search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Revert "s4:api.py - DN tests - test a bit more special DNs and merge the comparison...
[Samba/gebeck_regimport.git] / source4 / torture / ldap / cldap.c
blob689e518e778398d32af0019d479d3c181f257e7d
1 /*
2 Unix SMB/CIFS mplementation.
3
4 test CLDAP operations
5
6 Copyright (C) Andrew Tridgell 2005
7 Copyright (C) Matthias Dieter Wallnöfer 2009
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
21
22 */
23
24 #include "includes.h"
25 #include "libcli/cldap/cldap.h"
26 #include "libcli/ldap/libcli_ldap.h"
27 #include "librpc/gen_ndr/netlogon.h"
28 #include "torture/torture.h"
29 #include "param/param.h"
30 #include "../lib/tsocket/tsocket.h"
31
32 #define CHECK_STATUS(status, correct) torture_assert_ntstatus_equal(tctx, status, correct, "incorrect status")
33
34 #define CHECK_VAL(v, correct) torture_assert_int_equal(tctx, (v), (correct), "incorrect value");
35
36 #define CHECK_STRING(v, correct) torture_assert_str_equal(tctx, v, correct, "incorrect value");
37 /*
38 test netlogon operations
39 */
40 static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest)
41 {
42 struct cldap_socket *cldap;
43 NTSTATUS status;
44 struct cldap_netlogon search, empty_search;
45 struct netlogon_samlogon_response n1;
46 struct GUID guid;
47 int i;
48 struct tsocket_address *dest_addr;
49 int ret;
50
51 ret = tsocket_address_inet_from_strings(tctx, "ip",
52 dest,
53 lpcfg_cldap_port(tctx->lp_ctx),
54 &dest_addr);
55 CHECK_VAL(ret, 0);
56
57 status = cldap_socket_init(tctx, NULL, NULL, dest_addr, &cldap);
58 CHECK_STATUS(status, NT_STATUS_OK);
59
60 ZERO_STRUCT(search);
61 search.in.dest_address = NULL;
62 search.in.dest_port = 0;
63 search.in.acct_control = -1;
64 search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
65 search.in.map_response = true;
66
67 empty_search = search;
68
69 printf("Trying without any attributes\n");
70 search = empty_search;
71 status = cldap_netlogon(cldap, tctx, &search);
72 CHECK_STATUS(status, NT_STATUS_OK);
73
74 n1 = search.out.netlogon;
75
76 search.in.user = "Administrator";
77 search.in.realm = n1.data.nt5_ex.dns_domain;
78 search.in.host = "__cldap_torture__";
79
80 printf("Scanning for netlogon levels\n");
81 for (i=0;i<256;i++) {
82 search.in.version = i;
83 printf("Trying netlogon level %d\n", i);
84 status = cldap_netlogon(cldap, tctx, &search);
85 CHECK_STATUS(status, NT_STATUS_OK);
86 }
87
88 printf("Scanning for netlogon level bits\n");
89 for (i=0;i<31;i++) {
90 search.in.version = (1<<i);
91 printf("Trying netlogon level 0x%x\n", i);
92 status = cldap_netlogon(cldap, tctx, &search);
93 CHECK_STATUS(status, NT_STATUS_OK);
94 }
95
96 search.in.version = NETLOGON_NT_VERSION_5|NETLOGON_NT_VERSION_5EX|NETLOGON_NT_VERSION_IP;
97 status = cldap_netlogon(cldap, tctx, &search);
98 CHECK_STATUS(status, NT_STATUS_OK);
99
100 printf("Trying with User=NULL\n");
101 search.in.user = NULL;
102 status = cldap_netlogon(cldap, tctx, &search);
103 CHECK_STATUS(status, NT_STATUS_OK);
104 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
105 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
106
107 printf("Trying with User=Administrator\n");
108 search.in.user = "Administrator";
109 status = cldap_netlogon(cldap, tctx, &search);
110 CHECK_STATUS(status, NT_STATUS_OK);
111 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX);
112 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user);
