2 Unix SMB/CIFS implementation.
6 Copyright (C) Andrew Tridgell 2003
7 Copyright (C) Stefan (metze) Metzmacher 2004
8 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 2 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program; if not, write to the Free Software
22 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
26 #include "librpc/gen_ndr/ndr_drsuapi.h"
27 #include "torture/rpc/drsuapi.h"
29 static BOOL test_DsCrackNamesMatrix(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
30 struct DsPrivate *priv, const char *dn,
31 const char *user_principal_name, const char *service_principal_name)
37 struct drsuapi_DsCrackNames r;
38 struct drsuapi_DsNameString names[1];
39 enum drsuapi_DsNameFormat formats[] = {
40 DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
41 DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
42 DRSUAPI_DS_NAME_FORMAT_DISPLAY,
43 DRSUAPI_DS_NAME_FORMAT_GUID,
44 DRSUAPI_DS_NAME_FORMAT_CANONICAL,
45 DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
46 DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX,
47 DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
48 DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
49 DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN
53 const char *n_matrix[ARRAY_SIZE(formats)][ARRAY_SIZE(formats)];
54 const char *n_from[ARRAY_SIZE(formats)];
57 r.in.bind_handle = &priv->bind_handle;
59 r.in.req.req1.unknown1 = 0x000004e4;
60 r.in.req.req1.unknown2 = 0x00000407;
61 r.in.req.req1.count = 1;
62 r.in.req.req1.names = names;
63 r.in.req.req1.format_flags = DRSUAPI_DS_NAME_FLAG_NO_FLAGS;
67 for (i = 0; i < ARRAY_SIZE(formats); i++) {
68 r.in.req.req1.format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
69 r.in.req.req1.format_desired = formats[i];
71 printf("testing DsCrackNames (matrix prep) with name '%s' from format: %d desired format:%d ",
72 names[0].str, r.in.req.req1.format_offered, r.in.req.req1.format_desired);
74 status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r);
75 if (!NT_STATUS_IS_OK(status)) {
76 const char *errstr = nt_errstr(status);
77 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
78 errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
80 printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr);
82 } else if (!W_ERROR_IS_OK(r.out.result)) {
83 printf("DsCrackNames failed - %s\n", win_errstr(r.out.result));
91 case DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL:
92 if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE) {
93 printf(__location__ ": Unexpected error (%d): This name lookup should fail\n",
94 r.out.ctr.ctr1->array[0].status);
97 printf ("(expected) error\n");
99 case DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL:
100 if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_NO_MAPPING) {
101 printf(__location__ ": Unexpected error (%d): This name lookup should fail\n",
102 r.out.ctr.ctr1->array[0].status);
105 printf ("(expected) error\n");
107 case DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN:
108 case DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY:
109 if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR) {
110 printf(__location__ ": Unexpected error (%d): This name lookup should fail\n",
111 r.out.ctr.ctr1->array[0].status);
114 printf ("(expected) error\n");
117 if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
118 printf("Error: %d\n", r.out.ctr.ctr1->array[0].status);
123 switch (formats[i]) {
124 case DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL:
125 n_from[i] = user_principal_name;
127 case DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL:
128 n_from[i] = service_principal_name;
130 case DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY:
131 case DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN:
135 n_from[i] = r.out.ctr.ctr1->array[0].result_name;
136 printf("%s\n", n_from[i]);
140 for (i = 0; i < ARRAY_SIZE(formats); i++) {
141 for (j = 0; j < ARRAY_SIZE(formats); j++) {
142 r.in.req.req1.format_offered = formats[i];
143 r.in.req.req1.format_desired = formats[j];
145 n_matrix[i][j] = NULL;
148 names[0].str = n_from[i];
149 status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r);
150 if (!NT_STATUS_IS_OK(status)) {
151 const char *errstr = nt_errstr(status);
152 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
153 errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
155 printf("testing DsCrackNames (matrix) with name '%s' from format: %d desired format:%d failed - %s",
156 names[0].str, r.in.req.req1.format_offered, r.in.req.req1.format_desired, errstr);
158 } else if (!W_ERROR_IS_OK(r.out.result)) {
159 printf("testing DsCrackNames (matrix) with name '%s' from format: %d desired format:%d failed - %s",
160 names[0].str, r.in.req.req1.format_offered, r.in.req.req1.format_desired,
161 win_errstr(r.out.result));
168 if (r.out.ctr.ctr1->array[0].status == DRSUAPI_DS_NAME_STATUS_OK) {
