uint32_t format_flags, uint32_t format_offered, uint32_t format_desired,
const char *name, struct drsuapi_DsNameInfo1 *info1);
+static WERROR DsCrackNameOneSyntactical(TALLOC_CTX *mem_ctx,
+ uint32_t format_offered, uint32_t format_desired,
+ const struct ldb_dn *name_dn, const char *name,
+ struct drsuapi_DsNameInfo1 *info1);
+
static enum drsuapi_DsNameStatus LDB_lookup_spn_alias(krb5_context context, struct ldb_context *ldb_ctx,
TALLOC_CTX *mem_ctx,
const char *alias_from,
mapping = talloc_strdup(mem_ctx,
(const char *)spnmappings->values[i].data);
if (!mapping) {
- DEBUG(1, ("LDB_lookup_spn_alias: ldb_search: dn: %s did not have an sPNMapping", service_dn_str));
+ DEBUG(1, ("LDB_lookup_spn_alias: ldb_search: dn: %s did not have an sPNMapping\n", service_dn_str));
return DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
}
p = strchr(mapping, '=');
if (!p) {
- DEBUG(1, ("ldb_search: dn: %s sPNMapping malformed: %s",
+ DEBUG(1, ("ldb_search: dn: %s sPNMapping malformed: %s\n",
service_dn_str, mapping));
return DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
}
}
} while (p);
}
- DEBUG(1, ("LDB_lookup_spn_alias: no alias for service %s applicable", alias_from));
+ DEBUG(1, ("LDB_lookup_spn_alias: no alias for service %s applicable\n", alias_from));
return DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
}
}
/* grab cifs/, http/ etc */
+
+ /* This is checked for in callers, but be safe */
if (principal->name.name_string.len < 2) {
- DEBUG(5, ("could not find principal in DB, alias not applicable"));
info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
return WERR_OK;
}
return WERR_NOMEM;
}
+ /* reform principal */
ret = krb5_unparse_name_norealm(smb_krb5_context->krb5_context, principal, &new_princ);
krb5_free_principal(smb_krb5_context->krb5_context, principal);
return WERR_NOMEM;
}
- /* reform principal */
wret = DsCrackNameOneName(b_state, mem_ctx, format_flags, format_offered, format_desired,
new_princ, info1);
free(new_princ);
return WERR_OK;
}
- ret = krb5_parse_name(smb_krb5_context->krb5_context, name, &principal);
+ ret = krb5_parse_name_mustrealm(smb_krb5_context->krb5_context, name, &principal);
if (ret) {
info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
return WERR_OK;
WERR_TALLOC_CHECK(result_filter);
break;
}
+ case DRSUAPI_DS_NAME_FORMAT_DISPLAY: {
+ domain_filter = NULL;
+
+ result_filter = talloc_asprintf(mem_ctx, "(|(displayName=%s)(samAccountName=%s))",
+ name, name);
+ WERR_TALLOC_CHECK(result_filter);
+ break;
+ }
case DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY: {
struct dom_sid *sid = dom_sid_parse_talloc(mem_ctx, name);
krb5_principal principal;
char *unparsed_name_short;
ret = krb5_parse_name_norealm(smb_krb5_context->krb5_context, name, &principal);
- if (ret) {
+ if (ret || (principal->name.name_string.len < 2)) {
info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
return WERR_OK;
}
-
+
domain_filter = NULL;
ret = krb5_unparse_name_norealm(smb_krb5_context->krb5_context, principal, &unparsed_name_short);
}
}
+
+ if (format_flags & DRSUAPI_DS_NAME_FLAG_SYNTACTICAL_ONLY) {
+ return DsCrackNameOneSyntactical(mem_ctx, format_offered, format_desired,
+ name_dn, name, info1);
+ }
return DsCrackNameOneFilter(b_state, mem_ctx,
smb_krb5_context,
info1);
}
+static WERROR DsCrackNameOneSyntactical(TALLOC_CTX *mem_ctx,
+ uint32_t format_offered, uint32_t format_desired,
+ const struct ldb_dn *name_dn, const char *name,
+ struct drsuapi_DsNameInfo1 *info1)
+{
+ char *cracked;
+ if (format_offered != DRSUAPI_DS_NAME_FORMAT_FQDN_1779) {
+ info1->status = DRSUAPI_DS_NAME_STATUS_NO_SYNTACTICAL_MAPPING;
+ return WERR_OK;
+ }
+
+ switch (format_desired) {
+ case DRSUAPI_DS_NAME_FORMAT_CANONICAL:
+ cracked = ldb_dn_canonical_string(mem_ctx, name_dn);
+ break;
+ case DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX:
+ cracked = ldb_dn_canonical_ex_string(mem_ctx, name_dn);
+ break;
+ default:
+ info1->status = DRSUAPI_DS_NAME_STATUS_NO_SYNTACTICAL_MAPPING;
+ return WERR_OK;
+ }
+ info1->status = DRSUAPI_DS_NAME_STATUS_OK;
+ info1->result_name = cracked;
+ if (!cracked) {
+ return WERR_NOMEM;
+ }
+
+ return WERR_OK;
+
+}
+
static WERROR DsCrackNameOneFilter(struct drsuapi_bind_state *b_state, TALLOC_CTX *mem_ctx,
struct smb_krb5_context *smb_krb5_context,
