2 Unix SMB/CIFS implementation.
6 Copyright (C) Andrew Tridgell 2003
7 Copyright (C) Stefan (metze) Metzmacher 2004
8 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
25 #include "torture/torture.h"
26 #include "librpc/gen_ndr/ndr_drsuapi_c.h"
27 #include "torture/rpc/rpc.h"
28 #include "ldb/include/ldb.h"
29 #include "libcli/security/security.h"
31 static BOOL test_DsCrackNamesMatrix(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
32 struct DsPrivate *priv, const char *dn,
33 const char *user_principal_name, const char *service_principal_name)
39 struct drsuapi_DsCrackNames r;
40 enum drsuapi_DsNameFormat formats[] = {
41 DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
42 DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
43 DRSUAPI_DS_NAME_FORMAT_DISPLAY,
44 DRSUAPI_DS_NAME_FORMAT_GUID,
45 DRSUAPI_DS_NAME_FORMAT_CANONICAL,
46 DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
47 DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX,
48 DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
49 DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
50 DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN
52 struct drsuapi_DsNameString names[ARRAY_SIZE(formats)];
55 const char *n_matrix[ARRAY_SIZE(formats)][ARRAY_SIZE(formats)];
56 const char *n_from[ARRAY_SIZE(formats)];
59 r.in.bind_handle = &priv->bind_handle;
61 r.in.req.req1.codepage = 1252; /* german */
62 r.in.req.req1.language = 0x00000407; /* german */
63 r.in.req.req1.count = 1;
64 r.in.req.req1.names = names;
65 r.in.req.req1.format_flags = DRSUAPI_DS_NAME_FLAG_NO_FLAGS;
69 for (i = 0; i < ARRAY_SIZE(formats); i++) {
70 r.in.req.req1.format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
71 r.in.req.req1.format_desired = formats[i];
73 status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r);
74 if (!NT_STATUS_IS_OK(status)) {
75 const char *errstr = nt_errstr(status);
76 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
77 errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
79 printf("testing DsCrackNames (matrix prep) with name '%s' from format: %d desired format:%d ",
80 names[0].str, r.in.req.req1.format_offered, r.in.req.req1.format_desired);
82 printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr);
84 } else if (!W_ERROR_IS_OK(r.out.result)) {
85 printf("testing DsCrackNames (matrix prep) with name '%s' from format: %d desired format:%d ",
86 names[0].str, r.in.req.req1.format_offered, r.in.req.req1.format_desired);
88 printf("DsCrackNames failed - %s\n", win_errstr(r.out.result));
96 case DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL:
97 if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE) {
98 printf(__location__ ": Unexpected error (%d): This name lookup should fail\n",
99 r.out.ctr.ctr1->array[0].status);
102 printf ("(expected) error\n");
104 case DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL:
105 if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_NO_MAPPING) {
106 printf(__location__ ": Unexpected error (%d): This name lookup should fail\n",
107 r.out.ctr.ctr1->array[0].status);
110 printf ("(expected) error\n");
112 case DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN:
113 case DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY:
114 if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR) {
115 printf(__location__ ": Unexpected error (%d): This name lookup should fail\n",
116 r.out.ctr.ctr1->array[0].status);
119 printf ("(expected) error\n");
122 if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
123 printf("Error: %d\n", r.out.ctr.ctr1->array[0].status);
128 switch (formats[i]) {
129 case DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL:
130 n_from[i] = user_principal_name;
132 case DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL:
133 n_from[i] = service_principal_name;
135 case DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY:
136 case DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN:
140 n_from[i] = r.out.ctr.ctr1->array[0].result_name;
141 printf("%s\n", n_from[i]);
145 for (i = 0; i < ARRAY_SIZE(formats); i++) {
146 for (j = 0; j < ARRAY_SIZE(formats); j++) {
147 r.in.req.req1.format_offered = formats[i];
148 r.in.req.req1.format_desired = formats[j];
150 n_matrix[i][j] = NULL;
153 names[0].str = n_from[i];
154 status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r);
155 if (!NT_STATUS_IS_OK(status)) {
156 const char *errstr = nt_errstr(status);
157 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
158 errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
