Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 :
4 : DRSUapi tests
5 :
6 : Copyright (C) Andrew Tridgell 2003
7 : Copyright (C) Stefan (metze) Metzmacher 2004
8 : Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
9 :
10 : This program is free software; you can redistribute it and/or modify
11 : it under the terms of the GNU General Public License as published by
12 : the Free Software Foundation; either version 3 of the License, or
13 : (at your option) any later version.
14 :
15 : This program is distributed in the hope that it will be useful,
16 : but WITHOUT ANY WARRANTY; without even the implied warranty of
17 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 : GNU General Public License for more details.
19 :
20 : You should have received a copy of the GNU General Public License
21 : along with this program. If not, see <http://www.gnu.org/licenses/>.
22 : */
23 :
24 : #include "includes.h"
25 : #include "librpc/gen_ndr/ndr_drsuapi_c.h"
26 : #include "torture/rpc/torture_rpc.h"
27 : #include <ldb.h>
28 : #include "libcli/security/security.h"
29 :
30 : #undef strcasecmp
31 :
32 : struct DsCrackNamesPrivate {
33 : struct DsPrivate base;
34 :
35 : /* following names are used in Crack Names Matrix test */
36 : const char *fqdn_name;
37 : const char *user_principal_name;
38 : const char *service_principal_name;
39 : };
40 :
41 2 : static bool test_DsCrackNamesMatrix(struct torture_context *tctx,
42 : struct DsPrivate *priv, const char *dn,
43 : const char *user_principal_name, const char *service_principal_name)
44 : {
45 0 : NTSTATUS status;
46 0 : const char *err_msg;
47 0 : struct drsuapi_DsCrackNames r;
48 0 : union drsuapi_DsNameRequest req;
49 0 : uint32_t level_out;
50 0 : union drsuapi_DsNameCtr ctr;
51 2 : struct dcerpc_pipe *p = priv->drs_pipe;
52 2 : TALLOC_CTX *mem_ctx = priv;
53 :
54 2 : enum drsuapi_DsNameFormat formats[] = {
55 : DRSUAPI_DS_NAME_FORMAT_UNKNOWN,
56 : DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
57 : DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
58 : DRSUAPI_DS_NAME_FORMAT_DISPLAY,
59 : DRSUAPI_DS_NAME_FORMAT_GUID,
60 : DRSUAPI_DS_NAME_FORMAT_CANONICAL,
61 : DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
62 : DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX,
63 : DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
64 : DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
65 : DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN
66 : };
67 0 : struct drsuapi_DsNameString names[ARRAY_SIZE(formats)];
68 0 : int i, j;
69 :
70 0 : const char *n_matrix[ARRAY_SIZE(formats)][ARRAY_SIZE(formats)];
71 0 : const char *n_from[ARRAY_SIZE(formats)];
72 :
73 2 : ZERO_STRUCT(r);
74 2 : r.in.bind_handle = &priv->bind_handle;
75 2 : r.in.level = 1;
76 2 : r.in.req = &req;
77 2 : r.in.req->req1.codepage = 1252; /* german */
78 2 : r.in.req->req1.language = 0x00000407; /* german */
79 2 : r.in.req->req1.count = 1;
80 2 : r.in.req->req1.names = names;
81 2 : r.in.req->req1.format_flags = DRSUAPI_DS_NAME_FLAG_NO_FLAGS;
82 :
83 2 : r.out.level_out = &level_out;
84 2 : r.out.ctr = &ctr;
85 :
86 2 : n_matrix[0][0] = dn;
87 :
88 24 : for (i = 0; i < ARRAY_SIZE(formats); i++) {
89 22 : r.in.req->req1.format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
90 22 : r.in.req->req1.format_desired = formats[i];
91 22 : names[0].str = dn;
92 22 : torture_comment(tctx, "Testing DsCrackNames (matrix prep) with name '%s'"
93 : " offered format: %d desired format:%d\n",
94 : names[0].str,
95 22 : r.in.req->req1.format_offered,
96 22 : r.in.req->req1.format_desired);
97 22 : status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r);
98 22 : if (!NT_STATUS_IS_OK(status)) {
99 0 : const char *errstr = nt_errstr(status);
100 0 : err_msg = talloc_asprintf(mem_ctx,
101 : "testing DsCrackNames (matrix prep) with name '%s' from format: %d desired format:%d failed - %s",
102 0 : names[0].str, r.in.req->req1.format_offered, r.in.req->req1.format_desired, errstr);
103 0 : torture_fail(tctx, err_msg);
104 22 : } else if (!W_ERROR_IS_OK(r.out.result)) {
105 0 : err_msg = talloc_asprintf(mem_ctx,
106 : "testing DsCrackNames (matrix prep) with name '%s' from format: %d desired format:%d failed - %s",
107 0 : names[0].str, r.in.req->req1.format_offered, r.in.req->req1.format_desired, win_errstr(r.out.result));
108 0 : torture_fail(tctx, err_msg);
109 : }
110 :
111 22 : switch (formats[i]) {
112 2 : case DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL:
113 2 : if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE) {
114 0 : err_msg = talloc_asprintf(mem_ctx,
115 : "Unexpected error (%d): This name lookup should fail",
116 0 : r.out.ctr->ctr1->array[0].status);
117 0 : torture_fail(tctx, err_msg);
118 : }
119 2 : torture_comment(tctx, __location__ ": (expected) error\n");
120 2 : break;
121 2 : case DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL:
122 2 : if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_NO_MAPPING) {
123 0 : err_msg = talloc_asprintf(mem_ctx,
124 : "Unexpected error (%d): This name lookup should fail",
125 0 : r.out.ctr->ctr1->array[0].status);
126 0 : torture_fail(tctx, err_msg);
127 : }
128 2 : torture_comment(tctx, __location__ ": (expected) error\n");
129 2 : break;
130 4 : case DRSUAPI_DS_NAME_FORMAT_UNKNOWN: /* should fail as we ask server to convert to Unknown format */
131 : case DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN:
132 4 : if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR) {
133 0 : err_msg = talloc_asprintf(mem_ctx,
134 : "Unexpected error (%d): This name lookup should fail",
