2 Unix SMB/CIFS implementation.
6 Copyright (C) Andrew Tridgell 2003
7 Copyright (C) Stefan (metze) Metzmacher 2004
8 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
25 #include "torture/torture.h"
26 #include "librpc/gen_ndr/ndr_drsuapi_c.h"
27 #include "torture/rpc/rpc.h"
28 #include "ldb/include/ldb.h"
29 #include "libcli/security/security.h"
31 static bool test_DsCrackNamesMatrix(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
32 struct DsPrivate *priv, const char *dn,
33 const char *user_principal_name, const char *service_principal_name)
39 struct drsuapi_DsCrackNames r;
40 union drsuapi_DsNameRequest req;
42 union drsuapi_DsNameCtr ctr;
44 enum drsuapi_DsNameFormat formats[] = {
45 DRSUAPI_DS_NAME_FORMAT_UNKNOWN,
46 DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
47 DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
48 DRSUAPI_DS_NAME_FORMAT_DISPLAY,
49 DRSUAPI_DS_NAME_FORMAT_GUID,
50 DRSUAPI_DS_NAME_FORMAT_CANONICAL,
51 DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
52 DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX,
53 DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
54 DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
55 DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN
57 struct drsuapi_DsNameString names[ARRAY_SIZE(formats)];
60 const char *n_matrix[ARRAY_SIZE(formats)][ARRAY_SIZE(formats)];
61 const char *n_from[ARRAY_SIZE(formats)];
64 r.in.bind_handle = &priv->bind_handle;
67 r.in.req->req1.codepage = 1252; /* german */
68 r.in.req->req1.language = 0x00000407; /* german */
69 r.in.req->req1.count = 1;
70 r.in.req->req1.names = names;
71 r.in.req->req1.format_flags = DRSUAPI_DS_NAME_FLAG_NO_FLAGS;
73 r.out.level_out = &level_out;
78 for (i = 0; i < ARRAY_SIZE(formats); i++) {
79 r.in.req->req1.format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
80 r.in.req->req1.format_desired = formats[i];
82 status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r);
83 if (!NT_STATUS_IS_OK(status)) {
84 const char *errstr = nt_errstr(status);
85 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
86 errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
88 printf("testing DsCrackNames (matrix prep) with name '%s' from format: %d desired format:%d ",
89 names[0].str, r.in.req->req1.format_offered, r.in.req->req1.format_desired);
91 printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr);
93 } else if (!W_ERROR_IS_OK(r.out.result)) {
94 printf("testing DsCrackNames (matrix prep) with name '%s' from format: %d desired format:%d ",
95 names[0].str, r.in.req->req1.format_offered, r.in.req->req1.format_desired);
97 printf("DsCrackNames failed - %s\n", win_errstr(r.out.result));
104 switch (formats[i]) {
105 case DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL:
106 if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE) {
107 printf(__location__ ": Unexpected error (%d): This name lookup should fail\n",
108 r.out.ctr->ctr1->array[0].status);
111 printf ("(expected) error\n");
113 case DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL:
114 if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_NO_MAPPING) {
115 printf(__location__ ": Unexpected error (%d): This name lookup should fail\n",
116 r.out.ctr->ctr1->array[0].status);
119 printf ("(expected) error\n");
121 case DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN:
122 case DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY:
123 if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR) {
124 printf(__location__ ": Unexpected error (%d): This name lookup should fail\n",
125 r.out.ctr->ctr1->array[0].status);
128 printf ("(expected) error\n");
131 if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
132 printf("Error: %d\n", r.out.ctr->ctr1->array[0].status);
137 switch (formats[i]) {
138 case DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL:
139 n_from[i] = user_principal_name;
141 case DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL:
142 n_from[i] = service_principal_name;
144 case DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY:
145 case DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN:
149 n_from[i] = r.out.ctr->ctr1->array[0].result_name;
150 printf("%s\n", n_from[i]);
154 for (i = 0; i < ARRAY_SIZE(formats); i++) {
155 for (j = 0; j < ARRAY_SIZE(formats); j++) {
156 r.in.req->req1.format_offered = formats[i];
157 r.in.req->req1.format_desired = formats[j];
159 n_matrix[i][j] = NULL;
162 names[0].str = n_from[i];
163 status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r);
164 if (!NT_STATUS_IS_OK(status)) {
165 const char *errstr = nt_errstr(status);
166 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
167 errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
169 printf("testing DsCrackNames (matrix) with name '%s' from format: %d desired format:%d failed - %s",
