search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ctdb-scripts: Support storing statd-callout state in cluster filesystem
[samba4-gss.git] / source4 / torture / rpc / drsuapi_cracknames.c
blob0cbccda45faff83c8babd73a88cf31326f6ab110
1 /*
2 Unix SMB/CIFS implementation.
3
4 DRSUapi tests
5
6 Copyright (C) Andrew Tridgell 2003
7 Copyright (C) Stefan (metze) Metzmacher 2004
8 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 */
23
24 #include "includes.h"
25 #include "librpc/gen_ndr/ndr_drsuapi_c.h"
26 #include "torture/rpc/torture_rpc.h"
27 #include <ldb.h>
28 #include "libcli/security/security.h"
29
30 #undef strcasecmp
31
32 struct DsCrackNamesPrivate {
33 struct DsPrivate base;
34
35 /* following names are used in Crack Names Matrix test */
36 const char *fqdn_name;
37 const char *user_principal_name;
38 const char *service_principal_name;
39 };
40
41 static bool test_DsCrackNamesMatrix(struct torture_context *tctx,
42 struct DsPrivate *priv, const char *dn,
43 const char *user_principal_name, const char *service_principal_name)
44 {
45 NTSTATUS status;
46 const char *err_msg;
47 struct drsuapi_DsCrackNames r;
48 union drsuapi_DsNameRequest req;
49 uint32_t level_out;
50 union drsuapi_DsNameCtr ctr;
51 struct dcerpc_pipe *p = priv->drs_pipe;
52 TALLOC_CTX *mem_ctx = priv;
53
54 enum drsuapi_DsNameFormat formats[] = {
55 DRSUAPI_DS_NAME_FORMAT_UNKNOWN,
56 DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
57 DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
58 DRSUAPI_DS_NAME_FORMAT_DISPLAY,
59 DRSUAPI_DS_NAME_FORMAT_GUID,
60 DRSUAPI_DS_NAME_FORMAT_CANONICAL,
61 DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
62 DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX,
63 DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
64 DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
65 DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN
66 };
67 struct drsuapi_DsNameString names[ARRAY_SIZE(formats)];
68 int i, j;
69
70 const char *n_matrix[ARRAY_SIZE(formats)][ARRAY_SIZE(formats)];
71 const char *n_from[ARRAY_SIZE(formats)];
72
73 ZERO_STRUCT(r);
74 r.in.bind_handle = &priv->bind_handle;
75 r.in.level = 1;
76 r.in.req = &req;
77 r.in.req->req1.codepage = 1252; /* german */
78 r.in.req->req1.language = 0x00000407; /* german */
79 r.in.req->req1.count = 1;
80 r.in.req->req1.names = names;
81 r.in.req->req1.format_flags = DRSUAPI_DS_NAME_FLAG_NO_FLAGS;
82
83 r.out.level_out = &level_out;
84 r.out.ctr = &ctr;
85
86 n_matrix[0][0] = dn;
87
88 for (i = 0; i < ARRAY_SIZE(formats); i++) {
89 r.in.req->req1.format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
90 r.in.req->req1.format_desired = formats[i];
91 names[0].str = dn;
92 torture_comment(tctx, "Testing DsCrackNames (matrix prep) with name '%s'"
93 " offered format: %d desired format:%d\n",
94 names[0].str,
95 r.in.req->req1.format_offered,
96 r.in.req->req1.format_desired);
97 status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r);
98 if (!NT_STATUS_IS_OK(status)) {
99 const char *errstr = nt_errstr(status);
100 err_msg = talloc_asprintf(mem_ctx,
101 "testing DsCrackNames (matrix prep) with name '%s' from format: %d desired format:%d failed - %s",
102 names[0].str, r.in.req->req1.format_offered, r.in.req->req1.format_desired, errstr);
103 torture_fail(tctx, err_msg);
104 } else if (!W_ERROR_IS_OK(r.out.result)) {
105 err_msg = talloc_asprintf(mem_ctx,
106 "testing DsCrackNames (matrix prep) with name '%s' from format: %d desired format:%d failed - %s",
107 names[0].str, r.in.req->req1.format_offered, r.in.req->req1.format_desired, win_errstr(r.out.result));
108 torture_fail(tctx, err_msg);
109 }
110
111 switch (formats[i]) {
112 case DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL:
113 if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE) {
114 err_msg = talloc_asprintf(mem_ctx,
115 "Unexpected error (%d): This name lookup should fail",
116 r.out.ctr->ctr1->array[0].status);
117 torture_fail(tctx, err_msg);
118 }
119 torture_comment(tctx, __location__ ": (expected) error\n");
120 break;
121 case DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL:
122 if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_NO_MAPPING) {
123 err_msg = talloc_asprintf(mem_ctx,
124 "Unexpected error (%d): This name lookup should fail",
125 r.out.ctr->ctr1->array[0].status);
126 torture_fail(tctx, err_msg);
127 }
128 torture_comment(tctx, __location__ ": (expected) error\n");
129 break;
130 case DRSUAPI_DS_NAME_FORMAT_UNKNOWN: /* should fail as we ask server to convert to Unknown format */
131 case DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN:
132 if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR) {
133 err_msg = talloc_asprintf(mem_ctx,
134 "Unexpected error (%d): This name lookup should fail",
135 r.out.ctr->ctr1->array[0].status);
136 torture_fail(tctx, err_msg);
137 }
138 torture_comment(tctx, __location__ ": (expected) error\n");
139 break;
140 default:
141 if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
142 err_msg = talloc_asprintf(mem_ctx,
143 "DsCrackNames error: %d",
144 r.out.ctr->ctr1->array[0].status);
145 torture_fail(tctx, err_msg);
