LCOV - code coverage report
Current view: top level - source4/torture/rpc - drsuapi_cracknames.c (source / functions) Hit Total Coverage
Test: coverage report for v4-17-test 1498b464 Lines: 260 380 68.4 %
Date: 2024-06-13 04:01:37 Functions: 5 5 100.0 %

          Line data    Source code
       1             : /* 
       2             :    Unix SMB/CIFS implementation.
       3             : 
       4             :    DRSUapi tests
       5             : 
       6             :    Copyright (C) Andrew Tridgell 2003
       7             :    Copyright (C) Stefan (metze) Metzmacher 2004
       8             :    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
       9             : 
      10             :    This program is free software; you can redistribute it and/or modify
      11             :    it under the terms of the GNU General Public License as published by
      12             :    the Free Software Foundation; either version 3 of the License, or
      13             :    (at your option) any later version.
      14             :    
      15             :    This program is distributed in the hope that it will be useful,
      16             :    but WITHOUT ANY WARRANTY; without even the implied warranty of
      17             :    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      18             :    GNU General Public License for more details.
      19             :    
      20             :    You should have received a copy of the GNU General Public License
      21             :    along with this program.  If not, see <http://www.gnu.org/licenses/>.
      22             : */
      23             : 
      24             : #include "includes.h"
      25             : #include "librpc/gen_ndr/ndr_drsuapi_c.h"
      26             : #include "torture/rpc/torture_rpc.h"
      27             : #include <ldb.h>
      28             : #include "libcli/security/security.h"
      29             : 
      30             : #undef strcasecmp
      31             : 
      32             : struct DsCrackNamesPrivate {
      33             :         struct DsPrivate base;
      34             : 
      35             :         /* following names are used in Crack Names Matrix test */
      36             :         const char *fqdn_name;
      37             :         const char *user_principal_name;
      38             :         const char *service_principal_name;
      39             : };
      40             : 
      41           2 : static bool test_DsCrackNamesMatrix(struct torture_context *tctx,
      42             :                                     struct DsPrivate *priv, const char *dn,
      43             :                                     const char *user_principal_name, const char *service_principal_name)
      44             : {
      45             :         NTSTATUS status;
      46             :         const char *err_msg;
      47             :         struct drsuapi_DsCrackNames r;
      48             :         union drsuapi_DsNameRequest req;
      49             :         uint32_t level_out;
      50             :         union drsuapi_DsNameCtr ctr;
      51           2 :         struct dcerpc_pipe *p = priv->drs_pipe;
      52           2 :         TALLOC_CTX *mem_ctx = priv;
      53             : 
      54           2 :         enum drsuapi_DsNameFormat formats[] = {
      55             :                 DRSUAPI_DS_NAME_FORMAT_UNKNOWN,
      56             :                 DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
      57             :                 DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
      58             :                 DRSUAPI_DS_NAME_FORMAT_DISPLAY,
      59             :                 DRSUAPI_DS_NAME_FORMAT_GUID,
      60             :                 DRSUAPI_DS_NAME_FORMAT_CANONICAL,
      61             :                 DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
      62             :                 DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX,
      63             :                 DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
      64             :                 DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
      65             :                 DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN
      66             :         };
      67             :         struct drsuapi_DsNameString names[ARRAY_SIZE(formats)];
      68             :         int i, j;
      69             : 
      70             :         const char *n_matrix[ARRAY_SIZE(formats)][ARRAY_SIZE(formats)];
      71             :         const char *n_from[ARRAY_SIZE(formats)];
      72             : 
      73           2 :         ZERO_STRUCT(r);
      74           2 :         r.in.bind_handle                = &priv->bind_handle;
      75           2 :         r.in.level                      = 1;
      76           2 :         r.in.req                        = &req;
      77           2 :         r.in.req->req1.codepage              = 1252; /* german */
      78           2 :         r.in.req->req1.language              = 0x00000407; /* german */
      79           2 :         r.in.req->req1.count         = 1;
      80           2 :         r.in.req->req1.names         = names;
      81           2 :         r.in.req->req1.format_flags  = DRSUAPI_DS_NAME_FLAG_NO_FLAGS;
      82             : 
      83           2 :         r.out.level_out                 = &level_out;
      84           2 :         r.out.ctr                       = &ctr;
      85             : 
      86           2 :         n_matrix[0][0] = dn;
      87             : 
      88          24 :         for (i = 0; i < ARRAY_SIZE(formats); i++) {
      89          22 :                 r.in.req->req1.format_offered        = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
      90          22 :                 r.in.req->req1.format_desired        = formats[i];
      91          22 :                 names[0].str = dn;
      92          22 :                 torture_comment(tctx, "Testing DsCrackNames (matrix prep) with name '%s'"
      93             :                                       " offered format: %d desired format:%d\n",
      94             :                                 names[0].str,
      95          22 :                                 r.in.req->req1.format_offered,
      96          22 :                                 r.in.req->req1.format_desired);
      97          22 :                 status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r);
      98          22 :                 if (!NT_STATUS_IS_OK(status)) {
      99           0 :                         const char *errstr = nt_errstr(status);
     100           0 :                         err_msg = talloc_asprintf(mem_ctx,
     101             :                                         "testing DsCrackNames (matrix prep) with name '%s' from format: %d desired format:%d failed - %s",
     102           0 :                                         names[0].str, r.in.req->req1.format_offered, r.in.req->req1.format_desired, errstr);
     103           0 :                         torture_fail(tctx, err_msg);
     104          22 :                 } else if (!W_ERROR_IS_OK(r.out.result)) {
     105           0 :                         err_msg = talloc_asprintf(mem_ctx,
     106             :                                         "testing DsCrackNames (matrix prep) with name '%s' from format: %d desired format:%d failed - %s",
     107           0 :                                names[0].str, r.in.req->req1.format_offered, r.in.req->req1.format_desired, win_errstr(r.out.result));
     108           0 :                         torture_fail(tctx, err_msg);
     109             :                 }
     110             :                         
     111          22 :                 switch (formats[i]) {
     112           2 :                 case DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL:  
     113           2 :                         if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE) {
     114           0 :                                 err_msg = talloc_asprintf(mem_ctx,
     115             :                                                 "Unexpected error (%d): This name lookup should fail",
     116           0 :                                                 r.out.ctr->ctr1->array[0].status);
     117           0 :                                 torture_fail(tctx, err_msg);
     118             :                         }
     119           2 :                         torture_comment(tctx, __location__ ": (expected) error\n");
     120           2 :                         break;
     121           2 :                 case DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL:
     122           2 :                         if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_NO_MAPPING) {
     123           0 :                                 err_msg = talloc_asprintf(mem_ctx,
     124             :                                                 "Unexpected error (%d): This name lookup should fail",
     125           0 :                                                 r.out.ctr->ctr1->array[0].status);
     126           0 :                                 torture_fail(tctx, err_msg);
     127             :                         }
     128           2 :                         torture_comment(tctx, __location__ ": (expected) error\n");
     129           2 :                         break;
     130           4 :                 case DRSUAPI_DS_NAME_FORMAT_UNKNOWN:    /* should fail as we ask server to convert to Unknown format */
     131             :                 case DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN: 
     132           4 :                         if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR) {
     133           0 :                                 err_msg = talloc_asprintf(mem_ctx,
     134             :                                                 "Unexpected error (%d): This name lookup should fail",
     135           0 :                                                 r.out.ctr->ctr1->array[0].status);
     136           0 :                                 torture_fail(tctx, err_msg);
     137             :                         }
     138           4 :                         torture_comment(tctx, __location__ ": (expected) error\n");
     139           4 :                         break;
     140          14 :                 default:
     141          14 :                         if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
     142           0 :                                 err_msg = talloc_asprintf(mem_ctx,
     143             :                                                 "DsCrackNames error: %d",
     144           0 :                                                 r.out.ctr->ctr1->array[0].status);
     145           0 :                                 torture_fail(tctx, err_msg);
     146             :                         }
     147          14 :                         break;
     148             :                 }
     149             : 
     150          22 :                 switch (formats[i]) {
     151           2 :                 case DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL:
     152           2 :                         n_from[i] = user_principal_name;
     153           2 :                         break;
     154           2 :                 case DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL:  
     155           2 :                         n_from[i] = service_principal_name;
     156           2 :                         break;
     157           4 :                 case DRSUAPI_DS_NAME_FORMAT_UNKNOWN:
     158             :                 case DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN: 
     159           4 :                         n_from[i] = NULL;
     160           4 :                         break;
     161          14 :                 default:
     162          14 :                         n_from[i] = r.out.ctr->ctr1->array[0].result_name;
     163          14 :                         printf("%s\n", n_from[i]);
     164          14 :                         break;
     165             :                 }
     166             :         }
     167             : 
     168          24 :         for (i = 0; i < ARRAY_SIZE(formats); i++) {
     169         264 :                 for (j = 0; j < ARRAY_SIZE(formats); j++) {
     170         242 :                         r.in.req->req1.format_offered        = formats[i];
     171         242 :                         r.in.req->req1.format_desired        = formats[j];
     172         242 :                         if (!n_from[i]) {
     173          44 :                                 n_matrix[i][j] = NULL;
     174          44 :                                 continue;
     175             :                         }
     176         198 :                         names[0].str = n_from[i];
     177         198 :                         status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r);
     178         198 :                         if (!NT_STATUS_IS_OK(status)) {
     179           0 :                                 const char *errstr = nt_errstr(status);
     180           0 :                                 err_msg = talloc_asprintf(mem_ctx,
     181             :                                                 "testing DsCrackNames (matrix) with name '%s' from format: %d desired format:%d failed - %s",
     182           0 :                                                 names[0].str, r.in.req->req1.format_offered, r.in.req->req1.format_desired, errstr);
     183           0 :                                 torture_fail(tctx, err_msg);
     184         198 :                         } else if (!W_ERROR_IS_OK(r.out.result)) {
     185           0 :                                 err_msg = talloc_asprintf(mem_ctx,
     186             :                                                 "testing DsCrackNames (matrix) with name '%s' from format: %d desired format:%d failed - %s",
     187           0 :                                                 names[0].str, r.in.req->req1.format_offered, r.in.req->req1.format_desired,
     188             :                                                 win_errstr(r.out.result));
     189           0 :                                 torture_fail(tctx, err_msg);
     190             :                         }
     191             :                         
     192         198 :                         if (r.out.ctr->ctr1->array[0].status == DRSUAPI_DS_NAME_STATUS_OK) {
     193         126 :                                 n_matrix[i][j] = r.out.ctr->ctr1->array[0].result_name;
     194             :                         } else {
     195          72 :                                 n_matrix[i][j] = NULL;
     196             :                         }
     197             :                 }
     198             :         }
     199             : 
     200          24 :         for (i = 0; i < ARRAY_SIZE(formats); i++) {
     201         264 :                 for (j = 0; j < ARRAY_SIZE(formats); j++) {
     202         484 :                         torture_comment(tctx, "Converting %s (format %d)"
     203             :                                                 " to %d gave %s\n",
     204         242 :                                         n_from[i] == NULL ? "NULL" : n_from[i],
     205         242 :                                         formats[i], formats[j],
     206         242 :                                         n_matrix[i][j] == NULL ?
     207             :                                                 "NULL" : n_matrix[i][j]);
     208             : 
     209         242 :                         if (n_matrix[i][j] == n_from[j]) {
     210             :                                 
     211             :                         /* We don't have a from name for these yet (and we can't map to them to find it out) */
     212         198 :                         } else if (n_matrix[i][j] == NULL && n_from[i] == NULL) {
     213             :                                 
     214             :                         /* we can't map to these two */
     215         162 :                         } else if (n_matrix[i][j] == NULL && formats[j] == DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL) {
     216         144 :                         } else if (n_matrix[i][j] == NULL && formats[j] == DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL) {
     217         126 :                         } else if (n_matrix[i][j] == NULL && n_from[j] != NULL) {
     218           0 :                                 err_msg = talloc_asprintf(mem_ctx,
     219             :                                                 "dcerpc_drsuapi_DsCrackNames mismatch - from %d to %d: should be %s",
     220           0 :                                                 formats[i], formats[j], n_from[j]);
     221           0 :                                 torture_fail(tctx, err_msg);
     222         126 :                         } else if (n_matrix[i][j] != NULL && n_from[j] == NULL) {
     223           0 :                                 err_msg = talloc_asprintf(mem_ctx,
     224             :                                                 "dcerpc_drsuapi_DsCrackNames mismatch - from %d to %d: should be %s",
     225           0 :                                                 formats[i], formats[j], n_matrix[i][j]);
     226           0 :                                 torture_fail(tctx, err_msg);
     227         126 :                         } else if (strcmp(n_matrix[i][j], n_from[j]) != 0) {
     228           0 :                                 err_msg = talloc_asprintf(mem_ctx,
     229             :                                                 "dcerpc_drsuapi_DsCrackNames mismatch - from %d to %d: %s should be %s",
     230           0 :                                                 formats[i], formats[j], n_matrix[i][j], n_from[j]);
     231           0 :                                 torture_fail(tctx, err_msg);
     232             :                         }
     233             :                 }
     234             :         }
     235             : 
     236           2 :         return true;
     237             : }
     238             : 
     239           2 : bool test_DsCrackNames(struct torture_context *tctx,
     240             :                        struct DsPrivate *priv)
     241             : {
     242             :         NTSTATUS status;
     243             :         const char *err_msg;
     244             :         struct drsuapi_DsCrackNames r;
     245             :         union drsuapi_DsNameRequest req;
     246             :         uint32_t level_out;
     247             :         union drsuapi_DsNameCtr ctr;
     248             :         struct drsuapi_DsNameString names[1];
     249             :         const char *dns_domain;
     250             :         const char *nt4_domain;
     251             :         const char *FQDN_1779_name;
     252             :         struct ldb_context *ldb;
     253             :         struct ldb_dn *FQDN_1779_dn;
     254             :         struct ldb_dn *realm_dn;
     255             :         const char *realm_dn_str;
     256             :         const char *realm_canonical;
     257             :         const char *realm_canonical_ex;
     258             :         const char *user_principal_name;
     259             :         char *user_principal_name_short;
     260             :         const char *service_principal_name;
     261             :         const char *canonical_name;
     262             :         const char *canonical_ex_name;
     263             :         const char *dom_sid;
     264           2 :         const char *test_dc = torture_join_netbios_name(priv->join);
     265           2 :         struct dcerpc_pipe *p = priv->drs_pipe;
     266           2 :         TALLOC_CTX *mem_ctx = priv;
     267             : 
     268           2 :         ZERO_STRUCT(r);
     269           2 :         r.in.bind_handle                = &priv->bind_handle;
     270           2 :         r.in.level                      = 1;
     271           2 :         r.in.req                        = &req;
     272           2 :         r.in.req->req1.codepage              = 1252; /* german */
     273           2 :         r.in.req->req1.language              = 0x00000407; /* german */
     274           2 :         r.in.req->req1.count         = 1;
     275           2 :         r.in.req->req1.names         = names;
     276           2 :         r.in.req->req1.format_flags  = DRSUAPI_DS_NAME_FLAG_NO_FLAGS;
     277             : 
     278           2 :         r.in.req->req1.format_offered        = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY;
