2 Unix SMB/CIFS implementation.
6 Copyright (C) Andrew Tridgell 2003
7 Copyright (C) Stefan (metze) Metzmacher 2004
8 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 2 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program; if not, write to the Free Software
22 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
26 #include "torture/torture.h"
27 #include "librpc/gen_ndr/ndr_drsuapi_c.h"
28 #include "torture/rpc/rpc.h"
29 #include "ldb/include/ldb.h"
30 #include "libcli/security/security.h"
32 static BOOL
test_DsCrackNamesMatrix(struct dcerpc_pipe
*p
, TALLOC_CTX
*mem_ctx
,
33 struct DsPrivate
*priv
, const char *dn
,
34 const char *user_principal_name
, const char *service_principal_name
)
40 struct drsuapi_DsCrackNames r
;
41 enum drsuapi_DsNameFormat formats
[] = {
42 DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
43 DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT
,
44 DRSUAPI_DS_NAME_FORMAT_DISPLAY
,
45 DRSUAPI_DS_NAME_FORMAT_GUID
,
46 DRSUAPI_DS_NAME_FORMAT_CANONICAL
,
47 DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL
,
48 DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX
,
49 DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL
,
50 DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY
,
51 DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN
53 struct drsuapi_DsNameString names
[ARRAY_SIZE(formats
)];
56 const char *n_matrix
[ARRAY_SIZE(formats
)][ARRAY_SIZE(formats
)];
57 const char *n_from
[ARRAY_SIZE(formats
)];
60 r
.in
.bind_handle
= &priv
->bind_handle
;
62 r
.in
.req
.req1
.unknown1
= 0x000004e4;
63 r
.in
.req
.req1
.unknown2
= 0x00000407;
64 r
.in
.req
.req1
.count
= 1;
65 r
.in
.req
.req1
.names
= names
;
66 r
.in
.req
.req1
.format_flags
= DRSUAPI_DS_NAME_FLAG_NO_FLAGS
;
70 for (i
= 0; i
< ARRAY_SIZE(formats
); i
++) {
71 r
.in
.req
.req1
.format_offered
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
;
72 r
.in
.req
.req1
.format_desired
= formats
[i
];
74 printf("testing DsCrackNames (matrix prep) with name '%s' from format: %d desired format:%d ",
75 names
[0].str
, r
.in
.req
.req1
.format_offered
, r
.in
.req
.req1
.format_desired
);
77 status
= dcerpc_drsuapi_DsCrackNames(p
, mem_ctx
, &r
);
78 if (!NT_STATUS_IS_OK(status
)) {
79 const char *errstr
= nt_errstr(status
);
80 if (NT_STATUS_EQUAL(status
, NT_STATUS_NET_WRITE_FAULT
)) {
81 errstr
= dcerpc_errstr(mem_ctx
, p
->last_fault_code
);
83 printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr
);
85 } else if (!W_ERROR_IS_OK(r
.out
.result
)) {
86 printf("DsCrackNames failed - %s\n", win_errstr(r
.out
.result
));
94 case DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL
:
95 if (r
.out
.ctr
.ctr1
->array
[0].status
!= DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
) {
96 printf(__location__
": Unexpected error (%d): This name lookup should fail\n",
97 r
.out
.ctr
.ctr1
->array
[0].status
);
100 printf ("(expected) error\n");
102 case DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL
:
103 if (r
.out
.ctr
.ctr1
->array
[0].status
!= DRSUAPI_DS_NAME_STATUS_NO_MAPPING
) {
104 printf(__location__
": Unexpected error (%d): This name lookup should fail\n",
105 r
.out
.ctr
.ctr1
->array
[0].status
);
108 printf ("(expected) error\n");
110 case DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN
:
111 case DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY
:
112 if (r
.out
.ctr
.ctr1
->array
[0].status
!= DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR
) {
113 printf(__location__
": Unexpected error (%d): This name lookup should fail\n",
114 r
.out
.ctr
.ctr1
->array
[0].status
);
117 printf ("(expected) error\n");
120 if (r
.out
.ctr
.ctr1
->array
[0].status
!= DRSUAPI_DS_NAME_STATUS_OK
) {
121 printf("Error: %d\n", r
.out
.ctr
.ctr1
->array
[0].status
);
126 switch (formats
[i
]) {