170 names[0].str, r.in.req->req1.format_offered, r.in.req->req1.format_desired, errstr);
172 } else if (!W_ERROR_IS_OK(r.out.result)) {
173 printf("testing DsCrackNames (matrix) with name '%s' from format: %d desired format:%d failed - %s",
174 names[0].str, r.in.req->req1.format_offered, r.in.req->req1.format_desired,
175 win_errstr(r.out.result));
182 if (r.out.ctr->ctr1->array[0].status == DRSUAPI_DS_NAME_STATUS_OK) {
183 n_matrix[i][j] = r.out.ctr->ctr1->array[0].result_name;
185 n_matrix[i][j] = NULL;
190 for (i = 0; i < ARRAY_SIZE(formats); i++) {
191 for (j = 0; j < ARRAY_SIZE(formats); j++) {
192 if (n_matrix[i][j] == n_from[j]) {
194 /* We don't have a from name for these yet (and we can't map to them to find it out) */
195 } else if (n_matrix[i][j] == NULL && n_from[i] == NULL) {
197 /* we can't map to these two */
198 } else if (n_matrix[i][j] == NULL && formats[j] == DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL) {
199 } else if (n_matrix[i][j] == NULL && formats[j] == DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL) {
200 } else if (n_matrix[i][j] == NULL && n_from[j] != NULL) {
201 printf("dcerpc_drsuapi_DsCrackNames mismatch - from %d to %d: %s should be %s\n", formats[i], formats[j], n_matrix[i][j], n_from[j]);
203 } else if (n_matrix[i][j] != NULL && n_from[j] == NULL) {
204 printf("dcerpc_drsuapi_DsCrackNames mismatch - from %d to %d: %s should be %s\n", formats[i], formats[j], n_matrix[i][j], n_from[j]);
206 } else if (strcmp(n_matrix[i][j], n_from[j]) != 0) {
207 printf("dcerpc_drsuapi_DsCrackNames mismatch - from %d to %d: %s should be %s\n", formats[i], formats[j], n_matrix[i][j], n_from[j]);
215 bool test_DsCrackNames(struct torture_context *tctx,
216 struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
217 struct DsPrivate *priv)
220 struct drsuapi_DsCrackNames r;
221 union drsuapi_DsNameRequest req;
223 union drsuapi_DsNameCtr ctr;
224 struct drsuapi_DsNameString names[1];
226 const char *dns_domain;
227 const char *nt4_domain;
228 const char *FQDN_1779_name;
229 struct ldb_context *ldb;
230 struct ldb_dn *FQDN_1779_dn;
231 struct ldb_dn *realm_dn;
232 const char *realm_dn_str;
233 const char *realm_canonical;
234 const char *realm_canonical_ex;
235 const char *user_principal_name;
236 char *user_principal_name_short;
237 const char *service_principal_name;
238 const char *canonical_name;
239 const char *canonical_ex_name;
241 const char *test_dc = torture_join_netbios_name(priv->join);
244 r.in.bind_handle = &priv->bind_handle;
247 r.in.req->req1.codepage = 1252; /* german */
248 r.in.req->req1.language = 0x00000407; /* german */
249 r.in.req->req1.count = 1;
250 r.in.req->req1.names = names;
251 r.in.req->req1.format_flags = DRSUAPI_DS_NAME_FLAG_NO_FLAGS;
253 r.in.req->req1.format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY;
254 r.in.req->req1.format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT;
256 r.out.level_out = &level_out;
259 dom_sid = dom_sid_string(mem_ctx, torture_join_sid(priv->join));
261 names[0].str = dom_sid;
263 printf("testing DsCrackNames with name '%s' desired format:%d\n",
264 names[0].str, r.in.req->req1.format_desired);
266 status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r);
267 if (!NT_STATUS_IS_OK(status)) {
268 const char *errstr = nt_errstr(status);
269 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
270 errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
272 printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr);
274 } else if (!W_ERROR_IS_OK(r.out.result)) {
275 printf("DsCrackNames failed - %s\n", win_errstr(r.out.result));
277 } else if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
278 printf("DsCrackNames failed on name - %d\n", r.out.ctr->ctr1->array[0].status);
286 dns_domain = r.out.ctr->ctr1->array[0].dns_domain_name;
287 nt4_domain = r.out.ctr->ctr1->array[0].result_name;
289 r.in.req->req1.format_desired = DRSUAPI_DS_NAME_FORMAT_GUID;
291 printf("testing DsCrackNames with name '%s' desired format:%d\n",
292 names[0].str, r.in.req->req1.format_desired);
294 status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r);
295 if (!NT_STATUS_IS_OK(status)) {
296 const char *errstr = nt_errstr(status);
297 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
298 errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
300 printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr);
302 } else if (!W_ERROR_IS_OK(r.out.result)) {
303 printf("DsCrackNames failed - %s\n", win_errstr(r.out.result));
305 } else if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
306 printf("DsCrackNames failed on name - %d\n", r.out.ctr->ctr1->array[0].status);
314 priv->domain_dns_name = r.out.ctr->ctr1->array[0].dns_domain_name;
315 priv->domain_guid_str = r.out.ctr->ctr1->array[0].result_name;
