summaryrefslogtreecommitdiff
path: root/source4/torture/rpc
diff options
context:
space:
mode:
Diffstat (limited to 'source4/torture/rpc')
-rw-r--r--source4/torture/rpc/drsuapi.c127
-rw-r--r--source4/torture/rpc/drsuapi.h21
-rw-r--r--source4/torture/rpc/dssync.c99
-rw-r--r--source4/torture/rpc/frsapi.c3
-rw-r--r--source4/torture/rpc/lsa_lookup.c4
-rw-r--r--source4/torture/rpc/netlogon.c118
-rw-r--r--source4/torture/rpc/samba3rpc.c12
-rw-r--r--source4/torture/rpc/samlogon.c2
-rw-r--r--source4/torture/rpc/samr.c89
-rw-r--r--source4/torture/rpc/samsync.c2
-rw-r--r--source4/torture/rpc/schannel.c2
-rw-r--r--source4/torture/rpc/wkssvc.c2
12 files changed, 393 insertions, 88 deletions
diff --git a/source4/torture/rpc/drsuapi.c b/source4/torture/rpc/drsuapi.c
index 174de5e981..8f6bbb163b 100644
--- a/source4/torture/rpc/drsuapi.c
+++ b/source4/torture/rpc/drsuapi.c
@@ -35,11 +35,46 @@ bool test_DsBind(struct dcerpc_pipe *p,
{
NTSTATUS status;
struct drsuapi_DsBind r;
+ struct drsuapi_DsBindInfo28 *bind_info28;
+ struct drsuapi_DsBindInfoCtr bind_info_ctr;
+
+ ZERO_STRUCT(bind_info_ctr);
+ bind_info_ctr.length = 28;
+
+ bind_info28 = &bind_info_ctr.info.info28;
+ bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_BASE;
+ bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION;
+ bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI;
+ bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2;
+ bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS;
+ bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1;
+ bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION;
+ bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE;
+ bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2;
+ bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION;
+ bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2;
+ bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD;
+ bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND;
+ bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO;
+ bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION;
+ bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01;
+ bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP;
+ bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY;
+ bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3;
+ bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2;
+ bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6;
+ bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS;
+ bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8;
+ bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5;
+ bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6;
+ bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3;
+ bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7;
+ bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT;
GUID_from_string(DRSUAPI_DS_BIND_GUID, &priv->bind_guid);
r.in.bind_guid = &priv->bind_guid;
- r.in.bind_info = NULL;
+ r.in.bind_info = &bind_info_ctr;
r.out.bind_handle = &priv->bind_handle;
torture_comment(tctx, "testing DsBind\n");
@@ -47,6 +82,9 @@ bool test_DsBind(struct dcerpc_pipe *p,
status = dcerpc_drsuapi_DsBind(p, tctx, &r);
torture_drsuapi_assert_call(tctx, p, status, &r, "dcerpc_drsuapi_DsBind");
+ /* cache server supported extensions, i.e. bind_info */
+ priv->srv_bind_info = r.out.bind_info->info.info28;
+
return true;
}
@@ -416,51 +454,64 @@ static bool test_DsReplicaUpdateRefs(struct torture_context *tctx,
{
NTSTATUS status;
struct dcerpc_pipe *p = priv->pipe;
- int i;
struct drsuapi_DsReplicaUpdateRefs r;
struct drsuapi_DsReplicaObjectIdentifier nc;
struct GUID null_guid;
+ struct GUID dest_dsa_guid;
+ const char *dest_dsa_guid_str;
struct dom_sid null_sid;
- struct {
- int32_t level;
- } array[] = {
- {
- 1
- }
- };
-
- if (torture_setting_bool(tctx, "samba4", false)) {