135 0 : r.out.ctr->ctr1->array[0].status);
136 0 : torture_fail(tctx, err_msg);
137 : }
138 4 : torture_comment(tctx, __location__ ": (expected) error\n");
139 4 : break;
140 14 : default:
141 14 : if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
142 0 : err_msg = talloc_asprintf(mem_ctx,
143 : "DsCrackNames error: %d",
144 0 : r.out.ctr->ctr1->array[0].status);
145 0 : torture_fail(tctx, err_msg);
146 : }
147 14 : break;
148 : }
149 :
150 22 : switch (formats[i]) {
151 2 : case DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL:
152 2 : n_from[i] = user_principal_name;
153 2 : break;
154 2 : case DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL:
155 2 : n_from[i] = service_principal_name;
156 2 : break;
157 4 : case DRSUAPI_DS_NAME_FORMAT_UNKNOWN:
158 : case DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN:
159 4 : n_from[i] = NULL;
160 4 : break;
161 14 : default:
162 14 : n_from[i] = r.out.ctr->ctr1->array[0].result_name;
163 14 : printf("%s\n", n_from[i]);
164 14 : break;
165 : }
166 : }
167 :
168 24 : for (i = 0; i < ARRAY_SIZE(formats); i++) {
169 264 : for (j = 0; j < ARRAY_SIZE(formats); j++) {
170 242 : r.in.req->req1.format_offered = formats[i];
171 242 : r.in.req->req1.format_desired = formats[j];
172 242 : if (!n_from[i]) {
173 44 : n_matrix[i][j] = NULL;
174 44 : continue;
175 : }
176 198 : names[0].str = n_from[i];
177 198 : status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r);
178 198 : if (!NT_STATUS_IS_OK(status)) {
179 0 : const char *errstr = nt_errstr(status);
180 0 : err_msg = talloc_asprintf(mem_ctx,
181 : "testing DsCrackNames (matrix) with name '%s' from format: %d desired format:%d failed - %s",
182 0 : names[0].str, r.in.req->req1.format_offered, r.in.req->req1.format_desired, errstr);
183 0 : torture_fail(tctx, err_msg);
184 198 : } else if (!W_ERROR_IS_OK(r.out.result)) {
185 0 : err_msg = talloc_asprintf(mem_ctx,
186 : "testing DsCrackNames (matrix) with name '%s' from format: %d desired format:%d failed - %s",
187 0 : names[0].str, r.in.req->req1.format_offered, r.in.req->req1.format_desired,
188 : win_errstr(r.out.result));
189 0 : torture_fail(tctx, err_msg);
190 : }
191 :
192 198 : if (r.out.ctr->ctr1->array[0].status == DRSUAPI_DS_NAME_STATUS_OK) {
193 126 : n_matrix[i][j] = r.out.ctr->ctr1->array[0].result_name;
194 : } else {
195 72 : n_matrix[i][j] = NULL;
196 : }
197 : }
198 : }
199 :
200 24 : for (i = 0; i < ARRAY_SIZE(formats); i++) {
201 264 : for (j = 0; j < ARRAY_SIZE(formats); j++) {
202 484 : torture_comment(tctx, "Converting %s (format %d)"
203 : " to %d gave %s\n",
204 242 : n_from[i] == NULL ? "NULL" : n_from[i],
205 242 : formats[i], formats[j],
206 242 : n_matrix[i][j] == NULL ?
207 : "NULL" : n_matrix[i][j]);
208 :
209 242 : if (n_matrix[i][j] == n_from[j]) {
210 :
211 : /* We don't have a from name for these yet (and we can't map to them to find it out) */
212 198 : } else if (n_matrix[i][j] == NULL && n_from[i] == NULL) {
213 :
214 : /* we can't map to these two */
215 162 : } else if (n_matrix[i][j] == NULL && formats[j] == DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL) {
216 144 : } else if (n_matrix[i][j] == NULL && formats[j] == DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL) {
217 126 : } else if (n_matrix[i][j] == NULL && n_from[j] != NULL) {
218 0 : err_msg = talloc_asprintf(mem_ctx,
219 : "dcerpc_drsuapi_DsCrackNames mismatch - from %d to %d: should be %s",
220 0 : formats[i], formats[j], n_from[j]);
221 0 : torture_fail(tctx, err_msg);
222 126 : } else if (n_matrix[i][j] != NULL && n_from[j] == NULL) {
223 0 : err_msg = talloc_asprintf(mem_ctx,
224 : "dcerpc_drsuapi_DsCrackNames mismatch - from %d to %d: should be %s",
225 0 : formats[i], formats[j], n_matrix[i][j]);
226 0 : torture_fail(tctx, err_msg);
227 126 : } else if (strcmp(n_matrix[i][j], n_from[j]) != 0) {
228 0 : err_msg = talloc_asprintf(mem_ctx,
229 : "dcerpc_drsuapi_DsCrackNames mismatch - from %d to %d: %s should be %s",
230 0 : formats[i], formats[j], n_matrix[i][j], n_from[j]);
231 0 : torture_fail(tctx, err_msg);
232 : }
233 : }
234 : }
235 :
236 2 : return true;
237 : }
238 :
239 2 : bool test_DsCrackNames(struct torture_context *tctx,
240 : struct DsPrivate *priv)
241 : {
242 0 : NTSTATUS status;
243 0 : const char *err_msg;
244 0 : struct drsuapi_DsCrackNames r;
245 0 : union drsuapi_DsNameRequest req;
246 0 : uint32_t level_out;
247 0 : union drsuapi_DsNameCtr ctr;
248 0 : struct drsuapi_DsNameString names[1];
249 0 : const char *dns_domain;
250 0 : const char *nt4_domain;
251 0 : const char *FQDN_1779_name;
252 0 : struct ldb_context *ldb;
253 0 : struct ldb_dn *FQDN_1779_dn;
254 0 : struct ldb_dn *realm_dn;
255 0 : const char *realm_dn_str;
256 0 : const char *realm_canonical;
257 0 : const char *realm_canonical_ex;
258 0 : const char *user_principal_name;
259 0 : char *user_principal_name_short;
260 0 : const char *service_principal_name;
261 0 : const char *canonical_name;
262 0 : const char *canonical_ex_name;
263 0 : const char *dom_sid;
264 2 : const char *test_dc = torture_join_netbios_name(priv->join);
265 2 : struct dcerpc_pipe *p = priv->drs_pipe;
266 2 : TALLOC_CTX *mem_ctx = priv;
267 :
268 2 : ZERO_STRUCT(r);
269 2 : r.in.bind_handle = &priv->bind_handle;
270 2 : r.in.level = 1;
271 2 : r.in.req = &req;
272 2 : r.in.req->req1.codepage = 1252; /* german */
273 2 : r.in.req->req1.language = 0x00000407; /* german */
274 2 : r.in.req->req1.count = 1;
275 2 : r.in.req->req1.names = names;
276 2 : r.in.req->req1.format_flags = DRSUAPI_DS_NAME_FLAG_NO_FLAGS;
277 :
278 2 : r.in.req->req1.format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY;