uint32_t format_flags, uint32_t format_offered, uint32_t format_desired,
/* here we need to set the attrs lists for domain and result lookups */
switch (format_desired) {
- case DRSUAPI_DS_NAME_FORMAT_FQDN_1779: {
- const char * const _domain_attrs[] = { "ncName", "dnsRoot", NULL};
- const char * const _result_attrs[] = { "distinguishedName", NULL};
-
- domain_attrs = _domain_attrs;
- result_attrs = _result_attrs;
- break;
- }
- case DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT: {
- const char * const _domain_attrs[] = { "ncName", "dnsRoot", "nETBIOSName", NULL};
- const char * const _result_attrs[] = { "sAMAccountName", "objectSid", NULL};
-
- domain_attrs = _domain_attrs;
- result_attrs = _result_attrs;
- break;
- }
- case DRSUAPI_DS_NAME_FORMAT_GUID: {
- const char * const _domain_attrs[] = { "ncName", "dnsRoot", NULL};
- const char * const _result_attrs[] = { "objectGUID", NULL};
-
- domain_attrs = _domain_attrs;
- result_attrs = _result_attrs;
- break;
- }
- default:
- return WERR_OK;
+ case DRSUAPI_DS_NAME_FORMAT_FQDN_1779:
+ case DRSUAPI_DS_NAME_FORMAT_CANONICAL:
+ case DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX: {
+ const char * const _domain_attrs[] = { "ncName", "dnsRoot", NULL};
+ const char * const _result_attrs[] = { NULL};
+
+ domain_attrs = _domain_attrs;
+ result_attrs = _result_attrs;
+ break;
+ }
+ case DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT: {
+ const char * const _domain_attrs[] = { "ncName", "dnsRoot", "nETBIOSName", NULL};
+ const char * const _result_attrs[] = { "sAMAccountName", "objectSid", NULL};
+
+ domain_attrs = _domain_attrs;
+ result_attrs = _result_attrs;
+ break;
+ }
+ case DRSUAPI_DS_NAME_FORMAT_GUID: {
+ const char * const _domain_attrs[] = { "ncName", "dnsRoot", NULL};
+ const char * const _result_attrs[] = { "objectGUID", NULL};
+
+ domain_attrs = _domain_attrs;
+ result_attrs = _result_attrs;
+ break;
+ }
+ case DRSUAPI_DS_NAME_FORMAT_DISPLAY: {
+ const char * const _domain_attrs[] = { "ncName", "dnsRoot", NULL};
+ const char * const _result_attrs[] = { "displayName", "samAccountName", NULL};
+
+ domain_attrs = _domain_attrs;
+ result_attrs = _result_attrs;
+ break;
+ }
+ default:
+ return WERR_OK;
}
if (domain_filter) {
format_flags, format_offered, format_desired,
name, info1);
}
- break;
+ info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
+ return WERR_OK;
case -1:
info1->status = DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR;
return WERR_OK;
info1->status = DRSUAPI_DS_NAME_STATUS_OK;
return WERR_OK;
}
+ case DRSUAPI_DS_NAME_FORMAT_CANONICAL:
+ return DsCrackNameOneSyntactical(mem_ctx,
+ DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+ DRSUAPI_DS_NAME_FORMAT_CANONICAL,
+ result_res[0]->dn, name, info1);
+ case DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX:
+ return DsCrackNameOneSyntactical(mem_ctx,
+ DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+ DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX,
+ result_res[0]->dn, name, info1);
case DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT: {
const struct dom_sid *sid = samdb_result_dom_sid(mem_ctx, result_res[0], "objectSid");
const char *_acc = "", *_dom = "";
info1->status = DRSUAPI_DS_NAME_STATUS_OK;
return WERR_OK;
}
+ case DRSUAPI_DS_NAME_FORMAT_DISPLAY: {
+ info1->result_name = samdb_result_string(result_res[0], "displayName", NULL);
+ if (!info1->result_name) {
+ info1->result_name = samdb_result_string(result_res[0], "sAMAccountName", NULL);
+ }
+ if (!info1->result_name) {
+ info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
+ } else {
+ info1->status = DRSUAPI_DS_NAME_STATUS_OK;
+ }
+ return WERR_OK;
+ }
default:
return WERR_OK;
}
#include "includes.h"
#include "librpc/gen_ndr/ndr_drsuapi.h"
#include "torture/rpc/drsuapi.h"
+#include "ldb/include/ldb.h"
static BOOL test_DsCrackNamesMatrix(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct DsPrivate *priv, const char *dn,
NTSTATUS status;
BOOL ret = True;
struct drsuapi_DsCrackNames r;
- struct drsuapi_DsNameString names[1];
enum drsuapi_DsNameFormat formats[] = {
DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN
};
+ struct drsuapi_DsNameString names[ARRAY_SIZE(formats)];
int i, j;
const char *n_matrix[ARRAY_SIZE(formats)][ARRAY_SIZE(formats)];
const char *dns_domain;
const char *nt4_domain;
const char *FQDN_1779_name;
