diff options
-rw-r--r-- | source4/samba4-knownfail | 6 | ||||
-rw-r--r-- | source4/torture/rpc/atsvc.c | 9 | ||||
-rw-r--r-- | source4/torture/rpc/drsuapi.c | 262 | ||||
-rw-r--r-- | source4/torture/rpc/drsuapi_cracknames.c | 433 | ||||
-rw-r--r-- | source4/torture/rpc/echo.c | 4 | ||||
-rw-r--r-- | source4/torture/rpc/eventlog.c | 4 | ||||
-rw-r--r-- | source4/torture/rpc/rpc.c | 57 | ||||
-rw-r--r-- | source4/torture/rpc/rpc.h | 14 | ||||
-rw-r--r-- | source4/torture/rpc/schannel.c | 314 | ||||
-rw-r--r-- | source4/torture/rpc/unixinfo.c | 4 |
10 files changed, 414 insertions, 693 deletions
diff --git a/source4/samba4-knownfail b/source4/samba4-knownfail index 2290958579..10027a49ed 100644 --- a/source4/samba4-knownfail +++ b/source4/samba4-knownfail @@ -13,7 +13,6 @@ RPC-HANDLES.*/mixed-shared RPC-EPMAPPER.*/Insert RPC-EPMAPPER.*/InqObject RPC-DFS.* -RPC-DRSUAPI.* RPC-LSALOOKUP RPC-CRACKNAMES blackbox.smbclient.*USER and PASSWD @@ -28,3 +27,8 @@ RPC-NETLOGON.*/GetAnyDCName RPC-NETLOGON.*/DsrEnumerateDomainTrusts RPC-NETLOGON.*/DsrGetDcSiteCoverageW RPC-DRSUAPI.*/DsReplicaUpdateRefs +RPC-DRSUAPI.*/DsReplicaGetInfo +RPC-DRSUAPI.*/DsCrackNames +RPC-DRSUAPI.*/DsGetDomainControllerInfo +RPC-DRSUAPI.*/QuerySitesByCost +RPC-DRSUAPI.*/DsGetNCChange diff --git a/source4/torture/rpc/atsvc.c b/source4/torture/rpc/atsvc.c index f5295cc6cc..da23097924 100644 --- a/source4/torture/rpc/atsvc.c +++ b/source4/torture/rpc/atsvc.c @@ -118,15 +118,12 @@ static bool test_JobAdd(struct torture_context *tctx, struct dcerpc_pipe *p) return true; } -struct torture_suite *torture_rpc_atsvc(void) +struct torture_suite *torture_rpc_atsvc(TALLOC_CTX *mem_ctx) { - struct torture_suite *suite = torture_suite_create( - talloc_autofree_context(), - "ATSVC"); + struct torture_suite *suite = torture_suite_create(mem_ctx, "ATSVC"); struct torture_rpc_tcase *tcase; - tcase = torture_suite_add_rpc_iface_tcase(suite, "atsvc", - &ndr_table_atsvc); + tcase = torture_suite_add_rpc_iface_tcase(suite, "atsvc", &ndr_table_atsvc); torture_rpc_tcase_add_test(tcase, "JobEnum", test_JobEnum); torture_rpc_tcase_add_test(tcase, "JobAdd", test_JobAdd); diff --git a/source4/torture/rpc/drsuapi.c b/source4/torture/rpc/drsuapi.c index a9c7adc70b..08420d0d17 100644 --- a/source4/torture/rpc/drsuapi.c +++ b/source4/torture/rpc/drsuapi.c @@ -25,6 +25,7 @@ #include "torture/torture.h" #include "librpc/gen_ndr/ndr_drsuapi_c.h" #include "torture/rpc/rpc.h" +#include "dlinklist.h" #define TEST_MACHINE_NAME "torturetest" @@ -33,6 +34,7 @@ bool test_DsBind(struct dcerpc_pipe *p, struct torture_context *tctx, { NTSTATUS status; struct drsuapi_DsBind r; + struct torture_rpc_tcase_data *rpc_tcase; GUID_from_string(DRSUAPI_DS_BIND_GUID, &priv->bind_guid); @@ -40,29 +42,87 @@ bool test_DsBind(struct dcerpc_pipe *p, struct torture_context *tctx, r.in.bind_info = NULL; r.out.bind_handle = &priv->bind_handle; - torture_comment(tctx, "testing DsBind\n"); - status = dcerpc_drsuapi_DsBind(p, tctx, &r); - if (!NT_STATUS_IS_OK(status)) { - const char *errstr = nt_errstr(status); - if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) { - errstr = dcerpc_errstr(tctx, p->last_fault_code); - } - torture_fail(tctx, "dcerpc_drsuapi_DsBind failed"); - } else if (!W_ERROR_IS_OK(r.out.result)) { - torture_fail(tctx, "DsBind failed"); - } + torture_assert_ntstatus_ok(tctx, status, "DsBind"); + torture_assert_werr_ok(tctx, r.out.result, "DsBind"); + + rpc_tcase = (struct torture_rpc_tcase_data *)tctx->active_tcase->data; + + priv->join = rpc_tcase->join_ctx; + + return true; +} + +bool test_DsUnbind(struct dcerpc_pipe *p, struct torture_context *tctx, + struct DsPrivate *priv) +{ + NTSTATUS status; + struct drsuapi_DsUnbind r; + + r.in.bind_handle = &priv->bind_handle; + r.out.bind_handle = &priv->bind_handle; + + status = dcerpc_drsuapi_DsUnbind(p, tctx, &r); + torture_assert_ntstatus_ok(tctx, status, + "dcerpc_drsuapi_DsUnbind failed"); + torture_assert_werr_ok(tctx, r.out.result, "DsBind failed"); return true; } -static bool test_DsGetDomainControllerInfo(struct dcerpc_pipe *p, - struct torture_context *torture, +static bool wrap_test_drsuapi(struct torture_context *tctx, + struct torture_tcase *tcase, + struct torture_test *test) +{ + bool (*fn) (struct torture_context *, struct dcerpc_pipe *, struct DsPrivate *); + struct torture_rpc_tcase_data *tcase_data = + (struct torture_rpc_tcase_data *)tcase->data; + bool ret; + struct DsPrivate priv; + + ZERO_STRUCT(priv); + + fn = test->fn; + + if (!test_DsBind(tcase_data->pipe, tctx, &priv)) + return false; + + ret = fn(tctx, tcase_data->pipe, &priv); + + if (!test_DsUnbind(tcase_data->pipe, tctx, &priv)) + return false; + + return ret; +} + +static struct torture_test *torture_rpc_tcase_add_drsuapi_test( + struct torture_rpc_tcase *tcase, + const char *name, + bool (*fn) (struct torture_context *, struct dcerpc_pipe *, struct DsPrivate *priv)) +{ + struct torture_test *test; + + test = talloc(tcase, struct torture_test); + + test->name = talloc_strdup(test, name); + test->description = NULL; + test->run = wrap_test_drsuapi; + test->dangerous = false; + test->data = NULL; + test->fn = fn; + + DLIST_ADD(tcase->tcase.tests, test); + + return test; +} + +static bool test_DsGetDomainControllerInfo(struct torture_context *torture, + struct dcerpc_pipe *p, struct DsPrivate *priv) { NTSTATUS status; struct drsuapi_DsGetDomainControllerInfo r; - BOOL found = False; + bool found = false; int i, j, k; struct { @@ -123,7 +183,7 @@ static bool test_DsGetDomainControllerInfo(struct dcerpc_pipe *p, for (k=0; k < r.out.ctr.ctr1.count; k++) { if (strcasecmp_m(r.out.ctr.ctr1.array[k].netbios_name, torture_join_netbios_name(priv->join)) == 0) { - found = True; + found = true; break; } } @@ -132,7 +192,7 @@ static bool test_DsGetDomainControllerInfo(struct dcerpc_pipe *p, for (k=0; k < r.out.ctr.ctr2.count; k++) { if (strcasecmp_m(r.out.ctr.ctr2.array[k].netbios_name, torture_join_netbios_name(priv->join)) == 0) { - found = True; + found = true; priv->dcinfo = r.out.ctr.ctr2.array[k]; break; } @@ -168,7 +228,7 @@ static bool test_DsGetDomainControllerInfo(struct dcerpc_pipe *p, for (k=0; k < r.out.ctr.ctr01.count; k++) { if (strcasecmp_m(r.out.ctr.ctr01.array[k].client_account, dc_account)) { - found = True; + found = true; break; } } @@ -180,8 +240,8 @@ static bool test_DsGetDomainControllerInfo(struct dcerpc_pipe *p, return true; } -static bool test_DsWriteAccountSpn(struct dcerpc_pipe *p, - struct torture_context *tctx, +static bool test_DsWriteAccountSpn(struct torture_context *tctx, + struct dcerpc_pipe *p, struct DsPrivate *priv) { NTSTATUS status; @@ -191,8 +251,6 @@ static bool test_DsWriteAccountSpn(struct dcerpc_pipe *p, r.in.bind_handle = &priv->bind_handle; r.in.level = 1; - torture_comment(tctx, "testing DsWriteAccountSpn\n"); - r.in.req.req1.operation = DRSUAPI_DS_SPN_OPERATION_ADD; r.in.req.req1.unknown1 = 0; r.in.req.req1.object_dn = priv->dcinfo.computer_dn; @@ -217,8 +275,8 @@ static bool test_DsWriteAccountSpn(struct dcerpc_pipe *p, return true; } -static bool test_DsReplicaGetInfo(struct dcerpc_pipe *p, - struct torture_context *tctx, +static bool test_DsReplicaGetInfo(struct torture_context *tctx, + struct dcerpc_pipe *p, struct DsPrivate *priv) { NTSTATUS status; @@ -331,8 +389,8 @@ static bool test_DsReplicaGetInfo(struct dcerpc_pipe *p, return true; } -static bool test_DsReplicaSync(struct dcerpc_pipe *p, - struct torture_context *tctx, +static bool test_DsReplicaSync(struct torture_context *tctx, + struct dcerpc_pipe *p, struct DsPrivate *priv) { NTSTATUS status; @@ -349,9 +407,6 @@ static bool test_DsReplicaSync(struct dcerpc_pipe *p, } }; - if (torture_setting_bool(tctx, "dangerous", false)) - torture_skip(tctx, "DsReplicaSync disabled - enable dangerous tests to use"); - ZERO_STRUCT(null_guid); ZERO_STRUCT(null_sid); @@ -385,8 +440,8 @@ static bool test_DsReplicaSync(struct dcerpc_pipe *p, return true; } -static bool test_DsReplicaUpdateRefs(struct dcerpc_pipe *p, - struct torture_context *tctx, +static bool test_DsReplicaUpdateRefs(struct torture_context *tctx, + struct dcerpc_pipe *p, struct DsPrivate *priv) { NTSTATUS status; @@ -403,18 +458,13 @@ static bool test_DsReplicaUpdateRefs(struct dcerpc_pipe *p, } }; - if (lp_parm_bool(-1, "torture", "samba4", False)) { - printf("skipping DsReplicaUpdateRefs test against Samba4\n"); - return True; - } - ZERO_STRUCT(null_guid); ZERO_STRUCT(null_sid); r.in.bind_handle = &priv->bind_handle; for (i=0; i < ARRAY_SIZE(array); i++) { - printf("testing DsReplicaUpdateRefs level %d\n", + torture_comment(tctx, "testing DsReplicaUpdateRefs level %d\n", array[i].level); r.in.level = array[i].level; @@ -442,8 +492,8 @@ static bool test_DsReplicaUpdateRefs(struct dcerpc_pipe *p, return true; } -static bool test_DsGetNCChanges(struct dcerpc_pipe *p, - struct torture_context *tctx, +static bool test_DsGetNCChanges(struct torture_context *tctx, + struct dcerpc_pipe *p, struct DsPrivate *priv) { NTSTATUS status; @@ -487,7 +537,7 @@ static bool test_DsGetNCChanges(struct dcerpc_pipe *p, r.in.req.req5.highwatermark.highest_usn = 0; r.in.req.req5.uptodateness_vector = NULL; r.in.req.req5.replica_flags = 0; - if (lp_parm_bool(-1, "drsuapi", "compression", False)) { + if (lp_parm_bool(-1, "drsuapi", "compression", false)) { r.in.req.req5.replica_flags |= DRSUAPI_DS_REPLICA_NEIGHBOUR_COMPRESS_CHANGES; } r.in.req.req5.max_object_count = 0; @@ -542,7 +592,7 @@ static bool test_DsGetNCChanges(struct dcerpc_pipe *p, return true; } -bool test_QuerySitesByCost(struct dcerpc_pipe *p, struct torture_context *tctx, +bool test_QuerySitesByCost(struct torture_context *tctx, struct dcerpc_pipe *p, struct DsPrivate *priv) { NTSTATUS status; @@ -565,8 +615,10 @@ bool test_QuerySitesByCost(struct dcerpc_pipe *p, struct torture_context *tctx, torture_assert_ntstatus_ok(tctx, status, "drsuapi_QuerySitesByCost"); torture_assert_werr_ok(tctx, r.out.result, "QuerySitesByCost failed"); - torture_assert_werr_equal(tctx, r.out.ctr.ctr1.info[0].error_code, WERR_DS_OBJ_NOT_FOUND, "expected not found error"); - torture_assert_werr_equal(tctx, r.out.ctr.ctr1.info[1].error_code, WERR_DS_OBJ_NOT_FOUND, "expected not found error"); + torture_assert_werr_equal(tctx, r.out.ctr.ctr1.info[0].error_code, + WERR_DS_OBJ_NOT_FOUND, "expected not found error"); + torture_assert_werr_equal(tctx, r.out.ctr.ctr1.info[1].error_code, + WERR_DS_OBJ_NOT_FOUND, "expected not found error"); torture_assert_int_equal(tctx, r.out.ctr.ctr1.info[0].site_cost, (uint32_t) -1, "unexpected site cost"); @@ -577,113 +629,35 @@ bool test_QuerySitesByCost(struct dcerpc_pipe *p, struct torture_context *tctx, return true; } -bool test_DsUnbind(struct dcerpc_pipe *p, struct torture_context *tctx, - struct DsPrivate *priv) -{ - NTSTATUS status; - struct drsuapi_DsUnbind r; - - r.in.bind_handle = &priv->bind_handle; - r.out.bind_handle = &priv->bind_handle; - - torture_comment(tctx, "testing DsUnbind\n"); - - status = dcerpc_drsuapi_DsUnbind(p, tctx, &r); - torture_assert_ntstatus_ok(tctx, status, - "dcerpc_drsuapi_DsUnbind failed"); - torture_assert_werr_ok(tctx, r.out.result, "DsBind failed"); - - return true; -} - -bool torture_rpc_drsuapi(struct torture_context *torture) +struct torture_suite *torture_rpc_drsuapi(TALLOC_CTX *mem_ctx) { - NTSTATUS status; - struct dcerpc_pipe *p; - bool ret = true; - struct DsPrivate priv; - struct cli_credentials *machine_credentials; - - ZERO_STRUCT(priv); - - priv.join = torture_join_domain(TEST_MACHINE_NAME, ACB_SVRTRUST, - &machine_credentials); - if (!priv.join) { - torture_fail(torture, "Failed to join as BDC"); - } - - status = torture_rpc_connection(torture, - &p, - &ndr_table_drsuapi); - if (!NT_STATUS_IS_OK(status)) { - torture_leave_domain(priv.join); - torture_fail(torture, "Unable to connect to DRSUAPI pipe"); - } - - ret &= test_DsBind(p, torture, &priv); -#if 0 - ret &= test_QuerySitesByCost(p, torture, &priv); -#endif - ret &= test_DsGetDomainControllerInfo(p, torture, &priv); - - ret &= test_DsCrackNames(p, torture, &priv); - - ret &= test_DsWriteAccountSpn(p, torture, &priv); - - ret &= test_DsReplicaGetInfo(p, torture, &priv); - - ret &= test_DsReplicaSync(p, torture, &priv); - - ret &= test_DsReplicaUpdateRefs(p, torture, &priv); - - ret &= test_DsGetNCChanges(p, torture, &priv); - - ret &= test_DsUnbind(p, torture, &priv); - - torture_leave_domain(priv.join); - - return ret; + struct torture_suite *suite = torture_suite_create(mem_ctx, "DRSUAPI"); + struct torture_test *test; + struct torture_rpc_tcase *tcase = torture_suite_add_machine_rpc_iface_tcase(suite, "drsuapi", + &ndr_table_drsuapi, TEST_MACHINE_NAME); + + torture_rpc_tcase_add_drsuapi_test(tcase, "QuerySitesByCost", test_QuerySitesByCost); + torture_rpc_tcase_add_drsuapi_test(tcase, "DsGetDomainControllerInfo", test_DsGetDomainControllerInfo); + torture_rpc_tcase_add_drsuapi_test(tcase, "DsCrackNames", test_DsCrackNames); + torture_rpc_tcase_add_drsuapi_test(tcase, "DsWriteAccountSpn", test_DsWriteAccountSpn); + torture_rpc_tcase_add_drsuapi_test(tcase, "DsReplicaGetInfo", test_DsReplicaGetInfo); + test = torture_rpc_tcase_add_drsuapi_test(tcase, "DsReplicaSync", test_DsReplicaSync); + test->dangerous = true; + torture_rpc_tcase_add_drsuapi_test(tcase, "DsReplicaUpdateRefs", test_DsReplicaUpdateRefs); + torture_rpc_tcase_add_drsuapi_test(tcase, "DsGetNCChange", test_DsGetNCChanges); + + return suite; } -bool torture_rpc_drsuapi_cracknames(struct torture_context *torture) +struct torture_suite *torture_rpc_drsuapi_cracknames(TALLOC_CTX *mem_ctx) { - NTSTATUS status; - struct dcerpc_pipe *p; - bool ret = true; - struct DsPrivate priv; - struct cli_credentials *machine_credentials; - - torture_comment(torture, "Connected to DRSUAPI pipe\n"); + struct torture_suite *suite = torture_suite_create(mem_ctx, "CRACKNAMES"); + struct torture_rpc_tcase *tcase = torture_suite_add_machine_rpc_iface_tcase(suite, "drsuapi", + &ndr_table_drsuapi, TEST_MACHINE_NAME); - ZERO_STRUCT(priv); - - priv.join = torture_join_domain(TEST_MACHINE_NAME, ACB_SVRTRUST, - &machine_credentials); - if (!priv.join) { - torture_fail(torture, "Failed to join as BDC\n"); - } - - status = torture_rpc_connection(torture, - &p, - &ndr_table_drsuapi); - if (!NT_STATUS_IS_OK(status)) { - torture_leave_domain(priv.join); - torture_fail(torture, "Unable to connect to DRSUAPI pipe"); - } - - ret &= test_DsBind(p, torture, &priv); + torture_rpc_tcase_add_drsuapi_test(tcase, "DsGetDomainControllerInfo", test_DsGetDomainControllerInfo); + torture_rpc_tcase_add_drsuapi_test(tcase, "DsCrackNames", test_DsCrackNames); - if (ret) { - /* We don't care if this fails, we just need some info from it */ - test_DsGetDomainControllerInfo(p, torture, &priv); - - ret &= test_DsCrackNames(p, torture, &priv); - - ret &= test_DsUnbind(p, torture, &priv); - } - - torture_leave_domain(priv.join); - - return ret; + return suite; } diff --git a/source4/torture/rpc/drsuapi_cracknames.c b/source4/torture/rpc/drsuapi_cracknames.c index a29010f73b..b1a65179aa 100644 --- a/source4/torture/rpc/drsuapi_cracknames.c +++ b/source4/torture/rpc/drsuapi_cracknames.c @@ -28,14 +28,13 @@ #include "ldb/include/ldb.h" #include "libcli/security/security.h" -static BOOL test_DsCrackNamesMatrix(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, +static bool test_DsCrackNamesMatrix(struct dcerpc_pipe *p, struct torture_context *tctx, struct DsPrivate *priv, const char *dn, const char *user_principal_name, const char *service_principal_name) { NTSTATUS status; - BOOL ret = True; struct drsuapi_DsCrackNames r; enum drsuapi_DsNameFormat formats[] = { DRSUAPI_DS_NAME_FORMAT_FQDN_1779, @@ -70,59 +69,34 @@ static BOOL test_DsCrackNamesMatrix(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, r.in.req.req1.format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779; r.in.req.req1.format_desired = formats[i]; names[0].str = dn; - status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r); - if (!NT_STATUS_IS_OK(status)) { - const char *errstr = nt_errstr(status); - if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) { - errstr = dcerpc_errstr(mem_ctx, p->last_fault_code); - } - printf("testing DsCrackNames (matrix prep) with name '%s' from format: %d desired format:%d ", - names[0].str, r.in.req.req1.format_offered, r.in.req.req1.format_desired); - - printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr); - ret = False; - } else if (!W_ERROR_IS_OK(r.out.result)) { - printf("testing DsCrackNames (matrix prep) with name '%s' from format: %d desired format:%d ", + status = dcerpc_drsuapi_DsCrackNames(p, tctx, &r); + + torture_comment(tctx, "testing DsCrackNames (matrix prep) with name '%s' from format: %d desired format:%d ", names[0].str, r.in.req.req1.format_offered, r.in.req.req1.format_desired); - - printf("DsCrackNames failed - %s\n", win_errstr(r.out.result)); - ret = False; - } + torture_assert_ntstatus_ok(tctx, status, "dcerpc_drsuapi_DsCrackNames failed"); + torture_assert_werr_ok(tctx, r.out.result, "DsCrackNames failed"); - if (!ret) { - return ret; - } switch (formats[i]) { case DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL: - if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE) { - printf(__location__ ": Unexpected error (%d): This name lookup should fail\n", - r.out.ctr.ctr1->array[0].status); - return False; - } - printf ("(expected) error\n"); + torture_assert_int_equal(tctx, r.out.ctr.ctr1->array[0].status, DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE, + "Unexpected error: This name lookup should fail"); + torture_comment(tctx, "(expected) error\n"); break; case DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL: - if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_NO_MAPPING) { - printf(__location__ ": Unexpected error (%d): This name lookup should fail\n", - r.out.ctr.ctr1->array[0].status); - return False; - } - printf ("(expected) error\n"); + torture_assert_int_equal(tctx, r.out.ctr.ctr1->array[0].status, DRSUAPI_DS_NAME_STATUS_NO_MAPPING, + "Unexpected error: This name lookup should fail"); + torture_comment(tctx, "(expected) error\n"); break; case DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN: case DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY: - if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR) { - printf(__location__ ": Unexpected error (%d): This name lookup should fail\n", - r.out.ctr.ctr1->array[0].status); - return False; - } - printf ("(expected) error\n"); + torture_assert_int_equal(tctx, r.out.ctr.ctr1->array[0].status, + DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR, + "Unexpected error: This name lookup should fail"); + torture_comment(tctx, "(expected) error\n"); break; default: - if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) { - printf("Error: %d\n", r.out.ctr.ctr1->array[0].status); - return False; - } + torture_assert_int_equal(tctx, r.out.ctr.ctr1->array[0].status, DRSUAPI_DS_NAME_STATUS_OK, + "Error"); } switch (formats[i]) { @@ -138,7 +112,7 @@ static BOOL test_DsCrackNamesMatrix(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, break; default: n_from[i] = r.out.ctr.ctr1->array[0].result_name; - printf("%s\n", n_from[i]); + torture_comment(tctx, "%s\n", n_from[i]); } } @@ -151,25 +125,12 @@ static BOOL test_DsCrackNamesMatrix(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, continue; } names[0].str = n_from[i]; - status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r); - if (!NT_STATUS_IS_OK(status)) { - const char *errstr = nt_errstr(status); - if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) { - errstr = dcerpc_errstr(mem_ctx, p->last_fault_code); - } - printf("testing DsCrackNames (matrix) with name '%s' from format: %d desired format:%d failed - %s", - names[0].str, r.in.req.req1.format_offered, r.in.req.req1.format_desired, errstr); - ret = False; - } else if (!W_ERROR_IS_OK(r.out.result)) { - printf("testing DsCrackNames (matrix) with name '%s' from format: %d desired format:%d failed - %s", - names[0].str, r.in.req.req1.format_offered, r.in.req.req1.format_desired, - win_errstr(r.out.result)); - ret = False; - } - - if (!ret) { - return ret; - } + status = dcerpc_drsuapi_DsCrackNames(p, tctx, &r); + torture_comment(tctx, "testing DsCrackNames (matrix) with name '%s' from format: %d desired format:%d", + names[0].str, r.in.req.req1.format_offered, r.in.req.req1.format_desired); + torture_assert_ntstatus_ok(tctx, status, "DsCrackNames failed"); + torture_assert_werr_ok(tctx, r.out.result, "DsCrackNames failed"); + if (r.out.ctr.ctr1->array[0].status == DRSUAPI_DS_NAME_STATUS_OK) { n_matrix[i][j] = r.out.ctr.ctr1->array[0].result_name; } else { @@ -188,28 +149,22 @@ static BOOL test_DsCrackNamesMatrix(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, /* we can't map to these two */ } else if (n_matrix[i][j] == NULL && formats[j] == DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL) { } else if (n_matrix[i][j] == NULL && formats[j] == DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL) { - } else if (n_matrix[i][j] == NULL && n_from[j] != NULL) { - printf("dcerpc_drsuapi_DsCrackNames mismatch - from %d to %d: %s should be %s\n", formats[i], formats[j], n_matrix[i][j], n_from[j]); - ret = False; - } else if (n_matrix[i][j] != NULL && n_from[j] == NULL) { - printf("dcerpc_drsuapi_DsCrackNames mismatch - from %d to %d: %s should be %s\n", formats[i], formats[j], n_matrix[i][j], n_from[j]); - ret = False; - } else if (strcmp(n_matrix[i][j], n_from[j]) != 0) { - printf("dcerpc_drsuapi_DsCrackNames mismatch - from %d to %d: %s should be %s\n", formats[i], formats[j], n_matrix[i][j], n_from[j]); - ret = False; + } else { + torture_assert_str_equal(tctx, n_matrix[i][j], n_from[j], + "dcerpc_drsuapi_DsCrackNames mismatch"); } } } - return ret; + return true; } -BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, - struct DsPrivate *priv) +bool test_DsCrackNames(struct torture_context *tctx, + struct dcerpc_pipe *p, + struct DsPrivate *priv) { NTSTATUS status; struct drsuapi_DsCrackNames r; struct drsuapi_DsNameString names[1]; - BOOL ret = True; const char *dns_domain; const char *nt4_domain; const char *FQDN_1779_name; @@ -239,32 +194,18 @@ BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, r.in.req.req1.format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY; r.in.req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT; - dom_sid = dom_sid_string(mem_ctx, torture_join_sid(priv->join)); + dom_sid = dom_sid_string(tctx, torture_join_sid(priv->join)); names[0].str = dom_sid; printf("testing DsCrackNames with name '%s' desired format:%d\n", names[0].str, r.in.req.req1.format_desired); - status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r); - if (!NT_STATUS_IS_OK(status)) { - const char *errstr = nt_errstr(status); - if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) { - errstr = dcerpc_errstr(mem_ctx, p->last_fault_code); - } - printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr); - ret = False; - } else if (!W_ERROR_IS_OK(r.out.result)) { - printf("DsCrackNames failed - %s\n", win_errstr(r.out.result)); - ret = False; - } else if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) { - printf("DsCrackNames failed on name - %d\n", r.out.ctr.ctr1->array[0].status); - ret = False; - } - - if (!ret) { - return ret; - } + status = dcerpc_drsuapi_DsCrackNames(p, tctx, &r); + torture_assert_ntstatus_ok(tctx, status, "DsCrackNames"); + torture_assert_werr_ok(tctx, r.out.result, "DsCrackNames failed"); + torture_assert_int_equal(tctx, r.out.ctr.ctr1->array[0].status, DRSUAPI_DS_NAME_STATUS_OK, + "DsCrackNames failed on name"); dns_domain = r.out.ctr.ctr1->array[0].dns_domain_name; nt4_domain = r.out.ctr.ctr1->array[0].result_name; @@ -274,25 +215,11 @@ BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, printf("testing DsCrackNames with name '%s' desired format:%d\n", names[0].str, r.in.req.req1.format_desired); - status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r); - if (!NT_STATUS_IS_OK(status)) { - const char *errstr = nt_errstr(status); - if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) { - errstr = dcerpc_errstr(mem_ctx, p->last_fault_code); - } - printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr); - ret = False; - } else if (!W_ERROR_IS_OK(r.out.result)) { - printf("DsCrackNames failed - %s\n", win_errstr(r.out.result)); - ret = False; - } else if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) { - printf("DsCrackNames failed on name - %d\n", r.out.ctr.ctr1->array[0].status); - ret = False; - } - - if (!ret) { - return ret; - } + status = dcerpc_drsuapi_DsCrackNames(p, tctx, &r); + torture_assert_ntstatus_ok(tctx, status, "dcerpc_drsuapi_DsCrackNames failed"); + torture_assert_werr_ok(tctx, r.out.result, "DsCrackNames failed"); + torture_assert_int_equal(tctx, r.out.ctr.ctr1->array[0].status, DRSUAPI_DS_NAME_STATUS_OK, + "DsCrackNames failed on name"); priv->domain_dns_name = r.out.ctr.ctr1->array[0].dns_domain_name; priv->domain_guid_str = r.out.ctr.ctr1->array[0].result_name; @@ -300,108 +227,56 @@ BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, r.in.req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779; - printf("testing DsCrackNames with name '%s' desired format:%d\n", + torture_comment(tctx, "testing DsCrackNames with name '%s' desired format:%d\n", names[0].str, r.in.req.req1.format_desired); - status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r); - if (!NT_STATUS_IS_OK(status)) { - const char *errstr = nt_errstr(status); - if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) { - errstr = dcerpc_errstr(mem_ctx, p->last_fault_code); - } - printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr); - ret = False; - } else if (!W_ERROR_IS_OK(r.out.result)) { - printf("DsCrackNames failed - %s\n", win_errstr(r.out.result)); - ret = False; - } else if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) { - printf("DsCrackNames failed on name - %d\n", r.out.ctr.ctr1->array[0].status); - ret = False; - } - - if (!ret) { - return ret; - } + status = dcerpc_drsuapi_DsCrackNames(p, tctx, &r); + torture_assert_ntstatus_ok(tctx, status, "dcerpc_drsuapi_DsCrackNames failed"); + torture_assert_werr_ok(tctx, r.out.result, "DsCrackNames failed"); + torture_assert_int_equal(tctx, r.out.ctr.ctr1->array[0].status, DRSUAPI_DS_NAME_STATUS_OK, + "DsCrackNames failed on name"); - ldb = ldb_init(mem_ctx); + ldb = ldb_init(tctx); realm_dn_str = r.out.ctr.ctr1->array[0].result_name; - realm_dn = ldb_dn_new(mem_ctx, ldb, realm_dn_str); - realm_canonical = ldb_dn_canonical_string(mem_ctx, realm_dn); - - if (strcmp(realm_canonical, - talloc_asprintf(mem_ctx, "%s/", dns_domain))!= 0) { - printf("local Round trip on canonical name failed: %s != %s!\n", - realm_canonical, - talloc_asprintf(mem_ctx, "%s/", dns_domain)); - return False; - }; + realm_dn = ldb_dn_new(tctx, ldb, realm_dn_str); + realm_canonical = ldb_dn_canonical_string(tctx, realm_dn); - realm_canonical_ex = ldb_dn_canonical_ex_string(mem_ctx, realm_dn); + torture_assert_str_equal(tctx, realm_canonical, + talloc_asprintf(tctx, "%s/", dns_domain), "local Round trip on canonical name failed"); - if (strcmp(realm_canonical_ex, - talloc_asprintf(mem_ctx, "%s\n", dns_domain))!= 0) { - printf("local Round trip on canonical ex name failed: %s != %s!