search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3:libsmb: Plumb cli_smb2_query_security_descriptor() inside cli_query_security_descr...
[Samba.git] / source4 / torture / rpc / drsuapi_cracknames.c
blob465f6db76f1773e9d6908b25ece20d65b3522dfc
1 /*
2 Unix SMB/CIFS implementation.
3
4 DRSUapi tests
5
6 Copyright (C) Andrew Tridgell 2003
7 Copyright (C) Stefan (metze) Metzmacher 2004
8 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 */
23
24 #include "includes.h"
25 #include "librpc/gen_ndr/ndr_drsuapi_c.h"
26 #include "torture/rpc/torture_rpc.h"
27 #include <ldb.h>
28 #include "libcli/security/security.h"
29
30 struct DsCrackNamesPrivate {
31 struct DsPrivate base;
32
33 /* following names are used in Crack Names Matrix test */
34 const char *fqdn_name;
35 const char *user_principal_name;
36 const char *service_principal_name;
37 };
38
39 static bool test_DsCrackNamesMatrix(struct torture_context *tctx,
40 struct DsPrivate *priv, const char *dn,
41 const char *user_principal_name, const char *service_principal_name)
42 {
43 NTSTATUS status;
44 const char *err_msg;
45 struct drsuapi_DsCrackNames r;
46 union drsuapi_DsNameRequest req;
47 uint32_t level_out;
48 union drsuapi_DsNameCtr ctr;
49 struct dcerpc_pipe *p = priv->drs_pipe;
50 TALLOC_CTX *mem_ctx = priv;
51
52 enum drsuapi_DsNameFormat formats[] = {
53 DRSUAPI_DS_NAME_FORMAT_UNKNOWN,
54 DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
55 DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
56 DRSUAPI_DS_NAME_FORMAT_DISPLAY,
57 DRSUAPI_DS_NAME_FORMAT_GUID,
58 DRSUAPI_DS_NAME_FORMAT_CANONICAL,
59 DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
60 DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX,
61 DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
62 DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
63 DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN
64 };
65 struct drsuapi_DsNameString names[ARRAY_SIZE(formats)];
66 int i, j;
67
68 const char *n_matrix[ARRAY_SIZE(formats)][ARRAY_SIZE(formats)];
69 const char *n_from[ARRAY_SIZE(formats)];
70
71 ZERO_STRUCT(r);
72 r.in.bind_handle = &priv->bind_handle;
73 r.in.level = 1;
74 r.in.req = &req;
75 r.in.req->req1.codepage = 1252; /* german */
76 r.in.req->req1.language = 0x00000407; /* german */
77 r.in.req->req1.count = 1;
78 r.in.req->req1.names = names;
79 r.in.req->req1.format_flags = DRSUAPI_DS_NAME_FLAG_NO_FLAGS;
80
81 r.out.level_out = &level_out;
82 r.out.ctr = &ctr;
83
84 n_matrix[0][0] = dn;
85
86 for (i = 0; i < ARRAY_SIZE(formats); i++) {
87 r.in.req->req1.format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
88 r.in.req->req1.format_desired = formats[i];
89 names[0].str = dn;
90 torture_comment(tctx, "Testing DsCrackNames (matrix prep) with name '%s'"
91 " offered format: %d desired format:%d\n",
92 names[0].str,
93 r.in.req->req1.format_offered,
94 r.in.req->req1.format_desired);
95 status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r);
96 if (!NT_STATUS_IS_OK(status)) {
97 const char *errstr = nt_errstr(status);
98 err_msg = talloc_asprintf(mem_ctx,
99 "testing DsCrackNames (matrix prep) with name '%s' from format: %d desired format:%d failed - %s",
100 names[0].str, r.in.req->req1.format_offered, r.in.req->req1.format_desired, errstr);
101 torture_fail(tctx, err_msg);
102 } else if (!W_ERROR_IS_OK(r.out.result)) {
103 err_msg = talloc_asprintf(mem_ctx,
104 "testing DsCrackNames (matrix prep) with name '%s' from format: %d desired format:%d failed - %s",
105 names[0].str, r.in.req->req1.format_offered, r.in.req->req1.format_desired, win_errstr(r.out.result));
106 torture_fail(tctx, err_msg);
107 }
108
109 switch (formats[i]) {
110 case DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL:
111 if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE) {
112 err_msg = talloc_asprintf(mem_ctx,
113 "Unexpected error (%d): This name lookup should fail",
114 r.out.ctr->ctr1->array[0].status);
115 torture_fail(tctx, err_msg);
116 }
117 torture_comment(tctx, __location__ ": (expected) error\n");
118 break;
119 case DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL:
120 if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_NO_MAPPING) {
121 err_msg = talloc_asprintf(mem_ctx,
122 "Unexpected error (%d): This name lookup should fail",
123 r.out.ctr->ctr1->array[0].status);
124 torture_fail(tctx, err_msg);
125 }
126 torture_comment(tctx, __location__ ": (expected) error\n");
127 break;
128 case DRSUAPI_DS_NAME_FORMAT_UNKNOWN: /* should fail as we ask server to convert to Unknown format */
129 case DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN:
130 case DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY:
131 if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR) {
132 err_msg = talloc_asprintf(mem_ctx,
133 "Unexpected error (%d): This name lookup should fail",
134 r.out.ctr->ctr1->array[0].status);
135 torture_fail(tctx, err_msg);
136 }
137 torture_comment(tctx, __location__ ": (expected) error\n");
138 break;
139 default:
140 if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
141 err_msg = talloc_asprintf(mem_ctx,
142 "DsCrackNames error: %d",
