svn commit: samba r4597 - in branches/SAMBA_4_0/source/torture/rpc: .

vlendec at samba.org vlendec at samba.org
Fri Jan 7 18:13:54 GMT 2005 

Author: vlendec
Date: 2005-01-07 18:13:53 +0000 (Fri, 07 Jan 2005)
New Revision: 4597

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=4597

Log:
Recently I've come across a case where I suspect the GetAnyDCName request to
kill the domain controller I'm asking. In samba4 torturing the DC is just so
easy, commit the test to randomized ask for DCs for all trusted domains.

Volker

Modified:
   branches/SAMBA_4_0/source/torture/rpc/netlogon.c


Changeset:
Modified: branches/SAMBA_4_0/source/torture/rpc/netlogon.c
===================================================================
--- branches/SAMBA_4_0/source/torture/rpc/netlogon.c	2005-01-07 06:59:53 UTC (rev 4596)
+++ branches/SAMBA_4_0/source/torture/rpc/netlogon.c	2005-01-07 18:13:53 UTC (rev 4597)
@@ -1091,7 +1091,100 @@
 	return (*async_counter) == ASYNC_COUNT;
 }
 
+static BOOL test_ManyGetDCName(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
+{
+	NTSTATUS status;
+	struct dcerpc_pipe *p2;
+	struct lsa_ObjectAttribute attr;
+	struct lsa_QosInfo qos;
+	struct lsa_OpenPolicy2 o;
+	struct policy_handle lsa_handle;
+	struct lsa_DomainList domains;
 
+	struct lsa_EnumTrustDom t;
+	uint32_t resume_handle = 0;
+	struct netr_GetAnyDCName d;
+
+	int i;
+	BOOL ret = True;
+
+	if (p->transport.transport != NCACN_NP) {
+		return True;
+	}
+
+	printf("Torturing GetDCName\n");
+
+	status = dcerpc_secondary_connection(p, &p2, 
+					     DCERPC_LSARPC_NAME, 
+					     DCERPC_LSARPC_UUID, 
+					     DCERPC_LSARPC_VERSION);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("Failed to create secondary connection\n");
+		return False;
+	}
+
+	qos.len = 0;
+	qos.impersonation_level = 2;
+	qos.context_mode = 1;
+	qos.effective_only = 0;
+
+	attr.len = 0;
+	attr.root_dir = NULL;
+	attr.object_name = NULL;
+	attr.attributes = 0;
+	attr.sec_desc = NULL;
+	attr.sec_qos = &qos;
+
+	o.in.system_name = "\\";
+	o.in.attr = &attr;
+	o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	o.out.handle = &lsa_handle;
+
+	status = dcerpc_lsa_OpenPolicy2(p2, mem_ctx, &o);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("OpenPolicy2 failed - %s\n", nt_errstr(status));
+		return False;
+	}
+
+	t.in.handle = &lsa_handle;
+	t.in.resume_handle = &resume_handle;
+	t.in.num_entries = 1000;
+	t.out.domains = &domains;
+	t.out.resume_handle = &resume_handle;
+
+	status = dcerpc_lsa_EnumTrustDom(p2, mem_ctx, &t);
+
+	if ((!NT_STATUS_IS_OK(status) &&
+	     (!NT_STATUS_EQUAL(status, NT_STATUS_NO_MORE_ENTRIES)))) {
+		printf("Could not list domains\n");
+		return False;
+	}
+
+	dcerpc_pipe_close(p2);
+
+	d.in.logon_server = talloc_asprintf(mem_ctx, "\\\\%s",
+					    dcerpc_server_name(p));
+
+	for (i=0; i<domains.count * 4; i++) {
+		struct lsa_DomainInformation *info =
+			&domains.domains[rand()%domains.count];
+
+		d.in.domainname = info->name.string;
+
+		status = dcerpc_netr_GetAnyDCName(p, mem_ctx, &d);
+		if (!NT_STATUS_IS_OK(status)) {
+			printf("GetAnyDCName - %s\n", nt_errstr(status));
+			continue;
+		}
+
+		printf("\tDC for domain %s is %s\n", info->name.string,
+		       d.out.dcname ? d.out.dcname : "unknown");
+	}
+
+	return ret;
+}
+
+
 BOOL torture_rpc_netlogon(void)
 {
         NTSTATUS status;
@@ -1127,6 +1220,7 @@
 	ret &= test_AccountDeltas(p, mem_ctx);
 	ret &= test_AccountSync(p, mem_ctx);
 	ret &= test_GetDcName(p, mem_ctx);
+	ret &= test_ManyGetDCName(p, mem_ctx);
 	ret &= test_LogonControl(p, mem_ctx);
 	ret &= test_GetAnyDCName(p, mem_ctx);
 	ret &= test_LogonControl2(p, mem_ctx);

More information about the samba-cvs mailing list