search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s4:torture "cldap" test - restore the removed constraints and add more
[Samba/cd1.git] / source4 / torture / ldap / cldap.c
bloba77b8a4b432d138ba21914fba4311554d4fe8604
1 /*
2 Unix SMB/CIFS mplementation.
3
4 test CLDAP operations
5
6 Copyright (C) Andrew Tridgell 2005
7 Copyright (C) Matthias Dieter Wallnöfer 2009
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
21
22 */
23
24 #include "includes.h"
25 #include "libcli/cldap/cldap.h"
26 #include "libcli/ldap/ldap.h"
27 #include "librpc/gen_ndr/ndr_nbt.h"
28 #include "librpc/gen_ndr/netlogon.h"
29 #include "torture/torture.h"
30 #include "lib/ldb/include/ldb.h"
31 #include "param/param.h"
32 #include "../lib/tsocket/tsocket.h"
33
34 #define CHECK_STATUS(status, correct) torture_assert_ntstatus_equal(tctx, status, correct, "incorrect status")
35
36 #define CHECK_VAL(v, correct) torture_assert_int_equal(tctx, (v), (correct), "incorrect value");
37
38 #define CHECK_STRING(v, correct) torture_assert_str_equal(tctx, v, correct, "incorrect value");
39 /*
40 test netlogon operations
41 */
42 static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest)
43 {
44 struct cldap_socket *cldap;
45 NTSTATUS status;
46 struct cldap_netlogon search, empty_search;
47 struct netlogon_samlogon_response n1;
48 struct GUID guid;
49 int i;
50 struct smb_iconv_convenience *iconv_convenience = lp_iconv_convenience(tctx->lp_ctx);
51 struct tsocket_address *dest_addr;
52 int ret;
53
54 ret = tsocket_address_inet_from_strings(tctx, "ip",
55 dest,
56 lp_cldap_port(tctx->lp_ctx),
57 &dest_addr);
58 CHECK_VAL(ret, 0);
59
60 status = cldap_socket_init(tctx, NULL, NULL, dest_addr, &cldap);
61 CHECK_STATUS(status, NT_STATUS_OK);
62
63 ZERO_STRUCT(search);
64 search.in.dest_address = NULL;
65 search.in.dest_port = 0;
66 search.in.acct_control = -1;
67 search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
68 search.in.map_response = true;
69
70 empty_search = search;
71
72 printf("Trying without any attributes\n");
73 search = empty_search;
74 status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
75 CHECK_STATUS(status, NT_STATUS_OK);
76
77 n1 = search.out.netlogon;
78
79 search.in.user = "Administrator";
80 search.in.realm = n1.data.nt5_ex.dns_domain;
81 search.in.host = "__cldap_torture__";
82
83 printf("Scanning for netlogon levels\n");
84 for (i=0;i<256;i++) {
85 search.in.version = i;
86 printf("Trying netlogon level %d\n", i);
87 status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
88 CHECK_STATUS(status, NT_STATUS_OK);
89 }
90
91 printf("Scanning for netlogon level bits\n");
92 for (i=0;i<31;i++) {
93 search.in.version = (1<<i);
94 printf("Trying netlogon level 0x%x\n", i);
95 status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
96 CHECK_STATUS(status, NT_STATUS_OK);
97 }
98
99 search.in.version = NETLOGON_NT_VERSION_5|NETLOGON_NT_VERSION_5EX|NETLOGON_NT_VERSION_IP;
100 status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
101 CHECK_STATUS(status, NT_STATUS_OK);
102
103 printf("Trying with User=NULL\n");
104 search.in.user = NULL;
105 status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
106 CHECK_STATUS(status, NT_STATUS_OK);
107 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
108 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
109
110 printf("Trying with User=Administrator\n");
111 search.in.user = "Administrator";
112 status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
113 CHECK_STATUS(status, NT_STATUS_OK);
114 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX);
115 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user);
116
117 search.in.version = NETLOGON_NT_VERSION_5;
118 status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
119 CHECK_STATUS(status, NT_STATUS_OK);
120
121 printf("Trying with User=NULL\n");
122 search.in.user = NULL;
123 status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
124 CHECK_STATUS(status, NT_STATUS_OK);
125 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE);
126 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
127
