2 Unix SMB/CIFS implementation.
6 Copyright (C) Andrew Tridgell 2003
7 Copyright (C) Stefan (metze) Metzmacher 2004
8 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
25 #include "torture/torture.h"
26 #include "librpc/gen_ndr/ndr_drsuapi_c.h"
27 #include "torture/rpc/rpc.h"
28 #include "ldb/include/ldb.h"
29 #include "libcli/security/security.h"
30 #include "param/param.h"
32 static bool test_DsCrackNamesMatrix(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
33 struct DsPrivate *priv, const char *dn,
34 const char *user_principal_name, const char *service_principal_name)
40 struct drsuapi_DsCrackNames r;
41 enum drsuapi_DsNameFormat formats[] = {
42 DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
43 DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
44 DRSUAPI_DS_NAME_FORMAT_DISPLAY,
45 DRSUAPI_DS_NAME_FORMAT_GUID,
46 DRSUAPI_DS_NAME_FORMAT_CANONICAL,
47 DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
48 DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX,
49 DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
50 DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
51 DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN
53 struct drsuapi_DsNameString names[ARRAY_SIZE(formats)];
56 const char *n_matrix[ARRAY_SIZE(formats)][ARRAY_SIZE(formats)];
57 const char *n_from[ARRAY_SIZE(formats)];
60 r.in.bind_handle = &priv->bind_handle;
62 r.in.req.req1.codepage = 1252; /* german */
63 r.in.req.req1.language = 0x00000407; /* german */
64 r.in.req.req1.count = 1;
65 r.in.req.req1.names = names;
66 r.in.req.req1.format_flags = DRSUAPI_DS_NAME_FLAG_NO_FLAGS;
70 for (i = 0; i < ARRAY_SIZE(formats); i++) {
71 r.in.req.req1.format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
72 r.in.req.req1.format_desired = formats[i];
74 status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r);
75 if (!NT_STATUS_IS_OK(status)) {
76 const char *errstr = nt_errstr(status);
77 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
78 errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
80 printf("testing DsCrackNames (matrix prep) with name '%s' from format: %d desired format:%d ",
81 names[0].str, r.in.req.req1.format_offered, r.in.req.req1.format_desired);
83 printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr);
85 } else if (!W_ERROR_IS_OK(r.out.result)) {
86 printf("testing DsCrackNames (matrix prep) with name '%s' from format: %d desired format:%d ",
87 names[0].str, r.in.req.req1.format_offered, r.in.req.req1.format_desired);
89 printf("DsCrackNames failed - %s\n", win_errstr(r.out.result));
97 case DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL:
98 if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE) {
99 printf(__location__ ": Unexpected error (%d): This name lookup should fail\n",
100 r.out.ctr.ctr1->array[0].status);
103 printf ("(expected) error\n");
105 case DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL:
106 if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_NO_MAPPING) {
107 printf(__location__ ": Unexpected error (%d): This name lookup should fail\n",
108 r.out.ctr.ctr1->array[0].status);
111 printf ("(expected) error\n");
113 case DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN:
114 case DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY:
115 if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR) {
116 printf(__location__ ": Unexpected error (%d): This name lookup should fail\n",
117 r.out.ctr.ctr1->array[0].status);
120 printf ("(expected) error\n");
123 if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
124 printf("Error: %d\n", r.out.ctr.ctr1->array[0].status);
129 switch (formats[i]) {
130 case DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL:
131 n_from[i] = user_principal_name;
133 case DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL:
134 n_from[i] = service_principal_name;
136 case DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY:
137 case DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN:
141 n_from[i] = r.out.ctr.ctr1->array[0].result_name;
142 printf("%s\n", n_from[i]);
146 for (i = 0; i < ARRAY_SIZE(formats); i++) {
147 for (j = 0; j < ARRAY_SIZE(formats); j++) {
148 r.in.req.req1.format_offered = formats[i];
149 r.in.req.req1.format_desired = formats[j];
151 n_matrix[i][j] = NULL;
154 names[0].str = n_from[i];
155 status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r);
156 if (!NT_STATUS_IS_OK(status)) {
157 const char *errstr = nt_errstr(status);
158 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
159 errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
161 printf("testing DsCrackNames (matrix) with name '%s' from format: %d desired format:%d failed - %s",
162 names[0].str, r.in.req.req1.format_offered, r.in.req.req1.format_desired, errstr);