     279           2 :         r.in.req->req1.format_desired        = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT;
     280             : 
     281           2 :         r.out.level_out                 = &level_out;
     282           2 :         r.out.ctr                       = &ctr;
     283             : 
     284           2 :         dom_sid = dom_sid_string(mem_ctx, torture_join_sid(priv->join));
     285             :         
     286           2 :         names[0].str = dom_sid;
     287             : 
     288           2 :         torture_comment(tctx, "Testing DsCrackNames with name '%s'"
     289             :                               " offered format: %d desired format:%d\n",
     290             :                         names[0].str,
     291           2 :                         r.in.req->req1.format_offered,
     292           2 :                         r.in.req->req1.format_desired);
     293             : 
     294           2 :         status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r);
     295           2 :         if (!NT_STATUS_IS_OK(status)) {
     296           0 :                 const char *errstr = nt_errstr(status);
     297           0 :                 err_msg = talloc_asprintf(mem_ctx, "dcerpc_drsuapi_DsCrackNames failed - %s", errstr);
     298           0 :                 torture_fail(tctx, err_msg);
     299           2 :         } else if (!W_ERROR_IS_OK(r.out.result)) {
     300           0 :                 err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed - %s", win_errstr(r.out.result));
     301           0 :                 torture_fail(tctx, err_msg);
     302           2 :         } else if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
     303           0 :                 err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed on name - %d",
     304           0 :                                           r.out.ctr->ctr1->array[0].status);
     305           0 :                 torture_fail(tctx, err_msg);
     306             :         }
     307             : 
     308           2 :         dns_domain = r.out.ctr->ctr1->array[0].dns_domain_name;
     309           2 :         nt4_domain = r.out.ctr->ctr1->array[0].result_name;
     310             : 
     311           2 :         r.in.req->req1.format_desired        = DRSUAPI_DS_NAME_FORMAT_GUID;
     312             : 
     313           2 :         torture_comment(tctx, "Testing DsCrackNames with name '%s'"
     314             :                               " offered format: %d desired format:%d\n",
     315             :                         names[0].str,
     316           2 :                         r.in.req->req1.format_offered,
     317           2 :                         r.in.req->req1.format_desired);
     318             : 
     319           2 :         status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r);
     320           2 :         if (!NT_STATUS_IS_OK(status)) {
     321           0 :                 const char *errstr = nt_errstr(status);
     322           0 :                 err_msg = talloc_asprintf(mem_ctx, "dcerpc_drsuapi_DsCrackNames failed - %s", errstr);
     323           0 :                 torture_fail(tctx, err_msg);
     324           2 :         } else if (!W_ERROR_IS_OK(r.out.result)) {
     325           0 :                 err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed - %s", win_errstr(r.out.result));
     326           0 :                 torture_fail(tctx, err_msg);
     327           2 :         } else if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
     328           0 :                 err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed on name - %d",
     329           0 :                                           r.out.ctr->ctr1->array[0].status);
     330           0 :                 torture_fail(tctx, err_msg);
     331             :         }
     332             : 
     333           2 :         priv->domain_dns_name = r.out.ctr->ctr1->array[0].dns_domain_name;
     334           2 :         priv->domain_guid_str = r.out.ctr->ctr1->array[0].result_name;
     335           2 :         GUID_from_string(priv->domain_guid_str, &priv->domain_guid);
     336             : 
     337           2 :         r.in.req->req1.format_desired        = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
     338             : 
     339           2 :         torture_comment(tctx, "Testing DsCrackNames with name '%s'"
     340             :                               " offered format: %d desired format:%d\n",
     341             :                         names[0].str,
     342           2 :                         r.in.req->req1.format_offered,
     343           2 :                         r.in.req->req1.format_desired);
     344             : 
     345           2 :         status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r);
     346           2 :         if (!NT_STATUS_IS_OK(status)) {
     347           0 :                 const char *errstr = nt_errstr(status);
     348           0 :                 err_msg = talloc_asprintf(mem_ctx, "dcerpc_drsuapi_DsCrackNames failed - %s", errstr);
     349           0 :                 torture_fail(tctx, err_msg);
     350           2 :         } else if (!W_ERROR_IS_OK(r.out.result)) {
     351           0 :                 err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed - %s", win_errstr(r.out.result));
     352           0 :                 torture_fail(tctx, err_msg);
     353           2 :         } else if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
     354           0 :                 err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed on name - %d",
     355           0 :                                           r.out.ctr->ctr1->array[0].status);
     356           0 :                 torture_fail(tctx, err_msg);
     357             :         }
     358             : 
     359           2 :         ldb = ldb_init(mem_ctx, tctx->ev);
     360             :         
     361           2 :         realm_dn_str = r.out.ctr->ctr1->array[0].result_name;
     362           2 :         realm_dn =  ldb_dn_new(mem_ctx, ldb, realm_dn_str);
     363           2 :         realm_canonical = ldb_dn_canonical_string(mem_ctx, realm_dn);
     364             : 
     365           2 :         if (strcmp(realm_canonical,
     366           2 :                    talloc_asprintf(mem_ctx, "%s/", dns_domain))!= 0) {
     367           0 :                 err_msg = talloc_asprintf(mem_ctx, "local Round trip on canonical name failed: %s != %s!",
     368             :                                           realm_canonical,
     369             :                                           talloc_asprintf(mem_ctx, "%s/", dns_domain));
     370           0 :                 torture_fail(tctx, err_msg);
     371             :         };
     372             : 
     373           2 :         realm_canonical_ex = ldb_dn_canonical_ex_string(mem_ctx, realm_dn);
     374             : 
     375           2 :         if (strcmp(realm_canonical_ex, 
     376           2 :                    talloc_asprintf(mem_ctx, "%s\n", dns_domain))!= 0) {
     377           0 :                 err_msg = talloc_asprintf(mem_ctx, "local Round trip on canonical ex name failed: %s != %s!",
     378             :                                           realm_canonical_ex,
     379             :                                           talloc_asprintf(mem_ctx, "%s\n", dns_domain));
     380           0 :                 torture_fail(tctx, err_msg);
     381             :         };
     382             : 
     383           2 :         r.in.req->req1.format_offered        = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT;
     384           2 :         r.in.req->req1.format_desired        = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
     385           2 :         names[0].str = nt4_domain;
     386             : 
     387           2 :         torture_comment(tctx, "Testing DsCrackNames with name '%s'"
     388             :                               " offered format: %d desired format:%d\n",
     389             :                         names[0].str,
     390           2 :                         r.in.req->req1.format_offered,
     391           2 :                         r.in.req->req1.format_desired);
     392             : 
     393           2 :         status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r);
     394           2 :         if (!NT_STATUS_IS_OK(status)) {
     395           0 :                 const char *errstr = nt_errstr(status);
     396           0 :                 err_msg = talloc_asprintf(mem_ctx, "dcerpc_drsuapi_DsCrackNames failed - %s", errstr);
     397           0 :                 torture_fail(tctx, err_msg);
     398           2 :         } else if (!W_ERROR_IS_OK(r.out.result)) {
     399           0 :                 err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed - %s", win_errstr(r.out.result));
     400           0 :                 torture_fail(tctx, err_msg);
     401           2 :         } else if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
     402           0 :                 err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed on name - %d",
     403           0 :                                           r.out.ctr->ctr1->array[0].status);
     404           0 :                 torture_fail(tctx, err_msg);
     405             :         }
     406             : 
     407           2 :         priv->domain_obj_dn = r.out.ctr->ctr1->array[0].result_name;
     408             : 
     409           2 :         r.in.req->req1.format_offered        = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT;
     410           2 :         r.in.req->req1.format_desired        = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
     411           2 :         names[0].str = talloc_asprintf(mem_ctx, "%s%s$", nt4_domain, test_dc);
     412             : 
     413           2 :         torture_comment(tctx, "Testing DsCrackNames with name '%s'"
     414             :                               " offered format: %d desired format:%d\n",
     415             :                         names[0].str,
     416           2 :                         r.in.req->req1.format_offered,
     417           2 :                         r.in.req->req1.format_desired);
     418             : 
     419           2 :         status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r);