316 GUID_from_string(priv->domain_guid_str, &priv->domain_guid);
318 r.in.req->req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
320 printf("testing DsCrackNames with name '%s' desired format:%d\n",
321 names[0].str, r.in.req->req1.format_desired);
323 status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r);
324 if (!NT_STATUS_IS_OK(status)) {
325 const char *errstr = nt_errstr(status);
326 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
327 errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
329 printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr);
331 } else if (!W_ERROR_IS_OK(r.out.result)) {
332 printf("DsCrackNames failed - %s\n", win_errstr(r.out.result));
334 } else if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
335 printf("DsCrackNames failed on name - %d\n", r.out.ctr->ctr1->array[0].status);
343 ldb = ldb_init(mem_ctx, tctx->ev);
345 realm_dn_str = r.out.ctr->ctr1->array[0].result_name;
346 realm_dn = ldb_dn_new(mem_ctx, ldb, realm_dn_str);
347 realm_canonical = ldb_dn_canonical_string(mem_ctx, realm_dn);
349 if (strcmp(realm_canonical,
350 talloc_asprintf(mem_ctx, "%s/", dns_domain))!= 0) {
351 printf("local Round trip on canonical name failed: %s != %s!\n",
353 talloc_asprintf(mem_ctx, "%s/", dns_domain));
357 realm_canonical_ex = ldb_dn_canonical_ex_string(mem_ctx, realm_dn);
359 if (strcmp(realm_canonical_ex,
360 talloc_asprintf(mem_ctx, "%s\n", dns_domain))!= 0) {
361 printf("local Round trip on canonical ex name failed: %s != %s!\n",
363 talloc_asprintf(mem_ctx, "%s\n", dns_domain));
367 r.in.req->req1.format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT;
368 r.in.req->req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
369 names[0].str = nt4_domain;
371 printf("testing DsCrackNames with name '%s' desired format:%d\n",
372 names[0].str, r.in.req->req1.format_desired);
374 status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r);
375 if (!NT_STATUS_IS_OK(status)) {
376 const char *errstr = nt_errstr(status);
377 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
378 errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
380 printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr);
382 } else if (!W_ERROR_IS_OK(r.out.result)) {
383 printf("DsCrackNames failed - %s\n", win_errstr(r.out.result));
385 } else if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
386 printf("DsCrackNames failed on name - %d\n", r.out.ctr->ctr1->array[0].status);
394 priv->domain_obj_dn = r.out.ctr->ctr1->array[0].result_name;
396 r.in.req->req1.format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT;
397 r.in.req->req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
398 names[0].str = talloc_asprintf(mem_ctx, "%s%s$", nt4_domain, test_dc);
400 printf("testing DsCrackNames with name '%s' desired format:%d\n",
401 names[0].str, r.in.req->req1.format_desired);
403 status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r);
404 if (!NT_STATUS_IS_OK(status)) {
405 const char *errstr = nt_errstr(status);
406 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
407 errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
409 printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr);
411 } else if (!W_ERROR_IS_OK(r.out.result)) {
412 printf("DsCrackNames failed - %s\n", win_errstr(r.out.result));
414 } else if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
415 printf("DsCrackNames failed on name - %d\n", r.out.ctr->ctr1->array[0].status);
423 FQDN_1779_name = r.out.ctr->ctr1->array[0].result_name;
425 r.in.req->req1.format_offered = DRSUAPI_DS_NAME_FORMAT_GUID;
426 r.in.req->req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
427 names[0].str = priv->domain_guid_str;
429 printf("testing DsCrackNames with name '%s' desired format:%d\n",
430 names[0].str, r.in.req->req1.format_desired);
432 status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r);
433 if (!NT_STATUS_IS_OK(status)) {
434 const char *errstr = nt_errstr(status);
435 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
436 errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
438 printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr);
440 } else if (!W_ERROR_IS_OK(r.out.result)) {
441 printf("DsCrackNames failed - %s\n", win_errstr(r.out.result));
443 } else if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
444 printf("DsCrackNames failed on name - %d\n", r.out.ctr->ctr1->array[0].status);
452 if (strcmp(priv->domain_dns_name, r.out.ctr->ctr1->array[0].dns_domain_name) != 0) {
453 printf("DsCrackNames failed to return same DNS name - expected %s got %s\n", priv->domain_dns_name, r.out.ctr->ctr1->array[0].dns_domain_name);
457 FQDN_1779_dn = ldb_dn_new(mem_ctx, ldb, FQDN_1779_name);
459 canonical_name = ldb_dn_canonical_string(mem_ctx, FQDN_1779_dn);