113
114 search.in.version = NETLOGON_NT_VERSION_5;
115 status = cldap_netlogon(cldap, tctx, &search);
116 CHECK_STATUS(status, NT_STATUS_OK);
117
118 printf("Trying with User=NULL\n");
119 search.in.user = NULL;
120 status = cldap_netlogon(cldap, tctx, &search);
121 CHECK_STATUS(status, NT_STATUS_OK);
122 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE);
123 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
124
125 printf("Trying with User=Administrator\n");
126 search.in.user = "Administrator";
127 status = cldap_netlogon(cldap, tctx, &search);
128 CHECK_STATUS(status, NT_STATUS_OK);
129 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN);
130 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user);
131
132 search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
133
134 printf("Trying with a GUID\n");
135 search.in.realm = NULL;
136 search.in.domain_guid = GUID_string(tctx, &n1.data.nt5_ex.domain_uuid);
137 status = cldap_netlogon(cldap, tctx, &search);
138 CHECK_STATUS(status, NT_STATUS_OK);
139 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX);
140 CHECK_STRING(GUID_string(tctx, &search.out.netlogon.data.nt5_ex.domain_uuid), search.in.domain_guid);
141
142 printf("Trying with a incorrect GUID\n");
143 guid = GUID_random();
144 search.in.user = NULL;
145 search.in.domain_guid = GUID_string(tctx, &guid);
146 status = cldap_netlogon(cldap, tctx, &search);
147 CHECK_STATUS(status, NT_STATUS_NOT_FOUND);
148
149 printf("Trying with a AAC\n");
150 search.in.acct_control = ACB_WSTRUST|ACB_SVRTRUST;
151 search.in.realm = n1.data.nt5_ex.dns_domain;
152 status = cldap_netlogon(cldap, tctx, &search);
153 CHECK_STATUS(status, NT_STATUS_OK);
154 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
155 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
156
157 printf("Trying with a zero AAC\n");
158 search.in.acct_control = 0x0;
159 search.in.realm = n1.data.nt5_ex.dns_domain;
160 status = cldap_netlogon(cldap, tctx, &search);
161 CHECK_STATUS(status, NT_STATUS_OK);
162 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
163 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
164
165 printf("Trying with a zero AAC and user=Administrator\n");
166 search.in.acct_control = 0x0;
167 search.in.user = "Administrator";
168 search.in.realm = n1.data.nt5_ex.dns_domain;
169 status = cldap_netlogon(cldap, tctx, &search);
170 CHECK_STATUS(status, NT_STATUS_OK);
171 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX);
172 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "Administrator");
173
174 printf("Trying with a bad AAC\n");
175 search.in.user = NULL;
176 search.in.acct_control = 0xFF00FF00;
177 search.in.realm = n1.data.nt5_ex.dns_domain;
178 status = cldap_netlogon(cldap, tctx, &search);
179 CHECK_STATUS(status, NT_STATUS_OK);
180 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
181 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
182
183 printf("Trying with a user only\n");
184 search = empty_search;
185 search.in.user = "Administrator";
186 status = cldap_netlogon(cldap, tctx, &search);
187 CHECK_STATUS(status, NT_STATUS_OK);
188 CHECK_STRING(search.out.netlogon.data.nt5_ex.forest, n1.data.nt5_ex.dns_domain);
189 CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
190 CHECK_STRING(search.out.netlogon.data.nt5_ex.domain_name, n1.data.nt5_ex.domain_name);
