From d0179f164a498f23b1acd726ba7e806afee4c15b Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 7 Apr 2007 05:14:23 +0000 Subject: r22120: Expand the RPC-CRACKNAMES test, to test more values and expose patterns. Fix up our server side implementation to pass almost all the tests (a couple are skipped). Don't require the DsGetDomainControllerInfo calls to pass, just get some info from them. Andrew Bartlett (This used to be commit a29eb8f7e541d2021726601faf52355e312c916b) --- source4/torture/rpc/drsuapi.c | 5 ++-- source4/torture/rpc/drsuapi_cracknames.c | 42 +++++++++++++++++++++++++++++--- 2 files changed, 40 insertions(+), 7 deletions(-) (limited to 'source4/torture') diff --git a/source4/torture/rpc/drsuapi.c b/source4/torture/rpc/drsuapi.c index c0ed2953f2..0129fe9b63 100644 --- a/source4/torture/rpc/drsuapi.c +++ b/source4/torture/rpc/drsuapi.c @@ -686,8 +686,6 @@ BOOL torture_rpc_drsuapi(struct torture_context *torture) mem_ctx = talloc_init("torture_rpc_drsuapi"); - printf("Connected to DRAUAPI pipe\n"); - ZERO_STRUCT(priv); priv.join = torture_join_domain(TEST_MACHINE_NAME, ACB_SVRTRUST, @@ -768,7 +766,8 @@ BOOL torture_rpc_drsuapi_cracknames(struct torture_context *torture) ret &= test_DsBind(p, mem_ctx, &priv); if (ret) { - ret &= test_DsGetDomainControllerInfo(p, mem_ctx, &priv); + /* We don't care if this fails, we just need some info from it */ + test_DsGetDomainControllerInfo(p, mem_ctx, &priv); ret &= test_DsCrackNames(p, mem_ctx, &priv); diff --git a/source4/torture/rpc/drsuapi_cracknames.c b/source4/torture/rpc/drsuapi_cracknames.c index e78f55eb5f..9d231be0e1 100644 --- a/source4/torture/rpc/drsuapi_cracknames.c +++ b/source4/torture/rpc/drsuapi_cracknames.c @@ -459,6 +459,7 @@ BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, const char *comment; const char *str; const char *expected_str; + const char *expected_dns; enum drsuapi_DsNameStatus status; enum drsuapi_DsNameStatus alternate_status; enum drsuapi_DsNameFlags flags; @@ -478,6 +479,12 @@ BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, .expected_str = FQDN_1779_name, .status = DRSUAPI_DS_NAME_STATUS_OK }, + { + .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779, + .format_desired = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL, + .str = FQDN_1779_name, + .status = DRSUAPI_DS_NAME_STATUS_NO_MAPPING + }, { .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL, .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779, @@ -652,7 +659,24 @@ BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779, .str = talloc_asprintf(mem_ctx, "krbtgt/%s", dns_domain), .comment = "Looking for KRBTGT as a serivce principal", - .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY + .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY, + .expected_dns = dns_domain + }, + { + .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL, + .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779, + .str = talloc_asprintf(mem_ctx, "bogus/%s", dns_domain), + .comment = "Looking for bogus serivce principal", + .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY, + .expected_dns = dns_domain + }, + { + .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL, + .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779, + .str = talloc_asprintf(mem_ctx, "bogus/%s.%s", test_dc, dns_domain), + .comment = "Looking for bogus serivce on test DC", + .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY, + .expected_dns = talloc_asprintf(mem_ctx, "%s.%s", test_dc, dns_domain) }, { .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL, @@ -683,7 +707,8 @@ BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, .str = talloc_asprintf(mem_ctx, "cifs/%s.%s@%s", test_dc, dns_domain, "BOGUS"), - .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY + .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY, + .expected_dns = "BOGUS" }, { .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL, @@ -691,7 +716,8 @@ BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, .str = talloc_asprintf(mem_ctx, "cifs/%s.%s@%s", test_dc, "REALLY", "BOGUS"), - .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY + .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY, + .expected_dns = "BOGUS" }, { .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL, @@ -842,7 +868,8 @@ BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779, .comment = "invalid user principal name", .str = "foo@bar", - .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY + .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY, + .expected_dns = "bar" }, { .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL, @@ -907,6 +934,13 @@ BOOL test_DsCrackNames(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, r.out.ctr.ctr1->array[0].result_name, crack[i].expected_str, comment); ret = False; + } else if (crack[i].expected_dns + && (strcmp(r.out.ctr.ctr1->array[0].dns_domain_name, + crack[i].expected_dns) != 0)) { + printf("DsCrackNames failed - got DNS name %s, expected %s on %s\n", + r.out.ctr.ctr1->array[0].result_name, + crack[i].expected_str, comment); + ret = False; } } } -- cgit