\n", - realm_canonical, - talloc_asprintf(mem_ctx, "%s\n", dns_domain)); - return False; - }; + realm_canonical_ex = ldb_dn_canonical_ex_string(tctx, realm_dn); + + torture_assert_str_equal(tctx, realm_canonical_ex, talloc_asprintf(tctx, "%s\n", dns_domain), + "local Round trip on canonical ex name failed"); r.in.req.req1.format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT; r.in.req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779; names[0].str = nt4_domain; - printf("testing DsCrackNames with name '%s' desired format:%d\n", + torture_comment(tctx, "testing DsCrackNames with name '%s' desired format:%d\n", names[0].str, r.in.req.req1.format_desired); - status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r); - if (!NT_STATUS_IS_OK(status)) { - const char *errstr = nt_errstr(status); - if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) { - errstr = dcerpc_errstr(mem_ctx, p->last_fault_code); - } - printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr); - ret = False; - } else if (!W_ERROR_IS_OK(r.out.result)) { - printf("DsCrackNames failed - %s\n", win_errstr(r.out.result)); - ret = False; - } else if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) { - printf("DsCrackNames failed on name - %d\n", r.out.ctr.ctr1->array[0].status); - ret = False; - } - - if (!ret) { - return ret; - } + status = dcerpc_drsuapi_DsCrackNames(p, tctx, &r); + torture_assert_ntstatus_ok(tctx, status, "dcerpc_drsuapi_DsCrackNames failed"); + torture_assert_werr_ok(tctx, r.out.result, "DsCrackNames failed"); + torture_assert_int_equal(tctx, r.out.ctr.ctr1->array[0].status, DRSUAPI_DS_NAME_STATUS_OK, + "DsCrackNames failed on name"); priv->domain_obj_dn = r.out.ctr.ctr1->array[0].result_name; r.in.req.req1.format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT; r.in.req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779; - names[0].str = talloc_asprintf(mem_ctx, "%s%s$", nt4_domain, test_dc); + names[0].str = talloc_asprintf(tctx, "%s%s$", nt4_domain, test_dc); - printf("testing DsCrackNames with name '%s' desired format:%d\n", + torture_comment(tctx, "testing DsCrackNames with name '%s' desired format:%d\n", names[0].str, r.in.req.req1.format_desired); - status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r); - if (!NT_STATUS_IS_OK(status)) { - const char *errstr = nt_errstr(status); - if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) { - errstr = dcerpc_errstr(mem_ctx, p->last_fault_code); - } - printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr); - ret = False; - } else if (!W_ERROR_IS_OK(r.out.result)) { - printf("DsCrackNames failed - %s\n", win_errstr(r.out.result)); - ret = False; - } else if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) { - printf("DsCrackNames failed on name - %d\n", r.out.ctr.ctr1->array[0].status); - ret = False; - } - - if (!ret) { - return ret; - } + status = dcerpc_drsuapi_DsCrackNames(p, tctx, &r); + torture_assert_ntstatus_ok(tctx, status, "dcerpc_drsuapi_DsCrackNames failed"); + torture_assert_werr_ok(tctx, r.out.result, "DsCrackNames failed"); + torture_assert_int_equal(tctx, r.out.ctr.ctr1->array[0].status, DRSUAPI_DS_NAME_STATUS_OK, + "DsCrackNames failed on name"); FQDN_1779_name = r.out.ctr.ctr1->array[0].result_name; @@ -409,47 +284,31 @@ BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, r.in.req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779; names[0].str = priv->domain_guid_str; - printf("testing DsCrackNames with name '%s' desired format:%d\n", + torture_comment(tctx, "testing DsCrackNames with name '%s' desired format:%d\n", names[0].str, r.in.req.req1.format_desired); - status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r); - if (!NT_STATUS_IS_OK(status)) { - const char *errstr = nt_errstr(status); - if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) { - errstr = dcerpc_errstr(mem_ctx, p->last_fault_code); - } - printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr); - ret = False; - } else if (!W_ERROR_IS_OK(r.out.result)) { - printf("DsCrackNames failed - %s\n", win_errstr(r.out.result)); - ret = False; - } else if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) { - printf("DsCrackNames failed on name - %d\n", r.out.ctr.ctr1->array[0].status); - ret = False; - } - - if (!ret) { - return ret; - } + status = dcerpc_drsuapi_DsCrackNames(p, tctx, &r); + torture_assert_ntstatus_ok(tctx, status, "dcerpc_drsuapi_DsCrackNames failed"); + torture_assert_werr_ok(tctx, r.out.result, "DsCrackNames failed"); + torture_assert_int_equal(tctx, r.out.ctr.ctr1->array[0].status, DRSUAPI_DS_NAME_STATUS_OK, + "DsCrackNames failed on name"); - if (strcmp(priv->domain_dns_name, r.out.ctr.ctr1->array[0].dns_domain_name) != 0) { - printf("DsCrackNames failed to return same DNS name - expected %s got %s\n", priv->domain_dns_name, r.out.ctr.ctr1->array[0].dns_domain_name); - return False; - } + torture_assert_str_equal(tctx, priv->domain_dns_name, r.out.ctr.ctr1->array[0].dns_domain_name, + "DsCrackNames failed to return same DNS name"); - FQDN_1779_dn = ldb_dn_new(mem_ctx, ldb, FQDN_1779_name); + FQDN_1779_dn = ldb_dn_new(tctx, ldb, FQDN_1779_name); - canonical_name = ldb_dn_canonical_string(mem_ctx, FQDN_1779_dn); - canonical_ex_name = ldb_dn_canonical_ex_string(mem_ctx, FQDN_1779_dn); + canonical_name = ldb_dn_canonical_string(tctx, FQDN_1779_dn); + canonical_ex_name = ldb_dn_canonical_ex_string(tctx, FQDN_1779_dn); - user_principal_name = talloc_asprintf(mem_ctx, "%s$@%s", test_dc, dns_domain); + user_principal_name = talloc_asprintf(tctx, "%s$@%s", test_dc, dns_domain); /* form up a user@DOMAIN */ - user_principal_name_short = talloc_asprintf(mem_ctx, "%s$@%s", test_dc, nt4_domain); + user_principal_name_short = talloc_asprintf(tctx, "%s$@%s", test_dc, nt4_domain); /* variable nt4_domain includs a trailing \ */ user_principal_name_short[strlen(user_principal_name_short) - 1] = '\0'; - service_principal_name = talloc_asprintf(mem_ctx, "HOST/%s", test_dc); + service_principal_name = talloc_asprintf(tctx, "HOST/%s", test_dc); { struct { @@ -462,7 +321,7 @@ BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, enum drsuapi_DsNameStatus status; enum drsuapi_DsNameStatus alternate_status; enum drsuapi_DsNameFlags flags; - BOOL skip; + bool skip; } crack[] = { { .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL, @@ -494,7 +353,7 @@ BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, { .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL, .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779, - .str = talloc_asprintf(mem_ctx, "cifs/%s.%s", test_dc, dns_domain), + .str = talloc_asprintf(tctx, "cifs/%s.%s", test_dc, dns_domain), .comment = "ServicePrincipal Name", .expected_str = FQDN_1779_name, .status = DRSUAPI_DS_NAME_STATUS_OK @@ -570,7 +429,7 @@ BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, .format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL, .str = priv->domain_guid_str, .comment = "Domain GUID to Canonical", - .expected_str = talloc_asprintf(mem_ctx, "%s/", dns_domain), + .expected_str = talloc_asprintf(tctx, "%s/", dns_domain), .status = DRSUAPI_DS_NAME_STATUS_OK }, { @@ -578,7 +437,7 @@ BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, .format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX, .str = priv->domain_guid_str, .comment = "Domain GUID to Canonical EX", - .expected_str = talloc_asprintf(mem_ctx, "%s\n", dns_domain), + .expected_str = talloc_asprintf(tctx, "%s\n", dns_domain), .status = DRSUAPI_DS_NAME_STATUS_OK }, { @@ -593,7 +452,7 @@ BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, { .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID, .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779, - .str = GUID_string2(mem_ctx, torture_join_user_guid(priv->join)), + .str = GUID_string2(tctx, torture_join_user_guid(priv->join)), .comment = "Account GUID -> DN", .expected_str = FQDN_1779_name, .status = DRSUAPI_DS_NAME_STATUS_OK @@ -601,15 +460,15 @@ BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, { .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID, .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT, - .str = GUID_string2(mem_ctx, torture_join_user_guid(priv->join)), + .str = GUID_string2(tctx, torture_join_user_guid(priv->join)), .comment = "Account GUID -> NT4 Account", - .expected_str = talloc_asprintf(mem_ctx, "%s%s$", nt4_domain, test_dc), + .expected_str = talloc_asprintf(tctx, "%s%s$", nt4_domain, test_dc), .status = DRSUAPI_DS_NAME_STATUS_OK }, { .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID, .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779, - .str = GUID_string2(mem_ctx, &priv->dcinfo.site_guid), + .str = GUID_string2(tctx, &priv->dcinfo.site_guid), .comment = "Site GUID", .expected_str = priv->dcinfo.site_dn, .status = DRSUAPI_DS_NAME_STATUS_OK @@ -617,7 +476,7 @@ BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, { .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID, .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779, - .str = GUID_string2(mem_ctx, &priv->dcinfo.computer_guid), + .str = GUID_string2(tctx, &priv->dcinfo.computer_guid), .comment = "Computer GUID", .expected_str = priv->dcinfo.computer_dn, .status = DRSUAPI_DS_NAME_STATUS_OK @@ -625,14 +484,14 @@ BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, { .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID, .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT, - .str = GUID_string2(mem_ctx, &priv->dcinfo.computer_guid), + .str = GUID_string2(tctx, &priv->dcinfo.computer_guid), .comment = "Computer GUID -> NT4 Account", .status = DRSUAPI_DS_NAME_STATUS_OK }, { .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID, .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779, - .str = GUID_string2(mem_ctx, &priv->dcinfo.server_guid), + .str = GUID_string2(tctx, &priv->dcinfo.server_guid), .comment = "Server GUID", .expected_str = priv->dcinfo.server_dn, .status = DRSUAPI_DS_NAME_STATUS_OK @@ -640,7 +499,7 @@ BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, { .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID, .