2 Unix SMB/CIFS mplementation.
4 test CLDAP/LDAP netlogon operations
6 Copyright (C) Andrew Tridgell 2005
7 Copyright (C) Matthias Dieter Wallnöfer 2009
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
25 #include "libcli/cldap/cldap.h"
26 #include "libcli/ldap/ldap_client.h"
27 #include "libcli/ldap/ldap_ndr.h"
28 #include "librpc/gen_ndr/netlogon.h"
29 #include "param/param.h"
30 #include "../lib/tsocket/tsocket.h"
32 #include "torture/torture.h"
33 #include "torture/ldap/proto.h"
35 #define CHECK_STATUS(status, correct) torture_assert_ntstatus_equal(tctx, status, correct, "incorrect status")
37 #define CHECK_VAL(v, correct) torture_assert_int_equal(tctx, (v), (correct), "incorrect value");
39 #define CHECK_STRING(v, correct) torture_assert_str_equal(tctx, v, correct, "incorrect value");
41 typedef NTSTATUS (*request_netlogon_t
)(void *con
,
43 struct cldap_netlogon
*io
);
45 typedef NTSTATUS (*request_rootdse_t
)(void *con
,
47 struct cldap_search
*io
);
50 test netlogon operations
52 static bool test_ldap_netlogon(struct torture_context
*tctx
,
53 request_netlogon_t request_netlogon
,
58 struct cldap_netlogon search
, empty_search
;
59 struct netlogon_samlogon_response n1
;
64 search
.in
.dest_address
= NULL
;
65 search
.in
.dest_port
= 0;
66 search
.in
.acct_control
= -1;
67 search
.in
.version
= NETLOGON_NT_VERSION_5
| NETLOGON_NT_VERSION_5EX
;
68 search
.in
.map_response
= true;
70 empty_search
= search
;
72 printf("Trying without any attributes\n");
73 search
= empty_search
;
74 status
= request_netlogon(cldap
, tctx
, &search
);
75 CHECK_STATUS(status
, NT_STATUS_OK
);
77 n1
= search
.out
.netlogon
;
79 search
.in
.user
= "Administrator";
80 search
.in
.realm
= n1
.data
.nt5_ex
.dns_domain
;
81 search
.in
.host
= "__cldap_torture__";
83 printf("Scanning for netlogon levels\n");
85 search
.in
.version
= i
;
86 printf("Trying netlogon level %d\n", i
);
87 status
= request_netlogon(cldap
, tctx
, &search
);
88 CHECK_STATUS(status
, NT_STATUS_OK
);
91 printf("Scanning for netlogon level bits\n");
93 search
.in
.version
= (1<<i
);
94 printf("Trying netlogon level 0x%x\n", i
);
95 status
= request_netlogon(cldap
, tctx
, &search
);
96 CHECK_STATUS(status
, NT_STATUS_OK
);
99 search
.in
.version
= NETLOGON_NT_VERSION_5
|NETLOGON_NT_VERSION_5EX
|NETLOGON_NT_VERSION_IP
;
100 status
= request_netlogon(cldap
, tctx
, &search
);
101 CHECK_STATUS(status
, NT_STATUS_OK
);
103 printf("Trying with User=NULL\n");
104 search
.in
.user
= NULL
;
105 status
= request_netlogon(cldap
, tctx
, &search
);
106 CHECK_STATUS(status
, NT_STATUS_OK
);
107 CHECK_VAL(search
.out
.netlogon
.data
.nt5_ex
.command
, LOGON_SAM_LOGON_RESPONSE_EX
);
108 CHECK_STRING(search
.out
.netlogon
.data
.nt5_ex
