netlogon.c

samba最新软件

	status = dcerpc_netr_DsRGetDCName(p, tctx, &r);
	torture_assert_ntstatus_ok(tctx, status, "DsRGetDCName");
	torture_assert_werr_ok(tctx, r.out.result, "DsRGetDCName");
	return test_netr_DsRGetSiteName(p, tctx, 
				       r.out.info->dc_unc, 
				       r.out.info->dc_site_name);
}

/*
  try a netlogon netr_DsRGetDCNameEx
*/
static bool test_netr_DsRGetDCNameEx(struct torture_context *tctx, 
				     struct dcerpc_pipe *p)
{
	NTSTATUS status;
	struct netr_DsRGetDCNameEx r;

	r.in.server_unc		= talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
	r.in.domain_name	= talloc_asprintf(tctx, "%s", lp_realm(tctx->lp_ctx));
	r.in.domain_guid	= NULL;
	r.in.site_name	        = NULL;
	r.in.flags		= DS_RETURN_DNS_NAME;

	status = dcerpc_netr_DsRGetDCNameEx(p, tctx, &r);
	torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx");
	torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx");

	return test_netr_DsRGetSiteName(p, tctx, r.out.info->dc_unc, 
				       r.out.info->dc_site_name);
}

/*
  try a netlogon netr_DsRGetDCNameEx2
*/
static bool test_netr_DsRGetDCNameEx2(struct torture_context *tctx, 
				      struct dcerpc_pipe *p)
{
	NTSTATUS status;
	struct netr_DsRGetDCNameEx2 r;

	r.in.server_unc		= talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
	r.in.client_account	= NULL;
	r.in.mask		= 0x00000000;
	r.in.domain_name	= talloc_asprintf(tctx, "%s", lp_realm(tctx->lp_ctx));
	r.in.domain_guid	= NULL;
	r.in.site_name		= NULL;
	r.in.flags		= DS_RETURN_DNS_NAME;

	torture_comment(tctx, "Testing netr_DsRGetDCNameEx2 without client account\n");

	status = dcerpc_netr_DsRGetDCNameEx2(p, tctx, &r);
	torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx2");
	torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx2");

	torture_comment(tctx, "Testing netr_DsRGetDCNameEx2 with client acount\n");
	r.in.client_account	= TEST_MACHINE_NAME"$";
	r.in.mask		= ACB_SVRTRUST;
	r.in.flags		= DS_RETURN_FLAT_NAME;

	status = dcerpc_netr_DsRGetDCNameEx2(p, tctx, &r);
	torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx2");
	torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx2");
	return test_netr_DsRGetSiteName(p, tctx, r.out.info->dc_unc, 
					r.out.info->dc_site_name);
}

static bool test_netr_DsrGetDcSiteCoverageW(struct torture_context *tctx, 
					    struct dcerpc_pipe *p)
{
	NTSTATUS status;
	struct netr_DsrGetDcSiteCoverageW r;

	r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));

	status = dcerpc_netr_DsrGetDcSiteCoverageW(p, tctx, &r);
	torture_assert_ntstatus_ok(tctx, status, "failed");
	torture_assert_werr_ok(tctx, r.out.result, "failed");

	return true;
}

static bool test_netr_DsRAddressToSitenamesW(struct torture_context *tctx,
					     struct dcerpc_pipe *p)
{
	NTSTATUS status;
	struct netr_DsRAddressToSitenamesW r;
	struct netr_DsRAddress addr;
	struct netr_DsRAddressToSitenamesWCtr *ctr;

	ctr = talloc(tctx, struct netr_DsRAddressToSitenamesWCtr);

	addr.size = 16;
	addr.buffer = talloc_zero_array(tctx, uint8_t, addr.size);

	addr.buffer[0] = 2; /* AF_INET */
	addr.buffer[4] = 127;
	addr.buffer[5] = 0;
	addr.buffer[6] = 0;
	addr.buffer[7] = 1;

	r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
	r.in.count = 1;
	r.in.addresses = talloc_zero_array(tctx, struct netr_DsRAddress, r.in.count);
	r.in.addresses[0] = addr;
	r.out.ctr = &ctr;