127 case DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL
:
128 n_from
[i
] = user_principal_name
;
130 case DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL
:
131 n_from
[i
] = service_principal_name
;
133 case DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY
:
134 case DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN
:
138 n_from
[i
] = r
.out
.ctr
.ctr1
->array
[0].result_name
;
139 printf("%s\n", n_from
[i
]);
143 for (i
= 0; i
< ARRAY_SIZE(formats
); i
++) {
144 for (j
= 0; j
< ARRAY_SIZE(formats
); j
++) {
145 r
.in
.req
.req1
.format_offered
= formats
[i
];
146 r
.in
.req
.req1
.format_desired
= formats
[j
];
148 n_matrix
[i
][j
] = NULL
;
151 names
[0].str
= n_from
[i
];
152 status
= dcerpc_drsuapi_DsCrackNames(p
, mem_ctx
, &r
);
153 if (!NT_STATUS_IS_OK(status
)) {
154 const char *errstr
= nt_errstr(status
);
155 if (NT_STATUS_EQUAL(status
, NT_STATUS_NET_WRITE_FAULT
)) {
156 errstr
= dcerpc_errstr(mem_ctx
, p
->last_fault_code
);
158 printf("testing DsCrackNames (matrix) with name '%s' from format: %d desired format:%d failed - %s",
159 names
[0].str
, r
.in
.req
.req1
.format_offered
, r
.in
.req
.req1
.format_desired
, errstr
);
161 } else if (!W_ERROR_IS_OK(r
.out
.result
)) {
162 printf("testing DsCrackNames (matrix) with name '%s' from format: %d desired format:%d failed - %s",
163 names
[0].str
, r
.in
.req
.req1
.format_offered
, r
.in
.req
.req1
.format_desired
,
164 win_errstr(r
.out
.result
));
171 if (r
.out
.ctr
.ctr1
->array
[0].status
== DRSUAPI_DS_NAME_STATUS_OK
) {
172 n_matrix
[i
][j
] = r
.out
.ctr
.ctr1
->array
[0].result_name
;
174 n_matrix
[i
][j
] = NULL
;
179 for (i
= 0; i
< ARRAY_SIZE(formats
); i
++) {
180 for (j
= 0; j
< ARRAY_SIZE(formats
); j
++) {
181 if (n_matrix
[i
][j
] == n_from
[j
]) {
183 /* We don't have a from name for these yet (and we can't map to them to find it out) */
184 } else if (n_matrix
[i
][j
] == NULL
&& n_from
[i
] == NULL
) {
186 /* we can't map to these two */
187 } else if (n_matrix
[i
][j
] == NULL
&& formats
[j
] == DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL
) {
188 } else if (n_matrix
[i
][j
] == NULL
&& formats
[j
] == DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL
) {
189 } else if (n_matrix
[i
][j
] == NULL
&& n_from
[j
] != NULL
) {
190 printf("dcerpc_drsuapi_DsCrackNames mismatch - from %d to %d: %s should be %s\n", formats
[i
], formats
[j
], n_matrix
[i
][j
], n_from
[j
]);
192 } else if (n_matrix
[i
][j
] != NULL
&& n_from
[j
] == NULL
) {
193 printf("dcerpc_drsuapi_DsCrackNames mismatch - from %d to %d: %s should be %s\n", formats
[i
], formats
[j
], n_matrix
[i
][j
], n_from
[j
]);
195 } else if (strcmp(n_matrix
[i
][j
], n_from
[j
]) != 0) {
196 printf("dcerpc_drsuapi_DsCrackNames mismatch - from %d to %d: %s should be %s\n", formats
[i
], formats
[j
], n_matrix
[i
][j
], n_from
[j
]);
204 BOOL
test_DsCrackNames(struct dcerpc_pipe
*p
, TALLOC_CTX
*mem_ctx
,
205 struct DsPrivate
*priv
)
208 struct drsuapi_DsCrackNames r
;
209 struct drsuapi_DsNameString names
[1];
211 const char *dns_domain
;
212 const char *nt4_domain
;
213 const char *FQDN_1779_name
;
214 struct ldb_context
*ldb
;
215 struct ldb_dn
*FQDN_1779_dn
;
216 struct ldb_dn
*realm_dn
;
217 const char *realm_dn_str
;
218 const char *realm_canonical
;
219 const char *realm_canonical_ex
;
220 const char *user_principal_name
;
221 char *user_principal_name_short
;
222 const char *service_principal_name
;
223 const char *canonical_name
;
224 const char *canonical_ex_name
;
226 const char *test_dc
= torture_join_netbios_name(priv
->join
);
229 r
.in
.bind_handle
= &priv
->bind_handle
;
231 r
.in
.req
.req1
.unknown1
= 0x000004e4;
232 r
.in
.req
.req1
.unknown2
= 0x00000407;
233 r
.in
.req
.req1
.count
= 1;
234 r
.in
.req
.req1
.names
= names
;
235 r
.in
.req
.req1
