From 8d9e0d532379f0f350627a9497ff153249591349 Mon Sep 17 00:00:00 2001
From: Günther Deschner <gd@samba.org>
Date: Fri, 8 Jun 2007 10:53:47 +0000
Subject: r23385: Adding netr_DsRGetForestTrustInformation() test to query
 transitive forest trusts as well as our primary domain.

Guenther
(This used to be commit 7b19df13a4885fefc38cd73a9c46ee897ffa79ae)
---
 source4/torture/rpc/netlogon.c | 52 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)

(limited to 'source4/torture/rpc')

diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c
index ec4ee5d18c..82a6dc235b 100644
--- a/source4/torture/rpc/netlogon.c
+++ b/source4/torture/rpc/netlogon.c
@@ -1141,6 +1141,35 @@ static BOOL test_LogonControl2Ex(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
 	return ret;
 }
 
+static BOOL test_netr_DsRGetForestTrustInformation(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, const char *trusted_domain_name) 
+{
+	NTSTATUS status;
+	struct netr_DsRGetForestTrustInformation r;
+	BOOL ret = True;
+	struct lsa_ForestTrustInformation info, *info_ptr;
+
+	if (lp_parm_bool(-1, "torture", "samba4", False)) {
+		printf("skipping DsRGetForestTrustInformation test against Samba4\n");
+		return True;
+	}
+
+	info_ptr = &info;
+
+	r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
+	r.in.trusted_domain_name = trusted_domain_name;
+	r.in.flags = 0;
+	r.out.forest_trust_info = &info_ptr;
+
+	printf("Testing netr_DsRGetForestTrustInformation\n");
+
+	status = dcerpc_netr_DsRGetForestTrustInformation(p, mem_ctx, &r);
+	if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(r.out.result)) {
+		printf("netr_DsRGetForestTrustInformation - %s/%s\n", 
+		       nt_errstr(status), win_errstr(r.out.result));
+		ret = False;
+	}
+	return ret;
+}
 
 /*
   try a netlogon netr_DsrEnumerateDomainTrusts
@@ -1149,6 +1178,7 @@ static BOOL test_DsrEnumerateDomainTrusts(struct dcerpc_pipe *p, TALLOC_CTX *mem
 {
 	NTSTATUS status;
 	struct netr_DsrEnumerateDomainTrusts r;
+	int i;
 
 	r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
 	r.in.trust_flags = 0x3f;
@@ -1162,6 +1192,28 @@ static BOOL test_DsrEnumerateDomainTrusts(struct dcerpc_pipe *p, TALLOC_CTX *mem
 		return False;
 	}
 
+	/* when trusted_domain_name is NULL, netr_DsRGetForestTrustInformation
+	 * will show non-forest trusts and all UPN suffixes of the own forest
+	 * as LSA_FOREST_TRUST_TOP_LEVEL_NAME types */
+
+	if (r.out.count) {
+		if (!test_netr_DsRGetForestTrustInformation(p, mem_ctx, NULL)) {
+			return False;
+		}
+	}
+
+	for (i=0; i<r.out.count; i++) {
+
+		/* get info for transitive forest trusts */
+
+		if (r.out.trusts[i].trust_attributes & NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE) {
+			if (!test_netr_DsRGetForestTrustInformation(p, mem_ctx, 
+								    r.out.trusts[i].dns_name)) {
+				return False;
+			}
+		}
+	}
+
 	return True;
 }
 
-- 
cgit