- torture_comment(tctx, "skipping DsReplicaUpdateRefs test against Samba4\n");
- return true;
- }
ZERO_STRUCT(null_guid);
ZERO_STRUCT(null_sid);
+ dest_dsa_guid = GUID_random();
+ dest_dsa_guid_str = GUID_string(tctx, &dest_dsa_guid);
- r.in.bind_handle = &priv->bind_handle;
-
- for (i=0; i < ARRAY_SIZE(array); i++) {
- torture_comment(tctx, "testing DsReplicaUpdateRefs level %d\n",
- array[i].level);
-
- r.in.level = array[i].level;
- switch(r.in.level) {
- case 1:
- nc.guid = null_guid;
- nc.sid = null_sid;
- nc.dn = priv->domain_obj_dn ? priv->domain_obj_dn : "";
-
- r.in.req.req1.naming_context = &nc;
- r.in.req.req1.dest_dsa_dns_name = talloc_asprintf(tctx, "__some_dest_dsa_guid_string._msdn.%s",
- priv->domain_dns_name);
- r.in.req.req1.dest_dsa_guid = null_guid;
- r.in.req.req1.options = 0;
- break;
- }
-
- status = dcerpc_drsuapi_DsReplicaUpdateRefs(p, tctx, &r);
- torture_drsuapi_assert_call(tctx, p, status, &r, "dcerpc_drsuapi_DsReplicaUpdateRefs");
- }
+ r.in.bind_handle = &priv->bind_handle;
+ r.in.level = 1; /* Only version 1 is defined presently */
+
+ /* setup NC */
+ nc.guid = priv->domain_obj_dn ? null_guid : priv->domain_guid;
+ nc.sid = null_sid;
+ nc.dn = priv->domain_obj_dn ? priv->domain_obj_dn : "";
+
+ /* default setup for request */
+ r.in.req.req1.naming_context = &nc;
+ r.in.req.req1.dest_dsa_dns_name = talloc_asprintf(tctx, "%s._msdn.%s",
+ dest_dsa_guid_str,
+ priv->domain_dns_name);
+ r.in.req.req1.dest_dsa_guid = dest_dsa_guid;
+
+ /* 1. deleting replica dest should fail */
+ torture_comment(tctx, "delete: %s\n", r.in.req.req1.dest_dsa_dns_name);
+ r.in.req.req1.options = DRSUAPI_DS_REPLICA_UPDATE_DELETE_REFERENCE;
+ status = dcerpc_drsuapi_DsReplicaUpdateRefs(p, tctx, &r);
+ torture_drsuapi_assert_call_werr(tctx, p,
+ status, WERR_DS_DRA_REF_NOT_FOUND, &r,
+ "dcerpc_drsuapi_DsReplicaUpdateRefs");
+
+ /* 2. hopefully adding random replica dest should succeed */
+ torture_comment(tctx, "add : %s\n", r.in.req.req1.dest_dsa_dns_name);
+ r.in.req.req1.options = DRSUAPI_DS_REPLICA_UPDATE_ADD_REFERENCE;
+ status = dcerpc_drsuapi_DsReplicaUpdateRefs(p, tctx, &r);
+ torture_drsuapi_assert_call_werr(tctx, p,
+ status, WERR_OK, &r,
+ "dcerpc_drsuapi_DsReplicaUpdateRefs");
+
+ /* 3. try adding same replica dest - should fail */
+ torture_comment(tctx, "add : %s\n", r.in.req.req1.dest_dsa_dns_name);
+ r.in.req.req1.options = DRSUAPI_DS_REPLICA_UPDATE_ADD_REFERENCE;
+ status = dcerpc_drsuapi_DsReplicaUpdateRefs(p, tctx, &r);
+ torture_drsuapi_assert_call_werr(tctx, p,
+ status, WERR_DS_DRA_REF_ALREADY_EXISTS, &r,
+ "dcerpc_drsuapi_DsReplicaUpdateRefs");
+
+ /* 4. delete random replicate added at step 2. */
+ torture_comment(tctx, "delete: %s\n", r.in.req.req1.dest_dsa_dns_name);
+ r.in.req.req1.options = DRSUAPI_DS_REPLICA_UPDATE_DELETE_REFERENCE;
+ status = dcerpc_drsuapi_DsReplicaUpdateRefs(p, tctx, &r);
+ torture_drsuapi_assert_call_werr(tctx, p,
+ status, WERR_OK, &r,
+ "dcerpc_drsuapi_DsReplicaUpdateRefs");
return true;
}
diff --git a/source4/torture/rpc/drsuapi.h b/source4/torture/rpc/drsuapi.h
index d32a35ee2c..a10ea5068e 100644
--- a/source4/torture/rpc/drsuapi.h
+++ b/source4/torture/rpc/drsuapi.h
@@ -30,6 +30,8 @@ struct DsPrivate {
struct dcerpc_pipe *pipe;
struct policy_handle bind_handle;
struct GUID bind_guid;
+ struct drsuapi_DsBindInfo28 srv_bind_info;
+
const char *domain_obj_dn;
const char *domain_guid_str;
const char *domain_dns_name;
@@ -45,10 +47,11 @@ struct DsPrivate {
* \param _tctx torture context
* \param _p DCERPC pipe handle
* \param _ntstatus NTSTATUS for dcerpc_drsuapi_ call
- * \param _pr in/out DCEPRC request structure
+ * \param _werr_expected Expected windows error to be returned
+ * \param _pr in/out DCEPRC request structure - pointer
* \param _msg error message prefix
*/
-#define torture_drsuapi_assert_call(_tctx, _p, _ntstat, _pr, _msg) \
