search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
r20297: Finally got to the bottom of why we were failing the RPC-CRACKNAMES
[Samba.git] / source / torture / rpc / drsuapi_cracknames.c
blobf8a6a48c957cdec51024049f87ff737150cf0cb3
1 /*
2 Unix SMB/CIFS implementation.
3
4 DRSUapi tests
5
6 Copyright (C) Andrew Tridgell 2003
7 Copyright (C) Stefan (metze) Metzmacher 2004
8 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 2 of the License, or
13 (at your option) any later version.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program; if not, write to the Free Software
22 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23 */
24
25 #include "includes.h"
26 #include "torture/torture.h"
27 #include "librpc/gen_ndr/ndr_drsuapi_c.h"
28 #include "torture/rpc/rpc.h"
29 #include "ldb/include/ldb.h"
30 #include "libcli/security/security.h"
31
32 static BOOL test_DsCrackNamesMatrix(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
33 struct DsPrivate *priv, const char *dn,
34 const char *user_principal_name, const char *service_principal_name)
35 {
36
37
38 NTSTATUS status;
39 BOOL ret = True;
40 struct drsuapi_DsCrackNames r;
41 enum drsuapi_DsNameFormat formats[] = {
42 DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
43 DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
44 DRSUAPI_DS_NAME_FORMAT_DISPLAY,
45 DRSUAPI_DS_NAME_FORMAT_GUID,
46 DRSUAPI_DS_NAME_FORMAT_CANONICAL,
47 DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
48 DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX,
49 DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
50 DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
51 DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN
52 };
53 struct drsuapi_DsNameString names[ARRAY_SIZE(formats)];
54 int i, j;
55
56 const char *n_matrix[ARRAY_SIZE(formats)][ARRAY_SIZE(formats)];
57 const char *n_from[ARRAY_SIZE(formats)];
58
59 ZERO_STRUCT(r);
60 r.in.bind_handle = &priv->bind_handle;
61 r.in.level = 1;
62 r.in.req.req1.unknown1 = 0x000004e4;
63 r.in.req.req1.unknown2 = 0x00000407;
64 r.in.req.req1.count = 1;
65 r.in.req.req1.names = names;
66 r.in.req.req1.format_flags = DRSUAPI_DS_NAME_FLAG_NO_FLAGS;
67
68 n_matrix[0][0] = dn;
69
70 for (i = 0; i < ARRAY_SIZE(formats); i++) {
71 r.in.req.req1.format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
72 r.in.req.req1.format_desired = formats[i];
73 names[0].str = dn;
74 printf("testing DsCrackNames (matrix prep) with name '%s' from format: %d desired format:%d ",
75 names[0].str, r.in.req.req1.format_offered, r.in.req.req1.format_desired);
76
77 status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r);
78 if (!NT_STATUS_IS_OK(status)) {
79 const char *errstr = nt_errstr(status);
80 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
81 errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
82 }
83 printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr);
84 ret = False;
85 } else if (!W_ERROR_IS_OK(r.out.result)) {
86 printf("DsCrackNames failed - %s\n", win_errstr(r.out.result));
87 ret = False;
88 }
89
90 if (!ret) {
91 return ret;
92 }
93 switch (formats[i]) {
94 case DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL:
95 if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE) {
96 printf(__location__ ": Unexpected error (%d): This name lookup should fail\n",
97 r.out.ctr.ctr1->array[0].status);
98 return False;
99 }
100 printf ("(expected) error\n");
101 break;
102 case DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL:
103 if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_NO_MAPPING) {
104 printf(__location__ ": Unexpected error (%d): This name lookup should fail\n",
105 r.out.ctr.ctr1->array[0].status);
106 return False;
107 }
108 printf ("(expected) error\n");
109 break;
110 case DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN:
111 case DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY:
112 if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR) {
113 printf(__location__ ": Unexpected error (%d): This name lookup should fail\n",
114 r.out.ctr.ctr1->array[0].status);
115 return False;
116 }
117 printf ("(expected) error\n");
118 break;
119 default:
120 if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
121 printf("Error: %d\n", r.out.ctr.ctr1->array[0].status);
122 return False;
123 }
124 }
125
126 switch (formats[i]) {
127 case DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL:
128 n_from[i] = user_principal_name;
129 break;
130 case DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL:
131 n_from[i] = service_principal_name;
132 break;