164 } else if (!W_ERROR_IS_OK(r.out.result)) {
165 printf("testing DsCrackNames (matrix) with name '%s' from format: %d desired format:%d failed - %s",
166 names[0].str, r.in.req.req1.format_offered, r.in.req.req1.format_desired,
167 win_errstr(r.out.result));
174 if (r.out.ctr.ctr1->array[0].status == DRSUAPI_DS_NAME_STATUS_OK) {
175 n_matrix[i][j] = r.out.ctr.ctr1->array[0].result_name;
177 n_matrix[i][j] = NULL;
182 for (i = 0; i < ARRAY_SIZE(formats); i++) {
183 for (j = 0; j < ARRAY_SIZE(formats); j++) {
184 if (n_matrix[i][j] == n_from[j]) {
186 /* We don't have a from name for these yet (and we can't map to them to find it out) */
187 } else if (n_matrix[i][j] == NULL && n_from[i] == NULL) {
189 /* we can't map to these two */
190 } else if (n_matrix[i][j] == NULL && formats[j] == DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL) {
191 } else if (n_matrix[i][j] == NULL && formats[j] == DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL) {
192 } else if (n_matrix[i][j] == NULL && n_from[j] != NULL) {
193 printf("dcerpc_drsuapi_DsCrackNames mismatch - from %d to %d: %s should be %s\n", formats[i], formats[j], n_matrix[i][j], n_from[j]);
195 } else if (n_matrix[i][j] != NULL && n_from[j] == NULL) {
196 printf("dcerpc_drsuapi_DsCrackNames mismatch - from %d to %d: %s should be %s\n", formats[i], formats[j], n_matrix[i][j], n_from[j]);
198 } else if (strcmp(n_matrix[i][j], n_from[j]) != 0) {
199 printf("dcerpc_drsuapi_DsCrackNames mismatch - from %d to %d: %s should be %s\n", formats[i], formats[j], n_matrix[i][j], n_from[j]);
207 bool test_DsCrackNames(struct torture_context *tctx,
208 struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
209 struct DsPrivate *priv)
212 struct drsuapi_DsCrackNames r;
213 struct drsuapi_DsNameString names[1];
215 const char *dns_domain;
216 const char *nt4_domain;
217 const char *FQDN_1779_name;
218 struct ldb_context *ldb;
219 struct ldb_dn *FQDN_1779_dn;
220 struct ldb_dn *realm_dn;
221 const char *realm_dn_str;
222 const char *realm_canonical;
223 const char *realm_canonical_ex;
224 const char *user_principal_name;
225 char *user_principal_name_short;
226 const char *service_principal_name;
227 const char *canonical_name;
228 const char *canonical_ex_name;
230 const char *test_dc = torture_join_netbios_name(priv->join);
233 r.in.bind_handle = &priv->bind_handle;
235 r.in.req.req1.codepage = 1252; /* german */
236 r.in.req.req1.language = 0x00000407; /* german */
237 r.in.req.req1.count = 1;
238 r.in.req.req1.names = names;
239 r.in.req.req1.format_flags = DRSUAPI_DS_NAME_FLAG_NO_FLAGS;
241 r.in.req.req1.format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY;
242 r.in.req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT;
244 dom_sid = dom_sid_string(mem_ctx, torture_join_sid(priv->join));
246 names[0].str = dom_sid;
248 printf("testing DsCrackNames with name '%s' desired format:%d\n",
249 names[0].str, r.in.req.req1.format_desired);
251 status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r);
252 if (!NT_STATUS_IS_OK(status)) {
253 const char *errstr = nt_errstr(status);
254 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
255 errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
257 printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr);
259 } else if (!W_ERROR_IS_OK(r.out.result)) {
260 printf("DsCrackNames failed - %s\n", win_errstr(r.out.result));
262 } else if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
263 printf("DsCrackNames failed on name - %d\n", r.out.ctr.ctr1->array[0].status);
271 dns_domain = r.out.ctr.ctr1->array[0].dns_domain_name;
272 nt4_domain = r.out.ctr.ctr1->array[0].result_name;
274 r.in.req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_GUID;
276 printf("testing DsCrackNames with name '%s' desired format:%d\n",
277 names[0].str, r.in.req.req1.format_desired);
279 status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r);
280 if (!NT_STATUS_IS_OK(status)) {
281 const char *errstr = nt_errstr(status);
282 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
283 errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
285 printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr);
287 } else if (!W_ERROR_IS_OK(r.out.result)) {
288 printf("DsCrackNames failed - %s\n", win_errstr(r.out.result));
290 } else if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
291 printf("DsCrackNames failed on name - %d\n", r.out.ctr.ctr1->array[0].status);
299 priv->domain_dns_name = r.out.ctr.ctr1->array[0].dns_domain_name;
300 priv->domain_guid_str = r.out.ctr.ctr1->array[0].result_name;
301 GUID_from_string(priv->domain_guid_str, &priv->domain_guid);
303 r.in.req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
305 printf("testing DsCrackNames with name '%s' desired format:%d\n",