279 2 : r.in.req->req1.format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT;
280 :
281 2 : r.out.level_out = &level_out;
282 2 : r.out.ctr = &ctr;
283 :
284 2 : dom_sid = dom_sid_string(mem_ctx, torture_join_sid(priv->join));
285 :
286 2 : names[0].str = dom_sid;
287 :
288 2 : torture_comment(tctx, "Testing DsCrackNames with name '%s'"
289 : " offered format: %d desired format:%d\n",
290 : names[0].str,
291 2 : r.in.req->req1.format_offered,
292 2 : r.in.req->req1.format_desired);
293 :
294 2 : status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r);
295 2 : if (!NT_STATUS_IS_OK(status)) {
296 0 : const char *errstr = nt_errstr(status);
297 0 : err_msg = talloc_asprintf(mem_ctx, "dcerpc_drsuapi_DsCrackNames failed - %s", errstr);
298 0 : torture_fail(tctx, err_msg);
299 2 : } else if (!W_ERROR_IS_OK(r.out.result)) {
300 0 : err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed - %s", win_errstr(r.out.result));
301 0 : torture_fail(tctx, err_msg);
302 2 : } else if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
303 0 : err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed on name - %d",
304 0 : r.out.ctr->ctr1->array[0].status);
305 0 : torture_fail(tctx, err_msg);
306 : }
307 :
308 2 : dns_domain = r.out.ctr->ctr1->array[0].dns_domain_name;
309 2 : nt4_domain = r.out.ctr->ctr1->array[0].result_name;
310 :
311 2 : r.in.req->req1.format_desired = DRSUAPI_DS_NAME_FORMAT_GUID;
312 :
313 2 : torture_comment(tctx, "Testing DsCrackNames with name '%s'"
314 : " offered format: %d desired format:%d\n",
315 : names[0].str,
316 2 : r.in.req->req1.format_offered,
317 2 : r.in.req->req1.format_desired);
318 :
319 2 : status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r);
320 2 : if (!NT_STATUS_IS_OK(status)) {
321 0 : const char *errstr = nt_errstr(status);
322 0 : err_msg = talloc_asprintf(mem_ctx, "dcerpc_drsuapi_DsCrackNames failed - %s", errstr);
323 0 : torture_fail(tctx, err_msg);
324 2 : } else if (!W_ERROR_IS_OK(r.out.result)) {
325 0 : err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed - %s", win_errstr(r.out.result));
326 0 : torture_fail(tctx, err_msg);
327 2 : } else if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
328 0 : err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed on name - %d",
329 0 : r.out.ctr->ctr1->array[0].status);
330 0 : torture_fail(tctx, err_msg);
331 : }
332 :
333 2 : priv->domain_dns_name = r.out.ctr->ctr1->array[0].dns_domain_name;
334 2 : priv->domain_guid_str = r.out.ctr->ctr1->array[0].result_name;
335 2 : GUID_from_string(priv->domain_guid_str, &priv->domain_guid);
336 :
337 2 : r.in.req->req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
338 :
339 2 : torture_comment(tctx, "Testing DsCrackNames with name '%s'"
340 : " offered format: %d desired format:%d\n",
341 : names[0].str,
342 2 : r.in.req->req1.format_offered,
343 2 : r.in.req->req1.format_desired);
344 :
345 2 : status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r);
346 2 : if (!NT_STATUS_IS_OK(status)) {
347 0 : const char *errstr = nt_errstr(status);
348 0 : err_msg = talloc_asprintf(mem_ctx, "dcerpc_drsuapi_DsCrackNames failed - %s", errstr);
349 0 : torture_fail(tctx, err_msg);
350 2 : } else if (!W_ERROR_IS_OK(r.out.result)) {
351 0 : err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed - %s", win_errstr(r.out.result));
352 0 : torture_fail(tctx, err_msg);
353 2 : } else if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
354 0 : err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed on name - %d",
355 0 : r.out.ctr->ctr1->array[0].status);
356 0 : torture_fail(tctx, err_msg);
357 : }
358 :
359 2 : ldb = ldb_init(mem_ctx, tctx->ev);
360 :
361 2 : realm_dn_str = r.out.ctr->ctr1->array[0].result_name;
362 2 : realm_dn = ldb_dn_new(mem_ctx, ldb, realm_dn_str);
363 2 : realm_canonical = ldb_dn_canonical_string(mem_ctx, realm_dn);
364 :
365 2 : if (strcmp(realm_canonical,
366 2 : talloc_asprintf(mem_ctx, "%s/", dns_domain))!= 0) {
367 0 : err_msg = talloc_asprintf(mem_ctx, "local Round trip on canonical name failed: %s != %s!",
368 : realm_canonical,
369 : talloc_asprintf(mem_ctx, "%s/", dns_domain));
370 0 : torture_fail(tctx, err_msg);
371 0 : };
372 :
373 2 : realm_canonical_ex = ldb_dn_canonical_ex_string(mem_ctx, realm_dn);
374 :
375 2 : if (strcmp(realm_canonical_ex,
376 2 : talloc_asprintf(mem_ctx, "%s\n", dns_domain))!= 0) {
377 0 : err_msg = talloc_asprintf(mem_ctx, "local Round trip on canonical ex name failed: %s != %s!",
378 : realm_canonical_ex,
379 : talloc_asprintf(mem_ctx, "%s\n", dns_domain));
380 0 : torture_fail(tctx, err_msg);
381 0 : };
382 :
383 2 : r.in.req->req1.format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT;
384 2 : r.in.req->req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
385 2 : names[0].str = nt4_domain;
386 :
387 2 : torture_comment(tctx, "Testing DsCrackNames with name '%s'"
388 : " offered format: %d desired format:%d\n",
389 : names[0].str,
390 2 : r.in.req->req1.format_offered,
391 2 : r.in.req->req1.format_desired);
392 :
393 2 : status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r);
394 2 : if (!NT_STATUS_IS_OK(status)) {
395 0 : const char *errstr = nt_errstr(status);
396 0 : err_msg = talloc_asprintf(mem_ctx, "dcerpc_drsuapi_DsCrackNames failed - %s", errstr);
397 0 : torture_fail(tctx, err_msg);
398 2 : } else if (!W_ERROR_IS_OK(r.out.result)) {
399 0 : err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed - %s", win_errstr(r.out.result));
400 0 : torture_fail(tctx, err_msg);
401 2 : } else if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