+#define torture_drsuapi_assert_call_werr(_tctx, _p, _ntstat, _werr_expected, _pr, _msg) \
do { \
NTSTATUS __nt = _ntstat; \
if (!NT_STATUS_IS_OK(__nt)) { \
@@ -58,6 +61,18 @@ struct DsPrivate {
} \
torture_fail(tctx, talloc_asprintf(_tctx, "%s failed - %s", _msg, errstr)); \
} \
- torture_assert_werr_ok(_tctx, (_pr)->out.result, _msg); \
+ torture_assert_werr_equal(_tctx, (_pr)->out.result, _werr_expected, _msg); \
} while(0)
+/**
+ * Custom torture macro to check dcerpc_drsuapi_ call
+ * return values printing more friendly messages
+ * \param _tctx torture context
+ * \param _p DCERPC pipe handle
+ * \param _ntstatus NTSTATUS for dcerpc_drsuapi_ call
+ * \param _pr in/out DCEPRC request structure
+ * \param _msg error message prefix
+ */
+#define torture_drsuapi_assert_call(_tctx, _p, _ntstat, _pr, _msg) \
+ torture_drsuapi_assert_call_werr(_tctx, _p, _ntstat, WERR_OK, _pr, _msg)
+
diff --git a/source4/torture/rpc/dssync.c b/source4/torture/rpc/dssync.c
index b47564cc91..a9341d569b 100644
--- a/source4/torture/rpc/dssync.c
+++ b/source4/torture/rpc/dssync.c
@@ -36,6 +36,9 @@
#include "auth/gensec/gensec.h"
#include "param/param.h"
#include "dsdb/samdb/samdb.h"
+#include "torture/rpc/rpc.h"
+#include "torture/drs/proto.h"
+
struct DsSyncBindInfo {
struct dcerpc_pipe *pipe;
@@ -489,6 +492,98 @@ static void test_analyse_objects(struct torture_context *tctx,
}
}
+/**
+ * Fetch LDAP attribute name and DN by supplied OID
+ */
+static bool _drs_ldap_attr_by_oid(struct torture_context *tctx,
+ struct DsSyncTest *ctx,
+ const char *oid,
+ const char **attr_dn,
+ const char **attr_name)
+{
+ NTSTATUS status;
+ const char *config_dn;
+ const char *expression;
+ struct ldap_message **res_msg;
+ struct ldap_SearchResEntry *search_res;
+ TALLOC_CTX *tmp_ctx = NULL;
+ const char *search_attrs[] = {"lDAPDisplayName", NULL};
+
+ tmp_ctx = talloc_new(ctx);
+
+ config_dn = talloc_asprintf(tmp_ctx, "CN=Schema,CN=Configuration,%s", ctx->domain_dn);
+ expression = talloc_asprintf(tmp_ctx, "(attributeID=%s)", oid);
+
+ status = ildap_search(ctx->admin.ldap.conn,
+ config_dn, LDAP_SEARCH_SCOPE_SUB,
+ expression, search_attrs, false,
+ NULL, NULL, &res_msg);
+ torture_assert_ntstatus_ok(tctx, status, "LDAP search request failed");
+ torture_assert(tctx,
+ ildap_count_entries(ctx->admin.ldap.conn, res_msg) == 1,
+ talloc_asprintf(tmp_ctx, "Failed to find attribute with OID=%s", oid));
+
+ search_res = &res_msg[0]->r.SearchResultEntry;
+ torture_assert(tctx, search_res->num_attributes > 0, "No attributes returned!")
+ torture_assert(tctx, strequal(search_attrs[0], search_res->attributes[0].name),
+ "Requested attributes for attribute class not returned");
+
+ if (attr_dn) {
+ *attr_dn = search_res->dn;
+ }
+
+ if (attr_name) {
+ *attr_name = (const char *)search_res->attributes[0].values[0].data;
+ }
+
+ talloc_free(tmp_ctx);
+
+ return true;
+}
+
+/**
+ * Make Attribute OID and verify such Attribute exists in schema
+ */
+static bool _drs_util_verify_attids(struct torture_context *tctx,
+ struct DsSyncTest *ctx,
+ struct drsuapi_DsReplicaOIDMapping_Ctr *prefix_map,
+ struct drsuapi_DsReplicaObjectListItemEx *cur)
+{
+ uint32_t i;
+
+ DEBUG(1,("drs_test_verify_attids:\n"));
+
+ for (; cur; cur = cur->next_object) {
+ const char *attr_dn = NULL;
+ const char *attr_name = NULL;
+ struct drsuapi_DsReplicaObject *obj = &cur->object;
+
+ DEBUG(1,("%3s %-10s: %s\n", "", "object_dn", obj->identifier->dn));
+
+ for (i = 0; i < obj->attribute_ctr.num_attributes; i++) {
+ int map_idx;
+ const char *oid = NULL;
+ struct drsuapi_DsReplicaAttribute *attr;
+
+ attr = &obj->attribute_ctr.attributes[i];
+ if (!drs_util_oid_from_attid(tctx, prefix_map, attr->attid, &oid, &map_idx)) {
+ return false;
+ }
+
+ if (!_drs_ldap_attr_by_oid(tctx, ctx, oid, &attr_dn, &attr_name)) {
+ return false;
+ }
+
+ DEBUG(1,("%7s attr[%2d]: %-22s {map_idx=%2d; attid=0x%06x; ldap_name=%-26s; idl_name=%s}\n", "",
