2 Unix SMB/CIFS implementation.
6 Copyright (C) Andrew Tridgell 2003
7 Copyright (C) Stefan (metze) Metzmacher 2004
8 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
25 #include "librpc/gen_ndr/ndr_drsuapi_c.h"
26 #include "torture/rpc/rpc.h"
27 #include "ldb/include/ldb.h"
28 #include "libcli/security/security.h"
30 struct DsCrackNamesPrivate
{
31 struct DsPrivate base
;
33 /* following names are used in Crack Names Matrix test */
34 const char *fqdn_name
;
35 const char *user_principal_name
;
36 const char *service_principal_name
;
39 static bool test_DsCrackNamesMatrix(struct torture_context
*tctx
,
40 struct DsPrivate
*priv
, const char *dn
,
41 const char *user_principal_name
, const char *service_principal_name
)
45 struct drsuapi_DsCrackNames r
;
46 union drsuapi_DsNameRequest req
;
48 union drsuapi_DsNameCtr ctr
;
49 struct dcerpc_pipe
*p
= priv
->drs_pipe
;
50 TALLOC_CTX
*mem_ctx
= priv
;
52 enum drsuapi_DsNameFormat formats
[] = {
53 DRSUAPI_DS_NAME_FORMAT_UNKNOWN
,
54 DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
55 DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT
,
56 DRSUAPI_DS_NAME_FORMAT_DISPLAY
,
57 DRSUAPI_DS_NAME_FORMAT_GUID
,
58 DRSUAPI_DS_NAME_FORMAT_CANONICAL
,
59 DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL
,
60 DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX
,
61 DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL
,
62 DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY
,
63 DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN
65 struct drsuapi_DsNameString names
[ARRAY_SIZE(formats
)];
68 const char *n_matrix
[ARRAY_SIZE(formats
)][ARRAY_SIZE(formats
)];
69 const char *n_from
[ARRAY_SIZE(formats
)];
72 r
.in
.bind_handle
= &priv
->bind_handle
;
75 r
.in
.req
->req1
.codepage
= 1252; /* german */
76 r
.in
.req
->req1
.language
= 0x00000407; /* german */
77 r
.in
.req
->req1
.count
= 1;
78 r
.in
.req
->req1
.names
= names
;
79 r
.in
.req
->req1
.format_flags
= DRSUAPI_DS_NAME_FLAG_NO_FLAGS
;
81 r
.out
.level_out
= &level_out
;
86 for (i
= 0; i
< ARRAY_SIZE(formats
); i
++) {
87 r
.in
.req
->req1
.format_offered
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
;
88 r
.in
.req
->req1
.format_desired
= formats
[i
];
90 status
= dcerpc_drsuapi_DsCrackNames(p
, mem_ctx
, &r
);
91 if (!NT_STATUS_IS_OK(status
)) {
92 const char *errstr
= nt_errstr(status
);
93 if (NT_STATUS_EQUAL(status
, NT_STATUS_NET_WRITE_FAULT
)) {
94 errstr
= dcerpc_errstr(mem_ctx
, p
->last_fault_code
);
96 err_msg
= talloc_asprintf(mem_ctx
,
97 "testing DsCrackNames (matrix prep) with name '%s' from format: %d desired format:%d failed - %s",
98 names
[0].str
, r
.in
.req
->req1
.format_offered
, r
.in
.req
->req1
.format_desired
, errstr
);
99 torture_fail(tctx
, err_msg
);
100 } else if (!W_ERROR_IS_OK(r
.out
.result
)) {
101 err_msg
= talloc_asprintf(mem_ctx
,
102 "testing DsCrackNames (matrix prep) with name '%s' from format: %d desired format:%d failed - %s",
103 names
[0].str
, r
.in
.req
->req1
.format_offered
, r
.in
.req
->req1
.format_desired
, win_errstr(r
.out
.result
));
104 torture_fail(tctx
, err_msg
);
107 switch (formats
[i
]) {
108 case DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL
:
109 if (r
.out
.ctr
->ctr1
->array
[0].status
!= DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
) {
110 err_msg
= talloc_asprintf(mem_ctx
,
111 "Unexpected error (%d): This name lookup should fail",
112 r
.out
.ctr
->ctr1
->array
[0].status
);
113 torture_fail(tctx
, err_msg
);
115 torture_comment(tctx
, __location__
": (expected) error\n");
117 case DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL
:
118 if (r
.out
.ctr
->ctr1
->array
[0].status
!= DRSUAPI_DS_NAME_STATUS_NO_MAPPING
) {
119 err_msg
= talloc_asprintf(mem_ctx
,
120 "Unexpected error (%d): This name lookup should fail",
121 r
.out
.ctr
->ctr1
->array
[0].status
);
122 torture_fail(tctx
, err_msg
);
124 torture_comment(tctx
, __location__
": (expected) error\n");
126 case DRSUAPI_DS_NAME_FORMAT_UNKNOWN
: /* should fail as we ask server to convert to Unknown format */
127 case DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN
:
128 case DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY
:
129 if (r
.out
.ctr
->ctr1
->array
[0].status
!= DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR
) {
130 err_msg
= talloc_asprintf(mem_ctx
,
131 "Unexpected error (%d): This name lookup should fail",
132 r
.out
.ctr
->ctr1
->array
[0].status
);
133 torture_fail(tctx
, err_msg
);
135 torture_comment(tctx
, __location__
": (expected) error\n");
138 if (r
.out
.ctr
->ctr1
->array
[0].status
!= DRSUAPI_DS_NAME_STATUS_OK
) {
139 err_msg
= talloc_asprintf(mem_ctx
,
140 "DsCrackNames error: %d",
141 r
.out
.ctr
->ctr1
->array
[0].status
);
142 torture_fail(tctx
, err_msg
);
147 switch (formats
[i
]) {
148 case DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL
:
149 n_from
[i
] = user_principal_name
;
151 case DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL
:
152 n_from
[i
