search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s4:selftest: correctly copy a python list into a temporary variable
[Samba.git] / source4 / torture / ldap / netlogon.c
blobd632aaf5c1df80c1c948e1493f6a18dca303ca52
1 /*
2 Unix SMB/CIFS mplementation.
3
4 test CLDAP/LDAP netlogon operations
5
6 Copyright (C) Andrew Tridgell 2005
7 Copyright (C) Matthias Dieter Wallnöfer 2009
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
21
22 */
23
24 #include "includes.h"
25 #include "libcli/cldap/cldap.h"
26 #include "libcli/ldap/ldap_client.h"
27 #include "libcli/ldap/ldap_ndr.h"
28 #include "librpc/gen_ndr/netlogon.h"
29 #include "param/param.h"
30 #include "../lib/tsocket/tsocket.h"
31
32 #include "torture/torture.h"
33 #include "torture/ldap/proto.h"
34
35 #define CHECK_STATUS(status, correct) torture_assert_ntstatus_equal(tctx, status, correct, "incorrect status")
36
37 #define CHECK_VAL(v, correct) torture_assert_int_equal(tctx, (v), (correct), "incorrect value");
38
39 #define CHECK_STRING(v, correct) torture_assert_str_equal(tctx, v, correct, "incorrect value");
40
41 typedef NTSTATUS (*request_netlogon_t)(void *con,
42 TALLOC_CTX *mem_ctx,
43 struct cldap_netlogon *io);
44
45 typedef NTSTATUS (*request_rootdse_t)(void *con,
46 TALLOC_CTX *mem_ctx,
47 struct cldap_search *io);
48
49 /*
50 test netlogon operations
51 */
52 static bool test_ldap_netlogon(struct torture_context *tctx,
53 request_netlogon_t request_netlogon,
54 void *cldap,
55 const char *dest)
56 {
57 NTSTATUS status;
58 struct cldap_netlogon search, empty_search;
59 struct netlogon_samlogon_response n1;
60 struct GUID guid;
61 int i;
62
63 ZERO_STRUCT(search);
64 search.in.dest_address = NULL;
65 search.in.dest_port = 0;
66 search.in.acct_control = -1;
67 search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
68 search.in.map_response = true;
69
70 empty_search = search;
71
72 printf("Trying without any attributes\n");
73 search = empty_search;
74 status = request_netlogon(cldap, tctx, &search);
75 CHECK_STATUS(status, NT_STATUS_OK);
76
77 n1 = search.out.netlogon;
78
79 search.in.user = "Administrator";
80 search.in.realm = n1.data.nt5_ex.dns_domain;
81 search.in.host = "__cldap_torture__";
82
83 printf("Scanning for netlogon levels\n");
84 for (i=0;i<256;i++) {
85 search.in.version = i;
86 printf("Trying netlogon level %d\n", i);
87 status = request_netlogon(cldap, tctx, &search);
88 CHECK_STATUS(status, NT_STATUS_OK);
89 }
90
91 printf("Scanning for netlogon level bits\n");
92 for (i=0;i<31;i++) {
93 search.in.version = (1<<i);
94 printf("Trying netlogon level 0x%x\n", i);
95 status = request_netlogon(cldap, tctx, &search);
96 CHECK_STATUS(status, NT_STATUS_OK);
97 }
98
99 search.in.version = NETLOGON_NT_VERSION_5|NETLOGON_NT_VERSION_5EX|NETLOGON_NT_VERSION_IP;
100 status = request_netlogon(cldap, tctx, &search);
101 CHECK_STATUS(status, NT_STATUS_OK);
102
103 printf("Trying with User=NULL\n");
104 search.in.user = NULL;
105 status = request_netlogon(cldap, tctx, &search);
106 CHECK_STATUS(status, NT_STATUS_OK);
107 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
108 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
109 torture_assert(tctx,
110 strstr(search.out.netlogon.data.nt5_ex.pdc_name, "\\\\") == NULL,
111 "PDC name should not be in UNC form");
112
113 printf("Trying with User=Administrator\n");
114 search.in.user = "Administrator";
115 status = request_netlogon(cldap, tctx, &search);
116 CHECK_STATUS(status, NT_STATUS_OK);
117 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX);
118 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user);
119 torture_assert(tctx,
120 strstr(search.out.netlogon.data.nt5_ex.pdc_name, "\\\\") == NULL,