460 canonical_ex_name = ldb_dn_canonical_ex_string(mem_ctx, FQDN_1779_dn);
462 user_principal_name = talloc_asprintf(mem_ctx, "%s$@%s", test_dc, dns_domain);
464 /* form up a user@DOMAIN */
465 user_principal_name_short = talloc_asprintf(mem_ctx, "%s$@%s", test_dc, nt4_domain);
466 /* variable nt4_domain includs a trailing \ */
467 user_principal_name_short[strlen(user_principal_name_short) - 1] = '\0';
469 service_principal_name = talloc_asprintf(mem_ctx, "HOST/%s", test_dc);
473 enum drsuapi_DsNameFormat format_offered;
474 enum drsuapi_DsNameFormat format_desired;
477 const char *expected_str;
478 const char *expected_dns;
479 enum drsuapi_DsNameStatus status;
480 enum drsuapi_DsNameStatus alternate_status;
481 enum drsuapi_DsNameFlags flags;
485 .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
486 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
487 .str = user_principal_name,
488 .expected_str = FQDN_1779_name,
489 .status = DRSUAPI_DS_NAME_STATUS_OK
492 .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
493 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
494 .str = user_principal_name_short,
495 .expected_str = FQDN_1779_name,
496 .status = DRSUAPI_DS_NAME_STATUS_OK
499 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
500 .format_desired = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
501 .str = FQDN_1779_name,
502 .status = DRSUAPI_DS_NAME_STATUS_NO_MAPPING
505 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
506 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
507 .str = service_principal_name,
508 .expected_str = FQDN_1779_name,
509 .status = DRSUAPI_DS_NAME_STATUS_OK
512 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
513 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
514 .str = talloc_asprintf(mem_ctx, "cifs/%s.%s", test_dc, dns_domain),
515 .comment = "ServicePrincipal Name",
516 .expected_str = FQDN_1779_name,
517 .status = DRSUAPI_DS_NAME_STATUS_OK
520 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
521 .format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL,
522 .str = FQDN_1779_name,
523 .expected_str = canonical_name,
524 .status = DRSUAPI_DS_NAME_STATUS_OK
527 .format_offered = DRSUAPI_DS_NAME_FORMAT_CANONICAL,
528 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
529 .str = canonical_name,
530 .expected_str = FQDN_1779_name,
531 .status = DRSUAPI_DS_NAME_STATUS_OK
534 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
535 .format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX,
536 .str = FQDN_1779_name,
537 .expected_str = canonical_ex_name,
538 .status = DRSUAPI_DS_NAME_STATUS_OK
541 .format_offered = DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX,
542 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
543 .str = canonical_ex_name,
544 .expected_str = FQDN_1779_name,
545 .status = DRSUAPI_DS_NAME_STATUS_OK
548 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
549 .format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL,
550 .str = FQDN_1779_name,
551 .comment = "DN to cannoical syntactial only",
552 .status = DRSUAPI_DS_NAME_STATUS_OK,
553 .expected_str = canonical_name,
554 .flags = DRSUAPI_DS_NAME_FLAG_SYNTACTICAL_ONLY
557 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
558 .format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX,
559 .str = FQDN_1779_name,
560 .comment = "DN to cannoical EX syntactial only",
561 .status = DRSUAPI_DS_NAME_STATUS_OK,
562 .expected_str = canonical_ex_name,
563 .flags = DRSUAPI_DS_NAME_FLAG_SYNTACTICAL_ONLY
566 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
567 .format_desired = DRSUAPI_DS_NAME_FORMAT_DISPLAY,
568 .str = FQDN_1779_name,
569 .status = DRSUAPI_DS_NAME_STATUS_OK
572 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
573 .format_desired = DRSUAPI_DS_NAME_FORMAT_GUID,
574 .str = FQDN_1779_name,
575 .status = DRSUAPI_DS_NAME_STATUS_OK
578 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
579 .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
580 .str = priv->domain_guid_str,
581 .comment = "Domain GUID to NT4 ACCOUNT",
582 .expected_str = nt4_domain,
583 .status = DRSUAPI_DS_NAME_STATUS_OK
586 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
587 .format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL,
588 .str = priv->domain_guid_str,
589 .comment = "Domain GUID to Canonical",
590 .expected_str = talloc_asprintf(mem_ctx, "%s/", dns_domain),
591 .status = DRSUAPI_DS_NAME_STATUS_OK
594 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
595 .format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX,
596 .str = priv->domain_guid_str,
597 .comment = "Domain GUID to Canonical EX",
598 .expected_str = talloc_asprintf(mem_ctx, "%s\n", dns_domain),
599 .status = DRSUAPI_DS_NAME_STATUS_OK
602 .format_offered = DRSUAPI_DS_NAME_FORMAT_DISPLAY,