+ i, oid, map_idx, attr->attid, attr_name,
+ drs_util_DsAttributeId_to_string(attr->attid)));
+ }
+ }
+
+ return true;
+}
+
+
static bool test_FetchData(struct torture_context *tctx, struct DsSyncTest *ctx)
{
NTSTATUS status;
@@ -670,6 +765,8 @@ static bool test_FetchData(struct torture_context *tctx, struct DsSyncTest *ctx)
(long long)ctr1->new_highwatermark.tmp_highest_usn,
(long long)ctr1->new_highwatermark.highest_usn));
+ _drs_util_verify_attids(tctx, ctx, &ctr1->mapping_ctr, ctr1->first_object);
+
test_analyse_objects(tctx, ctx, &gensec_skey, ctr1->first_object);
if (ctr1->more_data) {
@@ -700,6 +797,8 @@ static bool test_FetchData(struct torture_context *tctx, struct DsSyncTest *ctx)
(long long)ctr6->new_highwatermark.tmp_highest_usn,
(long long)ctr6->new_highwatermark.highest_usn));
+ _drs_util_verify_attids(tctx, ctx, &ctr6->mapping_ctr, ctr6->first_object);
+
test_analyse_objects(tctx, ctx, &gensec_skey, ctr6->first_object);
if (ctr6->more_data) {
diff --git a/source4/torture/rpc/frsapi.c b/source4/torture/rpc/frsapi.c
index e9a19bcf96..24d769a310 100644
--- a/source4/torture/rpc/frsapi.c
+++ b/source4/torture/rpc/frsapi.c
@@ -193,8 +193,7 @@ static bool test_ForceReplication(struct torture_context *tctx,
r.in.replica_set_guid = NULL;
r.in.connection_guid = NULL;
- r.in.replica_set_name = talloc_asprintf(tctx, "%s",
- lp_realm(tctx->lp_ctx));
+ r.in.replica_set_name = lp_dnsdomain(tctx->lp_ctx);
r.in.partner_dns_name = dcerpc_server_name(p);
torture_assert_ntstatus_ok(tctx,
diff --git a/source4/torture/rpc/lsa_lookup.c b/source4/torture/rpc/lsa_lookup.c
index 0a4c9904d7..b1a348ce8a 100644
--- a/source4/torture/rpc/lsa_lookup.c
+++ b/source4/torture/rpc/lsa_lookup.c
@@ -227,8 +227,8 @@ bool torture_rpc_lsa_lookup(struct torture_context *torture)
struct dcerpc_pipe *p;
bool ret = true;
struct policy_handle *handle;
- struct dom_sid *dom_sid;
- struct dom_sid *trusted_sid;
+ struct dom_sid *dom_sid = NULL;
+ struct dom_sid *trusted_sid = NULL;
struct dom_sid *sids[NUM_SIDS];
status = torture_rpc_connection(torture, &p, &ndr_table_lsarpc);
diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c
index 35f1a5942f..f57c47b115 100644
--- a/source4/torture/rpc/netlogon.c
+++ b/source4/torture/rpc/netlogon.c
@@ -1567,6 +1567,49 @@ static bool test_GetDcName(struct torture_context *tctx,
return true;
}
+static const char *function_code_str(TALLOC_CTX *mem_ctx,
+ enum netr_LogonControlCode function_code)
+{
+ switch (function_code) {
+ case NETLOGON_CONTROL_QUERY:
+ return "NETLOGON_CONTROL_QUERY";
+ case NETLOGON_CONTROL_REPLICATE:
+ return "NETLOGON_CONTROL_REPLICATE";
+ case NETLOGON_CONTROL_SYNCHRONIZE:
+ return "NETLOGON_CONTROL_SYNCHRONIZE";
+ case NETLOGON_CONTROL_PDC_REPLICATE:
+ return "NETLOGON_CONTROL_PDC_REPLICATE";
+ case NETLOGON_CONTROL_REDISCOVER:
+ return "NETLOGON_CONTROL_REDISCOVER";
+ case NETLOGON_CONTROL_TC_QUERY:
+ return "NETLOGON_CONTROL_TC_QUERY";
+ case NETLOGON_CONTROL_TRANSPORT_NOTIFY:
+ return "NETLOGON_CONTROL_TRANSPORT_NOTIFY";
+ case NETLOGON_CONTROL_FIND_USER:
+ return "NETLOGON_CONTROL_FIND_USER";
+ case NETLOGON_CONTROL_CHANGE_PASSWORD:
+ return "NETLOGON_CONTROL_CHANGE_PASSWORD";
+ case NETLOGON_CONTROL_TC_VERIFY:
+ return "NETLOGON_CONTROL_TC_VERIFY";
+ case NETLOGON_CONTROL_FORCE_DNS_REG:
+ return "NETLOGON_CONTROL_FORCE_DNS_REG";
+ case NETLOGON_CONTROL_QUERY_DNS_REG:
+ return "NETLOGON_CONTROL_QUERY_DNS_REG";
+ case NETLOGON_CONTROL_BACKUP_CHANGE_LOG:
+ return "NETLOGON_CONTROL_BACKUP_CHANGE_LOG";
+ case NETLOGON_CONTROL_TRUNCATE_LOG:
+ return "NETLOGON_CONTROL_TRUNCATE_LOG";
+ case NETLOGON_CONTROL_SET_DBFLAG:
+ return "NETLOGON_CONTROL_SET_DBFLAG";
+ case NETLOGON_CONTROL_BREAKPOINT:
+ return "NETLOGON_CONTROL_BREAKPOINT";
+ default:
+ return talloc_asprintf(mem_ctx, "unknown function code: %d",
+ function_code);
+ }
+}
+
+
/*