143 r.out.ctr->ctr1->array[0].status);
144 torture_fail(tctx, err_msg);
145 }
146 break;
147 }
148
149 switch (formats[i]) {
150 case DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL:
151 n_from[i] = user_principal_name;
152 break;
153 case DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL:
154 n_from[i] = service_principal_name;
155 break;
156 case DRSUAPI_DS_NAME_FORMAT_UNKNOWN:
157 case DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY:
158 case DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN:
159 n_from[i] = NULL;
160 break;
161 default:
162 n_from[i] = r.out.ctr->ctr1->array[0].result_name;
163 printf("%s\n", n_from[i]);
164 break;
165 }
166 }
167
168 for (i = 0; i < ARRAY_SIZE(formats); i++) {
169 for (j = 0; j < ARRAY_SIZE(formats); j++) {
170 r.in.req->req1.format_offered = formats[i];
171 r.in.req->req1.format_desired = formats[j];
172 if (!n_from[i]) {
173 n_matrix[i][j] = NULL;
174 continue;
175 }
176 names[0].str = n_from[i];
177 status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r);
178 if (!NT_STATUS_IS_OK(status)) {
179 const char *errstr = nt_errstr(status);
180 err_msg = talloc_asprintf(mem_ctx,
181 "testing DsCrackNames (matrix) with name '%s' from format: %d desired format:%d failed - %s",
182 names[0].str, r.in.req->req1.format_offered, r.in.req->req1.format_desired, errstr);
183 torture_fail(tctx, err_msg);
184 } else if (!W_ERROR_IS_OK(r.out.result)) {
185 err_msg = talloc_asprintf(mem_ctx,
186 "testing DsCrackNames (matrix) with name '%s' from format: %d desired format:%d failed - %s",
187 names[0].str, r.in.req->req1.format_offered, r.in.req->req1.format_desired,
188 win_errstr(r.out.result));
189 torture_fail(tctx, err_msg);
190 }
191
192 if (r.out.ctr->ctr1->array[0].status == DRSUAPI_DS_NAME_STATUS_OK) {
193 n_matrix[i][j] = r.out.ctr->ctr1->array[0].result_name;
194 } else {
195 n_matrix[i][j] = NULL;
196 }
197 }
198 }
199
200 for (i = 0; i < ARRAY_SIZE(formats); i++) {
201 for (j = 0; j < ARRAY_SIZE(formats); j++) {
202 if (n_matrix[i][j] == n_from[j]) {
203
204 /* We don't have a from name for these yet (and we can't map to them to find it out) */
205 } else if (n_matrix[i][j] == NULL && n_from[i] == NULL) {
206
207 /* we can't map to these two */
208 } else if (n_matrix[i][j] == NULL && formats[j] == DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL) {
209 } else if (n_matrix[i][j] == NULL && formats[j] == DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL) {
210 } else if (n_matrix[i][j] == NULL && n_from[j] != NULL) {
211 err_msg = talloc_asprintf(mem_ctx,
212 "dcerpc_drsuapi_DsCrackNames mismatch - from %d to %d: %s should be %s",
213 formats[i], formats[j], n_matrix[i][j], n_from[j]);
214 torture_fail(tctx, err_msg);
215 } else if (n_matrix[i][j] != NULL && n_from[j] == NULL) {
216 err_msg = talloc_asprintf(mem_ctx,
217 "dcerpc_drsuapi_DsCrackNames mismatch - from %d to %d: %s should be %s",
218 formats[i], formats[j], n_matrix[i][j], n_from[j]);
219 torture_fail(tctx, err_msg);
220 } else if (strcmp(n_matrix[i][j], n_from[j]) != 0) {
221 err_msg = talloc_asprintf(mem_ctx,
222 "dcerpc_drsuapi_DsCrackNames mismatch - from %d to %d: %s should be %s",
223 formats[i], formats[j], n_matrix[i][j], n_from[j]);
224 torture_fail(tctx, err_msg);
225 }
226 }
227 }
228
229 return true;
230 }
231
232 bool test_DsCrackNames(struct torture_context *tctx,
233 struct DsPrivate *priv)
234 {
235 NTSTATUS status;
236 const char *err_msg;
237 struct drsuapi_DsCrackNames r;
238 union drsuapi_DsNameRequest req;
239 uint32_t level_out;
240 union drsuapi_DsNameCtr ctr;
241 struct drsuapi_DsNameString names[1];
242 const char *dns_domain;
243 const char *nt4_domain;
244 const char *FQDN_1779_name;
245 struct ldb_context *ldb;
246 struct ldb_dn *FQDN_1779_dn;
247 struct ldb_dn *realm_dn;
248 const char *realm_dn_str;
249 const char *realm_canonical;
250 const char *realm_canonical_ex;
251 const char *user_principal_name;
252 char *user_principal_name_short;
253 const char *service_principal_name;
254 const char *canonical_name;
255 const char *canonical_ex_name;
256 const char *dom_sid;
257 const char *test_dc = torture_join_netbios_name(priv->join);
258 struct dcerpc_pipe *p = priv->drs_pipe;
259 TALLOC_CTX *mem_ctx = priv;
260
261 ZERO_STRUCT(r);
262 r.in.bind_handle = &priv->bind_handle;
263 r.in.level = 1;
264 r.in.req = &req;
265 r.in.req->req1.codepage = 1252; /* german */
266 r.in.req->req1.language = 0x00000407; /* german */
267 r.in.req->req1.count = 1;
268 r.in.req->req1.names = names;
269 r.in.req->req1.format_flags = DRSUAPI_DS_NAME_FLAG_NO_FLAGS;
270
271 r.in.req->req1.format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY;
272 r.in.req->req1.format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT;
273
274 r.out.level_out = &level_out;
275 r.out.ctr = &ctr;
276
277 dom_sid = dom_sid_string(mem_ctx, torture_join_sid(priv->join));
278
279 names[0].str = dom_sid;
280
281 torture_comment(tctx, "Testing DsCrackNames with name '%s'"
282 " offered format: %d desired format:%d\n",
283 names[0].str,
284 r.in.req->req1.format_offered,
285 r.in.req->req1.format_desired);
286