160 printf("testing DsCrackNames (matrix) with name '%s' from format: %d desired format:%d failed - %s",
161 names[0].str, r.in.req.req1.format_offered, r.in.req.req1.format_desired, errstr);
163 } else if (!W_ERROR_IS_OK(r.out.result)) {
164 printf("testing DsCrackNames (matrix) with name '%s' from format: %d desired format:%d failed - %s",
165 names[0].str, r.in.req.req1.format_offered, r.in.req.req1.format_desired,
166 win_errstr(r.out.result));
173 if (r.out.ctr.ctr1->array[0].status == DRSUAPI_DS_NAME_STATUS_OK) {
174 n_matrix[i][j] = r.out.ctr.ctr1->array[0].result_name;
176 n_matrix[i][j] = NULL;
181 for (i = 0; i < ARRAY_SIZE(formats); i++) {
182 for (j = 0; j < ARRAY_SIZE(formats); j++) {
183 if (n_matrix[i][j] == n_from[j]) {
185 /* We don't have a from name for these yet (and we can't map to them to find it out) */
186 } else if (n_matrix[i][j] == NULL && n_from[i] == NULL) {
188 /* we can't map to these two */
189 } else if (n_matrix[i][j] == NULL && formats[j] == DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL) {
190 } else if (n_matrix[i][j] == NULL && formats[j] == DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL) {
191 } else if (n_matrix[i][j] == NULL && n_from[j] != NULL) {
192 printf("dcerpc_drsuapi_DsCrackNames mismatch - from %d to %d: %s should be %s\n", formats[i], formats[j], n_matrix[i][j], n_from[j]);
194 } else if (n_matrix[i][j] != NULL && n_from[j] == NULL) {
195 printf("dcerpc_drsuapi_DsCrackNames mismatch - from %d to %d: %s should be %s\n", formats[i], formats[j], n_matrix[i][j], n_from[j]);
197 } else if (strcmp(n_matrix[i][j], n_from[j]) != 0) {
198 printf("dcerpc_drsuapi_DsCrackNames mismatch - from %d to %d: %s should be %s\n", formats[i], formats[j], n_matrix[i][j], n_from[j]);
206 BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
207 struct DsPrivate *priv)
210 struct drsuapi_DsCrackNames r;
211 struct drsuapi_DsNameString names[1];
213 const char *dns_domain;
214 const char *nt4_domain;
215 const char *FQDN_1779_name;
216 struct ldb_context *ldb;
217 struct ldb_dn *FQDN_1779_dn;
218 struct ldb_dn *realm_dn;
219 const char *realm_dn_str;
220 const char *realm_canonical;
221 const char *realm_canonical_ex;
222 const char *user_principal_name;
223 char *user_principal_name_short;
224 const char *service_principal_name;
225 const char *canonical_name;
226 const char *canonical_ex_name;
228 const char *test_dc = torture_join_netbios_name(priv->join);
231 r.in.bind_handle = &priv->bind_handle;
233 r.in.req.req1.codepage = 1252; /* german */
234 r.in.req.req1.language = 0x00000407; /* german */
235 r.in.req.req1.count = 1;
236 r.in.req.req1.names = names;
237 r.in.req.req1.format_flags = DRSUAPI_DS_NAME_FLAG_NO_FLAGS;
239 r.in.req.req1.format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY;
240 r.in.req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT;
242 dom_sid = dom_sid_string(mem_ctx, torture_join_sid(priv->join));
244 names[0].str = dom_sid;
246 printf("testing DsCrackNames with name '%s' desired format:%d\n",
247 names[0].str, r.in.req.req1.format_desired);
249 status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r);
250 if (!NT_STATUS_IS_OK(status)) {
251 const char *errstr = nt_errstr(status);
252 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
253 errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
255 printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr);
257 } else if (!W_ERROR_IS_OK(r.out.result)) {
258 printf("DsCrackNames failed - %s\n", win_errstr(r.out.result));
260 } else if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
261 printf("DsCrackNames failed on name - %d\n", r.out.ctr.ctr1->array[0].status);
269 dns_domain = r.out.ctr.ctr1->array[0].dns_domain_name;
270 nt4_domain = r.out.ctr.ctr1->array[0].result_name;
272 r.in.req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_GUID;
274 printf("testing DsCrackNames with name '%s' desired format:%d\n",
275 names[0].str, r.in.req.req1.format_desired);
277 status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r);
278 if (!NT_STATUS_IS_OK(status)) {
279 const char *errstr = nt_errstr(status);
280 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
281 errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
283 printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr);
285 } else if (!W_ERROR_IS_OK(r.out.result)) {
286 printf("DsCrackNames failed - %s\n", win_errstr(r.out.result));
288 } else if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
289 printf("DsCrackNames failed on name - %d\n", r.out.ctr.ctr1->array[0].status);