] = service_principal_name
;
154 case DRSUAPI_DS_NAME_FORMAT_UNKNOWN
:
155 case DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY
:
156 case DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN
:
160 n_from
[i
] = r
.out
.ctr
->ctr1
->array
[0].result_name
;
161 printf("%s\n", n_from
[i
]);
166 for (i
= 0; i
< ARRAY_SIZE(formats
); i
++) {
167 for (j
= 0; j
< ARRAY_SIZE(formats
); j
++) {
168 r
.in
.req
->req1
.format_offered
= formats
[i
];
169 r
.in
.req
->req1
.format_desired
= formats
[j
];
171 n_matrix
[i
][j
] = NULL
;
174 names
[0].str
= n_from
[i
];
175 status
= dcerpc_drsuapi_DsCrackNames(p
, mem_ctx
, &r
);
176 if (!NT_STATUS_IS_OK(status
)) {
177 const char *errstr
= nt_errstr(status
);
178 if (NT_STATUS_EQUAL(status
, NT_STATUS_NET_WRITE_FAULT
)) {
179 errstr
= dcerpc_errstr(mem_ctx
, p
->last_fault_code
);
181 err_msg
= talloc_asprintf(mem_ctx
,
182 "testing DsCrackNames (matrix) with name '%s' from format: %d desired format:%d failed - %s",
183 names
[0].str
, r
.in
.req
->req1
.format_offered
, r
.in
.req
->req1
.format_desired
, errstr
);
184 torture_fail(tctx
, err_msg
);
185 } else if (!W_ERROR_IS_OK(r
.out
.result
)) {
186 err_msg
= talloc_asprintf(mem_ctx
,
187 "testing DsCrackNames (matrix) with name '%s' from format: %d desired format:%d failed - %s",
188 names
[0].str
, r
.in
.req
->req1
.format_offered
, r
.in
.req
->req1
.format_desired
,
189 win_errstr(r
.out
.result
));
190 torture_fail(tctx
, err_msg
);
193 if (r
.out
.ctr
->ctr1
->array
[0].status
== DRSUAPI_DS_NAME_STATUS_OK
) {
194 n_matrix
[i
][j
] = r
.out
.ctr
->ctr1
->array
[0].result_name
;
196 n_matrix
[i
][j
] = NULL
;
201 for (i
= 0; i
< ARRAY_SIZE(formats
); i
++) {
202 for (j
= 0; j
< ARRAY_SIZE(formats
); j
++) {
203 if (n_matrix
[i
][j
] == n_from
[j
]) {
205 /* We don't have a from name for these yet (and we can't map to them to find it out) */
206 } else if (n_matrix
[i
][j
] == NULL
&& n_from
[i
] == NULL
) {
208 /* we can't map to these two */
209 } else if (n_matrix
[i
][j
] == NULL
&& formats
[j
] == DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL
) {
210 } else if (n_matrix
[i
][j
] == NULL
&& formats
[j
] == DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL
) {
211 } else if (n_matrix
[i
][j
] == NULL
&& n_from
[j
] != NULL
) {
212 err_msg
= talloc_asprintf(mem_ctx
,
213 "dcerpc_drsuapi_DsCrackNames mismatch - from %d to %d: %s should be %s",
214 formats
[i
], formats
[j
], n_matrix
[i
][j
], n_from
[j
]);
215 torture_fail(tctx
, err_msg
);
216 } else if (n_matrix
[i
][j
] != NULL
&& n_from
[j
] == NULL
) {
217 err_msg
= talloc_asprintf(mem_ctx
,
218 "dcerpc_drsuapi_DsCrackNames mismatch - from %d to %d: %s should be %s",
219 formats
[i
], formats
[j
], n_matrix
[i
][j
], n_from
[j
]);
220 torture_fail(tctx
, err_msg
);
221 } else if (strcmp(n_matrix
[i
][j
], n_from
[j
]) != 0) {
222 err_msg
= talloc_asprintf(mem_ctx
,
223 "dcerpc_drsuapi_DsCrackNames mismatch - from %d to %d: %s should be %s",
224 formats
[i
], formats
[j
], n_matrix
[i
][j
], n_from
[j
]);
225 torture_fail(tctx
, err_msg
);
233 bool test_DsCrackNames(struct torture_context
*tctx
,
234 struct DsPrivate
*priv
)
238 struct drsuapi_DsCrackNames r
;
239 union drsuapi_DsNameRequest req
;
241 union drsuapi_DsNameCtr ctr
;
242 struct drsuapi_DsNameString names
[1];
243 const char *dns_domain
;
244 const char *nt4_domain
;
245 const char *FQDN_1779_name
;
246 struct ldb_context
*ldb
;
247 struct ldb_dn
*FQDN_1779_dn
;
248 struct ldb_dn
*realm_dn
;
249 const char *realm_dn_str
;
250 const char *realm_canonical
;
251 const char *realm_canonical_ex
;
252 const char *user_principal_name
;
253 char *user_principal_name_short
;
254 const char *service_principal_name
;
255 const char *canonical_name
;
256 const char *canonical_ex_name
;
258 const char *test_dc
= torture_join_netbios_name(priv
->join
);
259 struct dcerpc_pipe
*p
= priv
->drs_pipe
;
260 TALLOC_CTX
*mem_ctx
= priv
;
263 r
.in
.bind_handle
= &priv
->bind_handle
;
266 r
.in
.req
->req1
.codepage
= 1252; /* german */
267 r
.in
.req
->req1
.language
= 0x00000407; /* german */
268 r
.in
.req
->req1
.count
= 1;
269 r
.in
.req
->req1
.names
= names
;
270 r
.in
.req
->req1
.format_flags
= DRSUAPI_DS_NAME_FLAG_NO_FLAGS
;
272 r
.in
.req
->req1
.format_offered
= DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY
;
273 r
.in
.req
->req1
.format_desired
= DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT
;
275 r
.out
.level_out
= &level_out
;
278 dom_sid
= dom_sid_string(mem_ctx
, torture_join_sid(priv
->join
));
280 names
[0].str
= dom_sid
;
282 torture_comment(tctx
, "testing DsCrackNames with name '%s' desired format:%d\n",
283 names
[0].str
, r
.in
.req
->req1
.format_desired
);
285 status
= dcerpc_drsuapi_DsCrackNames(p
, mem_ctx
, &r
);
286 if (!NT_STATUS_IS_OK(status
)) {
287 const char *errstr
= nt_errstr(status
);
288 if (NT_STATUS_EQUAL(status
, NT_STATUS_NET_WRITE_FAULT
)) {
289 errstr
= dcerpc_errstr(mem_ctx
, p
->last_fault_code
);
291 err_msg
= talloc_asprintf(mem_ctx