169 n_matrix[i][j] = r.out.ctr.ctr1->array[0].result_name;
171 n_matrix[i][j] = NULL;
176 for (i = 0; i < ARRAY_SIZE(formats); i++) {
177 for (j = 0; j < ARRAY_SIZE(formats); j++) {
178 if (n_matrix[i][j] == n_from[j]) {
180 /* We don't have a from name for these yet (and we can't map to them to find it out) */
181 } else if (n_matrix[i][j] == NULL && n_from[i] == NULL) {
183 /* we can't map to these two */
184 } else if (n_matrix[i][j] == NULL && formats[j] == DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL) {
185 } else if (n_matrix[i][j] == NULL && formats[j] == DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL) {
186 } else if (n_matrix[i][j] == NULL && n_from[j] != NULL) {
187 printf("dcerpc_drsuapi_DsCrackNames mismatch - from %d to %d: %s should be %s\n", formats[i], formats[j], n_matrix[i][j], n_from[j]);
189 } else if (n_matrix[i][j] != NULL && n_from[j] == NULL) {
190 printf("dcerpc_drsuapi_DsCrackNames mismatch - from %d to %d: %s should be %s\n", formats[i], formats[j], n_matrix[i][j], n_from[j]);
192 } else if (strcmp(n_matrix[i][j], n_from[j]) != 0) {
193 printf("dcerpc_drsuapi_DsCrackNames mismatch - from %d to %d: %s should be %s\n", formats[i], formats[j], n_matrix[i][j], n_from[j]);
201 BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
202 struct DsPrivate *priv, const char *test_dc)
205 struct drsuapi_DsCrackNames r;
206 struct drsuapi_DsNameString names[1];
208 const char *dns_domain;
209 const char *nt4_domain;
210 const char *FQDN_1779_name;
211 const char *user_principal_name;
212 const char *service_principal_name;
213 const char *canonical_name;
214 const char *canonical_ex_name;
217 r.in.bind_handle = &priv->bind_handle;
219 r.in.req.req1.unknown1 = 0x000004e4;
220 r.in.req.req1.unknown2 = 0x00000407;
221 r.in.req.req1.count = 1;
222 r.in.req.req1.names = names;
223 r.in.req.req1.format_flags = DRSUAPI_DS_NAME_FLAG_NO_FLAGS;
225 r.in.req.req1.format_offered = DRSUAPI_DS_NAME_FORMAT_CANONICAL;
226 r.in.req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT;
227 names[0].str = talloc_asprintf(mem_ctx, "%s/", lp_realm());
229 printf("testing DsCrackNames with name '%s' desired format:%d\n",
230 names[0].str, r.in.req.req1.format_desired);
232 status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r);
233 if (!NT_STATUS_IS_OK(status)) {
234 const char *errstr = nt_errstr(status);
235 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
236 errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
238 printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr);
240 } else if (!W_ERROR_IS_OK(r.out.result)) {
241 printf("DsCrackNames failed - %s\n", win_errstr(r.out.result));
243 } else if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
244 printf("DsCrackNames failed on name - %d\n", r.out.ctr.ctr1->array[0].status);
252 dns_domain = r.out.ctr.ctr1->array[0].dns_domain_name;
253 nt4_domain = r.out.ctr.ctr1->array[0].result_name;
255 r.in.req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_GUID;
257 printf("testing DsCrackNames with name '%s' desired format:%d\n",
258 names[0].str, r.in.req.req1.format_desired);
260 status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r);
261 if (!NT_STATUS_IS_OK(status)) {
262 const char *errstr = nt_errstr(status);
263 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
264 errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
266 printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr);
268 } else if (!W_ERROR_IS_OK(r.out.result)) {
269 printf("DsCrackNames failed - %s\n", win_errstr(r.out.result));
271 } else if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
272 printf("DsCrackNames failed on name - %d\n", r.out.ctr.ctr1->array[0].status);
280 priv->domain_dns_name = r.out.ctr.ctr1->array[0].dns_domain_name;
281 priv->domain_guid_str = r.out.ctr.ctr1->array[0].result_name;
282 GUID_from_string(priv->domain_guid_str, &priv->domain_guid);
284 r.in.req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
286 printf("testing DsCrackNames with name '%s' desired format:%d\n",
287 names[0].str, r.in.req.req1.format_desired);
289 status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r);
290 if (!NT_STATUS_IS_OK(status)) {
291 const char *errstr = nt_errstr(status);
292 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
293 errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
295 printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr);
297 } else if (!W_ERROR_IS_OK(r.out.result)) {
298 printf("DsCrackNames failed - %s\n", win_errstr(r.out.result));
300 } else if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
301 printf("DsCrackNames failed on name - %d\n", r.out.ctr.ctr1->array[0].status);
309 r.in.req.req1.format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT;
310 r.in.req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
311 names[0].str = nt4_domain;
313 printf("testing DsCrackNames with name '%s' desired format:%d\n",
