root/source4/torture/rpc/drsuapi.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. test_DsBind
  2. test_DsGetDomainControllerInfo
  3. test_DsWriteAccountSpn
  4. test_DsReplicaGetInfo
  5. test_DsReplicaSync
  6. test_DsReplicaUpdateRefs
  7. test_DsGetNCChanges
  8. test_QuerySitesByCost
  9. test_DsUnbind
  10. torture_rpc_drsuapi
  11. torture_rpc_drsuapi_cracknames

   1 /* 
   2    Unix SMB/CIFS implementation.
   3 
   4    DRSUapi tests
   5 
   6    Copyright (C) Andrew Tridgell 2003
   7    Copyright (C) Stefan (metze) Metzmacher 2004
   8    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005-2006
   9 
  10    This program is free software; you can redistribute it and/or modify
  11    it under the terms of the GNU General Public License as published by
  12    the Free Software Foundation; either version 3 of the License, or
  13    (at your option) any later version.
  14    
  15    This program is distributed in the hope that it will be useful,
  16    but WITHOUT ANY WARRANTY; without even the implied warranty of
  17    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  18    GNU General Public License for more details.
  19    
  20    You should have received a copy of the GNU General Public License
  21    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  22 */
  23 
  24 #include "includes.h"
  25 #include "torture/torture.h"
  26 #include "librpc/gen_ndr/ndr_drsuapi_c.h"
  27 #include "torture/rpc/rpc.h"
  28 #include "param/param.h"
  29 
  30 #define TEST_MACHINE_NAME "torturetest"
  31 
  32 bool test_DsBind(struct dcerpc_pipe *p, struct torture_context *tctx,
     /* [<][>][^][v][top][bottom][index][help] */
  33                  struct DsPrivate *priv)
  34 {
  35         NTSTATUS status;
  36         struct drsuapi_DsBind r;
  37 
  38         GUID_from_string(DRSUAPI_DS_BIND_GUID, &priv->bind_guid);
  39 
  40         r.in.bind_guid = &priv->bind_guid;
  41         r.in.bind_info = NULL;
  42         r.out.bind_handle = &priv->bind_handle;
  43 
  44         torture_comment(tctx, "testing DsBind\n");
  45 
  46         status = dcerpc_drsuapi_DsBind(p, tctx, &r);
  47         if (!NT_STATUS_IS_OK(status)) {
  48                 const char *errstr = nt_errstr(status);
  49                 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
  50                         errstr = dcerpc_errstr(tctx, p->last_fault_code);
  51                 }
  52                 torture_fail(tctx, "dcerpc_drsuapi_DsBind failed");
  53         } else if (!W_ERROR_IS_OK(r.out.result)) {
  54                 torture_fail(tctx, "DsBind failed");
  55         }
  56 
  57         return true;
  58 }
  59 
  60 static bool test_DsGetDomainControllerInfo(struct dcerpc_pipe *p, struct torture_context *torture, 
     /* [<][>][^][v][top][bottom][index][help] */
  61                       struct DsPrivate *priv)
  62 {
  63         NTSTATUS status;
  64         struct drsuapi_DsGetDomainControllerInfo r;
  65         union drsuapi_DsGetDCInfoCtr ctr;
  66         int32_t level_out = 0;
  67         bool found = false;
  68         int i, j, k;
  69         
  70         struct {
  71                 const char *name;
  72                 WERROR expected;
  73         } names[] = { 
  74                 {       
  75                         .name = torture_join_dom_netbios_name(priv->join),
  76                         .expected = WERR_OK
  77                 },
  78                 {
  79                         .name = torture_join_dom_dns_name(priv->join),
  80                         .expected = WERR_OK
  81                 },
  82                 {
  83                         .name = "__UNKNOWN_DOMAIN__",
  84                         .expected = WERR_DS_OBJ_NOT_FOUND
  85                 },
  86                 {
  87                         .name = "unknown.domain.samba.example.com",
  88                         .expected = WERR_DS_OBJ_NOT_FOUND
  89                 },
  90         };
  91         int levels[] = {1, 2};
  92         int level;
  93 
  94         for (i=0; i < ARRAY_SIZE(levels); i++) {
  95                 for (j=0; j < ARRAY_SIZE(names); j++) {
  96                         union drsuapi_DsGetDCInfoRequest req;
  97                         level = levels[i];
  98                         r.in.bind_handle = &priv->bind_handle;
  99                         r.in.level = 1;
 100                         r.in.req = &req;
 101                         
 102                         r.in.req->req1.domain_name = names[j].name;
 103                         r.in.req->req1.level = level;
 104 
 105                         r.out.ctr = &ctr;
 106                         r.out.level_out = &level_out;
 107                         
 108                         torture_comment(torture,
 109                                    "testing DsGetDomainControllerInfo level %d on domainname '%s'\n",