402 0 : err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed on name - %d",
403 0 : r.out.ctr->ctr1->array[0].status);
404 0 : torture_fail(tctx, err_msg);
405 : }
406 :
407 2 : priv->domain_obj_dn = r.out.ctr->ctr1->array[0].result_name;
408 :
409 2 : r.in.req->req1.format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT;
410 2 : r.in.req->req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
411 2 : names[0].str = talloc_asprintf(mem_ctx, "%s%s$", nt4_domain, test_dc);
412 :
413 2 : torture_comment(tctx, "Testing DsCrackNames with name '%s'"
414 : " offered format: %d desired format:%d\n",
415 : names[0].str,
416 2 : r.in.req->req1.format_offered,
417 2 : r.in.req->req1.format_desired);
418 :
419 2 : status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r);
420 2 : if (!NT_STATUS_IS_OK(status)) {
421 0 : const char *errstr = nt_errstr(status);
422 0 : err_msg = talloc_asprintf(mem_ctx, "dcerpc_drsuapi_DsCrackNames failed - %s", errstr);
423 0 : torture_fail(tctx, err_msg);
424 2 : } else if (!W_ERROR_IS_OK(r.out.result)) {
425 0 : err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed - %s", win_errstr(r.out.result));
426 0 : torture_fail(tctx, err_msg);
427 2 : } else if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
428 0 : err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed on name - %d",
429 0 : r.out.ctr->ctr1->array[0].status);
430 0 : torture_fail(tctx, err_msg);
431 : }
432 :
433 2 : FQDN_1779_name = r.out.ctr->ctr1->array[0].result_name;
434 :
435 2 : r.in.req->req1.format_offered = DRSUAPI_DS_NAME_FORMAT_GUID;
436 2 : r.in.req->req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
437 2 : names[0].str = priv->domain_guid_str;
438 :
439 2 : torture_comment(tctx, "Testing DsCrackNames with name '%s'"
440 : " offered format: %d desired format:%d\n",
441 : names[0].str,
442 2 : r.in.req->req1.format_offered,
443 2 : r.in.req->req1.format_desired);
444 :
445 2 : status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r);
446 2 : if (!NT_STATUS_IS_OK(status)) {
447 0 : const char *errstr = nt_errstr(status);
448 0 : err_msg = talloc_asprintf(mem_ctx, "dcerpc_drsuapi_DsCrackNames failed - %s", errstr);
449 0 : torture_fail(tctx, err_msg);
450 2 : } else if (!W_ERROR_IS_OK(r.out.result)) {
451 0 : err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed - %s", win_errstr(r.out.result));
452 0 : torture_fail(tctx, err_msg);
453 2 : } else if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
454 0 : err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed on name - %d",
455 0 : r.out.ctr->ctr1->array[0].status);
456 0 : torture_fail(tctx, err_msg);
457 : }
458 :
459 2 : if (strcmp(priv->domain_dns_name, r.out.ctr->ctr1->array[0].dns_domain_name) != 0) {
460 0 : err_msg = talloc_asprintf(mem_ctx,
461 : "DsCrackNames failed to return same DNS name - expected %s got %s",
462 0 : priv->domain_dns_name, r.out.ctr->ctr1->array[0].dns_domain_name);
463 0 : torture_fail(tctx, err_msg);
464 : }
465 :
466 2 : FQDN_1779_dn = ldb_dn_new(mem_ctx, ldb, FQDN_1779_name);
467 :
468 2 : canonical_name = ldb_dn_canonical_string(mem_ctx, FQDN_1779_dn);
469 2 : canonical_ex_name = ldb_dn_canonical_ex_string(mem_ctx, FQDN_1779_dn);
470 :
471 2 : user_principal_name = talloc_asprintf(mem_ctx, "%s$@%s", test_dc, dns_domain);
472 :
473 : /* form up a user@DOMAIN */
474 2 : user_principal_name_short = talloc_asprintf(mem_ctx, "%s$@%s", test_dc, nt4_domain);
475 : /* variable nt4_domain includes a trailing \ */
476 2 : user_principal_name_short[strlen(user_principal_name_short) - 1] = '\0';
477 :
478 2 : service_principal_name = talloc_asprintf(mem_ctx, "HOST/%s", test_dc);
479 : {
480 :
481 0 : struct {
482 : enum drsuapi_DsNameFormat format_offered;
483 : enum drsuapi_DsNameFormat format_desired;
484 : const char *comment;
485 : const char *str;
486 : const char *expected_str;
487 : const char *expected_dns;
488 : enum drsuapi_DsNameStatus status;
489 : enum drsuapi_DsNameStatus alternate_status;
490 : enum drsuapi_DsNameFlags flags;
491 : bool skip;
492 62 : } crack[] = {
493 : {
494 : .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
495 : .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
496 : .str = user_principal_name,
497 : .expected_str = FQDN_1779_name,
498 : .status = DRSUAPI_DS_NAME_STATUS_OK
499 : },
500 : {
501 : .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
502 : .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
503 : .str = user_principal_name_short,
504 : .expected_str = FQDN_1779_name,
505 : .status = DRSUAPI_DS_NAME_STATUS_OK
506 : },
507 : {
508 : .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
509 : .format_desired = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
510 : .str = FQDN_1779_name,
511 : .status = DRSUAPI_DS_NAME_STATUS_NO_MAPPING
512 : },
513 : {
514 : .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
515 : .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
516 : .str = service_principal_name,
517 : .expected_str = FQDN_1779_name,
518 : .status = DRSUAPI_DS_NAME_STATUS_OK
519 : },
520 : {
521 : .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
522 : .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
523 2 : .str = talloc_asprintf(mem_ctx, "cifs/%s.%s", test_dc, dns_domain),
524 : .comment = "ServicePrincipal Name",
525 : .expected_str = FQDN_1779_name,
526 : .status = DRSUAPI_DS_NAME_STATUS_OK
527 : },
528 : {
529 : .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
530 : .format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL,
531 : .str = FQDN_1779_name,
532 : .expected_str = canonical_name,
