search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s4-drs: Add DRSUAPI_DRS_NONGC_RO_REP bit to DRS_OPTIONS
[Samba/fernandojvsilva.git] / source4 / torture / ldap / cldap.c
blobedd959346cb381dc1f62e8fef41a9f7e3988f094
1 /*
2 Unix SMB/CIFS mplementation.
3
4 test CLDAP operations
5
6 Copyright (C) Andrew Tridgell 2005
7 Copyright (C) Matthias Dieter Wallnöfer 2009
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
21
22 */
23
24 #include "includes.h"
25 #include "libcli/cldap/cldap.h"
26 #include "libcli/ldap/ldap.h"
27 #include "librpc/gen_ndr/netlogon.h"
28 #include "torture/torture.h"
29 #include "param/param.h"
30 #include "../lib/tsocket/tsocket.h"
31
32 #define CHECK_STATUS(status, correct) torture_assert_ntstatus_equal(tctx, status, correct, "incorrect status")
33
34 #define CHECK_VAL(v, correct) torture_assert_int_equal(tctx, (v), (correct), "incorrect value");
35
36 #define CHECK_STRING(v, correct) torture_assert_str_equal(tctx, v, correct, "incorrect value");
37 /*
38 test netlogon operations
39 */
40 static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest)
41 {
42 struct cldap_socket *cldap;
43 NTSTATUS status;
44 struct cldap_netlogon search, empty_search;
45 struct netlogon_samlogon_response n1;
46 struct GUID guid;
47 int i;
48 struct smb_iconv_convenience *iconv_convenience = lp_iconv_convenience(tctx->lp_ctx);
49 struct tsocket_address *dest_addr;
50 int ret;
51
52 ret = tsocket_address_inet_from_strings(tctx, "ip",
53 dest,
54 lp_cldap_port(tctx->lp_ctx),
55 &dest_addr);
56 CHECK_VAL(ret, 0);
57
58 status = cldap_socket_init(tctx, NULL, NULL, dest_addr, &cldap);
59 CHECK_STATUS(status, NT_STATUS_OK);
60
61 ZERO_STRUCT(search);
62 search.in.dest_address = NULL;
63 search.in.dest_port = 0;
64 search.in.acct_control = -1;
65 search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
66 search.in.map_response = true;
67
68 empty_search = search;
69
70 printf("Trying without any attributes\n");
71 search = empty_search;
72 status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
73 CHECK_STATUS(status, NT_STATUS_OK);
74
75 n1 = search.out.netlogon;
76
77 search.in.user = "Administrator";
78 search.in.realm = n1.data.nt5_ex.dns_domain;
79 search.in.host = "__cldap_torture__";
80
81 printf("Scanning for netlogon levels\n");
82 for (i=0;i<256;i++) {
83 search.in.version = i;
84 printf("Trying netlogon level %d\n", i);
85 status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
86 CHECK_STATUS(status, NT_STATUS_OK);
87 }
88
89 printf("Scanning for netlogon level bits\n");
90 for (i=0;i<31;i++) {
91 search.in.version = (1<<i);
92 printf("Trying netlogon level 0x%x\n", i);
93 status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
94 CHECK_STATUS(status, NT_STATUS_OK);
95 }
96
97 search.in.version = NETLOGON_NT_VERSION_5|NETLOGON_NT_VERSION_5EX|NETLOGON_NT_VERSION_IP;
98 status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
99 CHECK_STATUS(status, NT_STATUS_OK);
100
101 printf("Trying with User=NULL\n");
102 search.in.user = NULL;
103 status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
104 CHECK_STATUS(status, NT_STATUS_OK);
105 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
106 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
107
108 printf("Trying with User=Administrator\n");
109 search.in.user = "Administrator";
110 status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
111 CHECK_STATUS(status, NT_STATUS_OK);
112 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX);
113 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user);
114
115 search.in.version = NETLOGON_NT_VERSION_5;
116 status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
117 CHECK_STATUS(status, NT_STATUS_OK);
118
119 printf("Trying with User=NULL\n");
120 search.in.user = NULL;
121 status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
122 CHECK_STATUS(status, NT_STATUS_OK);
123 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE);
124 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
125
126 printf("Trying with User=Administrator\n");
127 search.in.user = "Administrator";