 110                                r.in.req->req1.level, r.in.req->req1.domain_name);
 111                 
 112                         status = dcerpc_drsuapi_DsGetDomainControllerInfo(p, torture, &r);
 113                         torture_assert_ntstatus_ok(torture, status,
 114                                    "dcerpc_drsuapi_DsGetDomainControllerInfo with dns domain failed");
 115                         torture_assert_werr_equal(torture, 
 116                                                                           r.out.result, names[j].expected, 
 117                                            "DsGetDomainControllerInfo level with dns domain failed");
 118                 
 119                         if (!W_ERROR_IS_OK(r.out.result)) {
 120                                 /* If this was an error, we can't read the result structure */
 121                                 continue;
 122                         }
 123 
 124                         torture_assert_int_equal(torture, 
 125                                                                          r.in.req->req1.level, *r.out.level_out,
 126                                                                          "dcerpc_drsuapi_DsGetDomainControllerInfo level"); 
 127 
 128                         switch (level) {
 129                         case 1:
 130                                 for (k=0; k < r.out.ctr->ctr1.count; k++) {
 131                                         if (strcasecmp_m(r.out.ctr->ctr1.array[k].netbios_name,
 132                                                          torture_join_netbios_name(priv->join)) == 0) {
 133                                                 found = true;
 134                                                 break;
 135                                         }
 136                                 }
 137                                 break;
 138                         case 2:
 139                                 for (k=0; k < r.out.ctr->ctr2.count; k++) {
 140                                         if (strcasecmp_m(r.out.ctr->ctr2.array[k].netbios_name,
 141                                                          torture_join_netbios_name(priv->join)) == 0) {
 142                                                 found = true;
 143                                                 priv->dcinfo    = r.out.ctr->ctr2.array[k];
 144                                                 break;
 145                                         }
 146                                 }
 147                                 break;
 148                         }
 149                         torture_assert(torture, found,
 150                                  "dcerpc_drsuapi_DsGetDomainControllerInfo: Failed to find the domain controller we just created during the join");
 151                 }
 152         }
 153 
 154         r.in.bind_handle = &priv->bind_handle;
 155         r.in.level = 1;
 156 
 157         r.out.ctr = &ctr;
 158         r.out.level_out = &level_out;
 159 
 160         r.in.req->req1.domain_name = "__UNKNOWN_DOMAIN__"; /* This is clearly ignored for this level */
 161         r.in.req->req1.level = -1;
 162         
 163         printf("testing DsGetDomainControllerInfo level %d on domainname '%s'\n",
 164                r.in.req->req1.level, r.in.req->req1.domain_name);
 165         
 166         status = dcerpc_drsuapi_DsGetDomainControllerInfo(p, torture, &r);
 167 
 168         torture_assert_ntstatus_ok(torture, status, 
 169                         "dcerpc_drsuapi_DsGetDomainControllerInfo with dns domain failed");
 170         torture_assert_werr_ok(torture, r.out.result, 
 171                            "DsGetDomainControllerInfo with dns domain failed");
 172         
 173         {
 174                 const char *dc_account = talloc_asprintf(torture, "%s\\%s$",
 175                                                          torture_join_dom_netbios_name(priv->join), 
 176                                                          priv->dcinfo.netbios_name);
 177                 for (k=0; k < r.out.ctr->ctr01.count; k++) {
 178                         if (strcasecmp_m(r.out.ctr->ctr01.array[k].client_account,
 179                                          dc_account)) {
 180                                 found = true;
 181                                 break;
 182                         }
 183                 }
 184                 torture_assert(torture, found,
 185                         "dcerpc_drsuapi_DsGetDomainControllerInfo level: Failed to find the domain controller in last logon records");
 186         }
 187 
 188 
 189         return true;
 190 }
 191 
 192 static bool test_DsWriteAccountSpn(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, 
     /* [<][>][^][v][top][bottom][index][help] */