287 status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r);
288 if (!NT_STATUS_IS_OK(status)) {
289 const char *errstr = nt_errstr(status);
290 err_msg = talloc_asprintf(mem_ctx, "dcerpc_drsuapi_DsCrackNames failed - %s", errstr);
291 torture_fail(tctx, err_msg);
292 } else if (!W_ERROR_IS_OK(r.out.result)) {
293 err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed - %s", win_errstr(r.out.result));
294 torture_fail(tctx, err_msg);
295 } else if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
296 err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed on name - %d",
297 r.out.ctr->ctr1->array[0].status);
298 torture_fail(tctx, err_msg);
299 }
300
301 dns_domain = r.out.ctr->ctr1->array[0].dns_domain_name;
302 nt4_domain = r.out.ctr->ctr1->array[0].result_name;
303
304 r.in.req->req1.format_desired = DRSUAPI_DS_NAME_FORMAT_GUID;
305
306 torture_comment(tctx, "Testing DsCrackNames with name '%s'"
307 " offered format: %d desired format:%d\n",
308 names[0].str,
309 r.in.req->req1.format_offered,
310 r.in.req->req1.format_desired);
311
312 status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r);
313 if (!NT_STATUS_IS_OK(status)) {
314 const char *errstr = nt_errstr(status);
315 err_msg = talloc_asprintf(mem_ctx, "dcerpc_drsuapi_DsCrackNames failed - %s", errstr);
316 torture_fail(tctx, err_msg);
317 } else if (!W_ERROR_IS_OK(r.out.result)) {
318 err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed - %s", win_errstr(r.out.result));
319 torture_fail(tctx, err_msg);
320 } else if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
321 err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed on name - %d",
322 r.out.ctr->ctr1->array[0].status);
323 torture_fail(tctx, err_msg);
324 }
325
326 priv->domain_dns_name = r.out.ctr->ctr1->array[0].dns_domain_name;
327 priv->domain_guid_str = r.out.ctr->ctr1->array[0].result_name;
328 GUID_from_string(priv->domain_guid_str, &priv->domain_guid);
329
330 r.in.req->req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
331
332 torture_comment(tctx, "Testing DsCrackNames with name '%s'"
333 " offered format: %d desired format:%d\n",
334 names[0].str,
335 r.in.req->req1.format_offered,
336 r.in.req->req1.format_desired);
337
338 status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r);
339 if (!NT_STATUS_IS_OK(status)) {
340 const char *errstr = nt_errstr(status);
341 err_msg = talloc_asprintf(mem_ctx, "dcerpc_drsuapi_DsCrackNames failed - %s", errstr);
342 torture_fail(tctx, err_msg);
343 } else if (!W_ERROR_IS_OK(r.out.result)) {
344 err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed - %s", win_errstr(r.out.result));
345 torture_fail(tctx, err_msg);
346 } else if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
347 err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed on name - %d",
348 r.out.ctr->ctr1->array[0].status);
349 torture_fail(tctx, err_msg);
350 }
351
352 ldb = ldb_init(mem_ctx, tctx->ev);
353
354 realm_dn_str = r.out.ctr->ctr1->array[0].result_name;
355 realm_dn = ldb_dn_new(mem_ctx, ldb, realm_dn_str);
356 realm_canonical = ldb_dn_canonical_string(mem_ctx, realm_dn);
357
358 if (strcmp(realm_canonical,
359 talloc_asprintf(mem_ctx, "%s/", dns_domain))!= 0) {
360 err_msg = talloc_asprintf(mem_ctx, "local Round trip on canonical name failed: %s != %s!",
361 realm_canonical,
362 talloc_asprintf(mem_ctx, "%s/", dns_domain));
363 torture_fail(tctx, err_msg);
364 };
365
366 realm_canonical_ex = ldb_dn_canonical_ex_string(mem_ctx, realm_dn);
367
368 if (strcmp(realm_canonical_ex,
369 talloc_asprintf(mem_ctx, "%s\n", dns_domain))!= 0) {
370 err_msg = talloc_asprintf(mem_ctx, "local Round trip on canonical ex name failed: %s != %s!",
371 realm_canonical_ex,
372 talloc_asprintf(mem_ctx, "%s\n", dns_domain));
373 torture_fail(tctx, err_msg);
374 };
375
376 r.in.req->req1.format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT;
377 r.in.req->req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
378 names[0].str = nt4_domain;
379
380 torture_comment(tctx, "Testing DsCrackNames with name '%s'"
381 " offered format: %d desired format:%d\n",
382 names[0].str,
383 r.in.req->req1.format_offered,
384 r.in.req->req1.format_desired);
385
386 status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r);
387 if (!NT_STATUS_IS_OK(status)) {
388 const char *errstr = nt_errstr(status);
389 err_msg = talloc_asprintf(mem_ctx, "dcerpc_drsuapi_DsCrackNames failed - %s", errstr);
390 torture_fail(tctx, err_msg);
391 } else if (!W_ERROR_IS_OK(r.out.result)) {
392 err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed - %s", win_errstr(r.out.result));
393 torture_fail(tctx, err_msg);
394 } else if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
395 err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed on name - %d",
396 r.out.ctr->ctr1->array[0].status);
397 torture_fail(tctx, err_msg);
398 }
399
400 priv->domain_obj_dn = r.out.ctr->ctr1->array[0].result_name;
401
402 r.in.req->req1.format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT;
403 r.in.req->req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
404 names[0].str = talloc_asprintf(mem_ctx, "%s%s$", nt4_domain, test_dc);
405