.format_flags
= DRSUAPI_DS_NAME_FLAG_NO_FLAGS
;
237 r
.in
.req
.req1
.format_offered
= DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY
;
238 r
.in
.req
.req1
.format_desired
= DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT
;
240 dom_sid
= dom_sid_string(mem_ctx
, torture_join_sid(priv
->join
));
242 names
[0].str
= dom_sid
;
244 printf("testing DsCrackNames with name '%s' desired format:%d\n",
245 names
[0].str
, r
.in
.req
.req1
.format_desired
);
247 status
= dcerpc_drsuapi_DsCrackNames(p
, mem_ctx
, &r
);
248 if (!NT_STATUS_IS_OK(status
)) {
249 const char *errstr
= nt_errstr(status
);
250 if (NT_STATUS_EQUAL(status
, NT_STATUS_NET_WRITE_FAULT
)) {
251 errstr
= dcerpc_errstr(mem_ctx
, p
->last_fault_code
);
253 printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr
);
255 } else if (!W_ERROR_IS_OK(r
.out
.result
)) {
256 printf("DsCrackNames failed - %s\n", win_errstr(r
.out
.result
));
258 } else if (r
.out
.ctr
.ctr1
->array
[0].status
!= DRSUAPI_DS_NAME_STATUS_OK
) {
259 printf("DsCrackNames failed on name - %d\n", r
.out
.ctr
.ctr1
->array
[0].status
);
267 dns_domain
= r
.out
.ctr
.ctr1
->array
[0].dns_domain_name
;
268 nt4_domain
= r
.out
.ctr
.ctr1
->array
[0].result_name
;
270 r
.in
.req
.req1
.format_desired
= DRSUAPI_DS_NAME_FORMAT_GUID
;
272 printf("testing DsCrackNames with name '%s' desired format:%d\n",
273 names
[0].str
, r
.in
.req
.req1
.format_desired
);
275 status
= dcerpc_drsuapi_DsCrackNames(p
, mem_ctx
, &r
);
276 if (!NT_STATUS_IS_OK(status
)) {
277 const char *errstr
= nt_errstr(status
);
278 if (NT_STATUS_EQUAL(status
, NT_STATUS_NET_WRITE_FAULT
)) {
279 errstr
= dcerpc_errstr(mem_ctx
, p
->last_fault_code
);
281 printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr
);
283 } else if (!W_ERROR_IS_OK(r
.out
.result
)) {
284 printf("DsCrackNames failed - %s\n", win_errstr(r
.out
.result
));
286 } else if (r
.out
.ctr
.ctr1
->array
[0].status
!= DRSUAPI_DS_NAME_STATUS_OK
) {
287 printf("DsCrackNames failed on name - %d\n", r
.out
.ctr
.ctr1
->array
[0].status
);
295 priv
->domain_dns_name
= r
.out
.ctr
.ctr1
->array
[0].dns_domain_name
;
296 priv
->domain_guid_str
= r
.out
.ctr
.ctr1
->array
[0].result_name
;
297 GUID_from_string(priv
->domain_guid_str
, &priv
->domain_guid
);
299 r
.in
.req
.req1
.format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
;
301 printf("testing DsCrackNames with name '%s' desired format:%d\n",
302 names
[0].str
, r
.in
.req
.req1
.format_desired
);
304 status
= dcerpc_drsuapi_DsCrackNames(p
, mem_ctx
, &r
);
305 if (!NT_STATUS_IS_OK(status
)) {
306 const char *errstr
= nt_errstr(status
);
307 if (NT_STATUS_EQUAL(status
, NT_STATUS_NET_WRITE_FAULT
)) {
308 errstr
= dcerpc_errstr(mem_ctx
, p
->last_fault_code
);
310 printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr
);
312 } else if (!W_ERROR_IS_OK(r
.out
.result
)) {
313 printf("DsCrackNames failed - %s\n", win_errstr(r
.out
.result
));
315 } else if (r
.out
.ctr
.ctr1
->array
[0].status
!= DRSUAPI_DS_NAME_STATUS_OK
) {
316 printf("DsCrackNames failed on name - %d\n", r
.out
.ctr
.ctr1
->array
[0].status
);
324 ldb
= ldb_init(mem_ctx
);
326 realm_dn_str
= r
.out
.ctr
.ctr1
->array
[0].result_name
;
327 realm_dn
= ldb_dn_new(mem_ctx
, ldb
, realm_dn_str
);
328 realm_canonical
= ldb_dn_canonical_string(mem_ctx
, realm_dn
);
330 if (strcmp(realm_canonical
,
331 talloc_asprintf(mem_ctx
, "%s/", dns_domain
))!= 0) {
332 printf("local Round trip on canonical name failed: %s != %s!\n",
334 talloc_asprintf(mem_ctx
, "%s/", dns_domain
));
338 realm_canonical_ex
= ldb_dn_canonical_ex_string(mem_ctx
, realm_dn
);
340 if (strcmp(realm_canonical_ex
,
341 talloc_asprintf(mem_ctx
, "%s\n", dns_domain
))!= 0) {
342 printf("local Round trip on canonical ex name failed: %s != %s!\n",
344 talloc_asprintf(mem_ctx
, "%s\n", dns_domain