297 priv->domain_dns_name = r.out.ctr.ctr1->array[0].dns_domain_name;
298 priv->domain_guid_str = r.out.ctr.ctr1->array[0].result_name;
299 GUID_from_string(priv->domain_guid_str, &priv->domain_guid);
301 r.in.req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
303 printf("testing DsCrackNames with name '%s' desired format:%d\n",
304 names[0].str, r.in.req.req1.format_desired);
306 status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r);
307 if (!NT_STATUS_IS_OK(status)) {
308 const char *errstr = nt_errstr(status);
309 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
310 errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
312 printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr);
314 } else if (!W_ERROR_IS_OK(r.out.result)) {
315 printf("DsCrackNames failed - %s\n", win_errstr(r.out.result));
317 } else if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
318 printf("DsCrackNames failed on name - %d\n", r.out.ctr.ctr1->array[0].status);
326 ldb = ldb_init(mem_ctx);
328 realm_dn_str = r.out.ctr.ctr1->array[0].result_name;
329 realm_dn = ldb_dn_new(mem_ctx, ldb, realm_dn_str);
330 realm_canonical = ldb_dn_canonical_string(mem_ctx, realm_dn);
332 if (strcmp(realm_canonical,
333 talloc_asprintf(mem_ctx, "%s/", dns_domain))!= 0) {
334 printf("local Round trip on canonical name failed: %s != %s!\n",
336 talloc_asprintf(mem_ctx, "%s/", dns_domain));
340 realm_canonical_ex = ldb_dn_canonical_ex_string(mem_ctx, realm_dn);
342 if (strcmp(realm_canonical_ex,
343 talloc_asprintf(mem_ctx, "%s\n", dns_domain))!= 0) {
344 printf("local Round trip on canonical ex name failed: %s != %s!\n",
346 talloc_asprintf(mem_ctx, "%s\n", dns_domain));
350 r.in.req.req1.format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT;
351 r.in.req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
352 names[0].str = nt4_domain;
354 printf("testing DsCrackNames with name '%s' desired format:%d\n",
355 names[0].str, r.in.req.req1.format_desired);
357 status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r);
358 if (!NT_STATUS_IS_OK(status)) {
359 const char *errstr = nt_errstr(status);
360 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
361 errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
363 printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr);
365 } else if (!W_ERROR_IS_OK(r.out.result)) {
366 printf("DsCrackNames failed - %s\n", win_errstr(r.out.result));
368 } else if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
369 printf("DsCrackNames failed on name - %d\n", r.out.ctr.ctr1->array[0].status);
377 priv->domain_obj_dn = r.out.ctr.ctr1->array[0].result_name;
379 r.in.req.req1.format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT;
380 r.in.req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
381 names[0].str = talloc_asprintf(mem_ctx, "%s%s$", nt4_domain, test_dc);
383 printf("testing DsCrackNames with name '%s' desired format:%d\n",
384 names[0].str, r.in.req.req1.format_desired);
386 status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r);
387 if (!NT_STATUS_IS_OK(status)) {
388 const char *errstr = nt_errstr(status);
389 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
390 errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
392 printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr);
394 } else if (!W_ERROR_IS_OK(r.out.result)) {
395 printf("DsCrackNames failed - %s\n", win_errstr(r.out.result));
397 } else if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
398 printf("DsCrackNames failed on name - %d\n", r.out.ctr.ctr1->array[0].status);
406 FQDN_1779_name = r.out.ctr.ctr1->array[0].result_name;
408 r.in.req.req1.format_offered = DRSUAPI_DS_NAME_FORMAT_GUID;
409 r.in.req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
410 names[0].str = priv->domain_guid_str;
412 printf("testing DsCrackNames with name '%s' desired format:%d\n",
413 names[0].str, r.in.req.req1.format_desired);
415 status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r);
416 if (!NT_STATUS_IS_OK(status)) {
417 const char *errstr = nt_errstr(status);
418 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
419 errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
421 printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr);
423 } else if (!W_ERROR_IS_OK(r.out.result)) {
424 printf("DsCrackNames failed - %s\n", win_errstr(r.out.result));
426 } else if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
427 printf("DsCrackNames failed on name - %d\n", r.out.ctr.ctr1->array[0].status);
435 if (strcmp(priv->domain_dns_name, r.out.ctr.ctr1->array[0].dns_domain_name) != 0) {