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779, - .str = GUID_string2(mem_ctx, &priv->dcinfo.ntds_guid), + .str = GUID_string2(tctx, &priv->dcinfo.ntds_guid), .comment = "NTDS GUID", .expected_str = priv->dcinfo.ntds_dn, .status = DRSUAPI_DS_NAME_STATUS_OK, @@ -656,7 +515,7 @@ BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, { .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL, .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779, - .str = talloc_asprintf(mem_ctx, "krbtgt/%s", dns_domain), + .str = talloc_asprintf(tctx, "krbtgt/%s", dns_domain), .comment = "Looking for KRBTGT as a serivce principal", .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY, .expected_dns = dns_domain @@ -664,7 +523,7 @@ BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, { .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL, .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779, - .str = talloc_asprintf(mem_ctx, "bogus/%s", dns_domain), + .str = talloc_asprintf(tctx, "bogus/%s", dns_domain), .comment = "Looking for bogus serivce principal", .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY, .expected_dns = dns_domain @@ -672,30 +531,30 @@ BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, { .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL, .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779, - .str = talloc_asprintf(mem_ctx, "bogus/%s.%s", test_dc, dns_domain), + .str = talloc_asprintf(tctx, "bogus/%s.%s", test_dc, dns_domain), .comment = "Looking for bogus serivce on test DC", .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY, - .expected_dns = talloc_asprintf(mem_ctx, "%s.%s", test_dc, dns_domain) + .expected_dns = talloc_asprintf(tctx, "%s.%s", test_dc, dns_domain) }, { .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL, .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779, - .str = talloc_asprintf(mem_ctx, "krbtgt"), + .str = talloc_asprintf(tctx, "krbtgt"), .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND }, { .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL, .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779, .comment = "Looking for the kadmin/changepw service as a serivce principal", - .str = talloc_asprintf(mem_ctx, "kadmin/changepw"), + .str = talloc_asprintf(tctx, "kadmin/changepw"), .status = DRSUAPI_DS_NAME_STATUS_OK, - .expected_str = talloc_asprintf(mem_ctx, "CN=krbtgt,CN=Users,%s", realm_dn_str), + .expected_str = talloc_asprintf(tctx, "CN=krbtgt,CN=Users,%s", realm_dn_str), .alternate_status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE }, { .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL, .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779, - .str = talloc_asprintf(mem_ctx, "cifs/%s.%s@%s", + .str = talloc_asprintf(tctx, "cifs/%s.%s@%s", test_dc, dns_domain, dns_domain), .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY @@ -703,7 +562,7 @@ BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, { .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL, .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779, - .str = talloc_asprintf(mem_ctx, "cifs/%s.%s@%s", + .str = talloc_asprintf(tctx, "cifs/%s.%s@%s", test_dc, dns_domain, "BOGUS"), .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY, @@ -712,7 +571,7 @@ BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, { .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL, .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779, - .str = talloc_asprintf(mem_ctx, "cifs/%s.%s@%s", + .str = talloc_asprintf(tctx, "cifs/%s.%s@%s", test_dc, "REALLY", "BOGUS"), .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY, @@ -721,14 +580,14 @@ BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, { .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL, .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779, - .str = talloc_asprintf(mem_ctx, "cifs/%s.%s", + .str = talloc_asprintf(tctx, "cifs/%s.%s", test_dc, dns_domain), .status = DRSUAPI_DS_NAME_STATUS_OK }, { .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL, .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779, - .str = talloc_asprintf(mem_ctx, "cifs/%s", + .str = talloc_asprintf(tctx, "cifs/%s", test_dc), .status = DRSUAPI_DS_NAME_STATUS_OK }, @@ -775,21 +634,21 @@ BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID, .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779, .comment = "BIND GUID (ie, not in the directory)", - .str = GUID_string2(mem_ctx, &priv->bind_guid), + .str = GUID_string2(tctx, &priv->bind_guid), .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND }, { .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL, .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779, .comment = "Unqualified Machine account as user principal", - .str = talloc_asprintf(mem_ctx, "%s$", test_dc), + .str = talloc_asprintf(tctx, "%s$", test_dc), .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND }, { .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL, .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779, .comment = "Machine account as service principal", - .str = talloc_asprintf(mem_ctx, "%s$", test_dc), + .str = talloc_asprintf(tctx, "%s$", test_dc), .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND }, { @@ -803,7 +662,7 @@ BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, .format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT, .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779, .comment = "Realm as an NT4 domain lookup", - .str = talloc_asprintf(mem_ctx, "%s\\", dns_domain), + .str = talloc_asprintf(tctx, "%s\\", dns_domain), .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND }, { @@ -827,7 +686,7 @@ BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, .str = SID_BUILTIN, .comment = "Builtin Domain SID -> DN", .status = DRSUAPI_DS_NAME_STATUS_OK, - .expected_str = talloc_asprintf(mem_ctx, "CN=Builtin,%s", realm_dn_str), + .expected_str = talloc_asprintf(tctx, "CN=Builtin,%s", realm_dn_str), .alternate_status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE }, { @@ -874,7 +733,7 @@ BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL, .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779, .comment = "invalid user principal name in valid domain", - .str = talloc_asprintf(mem_ctx, "invalidusername@%s", dns_domain), + .str = talloc_asprintf(tctx, "invalidusername@%s", dns_domain), .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND } }; @@ -888,73 +747,53 @@ BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, names[0].str = crack[i].str; if (crack[i].comment) { - comment = talloc_asprintf(mem_ctx, "'%s' with name '%s' desired format:%d\n", + comment = talloc_asprintf(tctx, "'%s' with name '%s' desired format:%d\n", crack[i].comment, names[0].str, r.in.req.req1.format_desired); } else { - comment = talloc_asprintf(mem_ctx, "'%s' desired format:%d\n", + comment = talloc_asprintf(tctx, "'%s' desired format:%d\n", names[0].str, r.in.req.req1.format_desired); } + torture_comment(tctx, "Running DsCrackNames on %s", comment); if (crack[i].skip) { printf("skipping: %s", comment); continue; } - status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r); - if (!NT_STATUS_IS_OK(status)) { - const char *errstr = nt_errstr(status); - if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) { - errstr = dcerpc_errstr(mem_ctx, p->last_fault_code); - } - printf("dcerpc_drsuapi_DsCrackNames failed on %s - %s\n", comment, errstr); - ret = False; - } else if (!W_ERROR_IS_OK(r.out.result)) { - printf("DsCrackNames failed - %s\n", win_errstr(r.out.result)); - ret = False; - } else if (r.out.ctr.ctr1->array[0].status != crack[i].status) { + status = dcerpc_drsuapi_DsCrackNames(p, tctx, &r); + torture_assert_ntstatus_ok(tctx, status, "dcerpc_drsuapi_DsCrackNames failed"); + torture_assert_werr_ok(tctx, r.out.result, "DsCrackNames failed"); + if (r.out.ctr.ctr1->array[0].status != crack[i].status) { if (crack[i].alternate_status) { - if (r.out.ctr.ctr1->array[0].status != crack[i].alternate_status) { - printf("DsCrackNames unexpected status %d, wanted %d or %d on: %s\n", - r.out.ctr.ctr1->array[0].status, - crack[i].status, - crack[i].alternate_status, - comment); - ret = False; - } + torture_assert_int_equal(tctx, r.out.ctr.ctr1->array[0].status, + crack[i].alternate_status, + "DsCrackNames unexpected status"); } else { - printf("DsCrackNames unexpected status %d, wanted %d on: %s\n", - r.out.ctr.ctr1->array[0].status, - crack[i].status, - comment); - ret = False; + torture_fail(tctx, "DsCrackNames unexpected status"); } } else if (crack[i].expected_str && (strcmp(r.out.ctr.ctr1->array[0].result_name, crack[i].expected_str) != 0)) { if (strcasecmp(r.out.ctr.ctr1->array[0].result_name, crack[i].expected_str) != 0) { - printf("DsCrackNames failed - got %s, expected %s on %s\n", + torture_comment(tctx, "DsCrackNames failed - got %s, expected %s on %s\n", r.out.ctr.ctr1->array[0].result_name, crack[i].expected_str, comment); - ret = False; + return False; } else { - printf("(warning) DsCrackNames returned different case - got %s, expected %s on %s\n", + torture_comment(tctx, + "(warning) DsCrackNames returned different case - got %s, expected %s on %s\n", r.out.ctr.ctr1->array[0].result_name, crack[i].expected_str, comment); } - } else if (crack[i].expected_dns - && (strcmp(r.out.ctr.ctr1->array[0].dns_domain_name, - crack[i].expected_dns) != 