diff options
Diffstat (limited to 'source4')
-rw-r--r-- | source4/torture/rpc/drsuapi.c | 157 |
1 files changed, 143 insertions, 14 deletions
diff --git a/source4/torture/rpc/drsuapi.c b/source4/torture/rpc/drsuapi.c index 69d9630209..f4c608eb8c 100644 --- a/source4/torture/rpc/drsuapi.c +++ b/source4/torture/rpc/drsuapi.c @@ -66,7 +66,8 @@ static BOOL test_DsBind(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, } static BOOL test_DsCrackNamesMatrix(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, - struct DsPrivate *priv, const char *dn) + struct DsPrivate *priv, const char *dn, + const char *user_principal_name, const char *service_principal_name) { @@ -125,12 +126,38 @@ static BOOL test_DsCrackNamesMatrix(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, if (!ret) { return ret; } - if (r.out.ctr.ctr1->array[0].status == DRSUAPI_DS_NAME_STATUS_OK) { + switch (formats[i]) { + case DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL: + case DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL: + case DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY: + case DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN: + if (r.out.ctr.ctr1->array[0].status == DRSUAPI_DS_NAME_STATUS_OK) { + printf("Unexpected success: This name lookup should fail\n"); + return False; + } + printf ("(expected) error\n"); + break; + default: + if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) { + printf("Error: %d\n", r.out.ctr.ctr1->array[0].status); + return False; + } + } + + switch (formats[i]) { + case DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL: + n_from[i] = user_principal_name; + break; + case DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL: + n_from[i] = service_principal_name; + break; + case DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY: + case DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN: + n_from[i] = NULL; + break; + default: n_from[i] = r.out.ctr.ctr1->array[0].result_name; printf("%s\n", n_from[i]); - } else { - n_from[i] = NULL; - printf("Error\n"); } } @@ -173,7 +200,16 @@ static BOOL test_DsCrackNamesMatrix(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, for (i = 0; i < ARRAY_SIZE(formats); i++) { for (j = 0; j < ARRAY_SIZE(formats); j++) { if (n_matrix[i][j] == n_from[j]) { - } else if (n_matrix[i][j] == NULL) { + + /* We don't have a from name for these yet (and we can't map to them to find it out) */ + } else if (n_matrix[i][j] == NULL && n_from[i] == NULL) { + + /* we can't map to these two */ + } else if (n_matrix[i][j] == NULL && formats[j] == DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL) { + } else if (n_matrix[i][j] == NULL && formats[j] == DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL) { + } else if (n_matrix[i][j] == NULL && n_from[j] != NULL) { + printf("dcerpc_drsuapi_DsCrackNames mismatch - from %d to %d: %s should be %s\n", formats[i], formats[j], n_matrix[i][j], n_from[j]); + ret = False; } else if (n_matrix[i][j] != NULL && n_from[j] == NULL) { printf("dcerpc_drsuapi_DsCrackNames mismatch - from %d to %d: %s should be %s\n", formats[i], formats[j], n_matrix[i][j], n_from[j]); ret = False; @@ -196,6 +232,8 @@ static BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, const char *dns_domain; const char *nt4_domain; const char *FQDN_1779_name; + const char *user_principal_name; + const char *service_principal_name; ZERO_STRUCT(r); r.in.bind_handle = &priv->bind_handle; @@ -224,6 +262,9 @@ static BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, } else if (!W_ERROR_IS_OK(r.out.result)) { printf("DsCrackNames failed - %s\n", win_errstr(r.out.result)); ret = False; + } else if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) { + printf("DsCrackNames failed on name - %d\n", r.out.ctr.ctr1->array[0].status); + ret = False; } if (!ret) { @@ -249,6 +290,9 @@ static BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, } else if (!W_ERROR_IS_OK(r.out.result)) { printf("DsCrackNames failed - %s\n", win_errstr(r.out.result)); ret = False; + } else if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) { + printf("DsCrackNames failed on name - %d\n", r.out.ctr.ctr1->array[0].status); + ret = False; } if (!ret) { @@ -278,6 +322,9 @@ static BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, } else if (!W_ERROR_IS_OK(r.out.result)) { printf("DsCrackNames