void VerifyCrackNamesMapSchemaGuid(
DsServer dc,
DRS_MSG_CRACKREQ req,
DRS_MSG_CRACKREPLY?reply)
{
RootDSE rootDse = LdapUtility.GetRootDSE(dc);
Guid guid = new Guid(req.V1.rpNames[0]);
string schemaGuidStr = LdapUtility.GetBinaryString(guid.ToByteArray());
string name = ldapAd.GetAttributeValueInString(
dc,
rootDse.schemaNamingContext,
"lDAPDisplayName",
"(schemaIDGUID=" + schemaGuidStr + ")",
SearchScope.Subtree
);
testSite.Assert.IsTrue(
name == reply.Value.V1.pResult[0].rItems[0].pName,
"IDL_DRSCrackNames: DS_MAP_SCHEMA_GUID: failed to verify schema name, expect:{0}, got{1}",
name,
reply.Value.V1.pResult[0].rItems[0].pName
);
string[] objClass = LdapUtility.GetAttributeValuesString(
dc,
rootDse.schemaNamingContext,
"objectClass",
"(schemaIDGUID=" + schemaGuidStr + ")",
SearchScope.Subtree
);
string objLastClass = objClass[objClass.Length - 1];
switch (objLastClass)
{
case "classSchema":
testSite.Assert.IsTrue(
DS_NAME_ERROR.DS_NAME_ERROR_SCHEMA_GUID_CLASS == reply.Value.V1.pResult[0].rItems[0].status,
"IDL_DRSCrackNames: DS_MAP_SCHEMA_GUID: failed to verify status, expect:{0}, got{1}",
DS_NAME_ERROR.DS_NAME_ERROR_SCHEMA_GUID_CLASS,
reply.Value.V1.pResult[0].rItems[0].status
);
break;
case "attributeSchema":
testSite.Assert.IsTrue(
DS_NAME_ERROR.DS_NAME_ERROR_SCHEMA_GUID_ATTR == reply.Value.V1.pResult[0].rItems[0].status,
"IDL_DRSCrackNames: DS_MAP_SCHEMA_GUID: failed to verify status, expect:{0}, got{1}",
DS_NAME_ERROR.DS_NAME_ERROR_SCHEMA_GUID_CLASS,
reply.Value.V1.pResult[0].rItems[0].status
);
break;
default:
throw new NotImplementedException();
}
}
public DRS_MSG_CRACKREQ CreateDrsCrackNamesV1Request()
{
DRS_MSG_CRACKREQ req = new DRS_MSG_CRACKREQ();
req.V1 = new DRS_MSG_CRACKREQ_V1();
req.V1.cNames = 1;
req.V1.rpNames = new string[1];
req.V1.rpNames[0] = "Dummy";
return(req);
}
void VerifyCrackNamesListGlobalCatalogServers(
DsServer dc,
DRS_MSG_CRACKREQ req,
DRS_MSG_CRACKREPLY?reply)
{
DsServer[] servers = ldapAd.ListGcServers(dc);
testSite.Assert.IsTrue(
reply.Value.V1.pResult[0].cItems == servers.Length,
"IDL_DRSCrackNames: DS_LIST_GLOBAL_CATALOG_SERVERS: wrong server count, expect:{0}, got:{1}",
servers.Length,
reply.Value.V1.pResult[0].cItems
);
string[] siteDns = new string[servers.Length];
string[] dnsHostNames = new string[servers.Length];
for (int i = 0; i < servers.Length; ++i)
{
siteDns[i] = servers[i].Site.DN.ToLower();
dnsHostNames[i] = servers[i].DnsHostName.ToLower();
}
string[] drsrSiteDns = new string[reply.Value.V1.pResult[0].cItems];
string[] drsrDnsHostNames = new string[reply.Value.V1.pResult[0].cItems];
for (int i = 0; i < reply.Value.V1.pResult[0].cItems; ++i)
{
drsrSiteDns[i] = reply.Value.V1.pResult[0].rItems[i].pName.ToLower();
drsrDnsHostNames[i] = reply.Value.V1.pResult[0].rItems[i].pDomain.ToLower();
testSite.Assert.IsTrue(
reply.Value.V1.pResult[0].rItems[i].status == DS_NAME_ERROR.DS_NAME_NO_ERROR,
"IDL_DRSCrackNames: DS_LIST_GLOBAL_CATALOG_SERVERS: return status should be 0, got {0}",
reply.Value.V1.pResult[0].rItems[i].status
);
}
testSite.Assert.IsTrue(
DrsrHelper.IsStringArrayEqual(siteDns, drsrSiteDns),
"IDL_DRSCrackNames: DS_LIST_GLOBAL_CATALOG_SERVERS: failed to verify site DNs."
