Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 :
4 : DRSUapi tests
5 :
6 : Copyright (C) Andrew Tridgell 2003
7 : Copyright (C) Stefan (metze) Metzmacher 2004
8 : Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005-2006
9 :
10 : This program is free software; you can redistribute it and/or modify
11 : it under the terms of the GNU General Public License as published by
12 : the Free Software Foundation; either version 3 of the License, or
13 : (at your option) any later version.
14 :
15 : This program is distributed in the hope that it will be useful,
16 : but WITHOUT ANY WARRANTY; without even the implied warranty of
17 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 : GNU General Public License for more details.
19 :
20 : You should have received a copy of the GNU General Public License
21 : along with this program. If not, see <http://www.gnu.org/licenses/>.
22 : */
23 :
24 : #include "includes.h"
25 : #include "librpc/gen_ndr/ndr_drsuapi_c.h"
26 : #include "torture/rpc/torture_rpc.h"
27 : #include "param/param.h"
28 :
29 : #define TEST_MACHINE_NAME "torturetest"
30 :
31 : /*
32 : * DsBind as sent from W2K8 Client.
33 : * This should work regardless of functional level, and accept
34 : * any info <=48
35 : */
36 5 : bool test_DsBind_w2k8(struct torture_context *tctx,
37 : struct DsPrivate_w2k8 *priv)
38 : {
39 0 : NTSTATUS status;
40 5 : struct dcerpc_pipe *p = priv->drs_pipe;
41 0 : struct drsuapi_DsBind r;
42 0 : struct drsuapi_DsBindInfo48 *bind_info48;
43 0 : struct drsuapi_DsBindInfoCtr bind_info_ctr;
44 :
45 : /* We send info48 */
46 5 : ZERO_STRUCT(bind_info_ctr);
47 5 : bind_info_ctr.length = 48;
48 :
49 5 : bind_info48 = &bind_info_ctr.info.info48;
50 5 : bind_info48->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_BASE;
51 5 : bind_info48->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION;
52 5 : bind_info48->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI;
53 5 : bind_info48->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2;
54 5 : bind_info48->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS;
55 5 : bind_info48->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1;
56 5 : bind_info48->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION;
57 5 : bind_info48->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE;
58 5 : bind_info48->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2;
59 5 : bind_info48->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION;
60 5 : bind_info48->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2;
61 5 : bind_info48->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD;
62 5 : bind_info48->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND;
63 5 : bind_info48->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO;
64 5 : bind_info48->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION;
65 5 : bind_info48->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01;
66 5 : bind_info48->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP;
67 5 : bind_info48->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY;
68 5 : bind_info48->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3;
69 5 : bind_info48->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2;
70 5 : bind_info48->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6;
71 5 : bind_info48->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS;
72 5 : bind_info48->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8;
73 5 : bind_info48->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5;
74 5 : bind_info48->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6;
75 5 : bind_info48->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3;
76 5 : bind_info48->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7;
77 5 : bind_info48->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT;
78 :
79 : /*
80 : * We wish for DRSUAPI_SUPPORTED_EXTENSION_LH_BETA2,
81 : * needed for DsGetDomainControllerInfo level 3
82 : */
83 5 : bind_info48->supported_extensions_ext |= DRSUAPI_SUPPORTED_EXTENSION_LH_BETA2;
84 :