306 names[0].str, r.in.req.req1.format_desired);
308 status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r);
309 if (!NT_STATUS_IS_OK(status)) {
310 const char *errstr = nt_errstr(status);
311 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
312 errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
314 printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr);
316 } else if (!W_ERROR_IS_OK(r.out.result)) {
317 printf("DsCrackNames failed - %s\n", win_errstr(r.out.result));
319 } else if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
320 printf("DsCrackNames failed on name - %d\n", r.out.ctr.ctr1->array[0].status);
328 ldb = ldb_init(mem_ctx, tctx->ev);
330 realm_dn_str = r.out.ctr.ctr1->array[0].result_name;
331 realm_dn = ldb_dn_new(mem_ctx, ldb, realm_dn_str);
332 realm_canonical = ldb_dn_canonical_string(mem_ctx, realm_dn);
334 if (strcmp(realm_canonical,
335 talloc_asprintf(mem_ctx, "%s/", dns_domain))!= 0) {
336 printf("local Round trip on canonical name failed: %s != %s!\n",
338 talloc_asprintf(mem_ctx, "%s/", dns_domain));
342 realm_canonical_ex = ldb_dn_canonical_ex_string(mem_ctx, realm_dn);
344 if (strcmp(realm_canonical_ex,
345 talloc_asprintf(mem_ctx, "%s\n", dns_domain))!= 0) {
346 printf("local Round trip on canonical ex name failed: %s != %s!\n",
348 talloc_asprintf(mem_ctx, "%s\n", dns_domain));
352 r.in.req.req1.format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT;
353 r.in.req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
354 names[0].str = nt4_domain;
356 printf("testing DsCrackNames with name '%s' desired format:%d\n",
357 names[0].str, r.in.req.req1.format_desired);
359 status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r);
360 if (!NT_STATUS_IS_OK(status)) {
361 const char *errstr = nt_errstr(status);
362 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
363 errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
365 printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr);
367 } else if (!W_ERROR_IS_OK(r.out.result)) {
368 printf("DsCrackNames failed - %s\n", win_errstr(r.out.result));
370 } else if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
371 printf("DsCrackNames failed on name - %d\n", r.out.ctr.ctr1->array[0].status);
379 priv->domain_obj_dn = r.out.ctr.ctr1->array[0].result_name;
381 r.in.req.req1.format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT;
382 r.in.req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
383 names[0].str = talloc_asprintf(mem_ctx, "%s%s$", nt4_domain, test_dc);
385 printf("testing DsCrackNames with name '%s' desired format:%d\n",
386 names[0].str, r.in.req.req1.format_desired);
388 status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r);
389 if (!NT_STATUS_IS_OK(status)) {
390 const char *errstr = nt_errstr(status);
391 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
392 errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
394 printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr);
396 } else if (!W_ERROR_IS_OK(r.out.result)) {
397 printf("DsCrackNames failed - %s\n", win_errstr(r.out.result));
399 } else if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
400 printf("DsCrackNames failed on name - %d\n", r.out.ctr.ctr1->array[0].status);
408 FQDN_1779_name = r.out.ctr.ctr1->array[0].result_name;
410 r.in.req.req1.format_offered = DRSUAPI_DS_NAME_FORMAT_GUID;
411 r.in.req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
412 names[0].str = priv->domain_guid_str;
414 printf("testing DsCrackNames with name '%s' desired format:%d\n",
415 names[0].str, r.in.req.req1.format_desired);
417 status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r);
418 if (!NT_STATUS_IS_OK(status)) {
419 const char *errstr = nt_errstr(status);
420 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
421 errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
423 printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr);
425 } else if (!W_ERROR_IS_OK(r.out.result)) {
426 printf("DsCrackNames failed - %s\n", win_errstr(r.out.result));
428 } else if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
429 printf("DsCrackNames failed on name - %d\n", r.out.ctr.ctr1->array[0].status);
437 if (strcmp(priv->domain_dns_name, r.out.ctr.ctr1->array[0].dns_domain_name) != 0) {
438 printf("DsCrackNames failed to return same DNS name - expected %s got %s\n", priv->domain_dns_name, r.out.ctr.ctr1->array[0].dns_domain_name);
442 FQDN_1779_dn = ldb_dn_new(mem_ctx, ldb, FQDN_1779_name);
444 canonical_name = ldb_dn_canonical_string(mem_ctx, FQDN_1779_dn);
445 canonical_ex_name = ldb_dn_canonical_ex_string(mem_ctx, FQDN_1779_dn);
447 user_principal_name = talloc_asprintf(mem_ctx, "%s$@%s", test_dc, dns_domain);
449 /* form up a user@DOMAIN */