);
testSite.Assert.IsTrue(
DrsrHelper.IsStringArrayEqual(dnsHostNames, drsrDnsHostNames),
"IDL_DRSCrackNames: DS_LIST_GLOBAL_CATALOG_SERVERS: failed to verify server DNS host names."
);
}
void VerifyCrackNamesListInfoForServer(
DsServer dc,
DRS_MSG_CRACKREQ req,
DRS_MSG_CRACKREPLY?reply)
{
string serverDn = req.V1.rpNames[0];
string dsaObjDn, dnsHostName, serverReference;
ldapAd.ListInfoForServer(dc, serverDn, out dsaObjDn, out dnsHostName, out serverReference);
testSite.Assert.IsTrue(
reply.Value.V1.pResult[0].cItems == 3,
"IDL_DRSCrackNames: DS_LIST_INFO_FOR_SERVER: result should have 3 items, got {0}.",
reply.Value.V1.pResult[0].cItems
);
string drsrObjDn = reply.Value.V1.pResult[0].rItems[0].pName;
testSite.Assert.IsTrue(
drsrObjDn == dsaObjDn,
"IDL_DRSCrackNames: DS_LIST_INFO_FOR_SERVER: wrong NTDS DSA DN, expect:{0}, got:{1}",
dsaObjDn,
drsrObjDn
);
string drsrDnsHostName = reply.Value.V1.pResult[0].rItems[1].pName;
testSite.Assert.IsTrue(
drsrDnsHostName == dnsHostName,
"IDL_DRSCrackNames: DS_LIST_INFO_FOR_SERVER: wrong DNS host name, expect:{0}, got:{1}",
dnsHostName,
drsrDnsHostName
);
string drsrServerReference = reply.Value.V1.pResult[0].rItems[2].pName;
testSite.Assert.IsTrue(
drsrServerReference == serverReference,
"IDL_DRSCrackNames: DS_LIST_INFO_FOR_SERVER: wrong server reference, expect:{0}, got:{1}",
serverReference,
drsrServerReference
);
}
void VerifyCrackNamesListServersForDomainInSite(
DsServer dc,
DRS_MSG_CRACKREQ req,
DRS_MSG_CRACKREPLY?reply)
{
string domainDn = req.V1.rpNames[0];
string siteDn = req.V1.rpNames[1];
DsServer[] servers = ldapAd.ListServersForDomainInSite(dc, domainDn, siteDn);
testSite.Assert.IsTrue(
reply.Value.V1.pResult[0].cItems == servers.Length,
"IDL_DRSCrackNames: DS_LIST_SERVERS_FOR_DOMAIN_IN_SITE: wrong server count, expect:{0}, got:{1}",
servers.Length,
reply.Value.V1.pResult[0].cItems
);
string[] serverDns = new string[servers.Length];
for (int i = 0; i < servers.Length; ++i)
{
serverDns[i] = servers[i].ServerObjectName;
}
string[] drsrServers = new string[reply.Value.V1.pResult[0].cItems];
for (int i = 0; i < reply.Value.V1.pResult[0].cItems; ++i)
{
drsrServers[i] = reply.Value.V1.pResult[0].rItems[i].pName;
testSite.Assert.IsTrue(
reply.Value.V1.pResult[0].rItems[i].status == DS_NAME_ERROR.DS_NAME_NO_ERROR,
"IDL_DRSCrackNames: DS_LIST_SERVERS_FOR_DOMAIN_IN_SITE: return status should be 0, got {0}",
reply.Value.V1.pResult[0].rItems[i].status
);
}
testSite.Assert.IsTrue(
DrsrHelper.IsStringArrayEqual(serverDns, drsrServers),
"IDL_DRSCrackNames: DS_LIST_SERVERS_FOR_DOMAIN_IN_SITE: failed to verify servers in site {0}",
siteDn
);
}
void VerifyCrackNamesListNcs(
DsServer dc,
DRS_MSG_CRACKREQ req,
DRS_MSG_CRACKREPLY?reply)