try a netlogon LogonControl
*/
@@ -1576,19 +1619,82 @@ static bool test_LogonControl(struct torture_context *tctx,
NTSTATUS status;
struct netr_LogonControl r;
union netr_CONTROL_QUERY_INFORMATION query;
- int i;
+ int i,f;
+ uint32_t function_codes[] = {
+ NETLOGON_CONTROL_QUERY,
+ NETLOGON_CONTROL_REPLICATE,
+ NETLOGON_CONTROL_SYNCHRONIZE,
+ NETLOGON_CONTROL_PDC_REPLICATE,
+ NETLOGON_CONTROL_REDISCOVER,
+ NETLOGON_CONTROL_TC_QUERY,
+ NETLOGON_CONTROL_TRANSPORT_NOTIFY,
+ NETLOGON_CONTROL_FIND_USER,
+ NETLOGON_CONTROL_CHANGE_PASSWORD,
+ NETLOGON_CONTROL_TC_VERIFY,
+ NETLOGON_CONTROL_FORCE_DNS_REG,
+ NETLOGON_CONTROL_QUERY_DNS_REG,
+ NETLOGON_CONTROL_BACKUP_CHANGE_LOG,
+ NETLOGON_CONTROL_TRUNCATE_LOG,
+ NETLOGON_CONTROL_SET_DBFLAG,
+ NETLOGON_CONTROL_BREAKPOINT
+ };
r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
r.in.function_code = 1;
r.out.query = &query;
- for (i=1;i<4;i++) {
+ for (f=0;f<ARRAY_SIZE(function_codes); f++) {
+ for (i=1;i<5;i++) {
+
+ r.in.function_code = function_codes[f];
r.in.level = i;
- torture_comment(tctx, "Testing LogonControl level %d\n", i);
+ torture_comment(tctx, "Testing LogonControl function code %s (%d) level %d\n",
+ function_code_str(tctx, r.in.function_code), r.in.function_code, r.in.level);
status = dcerpc_netr_LogonControl(p, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "LogonControl");
+
+ switch (r.in.level) {
+ case 1:
+ switch (r.in.function_code) {
+ case NETLOGON_CONTROL_REPLICATE:
+ case NETLOGON_CONTROL_SYNCHRONIZE:
+ case NETLOGON_CONTROL_PDC_REPLICATE:
+ case NETLOGON_CONTROL_BACKUP_CHANGE_LOG:
+ case NETLOGON_CONTROL_TRUNCATE_LOG:
+ case NETLOGON_CONTROL_BREAKPOINT:
+ torture_assert_werr_equal(tctx, r.out.result, WERR_ACCESS_DENIED,
+ "LogonControl returned unexpected error code");
+ break;
+ case NETLOGON_CONTROL_REDISCOVER:
+ case NETLOGON_CONTROL_TC_QUERY:
+ case NETLOGON_CONTROL_TRANSPORT_NOTIFY:
+ case NETLOGON_CONTROL_FIND_USER:
+ case NETLOGON_CONTROL_CHANGE_PASSWORD:
+ case NETLOGON_CONTROL_TC_VERIFY:
+ case NETLOGON_CONTROL_FORCE_DNS_REG:
+ case NETLOGON_CONTROL_QUERY_DNS_REG:
+ case NETLOGON_CONTROL_SET_DBFLAG:
+ torture_assert_werr_equal(tctx, r.out.result, WERR_NOT_SUPPORTED,
+ "LogonControl returned unexpected error code");
+ break;
+ default:
+ torture_assert_werr_ok(tctx, r.out.result,
+ "LogonControl returned unexpected result");
+ break;
+ }
+ break;
+ case 2:
+ torture_assert_werr_equal(tctx, r.out.result, WERR_NOT_SUPPORTED,
+ "LogonControl returned unexpected error code");
+ break;
+ default:
+ torture_assert_werr_equal(tctx, r.out.result, WERR_UNKNOWN_LEVEL,
+ "LogonControl returned unexpected error code");
+ break;
+ }
+ }
}
return true;
@@ -1991,7 +2097,7 @@ static bool test_netr_DsRGetDCName(struct torture_context *tctx,
struct netr_DsRGetDCNameInfo *info = NULL;
r.in.server_unc = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
- r.in.domain_name = talloc_asprintf(tctx, "%s", lp_realm(tctx->lp_ctx));
+ r.in.domain_name = lp_dnsdomain(tctx->lp_ctx);
r.in.domain_guid = NULL;
r.in.site_guid = NULL;
r.in.flags = DS_RETURN_DNS_NAME;
@@ -2016,7 +2122,7 @@ static bool test_netr_DsRGetDCNameEx(struct torture_context *tctx,
struct netr_DsRGetDCNameInfo *info = NULL;
r.in.server_unc = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
- r.in.domain_name = talloc_asprintf(tctx, "%s", lp_realm(tctx->lp_ctx));
+ r.in.domain_name = lp_dnsdomain(tctx->lp_ctx);
r.in.domain_guid = NULL;
r.in.site_name = NULL;
r.in.flags = DS_RETURN_DNS_NAME;
@@ -2043,7 +2149,7 @@ static bool test_netr_DsRGetDCNameEx2(struct torture_context *tctx,
r.in.server_unc = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
r.in.client_account = NULL;
r.in.mask = 0x00000000;
- r.in.domain_name = talloc_asprintf(tctx, "%s", lp_realm(tctx->lp_ctx));
+ r.in.domain_name = lp_dnsdomain(tctx->lp_ctx);
r.in.domain_guid = NULL;
r.in.site_name = NULL;