121 "PDC name should not be in UNC form");
122
123 search.in.version = NETLOGON_NT_VERSION_5;
124 status = request_netlogon(cldap, tctx, &search);
125 CHECK_STATUS(status, NT_STATUS_OK);
126
127 printf("Trying with User=NULL\n");
128 search.in.user = NULL;
129 status = request_netlogon(cldap, tctx, &search);
130 CHECK_STATUS(status, NT_STATUS_OK);
131 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE);
132 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
133 torture_assert(tctx,
134 strstr(search.out.netlogon.data.nt5_ex.pdc_name, "\\\\") != NULL,
135 "PDC name should be in UNC form");
136
137 printf("Trying with User=Administrator\n");
138 search.in.user = "Administrator";
139 status = request_netlogon(cldap, tctx, &search);
140 CHECK_STATUS(status, NT_STATUS_OK);
141 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN);
142 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user);
143 torture_assert(tctx,
144 strstr(search.out.netlogon.data.nt5_ex.pdc_name, "\\\\") != NULL,
145 "PDC name should be in UNC form");
146
147 search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
148
149 printf("Trying with a GUID\n");
150 search.in.realm = NULL;
151 search.in.domain_guid = GUID_string(tctx, &n1.data.nt5_ex.domain_uuid);
152 status = request_netlogon(cldap, tctx, &search);
153 CHECK_STATUS(status, NT_STATUS_OK);
154 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX);
155 CHECK_STRING(GUID_string(tctx, &search.out.netlogon.data.nt5_ex.domain_uuid), search.in.domain_guid);
156 torture_assert(tctx,
157 strstr(search.out.netlogon.data.nt5_ex.pdc_name, "\\\\") == NULL,
158 "PDC name should not be in UNC form");
159
160 printf("Trying with a incorrect GUID\n");
161 guid = GUID_random();
162 search.in.user = NULL;
163 search.in.domain_guid = GUID_string(tctx, &guid);
164 status = request_netlogon(cldap, tctx, &search);
165 CHECK_STATUS(status, NT_STATUS_NOT_FOUND);
166
167 printf("Trying with a AAC\n");
168 search.in.acct_control = ACB_WSTRUST|ACB_SVRTRUST;
169 search.in.realm = n1.data.nt5_ex.dns_domain;
170 status = request_netlogon(cldap, tctx, &search);
171 CHECK_STATUS(status, NT_STATUS_OK);
172 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
173 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
174
175 printf("Trying with a zero AAC\n");
176 search.in.acct_control = 0x0;
177 search.in.realm = n1.data.nt5_ex.dns_domain;
178 status = request_netlogon(cldap, tctx, &search);
179 CHECK_STATUS(status, NT_STATUS_OK);
180 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
181 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
182
183 printf("Trying with a zero AAC and user=Administrator\n");
184 search.in.acct_control = 0x0;
185 search.in.user = "Administrator";
186 search.in.realm = n1.data.nt5_ex.dns_domain;
187 status = request_netlogon(cldap, tctx, &search);
188 CHECK_STATUS(status, NT_STATUS_OK);
189 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX);
190 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "Administrator");
191
192 printf("Trying with a bad AAC\n");
193 search.in.user = NULL;
194 search.in.acct_control = 0xFF00FF00;
195 search.in.realm = n1.data.nt5_ex.dns_domain;
196 status = request_netlogon(cldap, tctx, &search);
197 CHECK_STATUS(status, NT_STATUS_OK);
198 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
199 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
200
201 printf("Trying with a user only\n");
202 search = empty_search;
203 search.in.user = "Administrator";
204 status = request_netlogon(cldap, tctx, &search);
205 CHECK_STATUS(status, NT_STATUS_OK);
206 CHECK_STRING(search.out.netlogon.data.nt5_ex.forest, n1.data.nt5_ex.dns_domain);