314 names[0].str, r.in.req.req1.format_desired);
316 status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r);
317 if (!NT_STATUS_IS_OK(status)) {
318 const char *errstr = nt_errstr(status);
319 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
320 errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
322 printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr);
324 } else if (!W_ERROR_IS_OK(r.out.result)) {
325 printf("DsCrackNames failed - %s\n", win_errstr(r.out.result));
327 } else if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
328 printf("DsCrackNames failed on name - %d\n", r.out.ctr.ctr1->array[0].status);
336 priv->domain_obj_dn = r.out.ctr.ctr1->array[0].result_name;
338 r.in.req.req1.format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT;
339 r.in.req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
340 names[0].str = talloc_asprintf(mem_ctx, "%s%s$", nt4_domain, test_dc);
342 printf("testing DsCrackNames with name '%s' desired format:%d\n",
343 names[0].str, r.in.req.req1.format_desired);
345 status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r);
346 if (!NT_STATUS_IS_OK(status)) {
347 const char *errstr = nt_errstr(status);
348 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
349 errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
351 printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr);
353 } else if (!W_ERROR_IS_OK(r.out.result)) {
354 printf("DsCrackNames failed - %s\n", win_errstr(r.out.result));
356 } else if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
357 printf("DsCrackNames failed on name - %d\n", r.out.ctr.ctr1->array[0].status);
365 FQDN_1779_name = r.out.ctr.ctr1->array[0].result_name;
367 r.in.req.req1.format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT;
368 r.in.req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL;
369 names[0].str = talloc_asprintf(mem_ctx, "%s%s$", nt4_domain, test_dc);
371 printf("testing DsCrackNames with name '%s' desired format:%d\n",
372 names[0].str, r.in.req.req1.format_desired);
374 status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r);
375 if (!NT_STATUS_IS_OK(status)) {
376 const char *errstr = nt_errstr(status);
377 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
378 errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
380 printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr);
382 } else if (!W_ERROR_IS_OK(r.out.result)) {
383 printf("DsCrackNames failed - %s\n", win_errstr(r.out.result));
385 } else if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
386 printf("DsCrackNames failed on name - %d\n", r.out.ctr.ctr1->array[0].status);
394 canonical_name = r.out.ctr.ctr1->array[0].result_name;
396 r.in.req.req1.format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT;
397 r.in.req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX;
398 names[0].str = talloc_asprintf(mem_ctx, "%s%s$", nt4_domain, test_dc);
400 printf("testing DsCrackNames with name '%s' desired format:%d\n",
401 names[0].str, r.in.req.req1.format_desired);
403 status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r);
404 if (!NT_STATUS_IS_OK(status)) {
405 const char *errstr = nt_errstr(status);
406 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
407 errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
409 printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr);
411 } else if (!W_ERROR_IS_OK(r.out.result)) {
412 printf("DsCrackNames failed - %s\n", win_errstr(r.out.result));
414 } else if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
415 printf("DsCrackNames failed on name - %d\n", r.out.ctr.ctr1->array[0].status);
423 canonical_ex_name = r.out.ctr.ctr1->array[0].result_name;
425 user_principal_name = talloc_asprintf(mem_ctx, "%s$@%s", test_dc, dns_domain);
426 service_principal_name = talloc_asprintf(mem_ctx, "HOST/%s", test_dc);
430 enum drsuapi_DsNameFormat format_offered;
431 enum drsuapi_DsNameFormat format_desired;
434 const char *expected_str;
435 enum drsuapi_DsNameStatus status;
436 enum drsuapi_DsNameFlags flags;
439 .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
440 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
441 .str = user_principal_name,
442 .expected_str = FQDN_1779_name,
443 .status = DRSUAPI_DS_NAME_STATUS_OK
446 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
447 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
448 .str = service_principal_name,
449 .expected_str = FQDN_1779_name,
450 .status = DRSUAPI_DS_NAME_STATUS_OK
453 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
454 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
455 .str = talloc_asprintf(mem_ctx, "cifs/%s.%s", test_dc, dns_domain),
456 .comment = "ServicePrincipal Name",
457 .expected_str = FQDN_1779_name,
458 .status = DRSUAPI_DS_NAME_STATUS_OK
461 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
462 .format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL,