603 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
604 .str = "CN=Microsoft Corporation,L=Redmond,S=Washington,C=US",
605 .comment = "display name for Microsoft Support Account",
606 .status = DRSUAPI_DS_NAME_STATUS_OK,
607 .alternate_status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE,
608 .skip = torture_setting_bool(tctx, "samba4", false)
611 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
612 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
613 .str = GUID_string2(mem_ctx, torture_join_user_guid(priv->join)),
614 .comment = "Account GUID -> DN",
615 .expected_str = FQDN_1779_name,
616 .status = DRSUAPI_DS_NAME_STATUS_OK
619 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
620 .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
621 .str = GUID_string2(mem_ctx, torture_join_user_guid(priv->join)),
622 .comment = "Account GUID -> NT4 Account",
623 .expected_str = talloc_asprintf(mem_ctx, "%s%s$", nt4_domain, test_dc),
624 .status = DRSUAPI_DS_NAME_STATUS_OK
627 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
628 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
629 .str = GUID_string2(mem_ctx, &priv->dcinfo.site_guid),
630 .comment = "Site GUID",
631 .expected_str = priv->dcinfo.site_dn,
632 .status = DRSUAPI_DS_NAME_STATUS_OK
635 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
636 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
637 .str = GUID_string2(mem_ctx, &priv->dcinfo.computer_guid),
638 .comment = "Computer GUID",
639 .expected_str = priv->dcinfo.computer_dn,
640 .status = DRSUAPI_DS_NAME_STATUS_OK
643 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
644 .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
645 .str = GUID_string2(mem_ctx, &priv->dcinfo.computer_guid),
646 .comment = "Computer GUID -> NT4 Account",
647 .status = DRSUAPI_DS_NAME_STATUS_OK
650 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
651 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
652 .str = GUID_string2(mem_ctx, &priv->dcinfo.server_guid),
653 .comment = "Server GUID",
654 .expected_str = priv->dcinfo.server_dn,
655 .status = DRSUAPI_DS_NAME_STATUS_OK
658 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
659 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
660 .str = GUID_string2(mem_ctx, &priv->dcinfo.ntds_guid),
661 .comment = "NTDS GUID",
662 .expected_str = priv->dcinfo.ntds_dn,
663 .status = DRSUAPI_DS_NAME_STATUS_OK,
664 .skip = GUID_all_zero(&priv->dcinfo.ntds_guid)
667 .format_offered = DRSUAPI_DS_NAME_FORMAT_DISPLAY,
668 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
670 .comment = "DISLPAY NAME search for DC short name",
671 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
674 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
675 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
676 .str = talloc_asprintf(mem_ctx, "krbtgt/%s", dns_domain),
677 .comment = "Looking for KRBTGT as a serivce principal",
678 .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY,
679 .expected_dns = dns_domain
682 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
683 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
684 .str = talloc_asprintf(mem_ctx, "bogus/%s", dns_domain),
685 .comment = "Looking for bogus serivce principal",
686 .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY,
687 .expected_dns = dns_domain
690 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
691 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
692 .str = talloc_asprintf(mem_ctx, "bogus/%s.%s", test_dc, dns_domain),
693 .comment = "Looking for bogus serivce on test DC",
694 .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY,
695 .expected_dns = talloc_asprintf(mem_ctx, "%s.%s", test_dc, dns_domain)
698 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
699 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
700 .str = talloc_asprintf(mem_ctx, "krbtgt"),
701 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
704 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
705 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
706 .comment = "Looking for the kadmin/changepw service as a serivce principal",
707 .str = talloc_asprintf(mem_ctx, "kadmin/changepw"),
708 .status = DRSUAPI_DS_NAME_STATUS_OK,
709 .expected_str = talloc_asprintf(mem_ctx, "CN=krbtgt,CN=Users,%s", realm_dn_str),
710 .alternate_status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
713 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
714 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
715 .str = talloc_asprintf(mem_ctx, "cifs/%s.%s@%s",
718 .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY
721 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
722 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
723 .str = talloc_asprintf(mem_ctx, "cifs/%s.%s@%s",