207 CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
208 CHECK_STRING(search.out.netlogon.data.nt5_ex.domain_name, n1.data.nt5_ex.domain_name);
209 CHECK_STRING(search.out.netlogon.data.nt5_ex.pdc_name, n1.data.nt5_ex.pdc_name);
210 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user);
211 CHECK_STRING(search.out.netlogon.data.nt5_ex.server_site, n1.data.nt5_ex.server_site);
212 CHECK_STRING(search.out.netlogon.data.nt5_ex.client_site, n1.data.nt5_ex.client_site);
213
214 printf("Trying with just a bad username\n");
215 search.in.user = "___no_such_user___";
216 status = request_netlogon(cldap, tctx, &search);
217 CHECK_STATUS(status, NT_STATUS_OK);
218 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX);
219 CHECK_STRING(search.out.netlogon.data.nt5_ex.forest, n1.data.nt5_ex.dns_domain);
220 CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
221 CHECK_STRING(search.out.netlogon.data.nt5_ex.domain_name, n1.data.nt5_ex.domain_name);
222 CHECK_STRING(search.out.netlogon.data.nt5_ex.pdc_name, n1.data.nt5_ex.pdc_name);
223 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user);
224 CHECK_STRING(search.out.netlogon.data.nt5_ex.server_site, n1.data.nt5_ex.server_site);
225 CHECK_STRING(search.out.netlogon.data.nt5_ex.client_site, n1.data.nt5_ex.client_site);
226
227 printf("Trying with just a bad domain\n");
228 search = empty_search;
229 search.in.realm = "___no_such_domain___";
230 status = request_netlogon(cldap, tctx, &search);
231 CHECK_STATUS(status, NT_STATUS_NOT_FOUND);
232
233 printf("Trying with a incorrect domain and correct guid\n");
234 search.in.domain_guid = GUID_string(tctx, &n1.data.nt5_ex.domain_uuid);
235 status = request_netlogon(cldap, tctx, &search);
236 CHECK_STATUS(status, NT_STATUS_OK);
237 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
238 CHECK_STRING(search.out.netlogon.data.nt5_ex.forest, n1.data.nt5_ex.dns_domain);
239 CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
240 CHECK_STRING(search.out.netlogon.data.nt5_ex.domain_name, n1.data.nt5_ex.domain_name);
241 CHECK_STRING(search.out.netlogon.data.nt5_ex.pdc_name, n1.data.nt5_ex.pdc_name);
242 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
243 CHECK_STRING(search.out.netlogon.data.nt5_ex.server_site, n1.data.nt5_ex.server_site);
244 CHECK_STRING(search.out.netlogon.data.nt5_ex.client_site, n1.data.nt5_ex.client_site);
245
246 printf("Trying with a incorrect domain and incorrect guid\n");
247 search.in.domain_guid = GUID_string(tctx, &guid);
248 status = request_netlogon(cldap, tctx, &search);
249 CHECK_STATUS(status, NT_STATUS_NOT_FOUND);
250 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
251 CHECK_STRING(search.out.netlogon.data.nt5_ex.forest, n1.data.nt5_ex.dns_domain);
252 CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
253 CHECK_STRING(search.out.netlogon.data.nt5_ex.domain_name, n1.data.nt5_ex.domain_name);
254 CHECK_STRING(search.out.netlogon.data.nt5_ex.pdc_name, n1.data.nt5_ex.pdc_name);
255 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
256 CHECK_STRING(search.out.netlogon.data.nt5_ex.server_site, n1.data.nt5_ex.server_site);
257 CHECK_STRING(search.out.netlogon.data.nt5_ex.client_site, n1.data.nt5_ex.client_site);
258
259 printf("Trying with a incorrect GUID and correct domain\n");
260 search.in.domain_guid = GUID_string(tctx, &guid);
261 search.in.realm = n1.data.nt5_ex.dns_domain;
262 status = request_netlogon(cldap, tctx, &search);
263 CHECK_STATUS(status, NT_STATUS_OK);
264 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
265 CHECK_STRING(search.out.netlogon.data.nt5_ex.forest, n1.data.nt5_ex.dns_domain);
266 CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
