search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
samba-3.5.8 for ARM
[tomato.git] / release / src-rt-6.x.4708 / router / samba-3.5.8 / source4 / torture / ldap / basic.c
blobc2a26f81b8cdce3cbb7b2ce3993a16c171a96bff
1 /*
2 Unix SMB/CIFS mplementation.
3 LDAP protocol helper functions for SAMBA
4
5 Copyright (C) Stefan Metzmacher 2004
6 Copyright (C) Simo Sorce 2004
7 Copyright (C) Matthias Dieter Wallnöfer 2009
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
21
22 */
23
24 #include "includes.h"
25 #include "libcli/ldap/ldap_client.h"
26 #include "lib/cmdline/popt_common.h"
27
28 #include "torture/torture.h"
29 #include "torture/ldap/proto.h"
30
31 #include "param/param.h"
32
33 static bool test_bind_simple(struct ldap_connection *conn, const char *userdn, const char *password)
34 {
35 NTSTATUS status;
36 bool ret = true;
37
38 status = torture_ldap_bind(conn, userdn, password);
39 if (!NT_STATUS_IS_OK(status)) {
40 ret = false;
41 }
42
43 return ret;
44 }
45
46 static bool test_bind_sasl(struct torture_context *tctx,
47 struct ldap_connection *conn, struct cli_credentials *creds)
48 {
49 NTSTATUS status;
50 bool ret = true;
51
52 printf("Testing sasl bind as user\n");
53
54 status = torture_ldap_bind_sasl(conn, creds, tctx->lp_ctx);
55 if (!NT_STATUS_IS_OK(status)) {
56 ret = false;
57 }
58
59 return ret;
60 }
61
62 static bool test_multibind(struct ldap_connection *conn, const char *userdn, const char *password)
63 {
64 bool ret = true;
65
66 printf("Testing multiple binds on a single connnection as anonymous and user\n");
67
68 ret = test_bind_simple(conn, NULL, NULL);
69 if (!ret) {
70 printf("1st bind as anonymous failed\n");
71 return ret;
72 }
73
74 ret = test_bind_simple(conn, userdn, password);
75 if (!ret) {
76 printf("2nd bind as authenticated user failed\n");
77 }
78
79 return ret;
80 }
81
82 static bool test_search_rootDSE(struct ldap_connection *conn, char **basedn)
83 {
84 bool ret = true;
85 struct ldap_message *msg, *result;
86 struct ldap_request *req;
87 int i;
88 struct ldap_SearchResEntry *r;
89 NTSTATUS status;
90
91 printf("Testing RootDSE Search\n");
92
93 *basedn = NULL;
94
95 msg = new_ldap_message(conn);
96 if (!msg) {
97 return false;
98 }
99
100 msg->type = LDAP_TAG_SearchRequest;
101 msg->r.SearchRequest.basedn = "";
102 msg->r.SearchRequest.scope = LDAP_SEARCH_SCOPE_BASE;
103 msg->r.SearchRequest.deref = LDAP_DEREFERENCE_NEVER;
104 msg->r.SearchRequest.timelimit = 0;
105 msg->r.SearchRequest.sizelimit = 0;
106 msg->r.SearchRequest.attributesonly = false;
107 msg->r.SearchRequest.tree = ldb_parse_tree(msg, "(objectclass=*)");
108 msg->r.SearchRequest.num_attributes = 0;
109 msg->r.SearchRequest.attributes = NULL;
110
111 req = ldap_request_send(conn, msg);
112 if (req == NULL) {
113 printf("Could not setup ldap search\n");
114 return false;
115 }
116
117 status = ldap_result_one(req, &result, LDAP_TAG_SearchResultEntry);
118 if (!NT_STATUS_IS_OK(status)) {
119 printf("search failed - %s\n", nt_errstr(status));
120 return false;
121 }
122
123 printf("received %d replies\n", req->num_replies);
124
125 r = &result->r.SearchResultEntry;
126
127 DEBUG(1,("\tdn: %s\n", r->dn));
128 for (i=0; i<r->num_attributes; i++) {
129 int j;
130 for (j=0; j<r->attributes[i].num_values; j++) {
131 DEBUG(1,("\t%s: %d %.*s\n", r->attributes[i].name,
132 (int)r->attributes[i].values[j].length,
133 (int)r->attributes[i].values[j].length,
134 (char *)r->attributes[i].values[j].data));
135 if (!(*basedn) &&
136 strcasecmp("defaultNamingContext",r->attributes[i].name)==0) {
137 *basedn = talloc_asprintf(conn, "%.*s",
138 (int)r->attributes[i].values[j].length,