533 : .status = DRSUAPI_DS_NAME_STATUS_OK
534 : },
535 : {
536 : .format_offered = DRSUAPI_DS_NAME_FORMAT_CANONICAL,
537 : .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
538 : .str = canonical_name,
539 : .expected_str = FQDN_1779_name,
540 : .status = DRSUAPI_DS_NAME_STATUS_OK
541 : },
542 : {
543 : .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
544 : .format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX,
545 : .str = FQDN_1779_name,
546 : .expected_str = canonical_ex_name,
547 : .status = DRSUAPI_DS_NAME_STATUS_OK
548 : },
549 : {
550 : .format_offered = DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX,
551 : .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
552 : .str = canonical_ex_name,
553 : .expected_str = FQDN_1779_name,
554 : .status = DRSUAPI_DS_NAME_STATUS_OK
555 : },
556 : {
557 : .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
558 : .format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL,
559 : .str = FQDN_1779_name,
560 : .comment = "DN to cannoical syntactial only",
561 : .status = DRSUAPI_DS_NAME_STATUS_OK,
562 : .expected_str = canonical_name,
563 : .flags = DRSUAPI_DS_NAME_FLAG_SYNTACTICAL_ONLY
564 : },
565 : {
566 : .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
567 : .format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX,
568 : .str = FQDN_1779_name,
569 : .comment = "DN to cannoical EX syntactial only",
570 : .status = DRSUAPI_DS_NAME_STATUS_OK,
571 : .expected_str = canonical_ex_name,
572 : .flags = DRSUAPI_DS_NAME_FLAG_SYNTACTICAL_ONLY
573 : },
574 : {
575 : .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
576 : .format_desired = DRSUAPI_DS_NAME_FORMAT_DISPLAY,
577 : .str = FQDN_1779_name,
578 : .status = DRSUAPI_DS_NAME_STATUS_OK
579 : },
580 : {
581 : .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
582 : .format_desired = DRSUAPI_DS_NAME_FORMAT_GUID,
583 : .str = FQDN_1779_name,
584 : .status = DRSUAPI_DS_NAME_STATUS_OK
585 : },
586 : {
587 : .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
588 : .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
589 2 : .str = priv->domain_guid_str,
590 : .comment = "Domain GUID to NT4 ACCOUNT",
591 : .expected_str = nt4_domain,
592 : .status = DRSUAPI_DS_NAME_STATUS_OK
593 : },
594 : {
595 : .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
596 : .format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL,
597 2 : .str = priv->domain_guid_str,
598 : .comment = "Domain GUID to Canonical",
599 2 : .expected_str = talloc_asprintf(mem_ctx, "%s/", dns_domain),
600 : .status = DRSUAPI_DS_NAME_STATUS_OK
601 : },
602 : {
603 : .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
604 : .format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX,
605 2 : .str = priv->domain_guid_str,
606 : .comment = "Domain GUID to Canonical EX",
607 2 : .expected_str = talloc_asprintf(mem_ctx, "%s\n", dns_domain),
608 : .status = DRSUAPI_DS_NAME_STATUS_OK
609 : },
610 : {
611 : .format_offered = DRSUAPI_DS_NAME_FORMAT_DISPLAY,
612 : .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
613 : .str = "CN=Microsoft Corporation,L=Redmond,S=Washington,C=US",
614 : .comment = "display name for Microsoft Support Account",
615 : .status = DRSUAPI_DS_NAME_STATUS_OK,
616 : .alternate_status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE,
617 2 : .skip = torture_setting_bool(tctx, "samba4", false)
618 : },
619 : {
620 : .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
621 : .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
622 2 : .str = GUID_string2(mem_ctx, torture_join_user_guid(priv->join)),
623 : .comment = "Account GUID -> DN",
624 : .expected_str = FQDN_1779_name,
625 : .status = DRSUAPI_DS_NAME_STATUS_OK
626 : },
627 : {
628 : .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
629 : .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
630 2 : .str = GUID_string2(mem_ctx, torture_join_user_guid(priv->join)),
631 : .comment = "Account GUID -> NT4 Account",
632 2 : .expected_str = talloc_asprintf(mem_ctx, "%s%s$", nt4_domain, test_dc),
633 : .status = DRSUAPI_DS_NAME_STATUS_OK
634 : },
635 : {
636 : .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
637 : .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
638 2 : .str = GUID_string2(mem_ctx, &priv->dcinfo.site_guid),
639 : .comment = "Site GUID",
640 2 : .expected_str = priv->dcinfo.site_dn,
641 : .status = DRSUAPI_DS_NAME_STATUS_OK
642 : },
643 : {
644 : .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
645 : .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
646 2 : .str = GUID_string2(mem_ctx, &priv->dcinfo.computer_guid),
647 : .comment = "Computer GUID",
648 2 : .expected_str = priv->dcinfo.computer_dn,
649 : .status = DRSUAPI_DS_NAME_STATUS_OK
650 : },
651 : {
652 : .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
653 : .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
654 2 : .str = GUID_string2(mem_ctx, &priv->dcinfo.computer_guid),
655 : .comment = "Computer GUID -> NT4 Account",
656 : .status = DRSUAPI_DS_NAME_STATUS_OK
657 : },
658 : {
659 : .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
660 : .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
661 2 : .str = GUID_string2(mem_ctx, &priv->dcinfo.server_guid),
662 : .comment = "Server GUID",
663 2 : .expected_str = priv->dcinfo.server_dn,
664 : .status = DRSUAPI_DS_NAME_STATUS_OK
665 : },
666 : {
667 : .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
668 : .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
669 2 : .str = GUID_string2(mem_ctx, &priv->dcinfo.ntds_guid),
670 : .comment = "NTDS GUID",