.user_name
, "");
110 strstr(search
.out
.netlogon
.data
.nt5_ex
.pdc_name
, "\\\\") == NULL
,
111 "PDC name should not be in UNC form");
113 printf("Trying with User=Administrator\n");
114 search
.in
.user
= "Administrator";
115 status
= request_netlogon(cldap
, tctx
, &search
);
116 CHECK_STATUS(status
, NT_STATUS_OK
);
117 CHECK_VAL(search
.out
.netlogon
.data
.nt5_ex
.command
, LOGON_SAM_LOGON_USER_UNKNOWN_EX
);
118 CHECK_STRING(search
.out
.netlogon
.data
.nt5_ex
.user_name
, search
.in
.user
);
120 strstr(search
.out
.netlogon
.data
.nt5_ex
.pdc_name
, "\\\\") == NULL
,
121 "PDC name should not be in UNC form");
123 search
.in
.version
= NETLOGON_NT_VERSION_5
;
124 status
= request_netlogon(cldap
, tctx
, &search
);
125 CHECK_STATUS(status
, NT_STATUS_OK
);
127 printf("Trying with User=NULL\n");
128 search
.in
.user
= NULL
;
129 status
= request_netlogon(cldap
, tctx
, &search
);
130 CHECK_STATUS(status
, NT_STATUS_OK
);
131 CHECK_VAL(search
.out
.netlogon
.data
.nt5_ex
.command
, LOGON_SAM_LOGON_RESPONSE
);
132 CHECK_STRING(search
.out
.netlogon
.data
.nt5_ex
.user_name
, "");
134 strstr(search
.out
.netlogon
.data
.nt5_ex
.pdc_name
, "\\\\") != NULL
,
135 "PDC name should be in UNC form");
137 printf("Trying with User=Administrator\n");
138 search
.in
.user
= "Administrator";
139 status
= request_netlogon(cldap
, tctx
, &search
);
140 CHECK_STATUS(status
, NT_STATUS_OK
);
141 CHECK_VAL(search
.out
.netlogon
.data
.nt5_ex
.command
, LOGON_SAM_LOGON_USER_UNKNOWN
);
142 CHECK_STRING(search
.out
.netlogon
.data
.nt5_ex
.user_name
, search
.in
.user
);
144 strstr(search
.out
.netlogon
.data
.nt5_ex
.pdc_name
, "\\\\") != NULL
,
145 "PDC name should be in UNC form");
147 search
.in
.version
= NETLOGON_NT_VERSION_5
| NETLOGON_NT_VERSION_5EX
;
149 printf("Trying with a GUID\n");
150 search
.in
.realm
= NULL
;
151 search
.in
.domain_guid
= GUID_string(tctx
, &n1
.data
.nt5_ex
.domain_uuid
);
152 status
= request_netlogon(cldap
, tctx
, &search
);
153 CHECK_STATUS(status
, NT_STATUS_OK
);
154 CHECK_VAL(search
.out
.netlogon
.data
.nt5_ex
.command
, LOGON_SAM_LOGON_USER_UNKNOWN_EX
);
155 CHECK_STRING(GUID_string(tctx
, &search
.out
.netlogon
.data
.nt5_ex
.domain_uuid
), search
.in
.domain_guid
);
157 strstr(search
.out
.netlogon
.data
.nt5_ex
.pdc_name
, "\\\\") == NULL
,
158 "PDC name should not be in UNC form");
160 printf("Trying with a incorrect GUID\n");
161 guid
= GUID_random();
162 search
.in
.user
= NULL
;
163 search
.in
.domain_guid
= GUID_string(tctx
, &guid
);
164 status
= request_netlogon(cldap
, tctx
, &search
);
165 CHECK_STATUS(status
, NT_STATUS_NOT_FOUND
);
167 printf("Trying with a AAC\n");
168 search
.in
.acct_control
= ACB_WSTRUST
|ACB_SVRTRUST
;
169 search
.in
.realm
= n1