463 .str = FQDN_1779_name,
464 .expected_str = canonical_name,
465 .status = DRSUAPI_DS_NAME_STATUS_OK
468 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
469 .format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX,
470 .str = FQDN_1779_name,
471 .expected_str = canonical_ex_name,
472 .status = DRSUAPI_DS_NAME_STATUS_OK
475 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
476 .format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL,
477 .str = FQDN_1779_name,
478 .comment = "DN to cannoical syntactial only",
479 .status = DRSUAPI_DS_NAME_STATUS_OK,
480 .expected_str = canonical_name,
481 .flags = DRSUAPI_DS_NAME_FLAG_SYNTACTICAL_ONLY
484 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
485 .format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX,
486 .str = FQDN_1779_name,
487 .comment = "DN to cannoical EX syntactial only",
488 .status = DRSUAPI_DS_NAME_STATUS_OK,
489 .expected_str = canonical_ex_name,
490 .flags = DRSUAPI_DS_NAME_FLAG_SYNTACTICAL_ONLY
493 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
494 .format_desired = DRSUAPI_DS_NAME_FORMAT_DISPLAY,
495 .str = FQDN_1779_name,
496 .status = DRSUAPI_DS_NAME_STATUS_OK
499 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
500 .format_desired = DRSUAPI_DS_NAME_FORMAT_GUID,
501 .str = FQDN_1779_name,
502 .status = DRSUAPI_DS_NAME_STATUS_OK
505 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
506 .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
507 .str = priv->domain_guid_str,
508 .comment = "Domain GUID to NT4 ACCOUNT",
509 .expected_str = nt4_domain,
510 .status = DRSUAPI_DS_NAME_STATUS_OK
513 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
514 .format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL,
515 .str = priv->domain_guid_str,
516 .comment = "Domain GUID to Canonical",
517 .expected_str = talloc_asprintf(mem_ctx, "%s/", dns_domain),
518 .status = DRSUAPI_DS_NAME_STATUS_OK
521 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
522 .format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX,
523 .str = priv->domain_guid_str,
524 .comment = "Domain GUID to Canonical EX",
525 .expected_str = talloc_asprintf(mem_ctx, "%s\n", dns_domain),
526 .status = DRSUAPI_DS_NAME_STATUS_OK
529 .format_offered = DRSUAPI_DS_NAME_FORMAT_DISPLAY,
530 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
531 .str = "CN=Microsoft Corporation,L=Redmond,S=Washington,C=US",
532 .comment = "display name for Microsoft Support Account",
533 .status = DRSUAPI_DS_NAME_STATUS_OK
536 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
537 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
538 .str = GUID_string2(mem_ctx, &priv->dcinfo.site_guid),
539 .comment = "Site GUID",
540 .status = DRSUAPI_DS_NAME_STATUS_OK
543 .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
544 .str = GUID_string2(mem_ctx, &priv->dcinfo.computer_guid),
545 .comment = "Computer GUID",
546 .status = DRSUAPI_DS_NAME_STATUS_OK
549 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
550 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
551 .str = GUID_string2(mem_ctx, &priv->dcinfo.server_guid),
552 .comment = "Server GUID",
553 .status = DRSUAPI_DS_NAME_STATUS_OK
556 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
557 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
558 .str = GUID_string2(mem_ctx, &priv->dcinfo.ntds_guid),
559 .comment = "NTDS GUID",
560 .status = DRSUAPI_DS_NAME_STATUS_OK
563 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
564 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
566 .comment = "BUILTIN domain SID",
567 .status = DRSUAPI_DS_NAME_STATUS_OK
570 .format_offered = DRSUAPI_DS_NAME_FORMAT_DISPLAY,
571 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
573 .comment = "DISPAY NAME search for DC short name",
574 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
577 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
578 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
579 .str = talloc_asprintf(mem_ctx, "krbtgt/%s", dns_domain),
580 .comment = "Looking for KRBTGT as a serivce principal",
581 .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY
584 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
585 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
586 .str = talloc_asprintf(mem_ctx, "krbtgt"),
587 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
590 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
591 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
592 .str = talloc_asprintf(mem_ctx, "cifs/%s.%s@%s",
595 .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY
598 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
599 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
601 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
604 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
605 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