 193                                    struct DsPrivate *priv)
 194 {
 195         NTSTATUS status;
 196         struct drsuapi_DsWriteAccountSpn r;
 197         union drsuapi_DsWriteAccountSpnRequest req;
 198         struct drsuapi_DsNameString names[2];
 199         union drsuapi_DsWriteAccountSpnResult res;
 200         int32_t level_out;
 201         bool ret = true;
 202 
 203         r.in.bind_handle                = &priv->bind_handle;
 204         r.in.level                      = 1;
 205         r.in.req                        = &req;
 206 
 207         printf("testing DsWriteAccountSpn\n");
 208 
 209         r.in.req->req1.operation        = DRSUAPI_DS_SPN_OPERATION_ADD;
 210         r.in.req->req1.unknown1 = 0;
 211         r.in.req->req1.object_dn        = priv->dcinfo.computer_dn;
 212         r.in.req->req1.count            = 2;
 213         r.in.req->req1.spn_names        = names;
 214         names[0].str = talloc_asprintf(mem_ctx, "smbtortureSPN/%s",priv->dcinfo.netbios_name);
 215         names[1].str = talloc_asprintf(mem_ctx, "smbtortureSPN/%s",priv->dcinfo.dns_name);
 216 
 217         r.out.res                       = &res;
 218         r.out.level_out                 = &level_out;
 219 
 220         status = dcerpc_drsuapi_DsWriteAccountSpn(p, mem_ctx, &r);
 221         if (!NT_STATUS_IS_OK(status)) {
 222                 const char *errstr = nt_errstr(status);
 223                 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
 224                         errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
 225                 }
 226                 printf("dcerpc_drsuapi_DsWriteAccountSpn failed - %s\n", errstr);
 227                 ret = false;
 228         } else if (!W_ERROR_IS_OK(r.out.result)) {
 229                 printf("DsWriteAccountSpn failed - %s\n", win_errstr(r.out.result));
 230                 ret = false;
 231         }
 232 
 233         r.in.req->req1.operation        = DRSUAPI_DS_SPN_OPERATION_DELETE;
 234         r.in.req->req1.unknown1         = 0;
 235 
 236         status = dcerpc_drsuapi_DsWriteAccountSpn(p, mem_ctx, &r);
 237         if (!NT_STATUS_IS_OK(status)) {
 238                 const char *errstr = nt_errstr(status);
 239                 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
 240                         errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
 241                 }
 242                 printf("dcerpc_drsuapi_DsWriteAccountSpn failed - %s\n", errstr);
 243                 ret = false;
 244         } else if (!W_ERROR_IS_OK(r.out.result)) {
 245                 printf("DsWriteAccountSpn failed - %s\n", win_errstr(r.out.result));
 246                 ret = false;
 247         }
 248 
 249         return ret;
 250 }
 251 
 252 static bool test_DsReplicaGetInfo(struct dcerpc_pipe *p, struct torture_context *tctx,
     /* [<][>][^][v][top][bottom][index][help] */
 253                         struct DsPrivate *priv)
 254 {
 255         NTSTATUS status;
 256         struct drsuapi_DsReplicaGetInfo r;
 257         union drsuapi_DsReplicaGetInfoRequest req;
 258         union drsuapi_DsReplicaInfo info;
 259         enum drsuapi_DsReplicaInfoType info_type;
 260         bool ret = true;
 261         int i;
 262         struct {
 263                 int32_t level;
 264                 int32_t infotype;
 265                 const char *obj_dn;
 266         } array[] = {
 267                 {       
 268                         DRSUAPI_DS_REPLICA_GET_INFO,
 269                         DRSUAPI_DS_REPLICA_INFO_NEIGHBORS,
 270                         NULL
 271                 },{
 272                         DRSUAPI_DS_REPLICA_GET_INFO,
 273                         DRSUAPI_DS_REPLICA_INFO_CURSORS,
 274                         NULL
 275                 },{
 276                         DRSUAPI_DS_REPLICA_GET_INFO,
 277                         DRSUAPI_DS_REPLICA_INFO_OBJ_METADATA,
 278                         NULL
 279                 },{
 280                         DRSUAPI_DS_REPLICA_GET_INFO,
 281                         DRSUAPI_DS_REPLICA_INFO_KCC_DSA_CONNECT_FAILURES,
 282                         NULL
 283                 },{
 284                         DRSUAPI_DS_REPLICA_GET_INFO,
 285                         DRSUAPI_DS_REPLICA_INFO_KCC_DSA_LINK_FAILURES,
 286                         NULL
 287                 },{
 288                         DRSUAPI_DS_REPLICA_GET_INFO,
 289                         DRSUAPI_DS_REPLICA_INFO_PENDING_OPS,
 290                         NULL
 291                 },{
 292                         DRSUAPI_DS_REPLICA_GET_INFO2,
 293                         DRSUAPI_DS_REPLICA_INFO_ATTRIBUTE_VALUE_METADATA,
 294                         NULL
 295                 },{
 296                         DRSUAPI_DS_REPLICA_GET_INFO2,
 297                         DRSUAPI_DS_REPLICA_INFO_CURSORS2,
 298                         NULL