));
348 r
.in
.req
.req1
.format_offered
= DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT
;
349 r
.in
.req
.req1
.format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
;
350 names
[0].str
= nt4_domain
;
352 printf("testing DsCrackNames with name '%s' desired format:%d\n",
353 names
[0].str
, r
.in
.req
.req1
.format_desired
);
355 status
= dcerpc_drsuapi_DsCrackNames(p
, mem_ctx
, &r
);
356 if (!NT_STATUS_IS_OK(status
)) {
357 const char *errstr
= nt_errstr(status
);
358 if (NT_STATUS_EQUAL(status
, NT_STATUS_NET_WRITE_FAULT
)) {
359 errstr
= dcerpc_errstr(mem_ctx
, p
->last_fault_code
);
361 printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr
);
363 } else if (!W_ERROR_IS_OK(r
.out
.result
)) {
364 printf("DsCrackNames failed - %s\n", win_errstr(r
.out
.result
));
366 } else if (r
.out
.ctr
.ctr1
->array
[0].status
!= DRSUAPI_DS_NAME_STATUS_OK
) {
367 printf("DsCrackNames failed on name - %d\n", r
.out
.ctr
.ctr1
->array
[0].status
);
375 priv
->domain_obj_dn
= r
.out
.ctr
.ctr1
->array
[0].result_name
;
377 r
.in
.req
.req1
.format_offered
= DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT
;
378 r
.in
.req
.req1
.format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
;
379 names
[0].str
= talloc_asprintf(mem_ctx
, "%s%s$", nt4_domain
, test_dc
);
381 printf("testing DsCrackNames with name '%s' desired format:%d\n",
382 names
[0].str
, r
.in
.req
.req1
.format_desired
);
384 status
= dcerpc_drsuapi_DsCrackNames(p
, mem_ctx
, &r
);
385 if (!NT_STATUS_IS_OK(status
)) {
386 const char *errstr
= nt_errstr(status
);
387 if (NT_STATUS_EQUAL(status
, NT_STATUS_NET_WRITE_FAULT
)) {
388 errstr
= dcerpc_errstr(mem_ctx
, p
->last_fault_code
);
390 printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr
);
392 } else if (!W_ERROR_IS_OK(r
.out
.result
)) {
393 printf("DsCrackNames failed - %s\n", win_errstr(r
.out
.result
));
395 } else if (r
.out
.ctr
.ctr1
->array
[0].status
!= DRSUAPI_DS_NAME_STATUS_OK
) {
396 printf("DsCrackNames failed on name - %d\n", r
.out
.ctr
.ctr1
->array
[0].status
);
404 FQDN_1779_name
= r
.out
.ctr
.ctr1
->array
[0].result_name
;
406 FQDN_1779_dn
= ldb_dn_new(mem_ctx
, ldb
, FQDN_1779_name
);
408 canonical_name
= ldb_dn_canonical_string(mem_ctx
, FQDN_1779_dn
);
409 canonical_ex_name
= ldb_dn_canonical_ex_string(mem_ctx
, FQDN_1779_dn
);
411 user_principal_name
= talloc_asprintf(mem_ctx
, "%s$@%s", test_dc
, dns_domain
);
413 /* form up a user@DOMAIN */
414 user_principal_name_short
= talloc_asprintf(mem_ctx
, "%s$@%s", test_dc
, nt4_domain
);
415 /* variable nt4_domain includs a trailing \ */
416 user_principal_name_short
[strlen(user_principal_name_short
) - 1] = '\0';
418 service_principal_name
= talloc_asprintf(mem_ctx
, "HOST/%s", test_dc
);
422 enum drsuapi_DsNameFormat format_offered
;
423 enum drsuapi_DsNameFormat format_desired
;
426 const char *expected_str
;
427 enum drsuapi_DsNameStatus status
;
428 enum drsuapi_DsNameStatus alternate_status
;
429 enum drsuapi_DsNameFlags flags
;
432 .format_offered
= DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL
,
433 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
434 .str
= user_principal_name
,
435 .expected_str
= FQDN_1779_name
,
436 .status
= DRSUAPI_DS_NAME_STATUS_OK
439 .format_offered
= DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL
,
440 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
441 .str
= user_principal_name_short
,
442 .expected_str
= FQDN_1779_name
,
443 .status
= DRSUAPI_DS_NAME_STATUS_OK
446 .format_offered
= DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL
,
447 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
448 .str
= service_principal_name
,
449 .expected_str
= FQDN_1779_name
,
450 .status
= DRSUAPI_DS_NAME_STATUS_OK
453 .format_offered
= DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL
,
454 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
455 .str
= talloc_asprintf(mem_ctx
, "cifs/%s.%s", test_dc
, dns_domain
),
456 .comment
= "ServicePrincipal Name",
457 .expected_str
= FQDN_1779_name
,
458 .status
= DRSUAPI_DS_NAME_STATUS_OK
461 .format_offered
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
462 .format_desired
= DRSUAPI_DS_NAME_FORMAT_CANONICAL
,
463 .str
= FQDN_1779_name
,
464 .expected_str
= canonical_name
,
465 .status
= DRSUAPI_DS_NAME_STATUS_OK
468 .format_offered
= DRSUAPI_DS_NAME_FORMAT_CANONICAL
,
469 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
470 .str
= canonical_name
,
471 .expected_str
= FQDN_1779_name
,
472 .status
= DRSUAPI_DS_NAME_STATUS_OK
475 .format_offered
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
476 .format_desired
= DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX
,
477 .str
= FQDN_1779_name
,
478 .expected_str
= canonical_ex_name
,
479 .status
= DRSUAPI_DS_NAME_STATUS_OK
482 .format_offered
= DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX
,
483 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
484 .str
= canonical_ex_name
,
485 .expected_str
= FQDN_1779_name
,
486 .status
= DRSUAPI_DS_NAME_STATUS_OK
489 .format_offered
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
490 .format_desired
= DRSUAPI_DS_NAME_FORMAT_CANONICAL
,
491 .str
= FQDN_1779_name
,
492 .comment
= "DN to cannoical syntactial only",
493 .status
= DRSUAPI_DS_NAME_STATUS_OK
,
494 .expected_str
= canonical_name
,
495 .flags
= DRSUAPI_DS_NAME_FLAG_SYNTACTICAL_ONLY
498 .format_offered
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
499 .format_desired
= DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX
,
500 .str
= FQDN_1779_name
,
501 .comment
= "DN to cannoical EX syntactial only",
502 .status
= DRSUAPI_DS_NAME_STATUS_OK
,
503 .expected_str
= canonical_ex_name
,
504 .flags
= DRSUAPI_DS_NAME_FLAG_SYNTACTICAL_ONLY
507 .format_offered
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
508 .format_desired
= DRSUAPI_DS_NAME_FORMAT_DISPLAY
,
509 .str
= FQDN_1779_name
,
510 .status
= DRSUAPI_DS_NAME_STATUS_OK
513 .format_offered
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
514 .format_desired
= DRSUAPI_DS_NAME_FORMAT_GUID
,
515 .str
= FQDN_1779_name
,
516 .status
= DRSUAPI_DS_NAME_STATUS_OK
519 .format_offered
= DRSUAPI_DS_NAME_FORMAT_GUID
,
520 .format_desired
= DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT
,
521 .str
= priv
->domain_guid_str
,
522 .comment
= "Domain GUID to NT4 ACCOUNT",
523 .expected_str
= nt4_domain
,
524 .status
= DRSUAPI_DS_NAME_STATUS_OK
527 .format_offered
= DRSUAPI_DS_NAME_FORMAT_GUID
,
528 .format_desired
= DRSUAPI_DS_NAME_FORMAT_CANONICAL
,
529 .str
= priv
->domain_guid_str
,
530 .comment
= "Domain GUID to Canonical",
531 .expected_str
= talloc_asprintf(mem_ctx
, "%s/", dns_domain
),
532 .status
= DRSUAPI_DS_NAME_STATUS_OK
535 .format_offered
= DRSUAPI_DS_NAME_FORMAT_GUID
,
536 .format_desired
= DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX
,
537 .str
= priv
->domain_guid_str
,
538 .comment
= "Domain GUID to Canonical EX",
539 .expected_str
= talloc_asprintf(mem_ctx
, "%s\n", dns_domain
),
540 .status
= DRSUAPI_DS_NAME_STATUS_OK
543 .format_offered
= DRSUAPI_DS_NAME_FORMAT_DISPLAY
,
544 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
545 .str
= "CN=Microsoft Corporation,L=Redmond,S=Washington,C=US",
546 .comment
= "display name for Microsoft Support Account",
547 .status
= DRSUAPI_DS_NAME_STATUS_OK
,
548 .alternate_status
= DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
551 .format_offered
= DRSUAPI_DS_NAME_FORMAT_GUID
,
552 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
553 .str
= GUID_string2(mem_ctx
, torture_join_user_guid(priv
->join
)),
554 .comment
= "Account GUID -> DN",