, "dcerpc_drsuapi_DsCrackNames failed - %s", errstr
);
292 torture_fail(tctx
, err_msg
);
293 } else if (!W_ERROR_IS_OK(r
.out
.result
)) {
294 err_msg
= talloc_asprintf(mem_ctx
, "DsCrackNames failed - %s", win_errstr(r
.out
.result
));
295 torture_fail(tctx
, err_msg
);
296 } else if (r
.out
.ctr
->ctr1
->array
[0].status
!= DRSUAPI_DS_NAME_STATUS_OK
) {
297 err_msg
= talloc_asprintf(mem_ctx
, "DsCrackNames failed on name - %d",
298 r
.out
.ctr
->ctr1
->array
[0].status
);
299 torture_fail(tctx
, err_msg
);
302 dns_domain
= r
.out
.ctr
->ctr1
->array
[0].dns_domain_name
;
303 nt4_domain
= r
.out
.ctr
->ctr1
->array
[0].result_name
;
305 r
.in
.req
->req1
.format_desired
= DRSUAPI_DS_NAME_FORMAT_GUID
;
307 torture_comment(tctx
, "testing DsCrackNames with name '%s' desired format:%d\n",
308 names
[0].str
, r
.in
.req
->req1
.format_desired
);
310 status
= dcerpc_drsuapi_DsCrackNames(p
, mem_ctx
, &r
);
311 if (!NT_STATUS_IS_OK(status
)) {
312 const char *errstr
= nt_errstr(status
);
313 if (NT_STATUS_EQUAL(status
, NT_STATUS_NET_WRITE_FAULT
)) {
314 errstr
= dcerpc_errstr(mem_ctx
, p
->last_fault_code
);
316 err_msg
= talloc_asprintf(mem_ctx
, "dcerpc_drsuapi_DsCrackNames failed - %s", errstr
);
317 torture_fail(tctx
, err_msg
);
318 } else if (!W_ERROR_IS_OK(r
.out
.result
)) {
319 err_msg
= talloc_asprintf(mem_ctx
, "DsCrackNames failed - %s", win_errstr(r
.out
.result
));
320 torture_fail(tctx
, err_msg
);
321 } else if (r
.out
.ctr
->ctr1
->array
[0].status
!= DRSUAPI_DS_NAME_STATUS_OK
) {
322 err_msg
= talloc_asprintf(mem_ctx
, "DsCrackNames failed on name - %d",
323 r
.out
.ctr
->ctr1
->array
[0].status
);
324 torture_fail(tctx
, err_msg
);
327 priv
->domain_dns_name
= r
.out
.ctr
->ctr1
->array
[0].dns_domain_name
;
328 priv
->domain_guid_str
= r
.out
.ctr
->ctr1
->array
[0].result_name
;
329 GUID_from_string(priv
->domain_guid_str
, &priv
->domain_guid
);
331 r
.in
.req
->req1
.format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
;
333 torture_comment(tctx
, "testing DsCrackNames with name '%s' desired format:%d\n",
334 names
[0].str
, r
.in
.req
->req1
.format_desired
);
336 status
= dcerpc_drsuapi_DsCrackNames(p
, mem_ctx
, &r
);
337 if (!NT_STATUS_IS_OK(status
)) {
338 const char *errstr
= nt_errstr(status
);
339 if (NT_STATUS_EQUAL(status
, NT_STATUS_NET_WRITE_FAULT
)) {
340 errstr
= dcerpc_errstr(mem_ctx
, p
->last_fault_code
);
342 err_msg
= talloc_asprintf(mem_ctx
, "dcerpc_drsuapi_DsCrackNames failed - %s", errstr
);
343 torture_fail(tctx
, err_msg
);
344 } else if (!W_ERROR_IS_OK(r
.out
.result
)) {
345 err_msg
= talloc_asprintf(mem_ctx
, "DsCrackNames failed - %s", win_errstr(r
.out
.result
));
346 torture_fail(tctx
, err_msg
);
347 } else if (r
.out
.ctr
->ctr1
->array
[0].status
!= DRSUAPI_DS_NAME_STATUS_OK
) {
348 err_msg
= talloc_asprintf(mem_ctx
, "DsCrackNames failed on name - %d",
349 r
.out
.ctr
->ctr1
->array
[0].status
);
350 torture_fail(tctx
, err_msg
);
353 ldb
= ldb_init(mem_ctx
, tctx
->ev
);
355 realm_dn_str
= r
.out
.ctr
->ctr1
->array
[0].result_name
;
356 realm_dn
= ldb_dn_new(mem_ctx
, ldb
, realm_dn_str
);
357 realm_canonical
= ldb_dn_canonical_string(mem_ctx
, realm_dn
);
359 if (strcmp(realm_canonical
,
360 talloc_asprintf(mem_ctx
, "%s/", dns_domain
))!= 0) {
361 err_msg
= talloc_asprintf(mem_ctx
, "local Round trip on canonical name failed: %s != %s!",
363 talloc_asprintf(mem_ctx
, "%s/", dns_domain
));
364 torture_fail(tctx
, err_msg
);
367 realm_canonical_ex
= ldb_dn_canonical_ex_string(mem_ctx
, realm_dn
);
369 if (strcmp(realm_canonical_ex
,
370 talloc_asprintf(mem_ctx
, "%s\n", dns_domain
))!= 0) {
371 err_msg
= talloc_asprintf(mem_ctx
, "local Round trip on canonical ex name failed: %s != %s!",
373 talloc_asprintf(mem_ctx
, "%s\n", dns_domain
));
374 torture_fail(tctx
, err_msg
);
377 r
.in
.req
->req1
.format_offered
= DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT
;
378 r
.in
.req
->req1
.format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
;
379 names
[0].str
= nt4_domain
;
381 torture_comment(tctx
, "testing DsCrackNames with name '%s' desired format:%d\n",
382 names
[0].str
, r
.in
.req
->req1
.format_desired
);
384 status
= dcerpc_drsuapi_DsCrackNames(p
, mem_ctx
, &r
);
385 if (!NT_STATUS_IS_OK(status
)) {
386 const char *errstr
= nt_errstr(status
);
387 if (NT_STATUS_EQUAL(status
, NT_STATUS_NET_WRITE_FAULT
)) {
388 errstr
= dcerpc_errstr(mem_ctx
, p
->last_fault_code
);
390 err_msg
= talloc_asprintf(mem_ctx
, "dcerpc_drsuapi_DsCrackNames failed - %s", errstr
);
391 torture_fail(tctx
, err_msg
);
392 } else if (!W_ERROR_IS_OK(r
.out
.result
)) {
393 err_msg
= talloc_asprintf(mem_ctx
, "DsCrackNames failed - %s", win_errstr(r
.out
.result
));
394 torture_fail(tctx
, err_msg
);
395 } else if (r
.out
.ctr
->ctr1
->array
[0].status
!= DRSUAPI_DS_NAME_STATUS_OK
) {
396 err_msg
= talloc_asprintf(mem_ctx
, "DsCrackNames failed on name - %d",
397 r
.out
.ctr
->ctr1
->array
[0].status
);
398 torture_fail(tctx
, err_msg
);
401 priv
->domain_obj_dn