191 CHECK_STRING(search.out.netlogon.data.nt5_ex.pdc_name, n1.data.nt5_ex.pdc_name);
192 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user);
193 CHECK_STRING(search.out.netlogon.data.nt5_ex.server_site, n1.data.nt5_ex.server_site);
194 CHECK_STRING(search.out.netlogon.data.nt5_ex.client_site, n1.data.nt5_ex.client_site);
195
196 printf("Trying with just a bad username\n");
197 search.in.user = "___no_such_user___";
198 status = cldap_netlogon(cldap, tctx, &search);
199 CHECK_STATUS(status, NT_STATUS_OK);
200 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX);
201 CHECK_STRING(search.out.netlogon.data.nt5_ex.forest, n1.data.nt5_ex.dns_domain);
202 CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
203 CHECK_STRING(search.out.netlogon.data.nt5_ex.domain_name, n1.data.nt5_ex.domain_name);
204 CHECK_STRING(search.out.netlogon.data.nt5_ex.pdc_name, n1.data.nt5_ex.pdc_name);
205 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user);
206 CHECK_STRING(search.out.netlogon.data.nt5_ex.server_site, n1.data.nt5_ex.server_site);
207 CHECK_STRING(search.out.netlogon.data.nt5_ex.client_site, n1.data.nt5_ex.client_site);
208
209 printf("Trying with just a bad domain\n");
210 search = empty_search;
211 search.in.realm = "___no_such_domain___";
212 status = cldap_netlogon(cldap, tctx, &search);
213 CHECK_STATUS(status, NT_STATUS_NOT_FOUND);
214
215 printf("Trying with a incorrect domain and correct guid\n");
216 search.in.domain_guid = GUID_string(tctx, &n1.data.nt5_ex.domain_uuid);
217 status = cldap_netlogon(cldap, tctx, &search);
218 CHECK_STATUS(status, NT_STATUS_OK);
219 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
220 CHECK_STRING(search.out.netlogon.data.nt5_ex.forest, n1.data.nt5_ex.dns_domain);
221 CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
222 CHECK_STRING(search.out.netlogon.data.nt5_ex.domain_name, n1.data.nt5_ex.domain_name);
223 CHECK_STRING(search.out.netlogon.data.nt5_ex.pdc_name, n1.data.nt5_ex.pdc_name);
224 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
225 CHECK_STRING(search.out.netlogon.data.nt5_ex.server_site, n1.data.nt5_ex.server_site);
226 CHECK_STRING(search.out.netlogon.data.nt5_ex.client_site, n1.data.nt5_ex.client_site);
227
228 printf("Trying with a incorrect domain and incorrect guid\n");
229 search.in.domain_guid = GUID_string(tctx, &guid);
230 status = cldap_netlogon(cldap, tctx, &search);
231 CHECK_STATUS(status, NT_STATUS_NOT_FOUND);
232 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
233 CHECK_STRING(search.out.netlogon.data.nt5_ex.forest, n1.data.nt5_ex.dns_domain);
234 CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
235 CHECK_STRING(search.out.netlogon.data.nt5_ex.domain_name, n1.data.nt5_ex.domain_name);
236 CHECK_STRING(search.out.netlogon.data.nt5_ex.pdc_name, n1.data.nt5_ex.pdc_name);
237 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
238 CHECK_STRING(search.out.netlogon.data.nt5_ex.server_site, n1.data.nt5_ex.server_site);
239 CHECK_STRING(search.out.netlogon.data.nt5_ex.client_site, n1.data.nt5_ex.client_site);
240
241 printf("Trying with a incorrect GUID and correct domain\n");
242 search.in.domain_guid = GUID_string(tctx, &guid);
243 search.in.realm = n1.data.nt5_ex.dns_domain;
244 status = cldap_netlogon(cldap, tctx, &search);
245 CHECK_STATUS(status, NT_STATUS_OK);
246 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
247 CHECK_STRING(search.out.netlogon.data.nt5_ex.forest, n1.data.nt5_ex.dns_domain);