133 case DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY:
134 case DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN:
135 n_from[i] = NULL;
136 break;
137 default:
138 n_from[i] = r.out.ctr.ctr1->array[0].result_name;
139 printf("%s\n", n_from[i]);
140 }
141 }
142
143 for (i = 0; i < ARRAY_SIZE(formats); i++) {
144 for (j = 0; j < ARRAY_SIZE(formats); j++) {
145 r.in.req.req1.format_offered = formats[i];
146 r.in.req.req1.format_desired = formats[j];
147 if (!n_from[i]) {
148 n_matrix[i][j] = NULL;
149 continue;
150 }
151 names[0].str = n_from[i];
152 status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r);
153 if (!NT_STATUS_IS_OK(status)) {
154 const char *errstr = nt_errstr(status);
155 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
156 errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
157 }
158 printf("testing DsCrackNames (matrix) with name '%s' from format: %d desired format:%d failed - %s",
159 names[0].str, r.in.req.req1.format_offered, r.in.req.req1.format_desired, errstr);
160 ret = False;
161 } else if (!W_ERROR_IS_OK(r.out.result)) {
162 printf("testing DsCrackNames (matrix) with name '%s' from format: %d desired format:%d failed - %s",
163 names[0].str, r.in.req.req1.format_offered, r.in.req.req1.format_desired,
164 win_errstr(r.out.result));
165 ret = False;
166 }
167
168 if (!ret) {
169 return ret;
170 }
171 if (r.out.ctr.ctr1->array[0].status == DRSUAPI_DS_NAME_STATUS_OK) {
172 n_matrix[i][j] = r.out.ctr.ctr1->array[0].result_name;
173 } else {
174 n_matrix[i][j] = NULL;
175 }
176 }
177 }
178
179 for (i = 0; i < ARRAY_SIZE(formats); i++) {
180 for (j = 0; j < ARRAY_SIZE(formats); j++) {
181 if (n_matrix[i][j] == n_from[j]) {
182
183 /* We don't have a from name for these yet (and we can't map to them to find it out) */
184 } else if (n_matrix[i][j] == NULL && n_from[i] == NULL) {
185
186 /* we can't map to these two */
187 } else if (n_matrix[i][j] == NULL && formats[j] == DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL) {
188 } else if (n_matrix[i][j] == NULL && formats[j] == DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL) {
189 } else if (n_matrix[i][j] == NULL && n_from[j] != NULL) {
190 printf("dcerpc_drsuapi_DsCrackNames mismatch - from %d to %d: %s should be %s\n", formats[i], formats[j], n_matrix[i][j], n_from[j]);
191 ret = False;
192 } else if (n_matrix[i][j] != NULL && n_from[j] == NULL) {
193 printf("dcerpc_drsuapi_DsCrackNames mismatch - from %d to %d: %s should be %s\n", formats[i], formats[j], n_matrix[i][j], n_from[j]);
194 ret = False;
195 } else if (strcmp(n_matrix[i][j], n_from[j]) != 0) {
196 printf("dcerpc_drsuapi_DsCrackNames mismatch - from %d to %d: %s should be %s\n", formats[i], formats[j], n_matrix[i][j], n_from[j]);
197 ret = False;
198 }
199 }
200 }
201 return ret;
202 }
203
204 BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
205 struct DsPrivate *priv)
206 {
207 NTSTATUS status;
208 struct drsuapi_DsCrackNames r;
209 struct drsuapi_DsNameString names[1];
210 BOOL ret = True;
211 const char *dns_domain;
212 const char *nt4_domain;
213 const char *FQDN_1779_name;
214 struct ldb_context *ldb;
215 struct ldb_dn *FQDN_1779_dn;
216 struct ldb_dn *realm_dn;
217 const char *realm_dn_str;
218 const char *realm_canonical;
219 const char *realm_canonical_ex;
220 const char *user_principal_name;
221 char *user_principal_name_short;
222 const char *service_principal_name;
223 const char *canonical_name;
224 const char *canonical_ex_name;
225 const char *dom_sid;
226 const char *test_dc = torture_join_netbios_name(priv->join);
227
228 ZERO_STRUCT(r);
229 r.in.bind_handle = &priv->bind_handle;
230 r.in.level = 1;
231 r.in.req.req1.unknown1 = 0x000004e4;
232 r.in.req.req1.unknown2 = 0x00000407;
233 r.in.req.req1.count = 1;
234 r.in.req.req1.names = names;
235 r.in.req.req1.format_flags = DRSUAPI_DS_NAME_FLAG_NO_FLAGS;
236
237 r.in.req.req1.format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY;
238 r.in.req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT;
239
240 dom_sid = dom_sid_string(mem_ctx, torture_join_sid(priv->join));
241
242 names[0].str = dom_sid;
243
244 printf("testing DsCrackNames with name '%s' desired format:%d\n",
245 names[0].str, r.in.req.req1.format_desired);
246
247 status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r);
248 if (!NT_STATUS_IS_OK(status)) {
249 const char *errstr = nt_errstr(status);
250 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
251 errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
252 }
253 printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr);