 299                 },{
 300                         DRSUAPI_DS_REPLICA_GET_INFO2,
 301                         DRSUAPI_DS_REPLICA_INFO_CURSORS3,
 302                         NULL
 303                 },{
 304                         DRSUAPI_DS_REPLICA_GET_INFO2,
 305                         DRSUAPI_DS_REPLICA_INFO_OBJ_METADATA2,
 306                         NULL
 307                 },{
 308                         DRSUAPI_DS_REPLICA_GET_INFO2,
 309                         DRSUAPI_DS_REPLICA_INFO_ATTRIBUTE_VALUE_METADATA2,
 310                         NULL
 311                 },{
 312                         DRSUAPI_DS_REPLICA_GET_INFO2,
 313                         DRSUAPI_DS_REPLICA_INFO_NEIGHBORS02,
 314                         NULL
 315                 },{
 316                         DRSUAPI_DS_REPLICA_GET_INFO2,
 317                         DRSUAPI_DS_REPLICA_INFO_CONNECTIONS04,
 318                         "__IGNORED__"
 319                 },{
 320                         DRSUAPI_DS_REPLICA_GET_INFO2,
 321                         DRSUAPI_DS_REPLICA_INFO_CURSORS05,
 322                         NULL
 323                 },{
 324                         DRSUAPI_DS_REPLICA_GET_INFO2,
 325                         DRSUAPI_DS_REPLICA_INFO_06,
 326                         NULL
 327                 }
 328         };
 329 
 330         if (torture_setting_bool(tctx, "samba4", false)) {
 331                 printf("skipping DsReplicaGetInfo test against Samba4\n");
 332                 return true;
 333         }
 334 
 335         r.in.bind_handle        = &priv->bind_handle;
 336         r.in.req                = &req;
 337 
 338         for (i=0; i < ARRAY_SIZE(array); i++) {
 339                 const char *object_dn;
 340 
 341                 printf("testing DsReplicaGetInfo level %d infotype %d\n",
 342                         array[i].level, array[i].infotype);
 343 
 344                 object_dn = (array[i].obj_dn ? array[i].obj_dn : priv->domain_obj_dn);
 345 
 346                 r.in.level = array[i].level;
 347                 switch(r.in.level) {
 348                 case DRSUAPI_DS_REPLICA_GET_INFO:
 349                         r.in.req->req1.info_type        = array[i].infotype;
 350                         r.in.req->req1.object_dn        = object_dn;
 351                         ZERO_STRUCT(r.in.req->req1.guid1);
 352                         break;
 353                 case DRSUAPI_DS_REPLICA_GET_INFO2:
 354                         r.in.req->req2.info_type        = array[i].infotype;
 355                         r.in.req->req2.object_dn        = object_dn;
 356                         ZERO_STRUCT(r.in.req->req2.guid1);
 357                         r.in.req->req2.unknown1 = 0;
 358                         r.in.req->req2.string1  = NULL;
 359                         r.in.req->req2.string2  = NULL;
 360                         r.in.req->req2.unknown2 = 0;
 361                         break;
 362                 }
 363 
 364                 r.out.info              = &info;
 365                 r.out.info_type         = &info_type;
 366 
 367                 status = dcerpc_drsuapi_DsReplicaGetInfo(p, tctx, &r);
 368                 if (!NT_STATUS_IS_OK(status)) {
 369                         const char *errstr = nt_errstr(status);
 370                         if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
 371                                 errstr = dcerpc_errstr(tctx, p->last_fault_code);
 372                         }
 373                         if (p->last_fault_code != DCERPC_FAULT_INVALID_TAG) {
 374                                 printf("dcerpc_drsuapi_DsReplicaGetInfo failed - %s\n", errstr);
 375                                 ret = false;
 376                         } else {
 377                                 printf("DsReplicaGetInfo level %d and/or infotype %d not supported by server\n",
 378                                         array[i].level, array[i].infotype);
 379                         }
 380                 } else if (!W_ERROR_IS_OK(r.out.result)) {
 381                         printf("DsReplicaGetInfo failed - %s\n", win_errstr(r.out.result));
 382                         ret = false;
 383                 }
 384         }
 385 
 386         return ret;
 387 }
 388 
 389 static bool test_DsReplicaSync(struct dcerpc_pipe *p, struct torture_context *tctx,
     /* [<][>][^][v][top][bottom][index][help] */
 390                         struct DsPrivate *priv)
 391 {
 392         NTSTATUS status;
 393         bool ret = true;
 394         int i;
 395         struct drsuapi_DsReplicaSync r;
 396         struct drsuapi_DsReplicaObjectIdentifier nc;
 397         struct GUID null_guid;
 398         struct dom_sid null_sid;
 399         struct {
 400                 int32_t level;
 401         } array[] = {
 402                 {       