248 CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
249 CHECK_STRING(search.out.netlogon.data.nt5_ex.domain_name, n1.data.nt5_ex.domain_name);
250 CHECK_STRING(search.out.netlogon.data.nt5_ex.pdc_name, n1.data.nt5_ex.pdc_name);
251 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
252 CHECK_STRING(search.out.netlogon.data.nt5_ex.server_site, n1.data.nt5_ex.server_site);
253 CHECK_STRING(search.out.netlogon.data.nt5_ex.client_site, n1.data.nt5_ex.client_site);
254
255 printf("Proof other results\n");
256 search.in.user = "Administrator";
257 status = cldap_netlogon(cldap, tctx, &search);
258 CHECK_STATUS(status, NT_STATUS_OK);
259 CHECK_STRING(search.out.netlogon.data.nt5_ex.forest, n1.data.nt5_ex.dns_domain);
260 CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
261 CHECK_STRING(search.out.netlogon.data.nt5_ex.domain_name, n1.data.nt5_ex.domain_name);
262 CHECK_STRING(search.out.netlogon.data.nt5_ex.pdc_name, n1.data.nt5_ex.pdc_name);
263 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user);
264 CHECK_STRING(search.out.netlogon.data.nt5_ex.server_site, n1.data.nt5_ex.server_site);
265 CHECK_STRING(search.out.netlogon.data.nt5_ex.client_site, n1.data.nt5_ex.client_site);
266
267 return true;
268 }
269
270 /*
271 test cldap netlogon server type flags
272 */
273 static bool test_cldap_netlogon_flags(struct torture_context *tctx,
274 const char *dest)
275 {
276 struct cldap_socket *cldap;
277 NTSTATUS status;
278 struct cldap_netlogon search;
279 struct netlogon_samlogon_response n1;
280 uint32_t server_type;
281 struct tsocket_address *dest_addr;
282 int ret;
283
284 ret = tsocket_address_inet_from_strings(tctx, "ip",
285 dest,
286 lpcfg_cldap_port(tctx->lp_ctx),
287 &dest_addr);
288 CHECK_VAL(ret, 0);
289
290 /* cldap_socket_init should now know about the dest. address */
291 status = cldap_socket_init(tctx, NULL, NULL, dest_addr, &cldap);
292 CHECK_STATUS(status, NT_STATUS_OK);
293
294 printf("Printing out netlogon server type flags: %s\n", dest);
295
296 ZERO_STRUCT(search);
297 search.in.dest_address = NULL;
298 search.in.dest_port = 0;
299 search.in.acct_control = -1;
300 search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
301 search.in.map_response = true;
302
303 status = cldap_netlogon(cldap, tctx, &search);
304 CHECK_STATUS(status, NT_STATUS_OK);
305
306 n1 = search.out.netlogon;
307 if (n1.ntver == NETLOGON_NT_VERSION_5)
308 server_type = n1.data.nt5.server_type;
309 else if (n1.ntver == NETLOGON_NT_VERSION_5EX)
310 server_type = n1.data.nt5_ex.server_type;
311
312 printf("The word is: %i\n", server_type);
313 if (server_type & NBT_SERVER_PDC)
314 printf("NBT_SERVER_PDC ");
315 if (server_type & NBT_SERVER_GC)
316 printf("NBT_SERVER_GC ");
317 if (server_type & NBT_SERVER_LDAP)
318 printf("NBT_SERVER_LDAP ");
319 if (server_type & NBT_SERVER_DS)
320 printf("NBT_SERVER_DS ");
321 if (server_type & NBT_SERVER_KDC)
322 printf("NBT_SERVER_KDC ");
323 if (server_type & NBT_SERVER_TIMESERV)
324 printf("NBT_SERVER_TIMESERV ");
325 if (server_type & NBT_SERVER_CLOSEST)
326 printf("NBT_SERVER_CLOSEST ");
327 if (server_type & NBT_SERVER_WRITABLE)
328 printf("NBT_SERVER_WRITABLE ");
329 if (server_type & NBT_SERVER_GOOD_TIMESERV)
330 printf("NBT_SERVER_GOOD_TIMESERV ");
331 if (server_type & NBT_SERVER_NDNC)
332 printf("NBT_SERVER_NDNC ");
333 if (server_type & NBT_SERVER_SELECT_SECRET_DOMAIN_6)