= r
.out
.ctr
->ctr1
->array
[0].result_name
;
403 r
.in
.req
->req1
.format_offered
= DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT
;
404 r
.in
.req
->req1
.format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
;
405 names
[0].str
= talloc_asprintf(mem_ctx
, "%s%s$", nt4_domain
, test_dc
);
407 torture_comment(tctx
, "testing DsCrackNames with name '%s' desired format:%d\n",
408 names
[0].str
, r
.in
.req
->req1
.format_desired
);
410 status
= dcerpc_drsuapi_DsCrackNames(p
, mem_ctx
, &r
);
411 if (!NT_STATUS_IS_OK(status
)) {
412 const char *errstr
= nt_errstr(status
);
413 if (NT_STATUS_EQUAL(status
, NT_STATUS_NET_WRITE_FAULT
)) {
414 errstr
= dcerpc_errstr(mem_ctx
, p
->last_fault_code
);
416 err_msg
= talloc_asprintf(mem_ctx
, "dcerpc_drsuapi_DsCrackNames failed - %s", errstr
);
417 torture_fail(tctx
, err_msg
);
418 } else if (!W_ERROR_IS_OK(r
.out
.result
)) {
419 err_msg
= talloc_asprintf(mem_ctx
, "DsCrackNames failed - %s", win_errstr(r
.out
.result
));
420 torture_fail(tctx
, err_msg
);
421 } else if (r
.out
.ctr
->ctr1
->array
[0].status
!= DRSUAPI_DS_NAME_STATUS_OK
) {
422 err_msg
= talloc_asprintf(mem_ctx
, "DsCrackNames failed on name - %d",
423 r
.out
.ctr
->ctr1
->array
[0].status
);
424 torture_fail(tctx
, err_msg
);
427 FQDN_1779_name
= r
.out
.ctr
->ctr1
->array
[0].result_name
;
429 r
.in
.req
->req1
.format_offered
= DRSUAPI_DS_NAME_FORMAT_GUID
;
430 r
.in
.req
->req1
.format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
;
431 names
[0].str
= priv
->domain_guid_str
;
433 torture_comment(tctx
, "testing DsCrackNames with name '%s' desired format:%d\n",
434 names
[0].str
, r
.in
.req
->req1
.format_desired
);
436 status
= dcerpc_drsuapi_DsCrackNames(p
, mem_ctx
, &r
);
437 if (!NT_STATUS_IS_OK(status
)) {
438 const char *errstr
= nt_errstr(status
);
439 if (NT_STATUS_EQUAL(status
, NT_STATUS_NET_WRITE_FAULT
)) {
440 errstr
= dcerpc_errstr(mem_ctx
, p
->last_fault_code
);
442 err_msg
= talloc_asprintf(mem_ctx
, "dcerpc_drsuapi_DsCrackNames failed - %s", errstr
);
443 torture_fail(tctx
, err_msg
);
444 } else if (!W_ERROR_IS_OK(r
.out
.result
)) {
445 err_msg
= talloc_asprintf(mem_ctx
, "DsCrackNames failed - %s", win_errstr(r
.out
.result
));
446 torture_fail(tctx
, err_msg
);
447 } else if (r
.out
.ctr
->ctr1
->array
[0].status
!= DRSUAPI_DS_NAME_STATUS_OK
) {
448 err_msg
= talloc_asprintf(mem_ctx
, "DsCrackNames failed on name - %d",
449 r
.out
.ctr
->ctr1
->array
[0].status
);
450 torture_fail(tctx
, err_msg
);
453 if (strcmp(priv
->domain_dns_name
, r
.out
.ctr
->ctr1
->array
[0].dns_domain_name
) != 0) {
454 err_msg
= talloc_asprintf(mem_ctx
,
455 "DsCrackNames failed to return same DNS name - expected %s got %s",
456 priv
->domain_dns_name
, r
.out
.ctr
->ctr1
->array
[0].dns_domain_name
);
457 torture_fail(tctx
, err_msg
);
460 FQDN_1779_dn
= ldb_dn_new(mem_ctx
, ldb
, FQDN_1779_name
);
462 canonical_name
= ldb_dn_canonical_string(mem_ctx
, FQDN_1779_dn
);
463 canonical_ex_name
= ldb_dn_canonical_ex_string(mem_ctx
, FQDN_1779_dn
);
465 user_principal_name
= talloc_asprintf(mem_ctx
, "%s$@%s", test_dc
, dns_domain
);
467 /* form up a user@DOMAIN */
468 user_principal_name_short
= talloc_asprintf(mem_ctx
, "%s$@%s", test_dc
, nt4_domain
);
469 /* variable nt4_domain includs a trailing \ */
470 user_principal_name_short
[strlen(user_principal_name_short
) - 1] = '\0';
472 service_principal_name
= talloc_asprintf(mem_ctx
, "HOST/%s", test_dc
);
476 enum drsuapi_DsNameFormat format_offered
;
477 enum drsuapi_DsNameFormat format_desired
;
480 const char *expected_str
;
481 const char *expected_dns
;
482 enum drsuapi_DsNameStatus status
;
483 enum drsuapi_DsNameStatus alternate_status
;
484 enum drsuapi_DsNameFlags flags
;
488 .format_offered
= DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL
,
489 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
490 .str
= user_principal_name
,
491 .expected_str
= FQDN_1779_name
,
492 .status
= DRSUAPI_DS_NAME_STATUS_OK
495 .format_offered
= DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL
,
496 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
497 .str
= user_principal_name_short
,
498 .expected_str
= FQDN_1779_name
,
499 .status
= DRSUAPI_DS_NAME_STATUS_OK
502 .format_offered
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
503 .format_desired
= DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL
,
504 .str
= FQDN_1779_name
,
505 .status
= DRSUAPI_DS_NAME_STATUS_NO_MAPPING
508 .format_offered
= DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL
,
509 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
510 .str
= service_principal_name
,
511 .expected_str
= FQDN_1779_name
,
512 .status
= DRSUAPI_DS_NAME_STATUS_OK
515 .format_offered
= DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL
,
516 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
517 .str
= talloc_asprintf(mem_ctx
, "cifs/%s.%s", test_dc
, dns_domain
),
518 .comment
= "ServicePrincipal Name",
519 .expected_str
= FQDN_1779_name