 403                         1
 404                 }
 405         };
 406 
 407         if (!torture_setting_bool(tctx, "dangerous", false)) {
 408                 printf("DsReplicaSync disabled - enable dangerous tests to use\n");
 409                 return true;
 410         }
 411 
 412         if (torture_setting_bool(tctx, "samba4", false)) {
 413                 printf("skipping DsReplicaSync test against Samba4\n");
 414                 return true;
 415         }
 416 
 417         ZERO_STRUCT(null_guid);
 418         ZERO_STRUCT(null_sid);
 419 
 420         r.in.bind_handle        = &priv->bind_handle;
 421 
 422         for (i=0; i < ARRAY_SIZE(array); i++) {
 423                 printf("testing DsReplicaSync level %d\n",
 424                         array[i].level);
 425 
 426                 r.in.level = array[i].level;
 427                 switch(r.in.level) {
 428                 case 1:
 429                         nc.guid                                 = null_guid;
 430                         nc.sid                                  = null_sid;
 431                         nc.dn                                   = priv->domain_obj_dn?priv->domain_obj_dn:"";
 432 
 433                         r.in.req.req1.naming_context            = &nc;
 434                         r.in.req.req1.source_dsa_guid           = priv->dcinfo.ntds_guid;
 435                         r.in.req.req1.other_info                = NULL;
 436                         r.in.req.req1.options                   = 16;
 437                         break;
 438                 }
 439 
 440                 status = dcerpc_drsuapi_DsReplicaSync(p, tctx, &r);
 441                 if (!NT_STATUS_IS_OK(status)) {
 442                         const char *errstr = nt_errstr(status);
 443                         if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
 444                                 errstr = dcerpc_errstr(tctx, p->last_fault_code);
 445                         }
 446                         printf("dcerpc_drsuapi_DsReplicaSync failed - %s\n", errstr);
 447                         ret = false;
 448                 } else if (!W_ERROR_IS_OK(r.out.result)) {
 449                         printf("DsReplicaSync failed - %s\n", win_errstr(r.out.result));
 450                         ret = false;
 451                 }
 452         }
 453 
 454         return ret;
 455 }
 456 
 457 static bool test_DsReplicaUpdateRefs(struct dcerpc_pipe *p, struct torture_context *tctx,
     /* [<][>][^][v][top][bottom][index][help] */
 458                         struct DsPrivate *priv)
 459 {
 460         NTSTATUS status;
 461         bool ret = true;
 462         int i;
 463         struct drsuapi_DsReplicaUpdateRefs r;
 464         struct drsuapi_DsReplicaObjectIdentifier nc;
 465         struct GUID null_guid;
 466         struct dom_sid null_sid;
 467         struct {
 468                 int32_t level;
 469         } array[] = {
 470                 {       
 471                         1
 472                 }
 473         };
 474 
 475         if (torture_setting_bool(tctx, "samba4", false)) {
 476                 printf("skipping DsReplicaUpdateRefs test against Samba4\n");
 477                 return true;
 478         }
 479 
 480         ZERO_STRUCT(null_guid);
 481         ZERO_STRUCT(null_sid);
 482 
 483         r.in.bind_handle        = &priv->bind_handle;
 484 
 485         for (i=0; i < ARRAY_SIZE(array); i++) {
 486                 printf("testing DsReplicaUpdateRefs level %d\n",
 487                         array[i].level);
 488 
 489                 r.in.level = array[i].level;
 490                 switch(r.in.level) {
 491                 case 1:
 492                         nc.guid                         = null_guid;
 493                         nc.sid                          = null_sid;
 494                         nc.dn                           = priv->domain_obj_dn?priv->domain_obj_dn:"";
 495 
 496                         r.in.req.req1.naming_context    = &nc;
 497                         r.in.req.req1.dest_dsa_dns_name = talloc_asprintf(tctx, "__some_dest_dsa_guid_string._msdn.%s",
 498                                                                                 priv->domain_dns_name);
 499                         r.in.req.req1.dest_dsa_guid     = null_guid;
 500                         r.in.req.req1.options           = 0;
 501                         break;
 502                 }
 503 
 504                 status = dcerpc_drsuapi_DsReplicaUpdateRefs(p, tctx, &r);
 505                 if (!NT_STATUS_IS_OK(status)) {
 506                         const char *errstr = nt_errstr(status);
 507                         if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
 508                                 errstr = dcerpc_errstr(tctx, p->last_fault_code);
 509                         }