334 printf("NBT_SERVER_SELECT_SECRET_DOMAIN_6");
335 if (server_type & NBT_SERVER_FULL_SECRET_DOMAIN_6)
336 printf("NBT_SERVER_FULL_SECRET_DOMAIN_6");
337 if (server_type & DS_DNS_CONTROLLER)
338 printf("DS_DNS_CONTROLLER ");
339 if (server_type & DS_DNS_DOMAIN)
340 printf("DS_DNS_DOMAIN ");
341 if (server_type & DS_DNS_FOREST_ROOT)
342 printf("DS_DNS_FOREST_ROOT ");
343
344 printf("\n");
345
346 return true;
347 }
348
349 /*
350 convert a ldap result message to a ldb message. This allows us to
351 use the convenient ldif dump routines in ldb to print out cldap
352 search results
353 */
354 static struct ldb_message *ldap_msg_to_ldb(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, struct ldap_SearchResEntry *res)
355 {
356 struct ldb_message *msg;
357
358 msg = ldb_msg_new(mem_ctx);
359 msg->dn = ldb_dn_new(msg, ldb, res->dn);
360 msg->num_elements = res->num_attributes;
361 msg->elements = talloc_steal(msg, res->attributes);
362 return msg;
363 }
364
365 /*
366 dump a set of cldap results
367 */
368 static void cldap_dump_results(struct cldap_search *search)
369 {
370 struct ldb_ldif ldif;
371 struct ldb_context *ldb;
372
373 if (!search || !(search->out.response)) {
374 return;
375 }
376
377 /* we need a ldb context to use ldb_ldif_write_file() */
378 ldb = ldb_init(NULL, NULL);
379
380 ZERO_STRUCT(ldif);
381 ldif.msg = ldap_msg_to_ldb(ldb, ldb, search->out.response);
382
383 ldb_ldif_write_file(ldb, stdout, &ldif);
384
385 talloc_free(ldb);
386 }
387
388
389 /*
390 test cldap netlogon server type flag "NBT_SERVER_FOREST_ROOT"
391 */
392 static bool test_cldap_netlogon_flag_ds_dns_forest(struct torture_context *tctx,
393 const char *dest)
394 {
395 struct cldap_socket *cldap;
396 NTSTATUS status;
397 struct cldap_netlogon search;
398 uint32_t server_type;
399 struct netlogon_samlogon_response n1;
400 bool result = true;
401 struct tsocket_address *dest_addr;
402 int ret;
403
404 ret = tsocket_address_inet_from_strings(tctx, "ip",
405 dest,
406 lpcfg_cldap_port(tctx->lp_ctx),
407 &dest_addr);
408 CHECK_VAL(ret, 0);
409
410 /* cldap_socket_init should now know about the dest. address */
411 status = cldap_socket_init(tctx, NULL, NULL, dest_addr, &cldap);
412 CHECK_STATUS(status, NT_STATUS_OK);
413
414 printf("Testing netlogon server type flag NBT_SERVER_FOREST_ROOT: ");
415
416 ZERO_STRUCT(search);
417 search.in.dest_address = NULL;
418 search.in.dest_port = 0;
419 search.in.acct_control = -1;
420 search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
421 search.in.map_response = true;
422
423 status = cldap_netlogon(cldap, tctx, &search);
424 CHECK_STATUS(status, NT_STATUS_OK);
425
426 n1 = search.out.netlogon;
427 if (n1.ntver == NETLOGON_NT_VERSION_5)
428 server_type = n1.data.nt5.server_type;
429 else if (n1.ntver == NETLOGON_NT_VERSION_5EX)
430 server_type = n1.data.nt5_ex.server_type;
431
432 if (server_type & DS_DNS_FOREST_ROOT) {
433 struct cldap_search search2;
434 const char *attrs[] = { "defaultNamingContext", "rootDomainNamingContext",
435 NULL };
436 struct ldb_context *ldb;
437 struct ldb_message *msg;
438
439 /* Trying to fetch the attributes "defaultNamingContext" and
440 "rootDomainNamingContext" */
441 ZERO_STRUCT(search2);
442 search2.in.dest_address = dest;
443 search2.in.dest_port = lpcfg_cldap_port(tctx->lp_ctx);
444 search2.in.timeout = 10;
445 search2.in.retries = 3;
446 search2.in.filter = "(objectclass=*)";
447 search2.in.attributes = attrs;