	status = dcerpc_netr_DsRAddressToSitenamesW(p, tctx, &r);
	torture_assert_ntstatus_ok(tctx, status, "failed");
	torture_assert_werr_ok(tctx, r.out.result, "failed");

	return true;
}

static bool test_netr_DsRAddressToSitenamesExW(struct torture_context *tctx,
					       struct dcerpc_pipe *p)
{
	NTSTATUS status;
	struct netr_DsRAddressToSitenamesExW r;
	struct netr_DsRAddress addr;
	struct netr_DsRAddressToSitenamesExWCtr *ctr;

	ctr = talloc(tctx, struct netr_DsRAddressToSitenamesExWCtr);

	addr.size = 16;
	addr.buffer = talloc_zero_array(tctx, uint8_t, addr.size);

	addr.buffer[0] = 2; /* AF_INET */
	addr.buffer[4] = 127;
	addr.buffer[5] = 0;
	addr.buffer[6] = 0;
	addr.buffer[7] = 1;

	r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
	r.in.count = 1;
	r.in.addresses = talloc_zero_array(tctx, struct	netr_DsRAddress, r.in.count);
	r.in.addresses[0] = addr;
	r.out.ctr = &ctr;

	status = dcerpc_netr_DsRAddressToSitenamesExW(p, tctx, &r);
	torture_assert_ntstatus_ok(tctx, status, "failed");
	torture_assert_werr_ok(tctx, r.out.result, "failed");

	return true;
}

static bool test_GetDomainInfo(struct torture_context *tctx, 
			       struct dcerpc_pipe *p,
			       struct cli_credentials *machine_credentials)
{
	NTSTATUS status;
	struct netr_LogonGetDomainInfo r;
	struct netr_DomainQuery1 q1;
	struct netr_Authenticator a;
	struct creds_CredentialState *creds;

	if (!test_SetupCredentials3(p, tctx, NETLOGON_NEG_AUTH2_ADS_FLAGS, 
				    machine_credentials, &creds)) {
		return false;
	}

	ZERO_STRUCT(r);

	creds_client_authenticator(creds, &a);

	r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
	r.in.computer_name = TEST_MACHINE_NAME;
	r.in.level = 1;
	r.in.credential = &a;
	r.in.return_authenticator = &a;
	r.out.return_authenticator = &a;

	r.in.query.query1 = &q1;
	ZERO_STRUCT(q1);
	
	/* this should really be the fully qualified name */
	q1.workstation_domain = TEST_MACHINE_NAME;
	q1.workstation_site = "Default-First-Site-Name";
	q1.blob2.length = 0;
	q1.blob2.size = 0;
	q1.blob2.data = NULL;
	q1.product.string = "product string";

	torture_comment(tctx, "Testing netr_uogonGetDomainInfo\n");

	status = dcerpc_netr_LogonGetDomainInfo(p, tctx, &r);
	torture_assert_ntstatus_ok(tctx, status, "netr_LogonGetDomainInfo");
	torture_assert(tctx, creds_client_check(creds, &a.cred), "Credential chaining failed");

	return true;
}


static void async_callback(struct rpc_request *req)
{
	int *counter = (int *)req->async.private_data;
	if (NT_STATUS_IS_OK(req->status)) {
		(*counter)++;
	}
}

static bool test_GetDomainInfo_async(struct torture_context *tctx, 
				     struct dcerpc_pipe *p,
				     struct cli_credentials *machine_credentials)
{
	NTSTATUS status;
	struct netr_LogonGetDomainInfo r;
	struct netr_DomainQuery1 q1;
	struct netr_Authenticator a;
#define ASYNC_COUNT 100
	struct creds_CredentialState *creds;
	struct creds_CredentialState *creds_async[ASYNC_COUNT];
	struct rpc_request *req[ASYNC_COUNT];
	int i;
	int *async_counter = talloc(tctx, int);

	if (!test_SetupCredentials3(p, tctx, NETLOGON_NEG_AUTH2_ADS_FLAGS, 
				    machine_credentials, &creds)) {
		return false;
	}

	ZERO_STRUCT(r);
	r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
	r.in.computer_name = TEST_MACHINE_NAME;
	r.in.level = 1;
	r.in.credential = &a;
	r.in.return_authenticator = &a;
	r.out.return_authenticator = &a;

	r.in.query.query1 = &q1;
	ZERO_STRUCT(q1);
	