 510                         printf("dcerpc_drsuapi_DsReplicaUpdateRefs failed - %s\n", errstr);
 511                         ret = false;
 512                 } else if (!W_ERROR_IS_OK(r.out.result)) {
 513                         printf("DsReplicaUpdateRefs failed - %s\n", win_errstr(r.out.result));
 514                         ret = false;
 515                 }
 516         }
 517 
 518         return ret;
 519 }
 520 
 521 static bool test_DsGetNCChanges(struct dcerpc_pipe *p, struct torture_context *tctx, 
     /* [<][>][^][v][top][bottom][index][help] */
 522                         struct DsPrivate *priv)
 523 {
 524         NTSTATUS status;
 525         bool ret = true;
 526         int i;
 527         struct drsuapi_DsGetNCChanges r;
 528         union drsuapi_DsGetNCChangesRequest req;
 529         union drsuapi_DsGetNCChangesCtr ctr;
 530         struct drsuapi_DsReplicaObjectIdentifier nc;
 531         struct GUID null_guid;
 532         struct dom_sid null_sid;
 533         int32_t level_out;
 534         struct {
 535                 int32_t level;
 536         } array[] = {
 537                 {       
 538                         5
 539                 },
 540                 {       
 541                         8
 542                 }
 543         };
 544 
 545         if (torture_setting_bool(tctx, "samba4", false)) {
 546                 printf("skipping DsGetNCChanges test against Samba4\n");
 547                 return true;
 548         }
 549 
 550         ZERO_STRUCT(null_guid);
 551         ZERO_STRUCT(null_sid);
 552 
 553         for (i=0; i < ARRAY_SIZE(array); i++) {
 554                 printf("testing DsGetNCChanges level %d\n",
 555                         array[i].level);
 556 
 557                 r.in.bind_handle        = &priv->bind_handle;
 558                 r.in.level              = array[i].level;
 559                 r.out.level_out         = &level_out;
 560                 r.out.ctr               = &ctr;
 561 
 562                 switch (r.in.level) {
 563                 case 5:
 564                         nc.guid = null_guid;
 565                         nc.sid  = null_sid;
 566                         nc.dn   = priv->domain_obj_dn?priv->domain_obj_dn:"";
 567 
 568                         r.in.req                                        = &req;
 569                         r.in.req->req5.destination_dsa_guid             = GUID_random();
 570                         r.in.req->req5.source_dsa_invocation_id         = null_guid;
 571                         r.in.req->req5.naming_context                   = &nc;
 572                         r.in.req->req5.highwatermark.tmp_highest_usn    = 0;
 573                         r.in.req->req5.highwatermark.reserved_usn       = 0;
 574                         r.in.req->req5.highwatermark.highest_usn        = 0;
 575                         r.in.req->req5.uptodateness_vector              = NULL;
 576                         r.in.req->req5.replica_flags                    = 0;
 577                         if (lp_parm_bool(tctx->lp_ctx, NULL, "drsuapi","compression", false)) {
 578                                 r.in.req->req5.replica_flags            |= DRSUAPI_DS_REPLICA_NEIGHBOUR_COMPRESS_CHANGES;
 579                         }
 580                         r.in.req->req5.max_object_count                 = 0;
 581                         r.in.req->req5.max_ndr_size                     = 0;
 582                         r.in.req->req5.extended_op                      = DRSUAPI_EXOP_NONE;
 583                         r.in.req->req5.fsmo_info                        = 0;
 584 
 585                         break;
 586                 case 8:
 587                         nc.guid = null_guid;
 588                         nc.sid  = null_sid;
 589                         nc.dn   = priv->domain_obj_dn?priv->domain_obj_dn:"";
 590 
 591                         r.in.req                                        = &req;
 592                         r.in.req->req8.destination_dsa_guid             = GUID_random();
 593                         r.in.req->req8.source_dsa_invocation_id         = null_guid;
 594                         r.in.req->req8.naming_context                   = &nc;
 595                         r.in.req->req8.highwatermark.tmp_highest_usn    = 0;
 596                         r.in.req->req8.highwatermark.reserved_usn       = 0;
 597                         r.in.req->req8.highwatermark.highest_usn        = 0;
 598                         r.in.req->req8.uptodateness_vector              = NULL;
 599                         r.in.req->req8.replica_flags                    = 0;
 600                         if (lp_parm_bool(tctx->lp_ctx, NULL, "drsuapi", "compression", false)) {
 601                                 r.in.req->req8.replica_flags            |= DRSUAPI_DS_REPLICA_NEIGHBOUR_COMPRESS_CHANGES;