r.in.flags = DS_RETURN_DNS_NAME;
diff --git a/source4/torture/rpc/samba3rpc.c b/source4/torture/rpc/samba3rpc.c
index 65d251013b..4a529d38f6 100644
--- a/source4/torture/rpc/samba3rpc.c
+++ b/source4/torture/rpc/samba3rpc.c
@@ -2616,7 +2616,7 @@ static NTSTATUS find_printers(TALLOC_CTX *ctx, struct loadparm_context *lp_ctx,
return NT_STATUS_OK;
}
-static bool enumprinters(TALLOC_CTX *mem_ctx, struct dcerpc_pipe *pipe,
+static bool enumprinters(TALLOC_CTX *mem_ctx, struct dcerpc_pipe *p,
const char *servername, int level, int *num_printers)
{
struct spoolss_EnumPrinters r;
@@ -2635,7 +2635,7 @@ static bool enumprinters(TALLOC_CTX *mem_ctx, struct dcerpc_pipe *pipe,
r.out.count = &count;
r.out.info = &info;
- status = dcerpc_spoolss_EnumPrinters(pipe, mem_ctx, &r);
+ status = dcerpc_spoolss_EnumPrinters(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
d_printf("(%s) dcerpc_spoolss_EnumPrinters failed: %s\n",
__location__, nt_errstr(status));
@@ -2658,7 +2658,7 @@ static bool enumprinters(TALLOC_CTX *mem_ctx, struct dcerpc_pipe *pipe,
r.in.buffer = &blob;
r.in.offered = needed;
- status = dcerpc_spoolss_EnumPrinters(pipe, mem_ctx, &r);
+ status = dcerpc_spoolss_EnumPrinters(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(r.out.result)) {
d_printf("(%s) dcerpc_spoolss_EnumPrinters failed: %s, "
"%s\n", __location__, nt_errstr(status),
@@ -2671,7 +2671,7 @@ static bool enumprinters(TALLOC_CTX *mem_ctx, struct dcerpc_pipe *pipe,
return true;
}
-static NTSTATUS getprinterinfo(TALLOC_CTX *ctx, struct dcerpc_pipe *pipe,
+static NTSTATUS getprinterinfo(TALLOC_CTX *ctx, struct dcerpc_pipe *p,
struct policy_handle *handle, int level,
union spoolss_PrinterInfo **res)
{
@@ -2692,7 +2692,7 @@ static NTSTATUS getprinterinfo(TALLOC_CTX *ctx, struct dcerpc_pipe *pipe,
r.in.offered = 0;
r.out.needed = &needed;
- status = dcerpc_spoolss_GetPrinter(pipe, mem_ctx, &r);
+ status = dcerpc_spoolss_GetPrinter(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
d_printf("(%s) dcerpc_spoolss_GetPrinter failed: %s\n",
__location__, nt_errstr(status));
@@ -2719,7 +2719,7 @@ static NTSTATUS getprinterinfo(TALLOC_CTX *ctx, struct dcerpc_pipe *pipe,
r.in.buffer = &blob;
r.in.offered = needed;
- status = dcerpc_spoolss_GetPrinter(pipe, mem_ctx, &r);
+ status = dcerpc_spoolss_GetPrinter(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(r.out.result)) {
d_printf("(%s) dcerpc_spoolss_GetPrinter failed: %s, "
"%s\n", __location__, nt_errstr(status),
diff --git a/source4/torture/rpc/samlogon.c b/source4/torture/rpc/samlogon.c
index 8318930989..8e6c88425c 100644
--- a/source4/torture/rpc/samlogon.c
+++ b/source4/torture/rpc/samlogon.c
@@ -29,7 +29,7 @@
#include "../lib/crypto/crypto.h"
#include "lib/cmdline/popt_common.h"
#include "torture/rpc/rpc.h"
-#include "auth/gensec/schannel_proto.h"
+#include "../libcli/auth/schannel.h"
#include "auth/gensec/gensec.h"
#include "libcli/auth/libcli_auth.h"
#include "param/param.h"
diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
index f8853c1093..c448b3bb83 100644
--- a/source4/torture/rpc/samr.c
+++ b/source4/torture/rpc/samr.c
@@ -2132,7 +2132,7 @@ bool test_ChangePasswordUser3(struct dcerpc_pipe *p, struct torture_context *tct
uint8_t old_lm_hash[16], new_lm_hash[16];
NTTIME t;
struct samr_DomInfo1 *dominfo = NULL;
- struct samr_ChangeReject *reject = NULL;
+ struct userPwdChangeFailureInformation *reject = NULL;
torture_comment(tctx, "Testing ChangePasswordUser3\n");
@@ -2269,9 +2269,9 @@ bool test_ChangePasswordUser3(struct dcerpc_pipe *p, struct torture_context *tct
&& (!null_nttime(last_password_change) || !dominfo->min_password_age)) {
if (dominfo->password_properties & DOMAIN_REFUSE_PASSWORD_CHANGE ) {
- if (reject && (reject->reason != SAMR_REJECT_OTHER)) {
- torture_warning(tctx, "expected SAMR_REJECT_OTHER (%d), got %d\n",
- SAMR_REJECT_OTHER, reject->reason);