139 (char *)r->attributes[i].values[j].data);
140 }
141 }
142 }
143
144 talloc_free(req);
145
146 return ret;
147 }
148
149 static bool test_compare_sasl(struct ldap_connection *conn, const char *basedn)
150 {
151 struct ldap_message *msg, *rep;
152 struct ldap_request *req;
153 const char *val;
154 NTSTATUS status;
155
156 printf("Testing SASL Compare: %s\n", basedn);
157
158 if (!basedn) {
159 return false;
160 }
161
162 msg = new_ldap_message(conn);
163 if (!msg) {
164 return false;
165 }
166
167 msg->type = LDAP_TAG_CompareRequest;
168 msg->r.CompareRequest.dn = basedn;
169 msg->r.CompareRequest.attribute = talloc_strdup(msg, "objectClass");
170 val = "domain";
171 msg->r.CompareRequest.value = data_blob_talloc(msg, val, strlen(val));
172
173 req = ldap_request_send(conn, msg);
174 if (!req) {
175 return false;
176 }
177
178 status = ldap_result_one(req, &rep, LDAP_TAG_CompareResponse);
179 if (!NT_STATUS_IS_OK(status)) {
180 printf("error in ldap compare request - %s\n", nt_errstr(status));
181 return false;
182 }
183
184 DEBUG(5,("Code: %d DN: [%s] ERROR:[%s] REFERRAL:[%s]\n",
185 rep->r.CompareResponse.resultcode,
186 rep->r.CompareResponse.dn,
187 rep->r.CompareResponse.errormessage,
188 rep->r.CompareResponse.referral));
189
190 return true;
191 }
192
193 /*
194 * This takes an AD error message and splits it into the WERROR code
195 * (WERR_DS_GENERIC if none found) and the reason (remaining string).
196 */
197 static WERROR ad_error(const char *err_msg, char **reason)
198 {
199 WERROR err = W_ERROR(strtol(err_msg, reason, 16));
200
201 if ((reason != NULL) && (*reason[0] != ':')) {
202 return WERR_DS_GENERIC_ERROR; /* not an AD std error message */
203 }
204
205 if (reason != NULL) {
206 *reason += 2; /* skip ": " */
207 }
208 return err;
209 }
210
211 static bool test_error_codes(struct torture_context *tctx,
212 struct ldap_connection *conn, const char *basedn)
213 {
214 struct ldap_message *msg, *rep;
215 struct ldap_request *req;
216 char *err_code_str, *endptr;
217 WERROR err;
218 NTSTATUS status;
219
220 printf("Testing error codes - to make this test pass against SAMBA 4 you have to specify the target!\n");
221
222 if (!basedn) {
223 return false;
224 }
225
226 msg = new_ldap_message(conn);
227 if (!msg) {
228 return false;
229 }
230
231 printf(" Try a wrong addition\n");
232
233 msg->type = LDAP_TAG_AddRequest;
234 msg->r.AddRequest.dn = basedn;
235 msg->r.AddRequest.num_attributes = 0;
236 msg->r.AddRequest.attributes = NULL;
237
238 req = ldap_request_send(conn, msg);
239 if (!req) {
240 return false;
241 }
242
243 status = ldap_result_one(req, &rep, LDAP_TAG_AddResponse);
244 if (!NT_STATUS_IS_OK(status)) {
245 printf("error in ldap addition request - %s\n", nt_errstr(status));
246 return false;
247 }
248
249 if ((rep->r.AddResponse.resultcode == 0)
250 || (rep->r.AddResponse.errormessage == NULL)
251 || (strtol(rep->r.AddResponse.errormessage, &endptr,16) <= 0)
252 || (*endptr != ':')) {
253 printf("Invalid error message!\n");
254 return false;
255 }
256
257 err = ad_error(rep->r.AddResponse.errormessage, &endptr);
258 err_code_str = win_errstr(err);
259 printf(" - Errorcode: %s; Reason: %s\n", err_code_str, endptr);
260 if (!torture_setting_bool(tctx, "samba4", false)) {
261 if ((!W_ERROR_EQUAL(err, WERR_DS_REFERRAL))
262 || (rep->r.AddResponse.resultcode != 10)) {
263 return false;
264 }
265 } else {
266 if ((!W_ERROR_EQUAL(err, WERR_DS_GENERIC_ERROR))
267 || (rep->r.AddResponse.resultcode != 80)) {
268 return false;
269 }
270 }
271
272 printf(" Try a wrong modification\n");
273
274 msg->type = LDAP_TAG_ModifyRequest;