.data
.nt5_ex
.dns_domain
;
170 status
= request_netlogon(cldap
, tctx
, &search
);
171 CHECK_STATUS(status
, NT_STATUS_OK
);
172 CHECK_VAL(search
.out
.netlogon
.data
.nt5_ex
.command
, LOGON_SAM_LOGON_RESPONSE_EX
);
173 CHECK_STRING(search
.out
.netlogon
.data
.nt5_ex
.user_name
, "");
175 printf("Trying with a zero AAC\n");
176 search
.in
.acct_control
= 0x0;
177 search
.in
.realm
= n1
.data
.nt5_ex
.dns_domain
;
178 status
= request_netlogon(cldap
, tctx
, &search
);
179 CHECK_STATUS(status
, NT_STATUS_OK
);
180 CHECK_VAL(search
.out
.netlogon
.data
.nt5_ex
.command
, LOGON_SAM_LOGON_RESPONSE_EX
);
181 CHECK_STRING(search
.out
.netlogon
.data
.nt5_ex
.user_name
, "");
183 printf("Trying with a zero AAC and user=Administrator\n");
184 search
.in
.acct_control
= 0x0;
185 search
.in
.user
= "Administrator";
186 search
.in
.realm
= n1
.data
.nt5_ex
.dns_domain
;
187 status
= request_netlogon(cldap
, tctx
, &search
);
188 CHECK_STATUS(status
, NT_STATUS_OK
);
189 CHECK_VAL(search
.out
.netlogon
.data
.nt5_ex
.command
, LOGON_SAM_LOGON_USER_UNKNOWN_EX
);
190 CHECK_STRING(search
.out
.netlogon
.data
.nt5_ex
.user_name
, "Administrator");
192 printf("Trying with a bad AAC\n");
193 search
.in
.user
= NULL
;
194 search
.in
.acct_control
= 0xFF00FF00;
195 search
.in
.realm
= n1
.data
.nt5_ex
.dns_domain
;
196 status
= request_netlogon(cldap
, tctx
, &search
);
197 CHECK_STATUS(status
, NT_STATUS_OK
);
198 CHECK_VAL(search
.out
.netlogon
.data
.nt5_ex
.command
, LOGON_SAM_LOGON_RESPONSE_EX
);
199 CHECK_STRING(search
.out
.netlogon
.data
.nt5_ex
.user_name
, "");
201 printf("Trying with a user only\n");
202 search
= empty_search
;
203 search
.in
.user
= "Administrator";
204 status
= request_netlogon(cldap
, tctx
, &search
);
205 CHECK_STATUS(status
, NT_STATUS_OK
);
206 CHECK_STRING(search
.out
.netlogon
.data
.nt5_ex
.forest
, n1
.data
.nt5_ex
.dns_domain
);
207 CHECK_STRING(search
.out
.netlogon
.data
.nt5_ex
.dns_domain
, n1
.data
.nt5_ex
.dns_domain
);
208 CHECK_STRING(search
.out
.netlogon
.data
.nt5_ex
.domain_name
, n1
.data
.nt5_ex
.domain_name
);
209 CHECK_STRING(search
.out
.netlogon
.data
.nt5_ex
.pdc_name
, n1
.data
.nt5_ex
.pdc_name
);
210 CHECK_STRING(search
.out
.netlogon
.data
.nt5_ex
.user_name
, search
.in
.user
);
211 CHECK_STRING(search
.out
.netlogon
.data
.nt5_ex
.server_site
, n1
.data
.nt5_ex
.server_site
);
212 CHECK_STRING(search
.out
.netlogon
.data
.nt5_ex
.client_site
, n1
.data
.nt5_ex
.client_site
);
214 printf("Trying with just a bad username\n");
215 search
.in
.user
= "___no_such_user___";
216 status
= request_netlogon(cldap
, tctx
, &search
);
217 CHECK_STATUS(status
, NT_STATUS_OK
);
218 CHECK_VAL(search
.out
.netlogon
.data
.nt5_ex
.command