671 2 : .expected_str = priv->dcinfo.ntds_dn,
672 : .status = DRSUAPI_DS_NAME_STATUS_OK,
673 2 : .skip = GUID_all_zero(&priv->dcinfo.ntds_guid)
674 : },
675 : {
676 : .format_offered = DRSUAPI_DS_NAME_FORMAT_DISPLAY,
677 : .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
678 : .str = test_dc,
679 : .comment = "DISPLAY NAME search for DC short name",
680 : .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
681 : },
682 : {
683 : .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
684 : .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
685 2 : .str = talloc_asprintf(mem_ctx, "krbtgt/%s", dns_domain),
686 : .comment = "Looking for KRBTGT as a service principal",
687 : .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY,
688 : .expected_dns = dns_domain
689 : },
690 : {
691 : .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
692 : .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
693 2 : .str = talloc_asprintf(mem_ctx, "bogus/%s", dns_domain),
694 : .comment = "Looking for bogus service principal",
695 : .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY,
696 : .expected_dns = dns_domain
697 : },
698 : {
699 : .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
700 : .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
701 2 : .str = talloc_asprintf(mem_ctx, "bogus/%s.%s", test_dc, dns_domain),
702 : .comment = "Looking for bogus service on test DC",
703 : .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY,
704 2 : .expected_dns = talloc_asprintf(mem_ctx, "%s.%s", test_dc, dns_domain)
705 : },
706 : {
707 : .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
708 : .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
709 2 : .str = talloc_asprintf(mem_ctx, "krbtgt"),
710 : .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
711 : },
712 : {
713 : .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
714 : .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
715 : .comment = "Looking for the kadmin/changepw service as a service principal",
716 2 : .str = talloc_asprintf(mem_ctx, "kadmin/changepw"),
717 : .status = DRSUAPI_DS_NAME_STATUS_OK,
718 2 : .expected_str = talloc_asprintf(mem_ctx, "CN=krbtgt,CN=Users,%s", realm_dn_str),
719 : .alternate_status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
720 : },
721 : {
722 : .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
723 : .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
724 2 : .str = talloc_asprintf(mem_ctx, "cifs/%s.%s@%s",
725 : test_dc, dns_domain,
726 : dns_domain),
727 : .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY
728 : },
729 : {
730 : .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
731 : .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
732 2 : .str = talloc_asprintf(mem_ctx, "cifs/%s.%s@%s",
733 : test_dc, dns_domain,
734 : "BOGUS"),
735 : .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY,
736 : .expected_dns = "BOGUS"
737 : },
738 : {
739 : .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
740 : .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
741 2 : .str = talloc_asprintf(mem_ctx, "cifs/%s.%s@%s",
742 : test_dc, "REALLY",
743 : "BOGUS"),
744 : .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY,
745 : .expected_dns = "BOGUS"
746 : },
747 : {
748 : .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
749 : .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
750 2 : .str = talloc_asprintf(mem_ctx, "cifs/%s.%s",
751 : test_dc, dns_domain),
752 : .status = DRSUAPI_DS_NAME_STATUS_OK
753 : },
754 : {
755 : .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
756 : .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
757 2 : .str = talloc_asprintf(mem_ctx, "cifs/%s",
758 : test_dc),
759 : .status = DRSUAPI_DS_NAME_STATUS_OK
760 : },
761 : {
762 : .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
763 : .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
764 : .str = "NOT A GUID",
765 : .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
766 : },
767 : {
768 : .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
769 : .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
770 : .str = "NOT A SID",
771 : .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
772 : },
773 : {
774 : .format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
775 : .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
776 : .str = "NOT AN NT4 NAME",
777 : .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
778 : },
779 : {
780 : .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
781 : .format_desired = DRSUAPI_DS_NAME_FORMAT_GUID,
782 : .comment = "Unparsable DN",
783 : .str = "NOT A DN",
784 : .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
785 : },
786 : {
787 : .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
788 : .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
789 : .comment = "Unparsable user principal",
790 : .str = "NOT A PRINCIPAL",
791 : .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
792 : },
793 : {
794 : .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
795 : .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
796 : .comment = "Unparsable service principal",
797 : .str = "NOT A SERVICE PRINCIPAL",
798 : .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
799 : },
800 : {
801 : .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
802 : .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
803 : .comment = "BIND GUID (ie, not in the directory)",
804 : .str = DRSUAPI_DS_BIND_GUID,
805 : .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
806 : },
807 : {
808 : .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