,
520 .status
= DRSUAPI_DS_NAME_STATUS_OK
523 .format_offered
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
524 .format_desired
= DRSUAPI_DS_NAME_FORMAT_CANONICAL
,
525 .str
= FQDN_1779_name
,
526 .expected_str
= canonical_name
,
527 .status
= DRSUAPI_DS_NAME_STATUS_OK
530 .format_offered
= DRSUAPI_DS_NAME_FORMAT_CANONICAL
,
531 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
532 .str
= canonical_name
,
533 .expected_str
= FQDN_1779_name
,
534 .status
= DRSUAPI_DS_NAME_STATUS_OK
537 .format_offered
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
538 .format_desired
= DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX
,
539 .str
= FQDN_1779_name
,
540 .expected_str
= canonical_ex_name
,
541 .status
= DRSUAPI_DS_NAME_STATUS_OK
544 .format_offered
= DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX
,
545 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
546 .str
= canonical_ex_name
,
547 .expected_str
= FQDN_1779_name
,
548 .status
= DRSUAPI_DS_NAME_STATUS_OK
551 .format_offered
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
552 .format_desired
= DRSUAPI_DS_NAME_FORMAT_CANONICAL
,
553 .str
= FQDN_1779_name
,
554 .comment
= "DN to cannoical syntactial only",
555 .status
= DRSUAPI_DS_NAME_STATUS_OK
,
556 .expected_str
= canonical_name
,
557 .flags
= DRSUAPI_DS_NAME_FLAG_SYNTACTICAL_ONLY
560 .format_offered
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
561 .format_desired
= DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX
,
562 .str
= FQDN_1779_name
,
563 .comment
= "DN to cannoical EX syntactial only",
564 .status
= DRSUAPI_DS_NAME_STATUS_OK
,
565 .expected_str
= canonical_ex_name
,
566 .flags
= DRSUAPI_DS_NAME_FLAG_SYNTACTICAL_ONLY
569 .format_offered
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
570 .format_desired
= DRSUAPI_DS_NAME_FORMAT_DISPLAY
,
571 .str
= FQDN_1779_name
,
572 .status
= DRSUAPI_DS_NAME_STATUS_OK
575 .format_offered
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
576 .format_desired
= DRSUAPI_DS_NAME_FORMAT_GUID
,
577 .str
= FQDN_1779_name
,
578 .status
= DRSUAPI_DS_NAME_STATUS_OK
581 .format_offered
= DRSUAPI_DS_NAME_FORMAT_GUID
,
582 .format_desired
= DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT
,
583 .str
= priv
->domain_guid_str
,
584 .comment
= "Domain GUID to NT4 ACCOUNT",
585 .expected_str
= nt4_domain
,
586 .status
= DRSUAPI_DS_NAME_STATUS_OK
589 .format_offered
= DRSUAPI_DS_NAME_FORMAT_GUID
,
590 .format_desired
= DRSUAPI_DS_NAME_FORMAT_CANONICAL
,
591 .str
= priv
->domain_guid_str
,
592 .comment
= "Domain GUID to Canonical",
593 .expected_str
= talloc_asprintf(mem_ctx
, "%s/", dns_domain
),
594 .status
= DRSUAPI_DS_NAME_STATUS_OK
597 .format_offered
= DRSUAPI_DS_NAME_FORMAT_GUID
,
598 .format_desired
= DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX
,
599 .str
= priv
->domain_guid_str
,
600 .comment
= "Domain GUID to Canonical EX",
601 .expected_str
= talloc_asprintf(mem_ctx
, "%s\n", dns_domain
),
602 .status
= DRSUAPI_DS_NAME_STATUS_OK
605 .format_offered
= DRSUAPI_DS_NAME_FORMAT_DISPLAY
,
606 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
607 .str
= "CN=Microsoft Corporation,L=Redmond,S=Washington,C=US",
608 .comment
= "display name for Microsoft Support Account",
609 .status
= DRSUAPI_DS_NAME_STATUS_OK
,
610 .alternate_status
= DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
,
611 .skip
= torture_setting_bool(tctx
, "samba4", false)
614 .format_offered
= DRSUAPI_DS_NAME_FORMAT_GUID
,
615 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
616 .str
= GUID_string2(mem_ctx
, torture_join_user_guid(priv
->join
)),
617 .comment
= "Account GUID -> DN",
618 .expected_str
= FQDN_1779_name
,
619 .status
= DRSUAPI_DS_NAME_STATUS_OK
622 .format_offered
= DRSUAPI_DS_NAME_FORMAT_GUID
,
623 .format_desired
= DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT
,
624 .str
= GUID_string2(mem_ctx
, torture_join_user_guid(priv
->join
)),
625 .comment
= "Account GUID -> NT4 Account",
626 .expected_str
= talloc_asprintf(mem_ctx
, "%s%s$", nt4_domain
, test_dc
),
627 .status
= DRSUAPI_DS_NAME_STATUS_OK
630 .format_offered
= DRSUAPI_DS_NAME_FORMAT_GUID
,
631 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
632 .str
= GUID_string2(mem_ctx
, &priv
->dcinfo
.site_guid
),
633 .comment
= "Site GUID",
634 .expected_str
= priv
->dcinfo
.site_dn
,
635 .status
= DRSUAPI_DS_NAME_STATUS_OK
638 .format_offered
= DRSUAPI_DS_NAME_FORMAT_GUID
,
639 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
640 .str
= GUID_string2(mem_ctx
, &priv
->dcinfo
.computer_guid
),
641 .comment
= "Computer GUID",
642 .expected_str
= priv
->dcinfo
.computer_dn
,
643 .status
= DRSUAPI_DS_NAME_STATUS_OK
646 .format_offered
= DRSUAPI_DS_NAME_FORMAT_GUID
,
647 .format_desired
= DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT
,
648 .str
= GUID_string2(mem_ctx
, &priv
->dcinfo
.computer_guid
),
649 .comment
= "Computer GUID -> NT4 Account",
650 .status
= DRSUAPI_DS_NAME_STATUS_OK
653 .format_offered
= DRSUAPI_DS_NAME_FORMAT_GUID