, LOGON_SAM_LOGON_USER_UNKNOWN_EX
);
219 CHECK_STRING(search
.out
.netlogon
.data
.nt5_ex
.forest
, n1
.data
.nt5_ex
.dns_domain
);
220 CHECK_STRING(search
.out
.netlogon
.data
.nt5_ex
.dns_domain
, n1
.data
.nt5_ex
.dns_domain
);
221 CHECK_STRING(search
.out
.netlogon
.data
.nt5_ex
.domain_name
, n1
.data
.nt5_ex
.domain_name
);
222 CHECK_STRING(search
.out
.netlogon
.data
.nt5_ex
.pdc_name
, n1
.data
.nt5_ex
.pdc_name
);
223 CHECK_STRING(search
.out
.netlogon
.data
.nt5_ex
.user_name
, search
.in
.user
);
224 CHECK_STRING(search
.out
.netlogon
.data
.nt5_ex
.server_site
, n1
.data
.nt5_ex
.server_site
);
225 CHECK_STRING(search
.out
.netlogon
.data
.nt5_ex
.client_site
, n1
.data
.nt5_ex
.client_site
);
227 printf("Trying with just a bad domain\n");
228 search
= empty_search
;
229 search
.in
.realm
= "___no_such_domain___";
230 status
= request_netlogon(cldap
, tctx
, &search
);
231 CHECK_STATUS(status
, NT_STATUS_NOT_FOUND
);
233 printf("Trying with a incorrect domain and correct guid\n");
234 search
.in
.domain_guid
= GUID_string(tctx
, &n1
.data
.nt5_ex
.domain_uuid
);
235 status
= request_netlogon(cldap
, tctx
, &search
);
236 CHECK_STATUS(status
, NT_STATUS_OK
);
237 CHECK_VAL(search
.out
.netlogon
.data
.nt5_ex
.command
, LOGON_SAM_LOGON_RESPONSE_EX
);
238 CHECK_STRING(search
.out
.netlogon
.data
.nt5_ex
.forest
, n1
.data
.nt5_ex
.dns_domain
);
239 CHECK_STRING(search
.out
.netlogon
.data
.nt5_ex
.dns_domain
, n1
.data
.nt5_ex
.dns_domain
);
240 CHECK_STRING(search
.out
.netlogon
.data
.nt5_ex
.domain_name
, n1
.data
.nt5_ex
.domain_name
);
241 CHECK_STRING(search
.out
.netlogon
.data
.nt5_ex
.pdc_name
, n1
.data
.nt5_ex
.pdc_name
);
242 CHECK_STRING(search
.out
.netlogon
.data
.nt5_ex
.user_name
, "");
243 CHECK_STRING(search
.out
.netlogon
.data
.nt5_ex
.server_site
, n1
.data
.nt5_ex
.server_site
);
244 CHECK_STRING(search
.out
.netlogon
.data
.nt5_ex
.client_site
, n1
.data
.nt5_ex
.client_site
);
246 printf("Trying with a incorrect domain and incorrect guid\n");
247 search
.in
.domain_guid
= GUID_string(tctx
, &guid
);
248 status
= request_netlogon(cldap
, tctx
, &search
);
249 CHECK_STATUS(status
, NT_STATUS_NOT_FOUND
);
250 CHECK_VAL(search
.out
.netlogon
.data
.nt5_ex
.command
, LOGON_SAM_LOGON_RESPONSE_EX
);
251 CHECK_STRING(search
.out
.netlogon
.data
.nt5_ex
.forest
, n1
.data
.nt5_ex
.dns_domain
);
252 CHECK_STRING(search
.out
.netlogon
.data
.nt5_ex
.dns_domain
, n1
.data
.nt5_ex
.dns_domain
);
253 CHECK_STRING(search
.out
.netlogon
.data
.nt5_ex
.domain_name
, n1
.data
.nt5_ex
.domain_name
);
254 CHECK_STRING(search
.out
.netlogon
.data
.nt5_ex
.pdc_name
, n1
.data
.nt5_ex
.pdc_name
);
255 CHECK_STRING(search
.out
.netlogon
.data
.nt5_ex
.user_name
, "");
256 CHECK_STRING(search