{
string[] ncs = ldapAd.ListNCs(dc);
string[] drsrNcs = new string[reply.Value.V1.pResult[0].cItems];
for (int i = 0; i < reply.Value.V1.pResult[0].cItems; ++i)
{
drsrNcs[i] = reply.Value.V1.pResult[0].rItems[i].pName;
testSite.Assert.IsTrue(
reply.Value.V1.pResult[0].rItems[i].status == DS_NAME_ERROR.DS_NAME_NO_ERROR,
"IDL_DRSCrackNames: DS_LIST_NCS: return status should be 0, got {0}",
reply.Value.V1.pResult[0].rItems[i].status
);
}
testSite.Assert.IsTrue(
DrsrHelper.IsStringArrayEqual(ncs, drsrNcs),
"IDL_DRSCrackNames: DS_LIST_NCS: failed to verify NCs."
);
}
void VerifyCrackNamesListDomainsInSite(
DsServer dc,
DRS_MSG_CRACKREQ req,
DRS_MSG_CRACKREPLY?reply)
{
string siteDn = req.V1.rpNames[0];
DsSite site = ldapAd.GetSite(dc, siteDn);
string[] domains = new string[site.Domains.Length];
testSite.Assert.IsTrue(
reply.Value.V1.pResult[0].cItems == domains.Length,
"IDL_DRSCrackNames: DS_LIST_DOMAINS_IN_SITE: wrong domain count, expect:{0}, got:{1}",
domains.Length,
reply.Value.V1.pResult[0].cItems
);
for (int i = 0; i < site.Domains.Length; ++i)
{
domains[i] = site.Domains[i].Name;
}
string[] drsrDomains = new string[reply.Value.V1.pResult[0].cItems];
for (int i = 0; i < reply.Value.V1.pResult[0].cItems; ++i)
{
drsrDomains[i] = reply.Value.V1.pResult[0].rItems[i].pName;
testSite.Assert.IsTrue(
reply.Value.V1.pResult[0].rItems[i].status == DS_NAME_ERROR.DS_NAME_NO_ERROR,
"IDL_DRSCrackNames: DS_LIST_DOMAINS_IN_SITE: return status should be 0, got {0}",
reply.Value.V1.pResult[0].rItems[i].status
);
}
testSite.Assert.IsTrue(
DrsrHelper.IsStringArrayEqual(domains, drsrDomains),
"IDL_DRSCrackNames: DS_LIST_DOMAINS_IN_SITE: failed to verify servers in site {0}",
siteDn
);
}
void VerifyCrackNamesListDomains(
DsServer dc,
DRS_MSG_CRACKREQ req,
DRS_MSG_CRACKREPLY?reply)
{
DsDomain[] domains = ldapAd.ListDomains(dc);
testSite.Assert.IsTrue(
reply.Value.V1.pResult[0].cItems == domains.Length,
"IDL_DRSCrackNames: DS_LIST_DOMAINS: wrong domain count, expect:{0}, got:{1}",
domains.Length,
reply.Value.V1.pResult[0].cItems
);
string[] domainDns = new string[domains.Length];
for (int i = 0; i < domains.Length; ++i)
{
domainDns[i] = domains[i].Name;
}
DS_NAME_RESULTW result = reply.Value.V1.pResult[0];
string[] listDomainDns = new string[result.cItems];
for (int i = 0; i < result.cItems; ++i)
{
testSite.Assert.IsTrue(
result.rItems[i].status == DS_NAME_ERROR.DS_NAME_NO_ERROR,
"IDL_DRSCrackNames: DS_LIST_DOMAINS: return status should be 0, got {0}",
result.rItems[i].status
);
listDomainDns[i] = result.rItems[i].pName;
}
testSite.Assert.IsTrue(
DrsrHelper.IsStringArrayEqual(domainDns, listDomainDns),
"IDL_DRSCrackNames: DS_LIST_DOMAINS: failed to verify domain DNs."
