From 9107eb877369752d61f1a77197ba015f0c141d86 Mon Sep 17 00:00:00 2001 From: Matthieu Patou Date: Sat, 29 Jun 2013 16:02:32 -0700 Subject: [PATCH 1/4] drs-crackname: Fix cracknames for the format UNKNOWN when the data is actually a GUID The cannonical crackname expect a "/" or it returns DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR, when doing UNKNOWN format it's not an error to not have a "/" in the name to crack it's just a sign the name is not a cannonical one. Signed-off-by: Matthieu Patou Reviewed-by: Andrew Bartlett (cherry picked from commit aa17a2c01dbab2e522a8ccccaed7943963bab5b9) --- source4/dsdb/samdb/cracknames.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/source4/dsdb/samdb/cracknames.c b/source4/dsdb/samdb/cracknames.c index 0c4cdfc..388b6c7 100644 --- a/source4/dsdb/samdb/cracknames.c +++ b/source4/dsdb/samdb/cracknames.c @@ -488,7 +488,10 @@ WERROR DsCrackNameOneName(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx, if (!W_ERROR_IS_OK(werr)) { return werr; } - if (info1->status != DRSUAPI_DS_NAME_STATUS_NOT_FOUND) { + if (info1->status != DRSUAPI_DS_NAME_STATUS_NOT_FOUND && + (formats[i] != DRSUAPI_DS_NAME_FORMAT_CANONICAL || + info1->status != DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR)) + { return werr; } } -- 1.9.1 From 71f1cd303a191e51a9bb292264e995c2cbc2f6bb Mon Sep 17 00:00:00 2001 From: Matthieu Patou Date: Sun, 30 Jun 2013 02:03:02 -0700 Subject: [PATCH 2/4] drs-cracknames: When cracking NT4 names we should just look at netbios for the match Looking at dnsRoot will yield a result for domain.tld\username when it shouldn't work. Signed-off-by: Matthieu Patou Reviewed-by: Andrew Bartlett (cherry picked from commit 552b4f3e022dca594e1dada7979fe351eee8cf9b) --- source4/dsdb/samdb/cracknames.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/source4/dsdb/samdb/cracknames.c b/source4/dsdb/samdb/cracknames.c index 388b6c7..628546e 100644 --- a/source4/dsdb/samdb/cracknames.c +++ b/source4/dsdb/samdb/cracknames.c @@ -577,8 +577,7 @@ WERROR DsCrackNameOneName(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx, } domain_filter = talloc_asprintf(mem_ctx, - "(&(objectClass=crossRef)(|(dnsRoot=%s)(netbiosName=%s))(systemFlags:%s:=%u))", - ldb_binary_encode_string(mem_ctx, domain), + "(&(objectClass=crossRef)(netbiosName=%s)(systemFlags:%s:=%u))", ldb_binary_encode_string(mem_ctx, domain), LDB_OID_COMPARATOR_AND, SYSTEM_FLAG_CR_NTDS_DOMAIN); -- 1.9.1 From a9ae248b40eb1ad59fdd2dbca74f6426a99565db Mon Sep 17 00:00:00 2001 From: Matthieu Patou Date: Sun, 30 Jun 2013 02:04:20 -0700 Subject: [PATCH 3/4] drs-crackname: Fix error code so that we have the same as windows Signed-off-by: Matthieu Patou Reviewed-by: Andrew Bartlett (cherry picked from commit 029e80da9d1ab5096cd0981110b588245f8fd50d) --- source4/dsdb/samdb/cracknames.c | 1 + 1 file changed, 1 insertion(+) diff --git a/source4/dsdb/samdb/cracknames.c b/source4/dsdb/samdb/cracknames.c index 628546e..caafd2f 100644 --- a/source4/dsdb/samdb/cracknames.c +++ b/source4/dsdb/samdb/cracknames.c @@ -934,6 +934,7 @@ static WERROR DsCrackNameOneFilter(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ struct ldb_result *res; uint32_t dsdb_flags = 0; struct ldb_dn *real_search_dn; + info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND; if (domain_res) { if (!search_dn) { -- 1.9.1 From 63f1bd95b4a34f84afcf06a34430bb5c57e00bbd Mon Sep 17 00:00:00 2001 From: Matthieu Patou Date: Sun, 30 Jun 2013 20:44:22 -0700 Subject: [PATCH 4/4] drs-cracksname: fix problems that prevented to pass our torture tests Some of the problems where also reported by Microsoft testing tools Signed-off-by: Matthieu Patou Reviewed-by: Andrew Bartlett (cherry picked from commit 7fe4630bad232c09e29739beedda2e2fb63747ed) --- source4/dsdb/samdb/cracknames.c | 27 +++++++++++++++++++++------ 1 file changed, 21 insertions(+), 6 deletions(-) diff --git a/source4/dsdb/samdb/cracknames.c b/source4/dsdb/samdb/cracknames.c index caafd2f..d09da25 100644 --- a/source4/dsdb/samdb/cracknames.c +++ b/source4/dsdb/samdb/cracknames.c @@ -468,7 +468,9 @@ WERROR DsCrackNameOneName(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx, /* TODO: - fill the correct names in all cases! * - handle format_flags */ - + if (format_desired == DRSUAPI_DS_NAME_FORMAT_UNKNOWN) { + return WERR_OK; + } /* here we need to set the domain_filter and/or the result_filter */ switch (format_offered) { case DRSUAPI_DS_NAME_FORMAT_UNKNOWN: @@ -933,10 +935,25 @@ static WERROR DsCrackNameOneFilter(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ int ret; struct ldb_result *res; uint32_t dsdb_flags = 0; - struct ldb_dn *real_search_dn; + struct ldb_dn *real_search_dn = NULL; info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND; - if (domain_res) { + /* + * From 4.1.4.2.11 of MS-DRSR + * if DS_NAME_FLAG_GCVERIFY in flags then + * rt := select all O from all + * where attrValue in GetAttrVals(O, att, false) + * else + * rt := select all O from subtree DefaultNC() + * where attrValue in GetAttrVals(O, att, false) + * endif + * return rt + */ + if (format_flags & DRSUAPI_DS_NAME_FLAG_GCVERIFY || + format_offered == DRSUAPI_DS_NAME_FORMAT_GUID) + { + dsdb_flags = DSDB_SEARCH_SEARCH_ALL_PARTITIONS; + } else if (domain_res) { if (!search_dn) { struct ldb_dn *tmp_dn = samdb_result_dn(sam_ctx, mem_ctx, domain_res->msgs[0], "ncName", NULL); real_search_dn = tmp_dn; @@ -944,13 +961,11 @@ static WERROR DsCrackNameOneFilter(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ real_search_dn = search_dn; } } else { - dsdb_flags = DSDB_SEARCH_SEARCH_ALL_PARTITIONS; - real_search_dn = NULL; + real_search_dn = ldb_get_default_basedn(sam_ctx); } if (format_desired == DRSUAPI_DS_NAME_FORMAT_GUID){ dsdb_flags |= DSDB_SEARCH_SHOW_RECYCLED; } - /* search with the 'phantom root' flag */ ret = dsdb_search(sam_ctx, mem_ctx, &res, real_search_dn, -- 1.9.1