809 : .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
810 : .comment = "Unqualified Machine account as user principal",
811 2 : .str = talloc_asprintf(mem_ctx, "%s$", test_dc),
812 : .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
813 : },
814 : {
815 : .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
816 : .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
817 : .comment = "Machine account as service principal",
818 2 : .str = talloc_asprintf(mem_ctx, "%s$", test_dc),
819 : .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
820 : },
821 : {
822 : .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
823 : .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
824 : .comment = "Full Machine account as service principal",
825 : .str = user_principal_name,
826 : .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
827 : },
828 : {
829 : .format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
830 : .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
831 : .comment = "Realm as an NT4 domain lookup",
832 2 : .str = talloc_asprintf(mem_ctx, "%s\\", dns_domain),
833 : .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
834 : },
835 : {
836 : .format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
837 : .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
838 : .comment = "BUILTIN\\ -> DN",
839 : .str = "BUILTIN\\",
840 : .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
841 : },
842 : {
843 : .format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
844 : .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
845 : .comment = "NT AUTHORITY\\ -> DN",
846 : .str = "NT AUTHORITY\\",
847 : .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
848 : },
849 : {
850 : .format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
851 : .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
852 : .comment = "NT AUTHORITY\\ANONYMOUS LOGON -> DN",
853 : .str = "NT AUTHORITY\\ANONYMOUS LOGON",
854 : .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
855 : },
856 : {
857 : .format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
858 : .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
859 : .comment = "NT AUTHORITY\\SYSTEM -> DN",
860 : .str = "NT AUTHORITY\\SYSTEM",
861 : .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
862 : },
863 : {
864 : .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
865 : .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
866 : .comment = "BUILTIN SID -> NT4 account",
867 : .str = SID_BUILTIN,
868 : .status = DRSUAPI_DS_NAME_STATUS_NO_MAPPING,
869 : .alternate_status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
870 : },
871 : {
872 : .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
873 : .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
874 : .str = SID_BUILTIN,
875 : .comment = "Builtin Domain SID -> DN",
876 : .status = DRSUAPI_DS_NAME_STATUS_OK,
877 2 : .expected_str = talloc_asprintf(mem_ctx, "CN=Builtin,%s", realm_dn_str),
878 : .alternate_status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
879 : },
880 : {
881 : .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
882 : .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
883 : .str = SID_BUILTIN_ADMINISTRATORS,
884 : .comment = "Builtin Administrors SID -> DN",
885 : .status = DRSUAPI_DS_NAME_STATUS_OK,
886 : .alternate_status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
887 : },
888 : {
889 : .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
890 : .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
891 : .str = SID_BUILTIN_ADMINISTRATORS,
892 : .comment = "Builtin Administrors SID -> NT4 Account",
893 : .status = DRSUAPI_DS_NAME_STATUS_OK,
894 : .alternate_status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
895 : },
896 : {
897 : .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
898 : .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
899 : .str = SID_NT_ANONYMOUS,
900 : .comment = "NT Anonymous SID -> NT4 Account",
901 : .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
902 : },
903 : {
904 : .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
905 : .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
906 : .str = SID_NT_SYSTEM,
907 : .comment = "NT SYSTEM SID -> NT4 Account",
908 : .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
909 : },
910 : {
911 : .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
912 : .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
913 : .comment = "Domain SID -> DN",
914 : .str = dom_sid,
915 : .expected_str = realm_dn_str,
916 : .status = DRSUAPI_DS_NAME_STATUS_OK
917 : },
918 : {
919 : .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
920 : .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
921 : .comment = "Domain SID -> NT4 account",
922 : .str = dom_sid,
923 : .expected_str = nt4_domain,
924 : .status = DRSUAPI_DS_NAME_STATUS_OK
925 : },
926 : {
927 : .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
928 : .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
929 : .comment = "invalid user principal name",
930 : .str = "foo@bar",
931 : .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY,
932 : .expected_dns = "bar"
933 : },
934 : {
935 : .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
936 : .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
937 : .comment = "invalid user principal name in valid domain",
938 2 : .str = talloc_asprintf(mem_ctx, "invalidusername@%s", dns_domain),
939 : .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
940 : }
941 : };
942 0 : int i;
943 :