450 user_principal_name_short = talloc_asprintf(mem_ctx, "%s$@%s", test_dc, nt4_domain);
451 /* variable nt4_domain includs a trailing \ */
452 user_principal_name_short[strlen(user_principal_name_short) - 1] = '\0';
454 service_principal_name = talloc_asprintf(mem_ctx, "HOST/%s", test_dc);
458 enum drsuapi_DsNameFormat format_offered;
459 enum drsuapi_DsNameFormat format_desired;
462 const char *expected_str;
463 const char *expected_dns;
464 enum drsuapi_DsNameStatus status;
465 enum drsuapi_DsNameStatus alternate_status;
466 enum drsuapi_DsNameFlags flags;
470 .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
471 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
472 .str = user_principal_name,
473 .expected_str = FQDN_1779_name,
474 .status = DRSUAPI_DS_NAME_STATUS_OK
477 .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
478 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
479 .str = user_principal_name_short,
480 .expected_str = FQDN_1779_name,
481 .status = DRSUAPI_DS_NAME_STATUS_OK
484 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
485 .format_desired = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
486 .str = FQDN_1779_name,
487 .status = DRSUAPI_DS_NAME_STATUS_NO_MAPPING
490 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
491 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
492 .str = service_principal_name,
493 .expected_str = FQDN_1779_name,
494 .status = DRSUAPI_DS_NAME_STATUS_OK
497 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
498 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
499 .str = talloc_asprintf(mem_ctx, "cifs/%s.%s", test_dc, dns_domain),
500 .comment = "ServicePrincipal Name",
501 .expected_str = FQDN_1779_name,
502 .status = DRSUAPI_DS_NAME_STATUS_OK
505 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
506 .format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL,
507 .str = FQDN_1779_name,
508 .expected_str = canonical_name,
509 .status = DRSUAPI_DS_NAME_STATUS_OK
512 .format_offered = DRSUAPI_DS_NAME_FORMAT_CANONICAL,
513 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
514 .str = canonical_name,
515 .expected_str = FQDN_1779_name,
516 .status = DRSUAPI_DS_NAME_STATUS_OK
519 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
520 .format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX,
521 .str = FQDN_1779_name,
522 .expected_str = canonical_ex_name,
523 .status = DRSUAPI_DS_NAME_STATUS_OK
526 .format_offered = DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX,
527 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
528 .str = canonical_ex_name,
529 .expected_str = FQDN_1779_name,
530 .status = DRSUAPI_DS_NAME_STATUS_OK
533 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
534 .format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL,
535 .str = FQDN_1779_name,
536 .comment = "DN to cannoical syntactial only",
537 .status = DRSUAPI_DS_NAME_STATUS_OK,
538 .expected_str = canonical_name,
539 .flags = DRSUAPI_DS_NAME_FLAG_SYNTACTICAL_ONLY
542 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
543 .format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX,
544 .str = FQDN_1779_name,
545 .comment = "DN to cannoical EX syntactial only",
546 .status = DRSUAPI_DS_NAME_STATUS_OK,
547 .expected_str = canonical_ex_name,
548 .flags = DRSUAPI_DS_NAME_FLAG_SYNTACTICAL_ONLY
551 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
552 .format_desired = DRSUAPI_DS_NAME_FORMAT_DISPLAY,
553 .str = FQDN_1779_name,
554 .status = DRSUAPI_DS_NAME_STATUS_OK
557 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
558 .format_desired = DRSUAPI_DS_NAME_FORMAT_GUID,
559 .str = FQDN_1779_name,
560 .status = DRSUAPI_DS_NAME_STATUS_OK
563 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
564 .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
565 .str = priv->domain_guid_str,
566 .comment = "Domain GUID to NT4 ACCOUNT",
567 .expected_str = nt4_domain,
568 .status = DRSUAPI_DS_NAME_STATUS_OK
571 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
572 .format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL,
573 .str = priv->domain_guid_str,
574 .comment = "Domain GUID to Canonical",
575 .expected_str = talloc_asprintf(mem_ctx, "%s/", dns_domain),
576 .status = DRSUAPI_DS_NAME_STATUS_OK
579 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
580 .format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX,
581 .str = priv->domain_guid_str,
582 .comment = "Domain GUID to Canonical EX",
583 .expected_str = talloc_asprintf(mem_ctx, "%s\n", dns_domain),
584 .status = DRSUAPI_DS_NAME_STATUS_OK
587 .format_offered = DRSUAPI_DS_NAME_FORMAT_DISPLAY,
588 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
589 .str = "CN=Microsoft Corporation,L=Redmond,S=Washington,C=US",
