diff options
Diffstat (limited to 'source4/torture')
-rw-r--r-- | source4/torture/ldap/cldap.c | 67 | ||||
-rw-r--r-- | source4/torture/nbt/dgram.c | 68 | ||||
-rw-r--r-- | source4/torture/rpc/dssync.c | 7 |
3 files changed, 60 insertions, 82 deletions
diff --git a/source4/torture/ldap/cldap.c b/source4/torture/ldap/cldap.c index ca4d9b7705..bb77acd2d0 100644 --- a/source4/torture/ldap/cldap.c +++ b/source4/torture/ldap/cldap.c @@ -41,7 +41,7 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) struct cldap_socket *cldap; NTSTATUS status; struct cldap_netlogon search, empty_search; - union nbt_cldap_netlogon n1; + struct netlogon_samlogon_response n1; struct GUID guid; int i; @@ -51,7 +51,8 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) search.in.dest_address = dest; search.in.dest_port = lp_cldap_port(tctx->lp_ctx); search.in.acct_control = -1; - search.in.version = 6; + search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX; + search.in.map_response = true; empty_search = search; @@ -63,7 +64,7 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) n1 = search.out.netlogon; search.in.user = "Administrator"; - search.in.realm = n1.logon5.dns_domain; + search.in.realm = n1.nt5_ex.dns_domain; search.in.host = "__cldap_torture__"; printf("Scanning for netlogon levels\n"); @@ -91,8 +92,8 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) search.in.user = NULL; status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_STRING(search.out.netlogon.logon5.user_name, ""); - CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC2); + CHECK_STRING(search.out.netlogon.nt5_ex.user_name, ""); + CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); printf("Trying with User=Administrator\n"); @@ -100,8 +101,8 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_STRING(search.out.netlogon.logon5.user_name, search.in.user); - CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC_USER); + CHECK_STRING(search.out.netlogon.nt5_ex.user_name, search.in.user); + CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX); search.in.version = 6; status = cldap_netlogon(cldap, tctx, &search); @@ -112,8 +113,8 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) search.in.user = NULL; status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_STRING(search.out.netlogon.logon5.user_name, ""); - CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC2); + CHECK_STRING(search.out.netlogon.nt5_ex.user_name, ""); + CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); printf("Trying with User=Administrator\n"); @@ -121,16 +122,16 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_STRING(search.out.netlogon.logon5.user_name, search.in.user); - CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC_USER); + CHECK_STRING(search.out.netlogon.nt5_ex.user_name, search.in.user); + CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX); printf("Trying with a GUID\n"); search.in.realm = NULL; - search.in.domain_guid = GUID_string(tctx, &n1.logon5.domain_uuid); + search.in.domain_guid = GUID_string(tctx, &n1.nt5_ex.domain_uuid); status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC_USER); - CHECK_STRING(GUID_string(tctx, &search.out.netlogon.logon5.domain_uuid), search.in.domain_guid); + CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX); + CHECK_STRING(GUID_string(tctx, &search.out.netlogon.nt5_ex.domain_uuid), search.in.domain_guid); printf("Trying with a incorrect GUID\n"); guid = GUID_random(); @@ -141,15 +142,15 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) printf("Trying with a AAC\n"); search.in.acct_control = 0x180; - search.in.realm = n1.logon5.dns_domain; + search.in.realm = n1.nt5_ex.dns_domain; status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC2); - CHECK_STRING(search.out.netlogon.logon5.user_name, ""); + CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); + CHECK_STRING(search.out.netlogon.nt5_ex.user_name, ""); printf("Trying with a bad AAC\n"); search.in.acct_control = 0xFF00FF00; - search.in.realm = n1.logon5.dns_domain; + search.in.realm = n1.nt5_ex.dns_domain; status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); @@ -158,15 +159,15 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) search.in.user = "Administrator"; status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_STRING(search.out.netlogon.logon5.dns_domain, n1.logon5.dns_domain); - CHECK_STRING(search.out.netlogon.logon5.user_name, search.in.user); + CHECK_STRING(search.out.netlogon.nt5_ex.dns_domain, n1.nt5_ex.dns_domain); + CHECK_STRING(search.out.netlogon.nt5_ex.user_name, search.in.user); printf("Trying with just a bad username\n"); search.in.user = "___no_such_user___"; status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_STRING(search.out.netlogon.logon5.user_name, search.in.user); - CHECK_STRING(search.out.netlogon.logon5.dns_domain, n1.logon5.dns_domain); + CHECK_STRING(search.out.netlogon.nt5_ex.user_name, search.in.user); + CHECK_STRING(search.out.netlogon.nt5_ex.dns_domain, n1.nt5_ex.dns_domain); printf("Trying with just a bad domain\n"); search = empty_search; @@ -175,29 +176,29 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) CHECK_STATUS(status, NT_STATUS_NOT_FOUND); printf("Trying with a incorrect domain and correct guid\n"); - search.in.domain_guid = GUID_string(tctx, &n1.logon5.domain_uuid); + search.in.domain_guid = GUID_string(tctx, &n1.nt5_ex.domain_uuid); status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_STRING(search.out.netlogon.logon5.dns_domain, n1.logon5.dns_domain); - CHECK_STRING(search.out.netlogon.logon5.user_name, ""); - CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC2); + CHECK_STRING(search.out.netlogon.nt5_ex.dns_domain, n1.nt5_ex.dns_domain); + CHECK_STRING(search.out.netlogon.nt5_ex.user_name, ""); + CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); printf("Trying with a incorrect domain and incorrect guid\n"); search.in.domain_guid = GUID_string(tctx, &guid); status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_NOT_FOUND); - CHECK_STRING(search.out.netlogon.logon5.dns_domain, n1.logon5.dns_domain); - CHECK_STRING(search.out.netlogon.logon5.user_name, ""); - CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC2); + CHECK_STRING(search.out.netlogon.nt5_ex.dns_domain, n1.nt5_ex.dns_domain); + CHECK_STRING(search.out.netlogon.nt5_ex.user_name, ""); + CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); printf("Trying with a incorrect GUID and correct domain\n"); search.in.domain_guid = GUID_string(tctx, &guid); - search.in.realm = n1.logon5.dns_domain; + search.in.realm = n1.nt5_ex.dns_domain; status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_STRING(search.out.netlogon.logon5.dns_domain, n1.logon5.dns_domain); - CHECK_STRING(search.out.netlogon.logon5.user_name, ""); - CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC2); + CHECK_STRING(search.out.netlogon.nt5_ex.dns_domain, n1.nt5_ex.dns_domain); + CHECK_STRING(search.out.netlogon.nt5_ex.user_name, ""); + CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); return true; } diff --git a/source4/torture/nbt/dgram.c b/source4/torture/nbt/dgram.c index a3585896eb..e039aac509 100644 --- a/source4/torture/nbt/dgram.c +++ b/source4/torture/nbt/dgram.c @@ -42,7 +42,7 @@ static void netlogon_handler(struct dgram_mailslot_handler *dgmslot, struct socket_address *src) { NTSTATUS status; - struct nbt_netlogon_packet netlogon; + struct nbt_netlogon_response netlogon; int *replies = (int *)dgmslot->private; printf("netlogon reply from %s:%d\n", src->addr, src->port); @@ -54,8 +54,6 @@ static void netlogon_handler(struct dgram_mailslot_handler *dgmslot, return; } - NDR_PRINT_DEBUG(nbt_netlogon_packet, &netlogon); - (*replies)++; } @@ -101,7 +99,7 @@ static bool nbt_test_netlogon(struct torture_context *tctx) /* try receiving replies on port 138 first, which will only work if we are root and smbd/nmbd are not running - fall back to listening on any port, which means replies from - some windows versions won't be seen */ + most windows versions won't be seen */ status = socket_listen(dgmsock->sock, socket_address, 0, 0); if (!NT_STATUS_IS_OK(status)) { talloc_free(socket_address); @@ -117,7 +115,7 @@ static bool nbt_test_netlogon(struct torture_context *tctx) netlogon_handler, &replies); ZERO_STRUCT(logon); - logon.command = NETLOGON_QUERY_FOR_PDC; + logon.command = LOGON_PRIMARY_QUERY; logon.req.pdc.computer_name = TEST_NAME; logon.req.pdc.mailslot_name = dgmslot->mailslot_name; logon.req.pdc.unicode_name = TEST_NAME; @@ -132,6 +130,7 @@ static bool nbt_test_netlogon(struct torture_context *tctx) torture_assert(tctx, dest != NULL, "Error getting address"); status = dgram_mailslot_netlogon_send(dgmsock, &name, dest, + NBT_MAILSLOT_NETLOGON, &myname, &logon); torture_assert_ntstatus_ok(tctx, status, "Failed to send netlogon request"); @@ -200,14 +199,14 @@ static bool nbt_test_netlogon2(struct torture_context *tctx) ZERO_STRUCT(logon); - logon.command = NETLOGON_QUERY_FOR_PDC2; - logon.req.pdc2.request_count = 0; - logon.req.pdc2.computer_name = TEST_NAME; - logon.req.pdc2.user_name = ""; - logon.req.pdc2.mailslot_name = dgmslot->mailslot_name; - logon.req.pdc2.nt_version = 11; - logon.req.pdc2.lmnt_token = 0xFFFF; - logon.req.pdc2.lm20_token = 0xFFFF; + logon.command = LOGON_SAM_LOGON_REQUEST; + logon.req.logon.request_count = 0; + logon.req.logon.computer_name = TEST_NAME; + logon.req.logon.user_name = ""; + logon.req.logon.mailslot_name = dgmslot->mailslot_name; + logon.req.logon.nt_version = 11; + logon.req.logon.lmnt_token = 0xFFFF; + logon.req.logon.lm20_token = 0xFFFF; make_nbt_name_client(&myname, TEST_NAME); @@ -216,6 +215,7 @@ static bool nbt_test_netlogon2(struct torture_context *tctx) torture_assert(tctx, dest != NULL, "Error getting address"); status = dgram_mailslot_netlogon_send(dgmsock, &name, dest, + NBT_MAILSLOT_NETLOGON, &myname, &logon); torture_assert_ntstatus_ok(tctx, status, "Failed to send netlogon request"); @@ -227,32 +227,6 @@ static bool nbt_test_netlogon2(struct torture_context *tctx) } -/* - reply handler for ntlogon request -*/ -static void ntlogon_handler(struct dgram_mailslot_handler *dgmslot, - struct nbt_dgram_packet *packet, - struct socket_address *src) -{ - NTSTATUS status; - struct nbt_ntlogon_packet ntlogon; - int *replies = (int *)dgmslot->private; - - printf("ntlogon reply from %s:%d\n", src->addr, src->port); - - status = dgram_mailslot_ntlogon_parse(dgmslot, dgmslot, packet, &ntlogon); - if (!NT_STATUS_IS_OK(status)) { - printf("Failed to parse ntlogon packet from %s:%d\n", - src->addr, src->port); - return; - } - - NDR_PRINT_DEBUG(nbt_ntlogon_packet, &ntlogon); - - (*replies)++; -} - - /* test UDP/138 ntlogon requests */ static bool nbt_test_ntlogon(struct torture_context *tctx) { @@ -265,7 +239,7 @@ static bool nbt_test_ntlogon(struct torture_context *tctx) const struct dom_sid *dom_sid; const char *myaddress; - struct nbt_ntlogon_packet logon; + struct nbt_netlogon_packet logon; struct nbt_name myname; NTSTATUS status; struct timeval tv = timeval_current(); @@ -296,7 +270,7 @@ static bool nbt_test_ntlogon(struct torture_context *tctx) /* try receiving replies on port 138 first, which will only work if we are root and smbd/nmbd are not running - fall back to listening on any port, which means replies from - some windows versions won't be seen */ + most windows versions won't be seen */ status = socket_listen(dgmsock->sock, socket_address, 0, 0); if (!NT_STATUS_IS_OK(status)) { talloc_free(socket_address); @@ -317,17 +291,17 @@ static bool nbt_test_ntlogon(struct torture_context *tctx) /* setup a temporary mailslot listener for replies */ dgmslot = dgram_mailslot_temp(dgmsock, NBT_MAILSLOT_GETDC, - ntlogon_handler, &replies); + netlogon_handler, &replies); ZERO_STRUCT(logon); - logon.command = NTLOGON_SAM_LOGON; + logon.command = LOGON_SAM_LOGON_REQUEST; logon.req.logon.request_count = 0; logon.req.logon.computer_name = TEST_NAME; logon.req.logon.user_name = TEST_NAME"$"; logon.req.logon.mailslot_name = dgmslot->mailslot_name; logon.req.logon.acct_control = ACB_WSTRUST; - logon.req.logon.sid = *dom_sid; + /* Leave sid as all zero */ logon.req.logon.nt_version = 1; logon.req.logon.lmnt_token = 0xFFFF; logon.req.logon.lm20_token = 0xFFFF; @@ -337,8 +311,10 @@ static bool nbt_test_ntlogon(struct torture_context *tctx) dest = socket_address_from_strings(dgmsock, dgmsock->sock->backend_name, address, lp_dgram_port(tctx->lp_ctx)); torture_assert(tctx, dest != NULL, "Error getting address"); - status = dgram_mailslot_ntlogon_send(dgmsock, DGRAM_DIRECT_UNIQUE, - &name, dest, &myname, &logon); + status = dgram_mailslot_netlogon_send(dgmsock, + &name, dest, + NBT_MAILSLOT_NTLOGON, + &myname, &logon); torture_assert_ntstatus_ok(tctx, status, "Failed to send ntlogon request"); while (timeval_elapsed(&tv) < 5 && replies == 0) { diff --git a/source4/torture/rpc/dssync.c b/source4/torture/rpc/dssync.c index 00617f4072..989a1faf27 100644 --- a/source4/torture/rpc/dssync.c +++ b/source4/torture/rpc/dssync.c @@ -288,16 +288,17 @@ static bool test_GetInfo(struct torture_context *tctx, struct DsSyncTest *ctx) search.in.dest_address = ctx->drsuapi_binding->host; search.in.dest_port = lp_cldap_port(tctx->lp_ctx); search.in.acct_control = -1; - search.in.version = 6; + search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX; + search.in.map_response = true; status = cldap_netlogon(cldap, ctx, &search); if (!NT_STATUS_IS_OK(status)) { const char *errstr = nt_errstr(status); ctx->site_name = talloc_asprintf(ctx, "%s", "Default-First-Site-Name"); printf("cldap_netlogon() returned %s. Defaulting to Site-Name: %s\n", errstr, ctx->site_name); } else { - ctx->site_name = talloc_steal(ctx, search.out.netlogon.logon5.client_site); + ctx->site_name = talloc_steal(ctx, search.out.netlogon.nt5_ex.client_site); printf("cldap_netlogon() returned Client Site-Name: %s.\n",ctx->site_name); - printf("cldap_netlogon() returned Server Site-Name: %s.\n",search.out.netlogon.logon5.server_site); + printf("cldap_netlogon() returned Server Site-Name: %s.\n",search.out.netlogon.nt5_ex.server_site); } return ret; |