275 msg->r.ModifyRequest.dn = "";
276 msg->r.ModifyRequest.num_mods = 0;
277 msg->r.ModifyRequest.mods = NULL;
278
279 req = ldap_request_send(conn, msg);
280 if (!req) {
281 return false;
282 }
283
284 status = ldap_result_one(req, &rep, LDAP_TAG_ModifyResponse);
285 if (!NT_STATUS_IS_OK(status)) {
286 printf("error in ldap modifification request - %s\n", nt_errstr(status));
287 return false;
288 }
289
290 if ((rep->r.ModifyResponse.resultcode == 0)
291 || (rep->r.ModifyResponse.errormessage == NULL)
292 || (strtol(rep->r.ModifyResponse.errormessage, &endptr,16) <= 0)
293 || (*endptr != ':')) {
294 printf("Invalid error message!\n");
295 return false;
296 }
297
298 err = ad_error(rep->r.ModifyResponse.errormessage, &endptr);
299 err_code_str = win_errstr(err);
300 printf(" - Errorcode: %s; Reason: %s\n", err_code_str, endptr);
301 if (!torture_setting_bool(tctx, "samba4", false)) {
302 if ((!W_ERROR_EQUAL(err, WERR_INVALID_PARAM))
303 || (rep->r.ModifyResponse.resultcode != 53)) {
304 return false;
305 }
306 } else {
307 if ((!W_ERROR_EQUAL(err, WERR_DS_GENERIC_ERROR))
308 || (rep->r.ModifyResponse.resultcode != 80)) {
309 return false;
310 }
311 }
312
313 printf(" Try a wrong removal\n");
314
315 msg->type = LDAP_TAG_DelRequest;
316 msg->r.DelRequest.dn = "";
317
318 req = ldap_request_send(conn, msg);
319 if (!req) {
320 return false;
321 }
322
323 status = ldap_result_one(req, &rep, LDAP_TAG_DelResponse);
324 if (!NT_STATUS_IS_OK(status)) {
325 printf("error in ldap removal request - %s\n", nt_errstr(status));
326 return false;
327 }
328
329 if ((rep->r.DelResponse.resultcode == 0)
330 || (rep->r.DelResponse.errormessage == NULL)
331 || (strtol(rep->r.DelResponse.errormessage, &endptr,16) <= 0)
332 || (*endptr != ':')) {
333 printf("Invalid error message!\n");
334 return false;
335 }
336
337 err = ad_error(rep->r.DelResponse.errormessage, &endptr);
338 err_code_str = win_errstr(err);
339 printf(" - Errorcode: %s; Reason: %s\n", err_code_str, endptr);
340 if (!torture_setting_bool(tctx, "samba4", false)) {
341 if ((!W_ERROR_EQUAL(err, WERR_DS_OBJ_NOT_FOUND))
342 || (rep->r.DelResponse.resultcode != 32)) {
343 return false;
344 }
345 } else {
346 if ((!W_ERROR_EQUAL(err, WERR_DS_INVALID_DN_SYNTAX))
347 || (rep->r.DelResponse.resultcode != 34)) {
348 return false;
349 }
350 }
351
352 return true;
353 }
354
355 bool torture_ldap_basic(struct torture_context *torture)
356 {
357 NTSTATUS status;
358 struct ldap_connection *conn;
359 TALLOC_CTX *mem_ctx;
360 bool ret = true;
361 const char *host = torture_setting_string(torture, "host", NULL);
362 const char *userdn = torture_setting_string(torture, "ldap_userdn", NULL);
363 const char *secret = torture_setting_string(torture, "ldap_secret", NULL);
364 char *url;
365 char *basedn;
366
367 mem_ctx = talloc_init("torture_ldap_basic");
368
369 url = talloc_asprintf(mem_ctx, "ldap://%s/", host);
370
371 status = torture_ldap_connection(torture, &conn, url);
372 if (!NT_STATUS_IS_OK(status)) {
373 return false;
374 }
375
376 if (!test_search_rootDSE(conn, &basedn)) {
377 ret = false;
378 }
379
380 /* other bind tests here */
381
382 if (!test_multibind(conn, userdn, secret)) {
383 ret = false;
384 }
385
386 if (!test_bind_sasl(torture, conn, cmdline_credentials)) {
387 ret = false;
388 }
389
390 if (!test_compare_sasl(conn, basedn)) {
391 ret = false;
392 }
393
394 /* error codes test here */
395
396 if (!test_error_codes(torture, conn, basedn)) {
397 ret = false;
398 }
399
400 /* if there are no more tests we are closing */
401 torture_ldap_close(conn);
402 talloc_free(mem_ctx);
403
404 return ret;
405 }
406
Tomato firmware and modifications.