448
449 status = cldap_search(cldap, tctx, &search2);
450 CHECK_STATUS(status, NT_STATUS_OK);
451
452 ldb = ldb_init(NULL, NULL);
453
454 msg = ldap_msg_to_ldb(ldb, ldb, search2.out.response);
455
456 /* Try to compare the two attributes */
457 if (ldb_msg_element_compare(ldb_msg_find_element(msg, attrs[0]),
458 ldb_msg_find_element(msg, attrs[1])))
459 result = false;
460
461 talloc_free(ldb);
462 }
463
464 if (result)
465 printf("passed\n");
466 else
467 printf("failed\n");
468
469 return result;
470 }
471
472 /*
473 test generic cldap operations
474 */
475 static bool test_cldap_generic(struct torture_context *tctx, const char *dest)
476 {
477 struct cldap_socket *cldap;
478 NTSTATUS status;
479 struct cldap_search search;
480 const char *attrs1[] = { "currentTime", "highestCommittedUSN", NULL };
481 const char *attrs2[] = { "currentTime", "highestCommittedUSN", "netlogon", NULL };
482 const char *attrs3[] = { "netlogon", NULL };
483 struct tsocket_address *dest_addr;
484 int ret;
485
486 ret = tsocket_address_inet_from_strings(tctx, "ip",
487 dest,
488 lpcfg_cldap_port(tctx->lp_ctx),
489 &dest_addr);
490 CHECK_VAL(ret, 0);
491
492 /* cldap_socket_init should now know about the dest. address */
493 status = cldap_socket_init(tctx, NULL, NULL, dest_addr, &cldap);
494 CHECK_STATUS(status, NT_STATUS_OK);
495
496 ZERO_STRUCT(search);
497 search.in.dest_address = NULL;
498 search.in.dest_port = 0;
499 search.in.timeout = 10;
500 search.in.retries = 3;
501
502 status = cldap_search(cldap, tctx, &search);
503 CHECK_STATUS(status, NT_STATUS_OK);
504
505 printf("fetching whole rootDSE\n");
506 search.in.filter = "(objectclass=*)";
507 search.in.attributes = NULL;
508
509 status = cldap_search(cldap, tctx, &search);
510 CHECK_STATUS(status, NT_STATUS_OK);
511
512 if (DEBUGLVL(3)) cldap_dump_results(&search);
513
514 printf("fetching currentTime and USN\n");
515 search.in.filter = "(objectclass=*)";
516 search.in.attributes = attrs1;
517
518 status = cldap_search(cldap, tctx, &search);
519 CHECK_STATUS(status, NT_STATUS_OK);
520
521 if (DEBUGLVL(3)) cldap_dump_results(&search);
522
523 printf("Testing currentTime, USN and netlogon\n");
524 search.in.filter = "(objectclass=*)";
525 search.in.attributes = attrs2;
526
527 status = cldap_search(cldap, tctx, &search);
528 CHECK_STATUS(status, NT_STATUS_OK);
529
530 if (DEBUGLVL(3)) cldap_dump_results(&search);
531
532 printf("Testing objectClass=* and netlogon\n");
533 search.in.filter = "(objectclass2=*)";
534 search.in.attributes = attrs3;
535
536 status = cldap_search(cldap, tctx, &search);
537 CHECK_STATUS(status, NT_STATUS_OK);
538
539 if (DEBUGLVL(3)) cldap_dump_results(&search);
540
541 printf("Testing a false expression\n");
542 search.in.filter = "(&(objectclass=*)(highestCommittedUSN=2))";
543 search.in.attributes = attrs1;
544
545 status = cldap_search(cldap, tctx, &search);
546 CHECK_STATUS(status, NT_STATUS_OK);
547
548 if (DEBUGLVL(3)) cldap_dump_results(&search);
549
550 return true;
551 }
552
553 bool torture_cldap(struct torture_context *torture)
554 {
555 bool ret = true;
556 const char *host = torture_setting_string(torture, "host", NULL);
557
558 ret &= test_cldap_netlogon(torture, host);
559 ret &= test_cldap_netlogon_flags(torture, host);
560 ret &= test_cldap_netlogon_flag_ds_dns_forest(torture, host);
561 ret &= test_cldap_generic(torture, host);
562
563 return ret;
564 }
565
reg import