From ce2d92c878ceb4c4f0f8948be2dc6ad7ecaf132c Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 17 Nov 2006 11:19:15 +0000 Subject: r19760: Create a DC account for the drsuapi tests to work on, rather than choosing an existing DC. Allow to skip some tests under Samba4. Andrew Bartlett (This used to be commit 705fbae325267fd0ed11f463f954f8e45802d6d5) --- source4/torture/rpc/drsuapi.c | 51 ++++++++++++++++++++++++++++---- source4/torture/rpc/drsuapi.h | 1 + source4/torture/rpc/drsuapi_cracknames.c | 36 +++++++++++++++++----- 3 files changed, 74 insertions(+), 14 deletions(-) diff --git a/source4/torture/rpc/drsuapi.c b/source4/torture/rpc/drsuapi.c index ffef717489..bcfb12de75 100644 --- a/source4/torture/rpc/drsuapi.c +++ b/source4/torture/rpc/drsuapi.c @@ -27,6 +27,8 @@ #include "librpc/gen_ndr/ndr_drsuapi_c.h" #include "torture/rpc/rpc.h" +#define TEST_MACHINE_NAME "torturetest" + BOOL test_DsBind(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct DsPrivate *priv) { @@ -65,6 +67,11 @@ static BOOL test_DsGetDCInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct drsuapi_DsGetDomainControllerInfo r; BOOL ret = True; + if (lp_parm_bool(-1, "torture", "samba4", False)) { + printf("skipping DsGetDCInfo test against Samba4\n"); + return True; + } + r.in.bind_handle = &priv->bind_handle; r.in.level = 1; @@ -189,7 +196,7 @@ static BOOL test_DsGetDCInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, } static BOOL test_DsWriteAccountSpn(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, - struct DsPrivate *priv) + struct DsPrivate *priv) { NTSTATUS status; struct drsuapi_DsWriteAccountSpn r; @@ -316,6 +323,11 @@ static BOOL test_DsReplicaGetInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, } }; + if (lp_parm_bool(-1, "torture", "samba4", False)) { + printf("skipping DsGetDCInfo test against Samba4\n"); + return True; + } + r.in.bind_handle = &priv->bind_handle; for (i=0; i < ARRAY_SIZE(array); i++) { @@ -389,6 +401,11 @@ static BOOL test_DsReplicaSync(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, return True; } + if (lp_parm_bool(-1, "torture", "samba4", False)) { + printf("skipping DsReplicaSync test against Samba4\n"); + return True; + } + ZERO_STRUCT(null_guid); ZERO_STRUCT(null_sid); @@ -447,6 +464,11 @@ static BOOL test_DsReplicaUpdateRefs(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, } }; + if (lp_parm_bool(-1, "torture", "samba4", False)) { + printf("skipping DsReplicaUpdateRefs test against Samba4\n"); + return True; + } + ZERO_STRUCT(null_guid); ZERO_STRUCT(null_sid); @@ -509,6 +531,11 @@ static BOOL test_DsGetNCChanges(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, } }; + if (lp_parm_bool(-1, "torture", "samba4", False)) { + printf("skipping DsGetNCChanges test against Samba4\n"); + return True; + } + ZERO_STRUCT(null_guid); ZERO_STRUCT(null_sid); @@ -630,26 +657,36 @@ BOOL torture_rpc_drsuapi(struct torture_context *torture) TALLOC_CTX *mem_ctx; BOOL ret = True; struct DsPrivate priv; + struct cli_credentials *machine_credentials; mem_ctx = talloc_init("torture_rpc_drsuapi"); + printf("Connected to DRAUAPI pipe\n"); + + ZERO_STRUCT(priv); + + priv.join = torture_join_domain(TEST_MACHINE_NAME, ACB_SVRTRUST, + &machine_credentials); + if (!priv.join) { + talloc_free(mem_ctx); + printf("Failed to join as BDC\n"); + return False; + } + status = torture_rpc_connection(mem_ctx, &p, &dcerpc_table_drsuapi); if (!NT_STATUS_IS_OK(status)) { + torture_leave_domain(priv.join); talloc_free(mem_ctx); return False; } - printf("Connected to DRAUAPI pipe\n"); - - ZERO_STRUCT(priv); - ret &= test_DsBind(p, mem_ctx, &priv); ret &= test_DsGetDCInfo(p, mem_ctx, &priv); - ret &= test_DsCrackNames(p, mem_ctx, &priv, priv.dcinfo.netbios_name); + ret &= test_DsCrackNames(p, mem_ctx, &priv, TEST_MACHINE_NAME); ret &= test_DsWriteAccountSpn(p, mem_ctx, &priv); @@ -665,6 +702,8 @@ BOOL torture_rpc_drsuapi(struct torture_context *torture) talloc_free(mem_ctx); + torture_leave_domain(priv.join); + return ret; } diff --git a/source4/torture/rpc/drsuapi.h b/source4/torture/rpc/drsuapi.h