,
654 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
655 .str
= GUID_string2(mem_ctx
, &priv
->dcinfo
.server_guid
),
656 .comment
= "Server GUID",
657 .expected_str
= priv
->dcinfo
.server_dn
,
658 .status
= DRSUAPI_DS_NAME_STATUS_OK
661 .format_offered
= DRSUAPI_DS_NAME_FORMAT_GUID
,
662 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
663 .str
= GUID_string2(mem_ctx
, &priv
->dcinfo
.ntds_guid
),
664 .comment
= "NTDS GUID",
665 .expected_str
= priv
->dcinfo
.ntds_dn
,
666 .status
= DRSUAPI_DS_NAME_STATUS_OK
,
667 .skip
= GUID_all_zero(&priv
->dcinfo
.ntds_guid
)
670 .format_offered
= DRSUAPI_DS_NAME_FORMAT_DISPLAY
,
671 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
673 .comment
= "DISLPAY NAME search for DC short name",
674 .status
= DRSUAPI_DS_NAME_STATUS_NOT_FOUND
677 .format_offered
= DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL
,
678 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
679 .str
= talloc_asprintf(mem_ctx
, "krbtgt/%s", dns_domain
),
680 .comment
= "Looking for KRBTGT as a serivce principal",
681 .status
= DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY
,
682 .expected_dns
= dns_domain
685 .format_offered
= DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL
,
686 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
687 .str
= talloc_asprintf(mem_ctx
, "bogus/%s", dns_domain
),
688 .comment
= "Looking for bogus serivce principal",
689 .status
= DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY
,
690 .expected_dns
= dns_domain
693 .format_offered
= DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL
,
694 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
695 .str
= talloc_asprintf(mem_ctx
, "bogus/%s.%s", test_dc
, dns_domain
),
696 .comment
= "Looking for bogus serivce on test DC",
697 .status
= DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY
,
698 .expected_dns
= talloc_asprintf(mem_ctx
, "%s.%s", test_dc
, dns_domain
)
701 .format_offered
= DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL
,
702 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
703 .str
= talloc_asprintf(mem_ctx
, "krbtgt"),
704 .status
= DRSUAPI_DS_NAME_STATUS_NOT_FOUND
707 .format_offered
= DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL
,
708 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
709 .comment
= "Looking for the kadmin/changepw service as a serivce principal",
710 .str
= talloc_asprintf(mem_ctx
, "kadmin/changepw"),
711 .status
= DRSUAPI_DS_NAME_STATUS_OK
,
712 .expected_str
= talloc_asprintf(mem_ctx
, "CN=krbtgt,CN=Users,%s", realm_dn_str
),
713 .alternate_status
= DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
716 .format_offered
= DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL
,
717 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
718 .str
= talloc_asprintf(mem_ctx
, "cifs/%s.%s@%s",
721 .status
= DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY
724 .format_offered
= DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL
,
725 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
726 .str
= talloc_asprintf(mem_ctx
, "cifs/%s.%s@%s",
729 .status
= DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY
,
730 .expected_dns
= "BOGUS"
733 .format_offered
= DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL
,
734 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
735 .str
= talloc_asprintf(mem_ctx
, "cifs/%s.%s@%s",
738 .status
= DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY
,
739 .expected_dns
= "BOGUS"
742 .format_offered
= DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL
,
743 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
744 .str
= talloc_asprintf(mem_ctx
, "cifs/%s.%s",
745 test_dc
, dns_domain
),
746 .status
= DRSUAPI_DS_NAME_STATUS_OK
749 .format_offered
= DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL
,
750 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
751 .str
= talloc_asprintf(mem_ctx
, "cifs/%s",
753 .status
= DRSUAPI_DS_NAME_STATUS_OK
756 .format_offered
= DRSUAPI_DS_NAME_FORMAT_GUID
,
757 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
759 .status
= DRSUAPI_DS_NAME_STATUS_NOT_FOUND
762 .format_offered
= DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY
,
763 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
765 .status
= DRSUAPI_DS_NAME_STATUS_NOT_FOUND
768 .format_offered
= DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT
,
769 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
770 .str
= "NOT AN NT4 NAME",
771 .status
= DRSUAPI_DS_NAME_STATUS_NOT_FOUND
774 .format_offered
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
775 .format_desired
= DRSUAPI_DS_NAME_FORMAT_GUID
,
776 .comment
= "Unparsable DN",
778 .status
= DRSUAPI_DS_NAME_STATUS_NOT_FOUND
781 .format_offered
= DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL
,
782 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
783 .comment
= "Unparsable user principal",
784 .str
= "NOT A PRINCIPAL",
785 .status
= DRSUAPI_DS_NAME_STATUS_NOT_FOUND