+ if (reject && (reject->extendedFailureReason != SAM_PWD_CHANGE_NO_ERROR)) {
+ torture_warning(tctx, "expected SAM_PWD_CHANGE_NO_ERROR (%d), got %d\n",
+ SAM_PWD_CHANGE_NO_ERROR, reject->extendedFailureReason);
return false;
}
}
@@ -2288,40 +2288,40 @@ bool test_ChangePasswordUser3(struct dcerpc_pipe *p, struct torture_context *tct
if ((dominfo->min_password_age > 0) && !null_nttime(last_password_change) &&
(last_password_change + dominfo->min_password_age > t)) {
- if (reject->reason != SAMR_REJECT_OTHER) {
- torture_warning(tctx, "expected SAMR_REJECT_OTHER (%d), got %d\n",
- SAMR_REJECT_OTHER, reject->reason);
+ if (reject->extendedFailureReason != SAM_PWD_CHANGE_NO_ERROR) {
+ torture_warning(tctx, "expected SAM_PWD_CHANGE_NO_ERROR (%d), got %d\n",
+ SAM_PWD_CHANGE_NO_ERROR, reject->extendedFailureReason);
return false;
}
} else if ((dominfo->min_password_length > 0) &&
(strlen(newpass) < dominfo->min_password_length)) {
- if (reject->reason != SAMR_REJECT_TOO_SHORT) {
- torture_warning(tctx, "expected SAMR_REJECT_TOO_SHORT (%d), got %d\n",
- SAMR_REJECT_TOO_SHORT, reject->reason);
+ if (reject->extendedFailureReason != SAM_PWD_CHANGE_PASSWORD_TOO_SHORT) {
+ torture_warning(tctx, "expected SAM_PWD_CHANGE_PASSWORD_TOO_SHORT (%d), got %d\n",
+ SAM_PWD_CHANGE_PASSWORD_TOO_SHORT, reject->extendedFailureReason);
return false;
}
} else if ((dominfo->password_history_length > 0) &&
strequal(oldpass, newpass)) {
- if (reject->reason != SAMR_REJECT_IN_HISTORY) {
- torture_warning(tctx, "expected SAMR_REJECT_IN_HISTORY (%d), got %d\n",
- SAMR_REJECT_IN_HISTORY, reject->reason);
+ if (reject->extendedFailureReason != SAM_PWD_CHANGE_PWD_IN_HISTORY) {
+ torture_warning(tctx, "expected SAM_PWD_CHANGE_PWD_IN_HISTORY (%d), got %d\n",
+ SAM_PWD_CHANGE_PWD_IN_HISTORY, reject->extendedFailureReason);
return false;
}
} else if (dominfo->password_properties & DOMAIN_PASSWORD_COMPLEX) {
- if (reject->reason != SAMR_REJECT_COMPLEXITY) {
- torture_warning(tctx, "expected SAMR_REJECT_COMPLEXITY (%d), got %d\n",
- SAMR_REJECT_COMPLEXITY, reject->reason);
+ if (reject->extendedFailureReason != SAM_PWD_CHANGE_NOT_COMPLEX) {
+ torture_warning(tctx, "expected SAM_PWD_CHANGE_NOT_COMPLEX (%d), got %d\n",
+ SAM_PWD_CHANGE_NOT_COMPLEX, reject->extendedFailureReason);
return false;
}
}
- if (reject->reason == SAMR_REJECT_TOO_SHORT) {
+ if (reject->extendedFailureReason == SAM_PWD_CHANGE_PASSWORD_TOO_SHORT) {
/* retry with adjusted size */
return test_ChangePasswordUser3(p, tctx, account_string,
dominfo->min_password_length,
@@ -2330,9 +2330,9 @@ bool test_ChangePasswordUser3(struct dcerpc_pipe *p, struct torture_context *tct
}
} else if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) {
- if (reject && reject->reason != SAMR_REJECT_OTHER) {
- torture_warning(tctx, "expected SAMR_REJECT_OTHER (%d), got %d\n",
- SAMR_REJECT_OTHER, reject->reason);
+ if (reject && reject->extendedFailureReason != SAM_PWD_CHANGE_NO_ERROR) {
+ torture_warning(tctx, "expected SAM_PWD_CHANGE_NO_ERROR (%d), got %d\n",
+ SAM_PWD_CHANGE_NO_ERROR, reject->extendedFailureReason);
return false;
}
/* Perhaps the server has a 'min password age' set? */
@@ -2369,7 +2369,7 @@ bool test_ChangePasswordRandomBytes(struct dcerpc_pipe *p, struct torture_contex
uint8_t old_nt_hash[16], new_nt_hash[16];
NTTIME t;
struct samr_DomInfo1 *dominfo = NULL;
- struct samr_ChangeReject *reject = NULL;
+ struct userPwdChangeFailureInformation *reject = NULL;
new_random_pass = samr_very_rand_pass(tctx, 128);
@@ -2444,9 +2444,9 @@ bool test_ChangePasswordRandomBytes(struct dcerpc_pipe *p, struct torture_contex
status = dcerpc_samr_ChangePasswordUser3(p, tctx, &r);
if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) {
- if (reject && reject->reason != SAMR_REJECT_OTHER) {
- torture_warning(tctx, "expected SAMR_REJECT_OTHER (%d), got %d\n",
- SAMR_REJECT_OTHER, reject->reason);