146 }
147 break;
148 }
149
150 switch (formats[i]) {
151 case DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL:
152 n_from[i] = user_principal_name;
153 break;
154 case DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL:
155 n_from[i] = service_principal_name;
156 break;
157 case DRSUAPI_DS_NAME_FORMAT_UNKNOWN:
158 case DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN:
159 n_from[i] = NULL;
160 break;
161 default:
162 n_from[i] = r.out.ctr->ctr1->array[0].result_name;
163 printf("%s\n", n_from[i]);
164 break;
165 }
166 }
167
168 for (i = 0; i < ARRAY_SIZE(formats); i++) {
169 for (j = 0; j < ARRAY_SIZE(formats); j++) {
170 r.in.req->req1.format_offered = formats[i];
171 r.in.req->req1.format_desired = formats[j];
172 if (!n_from[i]) {
173 n_matrix[i][j] = NULL;
174 continue;
175 }
176 names[0].str = n_from[i];
177 status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r);
178 if (!NT_STATUS_IS_OK(status)) {
179 const char *errstr = nt_errstr(status);
180 err_msg = talloc_asprintf(mem_ctx,
181 "testing DsCrackNames (matrix) with name '%s' from format: %d desired format:%d failed - %s",
182 names[0].str, r.in.req->req1.format_offered, r.in.req->req1.format_desired, errstr);
183 torture_fail(tctx, err_msg);
184 } else if (!W_ERROR_IS_OK(r.out.result)) {
185 err_msg = talloc_asprintf(mem_ctx,
186 "testing DsCrackNames (matrix) with name '%s' from format: %d desired format:%d failed - %s",
187 names[0].str, r.in.req->req1.format_offered, r.in.req->req1.format_desired,
188 win_errstr(r.out.result));
189 torture_fail(tctx, err_msg);
190 }
191
192 if (r.out.ctr->ctr1->array[0].status == DRSUAPI_DS_NAME_STATUS_OK) {
193 n_matrix[i][j] = r.out.ctr->ctr1->array[0].result_name;
194 } else {
195 n_matrix[i][j] = NULL;
196 }
197 }
198 }
199
200 for (i = 0; i < ARRAY_SIZE(formats); i++) {
201 for (j = 0; j < ARRAY_SIZE(formats); j++) {
202 torture_comment(tctx, "Converting %s (format %d)"
203 " to %d gave %s\n",
204 n_from[i] == NULL ? "NULL" : n_from[i],
205 formats[i], formats[j],
206 n_matrix[i][j] == NULL ?
207 "NULL" : n_matrix[i][j]);
208
209 if (n_matrix[i][j] == n_from[j]) {
210
211 /* We don't have a from name for these yet (and we can't map to them to find it out) */
212 } else if (n_matrix[i][j] == NULL && n_from[i] == NULL) {
213
214 /* we can't map to these two */
215 } else if (n_matrix[i][j] == NULL && formats[j] == DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL) {
216 } else if (n_matrix[i][j] == NULL && formats[j] == DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL) {
217 } else if (n_matrix[i][j] == NULL && n_from[j] != NULL) {
218 err_msg = talloc_asprintf(mem_ctx,
219 "dcerpc_drsuapi_DsCrackNames mismatch - from %d to %d: should be %s",
220 formats[i], formats[j], n_from[j]);
221 torture_fail(tctx, err_msg);
222 } else if (n_matrix[i][j] != NULL && n_from[j] == NULL) {
223 err_msg = talloc_asprintf(mem_ctx,
224 "dcerpc_drsuapi_DsCrackNames mismatch - from %d to %d: should be %s",
225 formats[i], formats[j], n_matrix[i][j]);
226 torture_fail(tctx, err_msg);
227 } else if (strcmp(n_matrix[i][j], n_from[j]) != 0) {
228 err_msg = talloc_asprintf(mem_ctx,
229 "dcerpc_drsuapi_DsCrackNames mismatch - from %d to %d: %s should be %s",
230 formats[i], formats[j], n_matrix[i][j], n_from[j]);
231 torture_fail(tctx, err_msg);
232 }
233 }
234 }
235
236 return true;
237 }
238
239 bool test_DsCrackNames(struct torture_context *tctx,
240 struct DsPrivate *priv)
241 {
242 NTSTATUS status;
243 const char *err_msg;
244 struct drsuapi_DsCrackNames r;
245 union drsuapi_DsNameRequest req;
246 uint32_t level_out;
247 union drsuapi_DsNameCtr ctr;
248 struct drsuapi_DsNameString names[1];
249 const char *dns_domain;
250 const char *nt4_domain;
251 const char *FQDN_1779_name;
252 struct ldb_context *ldb;
253 struct ldb_dn *FQDN_1779_dn;
254 struct ldb_dn *realm_dn;
255 const char *realm_dn_str;
256 const char *realm_canonical;
257 const char *realm_canonical_ex;
258 const char *user_principal_name;
259 char *user_principal_name_short;
260 const char *service_principal_name;
261 const char *canonical_name;
262 const char *canonical_ex_name;
263 const char *dom_sid;
264 const char *test_dc = torture_join_netbios_name(priv->join);
265 struct dcerpc_pipe *p = priv->drs_pipe;
266 TALLOC_CTX *mem_ctx = priv;
267
268 ZERO_STRUCT(r);
269 r.in.bind_handle = &priv->bind_handle;
270 r.in.level = 1;
271 r.in.req = &req;
272 r.in.req->req1.codepage = 1252; /* german */
273 r.in.req->req1.language = 0x00000407; /* german */
274 r.in.req->req1.count = 1;
275 r.in.req->req1.names = names;
276 r.in.req->req1.format_flags = DRSUAPI_DS_NAME_FLAG_NO_FLAGS;
277
278 r.in.req->req1.format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY;
279 r.in.req->req1.format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT;
280
281 r.out.level_out = &level_out;
282 r.out.ctr = &ctr;
283
284 dom_sid = dom_sid_string(mem_ctx, torture_join_sid(priv->join));
285
286 names[0].str = dom_sid;
287
288 torture_comment(tctx, "Testing DsCrackNames with name '%s'"
289 " offered format: %d desired format:%d\n",
290 names[0].str,
291 r.in.req->req1.format_offered,
292 r.in.req->req1.format_desired);