128 printf("Trying with User=Administrator\n");
129 search.in.user = "Administrator";
130 status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
131 CHECK_STATUS(status, NT_STATUS_OK);
132 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN);
133 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user);
134
135 search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
136
137 printf("Trying with a GUID\n");
138 search.in.realm = NULL;
139 search.in.domain_guid = GUID_string(tctx, &n1.data.nt5_ex.domain_uuid);
140 status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
141 CHECK_STATUS(status, NT_STATUS_OK);
142 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX);
143 CHECK_STRING(GUID_string(tctx, &search.out.netlogon.data.nt5_ex.domain_uuid), search.in.domain_guid);
144
145 printf("Trying with a incorrect GUID\n");
146 guid = GUID_random();
147 search.in.user = NULL;
148 search.in.domain_guid = GUID_string(tctx, &guid);
149 status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
150 CHECK_STATUS(status, NT_STATUS_NOT_FOUND);
151
152 printf("Trying with a AAC\n");
153 search.in.acct_control = ACB_WSTRUST|ACB_SVRTRUST;
154 search.in.realm = n1.data.nt5_ex.dns_domain;
155 status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
156 CHECK_STATUS(status, NT_STATUS_OK);
157 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
158 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
159
160 printf("Trying with a zero AAC\n");
161 search.in.acct_control = 0x0;
162 search.in.realm = n1.data.nt5_ex.dns_domain;
163 status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
164 CHECK_STATUS(status, NT_STATUS_OK);
165 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
166 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
167
168 printf("Trying with a zero AAC and user=Administrator\n");
169 search.in.acct_control = 0x0;
170 search.in.user = "Administrator";
171 search.in.realm = n1.data.nt5_ex.dns_domain;
172 status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
173 CHECK_STATUS(status, NT_STATUS_OK);
174 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX);
175 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "Administrator");
176
177 printf("Trying with a bad AAC\n");
178 search.in.user = NULL;
179 search.in.acct_control = 0xFF00FF00;
180 search.in.realm = n1.data.nt5_ex.dns_domain;
181 status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
182 CHECK_STATUS(status, NT_STATUS_OK);
183 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
184 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
185
186 printf("Trying with a user only\n");
187 search = empty_search;
188 search.in.user = "Administrator";
189 status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
190 CHECK_STATUS(status, NT_STATUS_OK);
191 CHECK_STRING(search.out.netlogon.data.nt5_ex.forest, n1.data.nt5_ex.dns_domain);
192 CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
193 CHECK_STRING(search.out.netlogon.data.nt5_ex.domain, n1.data.nt5_ex.domain);
194 CHECK_STRING(search.out.netlogon.data.nt5_ex.pdc_name, n1.data.nt5_ex.pdc_name);
195 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user);
196 CHECK_STRING(search.out.netlogon.data.nt5_ex.server_site, n1.data.nt5_ex.server_site);
197 CHECK_STRING(search.out.netlogon.data.nt5_ex.client_site, n1.data.nt5_ex.client_site);
198
199 printf("Trying with just a bad username\n");
200 search.in.user = "___no_such_user___";
201 status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
202 CHECK_STATUS(status, NT_STATUS_OK);
203 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX);
204 CHECK_STRING(search.out.netlogon.data.nt5_ex.forest, n1.data.nt5_ex.dns_domain);
205 CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
206 CHECK_STRING(search.out.netlogon.data.nt5_ex.domain, n1.data.nt5_ex.domain);
207 CHECK_STRING(search.out.netlogon.data.nt5_ex.pdc_name, n1.data.nt5_ex.pdc_name);
208 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user);
209 CHECK_STRING(search.out.netlogon.data.nt5_ex.server_site, n1.data.nt5_ex.server_site);