267 CHECK_STRING(search.out.netlogon.data.nt5_ex.domain_name, n1.data.nt5_ex.domain_name);
268 CHECK_STRING(search.out.netlogon.data.nt5_ex.pdc_name, n1.data.nt5_ex.pdc_name);
269 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
270 CHECK_STRING(search.out.netlogon.data.nt5_ex.server_site, n1.data.nt5_ex.server_site);
271 CHECK_STRING(search.out.netlogon.data.nt5_ex.client_site, n1.data.nt5_ex.client_site);
272
273 printf("Proof other results\n");
274 search.in.user = "Administrator";
275 status = request_netlogon(cldap, tctx, &search);
276 CHECK_STATUS(status, NT_STATUS_OK);
277 CHECK_STRING(search.out.netlogon.data.nt5_ex.forest, n1.data.nt5_ex.dns_domain);
278 CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
279 CHECK_STRING(search.out.netlogon.data.nt5_ex.domain_name, n1.data.nt5_ex.domain_name);
280 CHECK_STRING(search.out.netlogon.data.nt5_ex.pdc_name, n1.data.nt5_ex.pdc_name);
281 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user);
282 CHECK_STRING(search.out.netlogon.data.nt5_ex.server_site, n1.data.nt5_ex.server_site);
283 CHECK_STRING(search.out.netlogon.data.nt5_ex.client_site, n1.data.nt5_ex.client_site);
284
285 return true;
286 }
287
288 /*
289 test cldap netlogon server type flags
290 */
291 static bool test_ldap_netlogon_flags(struct torture_context *tctx,
292 request_netlogon_t request_netlogon,
293 void *cldap,
294 const char *dest)
295 {
296 NTSTATUS status;
297 struct cldap_netlogon search;
298 struct netlogon_samlogon_response n1;
299 uint32_t server_type = 0;
300
301 printf("Printing out netlogon server type flags: %s\n", dest);
302
303 ZERO_STRUCT(search);
304 search.in.dest_address = NULL;
305 search.in.dest_port = 0;
306 search.in.acct_control = -1;
307 search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
308 search.in.map_response = true;
309
310 status = request_netlogon(cldap, tctx, &search);
311 CHECK_STATUS(status, NT_STATUS_OK);
312
313 n1 = search.out.netlogon;
314 if (n1.ntver == NETLOGON_NT_VERSION_5)
315 server_type = n1.data.nt5.server_type;
316 else if (n1.ntver == NETLOGON_NT_VERSION_5EX)
317 server_type = n1.data.nt5_ex.server_type;
318
319 printf("The word is: %i\n", server_type);
320 if (server_type & NBT_SERVER_PDC)
321 printf("NBT_SERVER_PDC ");
322 if (server_type & NBT_SERVER_GC)
323 printf("NBT_SERVER_GC ");
324 if (server_type & NBT_SERVER_LDAP)
325 printf("NBT_SERVER_LDAP ");
326 if (server_type & NBT_SERVER_DS)
327 printf("NBT_SERVER_DS ");
328 if (server_type & NBT_SERVER_KDC)
329 printf("NBT_SERVER_KDC ");
330 if (server_type & NBT_SERVER_TIMESERV)
331 printf("NBT_SERVER_TIMESERV ");
332 if (server_type & NBT_SERVER_CLOSEST)
333 printf("NBT_SERVER_CLOSEST ");
334 if (server_type & NBT_SERVER_WRITABLE)
335 printf("NBT_SERVER_WRITABLE ");
336 if (server_type & NBT_SERVER_GOOD_TIMESERV)
337 printf("NBT_SERVER_GOOD_TIMESERV ");
338 if (server_type & NBT_SERVER_NDNC)
339 printf("NBT_SERVER_NDNC ");
340 if (server_type & NBT_SERVER_SELECT_SECRET_DOMAIN_6)
341 printf("NBT_SERVER_SELECT_SECRET_DOMAIN_6");
342 if (server_type & NBT_SERVER_FULL_SECRET_DOMAIN_6)
343 printf("NBT_SERVER_FULL_SECRET_DOMAIN_6");
344 if (server_type & NBT_SERVER_ADS_WEB_SERVICE)
345 printf("NBT_SERVER_ADS_WEB_SERVICE ");
346 if (server_type & NBT_SERVER_DS_8)
347 printf("NBT_SERVER_DS_8 ");
348 if (server_type & DS_DNS_CONTROLLER)
349 printf("DS_DNS_CONTROLLER ");
350 if (server_type & DS_DNS_DOMAIN)
351 printf("DS_DNS_DOMAIN ");
352 if (server_type & DS_DNS_FOREST_ROOT)
353 printf("DS_DNS_FOREST_ROOT ");
354
355 printf("\n");
356
357 return true;
358 }
359
360 static NTSTATUS tcp_ldap_rootdse(void *data,
361 TALLOC_CTX *mem_ctx,
362 struct cldap_search *io)
363 {
364 struct ldap_connection *conn = talloc_get_type(data,