 602                         }
 603                         if (lp_parm_bool(tctx->lp_ctx, NULL, "drsuapi", "neighbour_writeable", true)) {
 604                                 r.in.req->req8.replica_flags            |= DRSUAPI_DS_REPLICA_NEIGHBOUR_WRITEABLE;
 605                         }
 606                         r.in.req->req8.replica_flags                    |= DRSUAPI_DS_REPLICA_NEIGHBOUR_SYNC_ON_STARTUP
 607                                                                         | DRSUAPI_DS_REPLICA_NEIGHBOUR_DO_SCHEDULED_SYNCS
 608                                                                         | DRSUAPI_DS_REPLICA_NEIGHBOUR_RETURN_OBJECT_PARENTS
 609                                                                         | DRSUAPI_DS_REPLICA_NEIGHBOUR_NEVER_SYNCED
 610                                                                         ;
 611                         r.in.req->req8.max_object_count                 = 402;
 612                         r.in.req->req8.max_ndr_size                     = 402116;
 613                         r.in.req->req8.extended_op                      = DRSUAPI_EXOP_NONE;
 614                         r.in.req->req8.fsmo_info                        = 0;
 615                         r.in.req->req8.partial_attribute_set            = NULL;
 616                         r.in.req->req8.partial_attribute_set_ex         = NULL;
 617                         r.in.req->req8.mapping_ctr.num_mappings         = 0;
 618                         r.in.req->req8.mapping_ctr.mappings             = NULL;
 619 
 620                         break;
 621                 }
 622 
 623                 status = dcerpc_drsuapi_DsGetNCChanges(p, tctx, &r);
 624                 if (!NT_STATUS_IS_OK(status)) {
 625                         const char *errstr = nt_errstr(status);
 626                         if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
 627                                 errstr = dcerpc_errstr(tctx, p->last_fault_code);
 628                         }
 629                         printf("dcerpc_drsuapi_DsGetNCChanges failed - %s\n", errstr);
 630                         ret = false;
 631                 } else if (!W_ERROR_IS_OK(r.out.result)) {
 632                         printf("DsGetNCChanges failed - %s\n", win_errstr(r.out.result));
 633                         ret = false;
 634                 }
 635         }
 636 
 637         return ret;
 638 }
 639 
 640 bool test_QuerySitesByCost(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
     /* [<][>][^][v][top][bottom][index][help] */
 641                            struct DsPrivate *priv)
 642 {
 643         NTSTATUS status;
 644         struct drsuapi_QuerySitesByCost r;
 645         union drsuapi_QuerySitesByCostRequest req;
 646         bool ret = true;
 647 
 648         const char *my_site = "Default-First-Site-Name";
 649         const char *remote_site1 = "smbtorture-nonexisting-site1";
 650         const char *remote_site2 = "smbtorture-nonexisting-site2";
 651 
 652         req.req1.site_from = talloc_strdup(mem_ctx, my_site);
 653         req.req1.num_req = 2;
 654         req.req1.site_to = talloc_zero_array(mem_ctx, const char *, 2);
 655         req.req1.site_to[0] = talloc_strdup(mem_ctx, remote_site1);
 656         req.req1.site_to[1] = talloc_strdup(mem_ctx, remote_site2);
 657         req.req1.flags = 0;
 658 
 659         r.in.bind_handle = &priv->bind_handle;
 660         r.in.level = 1;
 661         r.in.req = &req;
 662 
 663         status = dcerpc_drsuapi_QuerySitesByCost(p, mem_ctx, &r);
 664         if (!NT_STATUS_IS_OK(status)) {
 665                 const char *errstr = nt_errstr(status);
 666                 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
 667                         errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
 668                 }
 669                 printf("drsuapi_QuerySitesByCost - %s\n", errstr);
 670                 ret = false;
 671         } else if (!W_ERROR_IS_OK(r.out.result)) {
 672                 printf("QuerySitesByCost failed - %s\n", win_errstr(r.out.result));
 673                 ret = false;
 674         }
 675 
 676         if (W_ERROR_IS_OK(r.out.result)) {
 677 
 678                 if (!W_ERROR_EQUAL(r.out.ctr->ctr1.info[0].error_code, WERR_DS_OBJ_NOT_FOUND) ||
 679                     !W_ERROR_EQUAL(r.out.ctr->ctr1.info[1].error_code, WERR_DS_OBJ_NOT_FOUND)) {
 680                         printf("expected error_code WERR_DS_OBJ_NOT_FOUND, got %s\n", 
 681                                 win_errstr(r.out.ctr->ctr1.info[0].error_code));
 682                         ret = false;
 683                 }
 684 
 685                 if ((r.out.ctr->ctr1.info[0].site_cost != (uint32_t) -1) ||
 686                     (r.out.ctr->ctr1.info[1].site_cost != (uint32_t) -1)) {
 687                         printf("expected site_cost %d, got %d\n", 