85 5 : GUID_from_string(DRSUAPI_DS_BIND_GUID, &priv->bind_guid);
86 :
87 5 : r.in.bind_guid = &priv->bind_guid;
88 5 : r.in.bind_info = &bind_info_ctr;
89 5 : r.out.bind_handle = &priv->bind_handle;
90 :
91 5 : torture_comment(tctx, "Testing DsBind W2K8\n");
92 :
93 5 : status = dcerpc_drsuapi_DsBind_r(p->binding_handle, tctx, &r);
94 5 : torture_drsuapi_assert_call(tctx, p, status, &r, "dcerpc_drsuapi_DsBind");
95 :
96 3 : torture_assert_not_null(tctx, r.out.bind_info,
97 : "DsBind with info48 results in NULL");
98 :
99 : /* cache server supported extensions, i.e. bind_info */
100 3 : priv->srv_bind_info = *r.out.bind_info;
101 :
102 : /*
103 : * We do not check for length here, because it should be valid to return
104 : * any valid info
105 : */
106 :
107 3 : return true;
108 : }
109 :
110 1 : static bool test_DsGetDomainControllerInfo_w2k8(struct torture_context *tctx,
111 : struct DsPrivate_w2k8 *priv)
112 : {
113 0 : NTSTATUS status;
114 1 : struct dcerpc_pipe *p = priv->drs_pipe;
115 0 : struct drsuapi_DsGetDomainControllerInfo r;
116 0 : union drsuapi_DsGetDCInfoCtr ctr;
117 1 : int32_t level_out = 0;
118 1 : uint32_t supported_extensions_ext = 0;
119 1 : bool found = false;
120 0 : int j, k;
121 :
122 0 : struct {
123 : const char *name;
124 : WERROR expected;
125 2 : } names[] = {
126 : {
127 1 : .name = torture_join_dom_netbios_name(priv->join),
128 : .expected = WERR_OK
129 : },
130 : {
131 1 : .name = torture_join_dom_dns_name(priv->join),
132 : .expected = WERR_OK
133 : },
134 : {
135 : .name = "__UNKNOWN_DOMAIN__",
136 : .expected = WERR_DS_OBJ_NOT_FOUND
137 : },
138 : {
139 : .name = "unknown.domain.samba.example.com",
140 : .expected = WERR_DS_OBJ_NOT_FOUND
141 : },
142 : };
143 :
144 : /* Levels 1 and 2 are tested in standard drsuapi tests */
145 1 : int level = 3;
146 :
147 : /* Do Bind first. */
148 1 : if (!test_DsBind_w2k8(tctx, priv)) {
149 0 : return false;
150 : }
151 :
152 : /*
153 : * We used DsBind_w2k8, so DRSUAPI_SUPPORTED_EXTENSION_LH_BETA2
154 : * should mean support for level 3
155 : */
156 :
157 : /*
158 : * We are looking for an extension found in info32 and later
159 : */
160 1 : switch (priv->srv_bind_info.length) {
161 0 : case 32:
162 0 : supported_extensions_ext = priv->srv_bind_info.info.info32.supported_extensions_ext;
163 0 : break;
164 1 : case 48:
165 1 : supported_extensions_ext = priv->srv_bind_info.info.info48.supported_extensions_ext;
166 1 : break;
167 0 : default:
168 0 : supported_extensions_ext = 0;
169 0 : break;
170 : }
171 :
172 1 : supported_extensions_ext &= DRSUAPI_SUPPORTED_EXTENSION_LH_BETA2;
173 1 : torture_assert(tctx, (supported_extensions_ext > 0),
174 : "Server does not support DRSUAPI_SUPPORTED_EXTENSION_LH_BETA2");
175 :
176 1 : for (j=0; j < ARRAY_SIZE(names); j++) {
177 0 : union drsuapi_DsGetDCInfoRequest req;
178 1 : r.in.bind_handle = &priv->bind_handle;
179 1 : r.in.level = 1;
180 1 : r.in.req = &req;
181 :
182 1 : r.in.req->req1.domain_name = names[j].name;
183 1 : r.in.req->req1.level = level;
184 :
185 1 : r.out.ctr = &ctr;
186 1 : r.out.level_out = &level_out;
187 :
188 1 : torture_comment(tctx,
189 : "Testing DsGetDomainControllerInfo level %d on domainname '%s'\n",
190 1 : r.in.req->req1.level, r.in.req->req1.domain_name);
191 :
192 1 : status = dcerpc_drsuapi_DsGetDomainControllerInfo_r(p->binding_handle, tctx, &r);
193 1 : torture_assert_ntstatus_ok(tctx, status,
194 : "dcerpc_drsuapi_DsGetDomainControllerInfo with dns domain failed");
195 1 : torture_assert_werr_equal(tctx, r.out.result, names[j].expected,
196 : "DsGetDomainControllerInfo level with dns domain failed");
197 :
198 1 : if (!W_ERROR_IS_OK(r.out.result)) {
199 : /* If this was an error, we can't read the result structure */
200 0 : continue;
201 : }
202 :
203 1 : torture_assert_int_equal(tctx, r.in.req->req1.level, *r.out.level_out,
204 : "dcerpc_drsuapi_DsGetDomainControllerInfo in/out level differs");
205 :
206 2 : for (k=0; k < r.out.ctr->ctr3.count; k++) {
207 2 : if (strcasecmp_m(r.out.ctr->ctr3.array[k].netbios_name,
208 : torture_join_netbios_name(priv->join)) == 0) {
209 1 : found = true;
