source4/torture/ldap/cldap.c

   1 /*
   2    Unix SMB/CIFS mplementation.
   3
   4    test CLDAP operations
   5
   6    Copyright (C) Andrew Tridgell 2005
   7    Copyright (C) Matthias Dieter Wallnöfer 2009
   8
   9    This program is free software; you can redistribute it and/or modify
  10    it under the terms of the GNU General Public License as published by
  11    the Free Software Foundation; either version 3 of the License, or
  12    (at your option) any later version.
  13
  14    This program is distributed in the hope that it will be useful,
  15    but WITHOUT ANY WARRANTY; without even the implied warranty of
  16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17    GNU General Public License for more details.
  18
  19    You should have received a copy of the GNU General Public License
  20    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  21
  22 */
  23
  24 #include "includes.h"
  25 #include "libcli/cldap/cldap.h"
  26 #include "libcli/ldap/ldap_client.h"
  27 #include "librpc/gen_ndr/netlogon.h"
  28 #include "param/param.h"
  29 #include "../lib/tsocket/tsocket.h"
  30
  31 #include "torture/torture.h"
  32 #include "torture/ldap/proto.h"
  33
  34 #define CHECK_STATUS(status, correct) torture_assert_ntstatus_equal(tctx, status, correct, "incorrect status")
  35
  36 #define CHECK_VAL(v, correct) torture_assert_int_equal(tctx, (v), (correct), "incorrect value");
  37
  38 #define CHECK_STRING(v, correct) torture_assert_str_equal(tctx, v, correct, "incorrect value");
  39 /*
  40   test netlogon operations
  41 */
  42 static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest)
  43 {
  44         struct cldap_socket *cldap;
  45         NTSTATUS status;
  46         struct cldap_netlogon search, empty_search;
  47         struct netlogon_samlogon_response n1;
  48         struct GUID guid;
  49         int i;
  50         struct tsocket_address *dest_addr;
  51         int ret;
  52
  53         ret = tsocket_address_inet_from_strings(tctx, "ip",
  54                                                 dest,
  55                                                 lpcfg_cldap_port(tctx->lp_ctx),
  56                                                 &dest_addr);
  57         CHECK_VAL(ret, 0);
  58
  59         status = cldap_socket_init(tctx, NULL, dest_addr, &cldap);
  60         CHECK_STATUS(status, NT_STATUS_OK);
  61
  62         ZERO_STRUCT(search);
  63         search.in.dest_address = NULL;
  64         search.in.dest_port = 0;
  65         search.in.acct_control = -1;
  66         search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
  67         search.in.map_response = true;
  68
  69         empty_search = search;
  70
  71         printf("Trying without any attributes\n");
  72         search = empty_search;
  73         status = cldap_netlogon(cldap, tctx, &search);
  74         CHECK_STATUS(status, NT_STATUS_OK);
  75
  76         n1 = search.out.netlogon;
  77
  78         search.in.user         = "Administrator";
  79         search.in.realm        = n1.data.nt5_ex.dns_domain;
  80         search.in.host         = "__cldap_torture__";
  81
  82         printf("Scanning for netlogon levels\n");
  83         for (i=0;i<256;i++) {
  84                 search.in.version = i;
  85                 printf("Trying netlogon level %d\n", i);
  86                 status = cldap_netlogon(cldap, tctx, &search);
  87                 CHECK_STATUS(status, NT_STATUS_OK);
  88         }
  89
  90         printf("Scanning for netlogon level bits\n");
  91         for (i=0;i<31;i++) {
  92                 search.in.version = (1<<i);
  93                 printf("Trying netlogon level 0x%x\n", i);
  94                 status = cldap_netlogon(cldap, tctx, &search);
  95                 CHECK_STATUS(status, NT_STATUS_OK);
  96         }
  97
  98         search.in.version = NETLOGON_NT_VERSION_5|NETLOGON_NT_VERSION_5EX|NETLOGON_NT_VERSION_IP;
  99         status = cldap_netlogon(cldap, tctx, &search);
 100         CHECK_STATUS(status, NT_STATUS_OK);
 101
 102         printf("Trying with User=NULL\n");
 103         search.in.user = NULL;
 104         status = cldap_netlogon(cldap, tctx, &search);
 105         CHECK_STATUS(status, NT_STATUS_OK);
 106         CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
 107         CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
 108         torture_assert(tctx,
 109                        strstr(search.out.netlogon.data.nt5_ex.pdc_name, "\\\\") == NULL,
 110                        "PDC name should not be in UNC form");
 111
 112         printf("Trying with User=Administrator\n");
 113         search.in.user = "Administrator";
 114         status = cldap_netlogon(cldap, tctx, &search);
 115         CHECK_STATUS(status, NT_STATUS_OK);
 116         CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX);
 117         CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user);
 118         torture_assert(tctx,
 119                        strstr(search.out.netlogon.data.nt5_ex.pdc_name, "\\\\") == NULL,
 120                        "PDC name should not be in UNC form");
 121
 122         search.in.version = NETLOGON_NT_VERSION_5;
 123         status = cldap_netlogon(cldap, tctx, &search);
 124         CHECK_STATUS(status, NT_STATUS_OK);
 125
 126         printf("Trying with User=NULL\n");
 127         search.in.user = NULL;
 128         status = cldap_netlogon(cldap, tctx, &search);
 129         CHECK_STATUS(status, NT_STATUS_OK);
 130         CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE);
 131         CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
 132         torture_assert(tctx,
 133                        strstr(search.out.netlogon.data.nt5_ex.pdc_name, "\\\\") != NULL,
 134                        "PDC name should be in UNC form");
 135
 136         printf("Trying with User=Administrator\n");
 137         search.in.user = "Administrator";