590 .comment = "display name for Microsoft Support Account",
591 .status = DRSUAPI_DS_NAME_STATUS_OK,
592 .alternate_status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE,
593 .skip = torture_setting_bool(tctx, "samba4", false)
596 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
597 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
598 .str = GUID_string2(mem_ctx, torture_join_user_guid(priv->join)),
599 .comment = "Account GUID -> DN",
600 .expected_str = FQDN_1779_name,
601 .status = DRSUAPI_DS_NAME_STATUS_OK
604 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
605 .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
606 .str = GUID_string2(mem_ctx, torture_join_user_guid(priv->join)),
607 .comment = "Account GUID -> NT4 Account",
608 .expected_str = talloc_asprintf(mem_ctx, "%s%s$", nt4_domain, test_dc),
609 .status = DRSUAPI_DS_NAME_STATUS_OK
612 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
613 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
614 .str = GUID_string2(mem_ctx, &priv->dcinfo.site_guid),
615 .comment = "Site GUID",
616 .expected_str = priv->dcinfo.site_dn,
617 .status = DRSUAPI_DS_NAME_STATUS_OK
620 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
621 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
622 .str = GUID_string2(mem_ctx, &priv->dcinfo.computer_guid),
623 .comment = "Computer GUID",
624 .expected_str = priv->dcinfo.computer_dn,
625 .status = DRSUAPI_DS_NAME_STATUS_OK
628 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
629 .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
630 .str = GUID_string2(mem_ctx, &priv->dcinfo.computer_guid),
631 .comment = "Computer GUID -> NT4 Account",
632 .status = DRSUAPI_DS_NAME_STATUS_OK
635 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
636 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
637 .str = GUID_string2(mem_ctx, &priv->dcinfo.server_guid),
638 .comment = "Server GUID",
639 .expected_str = priv->dcinfo.server_dn,
640 .status = DRSUAPI_DS_NAME_STATUS_OK
643 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
644 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
645 .str = GUID_string2(mem_ctx, &priv->dcinfo.ntds_guid),
646 .comment = "NTDS GUID",
647 .expected_str = priv->dcinfo.ntds_dn,
648 .status = DRSUAPI_DS_NAME_STATUS_OK,
649 .skip = GUID_all_zero(&priv->dcinfo.ntds_guid)
652 .format_offered = DRSUAPI_DS_NAME_FORMAT_DISPLAY,
653 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
655 .comment = "DISLPAY NAME search for DC short name",
656 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
659 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
660 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
661 .str = talloc_asprintf(mem_ctx, "krbtgt/%s", dns_domain),
662 .comment = "Looking for KRBTGT as a serivce principal",
663 .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY,
664 .expected_dns = dns_domain
667 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
668 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
669 .str = talloc_asprintf(mem_ctx, "bogus/%s", dns_domain),
670 .comment = "Looking for bogus serivce principal",
671 .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY,
672 .expected_dns = dns_domain
675 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
676 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
677 .str = talloc_asprintf(mem_ctx, "bogus/%s.%s", test_dc, dns_domain),
678 .comment = "Looking for bogus serivce on test DC",
679 .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY,
680 .expected_dns = talloc_asprintf(mem_ctx, "%s.%s", test_dc, dns_domain)
683 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
684 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
685 .str = talloc_asprintf(mem_ctx, "krbtgt"),
686 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
689 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
690 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
691 .comment = "Looking for the kadmin/changepw service as a serivce principal",
692 .str = talloc_asprintf(mem_ctx, "kadmin/changepw"),
693 .status = DRSUAPI_DS_NAME_STATUS_OK,
694 .expected_str = talloc_asprintf(mem_ctx, "CN=krbtgt,CN=Users,%s", realm_dn_str),
695 .alternate_status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
698 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
699 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
700 .str = talloc_asprintf(mem_ctx, "cifs/%s.%s@%s",
703 .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY
706 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
707 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
708 .str = talloc_asprintf(mem_ctx, "cifs/%s.%s@%s",
711 .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY,
712 .expected_dns = "BOGUS"