293
294 status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r);
295 if (!NT_STATUS_IS_OK(status)) {
296 const char *errstr = nt_errstr(status);
297 err_msg = talloc_asprintf(mem_ctx, "dcerpc_drsuapi_DsCrackNames failed - %s", errstr);
298 torture_fail(tctx, err_msg);
299 } else if (!W_ERROR_IS_OK(r.out.result)) {
300 err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed - %s", win_errstr(r.out.result));
301 torture_fail(tctx, err_msg);
302 } else if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
303 err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed on name - %d",
304 r.out.ctr->ctr1->array[0].status);
305 torture_fail(tctx, err_msg);
306 }
307
308 dns_domain = r.out.ctr->ctr1->array[0].dns_domain_name;
309 nt4_domain = r.out.ctr->ctr1->array[0].result_name;
310
311 r.in.req->req1.format_desired = DRSUAPI_DS_NAME_FORMAT_GUID;
312
313 torture_comment(tctx, "Testing DsCrackNames with name '%s'"
314 " offered format: %d desired format:%d\n",
315 names[0].str,
316 r.in.req->req1.format_offered,
317 r.in.req->req1.format_desired);
318
319 status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r);
320 if (!NT_STATUS_IS_OK(status)) {
321 const char *errstr = nt_errstr(status);
322 err_msg = talloc_asprintf(mem_ctx, "dcerpc_drsuapi_DsCrackNames failed - %s", errstr);
323 torture_fail(tctx, err_msg);
324 } else if (!W_ERROR_IS_OK(r.out.result)) {
325 err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed - %s", win_errstr(r.out.result));
326 torture_fail(tctx, err_msg);
327 } else if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
328 err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed on name - %d",
329 r.out.ctr->ctr1->array[0].status);
330 torture_fail(tctx, err_msg);
331 }
332
333 priv->domain_dns_name = r.out.ctr->ctr1->array[0].dns_domain_name;
334 priv->domain_guid_str = r.out.ctr->ctr1->array[0].result_name;
335 GUID_from_string(priv->domain_guid_str, &priv->domain_guid);
336
337 r.in.req->req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
338
339 torture_comment(tctx, "Testing DsCrackNames with name '%s'"
340 " offered format: %d desired format:%d\n",
341 names[0].str,
342 r.in.req->req1.format_offered,
343 r.in.req->req1.format_desired);
344
345 status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r);
346 if (!NT_STATUS_IS_OK(status)) {
347 const char *errstr = nt_errstr(status);
348 err_msg = talloc_asprintf(mem_ctx, "dcerpc_drsuapi_DsCrackNames failed - %s", errstr);
349 torture_fail(tctx, err_msg);
350 } else if (!W_ERROR_IS_OK(r.out.result)) {
351 err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed - %s", win_errstr(r.out.result));
352 torture_fail(tctx, err_msg);
353 } else if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
354 err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed on name - %d",
355 r.out.ctr->ctr1->array[0].status);
356 torture_fail(tctx, err_msg);
357 }
358
359 ldb = ldb_init(mem_ctx, tctx->ev);
360
361 realm_dn_str = r.out.ctr->ctr1->array[0].result_name;
362 realm_dn = ldb_dn_new(mem_ctx, ldb, realm_dn_str);
363 realm_canonical = ldb_dn_canonical_string(mem_ctx, realm_dn);
364
365 if (strcmp(realm_canonical,
366 talloc_asprintf(mem_ctx, "%s/", dns_domain))!= 0) {
367 err_msg = talloc_asprintf(mem_ctx, "local Round trip on canonical name failed: %s != %s!",
368 realm_canonical,
369 talloc_asprintf(mem_ctx, "%s/", dns_domain));
370 torture_fail(tctx, err_msg);
371 };
372
373 realm_canonical_ex = ldb_dn_canonical_ex_string(mem_ctx, realm_dn);
374
375 if (strcmp(realm_canonical_ex,
376 talloc_asprintf(mem_ctx, "%s\n", dns_domain))!= 0) {
377 err_msg = talloc_asprintf(mem_ctx, "local Round trip on canonical ex name failed: %s != %s!",
378 realm_canonical_ex,
379 talloc_asprintf(mem_ctx, "%s\n", dns_domain));
380 torture_fail(tctx, err_msg);
381 };
382
383 r.in.req->req1.format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT;
384 r.in.req->req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
385 names[0].str = nt4_domain;
386
387 torture_comment(tctx, "Testing DsCrackNames with name '%s'"
388 " offered format: %d desired format:%d\n",
389 names[0].str,
390 r.in.req->req1.format_offered,
391 r.in.req->req1.format_desired);
392
393 status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r);
394 if (!NT_STATUS_IS_OK(status)) {
395 const char *errstr = nt_errstr(status);
396 err_msg = talloc_asprintf(mem_ctx, "dcerpc_drsuapi_DsCrackNames failed - %s", errstr);
397 torture_fail(tctx, err_msg);
398 } else if (!W_ERROR_IS_OK(r.out.result)) {
399 err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed - %s", win_errstr(r.out.result));
400 torture_fail(tctx, err_msg);
401 } else if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
402 err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed on name - %d",
403 r.out.ctr->ctr1->array[0].status);
404 torture_fail(tctx, err_msg);
405 }
406
407 priv->domain_obj_dn = r.out.ctr->ctr1->array[0].result_name;
408
409 r.in.req->req1.format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT;
410 r.in.req->req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
411 names[0].str = talloc_asprintf(mem_ctx, "%s%s$", nt4_domain, test_dc);
