1531,7 @@ bool torture_rpc_samsync(struct torture_context *torture) &machine_password); if (!join_ctx) { talloc_free(mem_ctx); - printf("Failed to join as BDC\n"); + torture_comment(torture, "Failed to join as BDC\n"); return false; } @@ -1523,7 +1539,7 @@ bool torture_rpc_samsync(struct torture_context *torture) join_ctx2 = torture_create_testuser(torture, test_wksta_machine_account, lp_workgroup(torture->lp_ctx), ACB_WSTRUST, &wksta_machine_password); if (!join_ctx2) { talloc_free(mem_ctx); - printf("Failed to join as member\n"); + torture_comment(torture, "Failed to join as member\n"); return false; } @@ -1532,7 +1548,7 @@ bool torture_rpc_samsync(struct torture_context *torture) ACB_NORMAL, NULL); if (!user_ctx) { talloc_free(mem_ctx); - printf("Failed to create test account\n"); + torture_comment(torture, "Failed to create test account\n"); return false; } @@ -1548,14 +1564,14 @@ bool torture_rpc_samsync(struct torture_context *torture) status = dcerpc_samr_Connect_r(samsync_state->b_samr, mem_ctx, &c); if (!NT_STATUS_IS_OK(status)) { - printf("samr_Connect failed\n"); + torture_comment(torture, "samr_Connect failed\n"); ret = false; goto failed; } - domain_policy = samsync_open_domain(mem_ctx, samsync_state, lp_workgroup(torture->lp_ctx), NULL); + domain_policy = samsync_open_domain(torture, mem_ctx, samsync_state, lp_workgroup(torture->lp_ctx), NULL); if (!domain_policy) { - printf("samrsync_open_domain failed\n"); + torture_comment(torture, "samrsync_open_domain failed\n"); ret = false; goto failed; } @@ -1576,7 +1592,7 @@ bool torture_rpc_samsync(struct torture_context *torture) } if (!NT_STATUS_IS_OK(status)) { - printf("SetDomainInfo level %u failed - %s\n", + torture_comment(torture, "SetDomainInfo level %u failed - %s\n", s.in.level, nt_errstr(status)); ret = false; goto failed; @@ -1612,7 +1628,7 @@ bool torture_rpc_samsync(struct torture_context *torture) status = dcerpc_lsa_OpenPolicy2_r(samsync_state->b_lsa, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { - printf("OpenPolicy2 failed - %s\n", nt_errstr(status)); + torture_comment(torture, "OpenPolicy2 failed - %s\n", nt_errstr(status)); ret = false; goto failed; } @@ -1641,7 +1657,7 @@ bool torture_rpc_samsync(struct torture_context *torture) credentials, torture->ev, torture->lp_ctx); if (!NT_STATUS_IS_OK(status)) { - printf("Failed to connect to server as a BDC: %s\n", nt_errstr(status)); + torture_comment(torture, "Failed to connect to server as a BDC: %s\n", nt_errstr(status)); ret = false; goto failed; } @@ -1680,7 +1696,7 @@ bool torture_rpc_samsync(struct torture_context *torture) credentials_wksta, torture->ev, torture->lp_ctx); if (!NT_STATUS_IS_OK(status)) { - printf("Failed to connect to server as a Workstation: %s\n", nt_errstr(status)); + torture_comment(torture, "Failed to connect to server as a Workstation: %s\n", nt_errstr(status)); ret = false; goto failed; } @@ -1688,22 +1704,22 @@ bool torture_rpc_samsync(struct torture_context *torture) status = dcerpc_schannel_creds(samsync_state->p_netlogon_wksta->conn->security_state.generic_state, samsync_state, &samsync_state->creds_netlogon_wksta); if (!NT_STATUS_IS_OK(status)) { - printf("Failed to obtail schanel creds!\n"); + torture_comment(torture, "Failed to obtail schanel creds!\n"); ret = false; } if (!test_DatabaseSync(torture, samsync_state, mem_ctx)) { - printf("DatabaseSync failed\n"); + torture_comment(torture, "DatabaseSync failed\n"); ret = false; } - if (!test_DatabaseDeltas(samsync_state, mem_ctx)) { - printf("DatabaseDeltas failed\n"); + if (!test_DatabaseDeltas(torture, samsync_state, mem_ctx)) { + torture_comment(torture, "DatabaseDeltas failed\n"); ret = false; } - if (!test_DatabaseSync2(samsync_state->p, mem_ctx, samsync_state->creds)) { - printf("DatabaseSync2 failed\n"); + if (!test_DatabaseSync2(torture, samsync_state->p, mem_ctx, samsync_state->creds)) { + torture_comment(torture, "DatabaseSync2 failed\n"); ret = false; } failed: |