     420           2 :         if (!NT_STATUS_IS_OK(status)) {
     421           0 :                 const char *errstr = nt_errstr(status);
     422           0 :                 err_msg = talloc_asprintf(mem_ctx, "dcerpc_drsuapi_DsCrackNames failed - %s", errstr);
     423           0 :                 torture_fail(tctx, err_msg);
     424           2 :         } else if (!W_ERROR_IS_OK(r.out.result)) {
     425           0 :                 err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed - %s", win_errstr(r.out.result));
     426           0 :                 torture_fail(tctx, err_msg);
     427           2 :         } else if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
     428           0 :                 err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed on name - %d",
     429           0 :                                           r.out.ctr->ctr1->array[0].status);
     430           0 :                 torture_fail(tctx, err_msg);
     431             :         }
     432             : 
     433           2 :         FQDN_1779_name = r.out.ctr->ctr1->array[0].result_name;
     434             : 
     435           2 :         r.in.req->req1.format_offered        = DRSUAPI_DS_NAME_FORMAT_GUID;
     436           2 :         r.in.req->req1.format_desired        = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
     437           2 :         names[0].str = priv->domain_guid_str;
     438             : 
     439           2 :         torture_comment(tctx, "Testing DsCrackNames with name '%s'"
     440             :                               " offered format: %d desired format:%d\n",
     441             :                         names[0].str,
     442           2 :                         r.in.req->req1.format_offered,
     443           2 :                         r.in.req->req1.format_desired);
     444             : 
     445           2 :         status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r);
     446           2 :         if (!NT_STATUS_IS_OK(status)) {
     447           0 :                 const char *errstr = nt_errstr(status);
     448           0 :                 err_msg = talloc_asprintf(mem_ctx, "dcerpc_drsuapi_DsCrackNames failed - %s", errstr);
     449           0 :                 torture_fail(tctx, err_msg);
     450           2 :         } else if (!W_ERROR_IS_OK(r.out.result)) {
     451           0 :                 err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed - %s", win_errstr(r.out.result));
     452           0 :                 torture_fail(tctx, err_msg);
     453           2 :         } else if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
     454           0 :                 err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed on name - %d",
     455           0 :                                           r.out.ctr->ctr1->array[0].status);
     456           0 :                 torture_fail(tctx, err_msg);
     457             :         }
     458             : 
     459           2 :         if (strcmp(priv->domain_dns_name, r.out.ctr->ctr1->array[0].dns_domain_name) != 0) {
     460           0 :                 err_msg = talloc_asprintf(mem_ctx,
     461             :                                 "DsCrackNames failed to return same DNS name - expected %s got %s",
     462           0 :                                 priv->domain_dns_name, r.out.ctr->ctr1->array[0].dns_domain_name);
     463           0 :                 torture_fail(tctx, err_msg);
     464             :         }
     465             : 
     466           2 :         FQDN_1779_dn = ldb_dn_new(mem_ctx, ldb, FQDN_1779_name);
     467             : 
     468           2 :         canonical_name = ldb_dn_canonical_string(mem_ctx, FQDN_1779_dn);
     469           2 :         canonical_ex_name = ldb_dn_canonical_ex_string(mem_ctx, FQDN_1779_dn);
     470             : 
     471           2 :         user_principal_name = talloc_asprintf(mem_ctx, "%s$@%s", test_dc, dns_domain);
     472             : 
     473             :         /* form up a user@DOMAIN */
     474           2 :         user_principal_name_short = talloc_asprintf(mem_ctx, "%s$@%s", test_dc, nt4_domain);
     475             :         /* variable nt4_domain includs a trailing \ */
     476           2 :         user_principal_name_short[strlen(user_principal_name_short) - 1] = '\0';
     477             :         
     478           2 :         service_principal_name = talloc_asprintf(mem_ctx, "HOST/%s", test_dc);
     479             :         {
     480             :                 
     481             :                 struct {
     482             :                         enum drsuapi_DsNameFormat format_offered;
     483             :                         enum drsuapi_DsNameFormat format_desired;
     484             :                         const char *comment;
     485             :                         const char *str;
     486             :                         const char *expected_str;
     487             :                         const char *expected_dns;
     488             :                         enum drsuapi_DsNameStatus status;
     489             :                         enum drsuapi_DsNameStatus alternate_status;
     490             :                         enum drsuapi_DsNameFlags flags;
     491             :                         bool skip;
     492          76 :                 } crack[] = {
     493             :                         {
     494             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
     495             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
     496             :                                 .str = user_principal_name,
     497             :                                 .expected_str = FQDN_1779_name,
     498             :                                 .status = DRSUAPI_DS_NAME_STATUS_OK
     499             :                         },
     500             :                         {
     501             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
     502             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
     503             :                                 .str = user_principal_name_short,
     504             :                                 .expected_str = FQDN_1779_name,
     505             :                                 .status = DRSUAPI_DS_NAME_STATUS_OK
     506             :                         },
     507             :                         {
     508             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
     509             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
     510             :                                 .str = FQDN_1779_name,
     511             :                                 .status = DRSUAPI_DS_NAME_STATUS_NO_MAPPING
     512             :                         },
     513             :                         {
     514             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
     515             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
     516             :                                 .str = service_principal_name,
     517             :                                 .expected_str = FQDN_1779_name,
     518             :                                 .status = DRSUAPI_DS_NAME_STATUS_OK
     519             :                         },
     520             :                         {
     521             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
     522             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
     523           2 :                                 .str = talloc_asprintf(mem_ctx, "cifs/%s.%s", test_dc, dns_domain),
     524             :                                 .comment = "ServicePrincipal Name",
     525             :                                 .expected_str = FQDN_1779_name,
     526             :                                 .status = DRSUAPI_DS_NAME_STATUS_OK
     527             :                         },
     528             :                         {
     529             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
     530             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL,
     531             :                                 .str = FQDN_1779_name,
     532             :                                 .expected_str = canonical_name,
     533             :                                 .status = DRSUAPI_DS_NAME_STATUS_OK
     534             :                         },
     535             :                         {
     536             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_CANONICAL, 
     537             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
     538             :                                 .str = canonical_name,
     539             :                                 .expected_str = FQDN_1779_name,
     540             :                                 .status = DRSUAPI_DS_NAME_STATUS_OK
     541             :                         },
     542             :                         {
     543             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
     544             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX,
     545             :                                 .str = FQDN_1779_name,
     546             :                                 .expected_str = canonical_ex_name,
     547             :                                 .status = DRSUAPI_DS_NAME_STATUS_OK
     548             :                         },
     549             :                         {
     550             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX, 
     551             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
     552             :                                 .str = canonical_ex_name,
     553             :                                 .expected_str = FQDN_1779_name,
     554             :                                 .status = DRSUAPI_DS_NAME_STATUS_OK
     555             :                         },
     556             :                         {
     557             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
     558             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL,
     559             :                                 .str = FQDN_1779_name,
     560             :                                 .comment = "DN to cannoical syntactial only",