412
413 torture_comment(tctx, "Testing DsCrackNames with name '%s'"
414 " offered format: %d desired format:%d\n",
415 names[0].str,
416 r.in.req->req1.format_offered,
417 r.in.req->req1.format_desired);
418
419 status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r);
420 if (!NT_STATUS_IS_OK(status)) {
421 const char *errstr = nt_errstr(status);
422 err_msg = talloc_asprintf(mem_ctx, "dcerpc_drsuapi_DsCrackNames failed - %s", errstr);
423 torture_fail(tctx, err_msg);
424 } else if (!W_ERROR_IS_OK(r.out.result)) {
425 err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed - %s", win_errstr(r.out.result));
426 torture_fail(tctx, err_msg);
427 } else if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
428 err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed on name - %d",
429 r.out.ctr->ctr1->array[0].status);
430 torture_fail(tctx, err_msg);
431 }
432
433 FQDN_1779_name = r.out.ctr->ctr1->array[0].result_name;
434
435 r.in.req->req1.format_offered = DRSUAPI_DS_NAME_FORMAT_GUID;
436 r.in.req->req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
437 names[0].str = priv->domain_guid_str;
438
439 torture_comment(tctx, "Testing DsCrackNames with name '%s'"
440 " offered format: %d desired format:%d\n",
441 names[0].str,
442 r.in.req->req1.format_offered,
443 r.in.req->req1.format_desired);
444
445 status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r);
446 if (!NT_STATUS_IS_OK(status)) {
447 const char *errstr = nt_errstr(status);
448 err_msg = talloc_asprintf(mem_ctx, "dcerpc_drsuapi_DsCrackNames failed - %s", errstr);
449 torture_fail(tctx, err_msg);
450 } else if (!W_ERROR_IS_OK(r.out.result)) {
451 err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed - %s", win_errstr(r.out.result));
452 torture_fail(tctx, err_msg);
453 } else if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
454 err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed on name - %d",
455 r.out.ctr->ctr1->array[0].status);
456 torture_fail(tctx, err_msg);
457 }
458
459 if (strcmp(priv->domain_dns_name, r.out.ctr->ctr1->array[0].dns_domain_name) != 0) {
460 err_msg = talloc_asprintf(mem_ctx,
461 "DsCrackNames failed to return same DNS name - expected %s got %s",
462 priv->domain_dns_name, r.out.ctr->ctr1->array[0].dns_domain_name);
463 torture_fail(tctx, err_msg);
464 }
465
466 FQDN_1779_dn = ldb_dn_new(mem_ctx, ldb, FQDN_1779_name);
467
468 canonical_name = ldb_dn_canonical_string(mem_ctx, FQDN_1779_dn);
469 canonical_ex_name = ldb_dn_canonical_ex_string(mem_ctx, FQDN_1779_dn);
470
471 user_principal_name = talloc_asprintf(mem_ctx, "%s$@%s", test_dc, dns_domain);
472
473 /* form up a user@DOMAIN */
474 user_principal_name_short = talloc_asprintf(mem_ctx, "%s$@%s", test_dc, nt4_domain);
475 /* variable nt4_domain includes a trailing \ */
476 user_principal_name_short[strlen(user_principal_name_short) - 1] = '\0';
477
478 service_principal_name = talloc_asprintf(mem_ctx, "HOST/%s", test_dc);
479 {
480
481 struct {
482 enum drsuapi_DsNameFormat format_offered;
483 enum drsuapi_DsNameFormat format_desired;
484 const char *comment;
485 const char *str;
486 const char *expected_str;
487 const char *expected_dns;
488 enum drsuapi_DsNameStatus status;
489 enum drsuapi_DsNameStatus alternate_status;
490 enum drsuapi_DsNameFlags flags;
491 bool skip;
492 } crack[] = {
493 {
494 .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
495 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
496 .str = user_principal_name,
497 .expected_str = FQDN_1779_name,
498 .status = DRSUAPI_DS_NAME_STATUS_OK
499 },
500 {
501 .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
502 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
503 .str = user_principal_name_short,
504 .expected_str = FQDN_1779_name,
505 .status = DRSUAPI_DS_NAME_STATUS_OK
506 },
507 {
508 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
509 .format_desired = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
510 .str = FQDN_1779_name,
511 .status = DRSUAPI_DS_NAME_STATUS_NO_MAPPING
512 },
513 {
514 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
515 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
516 .str = service_principal_name,
517 .expected_str = FQDN_1779_name,
518 .status = DRSUAPI_DS_NAME_STATUS_OK
519 },
520 {
521 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
522 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
523 .str = talloc_asprintf(mem_ctx, "cifs/%s.%s", test_dc, dns_domain),
524 .comment = "ServicePrincipal Name",
525 .expected_str = FQDN_1779_name,
526 .status = DRSUAPI_DS_NAME_STATUS_OK
527 },
528 {
529 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
530 .format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL,
531 .str = FQDN_1779_name,
532 .expected_str = canonical_name,
533 .status = DRSUAPI_DS_NAME_STATUS_OK
534 },
535 {
536 .format_offered = DRSUAPI_DS_NAME_FORMAT_CANONICAL,
537 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
538 .str = canonical_name,
539 .expected_str = FQDN_1779_name,
540 .status = DRSUAPI_DS_NAME_STATUS_OK
541 },
542 {
543 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