555 .expected_str
= FQDN_1779_name
,
556 .status
= DRSUAPI_DS_NAME_STATUS_OK
559 .format_offered
= DRSUAPI_DS_NAME_FORMAT_GUID
,
560 .format_desired
= DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT
,
561 .str
= GUID_string2(mem_ctx
, torture_join_user_guid(priv
->join
)),
562 .comment
= "Account GUID -> NT4 Account",
563 .expected_str
= talloc_asprintf(mem_ctx
, "%s%s$", nt4_domain
, test_dc
),
564 .status
= DRSUAPI_DS_NAME_STATUS_OK
567 .format_offered
= DRSUAPI_DS_NAME_FORMAT_GUID
,
568 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
569 .str
= GUID_string2(mem_ctx
, &priv
->dcinfo
.site_guid
),
570 .comment
= "Site GUID",
571 .expected_str
= priv
->dcinfo
.site_dn
,
572 .status
= DRSUAPI_DS_NAME_STATUS_OK
575 .format_offered
= DRSUAPI_DS_NAME_FORMAT_GUID
,
576 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
577 .str
= GUID_string2(mem_ctx
, &priv
->dcinfo
.computer_guid
),
578 .comment
= "Computer GUID",
579 .expected_str
= priv
->dcinfo
.computer_dn
,
580 .status
= DRSUAPI_DS_NAME_STATUS_OK
583 .format_offered
= DRSUAPI_DS_NAME_FORMAT_GUID
,
584 .format_desired
= DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT
,
585 .str
= GUID_string2(mem_ctx
, &priv
->dcinfo
.computer_guid
),
586 .comment
= "Computer GUID -> NT4 Account",
587 .status
= DRSUAPI_DS_NAME_STATUS_OK
590 .format_offered
= DRSUAPI_DS_NAME_FORMAT_GUID
,
591 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
592 .str
= GUID_string2(mem_ctx
, &priv
->dcinfo
.server_guid
),
593 .comment
= "Server GUID",
594 .expected_str
= priv
->dcinfo
.server_dn
,
595 .status
= DRSUAPI_DS_NAME_STATUS_OK
598 .format_offered
= DRSUAPI_DS_NAME_FORMAT_GUID
,
599 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
600 .str
= GUID_string2(mem_ctx
, &priv
->dcinfo
.ntds_guid
),
601 .comment
= "NTDS GUID",
602 .expected_str
= priv
->dcinfo
.ntds_dn
,
603 .status
= DRSUAPI_DS_NAME_STATUS_OK
606 .format_offered
= DRSUAPI_DS_NAME_FORMAT_DISPLAY
,
607 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
609 .comment
= "DISLPAY NAME search for DC short name",
610 .status
= DRSUAPI_DS_NAME_STATUS_NOT_FOUND
613 .format_offered
= DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL
,
614 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
615 .str
= talloc_asprintf(mem_ctx
, "krbtgt/%s", dns_domain
),
616 .comment
= "Looking for KRBTGT as a serivce principal",
617 .status
= DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY
620 .format_offered
= DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL
,
621 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
622 .str
= talloc_asprintf(mem_ctx
, "krbtgt"),
623 .status
= DRSUAPI_DS_NAME_STATUS_NOT_FOUND
626 .format_offered
= DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL
,
627 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
628 .comment
= "Looking for the kadmin/changepw service as a serivce principal",
629 .str
= talloc_asprintf(mem_ctx
, "kadmin/changepw"),
630 .status
= DRSUAPI_DS_NAME_STATUS_OK
,
631 .expected_str
= talloc_asprintf(mem_ctx
, "CN=krbtgt,CN=Users,%s", realm_dn_str
),
632 .alternate_status
= DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
635 .format_offered
= DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL
,
636 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
637 .str
= talloc_asprintf(mem_ctx
, "cifs/%s.%s@%s",
640 .status
= DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY
643 .format_offered
= DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL
,
644 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
645 .str
= talloc_asprintf(mem_ctx
, "cifs/%s.%s@%s",
648 .status
= DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY
651 .format_offered
= DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL
,
652 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
