info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
return WERR_OK;
}
-
+
/* This isn't an allocation assignemnt, so it is free'ed with the krb5_free_principal */
realm = krb5_princ_realm(smb_krb5_context->krb5_context, principal);
WERROR wret;
krb5_error_code ret;
krb5_principal principal;
- const char *service;
+ const char *service, *dns_name;
char *new_service;
char *new_princ;
enum drsuapi_DsNameStatus namestatus;
return WERR_OK;
}
service = principal->name.name_string.val[0];
+ dns_name = principal->name.name_string.val[1];
/* MAP it */
namestatus = LDB_lookup_spn_alias(smb_krb5_context->krb5_context,
sam_ctx, mem_ctx,
service, &new_service);
- if (namestatus != DRSUAPI_DS_NAME_STATUS_OK) {
- info1->status = namestatus;
+ if (namestatus == DRSUAPI_DS_NAME_STATUS_NOT_FOUND) {
+ info1->status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY;
+ info1->dns_domain_name = talloc_strdup(mem_ctx, dns_name);
+ if (!info1->dns_domain_name) {
+ krb5_free_principal(smb_krb5_context->krb5_context, principal);
+ return WERR_NOMEM;
+ }
return WERR_OK;
- }
-
- if (ret != 0) {
- info1->status = DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR;
+ } else if (namestatus != DRSUAPI_DS_NAME_STATUS_OK) {
+ info1->status = namestatus;
+ krb5_free_principal(smb_krb5_context->krb5_context, principal);
return WERR_OK;
}
ret = krb5_unparse_name_flags(smb_krb5_context->krb5_context, principal,
KRB5_PRINCIPAL_UNPARSE_NO_REALM, &new_princ);
- krb5_free_principal(smb_krb5_context->krb5_context, principal);
-
if (ret) {
+ krb5_free_principal(smb_krb5_context->krb5_context, principal);
return WERR_NOMEM;
}
wret = DsCrackNameOneName(sam_ctx, mem_ctx, format_flags, format_offered, format_desired,
new_princ, info1);
free(new_princ);
+ if (W_ERROR_IS_OK(wret) && (info1->status == DRSUAPI_DS_NAME_STATUS_NOT_FOUND)) {
+ info1->status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY;
+ info1->dns_domain_name = talloc_strdup(mem_ctx, dns_name);
+ if (!info1->dns_domain_name) {
+ wret = WERR_NOMEM;
+ }
+ }
+ krb5_free_principal(smb_krb5_context->krb5_context, principal);
return wret;
}
case 1:
break;
case 0:
- return dns_domain_from_principal(smb_krb5_context, name, info1);
+ return dns_domain_from_principal(smb_krb5_context,
+ name, info1);
case -1:
DEBUG(2, ("DsCrackNameUPN domain ref search failed: %s", ldb_errstring(sam_ctx)));
info1->status = DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR;
krb5_principal principal;
char *unparsed_name_short;
char *service;
+ ret = krb5_parse_name(smb_krb5_context->krb5_context, name, &principal);
+ if (ret == 0 && principal->name.name_string.len < 2) {
+ info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
+ krb5_free_principal(smb_krb5_context->krb5_context, principal);
+ return WERR_OK;
+ }
ret = krb5_parse_name_flags(smb_krb5_context->krb5_context, name,
KRB5_PRINCIPAL_PARSE_NO_REALM, &principal);
if (ret) {
- return dns_domain_from_principal(smb_krb5_context, name, info1);
- } else if (principal->name.name_string.len < 2) {
- info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
- return WERR_OK;
+ krb5_free_principal(smb_krb5_context->krb5_context, principal);
+
+ return dns_domain_from_principal(smb_krb5_context,
+ name, info1);
}
domain_filter = NULL;
const char * const _domain_attrs_display[] = { "ncName", "dnsRoot", NULL};
const char * const _result_attrs_display[] = { "displayName", "samAccountName", NULL};
+ const char * const _domain_attrs_none[] = { "ncName", "dnsRoot" };
+ const char * const _result_attrs_none[] = { NULL};
+
/* here we need to set the attrs lists for domain and result lookups */
switch (format_desired) {
case DRSUAPI_DS_NAME_FORMAT_FQDN_1779:
result_attrs = _result_attrs_display;
break;
default:
- return WERR_OK;
+ domain_attrs = _domain_attrs_none;
+ result_attrs = _result_attrs_none;
+ break;
}