544 .format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX,
545 .str = FQDN_1779_name,
546 .expected_str = canonical_ex_name,
547 .status = DRSUAPI_DS_NAME_STATUS_OK
548 },
549 {
550 .format_offered = DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX,
551 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
552 .str = canonical_ex_name,
553 .expected_str = FQDN_1779_name,
554 .status = DRSUAPI_DS_NAME_STATUS_OK
555 },
556 {
557 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
558 .format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL,
559 .str = FQDN_1779_name,
560 .comment = "DN to cannoical syntactial only",
561 .status = DRSUAPI_DS_NAME_STATUS_OK,
562 .expected_str = canonical_name,
563 .flags = DRSUAPI_DS_NAME_FLAG_SYNTACTICAL_ONLY
564 },
565 {
566 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
567 .format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX,
568 .str = FQDN_1779_name,
569 .comment = "DN to cannoical EX syntactial only",
570 .status = DRSUAPI_DS_NAME_STATUS_OK,
571 .expected_str = canonical_ex_name,
572 .flags = DRSUAPI_DS_NAME_FLAG_SYNTACTICAL_ONLY
573 },
574 {
575 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
576 .format_desired = DRSUAPI_DS_NAME_FORMAT_DISPLAY,
577 .str = FQDN_1779_name,
578 .status = DRSUAPI_DS_NAME_STATUS_OK
579 },
580 {
581 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
582 .format_desired = DRSUAPI_DS_NAME_FORMAT_GUID,
583 .str = FQDN_1779_name,
584 .status = DRSUAPI_DS_NAME_STATUS_OK
585 },
586 {
587 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
588 .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
589 .str = priv->domain_guid_str,
590 .comment = "Domain GUID to NT4 ACCOUNT",
591 .expected_str = nt4_domain,
592 .status = DRSUAPI_DS_NAME_STATUS_OK
593 },
594 {
595 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
596 .format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL,
597 .str = priv->domain_guid_str,
598 .comment = "Domain GUID to Canonical",
599 .expected_str = talloc_asprintf(mem_ctx, "%s/", dns_domain),
600 .status = DRSUAPI_DS_NAME_STATUS_OK
601 },
602 {
603 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
604 .format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX,
605 .str = priv->domain_guid_str,
606 .comment = "Domain GUID to Canonical EX",
607 .expected_str = talloc_asprintf(mem_ctx, "%s\n", dns_domain),
608 .status = DRSUAPI_DS_NAME_STATUS_OK
609 },
610 {
611 .format_offered = DRSUAPI_DS_NAME_FORMAT_DISPLAY,
612 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
613 .str = "CN=Microsoft Corporation,L=Redmond,S=Washington,C=US",
614 .comment = "display name for Microsoft Support Account",
615 .status = DRSUAPI_DS_NAME_STATUS_OK,
616 .alternate_status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE,
617 .skip = torture_setting_bool(tctx, "samba4", false)
618 },
619 {
620 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
621 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
622 .str = GUID_string2(mem_ctx, torture_join_user_guid(priv->join)),
623 .comment = "Account GUID -> DN",
624 .expected_str = FQDN_1779_name,
625 .status = DRSUAPI_DS_NAME_STATUS_OK
626 },
627 {
628 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
629 .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
630 .str = GUID_string2(mem_ctx, torture_join_user_guid(priv->join)),
631 .comment = "Account GUID -> NT4 Account",
632 .expected_str = talloc_asprintf(mem_ctx, "%s%s$", nt4_domain, test_dc),
633 .status = DRSUAPI_DS_NAME_STATUS_OK
634 },
635 {
636 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
637 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
638 .str = GUID_string2(mem_ctx, &priv->dcinfo.site_guid),
639 .comment = "Site GUID",
640 .expected_str = priv->dcinfo.site_dn,
641 .status = DRSUAPI_DS_NAME_STATUS_OK
642 },
643 {
644 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
645 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
646 .str = GUID_string2(mem_ctx, &priv->dcinfo.computer_guid),
647 .comment = "Computer GUID",
648 .expected_str = priv->dcinfo.computer_dn,
649 .status = DRSUAPI_DS_NAME_STATUS_OK
650 },
651 {
652 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
653 .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
654 .str = GUID_string2(mem_ctx, &priv->dcinfo.computer_guid),
655 .comment = "Computer GUID -> NT4 Account",
656 .status = DRSUAPI_DS_NAME_STATUS_OK
657 },
658 {
659 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
660 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
661 .str = GUID_string2(mem_ctx, &priv->dcinfo.server_guid),
662 .comment = "Server GUID",
663 .expected_str = priv->dcinfo.server_dn,
664 .status = DRSUAPI_DS_NAME_STATUS_OK
665 },
666 {
667 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
668 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
669 .str = GUID_string2(mem_ctx, &priv->dcinfo.ntds_guid),
670 .comment = "NTDS GUID",
671 .expected_str = priv->dcinfo.ntds_dn,
672 .status = DRSUAPI_DS_NAME_STATUS_OK,
673 .skip = GUID_all_zero(&priv->dcinfo.ntds_guid)
674 },
675 {
676 .format_offered = DRSUAPI_DS_NAME_FORMAT_DISPLAY,
677 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