index 4914d0a272..e9d625674f 100644 --- a/source4/torture/rpc/drsuapi.h +++ b/source4/torture/rpc/drsuapi.h @@ -32,5 +32,6 @@ struct DsPrivate { const char *domain_dns_name; struct GUID domain_guid; struct drsuapi_DsGetDCInfo2 dcinfo; + struct test_join *join; }; diff --git a/source4/torture/rpc/drsuapi_cracknames.c b/source4/torture/rpc/drsuapi_cracknames.c index c38045621a..e6ff33d58d 100644 --- a/source4/torture/rpc/drsuapi_cracknames.c +++ b/source4/torture/rpc/drsuapi_cracknames.c @@ -27,6 +27,7 @@ #include "librpc/gen_ndr/ndr_drsuapi_c.h" #include "torture/rpc/rpc.h" #include "ldb/include/ldb.h" +#include "libcli/security/security.h" static BOOL test_DsCrackNamesMatrix(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct DsPrivate *priv, const char *dn, @@ -220,6 +221,7 @@ BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, const char *service_principal_name; const char *canonical_name; const char *canonical_ex_name; + const char *dc_sid; ZERO_STRUCT(r); r.in.bind_handle = &priv->bind_handle; @@ -230,9 +232,12 @@ BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, r.in.req.req1.names = names; r.in.req.req1.format_flags = DRSUAPI_DS_NAME_FLAG_NO_FLAGS; - r.in.req.req1.format_offered = DRSUAPI_DS_NAME_FORMAT_CANONICAL; + r.in.req.req1.format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY; r.in.req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT; - names[0].str = talloc_asprintf(mem_ctx, "%s/", lp_realm()); + + dc_sid = dom_sid_string(mem_ctx, torture_join_sid(priv->join)); + + names[0].str = dc_sid; printf("testing DsCrackNames with name '%s' desired format:%d\n", names[0].str, r.in.req.req1.format_desired); @@ -319,20 +324,20 @@ BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, realm_canonical = ldb_dn_canonical_string(mem_ctx, realm_dn); if (strcmp(realm_canonical, - talloc_asprintf(mem_ctx, "%s/", lp_realm()))!= 0) { + talloc_asprintf(mem_ctx, "%s/", dns_domain))!= 0) { printf("local Round trip on canonical name failed: %s != %s!\n", realm_canonical, - talloc_asprintf(mem_ctx, "%s/", lp_realm())); + talloc_asprintf(mem_ctx, "%s/", dns_domain)); return False; }; realm_canonical_ex = ldb_dn_canonical_ex_string(mem_ctx, realm_dn); if (strcmp(realm_canonical_ex, - talloc_asprintf(mem_ctx, "%s\n", lp_realm()))!= 0) { + talloc_asprintf(mem_ctx, "%s\n", dns_domain))!= 0) { printf("local Round trip on canonical ex name failed: %s != %s!\n", realm_canonical, - talloc_asprintf(mem_ctx, "%s\n", lp_realm())); + talloc_asprintf(mem_ctx, "%s\n", dns_domain)); return False; }; @@ -560,7 +565,7 @@ BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, .format_offered = DRSUAPI_DS_NAME_FORMAT_DISPLAY, .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779, .str = test_dc, - .comment = "DISPAY NAME search for DC short name", + .comment = "DISLPAY NAME search for DC short name", .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND }, { @@ -693,7 +698,7 @@ BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, .format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT, .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779, .comment = "Realm as an NT4 domain lookup", - .str = talloc_asprintf(mem_ctx, "%s\\", lp_realm()), + .str = talloc_asprintf(mem_ctx, "%s\\", dns_domain), .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND }, { @@ -715,6 +720,21 @@ BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, .str = SID_BUILTIN_ADMINISTRATORS, .status = DRSUAPI_DS_NAME_STATUS_OK }, + { + .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY, + .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779, + .comment = "DC SID -> DN", + .str = dc_sid, + .expected_str = FQDN_1779_name, + .status = DRSUAPI_DS_NAME_STATUS_OK + }, + { + .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY, + .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT, + .comment = "DC SID -> NT4 account", + .str = dc_sid, + .status = DRSUAPI_DS_NAME_STATUS_OK + }, { .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL, .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779, -- cgit