.out
.netlogon
.data
.nt5_ex
.server_site
, n1
.data
.nt5_ex
.server_site
);
257 CHECK_STRING(search
.out
.netlogon
.data
.nt5_ex
.client_site
, n1
.data
.nt5_ex
.client_site
);
259 printf("Trying with a incorrect GUID and correct domain\n");
260 search
.in
.domain_guid
= GUID_string(tctx
, &guid
);
261 search
.in
.realm
= n1
.data
.nt5_ex
.dns_domain
;
262 status
= request_netlogon(cldap
, tctx
, &search
);
263 CHECK_STATUS(status
, NT_STATUS_OK
);
264 CHECK_VAL(search
.out
.netlogon
.data
.nt5_ex
.command
, LOGON_SAM_LOGON_RESPONSE_EX
);
265 CHECK_STRING(search
.out
.netlogon
.data
.nt5_ex
.forest
, n1
.data
.nt5_ex
.dns_domain
);
266 CHECK_STRING(search
.out
.netlogon
.data
.nt5_ex
.dns_domain
, n1
.data
.nt5_ex
.dns_domain
);
267 CHECK_STRING(search
.out
.netlogon
.data
.nt5_ex
.domain_name
, n1
.data
.nt5_ex
.domain_name
);
268 CHECK_STRING(search
.out
.netlogon
.data
.nt5_ex
.pdc_name
, n1
.data
.nt5_ex
.pdc_name
);
269 CHECK_STRING(search
.out
.netlogon
.data
.nt5_ex
.user_name
, "");
270 CHECK_STRING(search
.out
.netlogon
.data
.nt5_ex
.server_site
, n1
.data
.nt5_ex
.server_site
);
271 CHECK_STRING(search
.out
.netlogon
.data
.nt5_ex
.client_site
, n1
.data
.nt5_ex
.client_site
);
273 printf("Proof other results\n");
274 search
.in
.user
= "Administrator";
275 status
= request_netlogon(cldap
, tctx
, &search
);
276 CHECK_STATUS(status
, NT_STATUS_OK
);
277 CHECK_STRING(search
.out
.netlogon
.data
.nt5_ex
.forest
, n1
.data
.nt5_ex
.dns_domain
);
278 CHECK_STRING(search
.out
.netlogon
.data
.nt5_ex
.dns_domain
, n1
.data
.nt5_ex
.dns_domain
);
279 CHECK_STRING(search
.out
.netlogon
.data
.nt5_ex
.domain_name
, n1
.data
.nt5_ex
.domain_name
);
280 CHECK_STRING(search
.out
.netlogon
.data
.nt5_ex
.pdc_name
, n1
.data
.nt5_ex
.pdc_name
);
281 CHECK_STRING(search
.out
.netlogon
.data
.nt5_ex
.user_name
, search
.in
.user
);
282 CHECK_STRING(search
.out
.netlogon
.data
.nt5_ex
.server_site
, n1
.data
.nt5_ex
.server_site
);
283 CHECK_STRING(search
.out
.netlogon
.data
.nt5_ex
.client_site
, n1
.data
.nt5_ex
.client_site
);
289 test cldap netlogon server type flags
291 static bool test_ldap_netlogon_flags(struct torture_context
*tctx
,
292 request_netlogon_t request_netlogon
,
297 struct cldap_netlogon search
;
298 struct netlogon_samlogon_response n1
;
299 uint32_t server_type
= 0;
301 printf("Printing out netlogon server type flags: %s\n", dest
);
304 search
.in
.dest_address
= NULL
;
305 search
.in
.dest_port
= 0;
306 search
.in
.acct_control
= -1;
307 search
.in
.version
= NETLOGON_NT_VERSION_5
| NETLOGON_NT_VERSION_5EX
;
308 search
.in
.map_response
= true;
310 status
= request_netlogon(cldap
, tctx
, &search
);
311 CHECK_STATUS(status
, NT_STATUS_OK
);
313 n1
= search