);
}
// Verify DS_LIST_SITES of IDL_DRSCrackNames
void VerifyCrackNamesListAllSites(
DsServer dc,
DRS_MSG_CRACKREQ req,
DRS_MSG_CRACKREPLY?reply)
{
DsSite[] sites = ldapAd.ListSites(dc);
testSite.Assert.IsTrue(
reply.Value.V1.pResult[0].cItems == sites.Length,
"IDL_DRSCrackNames: DS_LIST_SITES: wrong site count, expect:{0}, got:{1}",
sites.Length,
reply.Value.V1.pResult[0].cItems
);
string[] siteDns = new string[sites.Length];
for (int i = 0; i < sites.Length; ++i)
{
siteDns[i] = sites[i].DN;
}
string[] listSiteDns = new string[reply.Value.V1.pResult[0].cItems];
for (int i = 0; i < reply.Value.V1.pResult[0].cItems; ++i)
{
testSite.Assert.IsTrue(
reply.Value.V1.pResult[0].rItems[i].status == DS_NAME_ERROR.DS_NAME_NO_ERROR,
"IDL_DRSCrackNames: DS_LIST_SITES: return status should be 0, got {0}",
reply.Value.V1.pResult[0].rItems[i].status
);
listSiteDns[i] = reply.Value.V1.pResult[0].rItems[i].pName;
}
testSite.Assert.IsTrue(
DrsrHelper.IsStringArrayEqual(siteDns, listSiteDns),
"IDL_DRSCrackNames: DS_LIST_SITES: failed to verify site DNs"
);
}
void VerifyCrackNamesListRoles(
DsServer dc,
DRS_MSG_CRACKREQ req,
DRS_MSG_CRACKREPLY?reply)
{
bool isLds = (dc is AdldsServer);
DsDomain domain = dc.Domain;
DS_NAME_RESULTW result = reply.Value.V1.pResult[0];
if (isLds)
{
testSite.Assert.IsTrue(
result.cItems == 2,
"IDL_DRSCrackNames: DS_LIST_ROLES: FSMO role owner of a LDS server should be 2."
);
}
else
{
testSite.Assert.IsTrue(
result.cItems == 5,
"IDL_DRSCrackNames: DS_LIST_ROLES: FSMO role owner of a DS server should be 5."
);
}
for (int i = 0; i < result.cItems; ++i)
{
testSite.Assert.IsTrue(
result.rItems[i].status == DS_NAME_ERROR.DS_NAME_NO_ERROR,
"IDL_DRSCrackNames: DS_LIST_ROLES: return status should be 0, got {0}",
result.rItems[i].status
);
}
testSite.Assert.IsTrue(
domain.FsmoRoleOwners[FSMORoles.Schema] == result.rItems[0].pName,
"IDL_DRSCrackNames: DS_LIST_ROLES: failed to verify schema owner."
);
testSite.Assert.IsTrue(
domain.FsmoRoleOwners[FSMORoles.DomainNaming] == result.rItems[0].pName,
"IDL_DRSCrackNames: DS_LIST_ROLES: failed to verify domain naming owner."
);
// DS server might have 3 more roles.
if (!isLds)
{
testSite.Assert.IsTrue(
domain.FsmoRoleOwners[FSMORoles.PDC] == result.rItems[0].pName,
"IDL_DRSCrackNames: DS_LIST_ROLES: failed to verify PDCE owner."