failed - %s\n", win_errstr(r.out.result)); ret = False; + } else if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) { + printf("DsCrackNames failed on name - %d\n", r.out.ctr.ctr1->array[0].status); + ret = False; } if (!ret) { @@ -302,6 +349,9 @@ static BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, } else if (!W_ERROR_IS_OK(r.out.result)) { printf("DsCrackNames failed - %s\n", win_errstr(r.out.result)); ret = False; + } else if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) { + printf("DsCrackNames failed on name - %d\n", r.out.ctr.ctr1->array[0].status); + ret = False; } if (!ret) { @@ -328,6 +378,9 @@ static BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, } else if (!W_ERROR_IS_OK(r.out.result)) { printf("DsCrackNames failed - %s\n", win_errstr(r.out.result)); ret = False; + } else if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) { + printf("DsCrackNames failed on name - %d\n", r.out.ctr.ctr1->array[0].status); + ret = False; } if (!ret) { @@ -336,9 +389,10 @@ static BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, FQDN_1779_name = r.out.ctr.ctr1->array[0].result_name; - r.in.req.req1.format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779; - r.in.req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL; - names[0].str = FQDN_1779_name; + r.in.req.req1.format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL; + r.in.req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779; + names[0].str = talloc_asprintf(mem_ctx, "%s$@%s", priv->dcinfo.netbios_name, dns_domain); + user_principal_name = names[0].str; printf("testing DsCrackNames with name '%s' desired format:%d\n", names[0].str, r.in.req.req1.format_desired); @@ -354,13 +408,24 @@ static BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, } else if (!W_ERROR_IS_OK(r.out.result)) { printf("DsCrackNames failed - %s\n", win_errstr(r.out.result)); ret = False; + } else if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) { + printf("DsCrackNames failed on name - %d\n", r.out.ctr.ctr1->array[0].status); + ret = False; } if (!ret) { return ret; } - r.in.req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_DISPLAY; + if (strcmp(r.out.ctr.ctr1->array[0].result_name, FQDN_1779_name) != 0) { + printf("DsCrackNames failed - %s != %s\n", r.out.ctr.ctr1->array[0].result_name, FQDN_1779_name); + return False; + } + + r.in.req.req1.format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL; + r.in.req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779; + names[0].str = talloc_asprintf(mem_ctx, "HOST/%s", priv->dcinfo.netbios_name); + service_principal_name = names[0].str; printf("testing DsCrackNames with name '%s' desired format:%d\n", names[0].str, r.in.req.req1.format_desired); @@ -376,13 +441,23 @@ static BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, } else if (!W_ERROR_IS_OK(r.out.result)) { printf("DsCrackNames failed - %s\n", win_errstr(r.out.result)); ret = False; + } else if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) { + printf("DsCrackNames failed on name - %d\n", r.out.ctr.ctr1->array[0].status); + ret = False; } if (!ret) { return ret; } - r.in.req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_GUID; + if (strcmp(r.out.ctr.ctr1->array[0].result_name, FQDN_1779_name) != 0) { + printf("DsCrackNames failed - %s != %s\n", r.out.ctr.ctr1->array[0].result_name, FQDN_1779_name); + return False; + } + + r.in.req.req1.format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL; + r.in.req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779; + names[0].str = talloc_asprintf(mem_ctx, "cifs/%s.%s", priv->dcinfo.netbios_name, dns_domain); printf("testing DsCrackNames with name '%s' desired format:%d\n", names[0].str, r.in.req.req1.format_desired); @@ -398,13 +473,23 @@ static BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, } else if (!W_ERROR_IS_OK(r.out.result)) { printf("DsCrackNames failed - %s\n", win_errstr(r.out.result)); ret = False; + } else if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) { + printf("DsCrackNames failed on name - %d\n", r.out.ctr.ctr1->array[0].status); + ret = False; } if (!ret) { return ret; } - r.in.req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL; + if (strcmp(r.out.ctr.ctr1->array[0].result_name, FQDN_1779_name) != 0) { + printf("DsCrackNames failed - %s != %s\n", r.out.ctr.ctr1->array[0].result_name, FQDN_1779_name); + return False; + } + + r.in.req.req1.format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779; + r.in.req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_CANONICAL; + names[0].str = FQDN_1779_name; printf("testing DsCrackNames with name '%s' desired format:%d\n", names[0].str, r.in.req.req1.format_desired); @@ -426,7 +511,7 @@ static BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, return ret; } - r.in.req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL; + r.in.req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_DISPLAY; printf("testing DsCrackNames with name '%s' desired format:%d\n", names[0].str, r.in.req.req1.format_desired); @@ -442,6 +527,34 @@ static BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, } else if (!W_ERROR_IS_OK(r.out.result)) { printf("DsCrackNames failed - %s\n", win_errstr(r.out.result)); ret = False; + } else if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) { + printf("DsCrackNames failed on name - %d\n", r.out.ctr.ctr1->array[0].status); + ret = False; + } + + if (!ret) { + return ret; + } + + r.in.req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_GUID; + + printf("testing DsCrackNames with name '%s' desired format:%d\n", + names[0].str, r.in.req.req1.format_desired); + + status = dcerpc_drsuapi_DsCrackNames(p, mem_ctx, &r); + if (!NT_STATUS_IS_OK(status)) { + const char *errstr = nt_errstr(status); + if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) { + errstr = dcerpc_errstr(mem_ctx, p->last_fault_code); + } + printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr); + ret = False; + } else if (!W_ERROR_IS_OK(r.out.result)) { + printf("DsCrackNames failed - %s\n", win_errstr(r.out.result)); + ret = False; + } else if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) { + printf("DsCrackNames failed on name - %d\n", r.out.ctr.ctr1->array[0].status); + ret = False; } if (!ret) { @@ -466,6 +579,9 @@ static BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, } else if (!W_ERROR_IS_OK(r.out.result)) { printf("DsCrackNames failed - %s\n", win_errstr(r.out.result)); ret = False; + } else if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) { + printf("DsCrackNames failed on name - %d\n", r.out.ctr.ctr1->array[0].status); + ret = False; } if (!ret) { @@ -489,6 +605,9 @@ static BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, } else if (!W_ERROR_IS_OK(r.out.result)) { printf("DsCrackNames failed - %s\n", win_errstr(r.out.result)); ret = False; + } else if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) { + printf("DsCrackNames failed on name - %d\n", r.out.ctr.ctr1->array[0].status); + ret = False; } if (!ret) { @@ -513,6 +632,9 @@ static BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, } else if (!W_ERROR_IS_OK(r.out.result)) { printf("DsCrackNames failed - %s\n", win_errstr(r.out.result)); ret = False; + } else if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) { + printf("DsCrackNames failed on name - %d\n", r.out.ctr.ctr1->array[0].status); + ret = False; } if (!ret) { @@ -537,12 +659,16 @@ static BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, } else if (!W_ERROR_IS_OK(r.out.result)) { printf("DsCrackNames failed - %s\n", win_errstr(r.out.result)); ret = False; + } else if (r.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) { + printf("DsCrackNames failed on name - %d\n", r.out.ctr.ctr1->array[0].status); + ret = False; } if (!ret) { return ret; } + /* NEGATIVE test. This should parse, but not succeed */ r.in.req.req1.format_offered = DRSUAPI_DS_NAME_FORMAT_GUID; r.in.req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779; names[0].str = GUID_string2(mem_ctx, &priv->bind_guid); @@ -561,10 +687,13 @@ static BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, } else if (!W_ERROR_IS_OK(r.out.result)) { printf("DsCrackNames failed - %s\n", win_errstr(r.out.result)); ret = False; + } else if (r.out.ctr.ctr1->array[0].status == DRSUAPI_DS_NAME_STATUS_OK) { + printf("DsCrackNames succeeded on name - %d\n", r.out.ctr.ctr1->array[0].status); + ret = False; } if (ret) { - return test_DsCrackNamesMatrix(p, mem_ctx, priv, FQDN_1779_name); + return test_DsCrackNamesMatrix(p, mem_ctx, priv, FQDN_1779_name, user_principal_name, service_principal_name); } return ret; |