607 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
610 .format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
611 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
612 .str = "NOT AN NT4 NAME",
613 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
616 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
617 .format_desired = DRSUAPI_DS_NAME_FORMAT_GUID,
618 .comment = "Unparsable DN",
620 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
623 .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
624 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
625 .comment = "Unparsable user principal",
626 .str = "NOT A PRINCIPAL",
627 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
630 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
631 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
632 .comment = "Unparsable service principal",
633 .str = "NOT A SERVICE PRINCIPAL",
634 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
637 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
638 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
639 .comment = "BIND GUID (ie, not in the directory)",
640 .str = GUID_string2(mem_ctx, &priv->bind_guid),
641 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
644 .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
645 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
646 .comment = "Unqualified Machine account as user principal",
647 .str = talloc_asprintf(mem_ctx, "%s$", test_dc),
648 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
651 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
652 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
653 .comment = "Machine account as service principal",
654 .str = talloc_asprintf(mem_ctx, "%s$", test_dc),
655 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
658 .format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
659 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
660 .comment = "Realm as an NT4 domain lookup",
661 .str = talloc_asprintf(mem_ctx, "%s\\", lp_realm()),
662 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
665 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
666 .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
667 .comment = "BUITIN SID -> NT4 account",
669 .status = DRSUAPI_DS_NAME_STATUS_NO_MAPPING
672 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
673 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
674 .str = SID_BUILTIN_ADMINISTRATORS,
675 .status = DRSUAPI_DS_NAME_STATUS_OK
678 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
679 .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
680 .str = SID_BUILTIN_ADMINISTRATORS,
681 .status = DRSUAPI_DS_NAME_STATUS_OK
684 .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
685 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
687 .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY
692 for (i=0; i < ARRAY_SIZE(crack); i++) {
693 r.in.req.req1.format_flags = crack[i].flags;
694 r.in.req.req1.format_offered = crack[i].format_offered;
695 r.in.req.req1.format_desired = crack[i].format_desired;
696 names[0].str = crack[i].str;
698 if (crack[i].comment) {
699 printf("testing DsCrackNames '%s' with name '%s' desired format:%d\n",
700 crack[i].comment, names[0].str, r.in.req.req1.format_desired);
702 printf("testing DsCrackNames with name '%s' desired format:%d\n",
703 names[0].str, r.in.req.req1.format_desired);
705 status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r);
706 if (!NT_STATUS_IS_OK(status)) {
707 const char *errstr = nt_errstr(status);
708 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
709 errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
711 printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr);
713 } else if (!W_ERROR_IS_OK(r.out.result)) {
714 printf("DsCrackNames failed - %s\n", win_errstr(r.out.result));
716 } else if (r.out.ctr.ctr1->array[0].status != crack[i].status) {
717 printf("DsCrackNames unexpected error %d, wanted %d on name: %s\n",
718 r.out.ctr.ctr1->array[0].status,
723 if (crack[i].expected_str
724 && (strcmp(r.out.ctr.ctr1->array[0].result_name,
725 crack[i].expected_str) != 0)) {
726 printf("DsCrackNames failed - got %s, expected %s\n",
727 r.out.ctr.ctr1->array[0].result_name,
728 crack[i].expected_str);
734 if (!test_DsCrackNamesMatrix(p, mem_ctx, priv, FQDN_1779_name,
735 user_principal_name, service_principal_name)) {
742 BOOL torture_rpc_drsuapi_cracknames(void)
745 struct dcerpc_pipe *p;
748 struct DsPrivate priv;
750 mem_ctx = talloc_init("torture_rpc_drsuapi");
752 status = torture_rpc_connection(mem_ctx,
756 DCERPC_DRSUAPI_VERSION);
757 if (!NT_STATUS_IS_OK(status)) {
758 talloc_free(mem_ctx);
762 printf("Connected to DRAUAPI pipe\n");
766 ret &= test_DsBind(p, mem_ctx, &priv);
768 ret &= test_DsCrackNames(p, mem_ctx, &priv, lp_parm_string(-1, "torture", "host"));
770 ret &= test_DsUnbind(p, mem_ctx, &priv);
772 talloc_free(mem_ctx);