     561             :                                 .status = DRSUAPI_DS_NAME_STATUS_OK,
     562             :                                 .expected_str = canonical_name,
     563             :                                 .flags = DRSUAPI_DS_NAME_FLAG_SYNTACTICAL_ONLY
     564             :                         },
     565             :                         {
     566             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
     567             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX,
     568             :                                 .str = FQDN_1779_name,
     569             :                                 .comment = "DN to cannoical EX syntactial only",
     570             :                                 .status = DRSUAPI_DS_NAME_STATUS_OK,
     571             :                                 .expected_str = canonical_ex_name,
     572             :                                 .flags = DRSUAPI_DS_NAME_FLAG_SYNTACTICAL_ONLY
     573             :                         },
     574             :                         {
     575             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
     576             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_DISPLAY,
     577             :                                 .str = FQDN_1779_name,
     578             :                                 .status = DRSUAPI_DS_NAME_STATUS_OK
     579             :                         },
     580             :                         {
     581             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
     582             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_GUID,
     583             :                                 .str = FQDN_1779_name,
     584             :                                 .status = DRSUAPI_DS_NAME_STATUS_OK
     585             :                         },
     586             :                         {
     587             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
     588             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
     589           2 :                                 .str = priv->domain_guid_str,
     590             :                                 .comment = "Domain GUID to NT4 ACCOUNT",
     591             :                                 .expected_str = nt4_domain,
     592             :                                 .status = DRSUAPI_DS_NAME_STATUS_OK
     593             :                         },
     594             :                         {
     595             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
     596             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL,
     597           2 :                                 .str = priv->domain_guid_str,
     598             :                                 .comment = "Domain GUID to Canonical",
     599           2 :                                 .expected_str = talloc_asprintf(mem_ctx, "%s/", dns_domain),
     600             :                                 .status = DRSUAPI_DS_NAME_STATUS_OK
     601             :                         },
     602             :                         {
     603             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
     604             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX,
     605           2 :                                 .str = priv->domain_guid_str,
     606             :                                 .comment = "Domain GUID to Canonical EX",
     607           2 :                                 .expected_str = talloc_asprintf(mem_ctx, "%s\n", dns_domain),
     608             :                                 .status = DRSUAPI_DS_NAME_STATUS_OK
     609             :                         },
     610             :                         {
     611             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_DISPLAY,
     612             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
     613             :                                 .str = "CN=Microsoft Corporation,L=Redmond,S=Washington,C=US",
     614             :                                 .comment = "display name for Microsoft Support Account",
     615             :                                 .status = DRSUAPI_DS_NAME_STATUS_OK,
     616             :                                 .alternate_status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE,
     617           2 :                                 .skip = torture_setting_bool(tctx, "samba4", false)
     618             :                         },
     619             :                         {
     620             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
     621             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
     622           2 :                                 .str = GUID_string2(mem_ctx, torture_join_user_guid(priv->join)),
     623             :                                 .comment = "Account GUID -> DN",
     624             :                                 .expected_str = FQDN_1779_name,
     625             :                                 .status = DRSUAPI_DS_NAME_STATUS_OK
     626             :                         },
     627             :                         {
     628             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
     629             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
     630           2 :                                 .str = GUID_string2(mem_ctx, torture_join_user_guid(priv->join)),
     631             :                                 .comment = "Account GUID -> NT4 Account",
     632           2 :                                 .expected_str = talloc_asprintf(mem_ctx, "%s%s$", nt4_domain, test_dc),
     633             :                                 .status = DRSUAPI_DS_NAME_STATUS_OK
     634             :                         },
     635             :                         {               
     636             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
     637             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
     638           2 :                                 .str = GUID_string2(mem_ctx, &priv->dcinfo.site_guid),
     639             :                                 .comment = "Site GUID",
     640           2 :                                 .expected_str = priv->dcinfo.site_dn,
     641             :                                 .status = DRSUAPI_DS_NAME_STATUS_OK
     642             :                         },
     643             :                         {
     644             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
     645             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
     646           2 :                                 .str = GUID_string2(mem_ctx, &priv->dcinfo.computer_guid),
     647             :                                 .comment = "Computer GUID",
     648           2 :                                 .expected_str = priv->dcinfo.computer_dn,
     649             :                                 .status = DRSUAPI_DS_NAME_STATUS_OK
     650             :                         },
     651             :                         {
     652             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
     653             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
     654           2 :                                 .str = GUID_string2(mem_ctx, &priv->dcinfo.computer_guid),
     655             :                                 .comment = "Computer GUID -> NT4 Account",
     656             :                                 .status = DRSUAPI_DS_NAME_STATUS_OK
     657             :                         },
     658             :                         {
     659             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
     660             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
     661           2 :                                 .str = GUID_string2(mem_ctx, &priv->dcinfo.server_guid),
     662             :                                 .comment = "Server GUID",
     663           2 :                                 .expected_str = priv->dcinfo.server_dn,
     664             :                                 .status = DRSUAPI_DS_NAME_STATUS_OK
     665             :                         },
     666             :                         {
     667             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
     668             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
     669           2 :                                 .str = GUID_string2(mem_ctx, &priv->dcinfo.ntds_guid),
     670             :                                 .comment = "NTDS GUID",
     671           2 :                                 .expected_str = priv->dcinfo.ntds_dn,
     672             :                                 .status = DRSUAPI_DS_NAME_STATUS_OK,
     673           2 :                                 .skip = GUID_all_zero(&priv->dcinfo.ntds_guid)
     674             :                         },
     675             :                         {
     676             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_DISPLAY,
     677             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
     678             :                                 .str = test_dc,
     679             :                                 .comment = "DISPLAY NAME search for DC short name",
     680             :                                 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
     681             :                         },
     682             :                         {
     683             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
     684             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
     685           2 :                                 .str = talloc_asprintf(mem_ctx, "krbtgt/%s", dns_domain),
     686             :                                 .comment = "Looking for KRBTGT as a service principal",
     687             :                                 .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY,
     688             :                                 .expected_dns = dns_domain
     689             :                         },
     690             :                         {
     691             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
     692             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
     693           2 :                                 .str = talloc_asprintf(mem_ctx, "bogus/%s", dns_domain),
