samdb/cracknames: support user and service principal as desired format

This adds support for DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL and
DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL as desired formats.

This also causes the test in cracknames.py to no longer fail.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12842

Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Jul 24 11:10:26 CEST 2017 on sn-devel-144

diff --git a/selftest/knownfail b/selftest/knownfail
index ae0086895f2330b22a0a172f1340f139607db931..f41b99d0e39b320d83c5a43abaf99d98572bb9b3 100644 (file)
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -299,7 +299,6 @@
 #ntvfs server blocks copychunk with execute access on read handle
 ^samba4.smb2.ioctl.copy_chunk_bad_access
 ^samba4.drs.getnc_exop.python.*getnc_exop.DrsReplicaPrefixMapTestCase.test_regular_prefix_map_ex_attid.*
-^samba4.drs.cracknames.python.*cracknames.DrsCracknamesTestCase.test_Cracknames.*
 # We don't support NDR64 yet, so we generate the wrong FAULT code
 ^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_no_auth_presentation_ctx_invalid4
 ^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_spnego_change_auth_type2

diff --git a/source4/dsdb/samdb/cracknames.c b/source4/dsdb/samdb/cracknames.c
index bb25b00046e7feeb6df424cf866ca205fc47c213..d43f510b949e3e61803f833b8d0fdae9e5b2584c 100644 (file)
--- a/source4/dsdb/samdb/cracknames.c
+++ b/source4/dsdb/samdb/cracknames.c
@@ -881,6 +881,12 @@ static WERROR DsCrackNameOneFilter(struct ldb_context *sam_ctx, TALLOC_CTX *mem_
        const char * const _domain_attrs_guid[] = { "ncName", "dnsRoot", NULL};
        const char * const _result_attrs_guid[] = { "objectGUID", NULL};
 
+       const char * const _domain_attrs_upn[] = { "ncName", "dnsRoot", NULL};
+       const char * const _result_attrs_upn[] = { "userPrincipalName", NULL};
+
+       const char * const _domain_attrs_spn[] = { "ncName", "dnsRoot", NULL};
+       const char * const _result_attrs_spn[] = { "servicePrincipalName", NULL};
+
        const char * const _domain_attrs_display[] = { "ncName", "dnsRoot", NULL};
        const char * const _result_attrs_display[] = { "displayName", "samAccountName", NULL};
 
@@ -910,6 +916,14 @@ static WERROR DsCrackNameOneFilter(struct ldb_context *sam_ctx, TALLOC_CTX *mem_
                domain_attrs = _domain_attrs_display;
                result_attrs = _result_attrs_display;
                break;
+       case DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL:
+               domain_attrs = _domain_attrs_upn;
+               result_attrs = _result_attrs_upn;
+               break;
+       case DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL:
+               domain_attrs = _domain_attrs_spn;
+               result_attrs = _result_attrs_spn;
+               break;
        default:
                domain_attrs = _domain_attrs_none;
                result_attrs = _result_attrs_none;
@@ -1239,7 +1253,17 @@ static WERROR DsCrackNameOneFilter(struct ldb_context *sam_ctx, TALLOC_CTX *mem_
                return WERR_OK;
        }
        case DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL: {
-               info1->status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE;
+               if (result->elements[0].num_values > 1) {
+                       info1->status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE;
+                       return WERR_OK;
+               }
+
+               info1->result_name = ldb_msg_find_attr_as_string(result, "servicePrincipalName", NULL);
+               if (!info1->result_name) {
+                       info1->status = DRSUAPI_DS_NAME_STATUS_NO_MAPPING;
+               } else {
+                       info1->status = DRSUAPI_DS_NAME_STATUS_OK;
+               }
                return WERR_OK;
        }
        case DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN: 
@@ -1248,6 +1272,15 @@ static WERROR DsCrackNameOneFilter(struct ldb_context *sam_ctx, TALLOC_CTX *mem_
                info1->status = DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR;
                return WERR_OK;
        }
+       case DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL: {
+               info1->result_name = ldb_msg_find_attr_as_string(result, "userPrincipalName", NULL);
+               if (!info1->result_name) {
+                       info1->status = DRSUAPI_DS_NAME_STATUS_NO_MAPPING;
+               } else {
+                       info1->status = DRSUAPI_DS_NAME_STATUS_OK;
+               }
+               return WERR_OK;
+       }
        default:
                info1->status = DRSUAPI_DS_NAME_STATUS_NO_MAPPING;
                return WERR_OK;