if (domain_filter) {
}
return WERR_OK;
}
+ case DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL: {
+ info1->status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE;
+ return WERR_OK;
+ }
+ case DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN:
+ case DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY: {
+ info1->status = DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR;
+ return WERR_OK;
+ }
default:
info1->status = DRSUAPI_DS_NAME_STATUS_NO_MAPPING;
return WERR_OK;
}
-
- return WERR_INVALID_PARAM;
}
/* Given a user Principal Name (such as foo@bar.com),
mem_ctx = talloc_init("torture_rpc_drsuapi");
- printf("Connected to DRAUAPI pipe\n");
-
ZERO_STRUCT(priv);
priv.join = torture_join_domain(TEST_MACHINE_NAME, ACB_SVRTRUST,
ret &= test_DsBind(p, mem_ctx, &priv);
if (ret) {
- ret &= test_DsGetDomainControllerInfo(p, mem_ctx, &priv);
+ /* We don't care if this fails, we just need some info from it */
+ test_DsGetDomainControllerInfo(p, mem_ctx, &priv);
ret &= test_DsCrackNames(p, mem_ctx, &priv);
const char *comment;
const char *str;
const char *expected_str;
+ const char *expected_dns;
enum drsuapi_DsNameStatus status;
enum drsuapi_DsNameStatus alternate_status;
enum drsuapi_DsNameFlags flags;
.expected_str = FQDN_1779_name,
.status = DRSUAPI_DS_NAME_STATUS_OK
},
+ {
+ .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+ .format_desired = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
+ .str = FQDN_1779_name,
+ .status = DRSUAPI_DS_NAME_STATUS_NO_MAPPING
+ },
{
.format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
.str = talloc_asprintf(mem_ctx, "krbtgt/%s", dns_domain),
.comment = "Looking for KRBTGT as a serivce principal",
- .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY
+ .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY,
+ .expected_dns = dns_domain
+ },
+ {
+ .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
+ .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+ .str = talloc_asprintf(mem_ctx, "bogus/%s", dns_domain),
+ .comment = "Looking for bogus serivce principal",
+ .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY,
+ .expected_dns = dns_domain
+ },
+ {
+ .format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
+ .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
+ .str = talloc_asprintf(mem_ctx, "bogus/%s.%s", test_dc, dns_domain),
+ .comment = "Looking for bogus serivce on test DC",
+ .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY,
+ .expected_dns = talloc_asprintf(mem_ctx, "%s.%s", test_dc, dns_domain)
},
{
.format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
.str = talloc_asprintf(mem_ctx, "cifs/%s.%s@%s",
test_dc, dns_domain,
"BOGUS"),
- .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY
+ .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY,
+ .expected_dns = "BOGUS"
},
{
.format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
.str = talloc_asprintf(mem_ctx, "cifs/%s.%s@%s",
test_dc, "REALLY",
"BOGUS"),
- .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY
+ .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY,
+ .expected_dns = "BOGUS"
},
{
.format_offered = DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
.comment = "invalid user principal name",
.str = "foo@bar",
- .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY
+ .status = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY,
+ .expected_dns = "bar"
},
{
.format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
r.out.ctr.ctr1->array[0].result_name,
crack[i].expected_str, comment);
ret = False;
+ } else if (crack[i].expected_dns
+ && (strcmp(r.out.ctr.ctr1->array[0].dns_domain_name,
+ crack[i].expected_dns) != 0)) {
+ printf("DsCrackNames failed - got DNS name %s, expected %s on %s\n",
+ r.out.ctr.ctr1->array[0].result_name,
+ crack[i].expected_str, comment);
+ ret = False;
}
}
}