[size_is(length)] uint8 data[];
} drsuapi_DsBindInfo;
+ /* this is a magic guid you need to pass to DsBind to make drsuapi_DsWriteAccountSpn() work */
+ const string DRSUAPI_DS_BIND_GUID = "e24d201a-4fd6-11d1-a3da-0000f875ae0d";
+
WERROR drsuapi_DsBind(
- [in] GUID *server_guid,
+ [in] GUID *bind_guid,
[in,out] drsuapi_DsBindInfo *bind_info,
[out,ref] policy_handle *bind_handle
);
);
/*****************/
- /* Function 0x0d */
- WERROR DRSUAPI_WRITE_SPN();
+ /* Function 0x0d */
+ typedef enum {
+ DRSUAPI_DS_SPN_OPERATION_ADD = 0,
+ DRSUAPI_DS_SPN_OPERATION_REPLACE= 1,
+ DRSUAPI_DS_SPN_OPERATION_DELETE = 2
+ } drsuapi_DsSpnOperation;
+
+ typedef struct {
+ int32 operation;
+ int32 unknown1;
+ unistr *object_dn;
+ [range(0,10000)] uint32 count;
+ [size_is(count)] drsuapi_DsNameString *spn_names;
+ } drsuapi_DsWriteAccountSpnRequest1;
+
+ typedef union {
+ [case(1)] drsuapi_DsWriteAccountSpnRequest1 req1;
+ } drsuapi_DsWriteAccountSpnRequest;
+
+ typedef struct {
+ WERROR status;
+ } drsuapi_DsWriteAccountSpnResult1;
+
+ typedef union {
+ [case(1)] drsuapi_DsWriteAccountSpnResult1 res1;
+ } drsuapi_DsWriteAccountSpnResult;
+
+ WERROR drsuapi_DsWriteAccountSpn(
+ [in,ref] policy_handle *bind_handle,
+ [in, out] uint32 level,
+ [in,switch_is(level)] drsuapi_DsWriteAccountSpnRequest req,
+ [out,switch_is(level)] drsuapi_DsWriteAccountSpnResult res
+ );
/*****************/
/* Function 0x0e */
struct DsPrivate {
struct policy_handle bind_handle;
+ struct GUID bind_guid;
const char *domain_guid_str;
struct drsuapi_DsGetDCInfo2 dcinfo;
};
struct drsuapi_DsBind r;
BOOL ret = True;
- r.in.server_guid = NULL;
+ GUID_from_string(DRSUAPI_DS_BIND_GUID, &priv->bind_guid);
+
+ r.in.bind_guid = &priv->bind_guid;
r.in.bind_info = NULL;
r.out.bind_handle = &priv->bind_handle;
return ret;
}
+ r.in.req.req1.format_offered = DRSUAPI_DS_NAME_FORMAT_GUID;
+ r.in.req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
names[0].str = GUID_string2(mem_ctx, &priv->dcinfo.server_guid);
printf("testing DsCrackNames with Server GUID '%s' desired format:%d\n",
return ret;
}
+ r.in.req.req1.format_offered = DRSUAPI_DS_NAME_FORMAT_GUID;
+ r.in.req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
names[0].str = GUID_string2(mem_ctx, &priv->dcinfo.ntds_guid);
printf("testing DsCrackNames with NTDS GUID '%s' desired format:%d\n",
return ret;
}
+ r.in.req.req1.format_offered = DRSUAPI_DS_NAME_FORMAT_GUID;
+ r.in.req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
+ names[0].str = GUID_string2(mem_ctx, &priv->bind_guid);
+
+ printf("testing DsCrackNames with NTDS GUID '%s' desired format:%d\n",
+ names[0].str, r.in.req.req1.format_desired);
+
+ status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r);
+ if (!NT_STATUS_IS_OK(status)) {
+ const char *errstr = nt_errstr(status);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
+ errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
+ }
+ printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr);
+ ret = False;
+ } else if (!W_ERROR_IS_OK(r.out.result)) {
+ printf("DsCrackNames failed - %s\n", win_errstr(r.out.result));
+ ret = False;
+ }
+
+ if (!ret) {
+ return ret;
+ }
+
return ret;
}
return ret;
}
+static BOOL test_DsWriteAccountSpn(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+ struct DsPrivate *priv)
+{
+ NTSTATUS status;
+ struct drsuapi_DsWriteAccountSpn r;
+ struct drsuapi_DsNameString names[2];
+ BOOL ret = True;
+
+ r.in.bind_handle = &priv->bind_handle;
+ r.in.level = 1;
+
+ printf("testing DsWriteAccountSpn\n");
+
+ r.in.req.req1.operation = DRSUAPI_DS_SPN_OPERATION_ADD;
+ r.in.req.req1.unknown1 = 0;
+ r.in.req.req1.object_dn = priv->dcinfo.computer_dn;
+ r.in.req.req1.count = 2;
+ r.in.req.req1.spn_names = names;
+ names[0].str = talloc_asprintf(mem_ctx, "smbtortureSPN/%s",priv->dcinfo.netbios_name);
+ names[1].str = talloc_asprintf(mem_ctx, "smbtortureSPN/%s",priv->dcinfo.dns_name);
+
+ status = dcerpc_drsuapi_DsWriteAccountSpn(p, mem_ctx, &r);
+ if (!NT_STATUS_IS_OK(status)) {
+ const char *errstr = nt_errstr(status);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
+ errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
+ }
+ printf("dcerpc_drsuapi_DsWriteAccountSpn failed - %s\n", errstr);
+ ret = False;
+ } else if (!W_ERROR_IS_OK(r.out.result)) {
+ printf("DsWriteAccountSpn failed - %s\n", win_errstr(r.out.result));
+ ret = False;
+ }
+
+ r.in.req.req1.operation = DRSUAPI_DS_SPN_OPERATION_DELETE;
+ r.in.req.req1.unknown1 = 0;
+
+ status = dcerpc_drsuapi_DsWriteAccountSpn(p, mem_ctx, &r);
+ if (!NT_STATUS_IS_OK(status)) {
+ const char *errstr = nt_errstr(status);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
+ errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
+ }
+ printf("dcerpc_drsuapi_DsWriteAccountSpn failed - %s\n", errstr);
+ ret = False;
+ } else if (!W_ERROR_IS_OK(r.out.result)) {
+ printf("DsWriteAccountSpn failed - %s\n", win_errstr(r.out.result));
+ ret = False;
+ }
+
+ return ret;
+}
+
static BOOL test_DsUnbind(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct DsPrivate *priv)
{
ret = False;
}
+ if (!test_DsWriteAccountSpn(p, mem_ctx, &priv)) {
+ ret = False;
+ }
+
if (!test_DsUnbind(p, mem_ctx, &priv)) {
ret = False;
}
git.samba.org / samba.git / commitdiff