653 .str
= talloc_asprintf(mem_ctx
, "cifs/%s.%s@%s",
656 .status
= DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY
659 .format_offered
= DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL
,
660 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
661 .str
= talloc_asprintf(mem_ctx
, "cifs/%s.%s",
662 test_dc
, dns_domain
),
663 .status
= DRSUAPI_DS_NAME_STATUS_OK
666 .format_offered
= DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL
,
667 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
668 .str
= talloc_asprintf(mem_ctx
, "cifs/%s",
670 .status
= DRSUAPI_DS_NAME_STATUS_OK
673 .format_offered
= DRSUAPI_DS_NAME_FORMAT_GUID
,
674 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
676 .status
= DRSUAPI_DS_NAME_STATUS_NOT_FOUND
679 .format_offered
= DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY
,
680 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
682 .status
= DRSUAPI_DS_NAME_STATUS_NOT_FOUND
685 .format_offered
= DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT
,
686 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
687 .str
= "NOT AN NT4 NAME",
688 .status
= DRSUAPI_DS_NAME_STATUS_NOT_FOUND
691 .format_offered
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
692 .format_desired
= DRSUAPI_DS_NAME_FORMAT_GUID
,
693 .comment
= "Unparsable DN",
695 .status
= DRSUAPI_DS_NAME_STATUS_NOT_FOUND
698 .format_offered
= DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL
,
699 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
700 .comment
= "Unparsable user principal",
701 .str
= "NOT A PRINCIPAL",
702 .status
= DRSUAPI_DS_NAME_STATUS_NOT_FOUND
705 .format_offered
= DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL
,
706 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
707 .comment
= "Unparsable service principal",
708 .str
= "NOT A SERVICE PRINCIPAL",
709 .status
= DRSUAPI_DS_NAME_STATUS_NOT_FOUND
712 .format_offered
= DRSUAPI_DS_NAME_FORMAT_GUID
,
713 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
714 .comment
= "BIND GUID (ie, not in the directory)",
715 .str
= GUID_string2(mem_ctx
, &priv
->bind_guid
),
716 .status
= DRSUAPI_DS_NAME_STATUS_NOT_FOUND
719 .format_offered
= DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL
,
720 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
721 .comment
= "Unqualified Machine account as user principal",
722 .str
= talloc_asprintf(mem_ctx
, "%s$", test_dc
),
723 .status
= DRSUAPI_DS_NAME_STATUS_NOT_FOUND
726 .format_offered
= DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL
,
727 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
728 .comment
= "Machine account as service principal",
729 .str
= talloc_asprintf(mem_ctx
, "%s$", test_dc
),
730 .status
= DRSUAPI_DS_NAME_STATUS_NOT_FOUND
733 .format_offered
= DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL
,
734 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
735 .comment
= "Full Machine account as service principal",
736 .str
= user_principal_name
,
737 .status
= DRSUAPI_DS_NAME_STATUS_NOT_FOUND
740 .format_offered
= DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT
,
741 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
742 .comment
= "Realm as an NT4 domain lookup",
743 .str
= talloc_asprintf(mem_ctx
, "%s\\", dns_domain
),
744 .status
= DRSUAPI_DS_NAME_STATUS_NOT_FOUND
747 .format_offered
= DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT
,
748 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
749 .comment
= "BUILTIN\\ -> DN",
751 .status
= DRSUAPI_DS_NAME_STATUS_NOT_FOUND
754 .format_offered
= DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY
,
755 .format_desired
= DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT
,
756 .comment
= "BUITIN SID -> NT4 account",
758 .status
= DRSUAPI_DS_NAME_STATUS_NO_MAPPING
,
