source4/torture/rpc/drsuapi.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3
   4    DRSUapi tests
   5
   6    Copyright (C) Andrew Tridgell 2003
   7    Copyright (C) Stefan (metze) Metzmacher 2004
   8
   9    This program is free software; you can redistribute it and/or modify
  10    it under the terms of the GNU General Public License as published by
  11    the Free Software Foundation; either version 2 of the License, or
  12    (at your option) any later version.
  13
  14    This program is distributed in the hope that it will be useful,
  15    but WITHOUT ANY WARRANTY; without even the implied warranty of
  16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17    GNU General Public License for more details.
  18
  19    You should have received a copy of the GNU General Public License
  20    along with this program; if not, write to the Free Software
  21    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  22 */
  23
  24 #include "includes.h"
  25
  26 static BOOL test_DsBind(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
  27                       struct policy_handle *bind_handle)
  28 {
  29         NTSTATUS status;
  30         struct drsuapi_DsBind r;
  31         BOOL ret = True;
  32
  33         r.in.server_guid = NULL;
  34         r.in.bind_info = NULL;
  35         r.out.bind_handle = bind_handle;
  36
  37         printf("testing DsBind\n");
  38
  39         status = dcerpc_drsuapi_DsBind(p, mem_ctx, &r);
  40         if (!NT_STATUS_IS_OK(status)) {
  41                 const char *errstr = nt_errstr(status);
  42                 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
  43                         errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
  44                 }
  45                 printf("dcerpc_drsuapi_DsBind failed - %s\n", errstr);
  46                 ret = False;
  47         } else if (!W_ERROR_IS_OK(r.out.result)) {
  48                 printf("DsBind failed - %s\n", win_errstr(r.out.result));
  49                 ret = False;
  50         }
  51
  52         return ret;
  53 }
  54
  55 static BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
  56                       struct policy_handle *bind_handle)
  57 {
  58         NTSTATUS status;
  59         struct drsuapi_DsCrackNames r;
  60         struct drsuapi_DsNameString names[1];
  61         BOOL ret = True;
  62         const char *dns_domain;
  63         const char *nt4_domain;
  64         const char *FQDN_1779_domain;
  65         const char *FQDN_1779_name;
  66
  67         ZERO_STRUCT(r);
  68         r.in.bind_handle                = bind_handle;
  69         r.in.level                      = 1;
  70         r.in.req.req1.unknown1          = 0x000004e4;
  71         r.in.req.req1.unknown2          = 0x00000407;
  72         r.in.req.req1.count             = 1;
  73         r.in.req.req1.names             = names;
  74         r.in.req.req1.format_flags      = DRSUAPI_DS_NAME_FLAG_NO_FLAGS;
  75
  76         r.in.req.req1.format_offered    = DRSUAPI_DS_NAME_FORMAT_CANONICAL;
  77         r.in.req.req1.format_desired    = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT;
  78         names[0].str = talloc_asprintf(mem_ctx, "%s/", lp_realm());
  79
  80         printf("testing DsCrackNames with name '%s' desired format:%d\n",
  81                         names[0].str, r.in.req.req1.format_desired);
  82
  83         status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r);
  84         if (!NT_STATUS_IS_OK(status)) {
  85                 const char *errstr = nt_errstr(status);
  86                 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
  87                         errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
  88                 }
  89                 printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr);
  90                 ret = False;
  91         } else if (!W_ERROR_IS_OK(r.out.result)) {
  92                 printf("DsCrackNames failed - %s\n", win_errstr(r.out.result));
  93                 ret = False;
  94         }
  95
  96         if (!ret) {
  97                 return ret;
  98         }
  99
 100         dns_domain = r.out.ctr.ctr1->array[0].dns_domain_name;
 101         nt4_domain = r.out.ctr.ctr1->array[0].result_name;
 102
 103         r.in.req.req1.format_offered    = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT;
 104         r.in.req.req1.format_desired    = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
 105         names[0].str = nt4_domain;
 106
 107         printf("testing DsCrackNames with name '%s' desired format:%d\n",
 108                         names[0].str, r.in.req.req1.format_desired);
 109
 110         status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r);
 111         if (!NT_STATUS_IS_OK(status)) {
 112                 const char *errstr = nt_errstr(status);
 113                 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
 114                         errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
 115                 }
 116                 printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr);
 117                 ret = False;
 118         } else if (!W_ERROR_IS_OK(r.out.result)) {