944 122 : for (i=0; i < ARRAY_SIZE(crack); i++) {
945 0 : const char *comment;
946 :
947 120 : torture_comment(tctx, "Testing DsCrackNames with name '%s'"
948 : " offered format: %d desired format:%d\n",
949 : crack[i].str,
950 120 : crack[i].format_offered,
951 120 : crack[i].format_desired);
952 :
953 120 : r.in.req->req1.format_flags = crack[i].flags;
954 120 : r.in.req->req1.format_offered = crack[i].format_offered;
955 120 : r.in.req->req1.format_desired = crack[i].format_desired;
956 120 : names[0].str = crack[i].str;
957 :
958 120 : if (crack[i].comment) {
959 82 : comment = talloc_asprintf(mem_ctx,
960 : "'%s' with name '%s' offered format:%d desired format:%d\n",
961 : crack[i].comment, names[0].str,
962 82 : r.in.req->req1.format_offered,
963 82 : r.in.req->req1.format_desired);
964 : } else {
965 38 : comment = talloc_asprintf(mem_ctx, "'%s' offered format:%d desired format:%d\n",
966 : names[0].str,
967 38 : r.in.req->req1.format_offered,
968 38 : r.in.req->req1.format_desired);
969 : }
970 120 : if (crack[i].skip) {
971 4 : torture_comment(tctx, "skipping: %s", comment);
972 4 : continue;
973 : }
974 116 : status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r);
975 116 : if (!NT_STATUS_IS_OK(status)) {
976 0 : const char *errstr = nt_errstr(status);
977 0 : err_msg = talloc_asprintf(mem_ctx, "dcerpc_drsuapi_DsCrackNames failed - %s", errstr);
978 0 : torture_fail(tctx, err_msg);
979 116 : } else if (!W_ERROR_IS_OK(r.out.result)) {
980 0 : err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed - %s", win_errstr(r.out.result));
981 0 : torture_fail(tctx, err_msg);
982 116 : } else if (r.out.ctr->ctr1->array[0].status != crack[i].status) {
983 0 : if (crack[i].alternate_status) {
984 0 : if (r.out.ctr->ctr1->array[0].status != crack[i].alternate_status) {
985 0 : err_msg = talloc_asprintf(mem_ctx,
986 : "DsCrackNames unexpected status %d, wanted %d or %d on: %s",
987 0 : r.out.ctr->ctr1->array[0].status,
988 0 : crack[i].status,
989 0 : crack[i].alternate_status,
990 : comment);
991 0 : torture_fail(tctx, err_msg);
992 : }
993 : } else {
994 0 : err_msg = talloc_asprintf(mem_ctx,
995 : "DsCrackNames unexpected status %d, wanted %d on: %s\n",
996 0 : r.out.ctr->ctr1->array[0].status,
997 0 : crack[i].status,
998 : comment);
999 0 : torture_fail(tctx, err_msg);
1000 : }
1001 116 : } else if (crack[i].expected_str &&
1002 44 : (!r.out.ctr->ctr1->count ||
1003 44 : !r.out.ctr->ctr1->array[0].result_name))
1004 : {
1005 0 : if (!r.out.ctr->ctr1->count) {
1006 0 : err_msg = talloc_asprintf(mem_ctx,
1007 : "DsCrackNames failed - got 0 entries, expected %s on %s",
1008 : crack[i].expected_str, comment);
1009 0 : torture_fail(tctx, err_msg);
1010 : } else {
1011 0 : err_msg = talloc_asprintf(mem_ctx,
1012 : "DsCrackNames failed - got NULL pointer, expected %s on %s",
1013 : crack[i].expected_str, comment);
1014 0 : torture_fail(tctx, err_msg);
1015 : }
1016 116 : } else if (crack[i].expected_str
1017 44 : && (strcmp(r.out.ctr->ctr1->array[0].result_name,
1018 : crack[i].expected_str) != 0))
1019 : {
1020 0 : if (strcasecmp(r.out.ctr->ctr1->array[0].result_name,
1021 : crack[i].expected_str) != 0) {
1022 0 : err_msg = talloc_asprintf(mem_ctx,
1023 : "DsCrackNames failed - got %s, expected %s on %s",
1024 0 : r.out.ctr->ctr1->array[0].result_name,
1025 : crack[i].expected_str, comment);
1026 0 : torture_fail(tctx, err_msg);
1027 : } else {
1028 0 : torture_comment(tctx,
1029 : "(warning) DsCrackNames returned different case - got %s, expected %s on %s\n",
1030 0 : r.out.ctr->ctr1->array[0].result_name,
1031 : crack[i].expected_str, comment);
1032 : }
1033 116 : } else if (crack[i].expected_dns
1034 12 : && (strcmp(r.out.ctr->ctr1->array[0].dns_domain_name,
1035 : crack[i].expected_dns) != 0)) {
1036 0 : err_msg = talloc_asprintf(mem_ctx,
1037 : "DsCrackNames failed - got DNS name %s, expected %s on %s",
1038 0 : r.out.ctr->ctr1->array[0].result_name,
1039 : crack[i].expected_str, comment);
1040 0 : torture_fail(tctx, err_msg);
1041 : }
1042 :
1043 116 : torture_comment(tctx, "Testing DsCrackNames got %s\n", r.out.ctr->ctr1->array[0].result_name);
1044 : }
1045 : }
1046 :
1047 2 : return test_DsCrackNamesMatrix(tctx, priv, FQDN_1779_name,
1048 : user_principal_name, service_principal_name);
1049 : }
1050 :
1051 : /**
1052 : * Test case setup for CrackNames
1053 : */
1054 1 : static bool torture_drsuapi_cracknames_setup(struct torture_context *tctx, void **data)
1055 : {
1056 0 : struct DsCrackNamesPrivate *priv;
1057 :
1058 1 : *data = priv = talloc_zero(tctx, struct DsCrackNamesPrivate);
1059 :
1060 1 : return torture_drsuapi_tcase_setup_common(tctx, &priv->base);
1061 : }
1062 :
1063 : /**
1064 : * Test case tear-down for CrackNames
1065 : */
1066 1 : static bool torture_drsuapi_cracknames_teardown(struct torture_context *tctx, void *data)
1067 : {
1068 1 : struct DsCrackNamesPrivate *priv = talloc_get_type(data, struct DsCrackNamesPrivate);
1069 :
1070 1 : return torture_drsuapi_tcase_teardown_common(tctx, &priv->base);
1071 : }
1072 :
1073 : /**
1074 : * CRACKNAMES test suite implementation
1075 : */
1076 2354 : void torture_rpc_drsuapi_cracknames_tcase(struct torture_suite *suite)
1077 : {
1078 125 : typedef bool (*run_func) (struct torture_context *test, void *tcase_data);
1079 :
1080 2354 : struct torture_tcase *tcase = torture_suite_add_tcase(suite, "cracknames");
1081 :
1082 2354 : torture_tcase_set_fixture(tcase,
1083 : torture_drsuapi_cracknames_setup,
1084 : torture_drsuapi_cracknames_teardown);
1085 :
1086 2354 : torture_tcase_add_simple_test(tcase, "cracknames-test", (run_func)test_DsCrackNames);
1087 2354 : }
|