);
testSite.Assert.IsTrue(
domain.FsmoRoleOwners[FSMORoles.RidAllocation] == result.rItems[0].pName,
"IDL_DRSCrackNames: DS_LIST_ROLES: failed to verify RID allocation owner."
);
testSite.Assert.IsTrue(
domain.FsmoRoleOwners[FSMORoles.Infrastructure] == result.rItems[0].pName,
"IDL_DRSCrackNames: DS_LIST_ROLES: failed to verify Infrastructure owner."
);
}
}
/// <summary>
/// Verify CrackNames results.
/// </summary>
/// <param name="machine"></param>
/// <param name="retVal"></param>
/// <param name="dwInVersion"></param>
/// <param name="req"></param>
/// <param name="outVersion"></param>
/// <param name="reply"></param>
public void VerifyDrsCrackNames(
EnvironmentConfig.Machine machine,
uint retVal,
uint dwInVersion,
DRS_MSG_CRACKREQ req,
uint?outVersion,
DRS_MSG_CRACKREPLY?reply)
{
// IDL_DRSCrackNames supports only V1
testSite.Assert.IsTrue(outVersion == 1,
"IDL_DRSCrackNames: Checking outVersion - got: {0}, expect: {1}, outVersion should be 1.", outVersion, 1);
testSite.Assert.IsNotNull(reply, "IDL_DRSCrackNames: Checking outMessage - outMessage should not be null.");
testSite.Assert.IsNotNull(reply.Value.V1.pResult, "IDL_DRSCrackNames: Checking pResult - pResult in outMessage should not be null.");
DsServer srv = (DsServer)EnvironmentConfig.MachineStore[machine];
uint flag = req.V1.dwFlags;
switch (flag)
{
case (uint)DRS_MSG_CRACKREQ_FLAGS.DS_NAME_FLAG_GC_VERIFY:
{
const uint ERROR_DS_GCVERIFY_ERROR = 0x20e1;
bool isGc = ldapAd.IsGc(srv);
if (!isGc)
{
testSite.Assert.IsTrue(
retVal == ERROR_DS_GCVERIFY_ERROR,
"IDL_DRSCrackNames: Cannot verify the GC server {0}",
srv.NetbiosName);
}
else
{
testSite.Assert.IsTrue(
retVal == (uint)DS_NAME_ERROR.DS_NAME_NO_ERROR,
"IDL_DRSCrackNames: DC {0} is not a GC server",
srv.NetbiosName);
}
}
break;
default:
break;
}
// formats
uint formatOffered = req.V1.formatOffered;
switch (formatOffered)
{
case (uint)DS_NAME_FORMAT.DS_INVALID_NAME:
// Invalid name, just break.
break;
case (uint)formatOffered_Values.DS_LIST_SITES:
VerifyCrackNamesListAllSites(srv, req, reply);
break;
case (uint)formatOffered_Values.DS_LIST_SERVERS_IN_SITE:
VerifyCrackNamesListServersInSite(srv, req, reply);
break;
case (uint)formatOffered_Values.DS_LIST_DOMAINS_IN_SITE:
VerifyCrackNamesListDomainsInSite(srv, req, reply);
break;
case (uint)formatOffered_Values.DS_LIST_SERVERS_FOR_DOMAIN_IN_SITE:
VerifyCrackNamesListServersForDomainInSite(srv, req, reply);
break;
case (uint)formatOffered_Values.DS_LIST_INFO_FOR_SERVER:
VerifyCrackNamesListInfoForServer(srv, req, reply);
break;
case (uint)formatOffered_Values.DS_LIST_ROLES:
VerifyCrackNamesListRoles(srv, req, reply);
break;
case (uint)formatOffered_Values.DS_LIST_DOMAINS:
VerifyCrackNamesListDomains(srv, req, reply);
break;
case (uint)formatOffered_Values.DS_LIST_NCS:
VerifyCrackNamesListNcs(srv, req, reply);
break;
case (uint)formatOffered_Values.DS_LIST_SERVERS_WITH_DCS_IN_SITE:
VerifyCrackNamesListServersWithDcsInSite(srv, req, reply);
break;
case (uint)formatOffered_Values.DS_LIST_GLOBAL_CATALOG_SERVERS:
VerifyCrackNamesListGlobalCatalogServers(srv, req, reply);
break;
case (uint)formatOffered_Values.DS_MAP_SCHEMA_GUID:
VerifyCrackNamesMapSchemaGuid(srv, req, reply);
break;
case (uint)DS_NAME_FORMAT.DS_UNKNOWN_NAME:
case (uint)DS_NAME_FORMAT.DS_FQDN_1779_NAME:
case (uint)DS_NAME_FORMAT.DS_NT4_ACCOUNT_NAME:
case (uint)DS_NAME_FORMAT.DS_DISPLAY_NAME:
case (uint)DS_NAME_FORMAT.DS_UNIQUE_ID_NAME:
case (uint)DS_NAME_FORMAT.DS_CANONICAL_NAME:
case (uint)DS_NAME_FORMAT.DS_USER_PRINCIPAL_NAME:
case (uint)DS_NAME_FORMAT.DS_CANONICAL_NAME_EX:
case (uint)DS_NAME_FORMAT.DS_SERVICE_PRINCIPAL_NAME:
case (uint)DS_NAME_FORMAT.DS_SID_OR_SID_HISTORY_NAME:
case (uint)DS_NAME_FORMAT.DS_DNS_DOMAIN_NAME:
case (uint)formatOffered_Values.DS_NT4_ACCOUNT_NAME_SANS_DOMAIN:
case (uint)formatOffered_Values.DS_NT4_ACCOUNT_NAME_SANS_DOMAIN_EX:
case (uint)formatOffered_Values.DS_ALT_SECURITY_IDENTITIES_NAME:
case (uint)formatOffered_Values.DS_STRING_SID_NAME:
case (uint)formatOffered_Values.DS_USER_PRINCIPAL_NAME_AND_ALTSECID:
{
for (int i = 0; i < req.V1.cNames; ++i)
{
DS_NAME_RESULT_ITEMW r = ldapAd.LookupNames(
srv,
req.V1.dwFlags,
req.V1.formatOffered,
req.V1.formatDesired,
req.V1.rpNames[i]
);
// status code
testSite.Assert.IsTrue(
r.status == reply.Value.V1.pResult[0].rItems[i].status,
"IDL_DRSCrackNames: Verify status failed, expect: {0}, got: {1}",
r.status,
reply.Value.V1.pResult[0].rItems[i].status
);
// name
if (r.pName == null)
{
testSite.Assert.IsNull(reply.Value.V1.pResult[0].rItems[i].pName,
"IDL_DRSCrackNames: Verify pName failed, expect: null, got: {0}.",
reply.Value.V1.pResult[0].rItems[i].pName);
}
else
{
testSite.Assert.IsTrue(
r.pName == reply.Value.V1.pResult[0].rItems[i].pName,
"IDL_DRSCrackNames: Verify pName failed, expect: {0}, got: {1}.",
r.pName,
reply.Value.V1.pResult[0].rItems[i].pName
);
}
// domain
if (r.pDomain == null)
{
testSite.Assert.IsNull(reply.Value.V1.pResult[0].rItems[i].pDomain,
"IDL_DRSCrackNames: Verify pDomain failed, expect: null, got: {0}.",
reply.Value.V1.pResult[0].rItems[i].pDomain);
}
else
{
testSite.Assert.IsTrue(
r.pDomain == reply.Value.V1.pResult[0].rItems[i].pDomain,
"IDL_DRSCrackNames: Verify pDomain failed, expect: {0}, got: {1}.",
r.pDomain,
reply.Value.V1.pResult[0].rItems[i].pDomain
);
}
}
}
break;
default:
throw new NotImplementedException();
}
}
