diff options
-rw-r--r-- | source4/torture/rpc/drsuapi.c | 110 |
1 files changed, 103 insertions, 7 deletions
diff --git a/source4/torture/rpc/drsuapi.c b/source4/torture/rpc/drsuapi.c index 874e903db3..0d3a6920b0 100644 --- a/source4/torture/rpc/drsuapi.c +++ b/source4/torture/rpc/drsuapi.c @@ -127,12 +127,27 @@ static BOOL test_DsCrackNamesMatrix(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, return ret; } switch (formats[i]) { - case DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL: case DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL: - case DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY: + if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE) { + printf(__location__ ": Unexpected error (%d): This name lookup should fail\n", + r.out.ctr.ctr1->array[0].status); + return False; + } + printf ("(expected) error\n"); + break; + case DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL: + if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_NO_MAPPING) { + printf(__location__ ": Unexpected error (%d): This name lookup should fail\n", + r.out.ctr.ctr1->array[0].status); + return False; + } + printf ("(expected) error\n"); + break; case DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN: - if (r.out.ctr.ctr1->array[0].status == DRSUAPI_DS_NAME_STATUS_OK) { - printf("Unexpected success: This name lookup should fail\n"); + case DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY: + if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR) { + printf(__location__ ": Unexpected error (%d): This name lookup should fail\n", + r.out.ctr.ctr1->array[0].status); return False; } printf ("(expected) error\n"); @@ -724,7 +739,65 @@ static BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, } - /* NEGATIVE test. This should parse, but not succeed */ + /* NEGATIVE tests. This should parse, but not succeed */ + r.in.req.req1.format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL; + r.in.req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779; + names[0].str = talloc_asprintf(mem_ctx, "cifs/%s.%s@%s", + priv->dcinfo.netbios_name, dns_domain, + dns_domain); + + printf("testing DsCrackNames with Service Principal '%s' desired format:%d\n", + names[0].str, r.in.req.req1.format_desired); + + status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r); + if (!NT_STATUS_IS_OK(status)) { + const char *errstr = nt_errstr(status); + if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) { + errstr = dcerpc_errstr(mem_ctx, p->last_fault_code); + } + printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr); + ret = False; + } else if (!W_ERROR_IS_OK(r.out.result)) { + printf("DsCrackNames failed - %s\n", win_errstr(r.out.result)); + ret = False; + } else if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY) { + printf("DsCrackNames incorrect error on name - %d\n", r.out.ctr.ctr1->array[0].status); + ret = False; + } + + if (!ret) { + return ret; + } + + /* NEGATIVE tests. This should parse, but not succeed */ + r.in.req.req1.format_offered = DRSUAPI_DS_NAME_FORMAT_GUID; + r.in.req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779; + names[0].str = "NOT A GUID"; + + printf("testing DsCrackNames with BIND GUID '%s' desired format:%d\n", + names[0].str, r.in.req.req1.format_desired); + + status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r); + if (!NT_STATUS_IS_OK(status)) { + const char *errstr = nt_errstr(status); + if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) { + errstr = dcerpc_errstr(mem_ctx, p->last_fault_code); + } + printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr); + ret = False; + } else if (!W_ERROR_IS_OK(r.out.result)) { + printf("DsCrackNames failed - %s\n", win_errstr(r.out.result)); + ret = False; + } else if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_NOT_FOUND) { + printf("DsCrackNames incorrect error on name - %d\n", r.out.ctr.ctr1->array[0].status); + ret = False; + } + + if (!ret) { + return ret; + } + + /* NEGATIVE tests. This should parse, but not succeed */ r.in.req.req1.format_offered = DRSUAPI_DS_NAME_FORMAT_GUID; r.in.req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779; names[0].str = GUID_string2(mem_ctx, &priv->bind_guid); @@ -743,8 +816,31 @@ static BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, } else if (!W_ERROR_IS_OK(r.out.result)) { printf("DsCrackNames failed - %s\n", win_errstr(r.out.result)); ret = False; - } else if (r.out.ctr.ctr1->array[0].status == DRSUAPI_DS_NAME_STATUS_OK) { - printf("DsCrackNames succeeded on name - %d\n", r.out.ctr.ctr1->array[0].status); + } else if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_NOT_FOUND) { + printf("DsCrackNames incorrect error on name - %d\n", r.out.ctr.ctr1->array[0].status); + ret = False; + } + + r.in.req.req1.format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL; + r.in.req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779; + names[0].str = talloc_asprintf(mem_ctx, "%s$", priv->dcinfo.netbios_name); + + printf("testing DsCrackNames with user principal name '%s' desired format:%d\n", + names[0].str, r.in.req.req1.format_desired); + + status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r); + if (!NT_STATUS_IS_OK(status)) { + const char *errstr = nt_errstr(status); + if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) { + errstr = dcerpc_errstr(mem_ctx, p->last_fault_code); + } + printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr); + ret = False; + } else if (!W_ERROR_IS_OK(r.out.result)) { + printf("DsCrackNames failed - %s\n", win_errstr(r.out.result)); + ret = False; + } else if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_NOT_FOUND) { + printf("DsCrackNames incorrect error on name - %d\n", r.out.ctr.ctr1->array[0].status); ret = False; } |