436 printf("DsCrackNames failed to return same DNS name - expected %s got %s\n", priv->domain_dns_name, r.out.ctr.ctr1->array[0].dns_domain_name);
440 FQDN_1779_dn = ldb_dn_new(mem_ctx, ldb, FQDN_1779_name);
442 canonical_name = ldb_dn_canonical_string(mem_ctx, FQDN_1779_dn);
443 canonical_ex_name = ldb_dn_canonical_ex_string(mem_ctx, FQDN_1779_dn);
445 user_principal_name = talloc_asprintf(mem_ctx, "%s$@%s", test_dc, dns_domain);
447 /* form up a user@DOMAIN */
448 user_principal_name_short = talloc_asprintf(mem_ctx, "%s$@%s", test_dc, nt4_domain);
449 /* variable nt4_domain includs a trailing \ */
450 user_principal_name_short[strlen(user_principal_name_short) - 1] = '\0';
452 service_principal_name = talloc_asprintf(mem_ctx, "HOST/%s", test_dc);
456 enum drsuapi_DsNameFormat format_offered;
457 enum drsuapi_DsNameFormat format_desired;
460 const char *expected_str;
461 const char *expected_dns;
462 enum drsuapi_DsNameStatus status;
463 enum drsuapi_DsNameStatus alternate_status;
464 enum drsuapi_DsNameFlags flags;
468 .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
469 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
470 .str = user_principal_name,
471 .expected_str = FQDN_1779_name,
472 .status = DRSUAPI_DS_NAME_STATUS_OK
475 .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
476 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
477 .str = user_principal_name_short,
478 .expected_str = FQDN_1779_name,
479 .status = DRSUAPI_DS_NAME_STATUS_OK
482 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
483 .format_desired = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
484 .str = FQDN_1779_name,
485 .status = DRSUAPI_DS_NAME_STATUS_NO_MAPPING
488 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
489 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
490 .str = service_principal_name,
491 .expected_str = FQDN_1779_name,
492 .status = DRSUAPI_DS_NAME_STATUS_OK
495 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
496 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
497 .str = talloc_asprintf(mem_ctx, "cifs/%s.%s", test_dc, dns_domain),
498 .comment = "ServicePrincipal Name",
499 .expected_str = FQDN_1779_name,
500 .status = DRSUAPI_DS_NAME_STATUS_OK
503 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
504 .format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL,
505 .str = FQDN_1779_name,
506 .expected_str = canonical_name,
507 .status = DRSUAPI_DS_NAME_STATUS_OK
510 .format_offered = DRSUAPI_DS_NAME_FORMAT_CANONICAL,
511 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
512 .str = canonical_name,
513 .expected_str = FQDN_1779_name,
514 .status = DRSUAPI_DS_NAME_STATUS_OK
517 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
518 .format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX,
519 .str = FQDN_1779_name,
520 .expected_str = canonical_ex_name,
521 .status = DRSUAPI_DS_NAME_STATUS_OK
524 .format_offered = DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX,
525 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
526 .str = canonical_ex_name,
527 .expected_str = FQDN_1779_name,
528 .status = DRSUAPI_DS_NAME_STATUS_OK
531 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
532 .format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL,
533 .str = FQDN_1779_name,
534 .comment = "DN to cannoical syntactial only",
535 .status = DRSUAPI_DS_NAME_STATUS_OK,
536 .expected_str = canonical_name,
537 .flags = DRSUAPI_DS_NAME_FLAG_SYNTACTICAL_ONLY
540 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
541 .format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX,
542 .str = FQDN_1779_name,
543 .comment = "DN to cannoical EX syntactial only",
544 .status = DRSUAPI_DS_NAME_STATUS_OK,
545 .expected_str = canonical_ex_name,
546 .flags = DRSUAPI_DS_NAME_FLAG_SYNTACTICAL_ONLY
549 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
550 .format_desired = DRSUAPI_DS_NAME_FORMAT_DISPLAY,
551 .str = FQDN_1779_name,
552 .status = DRSUAPI_DS_NAME_STATUS_OK
555 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
556 .format_desired = DRSUAPI_DS_NAME_FORMAT_GUID,
557 .str = FQDN_1779_name,
558 .status = DRSUAPI_DS_NAME_STATUS_OK
561 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
562 .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
563 .str = priv->domain_guid_str,
564 .comment = "Domain GUID to NT4 ACCOUNT",
565 .expected_str = nt4_domain,
566 .status = DRSUAPI_DS_NAME_STATUS_OK
569 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
570 .format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL,