678 .str = test_dc,
679 .comment = "DISPLAY NAME search for DC short name",
680 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
681 },
682 {
683 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
684 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
685 .str = talloc_asprintf(mem_ctx, "krbtgt/%s", dns_domain),
686 .comment = "Looking for KRBTGT as a service principal",
687 .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY,
688 .expected_dns = dns_domain
689 },
690 {
691 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
692 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
693 .str = talloc_asprintf(mem_ctx, "bogus/%s", dns_domain),
694 .comment = "Looking for bogus service principal",
695 .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY,
696 .expected_dns = dns_domain
697 },
698 {
699 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
700 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
701 .str = talloc_asprintf(mem_ctx, "bogus/%s.%s", test_dc, dns_domain),
702 .comment = "Looking for bogus service on test DC",
703 .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY,
704 .expected_dns = talloc_asprintf(mem_ctx, "%s.%s", test_dc, dns_domain)
705 },
706 {
707 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
708 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
709 .str = talloc_asprintf(mem_ctx, "krbtgt"),
710 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
711 },
712 {
713 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
714 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
715 .comment = "Looking for the kadmin/changepw service as a service principal",
716 .str = talloc_asprintf(mem_ctx, "kadmin/changepw"),
717 .status = DRSUAPI_DS_NAME_STATUS_OK,
718 .expected_str = talloc_asprintf(mem_ctx, "CN=krbtgt,CN=Users,%s", realm_dn_str),
719 .alternate_status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
720 },
721 {
722 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
723 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
724 .str = talloc_asprintf(mem_ctx, "cifs/%s.%s@%s",
725 test_dc, dns_domain,
726 dns_domain),
727 .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY
728 },
729 {
730 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
731 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
732 .str = talloc_asprintf(mem_ctx, "cifs/%s.%s@%s",
733 test_dc, dns_domain,
734 "BOGUS"),
735 .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY,
736 .expected_dns = "BOGUS"
737 },
738 {
739 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
740 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
741 .str = talloc_asprintf(mem_ctx, "cifs/%s.%s@%s",
742 test_dc, "REALLY",
743 "BOGUS"),
744 .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY,
745 .expected_dns = "BOGUS"
746 },
747 {
748 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
749 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
750 .str = talloc_asprintf(mem_ctx, "cifs/%s.%s",
751 test_dc, dns_domain),
752 .status = DRSUAPI_DS_NAME_STATUS_OK
753 },
754 {
755 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
756 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
757 .str = talloc_asprintf(mem_ctx, "cifs/%s",
758 test_dc),
759 .status = DRSUAPI_DS_NAME_STATUS_OK
760 },
761 {
762 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
763 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
764 .str = "NOT A GUID",
765 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
766 },
767 {
768 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
769 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
770 .str = "NOT A SID",
771 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
772 },
773 {
774 .format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
775 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
776 .str = "NOT AN NT4 NAME",
777 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
778 },
779 {
780 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
781 .format_desired = DRSUAPI_DS_NAME_FORMAT_GUID,
782 .comment = "Unparsable DN",
783 .str = "NOT A DN",
784 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
785 },
786 {
787 .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
788 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
789 .comment = "Unparsable user principal",
790 .str = "NOT A PRINCIPAL",
791 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
792 },
793 {
794 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
795 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
796 .comment = "Unparsable service principal",
797 .str = "NOT A SERVICE PRINCIPAL",
798 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
799 },
800 {
801 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
802 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
803 .comment = "BIND GUID (ie, not in the directory)",
804 .str = DRSUAPI_DS_BIND_GUID,
805 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
806 },
807 {
808 .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
809 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
810 .comment = "Unqualified Machine account as user principal",