0)) { - printf("DsCrackNames failed - got DNS name %s, expected %s on %s\n", - r.out.ctr.ctr1->array[0].result_name, - crack[i].expected_str, comment); - ret = False; - } + } else if (crack[i].expected_dns) + torture_assert_str_equal(tctx, r.out.ctr.ctr1->array[0].dns_domain_name, + crack[i].expected_dns, "DsCrackNames failed"); } } - if (!test_DsCrackNamesMatrix(p, mem_ctx, priv, FQDN_1779_name, + if (!test_DsCrackNamesMatrix(p, tctx, priv, FQDN_1779_name, user_principal_name, service_principal_name)) { - ret = False; + return false; } - return ret; + return true; } diff --git a/source4/torture/rpc/echo.c b/source4/torture/rpc/echo.c index edc35c0aa7..814c8e31b9 100644 --- a/source4/torture/rpc/echo.c +++ b/source4/torture/rpc/echo.c @@ -427,10 +427,10 @@ failed: } -struct torture_suite *torture_rpc_echo(void) +struct torture_suite *torture_rpc_echo(TALLOC_CTX *mem_ctx) { struct torture_suite *suite = torture_suite_create( - talloc_autofree_context(), "ECHO"); + mem_ctx, "ECHO"); struct torture_rpc_tcase *tcase; tcase = torture_suite_add_rpc_iface_tcase(suite, "echo", diff --git a/source4/torture/rpc/eventlog.c b/source4/torture/rpc/eventlog.c index 99208eb7ea..539923a2e0 100644 --- a/source4/torture/rpc/eventlog.c +++ b/source4/torture/rpc/eventlog.c @@ -229,13 +229,13 @@ static bool test_OpenEventLog(struct torture_context *tctx, return true; } -struct torture_suite *torture_rpc_eventlog(void) +struct torture_suite *torture_rpc_eventlog(TALLOC_CTX *mem_ctx) { struct torture_suite *suite; struct torture_rpc_tcase *tcase; struct torture_test *test; - suite = torture_suite_create(talloc_autofree_context(), "EVENTLOG"); + suite = torture_suite_create(mem_ctx, "EVENTLOG"); tcase = torture_suite_add_rpc_iface_tcase(suite, "eventlog", &ndr_table_eventlog); diff --git a/source4/torture/rpc/rpc.c b/source4/torture/rpc/rpc.c index 651292640b..915853b831 100644 --- a/source4/torture/rpc/rpc.c +++ b/source4/torture/rpc/rpc.c @@ -27,18 +27,6 @@ #include "librpc/ndr/ndr_table.h" #include "lib/util/dlinklist.h" -struct torture_rpc_tcase { - struct torture_tcase tcase; - const struct ndr_interface_table *table; - const char *machine_name; -}; - -struct torture_rpc_tcase_data { - struct test_join *join_ctx; - struct dcerpc_pipe *pipe; - struct cli_credentials *credentials; -}; - static bool torture_rpc_teardown (struct torture_context *tcase, void *data) { @@ -116,7 +104,6 @@ NTSTATUS torture_rpc_connection_transport(struct torture_context *tctx, { NTSTATUS status; struct dcerpc_binding *binding; - TALLOC_CTX *mem_ctx = talloc_named(tctx, 0, "torture_rpc_connection_smb"); status = torture_rpc_binding(tctx, &binding); if (NT_STATUS_IS_ERR(status)) @@ -125,15 +112,13 @@ NTSTATUS torture_rpc_connection_transport(struct torture_context *tctx, binding->transport = transport; binding->assoc_group_id = assoc_group_id; - status = dcerpc_pipe_connect_b(mem_ctx, p, binding, table, + status = dcerpc_pipe_connect_b(tctx, p, binding, table, cmdline_credentials, NULL); - if (NT_STATUS_IS_OK(status)) { - *p = talloc_reference(tctx, *p); - } else { + if (NT_STATUS_IS_ERR(status)) { *p = NULL; } - talloc_free(mem_ctx); + return status; } @@ -178,16 +163,28 @@ _PUBLIC_ struct torture_rpc_tcase *torture_suite_add_machine_rpc_iface_tcase( struct torture_rpc_tcase *tcase = talloc(suite, struct torture_rpc_tcase); - torture_suite_init_tcase(suite, (struct torture_tcase *)tcase, name); + torture_suite_init_rpc_tcase(suite, tcase, name, table); tcase->machine_name = talloc_strdup(tcase, machine_name); tcase->tcase.setup = torture_rpc_setup_machine; tcase->tcase.teardown = torture_rpc_teardown; - tcase->table = table; return tcase; } +_PUBLIC_ bool torture_suite_init_rpc_tcase(struct torture_suite *suite, + struct torture_rpc_tcase *tcase, + const char *name, + const struct ndr_interface_table *table) +{ + if (!torture_suite_init_tcase(suite, (struct torture_tcase *)tcase, name)) + return false; + + tcase->table = table; + + return true; +} + static bool torture_rpc_setup_anonymous(struct torture_context *tctx, void **data) { @@ -227,7 +224,7 @@ static bool torture_rpc_setup (struct torture_context *tctx, void **data) status = torture_rpc_connection(tctx, &(tcase_data->pipe), - (const struct ndr_interface_table *)tcase->table); + tcase->table); torture_assert_ntstatus_ok(tctx, status, "Error connecting to server"); @@ -242,11 +239,10 @@ _PUBLIC_ struct torture_rpc_tcase *torture_suite_add_anon_rpc_iface_tcase(struct { struct torture_rpc_tcase *tcase = talloc(suite, struct torture_rpc_tcase); - torture_suite_init_tcase(suite, (struct torture_tcase *)tcase, name); + torture_suite_init_rpc_tcase(suite, tcase, name, table); tcase->tcase.setup = torture_rpc_setup_anonymous; tcase->tcase.teardown = torture_rpc_teardown; - tcase->table = table; return tcase; } @@ -258,11 +254,10 @@ _PUBLIC_ struct torture_rpc_tcase *torture_suite_add_rpc_iface_tcase(struct tort { struct torture_rpc_tcase *tcase = talloc(suite, struct torture_rpc_tcase); - torture_suite_init_tcase(suite, (struct torture_tcase *)tcase, name); + torture_suite_init_rpc_tcase(suite, tcase, name, table); tcase->tcase.setup = torture_rpc_setup; tcase->tcase.teardown = torture_rpc_teardown; - tcase->table = table; return tcase; } @@ -384,11 +379,11 @@ NTSTATUS torture_rpc_init(void) torture_suite_add_simple_test(suite, "LSALOOKUP", torture_rpc_lsa_lookup); torture_suite_add_simple_test(suite, "LSA-GETUSER", torture_rpc_lsa_get_user); torture_suite_add_simple_test(suite, "SECRETS", torture_rpc_lsa_secrets); - torture_suite_add_suite(suite, torture_rpc_echo()); + torture_suite_add_suite(suite, torture_rpc_echo(suite)); torture_suite_add_simple_test(suite, "DFS", torture_rpc_dfs); - torture_suite_add_suite(suite, torture_rpc_unixinfo()); - torture_suite_add_suite(suite, torture_rpc_eventlog()); - torture_suite_add_suite(suite, torture_rpc_atsvc()); + torture_suite_add_suite(suite, torture_rpc_unixinfo(suite)); + torture_suite_add_suite(suite, torture_rpc_eventlog(suite)); + torture_suite_add_suite(suite, torture_rpc_atsvc(suite)); torture_suite_add_suite(suite, torture_rpc_wkssvc(suite)); torture_suite_add_suite(suite, torture_rpc_handles(suite)); torture_suite_add_suite(suite, torture_rpc_winreg(suite)); @@ -425,8 +420,8 @@ NTSTATUS torture_rpc_init(void) torture_suite_add_simple_test(suite, "SAMBA3-SPOOLSS", torture_samba3_rpc_spoolss); torture_suite_add_simple_test(suite, "SAMBA3-WKSSVC", torture_samba3_rpc_wkssvc); torture_suite_add_simple_test(suite, "SAMBA3-WINREG", torture_samba3_rpc_winreg); - torture_suite_add_simple_test(suite, "DRSUAPI", torture_rpc_drsuapi); - torture_suite_add_simple_test(suite, "CRACKNAMES", torture_rpc_drsuapi_cracknames); + torture_suite_add_suite(suite, torture_rpc_drsuapi(suite)); + torture_suite_add_suite(suite, torture_rpc_drsuapi_cracknames(suite)); torture_suite_add_simple_test(suite, "DSSETUP", torture_rpc_dssetup); torture_suite_add_simple_test(suite, "ALTERCONTEXT", torture_rpc_alter_context); torture_suite_add_simple_test(suite, "JOIN", torture_rpc_join); diff --git a/source4/torture/rpc/rpc.h b/source4/torture/rpc/rpc.h index 2f1ff323eb..385c734d9c 100644 --- a/source4/torture/rpc/rpc.h +++ b/source4/torture/rpc/rpc.h @@ -30,4 +30,18 @@ #include "torture/rpc/proto.h" #include "torture/ui.h" +struct torture_rpc_tcase { + struct torture_tcase tcase; + const struct ndr_interface_table *table; + const char *machine_name; +}; + +struct torture_rpc_tcase_data { + struct test_join *join_ctx; + struct dcerpc_pipe *pipe; + struct cli_credentials *credentials; +}; + + + #endif /* __TORTURE_RPC_H__ */ diff --git a/source4/torture/rpc/schannel.c b/source4/torture/rpc/schannel.c index e072e592d1..e6bc00312a 100644 --- a/source4/torture/rpc/schannel.c +++ b/source4/torture/rpc/schannel.c @@ -36,7 +36,7 @@ /* try a netlogon SamLogon */ -BOOL test_netlogon_ex_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, +bool test_netlogon_ex_ops(struct dcerpc_pipe *p, struct torture_context *tctx, struct cli_credentials *credentials, struct creds_CredentialState *creds) { @@ -45,7 +45,6 @@ BOOL test_netlogon_ex_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct netr_NetworkInfo ninfo; DATA_BLOB names_blob, chal, lm_resp, nt_resp; int i; - BOOL ret = True; int flags = CLI_CRED_NTLM_AUTH; if (lp_client_lanman_auth()) { flags |= CLI_CRED_LANMAN_AUTH; @@ -55,7 +54,7 @@ BOOL test_netlogon_ex_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, flags |= CLI_CRED_NTLMv2_AUTH; } - cli_credentials_get_ntlm_username_domain(cmdline_credentials, mem_ctx, + cli_credentials_get_ntlm_username_domain(cmdline_credentials, tctx, &ninfo.identity_info.account_name.string, &ninfo.identity_info.domain_name.string); @@ -64,20 +63,17 @@ BOOL test_netlogon_ex_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, chal = data_blob_const(ninfo.challenge, sizeof(ninfo.challenge)); - names_blob = NTLMv2_generate_names_blob(mem_ctx, cli_credentials_get_workstation(credentials), + names_blob = NTLMv2_generate_names_blob(tctx, cli_credentials_get_workstation(credentials), cli_credentials_get_domain(credentials)); - status = cli_credentials_get_ntlm_response(cmdline_credentials, mem_ctx, + status = cli_credentials_get_ntlm_response(cmdline_credentials, tctx, &flags, chal, names_blob, &lm_resp, &nt_resp, NULL, NULL); - if (!NT_STATUS_IS_OK(status)) { - printf("cli_credentials_get_ntlm_response