406 torture_comment(tctx, "Testing DsCrackNames with name '%s'"
407 " offered format: %d desired format:%d\n",
408 names[0].str,
409 r.in.req->req1.format_offered,
410 r.in.req->req1.format_desired);
411
412 status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r);
413 if (!NT_STATUS_IS_OK(status)) {
414 const char *errstr = nt_errstr(status);
415 err_msg = talloc_asprintf(mem_ctx, "dcerpc_drsuapi_DsCrackNames failed - %s", errstr);
416 torture_fail(tctx, err_msg);
417 } else if (!W_ERROR_IS_OK(r.out.result)) {
418 err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed - %s", win_errstr(r.out.result));
419 torture_fail(tctx, err_msg);
420 } else if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
421 err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed on name - %d",
422 r.out.ctr->ctr1->array[0].status);
423 torture_fail(tctx, err_msg);
424 }
425
426 FQDN_1779_name = r.out.ctr->ctr1->array[0].result_name;
427
428 r.in.req->req1.format_offered = DRSUAPI_DS_NAME_FORMAT_GUID;
429 r.in.req->req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
430 names[0].str = priv->domain_guid_str;
431
432 torture_comment(tctx, "Testing DsCrackNames with name '%s'"
433 " offered format: %d desired format:%d\n",
434 names[0].str,
435 r.in.req->req1.format_offered,
436 r.in.req->req1.format_desired);
437
438 status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r);
439 if (!NT_STATUS_IS_OK(status)) {
440 const char *errstr = nt_errstr(status);
441 err_msg = talloc_asprintf(mem_ctx, "dcerpc_drsuapi_DsCrackNames failed - %s", errstr);
442 torture_fail(tctx, err_msg);
443 } else if (!W_ERROR_IS_OK(r.out.result)) {
444 err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed - %s", win_errstr(r.out.result));
445 torture_fail(tctx, err_msg);
446 } else if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
447 err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed on name - %d",
448 r.out.ctr->ctr1->array[0].status);
449 torture_fail(tctx, err_msg);
450 }
451
452 if (strcmp(priv->domain_dns_name, r.out.ctr->ctr1->array[0].dns_domain_name) != 0) {
453 err_msg = talloc_asprintf(mem_ctx,
454 "DsCrackNames failed to return same DNS name - expected %s got %s",
455 priv->domain_dns_name, r.out.ctr->ctr1->array[0].dns_domain_name);
456 torture_fail(tctx, err_msg);
457 }
458
459 FQDN_1779_dn = ldb_dn_new(mem_ctx, ldb, FQDN_1779_name);
460
461 canonical_name = ldb_dn_canonical_string(mem_ctx, FQDN_1779_dn);
462 canonical_ex_name = ldb_dn_canonical_ex_string(mem_ctx, FQDN_1779_dn);
463
464 user_principal_name = talloc_asprintf(mem_ctx, "%s$@%s", test_dc, dns_domain);
465
466 /* form up a user@DOMAIN */
467 user_principal_name_short = talloc_asprintf(mem_ctx, "%s$@%s", test_dc, nt4_domain);
468 /* variable nt4_domain includs a trailing \ */
469 user_principal_name_short[strlen(user_principal_name_short) - 1] = '\0';
470
471 service_principal_name = talloc_asprintf(mem_ctx, "HOST/%s", test_dc);
472 {
473
474 struct {
475 enum drsuapi_DsNameFormat format_offered;
476 enum drsuapi_DsNameFormat format_desired;
477 const char *comment;
478 const char *str;
479 const char *expected_str;
480 const char *expected_dns;
481 enum drsuapi_DsNameStatus status;
482 enum drsuapi_DsNameStatus alternate_status;
483 enum drsuapi_DsNameFlags flags;
484 bool skip;
485 } crack[] = {
486 {
487 .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
488 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
489 .str = user_principal_name,
490 .expected_str = FQDN_1779_name,
491 .status = DRSUAPI_DS_NAME_STATUS_OK
492 },
493 {
494 .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
495 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
496 .str = user_principal_name_short,
497 .expected_str = FQDN_1779_name,
498 .status = DRSUAPI_DS_NAME_STATUS_OK
499 },
500 {
501 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
502 .format_desired = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
503 .str = FQDN_1779_name,
504 .status = DRSUAPI_DS_NAME_STATUS_NO_MAPPING
505 },
506 {
507 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
508 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
509 .str = service_principal_name,
510 .expected_str = FQDN_1779_name,
511 .status = DRSUAPI_DS_NAME_STATUS_OK
512 },
513 {
514 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
515 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
516 .str = talloc_asprintf(mem_ctx, "cifs/%s.%s", test_dc, dns_domain),
517 .comment = "ServicePrincipal Name",
518 .expected_str = FQDN_1779_name,
519 .status = DRSUAPI_DS_NAME_STATUS_OK
520 },
521 {
522 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
523 .format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL,
524 .str = FQDN_1779_name,
525 .expected_str = canonical_name,
526 .status = DRSUAPI_DS_NAME_STATUS_OK
527 },
528 {
529 .format_offered = DRSUAPI_DS_NAME_FORMAT_CANONICAL,
530 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
531 .str = canonical_name,
532 .expected_str = FQDN_1779_name,
533 .status = DRSUAPI_DS_NAME_STATUS_OK
534 },
535 {
536 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
537 .format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX,