571 .str = priv->domain_guid_str,
572 .comment = "Domain GUID to Canonical",
573 .expected_str = talloc_asprintf(mem_ctx, "%s/", dns_domain),
574 .status = DRSUAPI_DS_NAME_STATUS_OK
577 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
578 .format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX,
579 .str = priv->domain_guid_str,
580 .comment = "Domain GUID to Canonical EX",
581 .expected_str = talloc_asprintf(mem_ctx, "%s\n", dns_domain),
582 .status = DRSUAPI_DS_NAME_STATUS_OK
585 .format_offered = DRSUAPI_DS_NAME_FORMAT_DISPLAY,
586 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
587 .str = "CN=Microsoft Corporation,L=Redmond,S=Washington,C=US",
588 .comment = "display name for Microsoft Support Account",
589 .status = DRSUAPI_DS_NAME_STATUS_OK,
590 .alternate_status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE,
591 .skip = lp_parm_bool(-1, "torture", "samba4", False)
594 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
595 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
596 .str = GUID_string2(mem_ctx, torture_join_user_guid(priv->join)),
597 .comment = "Account GUID -> DN",
598 .expected_str = FQDN_1779_name,
599 .status = DRSUAPI_DS_NAME_STATUS_OK
602 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
603 .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
604 .str = GUID_string2(mem_ctx, torture_join_user_guid(priv->join)),
605 .comment = "Account GUID -> NT4 Account",
606 .expected_str = talloc_asprintf(mem_ctx, "%s%s$", nt4_domain, test_dc),
607 .status = DRSUAPI_DS_NAME_STATUS_OK
610 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
611 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
612 .str = GUID_string2(mem_ctx, &priv->dcinfo.site_guid),
613 .comment = "Site GUID",
614 .expected_str = priv->dcinfo.site_dn,
615 .status = DRSUAPI_DS_NAME_STATUS_OK
618 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
619 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
620 .str = GUID_string2(mem_ctx, &priv->dcinfo.computer_guid),
621 .comment = "Computer GUID",
622 .expected_str = priv->dcinfo.computer_dn,
623 .status = DRSUAPI_DS_NAME_STATUS_OK
626 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
627 .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
628 .str = GUID_string2(mem_ctx, &priv->dcinfo.computer_guid),
629 .comment = "Computer GUID -> NT4 Account",
630 .status = DRSUAPI_DS_NAME_STATUS_OK
633 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
634 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
635 .str = GUID_string2(mem_ctx, &priv->dcinfo.server_guid),
636 .comment = "Server GUID",
637 .expected_str = priv->dcinfo.server_dn,
638 .status = DRSUAPI_DS_NAME_STATUS_OK
641 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
642 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
643 .str = GUID_string2(mem_ctx, &priv->dcinfo.ntds_guid),
644 .comment = "NTDS GUID",
645 .expected_str = priv->dcinfo.ntds_dn,
646 .status = DRSUAPI_DS_NAME_STATUS_OK,
647 .skip = GUID_all_zero(&priv->dcinfo.ntds_guid)
650 .format_offered = DRSUAPI_DS_NAME_FORMAT_DISPLAY,
651 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
653 .comment = "DISLPAY NAME search for DC short name",
654 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
657 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
658 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
659 .str = talloc_asprintf(mem_ctx, "krbtgt/%s", dns_domain),
660 .comment = "Looking for KRBTGT as a serivce principal",
661 .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY,
662 .expected_dns = dns_domain
665 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
666 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
667 .str = talloc_asprintf(mem_ctx, "bogus/%s", dns_domain),
668 .comment = "Looking for bogus serivce principal",
669 .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY,
670 .expected_dns = dns_domain
673 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
674 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
675 .str = talloc_asprintf(mem_ctx, "bogus/%s.%s", test_dc, dns_domain),
676 .comment = "Looking for bogus serivce on test DC",
677 .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY,
678 .expected_dns = talloc_asprintf(mem_ctx, "%s.%s", test_dc, dns_domain)
681 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
682 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
683 .str = talloc_asprintf(mem_ctx, "krbtgt"),
684 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
687 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