+ if (reject && reject->extendedFailureReason != SAM_PWD_CHANGE_NO_ERROR) {
+ torture_warning(tctx, "expected SAM_PWD_CHANGE_NO_ERROR (%d), got %d\n",
+ SAM_PWD_CHANGE_NO_ERROR, reject->extendedFailureReason);
return false;
}
/* Perhaps the server has a 'min password age' set? */
@@ -2482,9 +2482,9 @@ bool test_ChangePasswordRandomBytes(struct dcerpc_pipe *p, struct torture_contex
status = dcerpc_samr_ChangePasswordUser3(p, tctx, &r);
if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) {
- if (reject && reject->reason != SAMR_REJECT_OTHER) {
- torture_warning(tctx, "expected SAMR_REJECT_OTHER (%d), got %d\n",
- SAMR_REJECT_OTHER, reject->reason);
+ if (reject && reject->extendedFailureReason != SAM_PWD_CHANGE_NO_ERROR) {
+ torture_warning(tctx, "expected SAM_PWD_CHANGE_NO_ERROR (%d), got %d\n",
+ SAM_PWD_CHANGE_NO_ERROR, reject->extendedFailureReason);
return false;
}
/* Perhaps the server has a 'min password age' set? */
@@ -6754,6 +6754,35 @@ static bool test_Connect(struct dcerpc_pipe *p, struct torture_context *tctx,
}
+static bool test_samr_ValidatePassword(struct dcerpc_pipe *p, struct torture_context *tctx)
+{
+ struct samr_ValidatePassword r;
+ union samr_ValidatePasswordReq req;
+ union samr_ValidatePasswordRep *repp = NULL;
+ NTSTATUS status;
+ const char *passwords[] = { "penguin", "p@ssw0rd", "p@ssw0rd123$", NULL };
+ int i;
+
+ ZERO_STRUCT(r);
+ r.in.level = NetValidatePasswordReset;
+ r.in.req = &req;
+ r.out.rep = &repp;
+
+ ZERO_STRUCT(req);
+ req.req3.account.string = "non-existant-account-aklsdji";
+
+ for (i=0; passwords[i]; i++) {
+ req.req3.password.string = passwords[i];
+ status = dcerpc_samr_ValidatePassword(p, tctx, &r);
+ torture_assert_ntstatus_ok(tctx, status, "samr_ValidatePassword");
+ torture_comment(tctx, "Server %s password '%s'\n",
+ repp->ctr3.status==SAMR_VALIDATION_STATUS_SUCCESS?"allowed":"refused",
+ req.req3.password.string);
+ }
+
+ return true;
+}
+
bool torture_rpc_samr(struct torture_context *torture)
{
NTSTATUS status;
@@ -6766,6 +6795,11 @@ bool torture_rpc_samr(struct torture_context *torture)
return false;
}
+
+ if (torture_setting_bool(torture, "dangerous", false)) {
+ ret &= test_samr_ValidatePassword(p, torture);
+ }
+
ret &= test_Connect(p, torture, &handle);
if (!torture_setting_bool(torture, "samba3", false)) {
@@ -7008,3 +7042,4 @@ struct torture_suite *torture_rpc_samr_large_dc(TALLOC_CTX *mem_ctx)
return suite;
}
+
diff --git a/source4/torture/rpc/samsync.c b/source4/torture/rpc/samsync.c
index 4cecab4017..2ee8e59e5a 100644
--- a/source4/torture/rpc/samsync.c
+++ b/source4/torture/rpc/samsync.c
@@ -28,7 +28,7 @@
#include "../lib/crypto/crypto.h"
#include "system/time.h"
#include "torture/rpc/rpc.h"
-#include "auth/gensec/schannel_proto.h"
+#include "../libcli/auth/schannel.h"
#include "auth/gensec/gensec.h"
#include "libcli/auth/libcli_auth.h"
#include "libcli/samsync/samsync.h"
diff --git a/source4/torture/rpc/schannel.c b/source4/torture/rpc/schannel.c
index 6c539b6117..0ada20d888 100644
--- a/source4/torture/rpc/schannel.c
+++ b/source4/torture/rpc/schannel.c
@@ -26,7 +26,7 @@
#include "auth/credentials/credentials.h"
#include "torture/rpc/rpc.h"
#include "lib/cmdline/popt_common.h"
-#include "auth/gensec/schannel_proto.h"
+#include "../libcli/auth/schannel.h"
#include "libcli/auth/libcli_auth.h"
#include "libcli/security/security.h"
#include "system/filesys.h"
diff --git a/source4/torture/rpc/wkssvc.c b/source4/torture/rpc/wkssvc.c
index 06b1d05ee4..d5ef0a4fda 100644
--- a/source4/torture/rpc/wkssvc.c
+++ b/source4/torture/rpc/wkssvc.c
@@ -1132,7 +1132,7 @@ static bool test_NetrJoinDomain(struct torture_context *tctx,
user);
r.in.server_name = dcerpc_server_name(p);
- r.in.domain_name = lp_realm(tctx->lp_ctx);
+ r.in.domain_name = lp_dnsdomain(tctx->lp_ctx);
r.in.account_ou = NULL;
r.in.Account = admin_account;
r.in.password = NULL;