365 struct ldap_connection);
366 struct ldap_message *msg, *result;
367 struct ldap_request *req;
368 int i;
369 NTSTATUS status;
370
371 msg = new_ldap_message(mem_ctx);
372 if (!msg) {
373 return NT_STATUS_NO_MEMORY;
374 }
375
376 msg->type = LDAP_TAG_SearchRequest;
377 msg->r.SearchRequest.basedn = "";
378 msg->r.SearchRequest.scope = LDAP_SEARCH_SCOPE_BASE;
379 msg->r.SearchRequest.deref = LDAP_DEREFERENCE_NEVER;
380 msg->r.SearchRequest.timelimit = 0;
381 msg->r.SearchRequest.sizelimit = 0;
382 msg->r.SearchRequest.attributesonly = false;
383 msg->r.SearchRequest.tree = ldb_parse_tree(msg, io->in.filter);
384 msg->r.SearchRequest.num_attributes = str_list_length(io->in.attributes);
385 msg->r.SearchRequest.attributes = io->in.attributes;
386
387 req = ldap_request_send(conn, msg);
388 if (req == NULL) {
389 printf("Could not setup ldap search\n");
390 return NT_STATUS_UNSUCCESSFUL;
391 }
392
393 ZERO_STRUCT(io->out);
394 for (i = 0; i < 2; ++i) {
395 status = ldap_result_n(req, i, &result);
396 if (!NT_STATUS_IS_OK(status)) {
397 return status;
398 }
399 switch (result->type) {
400 case LDAP_TAG_SearchResultEntry:
401 if (i != 0) {
402 return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR);
403 }
404 io->out.response = &result->r.SearchResultEntry;
405 break;
406 case LDAP_TAG_SearchResultDone:
407 io->out.result = &result->r.SearchResultDone;
408 if (io->out.result->resultcode != LDAP_SUCCESS) {
409 return NT_STATUS_LDAP(io->out.result->resultcode);
410 }
411
412 return NT_STATUS_OK;
413 default:
414 return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR);
415 }
416 }
417
418 return NT_STATUS_OK;
419 }
420
421 static NTSTATUS tcp_ldap_netlogon(void *conn,
422 TALLOC_CTX *mem_ctx,
423 struct cldap_netlogon *io)
424 {
425 struct cldap_search search;
426 struct ldap_SearchResEntry *res;
427 NTSTATUS status;
428 DATA_BLOB *blob;
429
430 ZERO_STRUCT(search);
431 search.in.attributes = (const char *[]) { "netlogon", NULL };
432 search.in.filter = cldap_netlogon_create_filter(mem_ctx, io);
433 if (search.in.filter == NULL) {
434 return NT_STATUS_NO_MEMORY;
435 }
436
437 status = tcp_ldap_rootdse(conn, mem_ctx, &search);
438 if (!NT_STATUS_IS_OK(status)) {
439 return status;
440 }
441
442 res = search.out.response;
443 if (res == NULL) {
444 return NT_STATUS_NOT_FOUND;
445 }
446
447 if (res->num_attributes != 1 ||
448 strcasecmp(res->attributes[0].name, "netlogon") != 0 ||
449 res->attributes[0].num_values != 1 ||
450 res->attributes[0].values->length < 2) {
451 return NT_STATUS_UNEXPECTED_NETWORK_ERROR;
452 }
453
454 blob = res->attributes[0].values;
455 status = pull_netlogon_samlogon_response(blob, mem_ctx,
456 &io->out.netlogon);
457 if (!NT_STATUS_IS_OK(status)) {
458 return status;
459 }
460
461 if (io->in.map_response) {
462 map_netlogon_samlogon_response(&io->out.netlogon);
463 }
464
465 return NT_STATUS_OK;
466 }
467
468 static NTSTATUS udp_ldap_rootdse(void *data, TALLOC_CTX *mem_ctx,
469 struct cldap_search *io)
470 {
471 struct cldap_socket *cldap = talloc_get_type(data,
472 struct cldap_socket);
473
474 return cldap_search(cldap, mem_ctx, io);
475 }
476
477 static bool test_netlogon_extra_attrs(struct torture_context *tctx,
478 request_rootdse_t request_rootdse,
479 void *conn)
480 {
481 struct cldap_search io;
482 NTSTATUS status;
483 const char *attrs[] = {
484 "netlogon",
485 "supportedCapabilities",
486 NULL
487 };
488 const char *attrs2[] = { "netlogon", "*", NULL };
489 struct ldb_message ldbmsg = { NULL, 0, NULL };
490
491 ZERO_STRUCT(io);
492 io.in.dest_address = NULL;
493 io.in.dest_port = 0;
494 io.in.timeout = 2;
495 io.in.retries = 2;
496 /* Additional attributes may be requested next to netlogon */