210 CHECK_STRING(search.out.netlogon.data.nt5_ex.client_site, n1.data.nt5_ex.client_site);
211
212 printf("Trying with just a bad domain\n");
213 search = empty_search;
214 search.in.realm = "___no_such_domain___";
215 status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
216 CHECK_STATUS(status, NT_STATUS_NOT_FOUND);
217
218 printf("Trying with a incorrect domain and correct guid\n");
219 search.in.domain_guid = GUID_string(tctx, &n1.data.nt5_ex.domain_uuid);
220 status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
221 CHECK_STATUS(status, NT_STATUS_OK);
222 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
223 CHECK_STRING(search.out.netlogon.data.nt5_ex.forest, n1.data.nt5_ex.dns_domain);
224 CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
225 CHECK_STRING(search.out.netlogon.data.nt5_ex.domain, n1.data.nt5_ex.domain);
226 CHECK_STRING(search.out.netlogon.data.nt5_ex.pdc_name, n1.data.nt5_ex.pdc_name);
227 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
228 CHECK_STRING(search.out.netlogon.data.nt5_ex.server_site, n1.data.nt5_ex.server_site);
229 CHECK_STRING(search.out.netlogon.data.nt5_ex.client_site, n1.data.nt5_ex.client_site);
230
231 printf("Trying with a incorrect domain and incorrect guid\n");
232 search.in.domain_guid = GUID_string(tctx, &guid);
233 status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
234 CHECK_STATUS(status, NT_STATUS_NOT_FOUND);
235 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
236 CHECK_STRING(search.out.netlogon.data.nt5_ex.forest, n1.data.nt5_ex.dns_domain);
237 CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
238 CHECK_STRING(search.out.netlogon.data.nt5_ex.domain, n1.data.nt5_ex.domain);
239 CHECK_STRING(search.out.netlogon.data.nt5_ex.pdc_name, n1.data.nt5_ex.pdc_name);
240 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
241 CHECK_STRING(search.out.netlogon.data.nt5_ex.server_site, n1.data.nt5_ex.server_site);
242 CHECK_STRING(search.out.netlogon.data.nt5_ex.client_site, n1.data.nt5_ex.client_site);
243
244 printf("Trying with a incorrect GUID and correct domain\n");
245 search.in.domain_guid = GUID_string(tctx, &guid);
246 search.in.realm = n1.data.nt5_ex.dns_domain;
247 status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
248 CHECK_STATUS(status, NT_STATUS_OK);
249 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
250 CHECK_STRING(search.out.netlogon.data.nt5_ex.forest, n1.data.nt5_ex.dns_domain);
251 CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
252 CHECK_STRING(search.out.netlogon.data.nt5_ex.domain, n1.data.nt5_ex.domain);
253 CHECK_STRING(search.out.netlogon.data.nt5_ex.pdc_name, n1.data.nt5_ex.pdc_name);
254 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
255 CHECK_STRING(search.out.netlogon.data.nt5_ex.server_site, n1.data.nt5_ex.server_site);
256 CHECK_STRING(search.out.netlogon.data.nt5_ex.client_site, n1.data.nt5_ex.client_site);
257
258 printf("Proof other results\n");
259 search.in.user = "Administrator";
260 status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
261 CHECK_STATUS(status, NT_STATUS_OK);
262 CHECK_STRING(search.out.netlogon.data.nt5_ex.forest, n1.data.nt5_ex.dns_domain);
263 CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
264 CHECK_STRING(search.out.netlogon.data.nt5_ex.domain, n1.data.nt5_ex.domain);
265 CHECK_STRING(search.out.netlogon.data.nt5_ex.pdc_name, n1.data.nt5_ex.pdc_name);
266 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user);
267 CHECK_STRING(search.out.netlogon.data.nt5_ex.server_site, n1.data.nt5_ex.server_site);
268 CHECK_STRING(search.out.netlogon.data.nt5_ex.client_site, n1.data.nt5_ex.client_site);
269
270 return true;
271 }
272
273 /*
274 test cldap netlogon server type flags
275 */
276 static bool test_cldap_netlogon_flags(struct torture_context *tctx,
277 const char *dest)
278 {
279 struct cldap_socket *cldap;
280 NTSTATUS status;
281 struct cldap_netlogon search;
282 struct netlogon_samlogon_response n1;
283 uint32_t server_type;
284 struct smb_iconv_convenience *iconv_convenience = lp_iconv_convenience(tctx->lp_ctx);
285
286 /* cldap_socket_init should now know about the dest. address */