715 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
716 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
717 .str = talloc_asprintf(mem_ctx, "cifs/%s.%s@%s",
720 .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY,
721 .expected_dns = "BOGUS"
724 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
725 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
726 .str = talloc_asprintf(mem_ctx, "cifs/%s.%s",
727 test_dc, dns_domain),
728 .status = DRSUAPI_DS_NAME_STATUS_OK
731 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
732 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
733 .str = talloc_asprintf(mem_ctx, "cifs/%s",
735 .status = DRSUAPI_DS_NAME_STATUS_OK
738 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
739 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
741 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
744 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
745 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
747 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
750 .format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
751 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
752 .str = "NOT AN NT4 NAME",
753 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
756 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
757 .format_desired = DRSUAPI_DS_NAME_FORMAT_GUID,
758 .comment = "Unparsable DN",
760 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
763 .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
764 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
765 .comment = "Unparsable user principal",
766 .str = "NOT A PRINCIPAL",
767 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
770 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
771 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
772 .comment = "Unparsable service principal",
773 .str = "NOT A SERVICE PRINCIPAL",
774 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
777 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
778 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
779 .comment = "BIND GUID (ie, not in the directory)",
780 .str = GUID_string2(mem_ctx, &priv->bind_guid),
781 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
784 .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
785 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
786 .comment = "Unqualified Machine account as user principal",
787 .str = talloc_asprintf(mem_ctx, "%s$", test_dc),
788 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
791 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
792 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
793 .comment = "Machine account as service principal",
794 .str = talloc_asprintf(mem_ctx, "%s$", test_dc),
795 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
798 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
799 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
800 .comment = "Full Machine account as service principal",
801 .str = user_principal_name,
802 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
805 .format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
806 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
807 .comment = "Realm as an NT4 domain lookup",
808 .str = talloc_asprintf(mem_ctx, "%s\\", dns_domain),
809 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
812 .format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
813 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
814 .comment = "BUILTIN\\ -> DN",
816 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
819 .format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
820 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
821 .comment = "NT AUTHORITY\\ -> DN",
822 .str = "NT AUTHORITY\\",
823 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
826 .format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
827 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
828 .comment = "NT AUTHORITY\\ANONYMOUS LOGON -> DN",
829 .str = "NT AUTHORITY\\ANONYMOUS LOGON",
830 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
833 .format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
834 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
835 .comment = "NT AUTHORITY\\SYSTEM -> DN",
836 .str = "NT AUTHORITY\\SYSTEM",
837 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
840 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
841 .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
842 .comment = "BUITIN SID -> NT4 account",
844 .status = DRSUAPI_DS_NAME_STATUS_NO_MAPPING,
845 .alternate_status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
848 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
849 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