538 .str = FQDN_1779_name,
539 .expected_str = canonical_ex_name,
540 .status = DRSUAPI_DS_NAME_STATUS_OK
541 },
542 {
543 .format_offered = DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX,
544 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
545 .str = canonical_ex_name,
546 .expected_str = FQDN_1779_name,
547 .status = DRSUAPI_DS_NAME_STATUS_OK
548 },
549 {
550 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
551 .format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL,
552 .str = FQDN_1779_name,
553 .comment = "DN to cannoical syntactial only",
554 .status = DRSUAPI_DS_NAME_STATUS_OK,
555 .expected_str = canonical_name,
556 .flags = DRSUAPI_DS_NAME_FLAG_SYNTACTICAL_ONLY
557 },
558 {
559 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
560 .format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX,
561 .str = FQDN_1779_name,
562 .comment = "DN to cannoical EX syntactial only",
563 .status = DRSUAPI_DS_NAME_STATUS_OK,
564 .expected_str = canonical_ex_name,
565 .flags = DRSUAPI_DS_NAME_FLAG_SYNTACTICAL_ONLY
566 },
567 {
568 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
569 .format_desired = DRSUAPI_DS_NAME_FORMAT_DISPLAY,
570 .str = FQDN_1779_name,
571 .status = DRSUAPI_DS_NAME_STATUS_OK
572 },
573 {
574 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
575 .format_desired = DRSUAPI_DS_NAME_FORMAT_GUID,
576 .str = FQDN_1779_name,
577 .status = DRSUAPI_DS_NAME_STATUS_OK
578 },
579 {
580 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
581 .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
582 .str = priv->domain_guid_str,
583 .comment = "Domain GUID to NT4 ACCOUNT",
584 .expected_str = nt4_domain,
585 .status = DRSUAPI_DS_NAME_STATUS_OK
586 },
587 {
588 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
589 .format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL,
590 .str = priv->domain_guid_str,
591 .comment = "Domain GUID to Canonical",
592 .expected_str = talloc_asprintf(mem_ctx, "%s/", dns_domain),
593 .status = DRSUAPI_DS_NAME_STATUS_OK
594 },
595 {
596 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
597 .format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX,
598 .str = priv->domain_guid_str,
599 .comment = "Domain GUID to Canonical EX",
600 .expected_str = talloc_asprintf(mem_ctx, "%s\n", dns_domain),
601 .status = DRSUAPI_DS_NAME_STATUS_OK
602 },
603 {
604 .format_offered = DRSUAPI_DS_NAME_FORMAT_DISPLAY,
605 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
606 .str = "CN=Microsoft Corporation,L=Redmond,S=Washington,C=US",
607 .comment = "display name for Microsoft Support Account",
608 .status = DRSUAPI_DS_NAME_STATUS_OK,
609 .alternate_status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE,
610 .skip = torture_setting_bool(tctx, "samba4", false)
611 },
612 {
613 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
614 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
615 .str = GUID_string2(mem_ctx, torture_join_user_guid(priv->join)),
616 .comment = "Account GUID -> DN",
617 .expected_str = FQDN_1779_name,
618 .status = DRSUAPI_DS_NAME_STATUS_OK
619 },
620 {
621 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
622 .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
623 .str = GUID_string2(mem_ctx, torture_join_user_guid(priv->join)),
624 .comment = "Account GUID -> NT4 Account",
625 .expected_str = talloc_asprintf(mem_ctx, "%s%s$", nt4_domain, test_dc),
626 .status = DRSUAPI_DS_NAME_STATUS_OK
627 },
628 {
629 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
630 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
631 .str = GUID_string2(mem_ctx, &priv->dcinfo.site_guid),
632 .comment = "Site GUID",
633 .expected_str = priv->dcinfo.site_dn,
634 .status = DRSUAPI_DS_NAME_STATUS_OK
635 },
636 {
637 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
638 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
639 .str = GUID_string2(mem_ctx, &priv->dcinfo.computer_guid),
640 .comment = "Computer GUID",
641 .expected_str = priv->dcinfo.computer_dn,
642 .status = DRSUAPI_DS_NAME_STATUS_OK
643 },
644 {
645 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
646 .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
647 .str = GUID_string2(mem_ctx, &priv->dcinfo.computer_guid),
648 .comment = "Computer GUID -> NT4 Account",
649 .status = DRSUAPI_DS_NAME_STATUS_OK
650 },
651 {
652 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
653 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
654 .str = GUID_string2(mem_ctx, &priv->dcinfo.server_guid),
655 .comment = "Server GUID",
656 .expected_str = priv->dcinfo.server_dn,
657 .status = DRSUAPI_DS_NAME_STATUS_OK
658 },
659 {
660 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
661 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
662 .str = GUID_string2(mem_ctx, &priv->dcinfo.ntds_guid),
663 .comment = "NTDS GUID",
664 .expected_str = priv->dcinfo.ntds_dn,
665 .status = DRSUAPI_DS_NAME_STATUS_OK,
666 .skip = GUID_all_zero(&priv->dcinfo.ntds_guid)
667 },
668 {
669 .format_offered = DRSUAPI_DS_NAME_FORMAT_DISPLAY,
670 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