.out
.netlogon
;
314 if (n1
.ntver
== NETLOGON_NT_VERSION_5
)
315 server_type
= n1
.data
.nt5
.server_type
;
316 else if (n1
.ntver
== NETLOGON_NT_VERSION_5EX
)
317 server_type
= n1
.data
.nt5_ex
.server_type
;
319 printf("The word is: %i\n", server_type
);
320 if (server_type
& NBT_SERVER_PDC
)
321 printf("NBT_SERVER_PDC ");
322 if (server_type
& NBT_SERVER_GC
)
323 printf("NBT_SERVER_GC ");
324 if (server_type
& NBT_SERVER_LDAP
)
325 printf("NBT_SERVER_LDAP ");
326 if (server_type
& NBT_SERVER_DS
)
327 printf("NBT_SERVER_DS ");
328 if (server_type
& NBT_SERVER_KDC
)
329 printf("NBT_SERVER_KDC ");
330 if (server_type
& NBT_SERVER_TIMESERV
)
331 printf("NBT_SERVER_TIMESERV ");
332 if (server_type
& NBT_SERVER_CLOSEST
)
333 printf("NBT_SERVER_CLOSEST ");
334 if (server_type
& NBT_SERVER_WRITABLE
)
335 printf("NBT_SERVER_WRITABLE ");
336 if (server_type
& NBT_SERVER_GOOD_TIMESERV
)
337 printf("NBT_SERVER_GOOD_TIMESERV ");
338 if (server_type
& NBT_SERVER_NDNC
)
339 printf("NBT_SERVER_NDNC ");
340 if (server_type
& NBT_SERVER_SELECT_SECRET_DOMAIN_6
)
341 printf("NBT_SERVER_SELECT_SECRET_DOMAIN_6");
342 if (server_type
& NBT_SERVER_FULL_SECRET_DOMAIN_6
)
343 printf("NBT_SERVER_FULL_SECRET_DOMAIN_6");
344 if (server_type
& NBT_SERVER_ADS_WEB_SERVICE
)
345 printf("NBT_SERVER_ADS_WEB_SERVICE ");
346 if (server_type
& NBT_SERVER_DS_8
)
347 printf("NBT_SERVER_DS_8 ");
348 if (server_type
& DS_DNS_CONTROLLER
)
349 printf("DS_DNS_CONTROLLER ");
350 if (server_type
& DS_DNS_DOMAIN
)
351 printf("DS_DNS_DOMAIN ");
352 if (server_type
& DS_DNS_FOREST_ROOT
)
353 printf("DS_DNS_FOREST_ROOT ");
360 static NTSTATUS
tcp_ldap_rootdse(void *data
,
362 struct cldap_search
*io
)
364 struct ldap_connection
*conn
= talloc_get_type(data
,
365 struct ldap_connection
);
366 struct ldap_message
*msg
, *result
;
367 struct ldap_request
*req
;
371 msg
= new_ldap_message(mem_ctx
);
373 return NT_STATUS_NO_MEMORY
;
376 msg
->type
= LDAP_TAG_SearchRequest
;
377 msg
->r
.SearchRequest
.basedn
= "";
378 msg
->r
.SearchRequest
.scope
= LDAP_SEARCH_SCOPE_BASE
;
379 msg
->r
.SearchRequest
.deref
= LDAP_DEREFERENCE_NEVER
;
380 msg
->r
.SearchRequest
.timelimit
= 0;
381 msg
->r
.SearchRequest
.sizelimit
= 0;
382 msg
->r
.SearchRequest
.attributesonly
= false;
383 msg
->r
.SearchRequest
.tree
= ldb_parse_tree(msg
, io
->in
.filter
);
384 msg
->r
.SearchRequest
.num_attributes
= str_list_length(io
->in
.attributes
);
385 msg
->r
.SearchRequest
.attributes
= io
->in
.attributes
;
387 req
= ldap_request_send(conn
, msg
);
389 printf("Could not setup ldap search\n");
390 return NT_STATUS_UNSUCCESSFUL
;
393 ZERO_STRUCT(io
->out
);
394 for (i
= 0; i
< 2; ++i
) {
395 status
= ldap_result_n(req
, i
, &result
);
396 if (!NT_STATUS_IS_OK(status