254 ret = False;
255 } else if (!W_ERROR_IS_OK(r.out.result)) {
256 printf("DsCrackNames failed - %s\n", win_errstr(r.out.result));
257 ret = False;
258 } else if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
259 printf("DsCrackNames failed on name - %d\n", r.out.ctr.ctr1->array[0].status);
260 ret = False;
261 }
262
263 if (!ret) {
264 return ret;
265 }
266
267 dns_domain = r.out.ctr.ctr1->array[0].dns_domain_name;
268 nt4_domain = r.out.ctr.ctr1->array[0].result_name;
269
270 r.in.req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_GUID;
271
272 printf("testing DsCrackNames with name '%s' desired format:%d\n",
273 names[0].str, r.in.req.req1.format_desired);
274
275 status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r);
276 if (!NT_STATUS_IS_OK(status)) {
277 const char *errstr = nt_errstr(status);
278 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
279 errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
280 }
281 printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr);
282 ret = False;
283 } else if (!W_ERROR_IS_OK(r.out.result)) {
284 printf("DsCrackNames failed - %s\n", win_errstr(r.out.result));
285 ret = False;
286 } else if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
287 printf("DsCrackNames failed on name - %d\n", r.out.ctr.ctr1->array[0].status);
288 ret = False;
289 }
290
291 if (!ret) {
292 return ret;
293 }
294
295 priv->domain_dns_name = r.out.ctr.ctr1->array[0].dns_domain_name;
296 priv->domain_guid_str = r.out.ctr.ctr1->array[0].result_name;
297 GUID_from_string(priv->domain_guid_str, &priv->domain_guid);
298
299 r.in.req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
300
301 printf("testing DsCrackNames with name '%s' desired format:%d\n",
302 names[0].str, r.in.req.req1.format_desired);
303
304 status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r);
305 if (!NT_STATUS_IS_OK(status)) {
306 const char *errstr = nt_errstr(status);
307 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
308 errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
309 }
310 printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr);
311 ret = False;
312 } else if (!W_ERROR_IS_OK(r.out.result)) {
313 printf("DsCrackNames failed - %s\n", win_errstr(r.out.result));
314 ret = False;
315 } else if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
316 printf("DsCrackNames failed on name - %d\n", r.out.ctr.ctr1->array[0].status);
317 ret = False;
318 }
319
320 if (!ret) {
321 return ret;
322 }
323
324 ldb = ldb_init(mem_ctx);
325
326 realm_dn_str = r.out.ctr.ctr1->array[0].result_name;
327 realm_dn = ldb_dn_new(mem_ctx, ldb, realm_dn_str);
328 realm_canonical = ldb_dn_canonical_string(mem_ctx, realm_dn);
329
330 if (strcmp(realm_canonical,
331 talloc_asprintf(mem_ctx, "%s/", dns_domain))!= 0) {
332 printf("local Round trip on canonical name failed: %s != %s!\n",
333 realm_canonical,
334 talloc_asprintf(mem_ctx, "%s/", dns_domain));
335 return False;
336 };
337
338 realm_canonical_ex = ldb_dn_canonical_ex_string(mem_ctx, realm_dn);
339
340 if (strcmp(realm_canonical_ex,
341 talloc_asprintf(mem_ctx, "%s\n", dns_domain))!= 0) {
342 printf("local Round trip on canonical ex name failed: %s != %s!\n",
343 realm_canonical,
344 talloc_asprintf(mem_ctx, "%s\n", dns_domain));
345 return False;
346 };
347
348 r.in.req.req1.format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT;
349 r.in.req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
350 names[0].str = nt4_domain;
351
352 printf("testing DsCrackNames with name '%s' desired format:%d\n",
353 names[0].str, r.in.req.req1.format_desired);
354
355 status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r);
356 if (!NT_STATUS_IS_OK(status)) {
357 const char *errstr = nt_errstr(status);
358 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
359 errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
360 }
361 printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr);
362 ret = False;
363 } else if (!W_ERROR_IS_OK(r.out.result)) {
364 printf("DsCrackNames failed - %s\n", win_errstr(r.out.result));
365 ret = False;
366 } else if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
367 printf("DsCrackNames failed on name - %d\n", r.out.ctr.ctr1->array[0].status);
368 ret = False;
369 }
370
371 if (!ret) {
372 return ret;
373 }
374
375 priv->domain_obj_dn = r.out.ctr.ctr1->array[0].result_name;
376
377 r.in.req.req1.format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT;
378 r.in.req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
379 names[0].str = talloc_asprintf(mem_ctx, "%s%s$", nt4_domain, test_dc);