	/* this should really be the fully qualified name */
	q1.workstation_domain = TEST_MACHINE_NAME;
	q1.workstation_site = "Default-First-Site-Name";
	q1.blob2.length = 0;
	q1.blob2.size = 0;
	q1.blob2.data = NULL;
	q1.product.string = "product string";

	torture_comment(tctx, "Testing netr_LogonGetDomainInfo - async count %d\n", ASYNC_COUNT);

	*async_counter = 0;

	for (i=0;i<ASYNC_COUNT;i++) {
		creds_client_authenticator(creds, &a);

		creds_async[i] = (struct creds_CredentialState *)talloc_memdup(creds, creds, sizeof(*creds));
		req[i] = dcerpc_netr_LogonGetDomainInfo_send(p, tctx, &r);

		req[i]->async.callback = async_callback;
		req[i]->async.private_data = async_counter;

		/* even with this flush per request a w2k3 server seems to 
		   clag with multiple outstanding requests. bleergh. */
		torture_assert_int_equal(tctx, event_loop_once(dcerpc_event_context(p)), 0, 
					 "event_loop_once failed");
	}

	for (i=0;i<ASYNC_COUNT;i++) {
		status = dcerpc_ndr_request_recv(req[i]);

		torture_assert_ntstatus_ok(tctx, status, "netr_LogonGetDomainInfo_async");
		torture_assert_ntstatus_ok(tctx, r.out.result, "netr_LogonGetDomainInfo_async"); 

		torture_assert(tctx, creds_client_check(creds_async[i], &a.cred), 
			"Credential chaining failed at async");
	}

	torture_comment(tctx, 
			"Testing netr_LogonGetDomainInfo - async count %d OK\n", *async_counter);

	torture_assert_int_equal(tctx, (*async_counter), ASYNC_COUNT, "int");

	return true;
}

static bool test_ManyGetDCName(struct torture_context *tctx, 
			       struct dcerpc_pipe *p)
{
	NTSTATUS status;
	struct dcerpc_pipe *p2;
	struct lsa_ObjectAttribute attr;
	struct lsa_QosInfo qos;
	struct lsa_OpenPolicy2 o;
	struct policy_handle lsa_handle;
	struct lsa_DomainList domains;

	struct lsa_EnumTrustDom t;
	uint32_t resume_handle = 0;
	struct netr_GetAnyDCName d;

	int i;

	if (p->conn->transport.transport != NCACN_NP) {
		return true;
	}

	torture_comment(tctx, "Torturing GetDCName\n");

	status = dcerpc_secondary_connection(p, &p2, p->binding);
	torture_assert_ntstatus_ok(tctx, status, "Failed to create secondary connection");

	status = dcerpc_bind_auth_none(p2, &ndr_table_lsarpc);
	torture_assert_ntstatus_ok(tctx, status, "Failed to create bind on secondary connection");

	qos.len = 0;
	qos.impersonation_level = 2;
	qos.context_mode = 1;
	qos.effective_only = 0;

	attr.len = 0;
	attr.root_dir = NULL;
	attr.object_name = NULL;
	attr.attributes = 0;
	attr.sec_desc = NULL;
	attr.sec_qos = &qos;

	o.in.system_name = "\\";
	o.in.attr = &attr;
	o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
	o.out.handle = &lsa_handle;

	status = dcerpc_lsa_OpenPolicy2(p2, tctx, &o);
	torture_assert_ntstatus_ok(tctx, status, "OpenPolicy2 failed");

	t.in.handle = &lsa_handle;
	t.in.resume_handle = &resume_handle;
	t.in.max_size = 1000;
	t.out.domains = &domains;
	t.out.resume_handle = &resume_handle;

	status = dcerpc_lsa_EnumTrustDom(p2, tctx, &t);

	if ((!NT_STATUS_IS_OK(status) &&
	     (!NT_STATUS_EQUAL(status, NT_STATUS_NO_MORE_ENTRIES))))
		torture_fail(tctx, "Could not list domains");

	talloc_free(p2);

	d.in.logon_server = talloc_asprintf(tctx, "\\\\%s",
					    dcerpc_server_name(p));

	for (i=0; i<domains.count * 4; i++) {
		struct lsa_DomainInfo *info =
			&domains.domains[rand()%domains.count];