759 .alternate_status
= DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
762 .format_offered
= DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY
,
763 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
765 .comment
= "Builtin Domain SID -> DN",
766 .status
= DRSUAPI_DS_NAME_STATUS_OK
,
767 .expected_str
= talloc_asprintf(mem_ctx
, "CN=Builtin,%s", realm_dn_str
),
768 .alternate_status
= DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
771 .format_offered
= DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY
,
772 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
773 .str
= SID_BUILTIN_ADMINISTRATORS
,
774 .comment
= "Builtin Administrors SID -> DN",
775 .status
= DRSUAPI_DS_NAME_STATUS_OK
,
776 .alternate_status
= DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
779 .format_offered
= DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY
,
780 .format_desired
= DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT
,
781 .str
= SID_BUILTIN_ADMINISTRATORS
,
782 .comment
= "Builtin Administrors SID -> NT4 Account",
783 .status
= DRSUAPI_DS_NAME_STATUS_OK
,
784 .alternate_status
= DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
787 .format_offered
= DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY
,
788 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
789 .comment
= "Domain SID -> DN",
791 .expected_str
= realm_dn_str
,
792 .status
= DRSUAPI_DS_NAME_STATUS_OK
795 .format_offered
= DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY
,
796 .format_desired
= DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT
,
797 .comment
= "Domain SID -> NT4 account",
799 .expected_str
= nt4_domain
,
800 .status
= DRSUAPI_DS_NAME_STATUS_OK
803 .format_offered
= DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL
,
804 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
806 .status
= DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY
811 for (i
=0; i
< ARRAY_SIZE(crack
); i
++) {
812 r
.in
.req
.req1
.format_flags
= crack
[i
].flags
;
813 r
.in
.req
.req1
.format_offered
= crack
[i
].format_offered
;
814 r
.in
.req
.req1
.format_desired
= crack
[i
].format_desired
;
815 names
[0].str
= crack
[i
].str
;
817 if (crack
[i
].comment
) {
818 printf("testing DsCrackNames '%s' with name '%s' desired format:%d\n",
819 crack
[i
].comment
, names
[0].str
, r
.in
.req
.req1
.format_desired
);
821 printf("testing DsCrackNames with name '%s' desired format:%d\n",
822 names
[0].str
, r
.in
.req
.req1
.format_desired
);
824 status
= dcerpc_drsuapi_DsCrackNames(p
, mem_ctx
, &r
);
825 if (!NT_STATUS_IS_OK(status
)) {
826 const char *errstr
= nt_errstr(status
);
827 if (NT_STATUS_EQUAL(status
, NT_STATUS_NET_WRITE_FAULT
)) {
828 errstr
= dcerpc_errstr(mem_ctx
, p
->last_fault_code
);
830 printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr
);
832 } else if (!W_ERROR_IS_OK(r
.out
.result
)) {
833 printf("DsCrackNames failed - %s\n", win_errstr(r
.out
.result
));
835 } else if (r
.out
.ctr
.ctr1
->array
[0].status
!= crack
[i
].status
) {
836 if (crack
[i
].alternate_status
) {
837 if (r
.out
.ctr
.ctr1
->array
[0].status
!= crack
[i
].alternate_status
) {
838 printf("DsCrackNames unexpected status %d, wanted %d or %d on name: %s\n",
839 r
.out
.ctr
.ctr1
->array
[0].status
,
841 crack
[i
].alternate_status
,
846 printf("DsCrackNames unexpected status %d, wanted %d on name: %s\n",
847 r
.out
.ctr
.ctr1
->array
[0].status
,
852 } else if (crack
[i
].expected_str
853 && (strcmp(r
.out
.ctr
.ctr1
->array
[0].result_name
,
854 crack
[i
].expected_str
) != 0)) {
855 printf("DsCrackNames failed - got %s, expected %s\n",
856 r
.out
.ctr
.ctr1
->array
[0].result_name
,
857 crack
[i
].expected_str
);
863 if (!test_DsCrackNamesMatrix(p
, mem_ctx
, priv
, FQDN_1779_name
,
864 user_principal_name
, service_principal_name
)) {