     694             :                                 .comment = "Looking for bogus service principal",
     695             :                                 .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY,
     696             :                                 .expected_dns = dns_domain
     697             :                         },
     698             :                         {
     699             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
     700             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
     701           2 :                                 .str = talloc_asprintf(mem_ctx, "bogus/%s.%s", test_dc, dns_domain),
     702             :                                 .comment = "Looking for bogus service on test DC",
     703             :                                 .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY,
     704           2 :                                 .expected_dns = talloc_asprintf(mem_ctx, "%s.%s", test_dc, dns_domain)
     705             :                         },
     706             :                         { 
     707             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
     708             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
     709           2 :                                 .str = talloc_asprintf(mem_ctx, "krbtgt"),
     710             :                                 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
     711             :                         },
     712             :                         { 
     713             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
     714             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
     715             :                                 .comment = "Looking for the kadmin/changepw service as a service principal",
     716           2 :                                 .str = talloc_asprintf(mem_ctx, "kadmin/changepw"),
     717             :                                 .status = DRSUAPI_DS_NAME_STATUS_OK,
     718           2 :                                 .expected_str = talloc_asprintf(mem_ctx, "CN=krbtgt,CN=Users,%s", realm_dn_str),
     719             :                                 .alternate_status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
     720             :                         },
     721             :                         {
     722             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
     723             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
     724           2 :                                 .str = talloc_asprintf(mem_ctx, "cifs/%s.%s@%s", 
     725             :                                                        test_dc, dns_domain,
     726             :                                                        dns_domain),
     727             :                                 .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY
     728             :                         },
     729             :                         {
     730             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
     731             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
     732           2 :                                 .str = talloc_asprintf(mem_ctx, "cifs/%s.%s@%s", 
     733             :                                                        test_dc, dns_domain,
     734             :                                                        "BOGUS"),
     735             :                                 .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY,
     736             :                                 .expected_dns = "BOGUS"
     737             :                         },
     738             :                         {
     739             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
     740             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
     741           2 :                                 .str = talloc_asprintf(mem_ctx, "cifs/%s.%s@%s", 
     742             :                                                        test_dc, "REALLY",
     743             :                                                        "BOGUS"),
     744             :                                 .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY,
     745             :                                 .expected_dns = "BOGUS"
     746             :                         },
     747             :                         {
     748             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
     749             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
     750           2 :                                 .str = talloc_asprintf(mem_ctx, "cifs/%s.%s", 
     751             :                                                        test_dc, dns_domain),
     752             :                                 .status = DRSUAPI_DS_NAME_STATUS_OK
     753             :                         },
     754             :                         {
     755             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
     756             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
     757           2 :                                 .str = talloc_asprintf(mem_ctx, "cifs/%s", 
     758             :                                                        test_dc),
     759             :                                 .status = DRSUAPI_DS_NAME_STATUS_OK
     760             :                         },
     761             :                         {
     762             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
     763             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
     764             :                                 .str = "NOT A GUID",
     765             :                                 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
     766             :                         },
     767             :                         {
     768             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
     769             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
     770             :                                 .str = "NOT A SID",
     771             :                                 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
     772             :                         },
     773             :                         {
     774             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
     775             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
     776             :                                 .str = "NOT AN NT4 NAME",
     777             :                                 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
     778             :                         },
     779             :                         {
     780             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
     781             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_GUID,
     782             :                                 .comment = "Unparsable DN",
     783             :                                 .str = "NOT A DN",
     784             :                                 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
     785             :                         },
     786             :                         {
     787             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
     788             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
     789             :                                 .comment = "Unparsable user principal",
     790             :                                 .str = "NOT A PRINCIPAL",
     791             :                                 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
     792             :                         },
     793             :                         {
     794             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
     795             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
     796             :                                 .comment = "Unparsable service principal",
     797             :                                 .str = "NOT A SERVICE PRINCIPAL",
     798             :                                 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
     799             :                         },
     800             :                         {
     801             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_GUID,
     802             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
     803             :                                 .comment = "BIND GUID (ie, not in the directory)",
     804             :                                 .str = DRSUAPI_DS_BIND_GUID,
     805             :                                 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
     806             :                         },
     807             :                         {
     808             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
     809             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
     810             :                                 .comment = "Unqualified Machine account as user principal",
     811           2 :                                 .str = talloc_asprintf(mem_ctx, "%s$", test_dc),
     812             :                                 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
     813             :                         },
     814             :                         {
     815             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
     816             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
     817             :                                 .comment = "Machine account as service principal",
     818           2 :                                 .str = talloc_asprintf(mem_ctx, "%s$", test_dc),
     819             :                                 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
     820             :                         },
     821             :                         {
     822             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
     823             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
     824             :                                 .comment = "Full Machine account as service principal",
     825             :                                 .str = user_principal_name,