		d.in.domainname = info->name.string;

		status = dcerpc_netr_GetAnyDCName(p, tctx, &d);
		torture_assert_ntstatus_ok(tctx, status, "GetAnyDCName");

		torture_comment(tctx, "\tDC for domain %s is %s\n", info->name.string,
		       d.out.dcname ? d.out.dcname : "unknown");
	}

	return true;
}

struct torture_suite *torture_rpc_netlogon(TALLOC_CTX *mem_ctx)
{
	struct torture_suite *suite = torture_suite_create(mem_ctx, "NETLOGON");
	struct torture_rpc_tcase *tcase;
	struct torture_test *test;

	tcase = torture_suite_add_machine_rpc_iface_tcase(suite, "netlogon", 
						  &ndr_table_netlogon, TEST_MACHINE_NAME);
	torture_rpc_tcase_add_test(tcase, "LogonUasLogon", test_LogonUasLogon);
	torture_rpc_tcase_add_test(tcase, "LogonUasLogoff", test_LogonUasLogoff);
	torture_rpc_tcase_add_test_creds(tcase, "SamLogon", test_SamLogon);
	torture_rpc_tcase_add_test_creds(tcase, "SetPassword", test_SetPassword);
	torture_rpc_tcase_add_test_creds(tcase, "SetPassword2", test_SetPassword2);
	torture_rpc_tcase_add_test_creds(tcase, "GetPassword", test_GetPassword);
	torture_rpc_tcase_add_test_creds(tcase, "GetTrustPasswords", test_GetTrustPasswords);
	torture_rpc_tcase_add_test_creds(tcase, "GetDomainInfo", test_GetDomainInfo);
	torture_rpc_tcase_add_test_creds(tcase, "DatabaseSync", test_DatabaseSync);
	torture_rpc_tcase_add_test_creds(tcase, "DatabaseDeltas", test_DatabaseDeltas);
	torture_rpc_tcase_add_test_creds(tcase, "AccountDeltas", test_AccountDeltas);
	torture_rpc_tcase_add_test_creds(tcase, "AccountSync", test_AccountSync);
	torture_rpc_tcase_add_test(tcase, "GetDcName", test_GetDcName);
	torture_rpc_tcase_add_test(tcase, "ManyGetDCName", test_ManyGetDCName);
	torture_rpc_tcase_add_test(tcase, "LogonControl", test_LogonControl);
	torture_rpc_tcase_add_test(tcase, "GetAnyDCName", test_GetAnyDCName);
	torture_rpc_tcase_add_test(tcase, "LogonControl2", test_LogonControl2);
	torture_rpc_tcase_add_test_creds(tcase, "DatabaseSync2", test_DatabaseSync2);
	torture_rpc_tcase_add_test(tcase, "LogonControl2Ex", test_LogonControl2Ex);
	torture_rpc_tcase_add_test(tcase, "DsrEnumerateDomainTrusts", test_DsrEnumerateDomainTrusts);
	torture_rpc_tcase_add_test(tcase, "NetrEnumerateTrustedDomains", test_netr_NetrEnumerateTrustedDomains);
	torture_rpc_tcase_add_test(tcase, "NetrEnumerateTrustedDomainsEx", test_netr_NetrEnumerateTrustedDomainsEx);
	test = torture_rpc_tcase_add_test_creds(tcase, "GetDomainInfo_async", test_GetDomainInfo_async);
	test->dangerous = true;
	torture_rpc_tcase_add_test(tcase, "DsRGetDCName", test_netr_DsRGetDCName);
	torture_rpc_tcase_add_test(tcase, "DsRGetDCNameEx", test_netr_DsRGetDCNameEx);
	torture_rpc_tcase_add_test(tcase, "DsRGetDCNameEx2", test_netr_DsRGetDCNameEx2);
	torture_rpc_tcase_add_test(tcase, "DsrGetDcSiteCoverageW", test_netr_DsrGetDcSiteCoverageW);
	torture_rpc_tcase_add_test(tcase, "DsRAddressToSitenamesW", test_netr_DsRAddressToSitenamesW);
	torture_rpc_tcase_add_test(tcase, "DsRAddressToSitenamesExW", test_netr_DsRAddressToSitenamesExW);

	return suite;
}