128 status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
129 CHECK_STATUS(status, NT_STATUS_OK);
130 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN);
131 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user);
132
133 search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
134
135 printf("Trying with a GUID\n");
136 search.in.realm = NULL;
137 search.in.domain_guid = GUID_string(tctx, &n1.data.nt5_ex.domain_uuid);
138 status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
139 CHECK_STATUS(status, NT_STATUS_OK);
140 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX);
141 CHECK_STRING(GUID_string(tctx, &search.out.netlogon.data.nt5_ex.domain_uuid), search.in.domain_guid);
142
143 printf("Trying with a incorrect GUID\n");
144 guid = GUID_random();
145 search.in.user = NULL;
146 search.in.domain_guid = GUID_string(tctx, &guid);
147 status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
148 CHECK_STATUS(status, NT_STATUS_NOT_FOUND);
149
150 printf("Trying with a AAC\n");
151 search.in.acct_control = ACB_WSTRUST|ACB_SVRTRUST;
152 search.in.realm = n1.data.nt5_ex.dns_domain;
153 status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
154 CHECK_STATUS(status, NT_STATUS_OK);
155 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
156 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
157
158 printf("Trying with a zero AAC\n");
159 search.in.acct_control = 0x0;
160 search.in.realm = n1.data.nt5_ex.dns_domain;
161 status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
162 CHECK_STATUS(status, NT_STATUS_OK);
163 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
164 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
165
166 printf("Trying with a zero AAC and user=Administrator\n");
167 search.in.acct_control = 0x0;
168 search.in.user = "Administrator";
169 search.in.realm = n1.data.nt5_ex.dns_domain;
170 status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
171 CHECK_STATUS(status, NT_STATUS_OK);
172 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX);
173 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "Administrator");
174
175 printf("Trying with a bad AAC\n");
176 search.in.user = NULL;
177 search.in.acct_control = 0xFF00FF00;
178 search.in.realm = n1.data.nt5_ex.dns_domain;
179 status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
180 CHECK_STATUS(status, NT_STATUS_OK);
181 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
182 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
183
184 printf("Trying with a user only\n");
185 search = empty_search;
186 search.in.user = "Administrator";
187 status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
188 CHECK_STATUS(status, NT_STATUS_OK);
189 CHECK_STRING(search.out.netlogon.data.nt5_ex.forest, n1.data.nt5_ex.dns_domain);
190 CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
191 CHECK_STRING(search.out.netlogon.data.nt5_ex.domain, n1.data.nt5_ex.domain);
192 CHECK_STRING(search.out.netlogon.data.nt5_ex.pdc_name, n1.data.nt5_ex.pdc_name);
193 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user);
194 CHECK_STRING(search.out.netlogon.data.nt5_ex.server_site, n1.data.nt5_ex.server_site);
195 CHECK_STRING(search.out.netlogon.data.nt5_ex.client_site, n1.data.nt5_ex.client_site);
196
197 printf("Trying with just a bad username\n");
198 search.in.user = "___no_such_user___";
199 status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
200 CHECK_STATUS(status, NT_STATUS_OK);
201 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX);
202 CHECK_STRING(search.out.netlogon.data.nt5_ex.forest, n1.data.nt5_ex.dns_domain);
203 CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
204 CHECK_STRING(search.out.netlogon.data.nt5_ex.domain, n1.data.nt5_ex.domain);
205 CHECK_STRING(search.out.netlogon.data.nt5_ex.pdc_name, n1.data.nt5_ex.pdc_name);
206 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user);
207 CHECK_STRING(search.out.netlogon.data.nt5_ex.server_site, n1.data.nt5_ex.server_site);
208 CHECK_STRING(search.out.netlogon.data.nt5_ex.client_site, n1.data.nt5_ex.client_site);