726 .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY,
727 .expected_dns = "BOGUS"
730 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
731 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
732 .str = talloc_asprintf(mem_ctx, "cifs/%s.%s@%s",
735 .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY,
736 .expected_dns = "BOGUS"
739 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
740 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
741 .str = talloc_asprintf(mem_ctx, "cifs/%s.%s",
742 test_dc, dns_domain),
743 .status = DRSUAPI_DS_NAME_STATUS_OK
746 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
747 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
748 .str = talloc_asprintf(mem_ctx, "cifs/%s",
750 .status = DRSUAPI_DS_NAME_STATUS_OK
753 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
754 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
756 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
759 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
760 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
762 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
765 .format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
766 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
767 .str = "NOT AN NT4 NAME",
768 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
771 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
772 .format_desired = DRSUAPI_DS_NAME_FORMAT_GUID,
773 .comment = "Unparsable DN",
775 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
778 .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
779 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
780 .comment = "Unparsable user principal",
781 .str = "NOT A PRINCIPAL",
782 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
785 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
786 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
787 .comment = "Unparsable service principal",
788 .str = "NOT A SERVICE PRINCIPAL",
789 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
792 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
793 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
794 .comment = "BIND GUID (ie, not in the directory)",
795 .str = GUID_string2(mem_ctx, &priv->bind_guid),
796 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
799 .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
800 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
801 .comment = "Unqualified Machine account as user principal",
802 .str = talloc_asprintf(mem_ctx, "%s$", test_dc),
803 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
806 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
807 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
808 .comment = "Machine account as service principal",
809 .str = talloc_asprintf(mem_ctx, "%s$", test_dc),
810 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
813 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
814 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
815 .comment = "Full Machine account as service principal",
816 .str = user_principal_name,
817 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
820 .format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
821 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
822 .comment = "Realm as an NT4 domain lookup",
823 .str = talloc_asprintf(mem_ctx, "%s\\", dns_domain),
824 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
827 .format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
828 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
829 .comment = "BUILTIN\\ -> DN",
831 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
834 .format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
835 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
836 .comment = "NT AUTHORITY\\ -> DN",
837 .str = "NT AUTHORITY\\",
838 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
841 .format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
842 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
843 .comment = "NT AUTHORITY\\ANONYMOUS LOGON -> DN",
844 .str = "NT AUTHORITY\\ANONYMOUS LOGON",
845 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
848 .format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
849 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
850 .comment = "NT AUTHORITY\\SYSTEM -> DN",
851 .str = "NT AUTHORITY\\SYSTEM",
852 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
855 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
856 .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
857 .comment = "BUITIN SID -> NT4 account",
859 .status = DRSUAPI_DS_NAME_STATUS_NO_MAPPING,
860 .alternate_status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
863 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
864 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