failed: %s\n", - nt_errstr(status)); - return False; - } + torture_assert_ntstatus_ok(tctx, status, + "cli_credentials_get_ntlm_response failed"); ninfo.lm.data = lm_resp.data; ninfo.lm.length = lm_resp.length; @@ -90,32 +86,31 @@ BOOL test_netlogon_ex_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, ninfo.identity_info.logon_id_high = 0; ninfo.identity_info.workstation.string = cli_credentials_get_workstation(credentials); - r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p)); + r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p)); r.in.computer_name = cli_credentials_get_workstation(credentials); r.in.logon_level = 2; r.in.logon.network = &ninfo; r.in.flags = 0; - printf("Testing LogonSamLogonEx with name %s\n", ninfo.identity_info.account_name.string); + torture_comment(tctx, + "Testing LogonSamLogonEx with name %s\n", + ninfo.identity_info.account_name.string); for (i=2;i<3;i++) { r.in.validation_level = i; - status = dcerpc_netr_LogonSamLogonEx(p, mem_ctx, &r); - if (!NT_STATUS_IS_OK(status)) { - printf("LogonSamLogon failed: %s\n", - nt_errstr(status)); - return False; - } + status = dcerpc_netr_LogonSamLogonEx(p, tctx, &r); + torture_assert_ntstatus_ok(tctx, status, "LogonSamLogon failed"); } - return ret; + return true; } /* do some samr ops using the schannel connection */ -static BOOL test_samr_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) +static bool test_samr_ops(struct torture_context *tctx, + struct dcerpc_pipe *p) { NTSTATUS status; struct samr_GetDomPwInfo r; @@ -135,25 +130,25 @@ static BOOL test_samr_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) printf("Testing Connect and OpenDomain on BUILTIN\n"); - status = dcerpc_samr_Connect(p, mem_ctx, &connect); + status = dcerpc_samr_Connect(p, tctx, &connect); if (!NT_STATUS_IS_OK(status)) { if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) { printf("Connect failed (expected, schannel mapped to anonymous): %s\n", nt_errstr(status)); } else { printf("Connect failed - %s\n", nt_errstr(status)); - return False; + return false; } } else { opendom.in.connect_handle = &handle; opendom.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; - opendom.in.sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32"); + opendom.in.sid = dom_sid_parse_talloc(tctx, "S-1-5-32"); opendom.out.domain_handle = &domain_handle; - status = dcerpc_samr_OpenDomain(p, mem_ctx, &opendom); + status = dcerpc_samr_OpenDomain(p, tctx, &opendom); if (!NT_STATUS_IS_OK(status)) { printf("OpenDomain failed - %s\n", nt_errstr(status)); - return False; + return false; } } @@ -161,7 +156,7 @@ static BOOL test_samr_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) /* do several ops to test credential chaining */ for (i=0;i<5;i++) { - status = dcerpc_samr_GetDomPwInfo(p, mem_ctx, &r); + status = dcerpc_samr_GetDomPwInfo(p, tctx, &r); if (!NT_STATUS_IS_OK(status)) { if (!NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) { printf("GetDomPwInfo op %d failed - %s\n", i, nt_errstr(status)); @@ -177,7 +172,7 @@ static BOOL test_samr_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) /* do some lsa ops using the schannel connection */ -static BOOL test_lsa_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) +static bool test_lsa_ops(struct torture_context *tctx, struct dcerpc_pipe *p) { struct lsa_GetUserName r; NTSTATUS status; @@ -192,7 +187,7 @@ static BOOL test_lsa_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) authority_name_p.string = NULL; /* do several ops to test credential chaining and various operations */ - status = dcerpc_lsa_GetUserName(p, mem_ctx, &r); + status = dcerpc_lsa_GetUserName(p, tctx, &r); if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED)) { printf("not considering %s to be an error\n", nt_errstr(status)); @@ -219,7 +214,7 @@ static BOOL test_lsa_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) return False; } } - if (!test_many_LookupSids(p, mem_ctx, NULL)) { + if (!test_many_LookupSids(p, tctx, NULL)) { printf("LsaLookupSids3 failed!\n"); return False; } @@ -231,12 +226,10 @@ static BOOL test_lsa_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) /* test a schannel connection with the given flags */ -static BOOL test_schannel(TALLOC_CTX *mem_ctx, +static bool test_schannel(struct torture_context *tctx, uint16_t acct_flags, uint32_t dcerpc_flags, int i) { - BOOL ret = True; - struct test_join *join_ctx; NTSTATUS status; const char *binding = lp_parm_string(-1, "torture", "binding"); @@ -250,105 +243,71 @@ static BOOL test_schannel(TALLOC_CTX *mem_ctx, struct creds_CredentialState *creds; struct cli_credentials *credentials; - TALLOC_CTX *test_ctx = talloc_named(mem_ctx, 0, "test_schannel context"); - - join_ctx = torture_join_domain(talloc_asprintf(mem_ctx, "%s%d", TEST_MACHINE_NAME, i), + join_ctx = torture_join_domain(talloc_asprintf(tctx, "%s%d", TEST_MACHINE_NAME, i), acct_flags, &credentials); - if (!join_ctx) { - printf("Failed to join domain with acct_flags=0x%x\n", acct_flags); - talloc_free(test_ctx); - return False; - } + torture_assert(tctx, join_ctx != NULL, "Failed to join domain"); - status = dcerpc_parse_binding(test_ctx, binding, &b); - if (!NT_STATUS_IS_OK(status)) { - printf("Bad binding string %s\n", binding); - goto failed; - } + status = dcerpc_parse_binding(tctx, binding, &b); + torture_assert_ntstatus_ok(tctx, status, "Bad binding string"); b->flags &= ~DCERPC_AUTH_OPTIONS; b->flags |= dcerpc_flags; - status = dcerpc_pipe_connect_b(test_ctx, &p, b, &ndr_table_samr, + status = dcerpc_pipe_connect_b(tctx, &p, b, &ndr_table_samr, credentials, NULL); - if (!NT_STATUS_IS_OK(status)) { - printf("Failed to connect with schannel: %s\n", nt_errstr(status)); - goto failed; - } + torture_assert_ntstatus_ok(tctx, status, + "Failed to connect with schannel"); - if (!test_samr_ops(p, test_ctx)) { - printf("Failed to process schannel secured SAMR ops\n"); - ret = False; - } + torture_assert(tctx, test_samr_ops(tctx, p), + "Failed to process schannel secured SAMR ops"); /* Also test that when we connect to the netlogon pipe, that * the credentials we setup on the first pipe are valid for * the second */ /* Swap the binding details from SAMR to NETLOGON */ - status = dcerpc_epm_map_binding(test_ctx, b, &ndr_table_netlogon, NULL); - if (!NT_STATUS_IS_OK(status)) { - goto failed; - } + status = dcerpc_epm_map_binding(tctx, b, &ndr_table_netlogon, NULL); + torture_assert_ntstatus_ok(tctx, status, "epm map"); status = dcerpc_secondary_connection(p, &p_netlogon, b); - - if (!NT_STATUS_IS_OK(status)) { - goto failed; - } + torture_assert_ntstatus_ok(tctx, status, "seconday connection"); status = dcerpc_bind_auth(p_netlogon, &ndr_table_netlogon, credentials, DCERPC_AUTH_TYPE_SCHANNEL, dcerpc_auth_level(p->conn), NULL); - if (!NT_STATUS_IS_OK(status)) { - goto failed; - } + torture_assert_ntstatus_ok(tctx, status, "bind auth"); - status = dcerpc_schannel_creds(p_netlogon->conn->security_state.generic_state, test_ctx, &creds); - if (!NT_STATUS_IS_OK(status)) { - goto failed; - } + status = dcerpc_schannel_creds(p_netlogon->conn->security_state.generic_state, tctx, &creds); + torture_assert_ntstatus_ok(tctx, status, "schannel creds"); /* do a couple of logins */ - if (!test_netlogon_ops(p_netlogon, test_ctx, credentials, creds)) { - printf("Failed to process schannel secured NETLOGON ops\n"); - ret = False; - } + torture_assert(tctx, test_netlogon_ops(p_netlogon, tctx, credentials, creds), + "Failed to process schannel secured NETLOGON ops"); - if (!test_netlogon_ex_ops(p_netlogon, test_ctx, credentials, creds)) { - printf("Failed to process schannel secured NETLOGON EX ops\n"); - ret = False; - } + torture_assert(tctx, test_netlogon_ex_ops(p_netlogon, tctx, credentials, creds), + "Failed to process schannel secured NETLOGON EX ops"); /* Swap the binding details from SAMR to LSARPC */ - status = dcerpc_epm_map_binding(test_ctx, b, &ndr_table_lsarpc, NULL); - if (!NT_STATUS_IS_OK(status)) { - goto failed; - } + status = dcerpc_epm_map_binding(tctx, b, &ndr_table_lsarpc, NULL); + torture_assert_ntstatus_ok(tctx, status, "epm map"); status = dcerpc_secondary_connection(p, &p_lsa, b); - if (!NT_STATUS_IS_OK(status)) { - goto failed; - } + torture_assert_ntstatus_ok(tctx, status, "seconday connection"); status = dcerpc_bind_auth(p_lsa, &ndr_table_lsarpc, credentials, DCERPC_AUTH_TYPE_SCHANNEL, dcerpc_auth_level(p->conn), NULL); - if (!NT_STATUS_IS_OK(status)) { - goto failed; - } + torture_assert_ntstatus_ok(tctx, status, "bind auth"); - if (!test_lsa_ops(p_lsa, test_ctx)) { - printf("Failed to process schannel secured LSA ops\n"); - ret = False; - } + torture_assert(tctx, test_lsa_ops(tctx, p_lsa), + "Failed to process schannel secured LSA ops"); /* Drop the socket, we want to start from scratch */ talloc_free(p); @@ -356,39 +315,28 @@ static BOOL test_schannel(TALLOC_CTX *mem_ctx, /* Now see what we are still allowed to do */ - status = dcerpc_parse_binding(test_ctx, binding, &b); - if (!NT_STATUS_IS_OK(status)) { - printf("Bad binding string %s\n", binding); - goto failed; - } + status = dcerpc_parse_binding(tctx, binding, &b); + torture_assert_ntstatus_ok(tctx, status, "Bad binding string"); b->flags &= ~DCERPC_AUTH_OPTIONS; b->flags |= dcerpc_flags; - status = dcerpc_pipe_connect_b(test_ctx, &p_samr2, b, &ndr_table_samr, + status = dcerpc_pipe_connect_b(tctx, &p_samr2, b, &ndr_table_samr, credentials, NULL); - if (!NT_STATUS_IS_OK(status)) { - printf("Failed to connect with schannel: %s\n", nt_errstr(status)); - goto failed; - } + torture_assert_ntstatus_ok(tctx, status, + "Failed to connect with schannel"); /* do a some SAMR operations. We have *not* done a new serverauthenticate */ - if (!test_samr_ops(p_samr2, test_ctx)) { - printf("Failed to process schannel secured SAMR ops (on fresh connection)\n"); - goto failed; - } + torture_assert (tctx, test_samr_ops(tctx, p_samr2), + "Failed to process schannel secured SAMR ops (on fresh connection)"); /* Swap the binding details from SAMR to NETLOGON */ - status = dcerpc_epm_map_binding(test_ctx, b, &ndr_table_netlogon, NULL); - if (!NT_STATUS_IS_OK(status)) { - goto failed; - } + status = dcerpc_epm_map_binding(tctx, b, &ndr_table_netlogon, NULL); + torture_assert_ntstatus_ok(tctx, status, "epm"); status = dcerpc_secondary_connection(p_samr2, &p_netlogon2, b); - if (!NT_STATUS_IS_OK(status)) { - goto failed; - } + torture_assert_ntstatus_ok(tctx, status, "seconday connection"); /* and now setup an SCHANNEL bind on netlogon */ status = dcerpc_bind_auth(p_netlogon2, &ndr_table_netlogon, @@ -396,22 +344,17 @@ static BOOL test_schannel(TALLOC_CTX *mem_ctx, dcerpc_auth_level(p_samr2->conn), NULL); - if (!NT_STATUS_IS_OK(status)) { - goto failed; - } + torture_assert_ntstatus_ok(tctx, status, "auth failed"); /* Try the schannel-only SamLogonEx operation */ - if (!test_netlogon_ex_ops(p_netlogon2, test_ctx, credentials, creds)) { - printf("Failed to process schannel secured NETLOGON EX ops (on fresh connection)\n"); - ret = False; - } + torture_assert(tctx, test_netlogon_ex_ops(p_netlogon2, tctx, credentials, creds), + "Failed to process schannel secured NETLOGON EX ops (on fresh connection)"); + /* And the more traditional style, proving that the * credentials chaining state is fully present */ - if (!test_netlogon_ops(p_netlogon2, test_ctx, credentials, creds)) { - printf("Failed to process schannel secured NETLOGON ops (on fresh connection)\n"); - ret = False; - } + torture_assert(tctx, test_netlogon_ops(p_netlogon2, tctx, credentials, creds), + "Failed to process schannel secured NETLOGON ops (on fresh connection)"); /* Drop the socket, we want to start from scratch (again) */ talloc_free(p_samr2); @@ -419,31 +362,22 @@ static BOOL test_schannel(TALLOC_CTX *mem_ctx, /* We don't want schannel for this test */ b->flags &= ~DCERPC_AUTH_OPTIONS; - status = dcerpc_pipe_connect_b(test_ctx, &p_netlogon3, b, &ndr_table_netlogon, + status = dcerpc_pipe_connect_b(tctx, &p_netlogon3, b, &ndr_table_netlogon, credentials, NULL); - if (!NT_STATUS_IS_OK(status)) { - printf("Failed to connect without schannel: %s\n", nt_errstr(status)); - goto failed; - } + torture_assert_ntstatus_ok(tctx, status, "Failed to connect without schannel"); - if (test_netlogon_ex_ops(p_netlogon3, test_ctx, credentials, creds)) { - printf("Processed NOT schannel secured NETLOGON EX ops without SCHANNEL (unsafe)\n"); - ret = False; - } + torture_assert(tctx, !test_netlogon_ex_ops(p_netlogon3, tctx, credentials, creds), + "Processed NOT schannel secured NETLOGON EX ops without SCHANNEL (unsafe)"); - if (!test_netlogon_ops(p_netlogon3, test_ctx, credentials, creds)) { - printf("Failed to processed NOT schannel secured NETLOGON ops without new ServerAuth\n"); - ret = False; - } + /* Required because the previous call will mark the current context as having failed */ + tctx->last_result = TORTURE_OK; + tctx->last_reason = NULL; - torture_leave_domain(join_ctx); - talloc_free(test_ctx); - return ret; + torture_assert(tctx, test_netlogon_ops(p_netlogon3, tctx, credentials, creds), + "Failed to processed NOT schannel secured NETLOGON ops without new ServerAuth"); -failed: torture_leave_domain(join_ctx); - talloc_free(test_ctx); - return False; + return true; } @@ -451,9 +385,8 @@ failed: /* a schannel test suite */ -BOOL torture_rpc_schannel(struct torture_context *torture) +bool torture_rpc_schannel(struct torture_context *torture) { - TALLOC_CTX *mem_ctx; BOOL ret = True; struct { uint16_t acct_flags; @@ -470,112 +403,77 @@ BOOL torture_rpc_schannel(struct torture_context *torture) }; int i; - mem_ctx = talloc_init("torture_rpc_schannel"); - for (i=0;i<ARRAY_SIZE(tests);i++) { - if (!test_schannel(mem_ctx, + if (!test_schannel(torture, tests[i].acct_flags, tests[i].dcerpc_flags, i)) { - printf("Failed with acct_flags=0x%x dcerpc_flags=0x%x \n", + torture_comment(torture, "Failed with acct_flags=0x%x dcerpc_flags=0x%x \n", tests[i].acct_flags, tests[i].dcerpc_flags); - ret = False; - break; + ret = false; } } - talloc_free(mem_ctx); - return ret; } /* test two schannel connections */ -BOOL torture_rpc_schannel2(struct torture_context *torture) +bool torture_rpc_schannel2(struct torture_context *torture) { - BOOL ret = True; - TALLOC_CTX *mem_ctx = talloc_new(torture); struct test_join *join_ctx; NTSTATUS status; const char *binding = torture_setting_string(torture, "binding", NULL); struct dcerpc_binding *b; struct dcerpc_pipe *p1 = NULL, *p2 = NULL; struct cli_credentials *credentials1, *credentials2; - uint16_t acct_flags = ACB_WSTRUST; uint32_t dcerpc_flags = DCERPC_SCHANNEL | DCERPC_SIGN; - TALLOC_CTX *test_ctx = talloc_named(mem_ctx, 0, "test_schannel2 context"); - join_ctx = torture_join_domain(talloc_asprintf(mem_ctx, "%s2", TEST_MACHINE_NAME), - acct_flags, &credentials1); - if (!join_ctx) { - printf("Failed to join domain with acct_flags=0x%x\n", acct_flags); - talloc_free(test_ctx); - return False; - } + join_ctx = torture_join_domain(talloc_asprintf(torture, "%s2", TEST_MACHINE_NAME), + ACB_WSTRUST, &credentials1); + torture_assert(torture, join_ctx != NULL, + "Failed to join domain with acct_flags=ACB_WSTRUST"); - credentials2 = talloc_memdup(mem_ctx, credentials1, sizeof(*credentials1)); + credentials2 = talloc_memdup(torture, credentials1, sizeof(*credentials1)); credentials1->netlogon_creds = NULL; credentials2->netlogon_creds = NULL; - status = dcerpc_parse_binding(test_ctx, binding, &b); - if (!NT_STATUS_IS_OK(status)) { - printf("Bad binding string %s\n", binding); - goto failed; - } + status = dcerpc_parse_binding(torture, binding, &b); + torture_assert_ntstatus_ok(torture, status, "Bad binding string"); b->flags &= ~DCERPC_AUTH_OPTIONS; b->flags |= dcerpc_flags; printf("Opening first connection\n"); - status = dcerpc_pipe_connect_b(test_ctx, &p1, b, &ndr_table_netlogon, + status = dcerpc_pipe_connect_b(torture, &p1, b, &ndr_table_netlogon, credentials1, NULL); - if (!NT_STATUS_IS_OK(status)) { - printf("Failed to connect with schannel: %s\n", nt_errstr(status)); - goto failed; - } + torture_assert_ntstatus_ok(torture, status, "Failed to connect with schannel"); - printf("Opening second connection\n"); - status = dcerpc_pipe_connect_b(test_ctx, &p2, b, &ndr_table_netlogon, + torture_comment(torture, "Opening second connection\n"); + status = dcerpc_pipe_connect_b(torture, &p2, b, &ndr_table_netlogon, credentials2, NULL); - if (!NT_STATUS_IS_OK(status)) { - printf("Failed to connect with schannel: %s\n", nt_errstr(status)); - goto failed; - } + torture_assert_ntstatus_ok(torture, status, "Failed to connect with schannel"); credentials1->netlogon_creds = NULL; credentials2->netlogon_creds = NULL; - printf("Testing logon on pipe1\n"); - if (!test_netlogon_ex_ops(p1, test_ctx, credentials1, NULL)) { - printf("Failed to process schannel secured NETLOGON ops\n"); - ret = False; - } + torture_comment(torture, "Testing logon on pipe1\n"); + if (!test_netlogon_ex_ops(p1, torture, credentials1, NULL)) + return false; - printf("Testing logon on pipe2\n"); - if (!test_netlogon_ex_ops(p2, test_ctx, credentials2, NULL)) { - printf("Failed to process schannel secured NETLOGON ops\n"); - ret = False; - } + torture_comment(torture, "Testing logon on pipe2\n"); + if (!test_netlogon_ex_ops(p2, torture, credentials2, NULL)) + return false; - printf("Again on pipe1\n"); - if (!test_netlogon_ex_ops(p1, test_ctx, credentials1, NULL)) { - printf("Failed to process schannel secured NETLOGON ops\n"); - ret = False; - } + torture_comment(torture, "Again on pipe1\n"); + if (!test_netlogon_ex_ops(p1, torture, credentials1, NULL)) + return false; - printf("Again on pipe2\n"); - if (!test_netlogon_ex_ops(p2, test_ctx, credentials2, NULL)) { - printf("Failed to process schannel secured NETLOGON ops\n"); - ret = False; - } - - torture_leave_domain(join_ctx); - talloc_free(test_ctx); - return ret; + torture_comment(torture, "Again on pipe2\n"); + if (!test_netlogon_ex_ops(p2, torture, credentials2, NULL)) + return false; -failed: torture_leave_domain(join_ctx); - talloc_free(test_ctx); - return False; + return true; } diff --git a/source4/torture/rpc/unixinfo.c b/source4/torture/rpc/unixinfo.c index 80d7d96a9e..2904e8b8df 100644 --- a/source4/torture/rpc/unixinfo.c +++ b/source4/torture/rpc/unixinfo.c @@ -125,12 +125,12 @@ static bool test_gidtosid(struct torture_context *tctx, struct dcerpc_pipe *p) return true; } -struct torture_suite *torture_rpc_unixinfo(void) +struct torture_suite *torture_rpc_unixinfo(TALLOC_CTX *mem_ctx) { struct torture_suite *suite; struct torture_rpc_tcase *tcase; - suite = torture_suite_create(talloc_autofree_context(), "UNIXINFO"); + suite = torture_suite_create(mem_ctx, "UNIXINFO"); tcase = torture_suite_add_rpc_iface_tcase(suite, "unixinfo", &ndr_table_unixinfo); |