 119                 printf("DsCrackNames failed - %s\n", win_errstr(r.out.result));
 120                 ret = False;
 121         }
 122
 123         if (!ret) {
 124                 return ret;
 125         }
 126
 127         FQDN_1779_domain = r.out.ctr.ctr1->array[0].result_name;
 128
 129         r.in.req.req1.format_offered    = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT;
 130         r.in.req.req1.format_desired    = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
 131         names[0].str = talloc_asprintf(mem_ctx, "%s%s$", nt4_domain, dcerpc_server_name(p));
 132
 133         printf("testing DsCrackNames with name '%s' desired format:%d\n",
 134                         names[0].str, r.in.req.req1.format_desired);
 135
 136         status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r);
 137         if (!NT_STATUS_IS_OK(status)) {
 138                 const char *errstr = nt_errstr(status);
 139                 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
 140                         errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
 141                 }
 142                 printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr);
 143                 ret = False;
 144         } else if (!W_ERROR_IS_OK(r.out.result)) {
 145                 printf("DsCrackNames failed - %s\n", win_errstr(r.out.result));
 146                 ret = False;
 147         }
 148
 149         if (!ret) {
 150                 return ret;
 151         }
 152
 153         FQDN_1779_name = r.out.ctr.ctr1->array[0].result_name;
 154
 155         r.in.req.req1.format_offered    = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
 156         r.in.req.req1.format_desired    = DRSUAPI_DS_NAME_FORMAT_CANONICAL;
 157         names[0].str = FQDN_1779_name;
 158
 159         printf("testing DsCrackNames with name '%s' desired format:%d\n",
 160                         names[0].str, r.in.req.req1.format_desired);
 161
 162         status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r);
 163         if (!NT_STATUS_IS_OK(status)) {
 164                 const char *errstr = nt_errstr(status);
 165                 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
 166                         errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
 167                 }
 168                 printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr);
 169                 ret = False;
 170         } else if (!W_ERROR_IS_OK(r.out.result)) {
 171                 printf("DsCrackNames failed - %s\n", win_errstr(r.out.result));
 172                 ret = False;
 173         }
 174
 175         if (!ret) {
 176                 return ret;
 177         }
 178
 179         r.in.req.req1.format_desired    = DRSUAPI_DS_NAME_FORMAT_DISPLAY;
 180
 181         printf("testing DsCrackNames with name '%s' desired format:%d\n",
 182                         names[0].str, r.in.req.req1.format_desired);
 183
 184         status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r);
 185         if (!NT_STATUS_IS_OK(status)) {
 186                 const char *errstr = nt_errstr(status);
 187                 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
 188                         errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
 189                 }
 190                 printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr);
 191                 ret = False;
 192         } else if (!W_ERROR_IS_OK(r.out.result)) {
 193                 printf("DsCrackNames failed - %s\n", win_errstr(r.out.result));
 194                 ret = False;
 195         }
 196
 197         if (!ret) {
 198                 return ret;
 199         }
 200
 201         r.in.req.req1.format_desired    = DRSUAPI_DS_NAME_FORMAT_GUID;
 202
 203         printf("testing DsCrackNames with name '%s' desired format:%d\n",
 204                         names[0].str, r.in.req.req1.format_desired);
 205
 206         status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r);
 207         if (!NT_STATUS_IS_OK(status)) {
 208                 const char *errstr = nt_errstr(status);
 209                 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
 210                         errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
 211                 }
 212                 printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr);
 213                 ret = False;
 214         } else if (!W_ERROR_IS_OK(r.out.result)) {
 215                 printf("DsCrackNames failed - %s\n", win_errstr(r.out.result));
 216                 ret = False;
 217         }
 218
 219         if (!ret) {
 220                 return ret;
 221         }
 222
 223         r.in.req.req1.format_desired    = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL;
 224
 225         printf("testing DsCrackNames with name '%s' desired format:%d\n",
 226                         names[0].str, r.in.req.req1.format_desired);
 227
 228         status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r);
 229         if (!NT_STATUS_IS_OK(status)) {
 230                 const char *errstr = nt_errstr(status);
 231                 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