788 .format_offered
= DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL
,
789 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
790 .comment
= "Unparsable service principal",
791 .str
= "NOT A SERVICE PRINCIPAL",
792 .status
= DRSUAPI_DS_NAME_STATUS_NOT_FOUND
795 .format_offered
= DRSUAPI_DS_NAME_FORMAT_GUID
,
796 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
797 .comment
= "BIND GUID (ie, not in the directory)",
798 .str
= GUID_string2(mem_ctx
, &priv
->bind_guid
),
799 .status
= DRSUAPI_DS_NAME_STATUS_NOT_FOUND
802 .format_offered
= DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL
,
803 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
804 .comment
= "Unqualified Machine account as user principal",
805 .str
= talloc_asprintf(mem_ctx
, "%s$", test_dc
),
806 .status
= DRSUAPI_DS_NAME_STATUS_NOT_FOUND
809 .format_offered
= DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL
,
810 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
811 .comment
= "Machine account as service principal",
812 .str
= talloc_asprintf(mem_ctx
, "%s$", test_dc
),
813 .status
= DRSUAPI_DS_NAME_STATUS_NOT_FOUND
816 .format_offered
= DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL
,
817 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
818 .comment
= "Full Machine account as service principal",
819 .str
= user_principal_name
,
820 .status
= DRSUAPI_DS_NAME_STATUS_NOT_FOUND
823 .format_offered
= DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT
,
824 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
825 .comment
= "Realm as an NT4 domain lookup",
826 .str
= talloc_asprintf(mem_ctx
, "%s\\", dns_domain
),
827 .status
= DRSUAPI_DS_NAME_STATUS_NOT_FOUND
830 .format_offered
= DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT
,
831 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
832 .comment
= "BUILTIN\\ -> DN",
834 .status
= DRSUAPI_DS_NAME_STATUS_NOT_FOUND
837 .format_offered
= DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT
,
838 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
839 .comment
= "NT AUTHORITY\\ -> DN",
840 .str
= "NT AUTHORITY\\",
841 .status
= DRSUAPI_DS_NAME_STATUS_NOT_FOUND
844 .format_offered
= DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT
,
845 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
846 .comment
= "NT AUTHORITY\\ANONYMOUS LOGON -> DN",
847 .str
= "NT AUTHORITY\\ANONYMOUS LOGON",
848 .status
= DRSUAPI_DS_NAME_STATUS_NOT_FOUND
851 .format_offered
= DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT
,
852 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
853 .comment
= "NT AUTHORITY\\SYSTEM -> DN",
854 .str
= "NT AUTHORITY\\SYSTEM",
855 .status
= DRSUAPI_DS_NAME_STATUS_NOT_FOUND
858 .format_offered
= DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY
,
859 .format_desired
= DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT
,
860 .comment
= "BUITIN SID -> NT4 account",
862 .status
= DRSUAPI_DS_NAME_STATUS_NO_MAPPING
,
863 .alternate_status
= DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
866 .format_offered
= DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY
,
867 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
869 .comment
= "Builtin Domain SID -> DN",
870 .status
= DRSUAPI_DS_NAME_STATUS_OK
,
871 .expected_str
= talloc_asprintf(mem_ctx
, "CN=Builtin,%s", realm_dn_str
),
872 .alternate_status
= DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
875 .format_offered
= DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY
,
876 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
877 .str
= SID_BUILTIN_ADMINISTRATORS
,
878 .comment
= "Builtin Administrors SID -> DN",
879 .status
= DRSUAPI_DS_NAME_STATUS_OK
,
880 .alternate_status
= DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
883 .format_offered
= DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY
,
884 .format_desired
= DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT
,
885 .str
= SID_BUILTIN_ADMINISTRATORS
,
886 .comment
= "Builtin Administrors SID -> NT4 Account",
887 .status
= DRSUAPI_DS_NAME_STATUS_OK
,
888 .alternate_status
= DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
891 .format_offered
= DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY
,
892 .format_desired
= DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT
,
893 .str
= SID_NT_ANONYMOUS
,
894 .comment
= "NT Anonymous SID -> NT4 Account",
895 .status
= DRSUAPI_DS_NAME_STATUS_NOT_FOUND
898 .format_offered
= DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY
,
899 .format_desired
= DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT
,
900 .str
= SID_NT_SYSTEM
,
901 .comment
= "NT SYSTEM SID -> NT4 Account",
902 .status
= DRSUAPI_DS_NAME_STATUS_NOT_FOUND
905 .format_offered
= DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY
,
906 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
907 .comment
= "Domain SID -> DN",
909 .expected_str
= realm_dn_str
,
910 .status
= DRSUAPI_DS_NAME_STATUS_OK
913 .format_offered
= DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY
,
914 .format_desired
= DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT
,
915 .comment
= "Domain SID -> NT4 account",
917 .expected_str
= nt4_domain
,
918 .status
= DRSUAPI_DS_NAME_STATUS_OK
921 .format_offered
= DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL
,
922 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
923 .comment
= "invalid user principal name",
925 .status
= DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY
,
926 .expected_dns
= "bar"
929 .format_offered
= DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL
,
930 .format_desired
= DRSUAPI_DS_NAME_FORMAT_FQDN_1779
,
931 .comment
= "invalid user principal name in valid domain",
932 .str
= talloc_asprintf(mem_ctx
, "invalidusername@%s", dns_domain
),
933 .status
= DRSUAPI_DS_NAME_STATUS_NOT_FOUND
938 for (i
=0; i
< ARRAY_SIZE(crack
); i
++) {
940 r
.in
.req
->req1
.format_flags
= crack
[i
].flags
;
941 r
.in
.req
->req1
.format_offered
= crack
[i
].format_offered
;
942 r
.in
.req
->req1
.format_desired
= crack
[i
].format_desired
;
943 names
[0].str
= crack
[i
].str
;
945 if (crack
[i
].comment
) {
946 comment
= talloc_asprintf(mem_ctx
, "'%s' with name '%s' desired format:%d\n",
947 crack
[i
].comment
, names
[0].str
, r
.in
.req
->req1
.format_desired
);
949 comment
= talloc_asprintf(mem_ctx
, "'%s' desired format:%d\n",
950 names
[0].str
, r
.in
.req
->req1
.format_desired
);
953 torture_comment(tctx
, "skipping: %s", comment
);
956 status
= dcerpc_drsuapi_DsCrackNames(p
, mem_ctx
, &r
);
957 if (!NT_STATUS_IS_OK(status
)) {
958 const char *errstr
= nt_errstr(status
);
959 if (NT_STATUS_EQUAL(status
, NT_STATUS_NET_WRITE_FAULT
)) {
960 errstr
= dcerpc_errstr(mem_ctx
, p
->last_fault_code
);
962 err_msg
= talloc_asprintf(mem_ctx
, "dcerpc_drsuapi_DsCrackNames failed - %s", errstr
);
963 torture_fail(tctx
, err_msg
);
964 } else if (!W_ERROR_IS_OK(r
.out
.result
)) {
965 err_msg
= talloc_asprintf(mem_ctx
, "DsCrackNames failed - %s", win_errstr(r
.out
.result
));
966 torture_fail(tctx
, err_msg
);
967 } else if (r
.out
.ctr
->ctr1
->array
[0].status
!= crack
[i
].status
) {
968 if (crack
[i
].alternate_status
) {
969 if (r
.out
.ctr
->ctr1
->array
[0].status
!= crack
[i
].alternate_status
) {
970 err_msg
= talloc_asprintf(mem_ctx
,
971 "DsCrackNames unexpected status %d, wanted %d or %d on: %s",
972 r
.out
.ctr
->ctr1
->array
[0].status
,
974 crack
[i
].alternate_status
,
976 torture_fail(tctx
, err_msg
);
979 err_msg
= talloc_asprintf(mem_ctx
,
980 "DsCrackNames unexpected status %d, wanted %d on: %s\n",
981 r
.out
.ctr
->ctr1
->array
[0].status
,
984 torture_fail(tctx
, err_msg
);
986 } else if (crack
[i
].expected_str
987 && (strcmp(r
.out
.ctr
->ctr1
->array
[0].result_name
,
988 crack
[i
].expected_str
) != 0)) {
989 if (strcasecmp(r
.out
.ctr
->ctr1
->array
[0].result_name
,
990 crack
[i
].expected_str
) != 0) {
991 err_msg
= talloc_asprintf(mem_ctx
,
992 "DsCrackNames failed - got %s, expected %s on %s",
993 r
.out
.ctr
->ctr1
->array
[0].result_name
,
994 crack
[i
].expected_str
, comment
);
995 torture_fail(tctx
, err_msg
);
997 torture_comment(tctx
,
998 "(warning) DsCrackNames returned different case - got %s, expected %s on %s\n",
999 r
.out
.ctr
->ctr1
->array
[0].result_name
,
1000 crack
[i
].expected_str
, comment
);
1002 } else if (crack
[i
].expected_dns
1003 && (strcmp(r
.out
.ctr
->ctr1
->array
[0].dns_domain_name
,
1004 crack
[i
].expected_dns
) != 0)) {
1005 err_msg
= talloc_asprintf(mem_ctx
,
1006 "DsCrackNames failed - got DNS name %s, expected %s on %s",
1007 r
.out
.ctr
->ctr1
->array
[0].result_name
,
1008 crack
[i
].expected_str
, comment
);
1009 torture_fail(tctx
, err_msg
);
1014 return test_DsCrackNamesMatrix(tctx
, priv
, FQDN_1779_name
,
1015 user_principal_name
, service_principal_name
);
1019 * Test case setup for CrackNames
1021 static bool torture_drsuapi_cracknames_setup(struct torture_context
*tctx
, void **data
)
1023 struct DsCrackNamesPrivate
*priv
;
1025 *data
= priv
= talloc_zero(tctx
, struct DsCrackNamesPrivate
);
1027 return torture_drsuapi_tcase_setup_common(tctx
, &priv
->base
);
1031 * Test case tear-down for CrackNames
1033 static bool torture_drsuapi_cracknames_teardown(struct torture_context
*tctx
, void *data
)
1035 struct DsCrackNamesPrivate
*priv
= talloc_get_type(data
, struct DsCrackNamesPrivate
);
1037 return torture_drsuapi_tcase_teardown_common(tctx
, &priv
->base
);
1041 * CRACKNAMES test suite implementation
1043 void torture_rpc_drsuapi_cracknames_tcase(struct torture_suite
*suite
)
1045 typedef bool (*run_func
) (struct torture_context
*test
, void *tcase_data
);
1047 struct torture_test
*test
;
1048 struct torture_tcase
*tcase
= torture_suite_add_tcase(suite
, "CRACKNAMES");
1050 torture_tcase_set_fixture(tcase
,
1051 torture_drsuapi_cracknames_setup
,
1052 torture_drsuapi_cracknames_teardown
);
1054 test
= torture_tcase_add_simple_test(tcase
, "CRACKNAMES-TEST", (run_func
)test_DsCrackNames
);