671 .str = test_dc,
672 .comment = "DISLPAY NAME search for DC short name",
673 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
674 },
675 {
676 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
677 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
678 .str = talloc_asprintf(mem_ctx, "krbtgt/%s", dns_domain),
679 .comment = "Looking for KRBTGT as a serivce principal",
680 .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY,
681 .expected_dns = dns_domain
682 },
683 {
684 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
685 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
686 .str = talloc_asprintf(mem_ctx, "bogus/%s", dns_domain),
687 .comment = "Looking for bogus serivce principal",
688 .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY,
689 .expected_dns = dns_domain
690 },
691 {
692 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
693 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
694 .str = talloc_asprintf(mem_ctx, "bogus/%s.%s", test_dc, dns_domain),
695 .comment = "Looking for bogus serivce on test DC",
696 .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY,
697 .expected_dns = talloc_asprintf(mem_ctx, "%s.%s", test_dc, dns_domain)
698 },
699 {
700 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
701 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
702 .str = talloc_asprintf(mem_ctx, "krbtgt"),
703 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
704 },
705 {
706 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
707 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
708 .comment = "Looking for the kadmin/changepw service as a serivce principal",
709 .str = talloc_asprintf(mem_ctx, "kadmin/changepw"),
710 .status = DRSUAPI_DS_NAME_STATUS_OK,
711 .expected_str = talloc_asprintf(mem_ctx, "CN=krbtgt,CN=Users,%s", realm_dn_str),
712 .alternate_status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
713 },
714 {
715 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
716 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
717 .str = talloc_asprintf(mem_ctx, "cifs/%s.%s@%s",
718 test_dc, dns_domain,
719 dns_domain),
720 .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY
721 },
722 {
723 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
724 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
725 .str = talloc_asprintf(mem_ctx, "cifs/%s.%s@%s",
726 test_dc, dns_domain,
727 "BOGUS"),
728 .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY,
729 .expected_dns = "BOGUS"
730 },
731 {
732 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
733 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
734 .str = talloc_asprintf(mem_ctx, "cifs/%s.%s@%s",
735 test_dc, "REALLY",
736 "BOGUS"),
737 .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY,
738 .expected_dns = "BOGUS"
739 },
740 {
741 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
742 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
743 .str = talloc_asprintf(mem_ctx, "cifs/%s.%s",
744 test_dc, dns_domain),
745 .status = DRSUAPI_DS_NAME_STATUS_OK
746 },
747 {
748 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
749 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
750 .str = talloc_asprintf(mem_ctx, "cifs/%s",
751 test_dc),
752 .status = DRSUAPI_DS_NAME_STATUS_OK
753 },
754 {
755 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
756 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
757 .str = "NOT A GUID",
758 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
759 },
760 {
761 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
762 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
763 .str = "NOT A SID",
764 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
765 },
766 {
767 .format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
768 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
769 .str = "NOT AN NT4 NAME",
770 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
771 },
772 {
773 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
774 .format_desired = DRSUAPI_DS_NAME_FORMAT_GUID,
775 .comment = "Unparsable DN",
776 .str = "NOT A DN",
777 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
778 },
779 {
780 .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
781 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
782 .comment = "Unparsable user principal",
783 .str = "NOT A PRINCIPAL",
784 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
785 },
786 {
787 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
788 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
789 .comment = "Unparsable service principal",
790 .str = "NOT A SERVICE PRINCIPAL",
791 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
792 },
793 {
794 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
795 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
796 .comment = "BIND GUID (ie, not in the directory)",
797 .str = GUID_string2(mem_ctx, &priv->bind_guid),
798 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
799 },
800 {
801 .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
802 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
803 .comment = "Unqualified Machine account as user principal",