209
210 printf("Trying with just a bad domain\n");
211 search = empty_search;
212 search.in.realm = "___no_such_domain___";
213 status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
214 CHECK_STATUS(status, NT_STATUS_NOT_FOUND);
215
216 printf("Trying with a incorrect domain and correct guid\n");
217 search.in.domain_guid = GUID_string(tctx, &n1.data.nt5_ex.domain_uuid);
218 status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
219 CHECK_STATUS(status, NT_STATUS_OK);
220 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
221 CHECK_STRING(search.out.netlogon.data.nt5_ex.forest, n1.data.nt5_ex.dns_domain);
222 CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
223 CHECK_STRING(search.out.netlogon.data.nt5_ex.domain, n1.data.nt5_ex.domain);
224 CHECK_STRING(search.out.netlogon.data.nt5_ex.pdc_name, n1.data.nt5_ex.pdc_name);
225 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
226 CHECK_STRING(search.out.netlogon.data.nt5_ex.server_site, n1.data.nt5_ex.server_site);
227 CHECK_STRING(search.out.netlogon.data.nt5_ex.client_site, n1.data.nt5_ex.client_site);
228
229 printf("Trying with a incorrect domain and incorrect guid\n");
230 search.in.domain_guid = GUID_string(tctx, &guid);
231 status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
232 CHECK_STATUS(status, NT_STATUS_NOT_FOUND);
233 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
234 CHECK_STRING(search.out.netlogon.data.nt5_ex.forest, n1.data.nt5_ex.dns_domain);
235 CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
236 CHECK_STRING(search.out.netlogon.data.nt5_ex.domain, n1.data.nt5_ex.domain);
237 CHECK_STRING(search.out.netlogon.data.nt5_ex.pdc_name, n1.data.nt5_ex.pdc_name);
238 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
239 CHECK_STRING(search.out.netlogon.data.nt5_ex.server_site, n1.data.nt5_ex.server_site);
240 CHECK_STRING(search.out.netlogon.data.nt5_ex.client_site, n1.data.nt5_ex.client_site);
241
242 printf("Trying with a incorrect GUID and correct domain\n");
243 search.in.domain_guid = GUID_string(tctx, &guid);
244 search.in.realm = n1.data.nt5_ex.dns_domain;
245 status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
246 CHECK_STATUS(status, NT_STATUS_OK);
247 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
248 CHECK_STRING(search.out.netlogon.data.nt5_ex.forest, n1.data.nt5_ex.dns_domain);
249 CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
250 CHECK_STRING(search.out.netlogon.data.nt5_ex.domain, n1.data.nt5_ex.domain);
251 CHECK_STRING(search.out.netlogon.data.nt5_ex.pdc_name, n1.data.nt5_ex.pdc_name);
252 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
253 CHECK_STRING(search.out.netlogon.data.nt5_ex.server_site, n1.data.nt5_ex.server_site);
254 CHECK_STRING(search.out.netlogon.data.nt5_ex.client_site, n1.data.nt5_ex.client_site);
255
256 printf("Proof other results\n");
257 search.in.user = "Administrator";
258 status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
259 CHECK_STATUS(status, NT_STATUS_OK);
260 CHECK_STRING(search.out.netlogon.data.nt5_ex.forest, n1.data.nt5_ex.dns_domain);
261 CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
262 CHECK_STRING(search.out.netlogon.data.nt5_ex.domain, n1.data.nt5_ex.domain);
263 CHECK_STRING(search.out.netlogon.data.nt5_ex.pdc_name, n1.data.nt5_ex.pdc_name);
264 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user);
265 CHECK_STRING(search.out.netlogon.data.nt5_ex.server_site, n1.data.nt5_ex.server_site);
266 CHECK_STRING(search.out.netlogon.data.nt5_ex.client_site, n1.data.nt5_ex.client_site);
267
268 return true;
269 }
270
271 /*
272 test cldap netlogon server type flags
273 */
274 static bool test_cldap_netlogon_flags(struct torture_context *tctx,
275 const char *dest)
276 {
277 struct cldap_socket *cldap;
278 NTSTATUS status;
279 struct cldap_netlogon search;
280 struct netlogon_samlogon_response n1;
281 uint32_t server_type;
282 struct smb_iconv_convenience *iconv_convenience = lp_iconv_convenience(tctx->lp_ctx);
283
284 /* cldap_socket_init should now know about the dest. address */