811 .str = talloc_asprintf(mem_ctx, "%s$", test_dc),
812 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
813 },
814 {
815 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
816 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
817 .comment = "Machine account as service principal",
818 .str = talloc_asprintf(mem_ctx, "%s$", test_dc),
819 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
820 },
821 {
822 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
823 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
824 .comment = "Full Machine account as service principal",
825 .str = user_principal_name,
826 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
827 },
828 {
829 .format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
830 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
831 .comment = "Realm as an NT4 domain lookup",
832 .str = talloc_asprintf(mem_ctx, "%s\\", dns_domain),
833 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
834 },
835 {
836 .format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
837 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
838 .comment = "BUILTIN\\ -> DN",
839 .str = "BUILTIN\\",
840 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
841 },
842 {
843 .format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
844 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
845 .comment = "NT AUTHORITY\\ -> DN",
846 .str = "NT AUTHORITY\\",
847 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
848 },
849 {
850 .format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
851 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
852 .comment = "NT AUTHORITY\\ANONYMOUS LOGON -> DN",
853 .str = "NT AUTHORITY\\ANONYMOUS LOGON",
854 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
855 },
856 {
857 .format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
858 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
859 .comment = "NT AUTHORITY\\SYSTEM -> DN",
860 .str = "NT AUTHORITY\\SYSTEM",
861 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
862 },
863 {
864 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
865 .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
866 .comment = "BUILTIN SID -> NT4 account",
867 .str = SID_BUILTIN,
868 .status = DRSUAPI_DS_NAME_STATUS_NO_MAPPING,
869 .alternate_status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
870 },
871 {
872 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
873 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
874 .str = SID_BUILTIN,
875 .comment = "Builtin Domain SID -> DN",
876 .status = DRSUAPI_DS_NAME_STATUS_OK,
877 .expected_str = talloc_asprintf(mem_ctx, "CN=Builtin,%s", realm_dn_str),
878 .alternate_status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
879 },
880 {
881 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
882 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
883 .str = SID_BUILTIN_ADMINISTRATORS,
884 .comment = "Builtin Administrors SID -> DN",
885 .status = DRSUAPI_DS_NAME_STATUS_OK,
886 .alternate_status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
887 },
888 {
889 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
890 .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
891 .str = SID_BUILTIN_ADMINISTRATORS,
892 .comment = "Builtin Administrors SID -> NT4 Account",
893 .status = DRSUAPI_DS_NAME_STATUS_OK,
894 .alternate_status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
895 },
896 {
897 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
898 .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
899 .str = SID_NT_ANONYMOUS,
900 .comment = "NT Anonymous SID -> NT4 Account",
901 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
902 },
903 {
904 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
905 .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
906 .str = SID_NT_SYSTEM,
907 .comment = "NT SYSTEM SID -> NT4 Account",
908 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
909 },
910 {
911 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
912 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
913 .comment = "Domain SID -> DN",
914 .str = dom_sid,
915 .expected_str = realm_dn_str,
916 .status = DRSUAPI_DS_NAME_STATUS_OK
917 },
918 {
919 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
920 .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
921 .comment = "Domain SID -> NT4 account",
922 .str = dom_sid,
923 .expected_str = nt4_domain,
924 .status = DRSUAPI_DS_NAME_STATUS_OK
925 },
926 {
927 .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
928 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
929 .comment = "invalid user principal name",
930 .str = "foo@bar",
931 .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY,
932 .expected_dns = "bar"
933 },
934 {
935 .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
936 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
937 .comment = "invalid user principal name in valid domain",
938 .str = talloc_asprintf(mem_ctx, "invalidusername@%s", dns_domain),
939 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
940 }
941 };
942 int i;