)) {
399 switch (result
->type
) {
400 case LDAP_TAG_SearchResultEntry
:
402 return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR
);
404 io
->out
.response
= &result
->r
.SearchResultEntry
;
406 case LDAP_TAG_SearchResultDone
:
407 io
->out
.result
= &result
->r
.SearchResultDone
;
408 if (io
->out
.result
->resultcode
!= LDAP_SUCCESS
) {
409 return NT_STATUS_LDAP(io
->out
.result
->resultcode
);
414 return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR
);
421 static NTSTATUS
tcp_ldap_netlogon(void *conn
,
423 struct cldap_netlogon
*io
)
425 struct cldap_search search
;
426 struct ldap_SearchResEntry
*res
;
431 search
.in
.attributes
= (const char *[]) { "netlogon", NULL
};
432 search
.in
.filter
= cldap_netlogon_create_filter(mem_ctx
, io
);
433 if (search
.in
.filter
== NULL
) {
434 return NT_STATUS_NO_MEMORY
;
437 status
= tcp_ldap_rootdse(conn
, mem_ctx
, &search
);
438 if (!NT_STATUS_IS_OK(status
)) {
442 res
= search
.out
.response
;
444 return NT_STATUS_NOT_FOUND
;
447 if (res
->num_attributes
!= 1 ||
448 strcasecmp(res
->attributes
[0].name
, "netlogon") != 0 ||
449 res
->attributes
[0].num_values
!= 1 ||
450 res
->attributes
[0].values
->length
< 2) {
451 return NT_STATUS_UNEXPECTED_NETWORK_ERROR
;
454 blob
= res
->attributes
[0].values
;
455 status
= pull_netlogon_samlogon_response(blob
, mem_ctx
,
457 if (!NT_STATUS_IS_OK(status
)) {
461 if (io
->in
.map_response
) {
462 map_netlogon_samlogon_response(&io
->out
.netlogon
);
468 static NTSTATUS
udp_ldap_rootdse(void *data
, TALLOC_CTX
*mem_ctx
,
469 struct cldap_search
*io
)
471 struct cldap_socket
*cldap
= talloc_get_type(data
,
472 struct cldap_socket
);
474 return cldap_search(cldap
, mem_ctx
, io
);
477 static bool test_netlogon_extra_attrs(struct torture_context
*tctx
,
478 request_rootdse_t request_rootdse
,
481 struct cldap_search io
;
483 const char *attrs
[] = {
485 "supportedCapabilities",
488 const char *attrs2
[] = { "netlogon", "*", NULL
};
489 struct ldb_message ldbmsg
= { NULL
, 0, NULL
};
492 io
.in
.dest_address
= NULL
;
496 /* Additional attributes may be requested next to netlogon */
497 torture_comment(tctx
, "Requesting netlogon with additional attribute\n");
499 talloc_asprintf(tctx
, "(&"
501 /* Query for LDAP_CAP_ACTIVE_DIRECTORY_OID */
502 "(supportedCapabilities=1.2.840.113556.1.4.800)"
504 ldap_encode_ndr_uint32(tctx
,
505 NETLOGON_NT_VERSION_5EX
),
506 ldap_encode_ndr_uint32(tctx
, 0));
507 torture_assert(tctx
, io
.in
.filter
!= NULL
, "OOM");
508 io
.in
.attributes
= attrs
;
509 status
= request_rootdse(conn
, tctx
, &io
);
510 CHECK_STATUS(status
, NT_STATUS_OK
);
511 torture_assert(tctx
, io
.out
.response
!= NULL
, "No Entries found.");
512 CHECK_VAL(io
.out
.response