497 torture_comment(tctx, "Requesting netlogon with additional attribute\n");
498 io.in.filter =
499 talloc_asprintf(tctx, "(&"
500 "(NtVer=%s)(AAC=%s)"
501 /* Query for LDAP_CAP_ACTIVE_DIRECTORY_OID */
502 "(supportedCapabilities=1.2.840.113556.1.4.800)"
503 ")",
504 ldap_encode_ndr_uint32(tctx,
505 NETLOGON_NT_VERSION_5EX),
506 ldap_encode_ndr_uint32(tctx, 0));
507 torture_assert(tctx, io.in.filter != NULL, "OOM");
508 io.in.attributes = attrs;
509 status = request_rootdse(conn, tctx, &io);
510 CHECK_STATUS(status, NT_STATUS_OK);
511 torture_assert(tctx, io.out.response != NULL, "No Entries found.");
512 CHECK_VAL(io.out.response->num_attributes, 2);
513
514 /* netlogon + '*' attr return zero results */
515 torture_comment(tctx, "Requesting netlogon and '*' attributes\n");
516 io.in.attributes = attrs2;
517 status = request_rootdse(conn, tctx, &io);
518 CHECK_STATUS(status, NT_STATUS_OK);
519 torture_assert(tctx, io.out.response != NULL, "No Entries found.");
520 ldbmsg.num_elements = io.out.response->num_attributes;
521 ldbmsg.elements = io.out.response->attributes;
522 torture_assert(tctx, ldb_msg_find_element(&ldbmsg, "netlogon") != NULL,
523 "Attribute netlogon not found in Result Entry\n");
524
525 /* Wildcards are not allowed in filters when netlogon is requested. */
526 torture_comment(tctx, "Requesting netlogon with invalid attr filter\n");
527 io.in.filter =
528 talloc_asprintf(tctx,
529 "(&(NtVer=%s)(AAC=%s)(supportedCapabilities=*))",
530 ldap_encode_ndr_uint32(tctx,
531 NETLOGON_NT_VERSION_5EX),
532 ldap_encode_ndr_uint32(tctx, 0));
533 torture_assert(tctx, io.in.filter != NULL, "OOM");
534 io.in.attributes = attrs;
535 status = request_rootdse(conn, tctx, &io);
536 CHECK_STATUS(status, NT_STATUS_OK);
537 torture_assert(tctx, io.out.response == NULL,
538 "A wildcard filter should return no entries.");
539
540 return true;
541 }
542
543
544 bool torture_netlogon_tcp(struct torture_context *tctx)
545 {
546 const char *host = torture_setting_string(tctx, "host", NULL);
547 bool ret = true;
548 NTSTATUS status;
549 struct ldap_connection *conn;
550 TALLOC_CTX *mem_ctx;
551 const char *url;
552
553 mem_ctx = talloc_init("torture_ldap_netlogon");
554
555 url = talloc_asprintf(mem_ctx, "ldap://%s/", host);
556
557 status = torture_ldap_connection(tctx, &conn, url);
558 if (!NT_STATUS_IS_OK(status)) {
559 return false;
560 }
561
562 ret &= test_ldap_netlogon(tctx, tcp_ldap_netlogon, conn, host);
563 ret &= test_ldap_netlogon_flags(tctx, tcp_ldap_netlogon, conn, host);
564 ret &= test_netlogon_extra_attrs(tctx, tcp_ldap_rootdse, conn);
565
566 return ret;
567 }
568
569 static NTSTATUS udp_ldap_netlogon(void *data,
570 TALLOC_CTX *mem_ctx,
571 struct cldap_netlogon *io)
572 {
573 struct cldap_socket *cldap = talloc_get_type(data,
574 struct cldap_socket);
575
576 return cldap_netlogon(cldap, mem_ctx, io);
577 }
578
579 bool torture_netlogon_udp(struct torture_context *tctx)
580 {
581 const char *host = torture_setting_string(tctx, "host", NULL);
582 bool ret = true;
583 int r;
584 struct cldap_socket *cldap;
585 NTSTATUS status;
586 struct tsocket_address *dest_addr;
587
588 r = tsocket_address_inet_from_strings(tctx, "ip",
589 host,
590 lpcfg_cldap_port(tctx->lp_ctx),
591 &dest_addr);
592 CHECK_VAL(r, 0);
593
594 /* cldap_socket_init should now know about the dest. address */
595 status = cldap_socket_init(tctx, NULL, dest_addr, &cldap);
596 CHECK_STATUS(status, NT_STATUS_OK);
597
598 ret &= test_ldap_netlogon(tctx, udp_ldap_netlogon, cldap, host);
599 ret &= test_ldap_netlogon_flags(tctx, udp_ldap_netlogon, cldap, host);
600 ret &= test_netlogon_extra_attrs(tctx, udp_ldap_rootdse, cldap);
601
602 return ret;
603 }
Samba GIT mirror