380
381 printf("testing DsCrackNames with name '%s' desired format:%d\n",
382 names[0].str, r.in.req.req1.format_desired);
383
384 status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r);
385 if (!NT_STATUS_IS_OK(status)) {
386 const char *errstr = nt_errstr(status);
387 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
388 errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
389 }
390 printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr);
391 ret = False;
392 } else if (!W_ERROR_IS_OK(r.out.result)) {
393 printf("DsCrackNames failed - %s\n", win_errstr(r.out.result));
394 ret = False;
395 } else if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
396 printf("DsCrackNames failed on name - %d\n", r.out.ctr.ctr1->array[0].status);
397 ret = False;
398 }
399
400 if (!ret) {
401 return ret;
402 }
403
404 FQDN_1779_name = r.out.ctr.ctr1->array[0].result_name;
405
406 FQDN_1779_dn = ldb_dn_new(mem_ctx, ldb, FQDN_1779_name);
407
408 canonical_name = ldb_dn_canonical_string(mem_ctx, FQDN_1779_dn);
409 canonical_ex_name = ldb_dn_canonical_ex_string(mem_ctx, FQDN_1779_dn);
410
411 user_principal_name = talloc_asprintf(mem_ctx, "%s$@%s", test_dc, dns_domain);
412
413 /* form up a user@DOMAIN */
414 user_principal_name_short = talloc_asprintf(mem_ctx, "%s$@%s", test_dc, nt4_domain);
415 /* variable nt4_domain includs a trailing \ */
416 user_principal_name_short[strlen(user_principal_name_short) - 1] = '\0';
417
418 service_principal_name = talloc_asprintf(mem_ctx, "HOST/%s", test_dc);
419 {
420
421 struct {
422 enum drsuapi_DsNameFormat format_offered;
423 enum drsuapi_DsNameFormat format_desired;
424 const char *comment;
425 const char *str;
426 const char *expected_str;
427 enum drsuapi_DsNameStatus status;
428 enum drsuapi_DsNameStatus alternate_status;
429 enum drsuapi_DsNameFlags flags;
430 } crack[] = {
431 {
432 .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
433 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
434 .str = user_principal_name,
435 .expected_str = FQDN_1779_name,
436 .status = DRSUAPI_DS_NAME_STATUS_OK
437 },
438 {
439 .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
440 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
441 .str = user_principal_name_short,
442 .expected_str = FQDN_1779_name,
443 .status = DRSUAPI_DS_NAME_STATUS_OK
444 },
445 {
446 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
447 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
448 .str = service_principal_name,
449 .expected_str = FQDN_1779_name,
450 .status = DRSUAPI_DS_NAME_STATUS_OK
451 },
452 {
453 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
454 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
455 .str = talloc_asprintf(mem_ctx, "cifs/%s.%s", test_dc, dns_domain),
456 .comment = "ServicePrincipal Name",
457 .expected_str = FQDN_1779_name,
458 .status = DRSUAPI_DS_NAME_STATUS_OK
459 },
460 {
461 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
462 .format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL,
463 .str = FQDN_1779_name,
464 .expected_str = canonical_name,
465 .status = DRSUAPI_DS_NAME_STATUS_OK
466 },
467 {
468 .format_offered = DRSUAPI_DS_NAME_FORMAT_CANONICAL,
469 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
470 .str = canonical_name,
471 .expected_str = FQDN_1779_name,
472 .status = DRSUAPI_DS_NAME_STATUS_OK
473 },
474 {
475 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
476 .format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX,
477 .str = FQDN_1779_name,
478 .expected_str = canonical_ex_name,
479 .status = DRSUAPI_DS_NAME_STATUS_OK
480 },
481 {
482 .format_offered = DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX,
483 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
484 .str = canonical_ex_name,
485 .expected_str = FQDN_1779_name,
486 .status = DRSUAPI_DS_NAME_STATUS_OK
487 },
488 {
489 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
490 .format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL,
491 .str = FQDN_1779_name,
492 .comment = "DN to cannoical syntactial only",
493 .status = DRSUAPI_DS_NAME_STATUS_OK,
494 .expected_str = canonical_name,
495 .flags = DRSUAPI_DS_NAME_FLAG_SYNTACTICAL_ONLY
496 },
497 {
498 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
499 .format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX,
500 .str = FQDN_1779_name,
501 .comment = "DN to cannoical EX syntactial only",
502 .status = DRSUAPI_DS_NAME_STATUS_OK,
503 .expected_str = canonical_ex_name,
504 .flags = DRSUAPI_DS_NAME_FLAG_SYNTACTICAL_ONLY
505 },
506 {