851 .comment = "Builtin Domain SID -> DN",
852 .status = DRSUAPI_DS_NAME_STATUS_OK,
853 .expected_str = talloc_asprintf(mem_ctx, "CN=Builtin,%s", realm_dn_str),
854 .alternate_status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
857 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
858 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
859 .str = SID_BUILTIN_ADMINISTRATORS,
860 .comment = "Builtin Administrors SID -> DN",
861 .status = DRSUAPI_DS_NAME_STATUS_OK,
862 .alternate_status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
865 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
866 .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
867 .str = SID_BUILTIN_ADMINISTRATORS,
868 .comment = "Builtin Administrors SID -> NT4 Account",
869 .status = DRSUAPI_DS_NAME_STATUS_OK,
870 .alternate_status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
873 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
874 .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
875 .str = SID_NT_ANONYMOUS,
876 .comment = "NT Anonymous SID -> NT4 Account",
877 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
880 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
881 .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
882 .str = SID_NT_SYSTEM,
883 .comment = "NT SYSTEM SID -> NT4 Account",
884 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
887 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
888 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
889 .comment = "Domain SID -> DN",
891 .expected_str = realm_dn_str,
892 .status = DRSUAPI_DS_NAME_STATUS_OK
895 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
896 .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
897 .comment = "Domain SID -> NT4 account",
899 .expected_str = nt4_domain,
900 .status = DRSUAPI_DS_NAME_STATUS_OK
903 .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
904 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
905 .comment = "invalid user principal name",
907 .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY,
908 .expected_dns = "bar"
911 .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
912 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
913 .comment = "invalid user principal name in valid domain",
914 .str = talloc_asprintf(mem_ctx, "invalidusername@%s", dns_domain),
915 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
920 for (i=0; i < ARRAY_SIZE(crack); i++) {
922 r.in.req.req1.format_flags = crack[i].flags;
923 r.in.req.req1.format_offered = crack[i].format_offered;
924 r.in.req.req1.format_desired = crack[i].format_desired;
925 names[0].str = crack[i].str;
927 if (crack[i].comment) {
928 comment = talloc_asprintf(mem_ctx, "'%s' with name '%s' desired format:%d\n",
929 crack[i].comment, names[0].str, r.in.req.req1.format_desired);
931 comment = talloc_asprintf(mem_ctx, "'%s' desired format:%d\n",
932 names[0].str, r.in.req.req1.format_desired);
935 printf("skipping: %s", comment);
938 status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r);
939 if (!NT_STATUS_IS_OK(status)) {
940 const char *errstr = nt_errstr(status);
941 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
942 errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
944 printf("dcerpc_drsuapi_DsCrackNames failed on %s - %s\n", comment, errstr);
946 } else if (!W_ERROR_IS_OK(r.out.result)) {
947 printf("DsCrackNames failed - %s\n", win_errstr(r.out.result));
949 } else if (r.out.ctr.ctr1->array[0].status != crack[i].status) {
950 if (crack[i].alternate_status) {
951 if (r.out.ctr.ctr1->array[0].status != crack[i].alternate_status) {
952 printf("DsCrackNames unexpected status %d, wanted %d or %d on: %s\n",
953 r.out.ctr.ctr1->array[0].status,
955 crack[i].alternate_status,
960 printf("DsCrackNames unexpected status %d, wanted %d on: %s\n",
961 r.out.ctr.ctr1->array[0].status,
966 } else if (crack[i].expected_str
967 && (strcmp(r.out.ctr.ctr1->array[0].result_name,
968 crack[i].expected_str) != 0)) {
969 if (strcasecmp(r.out.ctr.ctr1->array[0].result_name,
970 crack[i].expected_str) != 0) {
971 printf("DsCrackNames failed - got %s, expected %s on %s\n",
972 r.out.ctr.ctr1->array[0].result_name,
973 crack[i].expected_str, comment);
976 printf("(warning) DsCrackNames returned different case - got %s, expected %s on %s\n",
977 r.out.ctr.ctr1->array[0].result_name,
978 crack[i].expected_str, comment);
980 } else if (crack[i].expected_dns
981 && (strcmp(r.out.ctr.ctr1->array[0].dns_domain_name,
982 crack[i].expected_dns) != 0)) {
983 printf("DsCrackNames failed - got DNS name %s, expected %s on %s\n",
984 r.out.ctr.ctr1->array[0].result_name,
985 crack[i].expected_str, comment);
991 if (!test_DsCrackNamesMatrix(p, mem_ctx, priv, FQDN_1779_name,
992 user_principal_name, service_principal_name)) {