804 .str = talloc_asprintf(mem_ctx, "%s$", test_dc),
805 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
806 },
807 {
808 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
809 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
810 .comment = "Machine account as service principal",
811 .str = talloc_asprintf(mem_ctx, "%s$", test_dc),
812 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
813 },
814 {
815 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
816 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
817 .comment = "Full Machine account as service principal",
818 .str = user_principal_name,
819 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
820 },
821 {
822 .format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
823 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
824 .comment = "Realm as an NT4 domain lookup",
825 .str = talloc_asprintf(mem_ctx, "%s\\", dns_domain),
826 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
827 },
828 {
829 .format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
830 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
831 .comment = "BUILTIN\\ -> DN",
832 .str = "BUILTIN\\",
833 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
834 },
835 {
836 .format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
837 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
838 .comment = "NT AUTHORITY\\ -> DN",
839 .str = "NT AUTHORITY\\",
840 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
841 },
842 {
843 .format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
844 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
845 .comment = "NT AUTHORITY\\ANONYMOUS LOGON -> DN",
846 .str = "NT AUTHORITY\\ANONYMOUS LOGON",
847 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
848 },
849 {
850 .format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
851 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
852 .comment = "NT AUTHORITY\\SYSTEM -> DN",
853 .str = "NT AUTHORITY\\SYSTEM",
854 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
855 },
856 {
857 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
858 .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
859 .comment = "BUITIN SID -> NT4 account",
860 .str = SID_BUILTIN,
861 .status = DRSUAPI_DS_NAME_STATUS_NO_MAPPING,
862 .alternate_status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
863 },
864 {
865 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
866 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
867 .str = SID_BUILTIN,
868 .comment = "Builtin Domain SID -> DN",
869 .status = DRSUAPI_DS_NAME_STATUS_OK,
870 .expected_str = talloc_asprintf(mem_ctx, "CN=Builtin,%s", realm_dn_str),
871 .alternate_status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
872 },
873 {
874 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
875 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
876 .str = SID_BUILTIN_ADMINISTRATORS,
877 .comment = "Builtin Administrors SID -> DN",
878 .status = DRSUAPI_DS_NAME_STATUS_OK,
879 .alternate_status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
880 },
881 {
882 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
883 .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
884 .str = SID_BUILTIN_ADMINISTRATORS,
885 .comment = "Builtin Administrors SID -> NT4 Account",
886 .status = DRSUAPI_DS_NAME_STATUS_OK,
887 .alternate_status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
888 },
889 {
890 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
891 .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
892 .str = SID_NT_ANONYMOUS,
893 .comment = "NT Anonymous SID -> NT4 Account",
894 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
895 },
896 {
897 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
898 .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
899 .str = SID_NT_SYSTEM,
900 .comment = "NT SYSTEM SID -> NT4 Account",
901 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
902 },
903 {
904 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
905 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
906 .comment = "Domain SID -> DN",
907 .str = dom_sid,
908 .expected_str = realm_dn_str,
909 .status = DRSUAPI_DS_NAME_STATUS_OK
910 },
911 {
912 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
913 .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
914 .comment = "Domain SID -> NT4 account",
915 .str = dom_sid,
916 .expected_str = nt4_domain,
917 .status = DRSUAPI_DS_NAME_STATUS_OK
918 },
919 {
920 .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
921 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
922 .comment = "invalid user principal name",
923 .str = "foo@bar",
924 .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY,
925 .expected_dns = "bar"
926 },
927 {
928 .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
929 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
930 .comment = "invalid user principal name in valid domain",
931 .str = talloc_asprintf(mem_ctx, "invalidusername@%s", dns_domain),
932 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
933 }
934 };