     826             :                                 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
     827             :                         },
     828             :                         {
     829             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
     830             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
     831             :                                 .comment = "Realm as an NT4 domain lookup",
     832           2 :                                 .str = talloc_asprintf(mem_ctx, "%s\\", dns_domain),
     833             :                                 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
     834             :                         }, 
     835             :                         {
     836             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
     837             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
     838             :                                 .comment = "BUILTIN\\ -> DN",
     839             :                                 .str = "BUILTIN\\",
     840             :                                 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
     841             :                         }, 
     842             :                         {
     843             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
     844             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
     845             :                                 .comment = "NT AUTHORITY\\ -> DN",
     846             :                                 .str = "NT AUTHORITY\\",
     847             :                                 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
     848             :                         }, 
     849             :                         {
     850             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
     851             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
     852             :                                 .comment = "NT AUTHORITY\\ANONYMOUS LOGON -> DN",
     853             :                                 .str = "NT AUTHORITY\\ANONYMOUS LOGON",
     854             :                                 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
     855             :                         }, 
     856             :                         {
     857             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
     858             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
     859             :                                 .comment = "NT AUTHORITY\\SYSTEM -> DN",
     860             :                                 .str = "NT AUTHORITY\\SYSTEM",
     861             :                                 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
     862             :                         }, 
     863             :                         {
     864             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
     865             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
     866             :                                 .comment = "BUILTIN SID -> NT4 account",
     867             :                                 .str = SID_BUILTIN,
     868             :                                 .status = DRSUAPI_DS_NAME_STATUS_NO_MAPPING,
     869             :                                 .alternate_status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
     870             :                         }, 
     871             :                         {
     872             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
     873             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
     874             :                                 .str = SID_BUILTIN,
     875             :                                 .comment = "Builtin Domain SID -> DN",
     876             :                                 .status = DRSUAPI_DS_NAME_STATUS_OK,
     877           2 :                                 .expected_str = talloc_asprintf(mem_ctx, "CN=Builtin,%s", realm_dn_str),
     878             :                                 .alternate_status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
     879             :                         },
     880             :                         {
     881             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
     882             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
     883             :                                 .str = SID_BUILTIN_ADMINISTRATORS,
     884             :                                 .comment = "Builtin Administrors SID -> DN",
     885             :                                 .status = DRSUAPI_DS_NAME_STATUS_OK,
     886             :                                 .alternate_status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
     887             :                         },
     888             :                         {
     889             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
     890             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
     891             :                                 .str = SID_BUILTIN_ADMINISTRATORS,
     892             :                                 .comment = "Builtin Administrors SID -> NT4 Account",
     893             :                                 .status = DRSUAPI_DS_NAME_STATUS_OK,
     894             :                                 .alternate_status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE
     895             :                         },
     896             :                         {
     897             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
     898             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
     899             :                                 .str = SID_NT_ANONYMOUS,
     900             :                                 .comment = "NT Anonymous SID -> NT4 Account",
     901             :                                 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
     902             :                         },
     903             :                         {
     904             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
     905             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
     906             :                                 .str = SID_NT_SYSTEM,
     907             :                                 .comment = "NT SYSTEM SID -> NT4 Account",
     908             :                                 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
     909             :                         },
     910             :                         {
     911             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
     912             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
     913             :                                 .comment = "Domain SID -> DN",
     914             :                                 .str = dom_sid,
     915             :                                 .expected_str = realm_dn_str,
     916             :                                 .status = DRSUAPI_DS_NAME_STATUS_OK
     917             :                         },
     918             :                         {
     919             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
     920             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
     921             :                                 .comment = "Domain SID -> NT4 account",
     922             :                                 .str = dom_sid,
     923             :                                 .expected_str = nt4_domain,
     924             :                                 .status = DRSUAPI_DS_NAME_STATUS_OK
     925             :                         },
     926             :                         {
     927             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
     928             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
     929             :                                 .comment = "invalid user principal name",
     930             :                                 .str = "foo@bar",
     931             :                                 .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY,
     932             :                                 .expected_dns = "bar"
     933             :                         },
     934             :                         {
     935             :                                 .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
     936             :                                 .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
     937             :                                 .comment = "invalid user principal name in valid domain",
     938           2 :                                 .str = talloc_asprintf(mem_ctx, "invalidusername@%s", dns_domain),
     939             :                                 .status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND
     940             :                         }
     941             :                 };
     942             :                 int i;
     943             :                 
     944         122 :                 for (i=0; i < ARRAY_SIZE(crack); i++) {
     945             :                         const char *comment;
     946             : 
     947         120 :                         torture_comment(tctx, "Testing DsCrackNames with name '%s'"
     948             :                                         " offered format: %d desired format:%d\n",
     949             :                                         crack[i].str,
     950         120 :                                         crack[i].format_offered,
     951         120 :                                         crack[i].format_desired);
     952             : 
     953         120 :                         r.in.req->req1.format_flags   = crack[i].flags;
     954         120 :                         r.in.req->req1.format_offered = crack[i].format_offered;
     955         120 :                         r.in.req->req1.format_desired = crack[i].format_desired;
     956         120 :                         names[0].str = crack[i].str;
     957             :                         
     958         120 :                         if (crack[i].comment) {
     959          82 :                                 comment = talloc_asprintf(mem_ctx,
     960             :                                                           "'%s' with name '%s' offered format:%d desired format:%d\n",