507 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
508 .format_desired = DRSUAPI_DS_NAME_FORMAT_DISPLAY,
509 .str = FQDN_1779_name,
510 .status = DRSUAPI_DS_NAME_STATUS_OK
511 },
512 {
513 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
514 .format_desired = DRSUAPI_DS_NAME_FORMAT_GUID,
515 .str = FQDN_1779_name,
516 .status = DRSUAPI_DS_NAME_STATUS_OK
517 },
518 {
519 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
520 .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
521 .str = priv->domain_guid_str,
522 .comment = "Domain GUID to NT4 ACCOUNT",
523 .expected_str = nt4_domain,
524 .status = DRSUAPI_DS_NAME_STATUS_OK
525 },
526 {
527 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
528 .format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL,
529 .str = priv->domain_guid_str,
530 .comment = "Domain GUID to Canonical",
531 .expected_str = talloc_asprintf(mem_ctx, "%s/", dns_domain),
532 .status = DRSUAPI_DS_NAME_STATUS_OK
533 },
534 {
535 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
536 .format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX,
537 .str = priv->domain_guid_str,
538 .comment = "Domain GUID to Canonical EX",
539 .expected_str = talloc_asprintf(mem_ctx, "%s\n", dns_domain),
540 .status = DRSUAPI_DS_NAME_STATUS_OK
541 },
542 {
543 .format_offered = DRSUAPI_DS_NAME_FORMAT_DISPLAY,
544 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
545 .str = "CN=Microsoft Corporation,L=Redmond,S=Washington,C=US",
546 .comment = "display name for Microsoft Support Account",
547 .status = DRSUAPI_DS_NAME_STATUS_OK,
548 .alternate_status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
549 },
550 {
551 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
552 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
553 .str = GUID_string2(mem_ctx, torture_join_user_guid(priv->join)),
554 .comment = "Account GUID -> DN",
555 .expected_str = FQDN_1779_name,
556 .status = DRSUAPI_DS_NAME_STATUS_OK
557 },
558 {
559 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
560 .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
561 .str = GUID_string2(mem_ctx, torture_join_user_guid(priv->join)),
562 .comment = "Account GUID -> NT4 Account",
563 .expected_str = talloc_asprintf(mem_ctx, "%s%s$", nt4_domain, test_dc),
564 .status = DRSUAPI_DS_NAME_STATUS_OK
565 },
566 {
567 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
568 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
569 .str = GUID_string2(mem_ctx, &priv->dcinfo.site_guid),
570 .comment = "Site GUID",
571 .expected_str = priv->dcinfo.site_dn,
572 .status = DRSUAPI_DS_NAME_STATUS_OK
573 },
574 {
575 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
576 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
577 .str = GUID_string2(mem_ctx, &priv->dcinfo.computer_guid),
578 .comment = "Computer GUID",
579 .expected_str = priv->dcinfo.computer_dn,
580 .status = DRSUAPI_DS_NAME_STATUS_OK
581 },
582 {
583 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
584 .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
585 .str = GUID_string2(mem_ctx, &priv->dcinfo.computer_guid),
586 .comment = "Computer GUID -> NT4 Account",
587 .status = DRSUAPI_DS_NAME_STATUS_OK
588 },
589 {
590 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
591 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
592 .str = GUID_string2(mem_ctx, &priv->dcinfo.server_guid),
593 .comment = "Server GUID",
594 .expected_str = priv->dcinfo.server_dn,
595 .status = DRSUAPI_DS_NAME_STATUS_OK
596 },
597 {
598 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
599 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
600 .str = GUID_string2(mem_ctx, &priv->dcinfo.ntds_guid),
601 .comment = "NTDS GUID",
602 .expected_str = priv->dcinfo.ntds_dn,
603 .status = DRSUAPI_DS_NAME_STATUS_OK
604 },
605 {
606 .format_offered = DRSUAPI_DS_NAME_FORMAT_DISPLAY,
607 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
608 .str = test_dc,
609 .comment = "DISLPAY NAME search for DC short name",
610 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
611 },
612 {
613 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
614 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
615 .str = talloc_asprintf(mem_ctx, "krbtgt/%s", dns_domain),
616 .comment = "Looking for KRBTGT as a serivce principal",
617 .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY
618 },
619 {
620 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
621 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
622 .str = talloc_asprintf(mem_ctx, "krbtgt"),
623 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