 232                         errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
 233                 }
 234                 printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr);
 235                 ret = False;
 236         } else if (!W_ERROR_IS_OK(r.out.result)) {
 237                 printf("DsCrackNames failed - %s\n", win_errstr(r.out.result));
 238                 ret = False;
 239         }
 240
 241         if (!ret) {
 242                 return ret;
 243         }
 244
 245         r.in.req.req1.format_desired    = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL;
 246
 247         printf("testing DsCrackNames with name '%s' desired format:%d\n",
 248                         names[0].str, r.in.req.req1.format_desired);
 249
 250         status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r);
 251         if (!NT_STATUS_IS_OK(status)) {
 252                 const char *errstr = nt_errstr(status);
 253                 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
 254                         errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
 255                 }
 256                 printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr);
 257                 ret = False;
 258         } else if (!W_ERROR_IS_OK(r.out.result)) {
 259                 printf("DsCrackNames failed - %s\n", win_errstr(r.out.result));
 260                 ret = False;
 261         }
 262
 263         if (!ret) {
 264                 return ret;
 265         }
 266
 267         return ret;
 268 }
 269
 270 static BOOL test_DsGetDCInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
 271                       struct policy_handle *bind_handle)
 272 {
 273         NTSTATUS status;
 274         struct drsuapi_DsGetDomainControllerInfo r;
 275         BOOL ret = True;
 276
 277         r.in.bind_handle = bind_handle;
 278         r.in.level = 1;
 279
 280         r.in.req.req1.domain_name = talloc_strdup(mem_ctx, lp_realm());
 281         r.in.req.req1.level = 1;
 282
 283         printf("testing DsGetDomainControllerInfo level %d on domainname '%s'\n",
 284                         r.in.req.req1.level, r.in.req.req1.domain_name);
 285
 286         status = dcerpc_drsuapi_DsGetDomainControllerInfo(p, mem_ctx, &r);
 287         if (!NT_STATUS_IS_OK(status)) {
 288                 const char *errstr = nt_errstr(status);
 289                 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
 290                         errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
 291                 }
 292                 printf("dcerpc_drsuapi_DsGetDomainControllerInfo level %d\n"
 293                         "    with dns domain failed - %s\n",
 294                         r.in.req.req1.level, errstr);
 295                 ret = False;
 296         } else if (!W_ERROR_IS_OK(r.out.result)) {
 297                 printf("DsGetDomainControllerInfo level %d\n"
 298                         "    with dns domain failed - %s\n",
 299                         r.in.req.req1.level, win_errstr(r.out.result));
 300                 ret = False;
 301         }
 302
 303         r.in.req.req1.level = 2;
 304
 305         printf("testing DsGetDomainControllerInfo level %d on domainname '%s'\n",
 306                         r.in.req.req1.level, r.in.req.req1.domain_name);
 307
 308         status = dcerpc_drsuapi_DsGetDomainControllerInfo(p, mem_ctx, &r);
 309         if (!NT_STATUS_IS_OK(status)) {
 310                 const char *errstr = nt_errstr(status);
 311                 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
 312                         errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
 313                 }
 314                 printf("dcerpc_drsuapi_DsGetDomainControllerInfo level %d\n"
 315                         "    with dns domain failed - %s\n",
 316                         r.in.req.req1.level, errstr);
 317                 ret = False;
 318         } else if (!W_ERROR_IS_OK(r.out.result)) {
 319                 printf("DsGetDomainControllerInfo level %d\n"
 320                         "    with dns domain failed - %s\n",
 321                         r.in.req.req1.level, win_errstr(r.out.result));
 322                 ret = False;
 323         }
 324
 325         r.in.req.req1.level = -1;
 326
 327         printf("testing DsGetDomainControllerInfo level %d on domainname '%s'\n",
 328                         r.in.req.req1.level, r.in.req.req1.domain_name);
 329
 330         status = dcerpc_drsuapi_DsGetDomainControllerInfo(p, mem_ctx, &r);
 331         if (!NT_STATUS_IS_OK(status)) {
 332                 const char *errstr = nt_errstr(status);
 333                 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
 334                         errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
 335                 }
 336                 printf("dcerpc_drsuapi_DsGetDomainControllerInfo level %d\n"
 337                         "    with dns domain failed - %s\n",
 338                         r.in.req.req1.level, errstr);
 339                 ret = False;
 340         } else if (!W_ERROR_IS_OK(r.out.result)) {
 341                 printf("DsGetDomainControllerInfo level %d\n"