935 int i;
936
937 for (i=0; i < ARRAY_SIZE(crack); i++) {
938 torture_comment(tctx, "Testing DsCrackNames with name '%s'"
939 " offered format: %d desired format:%d\n",
940 crack[i].str,
941 crack[i].format_offered,
942 crack[i].format_desired);
943
944 const char *comment;
945 r.in.req->req1.format_flags = crack[i].flags;
946 r.in.req->req1.format_offered = crack[i].format_offered;
947 r.in.req->req1.format_desired = crack[i].format_desired;
948 names[0].str = crack[i].str;
949
950 if (crack[i].comment) {
951 comment = talloc_asprintf(mem_ctx,
952 "'%s' with name '%s' offered format:%d desired format:%d\n",
953 crack[i].comment, names[0].str,
954 r.in.req->req1.format_offered,
955 r.in.req->req1.format_desired);
956 } else {
957 comment = talloc_asprintf(mem_ctx, "'%s' offered format:%d desired format:%d\n",
958 names[0].str,
959 r.in.req->req1.format_offered,
960 r.in.req->req1.format_desired);
961 }
962 if (crack[i].skip) {
963 torture_comment(tctx, "skipping: %s", comment);
964 continue;
965 }
966 status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r);
967 if (!NT_STATUS_IS_OK(status)) {
968 const char *errstr = nt_errstr(status);
969 err_msg = talloc_asprintf(mem_ctx, "dcerpc_drsuapi_DsCrackNames failed - %s", errstr);
970 torture_fail(tctx, err_msg);
971 } else if (!W_ERROR_IS_OK(r.out.result)) {
972 err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed - %s", win_errstr(r.out.result));
973 torture_fail(tctx, err_msg);
974 } else if (r.out.ctr->ctr1->array[0].status != crack[i].status) {
975 if (crack[i].alternate_status) {
976 if (r.out.ctr->ctr1->array[0].status != crack[i].alternate_status) {
977 err_msg = talloc_asprintf(mem_ctx,
978 "DsCrackNames unexpected status %d, wanted %d or %d on: %s",
979 r.out.ctr->ctr1->array[0].status,
980 crack[i].status,
981 crack[i].alternate_status,
982 comment);
983 torture_fail(tctx, err_msg);
984 }
985 } else {
986 err_msg = talloc_asprintf(mem_ctx,
987 "DsCrackNames unexpected status %d, wanted %d on: %s\n",
988 r.out.ctr->ctr1->array[0].status,
989 crack[i].status,
990 comment);
991 torture_fail(tctx, err_msg);
992 }
993 } else if (crack[i].expected_str &&
994 (!r.out.ctr->ctr1->count ||
995 !r.out.ctr->ctr1->array[0].result_name))
996 {
997 if (!r.out.ctr->ctr1->count) {
998 err_msg = talloc_asprintf(mem_ctx,
999 "DsCrackNames failed - got 0 entries, expected %s on %s",
1000 crack[i].expected_str, comment);
1001 torture_fail(tctx, err_msg);
1002 } else {
1003 err_msg = talloc_asprintf(mem_ctx,
1004 "DsCrackNames failed - got NULL pointer, expected %s on %s",
1005 crack[i].expected_str, comment);
1006 torture_fail(tctx, err_msg);
1007 }
1008 } else if (crack[i].expected_str
1009 && (strcmp(r.out.ctr->ctr1->array[0].result_name,
1010 crack[i].expected_str) != 0))
1011 {
1012 if (strcasecmp(r.out.ctr->ctr1->array[0].result_name,
1013 crack[i].expected_str) != 0) {
1014 err_msg = talloc_asprintf(mem_ctx,
1015 "DsCrackNames failed - got %s, expected %s on %s",
1016 r.out.ctr->ctr1->array[0].result_name,
1017 crack[i].expected_str, comment);
1018 torture_fail(tctx, err_msg);
1019 } else {
1020 torture_comment(tctx,
1021 "(warning) DsCrackNames returned different case - got %s, expected %s on %s\n",
1022 r.out.ctr->ctr1->array[0].result_name,
1023 crack[i].expected_str, comment);
1024 }
1025 } else if (crack[i].expected_dns
1026 && (strcmp(r.out.ctr->ctr1->array[0].dns_domain_name,
1027 crack[i].expected_dns) != 0)) {
1028 err_msg = talloc_asprintf(mem_ctx,
1029 "DsCrackNames failed - got DNS name %s, expected %s on %s",
1030 r.out.ctr->ctr1->array[0].result_name,
1031 crack[i].expected_str, comment);
1032 torture_fail(tctx, err_msg);
1033 }
1034
1035 torture_comment(tctx, "Testing DsCrackNames got %s\n", r.out.ctr->ctr1->array[0].result_name);
1036 }
1037 }
1038
1039 return test_DsCrackNamesMatrix(tctx, priv, FQDN_1779_name,
1040 user_principal_name, service_principal_name);
1041 }
1042
1043 /**
1044 * Test case setup for CrackNames
1045 */
1046 static bool torture_drsuapi_cracknames_setup(struct torture_context *tctx, void **data)
1047 {
1048 struct DsCrackNamesPrivate *priv;
1049
1050 *data = priv = talloc_zero(tctx, struct DsCrackNamesPrivate);
1051
1052 return torture_drsuapi_tcase_setup_common(tctx, &priv->base);
1053 }
1054
1055 /**
1056 * Test case tear-down for CrackNames
1057 */
1058 static bool torture_drsuapi_cracknames_teardown(struct torture_context *tctx, void *data)
1059 {
1060 struct DsCrackNamesPrivate *priv = talloc_get_type(data, struct DsCrackNamesPrivate);
1061
1062 return torture_drsuapi_tcase_teardown_common(tctx, &priv->base);
1063 }
1064
1065 /**
1066 * CRACKNAMES test suite implementation
1067 */
1068 void torture_rpc_drsuapi_cracknames_tcase(struct torture_suite *suite)
1069 {
1070 typedef bool (*run_func) (struct torture_context *test, void *tcase_data);
1071
1072 struct torture_tcase *tcase = torture_suite_add_tcase(suite, "cracknames");
1073
1074 torture_tcase_set_fixture(tcase,
1075 torture_drsuapi_cracknames_setup,
1076 torture_drsuapi_cracknames_teardown);
1077
1078 torture_tcase_add_simple_test(tcase, "cracknames-test", (run_func)test_DsCrackNames);
1079 }
Samba GIT mirror