285 status = cldap_socket_init(tctx, NULL, NULL, NULL, &cldap);
286 CHECK_STATUS(status, NT_STATUS_OK);
287
288 printf("Printing out netlogon server type flags: %s\n", dest);
289
290 ZERO_STRUCT(search);
291 search.in.dest_address = dest;
292 search.in.dest_port = lp_cldap_port(tctx->lp_ctx);
293 search.in.acct_control = -1;
294 search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
295 search.in.map_response = true;
296
297 status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
298 CHECK_STATUS(status, NT_STATUS_OK);
299
300 n1 = search.out.netlogon;
301 if (n1.ntver == NETLOGON_NT_VERSION_5)
302 server_type = n1.data.nt5.server_type;
303 else if (n1.ntver == NETLOGON_NT_VERSION_5EX)
304 server_type = n1.data.nt5_ex.server_type;
305
306 printf("The word is: %i\n", server_type);
307 if (server_type & NBT_SERVER_PDC)
308 printf("NBT_SERVER_PDC ");
309 if (server_type & NBT_SERVER_GC)
310 printf("NBT_SERVER_GC ");
311 if (server_type & NBT_SERVER_LDAP)
312 printf("NBT_SERVER_LDAP ");
313 if (server_type & NBT_SERVER_DS)
314 printf("NBT_SERVER_DS ");
315 if (server_type & NBT_SERVER_KDC)
316 printf("NBT_SERVER_KDC ");
317 if (server_type & NBT_SERVER_TIMESERV)
318 printf("NBT_SERVER_TIMESERV ");
319 if (server_type & NBT_SERVER_CLOSEST)
320 printf("NBT_SERVER_CLOSEST ");
321 if (server_type & NBT_SERVER_WRITABLE)
322 printf("NBT_SERVER_WRITABLE ");
323 if (server_type & NBT_SERVER_GOOD_TIMESERV)
324 printf("NBT_SERVER_GOOD_TIMESERV ");
325 if (server_type & NBT_SERVER_NDNC)
326 printf("NBT_SERVER_NDNC ");
327 if (server_type & NBT_SERVER_SELECT_SECRET_DOMAIN_6)
328 printf("NBT_SERVER_SELECT_SECRET_DOMAIN_6");
329 if (server_type & NBT_SERVER_FULL_SECRET_DOMAIN_6)
330 printf("NBT_SERVER_FULL_SECRET_DOMAIN_6");
331 if (server_type & DS_DNS_CONTROLLER)
332 printf("DS_DNS_CONTROLLER ");
333 if (server_type & DS_DNS_DOMAIN)
334 printf("DS_DNS_DOMAIN ");
335 if (server_type & DS_DNS_FOREST_ROOT)
336 printf("DS_DNS_FOREST_ROOT ");
337
338 printf("\n");
339
340 return true;
341 }
342
343 /*
344 convert a ldap result message to a ldb message. This allows us to
345 use the convenient ldif dump routines in ldb to print out cldap
346 search results
347 */
348 static struct ldb_message *ldap_msg_to_ldb(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, struct ldap_SearchResEntry *res)
349 {
350 struct ldb_message *msg;
351
352 msg = ldb_msg_new(mem_ctx);
353 msg->dn = ldb_dn_new(msg, ldb, res->dn);
354 msg->num_elements = res->num_attributes;
355 msg->elements = talloc_steal(msg, res->attributes);
356 return msg;
357 }
358
359 /*
360 dump a set of cldap results
361 */
362 static void cldap_dump_results(struct cldap_search *search)
363 {
364 struct ldb_ldif ldif;
365 struct ldb_context *ldb;
366
367 if (!search || !(search->out.response)) {
368 return;
369 }
370
371 /* we need a ldb context to use ldb_ldif_write_file() */
372 ldb = ldb_init(NULL, NULL);
373
374 ZERO_STRUCT(ldif);
375 ldif.msg = ldap_msg_to_ldb(ldb, ldb, search->out.response);
376
377 ldb_ldif_write_file(ldb, stdout, &ldif);
378
379 talloc_free(ldb);
380 }
381
382
383 /*
384 test cldap netlogon server type flag "NBT_SERVER_FOREST_ROOT"
385 */
386 static bool test_cldap_netlogon_flag_ds_dns_forest(struct torture_context *tctx,
387 const char *dest)
388 {
389 struct cldap_socket *cldap;
390 NTSTATUS status;
391 struct cldap_netlogon search;
392 uint32_t server_type;
393 struct netlogon_samlogon_response n1;
394 struct smb_iconv_convenience *iconv_convenience = lp_iconv_convenience(tctx->lp_ctx);
395 bool result = true;
396
397 /* cldap_socket_init should now know about the dest. address */
398 status = cldap_socket_init(tctx, NULL, NULL, NULL, &cldap);
399 CHECK_STATUS(status, NT_STATUS_OK);
400
401 printf("Testing netlogon server type flag NBT_SERVER_FOREST_ROOT: ");
402
403 ZERO_STRUCT(search);
404 search.in.dest_address = dest;
405 search.in.dest_port = lp_cldap_port(tctx->lp_ctx);
406 search.in.acct_control = -1;
407 search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
408 search.in.map_response = true;
409
410 status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