+ struct ldb_dn *FQDN_1779_dn;
+ struct ldb_dn *realm_dn;
+ const char *realm_canonical;
+ const char *realm_canonical_ex;
const char *user_principal_name;
const char *service_principal_name;
const char *canonical_name;
if (!ret) {
return ret;
}
+
+ realm_dn = ldb_dn_explode(mem_ctx, r.out.ctr.ctr1->array[0].result_name);
+ realm_canonical = ldb_dn_canonical_string(mem_ctx, realm_dn);
+
+ if (strcmp(realm_canonical,
+ talloc_asprintf(mem_ctx, "%s/", lp_realm()))!= 0) {
+ printf("local Round trip on canonical name failed: %s != %s!\n",
+ realm_canonical,
+ talloc_asprintf(mem_ctx, "%s/", lp_realm()));
+ return False;
+ };
+
+ realm_canonical_ex = ldb_dn_canonical_ex_string(mem_ctx, realm_dn);
+
+ if (strcmp(realm_canonical_ex,
+ talloc_asprintf(mem_ctx, "%s\n", lp_realm()))!= 0) {
+ printf("local Round trip on canonical ex name failed: %s != %s!\n",
+ realm_canonical,
+ talloc_asprintf(mem_ctx, "%s\n", lp_realm()));
+ return False;
+ };
r.in.req.req1.format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT;
r.in.req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
FQDN_1779_name = r.out.ctr.ctr1->array[0].result_name;
- r.in.req.req1.format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT;
- r.in.req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL;
- names[0].str = talloc_asprintf(mem_ctx, "%s%s$", nt4_domain, test_dc);
-
- printf("testing DsCrackNames with name '%s' desired format:%d\n",
- names[0].str, r.in.req.req1.format_desired);
-
- status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r);
- if (!NT_STATUS_IS_OK(status)) {
- const char *errstr = nt_errstr(status);
- if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
- errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
- }
- printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr);
- ret = False;
- } else if (!W_ERROR_IS_OK(r.out.result)) {
- printf("DsCrackNames failed - %s\n", win_errstr(r.out.result));
- ret = False;
- } else if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
- printf("DsCrackNames failed on name - %d\n", r.out.ctr.ctr1->array[0].status);
- ret = False;
- }
+ FQDN_1779_dn = ldb_dn_explode(mem_ctx, FQDN_1779_name);
- if (!ret) {
- return ret;
- }
-
- canonical_name = r.out.ctr.ctr1->array[0].result_name;
-
- r.in.req.req1.format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT;
- r.in.req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX;
- names[0].str = talloc_asprintf(mem_ctx, "%s%s$", nt4_domain, test_dc);
-
- printf("testing DsCrackNames with name '%s' desired format:%d\n",
- names[0].str, r.in.req.req1.format_desired);
-
- status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r);
- if (!NT_STATUS_IS_OK(status)) {
- const char *errstr = nt_errstr(status);
- if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
- errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
- }
- printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr);
- ret = False;
- } else if (!W_ERROR_IS_OK(r.out.result)) {
- printf("DsCrackNames failed - %s\n", win_errstr(r.out.result));
- ret = False;
- } else if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
- printf("DsCrackNames failed on name - %d\n", r.out.ctr.ctr1->array[0].status);
- ret = False;
- }
-
- if (!ret) {
- return ret;
- }
-
- canonical_ex_name = r.out.ctr.ctr1->array[0].result_name;
+ canonical_name = ldb_dn_canonical_string(mem_ctx, FQDN_1779_dn);
+ canonical_ex_name = ldb_dn_canonical_ex_string(mem_ctx, FQDN_1779_dn);
user_principal_name = talloc_asprintf(mem_ctx, "%s$@%s", test_dc, dns_domain);
service_principal_name = talloc_asprintf(mem_ctx, "HOST/%s", test_dc);
printf("DsCrackNames failed - %s\n", win_errstr(r.out.result));
ret = False;
} else if (r.out.ctr.ctr1->array[0].status != crack[i].status) {
- printf("DsCrackNames unexpected error %d, wanted %d on name: %s\n",
+ printf("DsCrackNames unexpected status %d, wanted %d on name: %s\n",
r.out.ctr.ctr1->array[0].status,
crack[i].status,
crack[i].str);
ret = False;
- }
- if (crack[i].expected_str
- && (strcmp(r.out.ctr.ctr1->array[0].result_name,
- crack[i].expected_str) != 0)) {
+ } else if (crack[i].expected_str
+ && (strcmp(r.out.ctr.ctr1->array[0].result_name,
+ crack[i].expected_str) != 0)) {
printf("DsCrackNames failed - got %s, expected %s\n",
r.out.ctr.ctr1->array[0].result_name,
crack[i].expected_str);