866 .comment = "Builtin Domain SID -> DN",
867 .status = DRSUAPI_DS_NAME_STATUS_OK,
868 .expected_str = talloc_asprintf(mem_ctx, "CN=Builtin,%s", realm_dn_str),
869 .alternate_status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
872 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
873 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
874 .str = SID_BUILTIN_ADMINISTRATORS,
875 .comment = "Builtin Administrors SID -> DN",
876 .status = DRSUAPI_DS_NAME_STATUS_OK,
877 .alternate_status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
880 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
881 .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
882 .str = SID_BUILTIN_ADMINISTRATORS,
883 .comment = "Builtin Administrors SID -> NT4 Account",
884 .status = DRSUAPI_DS_NAME_STATUS_OK,
885 .alternate_status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
888 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
889 .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
890 .str = SID_NT_ANONYMOUS,
891 .comment = "NT Anonymous SID -> NT4 Account",
892 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
895 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
896 .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
897 .str = SID_NT_SYSTEM,
898 .comment = "NT SYSTEM SID -> NT4 Account",
899 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
902 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
903 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
904 .comment = "Domain SID -> DN",
906 .expected_str = realm_dn_str,
907 .status = DRSUAPI_DS_NAME_STATUS_OK
910 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
911 .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
912 .comment = "Domain SID -> NT4 account",
914 .expected_str = nt4_domain,
915 .status = DRSUAPI_DS_NAME_STATUS_OK
918 .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
919 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
920 .comment = "invalid user principal name",
922 .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY,
923 .expected_dns = "bar"
926 .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
927 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
928 .comment = "invalid user principal name in valid domain",
929 .str = talloc_asprintf(mem_ctx, "invalidusername@%s", dns_domain),
930 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
935 for (i=0; i < ARRAY_SIZE(crack); i++) {
937 r.in.req->req1.format_flags = crack[i].flags;
938 r.in.req->req1.format_offered = crack[i].format_offered;
939 r.in.req->req1.format_desired = crack[i].format_desired;
940 names[0].str = crack[i].str;
942 if (crack[i].comment) {
943 comment = talloc_asprintf(mem_ctx, "'%s' with name '%s' desired format:%d\n",
944 crack[i].comment, names[0].str, r.in.req->req1.format_desired);
946 comment = talloc_asprintf(mem_ctx, "'%s' desired format:%d\n",
947 names[0].str, r.in.req->req1.format_desired);
950 printf("skipping: %s", comment);
953 status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r);
954 if (!NT_STATUS_IS_OK(status)) {
955 const char *errstr = nt_errstr(status);
956 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
957 errstr = dcerpc_errstr(mem_ctx, p->last_fault_code);
959 printf("dcerpc_drsuapi_DsCrackNames failed on %s - %s\n", comment, errstr);
961 } else if (!W_ERROR_IS_OK(r.out.result)) {
962 printf("DsCrackNames failed - %s\n", win_errstr(r.out.result));
964 } else if (r.out.ctr->ctr1->array[0].status != crack[i].status) {
965 if (crack[i].alternate_status) {
966 if (r.out.ctr->ctr1->array[0].status != crack[i].alternate_status) {
967 printf("DsCrackNames unexpected status %d, wanted %d or %d on: %s\n",
968 r.out.ctr->ctr1->array[0].status,
970 crack[i].alternate_status,
975 printf("DsCrackNames unexpected status %d, wanted %d on: %s\n",
976 r.out.ctr->ctr1->array[0].status,
981 } else if (crack[i].expected_str
982 && (strcmp(r.out.ctr->ctr1->array[0].result_name,
983 crack[i].expected_str) != 0)) {
984 if (strcasecmp(r.out.ctr->ctr1->array[0].result_name,
985 crack[i].expected_str) != 0) {
986 printf("DsCrackNames failed - got %s, expected %s on %s\n",
987 r.out.ctr->ctr1->array[0].result_name,
988 crack[i].expected_str, comment);
991 printf("(warning) DsCrackNames returned different case - got %s, expected %s on %s\n",
992 r.out.ctr->ctr1->array[0].result_name,
993 crack[i].expected_str, comment);
995 } else if (crack[i].expected_dns
996 && (strcmp(r.out.ctr->ctr1->array[0].dns_domain_name,
997 crack[i].expected_dns) != 0)) {
998 printf("DsCrackNames failed - got DNS name %s, expected %s on %s\n",
999 r.out.ctr->ctr1->array[0].result_name,
1000 crack[i].expected_str, comment);
1006 if (!test_DsCrackNamesMatrix(p, mem_ctx, priv, FQDN_1779_name,
1007 user_principal_name, service_principal_name)) {