624 },
625 {
626 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
627 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
628 .comment = "Looking for the kadmin/changepw service as a serivce principal",
629 .str = talloc_asprintf(mem_ctx, "kadmin/changepw"),
630 .status = DRSUAPI_DS_NAME_STATUS_OK,
631 .expected_str = talloc_asprintf(mem_ctx, "CN=krbtgt,CN=Users,%s", realm_dn_str),
632 .alternate_status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
633 },
634 {
635 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
636 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
637 .str = talloc_asprintf(mem_ctx, "cifs/%s.%s@%s",
638 test_dc, dns_domain,
639 dns_domain),
640 .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY
641 },
642 {
643 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
644 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
645 .str = talloc_asprintf(mem_ctx, "cifs/%s.%s@%s",
646 test_dc, dns_domain,
647 "BOGUS"),
648 .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY
649 },
650 {
651 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
652 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
653 .str = talloc_asprintf(mem_ctx, "cifs/%s.%s@%s",
654 test_dc, "REALLY",
655 "BOGUS"),
656 .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY
657 },
658 {
659 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
660 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
661 .str = talloc_asprintf(mem_ctx, "cifs/%s.%s",
662 test_dc, dns_domain),
663 .status = DRSUAPI_DS_NAME_STATUS_OK
664 },
665 {
666 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
667 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
668 .str = talloc_asprintf(mem_ctx, "cifs/%s",
669 test_dc),
670 .status = DRSUAPI_DS_NAME_STATUS_OK
671 },
672 {
673 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
674 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
675 .str = "NOT A GUID",
676 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
677 },
678 {
679 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
680 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
681 .str = "NOT A SID",
682 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
683 },
684 {
685 .format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
686 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
687 .str = "NOT AN NT4 NAME",
688 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
689 },
690 {
691 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
692 .format_desired = DRSUAPI_DS_NAME_FORMAT_GUID,
693 .comment = "Unparsable DN",
694 .str = "NOT A DN",
695 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
696 },
697 {
698 .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
699 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
700 .comment = "Unparsable user principal",
701 .str = "NOT A PRINCIPAL",
702 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
703 },
704 {
705 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
706 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
707 .comment = "Unparsable service principal",
708 .str = "NOT A SERVICE PRINCIPAL",
709 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
710 },
711 {
712 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
713 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
714 .comment = "BIND GUID (ie, not in the directory)",
715 .str = GUID_string2(mem_ctx, &priv->bind_guid),
716 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
717 },
718 {
719 .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
720 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
721 .comment = "Unqualified Machine account as user principal",
722 .str = talloc_asprintf(mem_ctx, "%s$", test_dc),
723 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
724 },
725 {
726 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
727 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
728 .comment = "Machine account as service principal",
729 .str = talloc_asprintf(mem_ctx, "%s$", test_dc),
730 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
731 },
732 {
733 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
734 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
735 .comment = "Full Machine account as service principal",
736 .str = user_principal_name,
737 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
738 },
739 {
740 .format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
741 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
742 .comment = "Realm as an NT4 domain lookup",