688 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
689 .comment = "Looking for the kadmin/changepw service as a serivce principal",
690 .str = talloc_asprintf(mem_ctx, "kadmin/changepw"),
691 .status = DRSUAPI_DS_NAME_STATUS_OK,
692 .expected_str = talloc_asprintf(mem_ctx, "CN=krbtgt,CN=Users,%s", realm_dn_str),
693 .alternate_status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
696 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
697 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
698 .str = talloc_asprintf(mem_ctx, "cifs/%s.%s@%s",
701 .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY
704 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
705 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
706 .str = talloc_asprintf(mem_ctx, "cifs/%s.%s@%s",
709 .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY,
710 .expected_dns = "BOGUS"
713 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
714 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
715 .str = talloc_asprintf(mem_ctx, "cifs/%s.%s@%s",
718 .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY,
719 .expected_dns = "BOGUS"
722 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
723 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
724 .str = talloc_asprintf(mem_ctx, "cifs/%s.%s",
725 test_dc, dns_domain),
726 .status = DRSUAPI_DS_NAME_STATUS_OK
729 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
730 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
731 .str = talloc_asprintf(mem_ctx, "cifs/%s",
733 .status = DRSUAPI_DS_NAME_STATUS_OK
736 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
737 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
739 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
742 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
743 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
745 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
748 .format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
749 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
750 .str = "NOT AN NT4 NAME",
751 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
754 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
755 .format_desired = DRSUAPI_DS_NAME_FORMAT_GUID,
756 .comment = "Unparsable DN",
758 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
761 .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
762 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
763 .comment = "Unparsable user principal",
764 .str = "NOT A PRINCIPAL",
765 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
768 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
769 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
770 .comment = "Unparsable service principal",
771 .str = "NOT A SERVICE PRINCIPAL",
772 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
775 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
776 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
777 .comment = "BIND GUID (ie, not in the directory)",
778 .str = GUID_string2(mem_ctx, &priv->bind_guid),
779 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
782 .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
783 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
784 .comment = "Unqualified Machine account as user principal",
785 .str = talloc_asprintf(mem_ctx, "%s$", test_dc),
786 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
789 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
790 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
791 .comment = "Machine account as service principal",
792 .str = talloc_asprintf(mem_ctx, "%s$", test_dc),
793 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
796 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
797 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
798 .comment = "Full Machine account as service principal",
799 .str = user_principal_name,
800 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
803 .format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
804 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
805 .comment = "Realm as an NT4 domain lookup",
806 .str = talloc_asprintf(mem_ctx, "%s\\", dns_domain),
807 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
810 .format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
811 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
812 .comment = "BUILTIN\\ -> DN",
814 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
817 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
818 .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