 688                                 (uint32_t) -1, r.out.ctr->ctr1.info[0].site_cost);
 689                         ret = false;
 690                 }
 691         }
 692 
 693         return ret;
 694 
 695 
 696 }
 697 
 698 bool test_DsUnbind(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, 
     /* [<][>][^][v][top][bottom][index][help] */
 699                    struct DsPrivate *priv)
 700 {
 701         NTSTATUS status;
 702         struct drsuapi_DsUnbind r;
 703         bool ret = true;
 704 
 705         r.in.bind_handle = &priv->bind_handle;
 706         r.out.bind_handle = &priv->bind_handle;
 707 
 708         printf("testing DsUnbind\n");
 709 
 710         status = dcerpc_drsuapi_DsUnbind(p, mem_ctx, &r);
 711         if (!NT_STATUS_IS_OK(status)) {
 712                 const char *errstr = nt_errstr(status);
 713                 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
 714                         errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
 715                 }
 716                 printf("dcerpc_drsuapi_DsUnbind failed - %s\n", errstr);
 717                 ret = false;
 718         } else if (!W_ERROR_IS_OK(r.out.result)) {
 719                 printf("DsBind failed - %s\n", win_errstr(r.out.result));
 720                 ret = false;
 721         }
 722 
 723         return ret;
 724 }
 725 
 726 bool torture_rpc_drsuapi(struct torture_context *torture)
     /* [<][>][^][v][top][bottom][index][help] */
 727 {
 728         NTSTATUS status;
 729         struct dcerpc_pipe *p;
 730         bool ret = true;
 731         struct DsPrivate priv;
 732         struct cli_credentials *machine_credentials;
 733 
 734         ZERO_STRUCT(priv);
 735 
 736         priv.join = torture_join_domain(torture, TEST_MACHINE_NAME, ACB_SVRTRUST, 
 737                                        &machine_credentials);
 738         if (!priv.join) {
 739                 torture_fail(torture, "Failed to join as BDC");
 740         }
 741 
 742         status = torture_rpc_connection(torture, 
 743                                         &p, 
 744                                         &ndr_table_drsuapi);
 745         if (!NT_STATUS_IS_OK(status)) {
 746                 torture_leave_domain(torture, priv.join);
 747                 torture_fail(torture, "Unable to connect to DRSUAPI pipe");
 748         }
 749 
 750         ret &= test_DsBind(p, torture, &priv);
 751 #if 0
 752         ret &= test_QuerySitesByCost(p, torture, &priv);
 753 #endif
 754         ret &= test_DsGetDomainControllerInfo(p, torture, &priv);
 755 
 756         ret &= test_DsCrackNames(torture, p, torture, &priv);
 757 
 758         ret &= test_DsWriteAccountSpn(p, torture, &priv);
 759 
 760         ret &= test_DsReplicaGetInfo(p, torture, &priv);
 761 
 762         ret &= test_DsReplicaSync(p, torture, &priv);
 763 
 764         ret &= test_DsReplicaUpdateRefs(p, torture, &priv);
 765 
 766         ret &= test_DsGetNCChanges(p, torture, &priv);
 767 
 768         ret &= test_DsUnbind(p, torture, &priv);
 769 
 770         torture_leave_domain(torture, priv.join);
 771 
 772         return ret;
 773 }
 774 
 775 
 776 bool torture_rpc_drsuapi_cracknames(struct torture_context *torture)
     /* [<][>][^][v][top][bottom][index][help] */
 777 {
 778         NTSTATUS status;
 779         struct dcerpc_pipe *p;
 780         bool ret = true;
 781         struct DsPrivate priv;
 782         struct cli_credentials *machine_credentials;
 783 
 784         torture_comment(torture, "Connected to DRSUAPI pipe\n");
 785 
 786         ZERO_STRUCT(priv);
 787 
 788         priv.join = torture_join_domain(torture, TEST_MACHINE_NAME, ACB_SVRTRUST, 
 789                                        &machine_credentials);
 790         if (!priv.join) {
 791                 torture_fail(torture, "Failed to join as BDC\n");
 792         }
 793 
 794         status = torture_rpc_connection(torture, 
 795                                         &p, 
 796                                         &ndr_table_drsuapi);
 797         if (!NT_STATUS_IS_OK(status)) {
 798                 torture_leave_domain(torture, priv.join);
 799                 torture_fail(torture, "Unable to connect to DRSUAPI pipe");
 800         }
 801 
 802         ret &= test_DsBind(p, torture, &priv);
 803 
 804         if (ret) {
 805                 /* We don't care if this fails, we just need some info from it */
 806                 test_DsGetDomainControllerInfo(p, torture, &priv);
 807                 
 808                 ret &= test_DsCrackNames(torture, p, torture, &priv);
 809                 
 810                 ret &= test_DsUnbind(p, torture, &priv);
 811         }
 812 
 813         torture_leave_domain(torture, priv.join);
 814 
 815         return ret;
 816 }
 817 

/* [<][>][^][v][top][bottom][index][help] */