411 CHECK_STATUS(status, NT_STATUS_OK);
412
413 n1 = search.out.netlogon;
414 if (n1.ntver == NETLOGON_NT_VERSION_5)
415 server_type = n1.data.nt5.server_type;
416 else if (n1.ntver == NETLOGON_NT_VERSION_5EX)
417 server_type = n1.data.nt5_ex.server_type;
418
419 if (server_type & DS_DNS_FOREST_ROOT) {
420 struct cldap_search search2;
421 const char *attrs[] = { "defaultNamingContext", "rootDomainNamingContext",
422 NULL };
423 struct ldb_context *ldb;
424 struct ldb_message *msg;
425
426 /* Trying to fetch the attributes "defaultNamingContext" and
427 "rootDomainNamingContext" */
428 ZERO_STRUCT(search2);
429 search2.in.dest_address = dest;
430 search2.in.dest_port = lp_cldap_port(tctx->lp_ctx);
431 search2.in.timeout = 10;
432 search2.in.retries = 3;
433 search2.in.filter = "(objectclass=*)";
434 search2.in.attributes = attrs;
435
436 status = cldap_search(cldap, tctx, &search2);
437 CHECK_STATUS(status, NT_STATUS_OK);
438
439 ldb = ldb_init(NULL, NULL);
440
441 msg = ldap_msg_to_ldb(ldb, ldb, search2.out.response);
442
443 /* Try to compare the two attributes */
444 if (ldb_msg_element_compare(ldb_msg_find_element(msg, attrs[0]),
445 ldb_msg_find_element(msg, attrs[1])))
446 result = false;
447
448 talloc_free(ldb);
449 }
450
451 if (result)
452 printf("passed\n");
453 else
454 printf("failed\n");
455
456 return result;
457 }
458
459 /*
460 test generic cldap operations
461 */
462 static bool test_cldap_generic(struct torture_context *tctx, const char *dest)
463 {
464 struct cldap_socket *cldap;
465 NTSTATUS status;
466 struct cldap_search search;
467 const char *attrs1[] = { "currentTime", "highestCommittedUSN", NULL };
468 const char *attrs2[] = { "currentTime", "highestCommittedUSN", "netlogon", NULL };
469 const char *attrs3[] = { "netlogon", NULL };
470
471 /* cldap_socket_init should now know about the dest. address */
472 status = cldap_socket_init(tctx, NULL, NULL, NULL, &cldap);
473 CHECK_STATUS(status, NT_STATUS_OK);
474
475 ZERO_STRUCT(search);
476 search.in.dest_address = dest;
477 search.in.dest_port = lp_cldap_port(tctx->lp_ctx);
478 search.in.timeout = 10;
479 search.in.retries = 3;
480
481 status = cldap_search(cldap, tctx, &search);
482 CHECK_STATUS(status, NT_STATUS_OK);
483
484 printf("fetching whole rootDSE\n");
485 search.in.filter = "(objectclass=*)";
486 search.in.attributes = NULL;
487
488 status = cldap_search(cldap, tctx, &search);
489 CHECK_STATUS(status, NT_STATUS_OK);
490
491 if (DEBUGLVL(3)) cldap_dump_results(&search);
492
493 printf("fetching currentTime and USN\n");
494 search.in.filter = "(objectclass=*)";
495 search.in.attributes = attrs1;
496
497 status = cldap_search(cldap, tctx, &search);
498 CHECK_STATUS(status, NT_STATUS_OK);
499
500 if (DEBUGLVL(3)) cldap_dump_results(&search);
501
502 printf("Testing currentTime, USN and netlogon\n");
503 search.in.filter = "(objectclass=*)";
504 search.in.attributes = attrs2;
505
506 status = cldap_search(cldap, tctx, &search);
507 CHECK_STATUS(status, NT_STATUS_OK);
508
509 if (DEBUGLVL(3)) cldap_dump_results(&search);
510
511 printf("Testing objectClass=* and netlogon\n");
512 search.in.filter = "(objectclass2=*)";
513 search.in.attributes = attrs3;
514
515 status = cldap_search(cldap, tctx, &search);
516 CHECK_STATUS(status, NT_STATUS_OK);
517
518 if (DEBUGLVL(3)) cldap_dump_results(&search);
519
520 printf("Testing a false expression\n");
521 search.in.filter = "(&(objectclass=*)(highestCommittedUSN=2))";
522 search.in.attributes = attrs1;
523
524 status = cldap_search(cldap, tctx, &search);
525 CHECK_STATUS(status, NT_STATUS_OK);
526
527 if (DEBUGLVL(3)) cldap_dump_results(&search);
528
529 return true;
530 }
531
532 bool torture_cldap(struct torture_context *torture)
533 {
534 bool ret = true;
535 const char *host = torture_setting_string(torture, "host", NULL);
536
537 ret &= test_cldap_netlogon(torture, host);
538 ret &= test_cldap_netlogon_flags(torture, host);
539 ret &= test_cldap_netlogon_flag_ds_dns_forest(torture, host);
540 ret &= test_cldap_generic(torture, host);
541
542 return ret;
543 }
544
fernandojvsilva's samba4 branch