819 .comment = "BUITIN SID -> NT4 account",
821 .status = DRSUAPI_DS_NAME_STATUS_NO_MAPPING,
822 .alternate_status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
825 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
826 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
828 .comment = "Builtin Domain SID -> DN",
829 .status = DRSUAPI_DS_NAME_STATUS_OK,
830 .expected_str = talloc_asprintf(mem_ctx, "CN=Builtin,%s", realm_dn_str),
831 .alternate_status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
834 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
835 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
836 .str = SID_BUILTIN_ADMINISTRATORS,
837 .comment = "Builtin Administrors SID -> DN",
838 .status = DRSUAPI_DS_NAME_STATUS_OK,
839 .alternate_status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
842 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
843 .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
844 .str = SID_BUILTIN_ADMINISTRATORS,
845 .comment = "Builtin Administrors SID -> NT4 Account",
846 .status = DRSUAPI_DS_NAME_STATUS_OK,
847 .alternate_status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
850 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
851 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
852 .comment = "Domain SID -> DN",
854 .expected_str = realm_dn_str,
855 .status = DRSUAPI_DS_NAME_STATUS_OK
858 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
859 .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
860 .comment = "Domain SID -> NT4 account",
862 .expected_str = nt4_domain,
863 .status = DRSUAPI_DS_NAME_STATUS_OK
866 .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
867 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
868 .comment = "invalid user principal name",
870 .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY,
871 .expected_dns = "bar"
874 .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
875 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
876 .comment = "invalid user principal name in valid domain",
877 .str = talloc_asprintf(mem_ctx, "invalidusername@%s", dns_domain),
878 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
883 for (i=0; i < ARRAY_SIZE(crack); i++) {
885 r.in.req.req1.format_flags = crack[i].flags;
886 r.in.req.req1.format_offered = crack[i].format_offered;
887 r.in.req.req1.format_desired = crack[i].format_desired;
888 names[0].str = crack[i].str;
890 if (crack[i].comment) {
891 comment = talloc_asprintf(mem_ctx, "'%s' with name '%s' desired format:%d\n",
892 crack[i].comment, names[0].str, r.in.req.req1.format_desired);
894 comment = talloc_asprintf(mem_ctx, "'%s' desired format:%d\n",
895 names[0].str, r.in.req.req1.format_desired);
898 printf("skipping: %s", comment);
901 status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r);
902 if (!NT_STATUS_IS_OK(status)) {
903 const char *errstr = nt_errstr(status);
904 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
905 errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
907 printf("dcerpc_drsuapi_DsCrackNames failed on %s - %s\n", comment, errstr);
909 } else if (!W_ERROR_IS_OK(r.out.result)) {
910 printf("DsCrackNames failed - %s\n", win_errstr(r.out.result));
912 } else if (r.out.ctr.ctr1->array[0].status != crack[i].status) {
913 if (crack[i].alternate_status) {
914 if (r.out.ctr.ctr1->array[0].status != crack[i].alternate_status) {
915 printf("DsCrackNames unexpected status %d, wanted %d or %d on: %s\n",
916 r.out.ctr.ctr1->array[0].status,
918 crack[i].alternate_status,
923 printf("DsCrackNames unexpected status %d, wanted %d on: %s\n",
924 r.out.ctr.ctr1->array[0].status,
929 } else if (crack[i].expected_str
930 && (strcmp(r.out.ctr.ctr1->array[0].result_name,
931 crack[i].expected_str) != 0)) {
932 if (strcasecmp(r.out.ctr.ctr1->array[0].result_name,
933 crack[i].expected_str) != 0) {
934 printf("DsCrackNames failed - got %s, expected %s on %s\n",
935 r.out.ctr.ctr1->array[0].result_name,
936 crack[i].expected_str, comment);
939 printf("(warning) DsCrackNames returned different case - got %s, expected %s on %s\n",
940 r.out.ctr.ctr1->array[0].result_name,
941 crack[i].expected_str, comment);
943 } else if (crack[i].expected_dns
944 && (strcmp(r.out.ctr.ctr1->array[0].dns_domain_name,
945 crack[i].expected_dns) != 0)) {
946 printf("DsCrackNames failed - got DNS name %s, expected %s on %s\n",
947 r.out.ctr.ctr1->array[0].result_name,
948 crack[i].expected_str, comment);
954 if (!test_DsCrackNamesMatrix(p, mem_ctx, priv, FQDN_1779_name,
955 user_principal_name, service_principal_name)) {