->num_attributes
, 2);
514 /* netlogon + '*' attr return zero results */
515 torture_comment(tctx
, "Requesting netlogon and '*' attributes\n");
516 io
.in
.attributes
= attrs2
;
517 status
= request_rootdse(conn
, tctx
, &io
);
518 CHECK_STATUS(status
, NT_STATUS_OK
);
519 torture_assert(tctx
, io
.out
.response
!= NULL
, "No Entries found.");
520 ldbmsg
.num_elements
= io
.out
.response
->num_attributes
;
521 ldbmsg
.elements
= io
.out
.response
->attributes
;
522 torture_assert(tctx
, ldb_msg_find_element(&ldbmsg
, "netlogon") != NULL
,
523 "Attribute netlogon not found in Result Entry\n");
525 /* Wildcards are not allowed in filters when netlogon is requested. */
526 torture_comment(tctx
, "Requesting netlogon with invalid attr filter\n");
528 talloc_asprintf(tctx
,
529 "(&(NtVer=%s)(AAC=%s)(supportedCapabilities=*))",
530 ldap_encode_ndr_uint32(tctx
,
531 NETLOGON_NT_VERSION_5EX
),
532 ldap_encode_ndr_uint32(tctx
, 0));
533 torture_assert(tctx
, io
.in
.filter
!= NULL
, "OOM");
534 io
.in
.attributes
= attrs
;
535 status
= request_rootdse(conn
, tctx
, &io
);
536 CHECK_STATUS(status
, NT_STATUS_OK
);
537 torture_assert(tctx
, io
.out
.response
== NULL
,
538 "A wildcard filter should return no entries.");
544 bool torture_netlogon_tcp(struct torture_context
*tctx
)
546 const char *host
= torture_setting_string(tctx
, "host", NULL
);
549 struct ldap_connection
*conn
;
553 mem_ctx
= talloc_init("torture_ldap_netlogon");
555 url
= talloc_asprintf(mem_ctx
, "ldap://%s/", host
);
557 status
= torture_ldap_connection(tctx
, &conn
, url
);
558 if (!NT_STATUS_IS_OK(status
)) {
562 ret
&= test_ldap_netlogon(tctx
, tcp_ldap_netlogon
, conn
, host
);
563 ret
&= test_ldap_netlogon_flags(tctx
, tcp_ldap_netlogon
, conn
, host
);
564 ret
&= test_netlogon_extra_attrs(tctx
, tcp_ldap_rootdse
, conn
);
569 static NTSTATUS
udp_ldap_netlogon(void *data
,
571 struct cldap_netlogon
*io
)
573 struct cldap_socket
*cldap
= talloc_get_type(data
,
574 struct cldap_socket
);
576 return cldap_netlogon(cldap
, mem_ctx
, io
);
579 bool torture_netlogon_udp(struct torture_context
*tctx
)
581 const char *host
= torture_setting_string(tctx
, "host", NULL
);
584 struct cldap_socket
*cldap
;
586 struct tsocket_address
*dest_addr
;
588 r
= tsocket_address_inet_from_strings(tctx
, "ip",
590 lpcfg_cldap_port(tctx
->lp_ctx
),
594 /* cldap_socket_init should now know about the dest. address */
595 status
= cldap_socket_init(tctx
, NULL
, dest_addr
, &cldap
);
596 CHECK_STATUS(status
, NT_STATUS_OK
);
598 ret
&= test_ldap_netlogon(tctx
, udp_ldap_netlogon
, cldap
, host
);
599 ret
&= test_ldap_netlogon_flags(tctx
, udp_ldap_netlogon
, cldap
, host
);
600 ret
&= test_netlogon_extra_attrs(tctx
, udp_ldap_rootdse
, cldap
);