287 status = cldap_socket_init(tctx, NULL, NULL, NULL, &cldap);
288 CHECK_STATUS(status, NT_STATUS_OK);
289
290 printf("Printing out netlogon server type flags: %s\n", dest);
291
292 ZERO_STRUCT(search);
293 search.in.dest_address = dest;
294 search.in.dest_port = lp_cldap_port(tctx->lp_ctx);
295 search.in.acct_control = -1;
296 search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
297 search.in.map_response = true;
298
299 status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
300 CHECK_STATUS(status, NT_STATUS_OK);
301
302 n1 = search.out.netlogon;
303 if (n1.ntver == NETLOGON_NT_VERSION_5)
304 server_type = n1.data.nt5.server_type;
305 else if (n1.ntver == NETLOGON_NT_VERSION_5EX)
306 server_type = n1.data.nt5_ex.server_type;
307
308 printf("The word is: %i\n", server_type);
309 if (server_type & NBT_SERVER_PDC)
310 printf("NBT_SERVER_PDC ");
311 if (server_type & NBT_SERVER_GC)
312 printf("NBT_SERVER_GC ");
313 if (server_type & NBT_SERVER_LDAP)
314 printf("NBT_SERVER_LDAP ");
315 if (server_type & NBT_SERVER_DS)
316 printf("NBT_SERVER_DS ");
317 if (server_type & NBT_SERVER_KDC)
318 printf("NBT_SERVER_KDC ");
319 if (server_type & NBT_SERVER_TIMESERV)
320 printf("NBT_SERVER_TIMESERV ");
321 if (server_type & NBT_SERVER_CLOSEST)
322 printf("NBT_SERVER_CLOSEST ");
323 if (server_type & NBT_SERVER_WRITABLE)
324 printf("NBT_SERVER_WRITABLE ");
325 if (server_type & NBT_SERVER_GOOD_TIMESERV)
326 printf("NBT_SERVER_GOOD_TIMESERV ");
327 if (server_type & NBT_SERVER_NDNC)
328 printf("NBT_SERVER_NDNC ");
329 if (server_type & NBT_SERVER_SELECT_SECRET_DOMAIN_6)
330 printf("NBT_SERVER_SELECT_SECRET_DOMAIN_6");
331 if (server_type & NBT_SERVER_FULL_SECRET_DOMAIN_6)
332 printf("NBT_SERVER_FULL_SECRET_DOMAIN_6");
333 if (server_type & DS_DNS_CONTROLLER)
334 printf("DS_DNS_CONTROLLER ");
335 if (server_type & DS_DNS_DOMAIN)
336 printf("DS_DNS_DOMAIN ");
337 if (server_type & DS_DNS_FOREST_ROOT)
338 printf("DS_DNS_FOREST_ROOT ");
339
340 printf("\n");
341
342 return true;
343 }
344
345 /*
346 convert a ldap result message to a ldb message. This allows us to
347 use the convenient ldif dump routines in ldb to print out cldap
348 search results
349 */
350 static struct ldb_message *ldap_msg_to_ldb(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, struct ldap_SearchResEntry *res)
351 {
352 struct ldb_message *msg;
353
354 msg = ldb_msg_new(mem_ctx);
355 msg->dn = ldb_dn_new(msg, ldb, res->dn);
356 msg->num_elements = res->num_attributes;
357 msg->elements = talloc_steal(msg, res->attributes);
358 return msg;
359 }
360
361 /*
362 dump a set of cldap results
363 */
364 static void cldap_dump_results(struct cldap_search *search)
365 {
366 struct ldb_ldif ldif;
367 struct ldb_context *ldb;
368
369 if (!search || !(search->out.response)) {
370 return;
371 }
372
373 /* we need a ldb context to use ldb_ldif_write_file() */
374 ldb = ldb_init(NULL, NULL);
375
376 ZERO_STRUCT(ldif);
377 ldif.msg = ldap_msg_to_ldb(ldb, ldb, search->out.response);
378
379 ldb_ldif_write_file(ldb, stdout, &ldif);
380
381 talloc_free(ldb);
382 }
383
384
385 /*
386 test cldap netlogon server type flag "NBT_SERVER_FOREST_ROOT"
387 */
388 static bool test_cldap_netlogon_flag_ds_dns_forest(struct torture_context *tctx,
389 const char *dest)
390 {
391 struct cldap_socket *cldap;
392 NTSTATUS status;
393 struct cldap_netlogon search;
394 uint32_t server_type;
395 struct netlogon_samlogon_response n1;
396 struct smb_iconv_convenience *iconv_convenience = lp_iconv_convenience(tctx->lp_ctx);
397 bool result = true;
398
399 /* cldap_socket_init should now know about the dest. address */
400 status = cldap_socket_init(tctx, NULL, NULL, NULL, &cldap);
401 CHECK_STATUS(status, NT_STATUS_OK);
402
403 printf("Testing netlogon server type flag NBT_SERVER_FOREST_ROOT: ");
404
405 ZERO_STRUCT(search);
406 search.in.dest_address = dest;
407 search.in.dest_port = lp_cldap_port(tctx->lp_ctx);
408 search.in.acct_control = -1;
409 search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
410 search.in.map_response = true;
411
412 status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