     961             :                                                           crack[i].comment, names[0].str,
     962          82 :                                                           r.in.req->req1.format_offered,
     963          82 :                                                           r.in.req->req1.format_desired);
     964             :                         } else {
     965          38 :                                 comment = talloc_asprintf(mem_ctx, "'%s' offered format:%d desired format:%d\n",
     966             :                                                           names[0].str,
     967          38 :                                                           r.in.req->req1.format_offered,
     968          38 :                                                           r.in.req->req1.format_desired);
     969             :                         }
     970         120 :                         if (crack[i].skip) {
     971           4 :                                 torture_comment(tctx, "skipping: %s", comment);
     972           4 :                                 continue;
     973             :                         }
     974         116 :                         status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r);
     975         116 :                         if (!NT_STATUS_IS_OK(status)) {
     976           0 :                                 const char *errstr = nt_errstr(status);
     977           0 :                                 err_msg = talloc_asprintf(mem_ctx, "dcerpc_drsuapi_DsCrackNames failed - %s", errstr);
     978           0 :                                 torture_fail(tctx, err_msg);
     979         116 :                         } else if (!W_ERROR_IS_OK(r.out.result)) {
     980           0 :                                 err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed - %s", win_errstr(r.out.result));
     981           0 :                                 torture_fail(tctx, err_msg);
     982         116 :                         } else if (r.out.ctr->ctr1->array[0].status != crack[i].status) {
     983           0 :                                 if (crack[i].alternate_status) {
     984           0 :                                         if (r.out.ctr->ctr1->array[0].status != crack[i].alternate_status) {
     985           0 :                                                 err_msg = talloc_asprintf(mem_ctx,
     986             :                                                                 "DsCrackNames unexpected status %d, wanted %d or %d on: %s",
     987           0 :                                                                 r.out.ctr->ctr1->array[0].status,
     988           0 :                                                                 crack[i].status,
     989           0 :                                                                 crack[i].alternate_status,
     990             :                                                                 comment);
     991           0 :                                                 torture_fail(tctx, err_msg);
     992             :                                         }
     993             :                                 } else {
     994           0 :                                         err_msg = talloc_asprintf(mem_ctx,
     995             :                                                         "DsCrackNames unexpected status %d, wanted %d on: %s\n",
     996           0 :                                                         r.out.ctr->ctr1->array[0].status,
     997           0 :                                                         crack[i].status,
     998             :                                                         comment);
     999           0 :                                         torture_fail(tctx, err_msg);
    1000             :                                 }
    1001         160 :                         } else if (crack[i].expected_str &&
    1002          88 :                                    (!r.out.ctr->ctr1->count ||
    1003          44 :                                     !r.out.ctr->ctr1->array[0].result_name))
    1004             :                         {
    1005           0 :                                 if (!r.out.ctr->ctr1->count) {
    1006           0 :                                         err_msg = talloc_asprintf(mem_ctx,
    1007             :                                                                   "DsCrackNames failed - got 0 entries, expected %s on %s",
    1008             :                                                                   crack[i].expected_str, comment);
    1009           0 :                                         torture_fail(tctx, err_msg);
    1010             :                                 } else {
    1011           0 :                                         err_msg = talloc_asprintf(mem_ctx,
    1012             :                                                                   "DsCrackNames failed - got NULL pointer, expected %s on %s",
    1013             :                                                                   crack[i].expected_str, comment);
    1014           0 :                                         torture_fail(tctx, err_msg);
    1015             :                                 }
    1016         116 :                         } else if (crack[i].expected_str
    1017          44 :                                    && (strcmp(r.out.ctr->ctr1->array[0].result_name,
    1018             :                                               crack[i].expected_str) != 0))
    1019             :                         {
    1020           0 :                                 if (strcasecmp(r.out.ctr->ctr1->array[0].result_name,
    1021             :                                                crack[i].expected_str) != 0) {
    1022           0 :                                         err_msg = talloc_asprintf(mem_ctx,
    1023             :                                                         "DsCrackNames failed - got %s, expected %s on %s",
    1024           0 :                                                         r.out.ctr->ctr1->array[0].result_name,
    1025             :                                                         crack[i].expected_str, comment);
    1026           0 :                                         torture_fail(tctx, err_msg);
    1027             :                                 } else {
    1028           0 :                                         torture_comment(tctx,
    1029             :                                                         "(warning) DsCrackNames returned different case - got %s, expected %s on %s\n",
    1030           0 :                                                         r.out.ctr->ctr1->array[0].result_name,
    1031             :                                                         crack[i].expected_str, comment);
    1032             :                                 }
    1033         116 :                         } else if (crack[i].expected_dns
    1034          12 :                                    && (strcmp(r.out.ctr->ctr1->array[0].dns_domain_name,
    1035             :                                               crack[i].expected_dns) != 0)) {
    1036           0 :                                 err_msg = talloc_asprintf(mem_ctx,
    1037             :                                                 "DsCrackNames failed - got DNS name %s, expected %s on %s",
    1038           0 :                                                 r.out.ctr->ctr1->array[0].result_name,
    1039             :                                                 crack[i].expected_str, comment);
    1040           0 :                                 torture_fail(tctx, err_msg);
    1041             :                         }
    1042             : 
    1043         116 :                         torture_comment(tctx, "Testing DsCrackNames got %s\n", r.out.ctr->ctr1->array[0].result_name);
    1044             :                 }
    1045             :         }
    1046             : 
    1047           2 :         return test_DsCrackNamesMatrix(tctx, priv, FQDN_1779_name,
    1048             :                                         user_principal_name, service_principal_name);
    1049             : }
    1050             : 
    1051             : /**
    1052             :  * Test case setup for CrackNames
    1053             :  */
    1054           1 : static bool torture_drsuapi_cracknames_setup(struct torture_context *tctx, void **data)
    1055             : {
    1056             :         struct DsCrackNamesPrivate *priv;
    1057             : 
    1058           1 :         *data = priv = talloc_zero(tctx, struct DsCrackNamesPrivate);
    1059             : 
    1060           1 :         return torture_drsuapi_tcase_setup_common(tctx, &priv->base);
    1061             : }
    1062             : 
    1063             : /**
    1064             :  * Test case tear-down for CrackNames
    1065             :  */
    1066           1 : static bool torture_drsuapi_cracknames_teardown(struct torture_context *tctx, void *data)
    1067             : {
    1068           1 :         struct DsCrackNamesPrivate *priv = talloc_get_type(data, struct DsCrackNamesPrivate);
    1069             : 
    1070           1 :         return torture_drsuapi_tcase_teardown_common(tctx, &priv->base);
    1071             : }
    1072             : 
    1073             : /**
    1074             :  * CRACKNAMES test suite implementation
    1075             :  */
    1076         964 : void torture_rpc_drsuapi_cracknames_tcase(struct torture_suite *suite)
    1077             : {
    1078             :         typedef bool (*run_func) (struct torture_context *test, void *tcase_data);
    1079             : 
    1080         964 :         struct torture_tcase *tcase = torture_suite_add_tcase(suite, "cracknames");
    1081             : 
    1082         964 :         torture_tcase_set_fixture(tcase,
    1083             :                                   torture_drsuapi_cracknames_setup,
    1084             :                                   torture_drsuapi_cracknames_teardown);
    1085             : 
    1086         964 :         torture_tcase_add_simple_test(tcase, "cracknames-test", (run_func)test_DsCrackNames);
    1087         964 : }

Generated by: LCOV version 1.13