210 1 : priv->dcinfo = r.out.ctr->ctr3.array[k];
211 1 : break;
212 : }
213 : }
214 1 : break;
215 :
216 : torture_assert(tctx, found,
217 : "dcerpc_drsuapi_DsGetDomainControllerInfo: Failed to find the domain controller we just created during the join");
218 : }
219 :
220 1 : return true;
221 : }
222 :
223 :
224 0 : bool test_DsUnbind_w2k8(struct torture_context *tctx,
225 : struct DsPrivate_w2k8 *priv)
226 : {
227 0 : NTSTATUS status;
228 0 : struct dcerpc_pipe *p = priv->drs_pipe;
229 0 : struct drsuapi_DsUnbind r;
230 :
231 0 : r.in.bind_handle = &priv->bind_handle;
232 0 : r.out.bind_handle = &priv->bind_handle;
233 :
234 0 : torture_comment(tctx, "Testing DsUnbind W2K8\n");
235 :
236 0 : status = dcerpc_drsuapi_DsUnbind_r(p->binding_handle, tctx, &r);
237 0 : torture_drsuapi_assert_call(tctx, p, status, &r, "dcerpc_drsuapi_DsUnbind");
238 :
239 0 : return true;
240 : }
241 :
242 : /**
243 : * Common test case setup function to be used
244 : * in DRS suit of test when appropriate
245 : */
246 3 : bool torture_drsuapi_w2k8_tcase_setup_common(struct torture_context *tctx,
247 : struct DsPrivate_w2k8 *priv)
248 : {
249 0 : NTSTATUS status;
250 3 : int rnd = rand() % 1000;
251 3 : char *name = talloc_asprintf(tctx, "%s%d", TEST_MACHINE_NAME, rnd);
252 0 : struct cli_credentials *machine_credentials;
253 :
254 3 : torture_assert(tctx, priv, "Invalid argument");
255 :
256 3 : torture_comment(tctx, "Create DRSUAPI pipe\n");
257 3 : status = torture_rpc_connection(tctx,
258 : &priv->drs_pipe,
259 : &ndr_table_drsuapi);
260 3 : torture_assert(tctx, NT_STATUS_IS_OK(status), "Unable to connect to DRSUAPI pipe");
261 :
262 3 : torture_comment(tctx, "About to join domain with name %s\n", name);
263 3 : priv->join = torture_join_domain(tctx, name, ACB_SVRTRUST,
264 : &machine_credentials);
265 3 : torture_assert(tctx, priv->join, "Failed to join as BDC");
266 :
267 : /*
268 : * After that every test should use DsBind and DsGetDomainControllerInfo
269 : */
270 3 : if (!test_DsBind_w2k8(tctx, priv)) {
271 : /* clean up */
272 2 : torture_drsuapi_w2k8_tcase_teardown_common(tctx, priv);
273 2 : torture_fail(tctx, "Failed execute test_DsBind_w2k8()");
274 : }
275 :
276 :
277 1 : return true;
278 : }
279 :
280 : /**
281 : * Common test case teardown function to be used
282 : * in DRS suit of test when appropriate
283 : */
284 3 : bool torture_drsuapi_w2k8_tcase_teardown_common(struct torture_context *tctx,
285 : struct DsPrivate_w2k8 *priv)
286 : {
287 3 : if (priv->join) {
288 3 : torture_leave_domain(tctx, priv->join);
289 : }
290 :
291 3 : return true;
292 : }
293 :
294 : /**
295 : * Test case setup for DRSUAPI test case
296 : */
297 3 : static bool torture_drsuapi_w2k8_tcase_setup(struct torture_context *tctx, void **data)
298 : {
299 0 : struct DsPrivate_w2k8 *priv;
300 :
301 3 : *data = priv = talloc_zero(tctx, struct DsPrivate_w2k8);
302 :
303 3 : return torture_drsuapi_w2k8_tcase_setup_common(tctx, priv);
304 : }
305 :
306 : /**
307 : * Test case tear-down for DRSUAPI test case
308 : */
309 1 : static bool torture_drsuapi_w2k8_tcase_teardown(struct torture_context *tctx, void *data)
310 : {
311 0 : bool ret;
312 1 : struct DsPrivate_w2k8 *priv = talloc_get_type(data, struct DsPrivate_w2k8);
313 :
314 1 : ret = torture_drsuapi_w2k8_tcase_teardown_common(tctx, priv);
315 :
316 1 : talloc_free(priv);
317 1 : return ret;
318 : }
319 :
320 : /**
321 : * DRSUAPI test case implementation
322 : */
323 2358 : void torture_rpc_drsuapi_w2k8_tcase(struct torture_suite *suite)
324 : {
325 125 : typedef bool (*run_func) (struct torture_context *test, void *tcase_data);
326 :
327 2358 : struct torture_tcase *tcase = torture_suite_add_tcase(suite, "drsuapi_w2k8");
328 :
329 2358 : torture_tcase_set_fixture(tcase, torture_drsuapi_w2k8_tcase_setup,
330 : torture_drsuapi_w2k8_tcase_teardown);
331 :
332 2358 : torture_tcase_add_simple_test(tcase, "DsBind_W2K8", (run_func)test_DsBind_w2k8);
333 2358 : torture_tcase_add_simple_test(tcase, "DsGetDomainControllerInfo_W2K8", (run_func)test_DsGetDomainControllerInfo_w2k8);
334 2358 : }
|