413 CHECK_STATUS(status, NT_STATUS_OK);
414
415 n1 = search.out.netlogon;
416 if (n1.ntver == NETLOGON_NT_VERSION_5)
417 server_type = n1.data.nt5.server_type;
418 else if (n1.ntver == NETLOGON_NT_VERSION_5EX)
419 server_type = n1.data.nt5_ex.server_type;
420
421 if (server_type & DS_DNS_FOREST_ROOT) {
422 struct cldap_search search2;
423 const char *attrs[] = { "defaultNamingContext", "rootDomainNamingContext",
424 NULL };
425 struct ldb_context *ldb;
426 struct ldb_message *msg;
427
428 /* Trying to fetch the attributes "defaultNamingContext" and
429 "rootDomainNamingContext" */
430 ZERO_STRUCT(search2);
431 search2.in.dest_address = dest;
432 search2.in.dest_port = lp_cldap_port(tctx->lp_ctx);
433 search2.in.timeout = 10;
434 search2.in.retries = 3;
435 search2.in.filter = "(objectclass=*)";
436 search2.in.attributes = attrs;
437
438 status = cldap_search(cldap, tctx, &search2);
439 CHECK_STATUS(status, NT_STATUS_OK);
440
441 ldb = ldb_init(NULL, NULL);
442
443 msg = ldap_msg_to_ldb(ldb, ldb, search2.out.response);
444
445 /* Try to compare the two attributes */
446 if (ldb_msg_element_compare(ldb_msg_find_element(msg, attrs[0]),
447 ldb_msg_find_element(msg, attrs[1])))
448 result = false;
449
450 talloc_free(ldb);
451 }
452
453 if (result)
454 printf("passed\n");
455 else
456 printf("failed\n");
457
458 return result;
459 }
460
461 /*
462 test generic cldap operations
463 */
464 static bool test_cldap_generic(struct torture_context *tctx, const char *dest)
465 {
466 struct cldap_socket *cldap;
467 NTSTATUS status;
468 struct cldap_search search;
469 const char *attrs1[] = { "currentTime", "highestCommittedUSN", NULL };
470 const char *attrs2[] = { "currentTime", "highestCommittedUSN", "netlogon", NULL };
471 const char *attrs3[] = { "netlogon", NULL };
472
473 /* cldap_socket_init should now know about the dest. address */
474 status = cldap_socket_init(tctx, NULL, NULL, NULL, &cldap);
475 CHECK_STATUS(status, NT_STATUS_OK);
476
477 ZERO_STRUCT(search);
478 search.in.dest_address = dest;
479 search.in.dest_port = lp_cldap_port(tctx->lp_ctx);
480 search.in.timeout = 10;
481 search.in.retries = 3;
482
483 status = cldap_search(cldap, tctx, &search);
484 CHECK_STATUS(status, NT_STATUS_OK);
485
486 printf("fetching whole rootDSE\n");
487 search.in.filter = "(objectclass=*)";
488 search.in.attributes = NULL;
489
490 status = cldap_search(cldap, tctx, &search);
491 CHECK_STATUS(status, NT_STATUS_OK);
492
493 if (DEBUGLVL(3)) cldap_dump_results(&search);
494
495 printf("fetching currentTime and USN\n");
496 search.in.filter = "(objectclass=*)";
497 search.in.attributes = attrs1;
498
499 status = cldap_search(cldap, tctx, &search);
500 CHECK_STATUS(status, NT_STATUS_OK);
501
502 if (DEBUGLVL(3)) cldap_dump_results(&search);
503
504 printf("Testing currentTime, USN and netlogon\n");
505 search.in.filter = "(objectclass=*)";
506 search.in.attributes = attrs2;
507
508 status = cldap_search(cldap, tctx, &search);
509 CHECK_STATUS(status, NT_STATUS_OK);
510
511 if (DEBUGLVL(3)) cldap_dump_results(&search);
512
513 printf("Testing objectClass=* and netlogon\n");
514 search.in.filter = "(objectclass2=*)";
515 search.in.attributes = attrs3;
516
517 status = cldap_search(cldap, tctx, &search);
518 CHECK_STATUS(status, NT_STATUS_OK);
519
520 if (DEBUGLVL(3)) cldap_dump_results(&search);
521
522 printf("Testing a false expression\n");
523 search.in.filter = "(&(objectclass=*)(highestCommittedUSN=2))";
524 search.in.attributes = attrs1;
525
526 status = cldap_search(cldap, tctx, &search);
527 CHECK_STATUS(status, NT_STATUS_OK);
528
529 if (DEBUGLVL(3)) cldap_dump_results(&search);
530
531 return true;
532 }
533
534 bool torture_cldap(struct torture_context *torture)
535 {
536 bool ret = true;
537 const char *host = torture_setting_string(torture, "host", NULL);
538
539 ret &= test_cldap_netlogon(torture, host);
540 ret &= test_cldap_netlogon_flags(torture, host);
541 ret &= test_cldap_netlogon_flag_ds_dns_forest(torture, host);
542 ret &= test_cldap_generic(torture, host);
543
544 return ret;
545 }
546
Crístian's Samba branch