 342                         "    with dns domain failed - %s\n",
 343                         r.in.req.req1.level, win_errstr(r.out.result));
 344                 ret = False;
 345         }
 346
 347         r.in.req.req1.domain_name = talloc_strdup(mem_ctx, lp_workgroup());
 348         r.in.req.req1.level = 2;
 349
 350         printf("testing DsGetDomainControllerInfo level %d on domainname '%s'\n",
 351                         r.in.req.req1.level, r.in.req.req1.domain_name);
 352
 353         status = dcerpc_drsuapi_DsGetDomainControllerInfo(p, mem_ctx, &r);
 354         if (!NT_STATUS_IS_OK(status)) {
 355                 const char *errstr = nt_errstr(status);
 356                 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
 357                         errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
 358                 }
 359                 printf("dcerpc_drsuapi_DsGetDomainControllerInfo level %d\n"
 360                         "    with netbios domain failed - %s\n",
 361                         r.in.req.req1.level, errstr);
 362                 ret = False;
 363         } else if (!W_ERROR_IS_OK(r.out.result)) {
 364                 printf("DsGetDomainControllerInfo level %d\n"
 365                         "    with netbios domain failed - %s\n",
 366                         r.in.req.req1.level, win_errstr(r.out.result));
 367                 ret = False;
 368         }
 369
 370         r.in.req.req1.domain_name = "__UNKNOWN_DOMAIN__";
 371         r.in.req.req1.level = 2;
 372
 373         printf("testing DsGetDomainControllerInfo level %d on domainname '%s'\n",
 374                         r.in.req.req1.level, r.in.req.req1.domain_name);
 375
 376         status = dcerpc_drsuapi_DsGetDomainControllerInfo(p, mem_ctx, &r);
 377         if (!NT_STATUS_IS_OK(status)) {
 378                 const char *errstr = nt_errstr(status);
 379                 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
 380                         errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
 381                 }
 382                 printf("dcerpc_drsuapi_DsGetDomainControllerInfo level %d\n"
 383                         "    with invalid domain failed - %s\n",
 384                         r.in.req.req1.level, errstr);
 385                 ret = False;
 386         } else if (!W_ERROR_EQUAL(r.out.result, WERR_DS_OBJ_NOT_FOUND)) {
 387                 printf("DsGetDomainControllerInfo level %d\n"
 388                         "    with invalid domain not expected error (WERR_DS_OBJ_NOT_FOUND) - %s\n",
 389                         r.in.req.req1.level, win_errstr(r.out.result));
 390                 ret = False;
 391         }
 392
 393         return ret;
 394 }
 395
 396 static BOOL test_DsUnbind(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
 397                         struct policy_handle *bind_handle)
 398 {
 399         NTSTATUS status;
 400         struct drsuapi_DsUnbind r;
 401         BOOL ret = True;
 402
 403         r.in.bind_handle = bind_handle;
 404         r.out.bind_handle = bind_handle;
 405
 406         printf("testing DsUnbind\n");
 407
 408         status = dcerpc_drsuapi_DsUnbind(p, mem_ctx, &r);
 409         if (!NT_STATUS_IS_OK(status)) {
 410                 const char *errstr = nt_errstr(status);
 411                 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
 412                         errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
 413                 }
 414                 printf("dcerpc_drsuapi_DsUnbind failed - %s\n", errstr);
 415                 ret = False;
 416         } else if (!W_ERROR_IS_OK(r.out.result)) {
 417                 printf("DsBind failed - %s\n", win_errstr(r.out.result));
 418                 ret = False;
 419         }
 420
 421         return ret;
 422 }
 423
 424 BOOL torture_rpc_drsuapi(void)
 425 {
 426         NTSTATUS status;
 427         struct dcerpc_pipe *p;
 428         TALLOC_CTX *mem_ctx;
 429         BOOL ret = True;
 430         struct policy_handle bind_handle;
 431
 432         status = torture_rpc_connection(&p,
 433                                         DCERPC_DRSUAPI_NAME,
 434                                         DCERPC_DRSUAPI_UUID,
 435                                         DCERPC_DRSUAPI_VERSION);
 436         if (!NT_STATUS_IS_OK(status)) {
 437                 return False;
 438         }
 439
 440         printf("Connected to DRAUAPI pipe\n");
 441
 442         mem_ctx = talloc_init("torture_rpc_drsuapi");
 443
 444         if (!test_DsBind(p, mem_ctx, &bind_handle)) {
 445                 ret = False;
 446         }
 447
 448         if (!test_DsGetDCInfo(p, mem_ctx, &bind_handle)) {
 449                 ret = False;
 450         }
 451
 452         if (!test_DsCrackNames(p, mem_ctx, &bind_handle)) {
 453                 ret = False;
 454         }
 455
 456         if (!test_DsUnbind(p, mem_ctx, &bind_handle)) {
 457                 ret = False;
 458         }
 459
 460 #if 0
 461         if (!test_scan(p, mem_ctx)) {
 462                 ret = False;
 463         }
 464 #endif
 465         talloc_destroy(mem_ctx);
 466
 467         torture_rpc_close(p);
 468
 469         return ret;
 470 }