943
944 for (i=0; i < ARRAY_SIZE(crack); i++) {
945 const char *comment;
946
947 torture_comment(tctx, "Testing DsCrackNames with name '%s'"
948 " offered format: %d desired format:%d\n",
949 crack[i].str,
950 crack[i].format_offered,
951 crack[i].format_desired);
952
953 r.in.req->req1.format_flags = crack[i].flags;
954 r.in.req->req1.format_offered = crack[i].format_offered;
955 r.in.req->req1.format_desired = crack[i].format_desired;
956 names[0].str = crack[i].str;
957
958 if (crack[i].comment) {
959 comment = talloc_asprintf(mem_ctx,
960 "'%s' with name '%s' offered format:%d desired format:%d\n",
961 crack[i].comment, names[0].str,
962 r.in.req->req1.format_offered,
963 r.in.req->req1.format_desired);
964 } else {
965 comment = talloc_asprintf(mem_ctx, "'%s' offered format:%d desired format:%d\n",
966 names[0].str,
967 r.in.req->req1.format_offered,
968 r.in.req->req1.format_desired);
969 }
970 if (crack[i].skip) {
971 torture_comment(tctx, "skipping: %s", comment);
972 continue;
973 }
974 status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r);
975 if (!NT_STATUS_IS_OK(status)) {
976 const char *errstr = nt_errstr(status);
977 err_msg = talloc_asprintf(mem_ctx, "dcerpc_drsuapi_DsCrackNames failed - %s", errstr);
978 torture_fail(tctx, err_msg);
979 } else if (!W_ERROR_IS_OK(r.out.result)) {
980 err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed - %s", win_errstr(r.out.result));
981 torture_fail(tctx, err_msg);
982 } else if (r.out.ctr->ctr1->array[0].status != crack[i].status) {
983 if (crack[i].alternate_status) {
984 if (r.out.ctr->ctr1->array[0].status != crack[i].alternate_status) {
985 err_msg = talloc_asprintf(mem_ctx,
986 "DsCrackNames unexpected status %d, wanted %d or %d on: %s",
987 r.out.ctr->ctr1->array[0].status,
988 crack[i].status,
989 crack[i].alternate_status,
990 comment);
991 torture_fail(tctx, err_msg);
992 }
993 } else {
994 err_msg = talloc_asprintf(mem_ctx,
995 "DsCrackNames unexpected status %d, wanted %d on: %s\n",
996 r.out.ctr->ctr1->array[0].status,
997 crack[i].status,
998 comment);
999 torture_fail(tctx, err_msg);
1000 }
1001 } else if (crack[i].expected_str &&
1002 (!r.out.ctr->ctr1->count ||
1003 !r.out.ctr->ctr1->array[0].result_name))
1004 {
1005 if (!r.out.ctr->ctr1->count) {
1006 err_msg = talloc_asprintf(mem_ctx,
1007 "DsCrackNames failed - got 0 entries, expected %s on %s",
1008 crack[i].expected_str, comment);
1009 torture_fail(tctx, err_msg);
1010 } else {
1011 err_msg = talloc_asprintf(mem_ctx,
1012 "DsCrackNames failed - got NULL pointer, expected %s on %s",
1013 crack[i].expected_str, comment);
1014 torture_fail(tctx, err_msg);
1015 }
1016 } else if (crack[i].expected_str
1017 && (strcmp(r.out.ctr->ctr1->array[0].result_name,
1018 crack[i].expected_str) != 0))
1019 {
1020 if (strcasecmp(r.out.ctr->ctr1->array[0].result_name,
1021 crack[i].expected_str) != 0) {
1022 err_msg = talloc_asprintf(mem_ctx,
1023 "DsCrackNames failed - got %s, expected %s on %s",
1024 r.out.ctr->ctr1->array[0].result_name,
1025 crack[i].expected_str, comment);
1026 torture_fail(tctx, err_msg);
1027 } else {
1028 torture_comment(tctx,
1029 "(warning) DsCrackNames returned different case - got %s, expected %s on %s\n",
1030 r.out.ctr->ctr1->array[0].result_name,
1031 crack[i].expected_str, comment);
1032 }
1033 } else if (crack[i].expected_dns
1034 && (strcmp(r.out.ctr->ctr1->array[0].dns_domain_name,
1035 crack[i].expected_dns) != 0)) {
1036 err_msg = talloc_asprintf(mem_ctx,
1037 "DsCrackNames failed - got DNS name %s, expected %s on %s",
1038 r.out.ctr->ctr1->array[0].result_name,
1039 crack[i].expected_str, comment);
1040 torture_fail(tctx, err_msg);
1041 }
1042
1043 torture_comment(tctx, "Testing DsCrackNames got %s\n", r.out.ctr->ctr1->array[0].result_name);
1044 }
1045 }
1046
1047 return test_DsCrackNamesMatrix(tctx, priv, FQDN_1779_name,
1048 user_principal_name, service_principal_name);
1049 }
1050
1051 /**
1052 * Test case setup for CrackNames
1053 */
1054 static bool torture_drsuapi_cracknames_setup(struct torture_context *tctx, void **data)
1055 {
1056 struct DsCrackNamesPrivate *priv;
1057
1058 *data = priv = talloc_zero(tctx, struct DsCrackNamesPrivate);
1059
1060 return torture_drsuapi_tcase_setup_common(tctx, &priv->base);
1061 }
1062
1063 /**
1064 * Test case tear-down for CrackNames
1065 */
1066 static bool torture_drsuapi_cracknames_teardown(struct torture_context *tctx, void *data)
1067 {
1068 struct DsCrackNamesPrivate *priv = talloc_get_type(data, struct DsCrackNamesPrivate);
1069
1070 return torture_drsuapi_tcase_teardown_common(tctx, &priv->base);
1071 }
1072
1073 /**
1074 * CRACKNAMES test suite implementation
1075 */
1076 void torture_rpc_drsuapi_cracknames_tcase(struct torture_suite *suite)
1077 {
1078 typedef bool (*run_func) (struct torture_context *test, void *tcase_data);
1079
1080 struct torture_tcase *tcase = torture_suite_add_tcase(suite, "cracknames");
1081
1082 torture_tcase_set_fixture(tcase,
1083 torture_drsuapi_cracknames_setup,
1084 torture_drsuapi_cracknames_teardown);
1085
1086 torture_tcase_add_simple_test(tcase, "cracknames-test", (run_func)test_DsCrackNames);
1087 }
GSS-enabled samba4