743 .str = talloc_asprintf(mem_ctx, "%s\\", dns_domain),
744 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
745 },
746 {
747 .format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
748 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
749 .comment = "BUILTIN\\ -> DN",
750 .str = "BUILTIN\\",
751 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
752 },
753 {
754 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
755 .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
756 .comment = "BUITIN SID -> NT4 account",
757 .str = SID_BUILTIN,
758 .status = DRSUAPI_DS_NAME_STATUS_NO_MAPPING,
759 .alternate_status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
760 },
761 {
762 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
763 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
764 .str = SID_BUILTIN,
765 .comment = "Builtin Domain SID -> DN",
766 .status = DRSUAPI_DS_NAME_STATUS_OK,
767 .expected_str = talloc_asprintf(mem_ctx, "CN=Builtin,%s", realm_dn_str),
768 .alternate_status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
769 },
770 {
771 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
772 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
773 .str = SID_BUILTIN_ADMINISTRATORS,
774 .comment = "Builtin Administrors SID -> DN",
775 .status = DRSUAPI_DS_NAME_STATUS_OK,
776 .alternate_status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
777 },
778 {
779 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
780 .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
781 .str = SID_BUILTIN_ADMINISTRATORS,
782 .comment = "Builtin Administrors SID -> NT4 Account",
783 .status = DRSUAPI_DS_NAME_STATUS_OK,
784 .alternate_status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
785 },
786 {
787 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
788 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
789 .comment = "Domain SID -> DN",
790 .str = dom_sid,
791 .expected_str = realm_dn_str,
792 .status = DRSUAPI_DS_NAME_STATUS_OK
793 },
794 {
795 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
796 .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
797 .comment = "Domain SID -> NT4 account",
798 .str = dom_sid,
799 .expected_str = nt4_domain,
800 .status = DRSUAPI_DS_NAME_STATUS_OK
801 },
802 {
803 .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
804 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
805 .str = "foo@bar",
806 .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY
807 },
808 };
809 int i;
810
811 for (i=0; i < ARRAY_SIZE(crack); i++) {
812 r.in.req.req1.format_flags = crack[i].flags;
813 r.in.req.req1.format_offered = crack[i].format_offered;
814 r.in.req.req1.format_desired = crack[i].format_desired;
815 names[0].str = crack[i].str;
816
817 if (crack[i].comment) {
818 printf("testing DsCrackNames '%s' with name '%s' desired format:%d\n",
819 crack[i].comment, names[0].str, r.in.req.req1.format_desired);
820 } else {
821 printf("testing DsCrackNames with name '%s' desired format:%d\n",
822 names[0].str, r.in.req.req1.format_desired);
823 }
824 status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r);
825 if (!NT_STATUS_IS_OK(status)) {
826 const char *errstr = nt_errstr(status);
827 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
828 errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
829 }
830 printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr);
831 ret = False;
832 } else if (!W_ERROR_IS_OK(r.out.result)) {
833 printf("DsCrackNames failed - %s\n", win_errstr(r.out.result));
834 ret = False;
835 } else if (r.out.ctr.ctr1->array[0].status != crack[i].status) {
836 if (crack[i].alternate_status) {
837 if (r.out.ctr.ctr1->array[0].status != crack[i].alternate_status) {
838 printf("DsCrackNames unexpected status %d, wanted %d or %d on name: %s\n",
839 r.out.ctr.ctr1->array[0].status,
840 crack[i].status,
841 crack[i].alternate_status,
842 crack[i].str);
843 ret = False;
844 }
845 } else {
846 printf("DsCrackNames unexpected status %d, wanted %d on name: %s\n",
847 r.out.ctr.ctr1->array[0].status,
848 crack[i].status,
849 crack[i].str);
850 ret = False;
851 }
852 } else if (crack[i].expected_str
853 && (strcmp(r.out.ctr.ctr1->array[0].result_name,
854 crack[i].expected_str) != 0)) {
855 printf("DsCrackNames failed - got %s, expected %s\n",
856 r.out.ctr.ctr1->array[0].result_name,
857 crack[i].expected_str);
858 ret = False;
859 }
860 }
861 }
862
863 if (!test_DsCrackNamesMatrix(p, mem_ctx, priv, FQDN_1779_name,
864 user_principal_name, service_principal_name)) {
865 ret = False;
866 }
867
868 return ret;
869 }
Samba GIT mirror