 138         status = cldap_netlogon(cldap, tctx, &search);
 139         CHECK_STATUS(status, NT_STATUS_OK);
 140         CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN);
 141         CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user);
 142         torture_assert(tctx,
 143                        strstr(search.out.netlogon.data.nt5_ex.pdc_name, "\\\\") != NULL,
 144                        "PDC name should be in UNC form");
 145
 146         search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
 147
 148         printf("Trying with a GUID\n");
 149         search.in.realm       = NULL;
 150         search.in.domain_guid = GUID_string(tctx, &n1.data.nt5_ex.domain_uuid);
 151         status = cldap_netlogon(cldap, tctx, &search);
 152         CHECK_STATUS(status, NT_STATUS_OK);
 153         CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX);
 154         CHECK_STRING(GUID_string(tctx, &search.out.netlogon.data.nt5_ex.domain_uuid), search.in.domain_guid);
 155         torture_assert(tctx,
 156                        strstr(search.out.netlogon.data.nt5_ex.pdc_name, "\\\\") == NULL,
 157                        "PDC name should not be in UNC form");
 158
 159         printf("Trying with a incorrect GUID\n");
 160         guid = GUID_random();
 161         search.in.user        = NULL;
 162         search.in.domain_guid = GUID_string(tctx, &guid);
 163         status = cldap_netlogon(cldap, tctx, &search);
 164         CHECK_STATUS(status, NT_STATUS_NOT_FOUND);
 165
 166         printf("Trying with a AAC\n");
 167         search.in.acct_control = ACB_WSTRUST|ACB_SVRTRUST;
 168         search.in.realm = n1.data.nt5_ex.dns_domain;
 169         status = cldap_netlogon(cldap, tctx, &search);
 170         CHECK_STATUS(status, NT_STATUS_OK);
 171         CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
 172         CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
 173
 174         printf("Trying with a zero AAC\n");
 175         search.in.acct_control = 0x0;
 176         search.in.realm = n1.data.nt5_ex.dns_domain;
 177         status = cldap_netlogon(cldap, tctx, &search);
 178         CHECK_STATUS(status, NT_STATUS_OK);
 179         CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
 180         CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
 181
 182         printf("Trying with a zero AAC and user=Administrator\n");
 183         search.in.acct_control = 0x0;
 184         search.in.user = "Administrator";
 185         search.in.realm = n1.data.nt5_ex.dns_domain;
 186         status = cldap_netlogon(cldap, tctx, &search);
 187         CHECK_STATUS(status, NT_STATUS_OK);
 188         CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX);
 189         CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "Administrator");
 190
 191         printf("Trying with a bad AAC\n");
 192         search.in.user = NULL;
 193         search.in.acct_control = 0xFF00FF00;
 194         search.in.realm = n1.data.nt5_ex.dns_domain;
 195         status = cldap_netlogon(cldap, tctx, &search);
 196         CHECK_STATUS(status, NT_STATUS_OK);
 197         CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
 198         CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
 199
 200         printf("Trying with a user only\n");
 201         search = empty_search;
 202         search.in.user = "Administrator";
 203         status = cldap_netlogon(cldap, tctx, &search);
 204         CHECK_STATUS(status, NT_STATUS_OK);
 205         CHECK_STRING(search.out.netlogon.data.nt5_ex.forest, n1.data.nt5_ex.dns_domain);
 206         CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
 207         CHECK_STRING(search.out.netlogon.data.nt5_ex.domain_name, n1.data.nt5_ex.domain_name);
 208         CHECK_STRING(search.out.netlogon.data.nt5_ex.pdc_name, n1.data.nt5_ex.pdc_name);
 209         CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user);
 210         CHECK_STRING(search.out.netlogon.data.nt5_ex.server_site, n1.data.nt5_ex.server_site);
 211         CHECK_STRING(search.out.netlogon.data.nt5_ex.client_site, n1.data.nt5_ex.client_site);
 212
 213         printf("Trying with just a bad username\n");
 214         search.in.user = "___no_such_user___";
 215         status = cldap_netlogon(cldap, tctx, &search);
 216         CHECK_STATUS(status, NT_STATUS_OK);
 217         CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX);
 218         CHECK_STRING(search.out.netlogon.data.nt5_ex.forest, n1.data.nt5_ex.dns_domain);
 219         CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
 220         CHECK_STRING(search.out.netlogon.data.nt5_ex.domain_name, n1.data.nt5_ex.domain_name);
 221         CHECK_STRING(search.out.netlogon.data.nt5_ex.pdc_name, n1.data.nt5_ex.pdc_name);
 222         CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user);
 223         CHECK_STRING(search.out.netlogon.data.nt5_ex.server_site, n1.data.nt5_ex.server_site);
 224         CHECK_STRING(search.out.netlogon.data.nt5_ex.client_site, n1.data.nt5_ex.client_site);
 225
 226         printf("Trying with just a bad domain\n");
 227         search = empty_search;
 228         search.in.realm = "___no_such_domain___";
 229         status = cldap_netlogon(cldap, tctx, &search);
 230         CHECK_STATUS(status, NT_STATUS_NOT_FOUND);
 231
 232         printf("Trying with a incorrect domain and correct guid\n");
 233         search.in.domain_guid = GUID_string(tctx, &n1.data.nt5_ex.domain_uuid);
 234         status = cldap_netlogon(cldap, tctx, &search);
 235         CHECK_STATUS(status, NT_STATUS_OK);
 236         CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
 237         CHECK_STRING(search.out.netlogon.data.nt5_ex.forest, n1.data.nt5_ex.dns_domain);
 238         CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
 239         CHECK_STRING(search.out.netlogon.data.nt5_ex.domain_name, n1.data.nt5_ex.domain_name);
 240         CHECK_STRING(search.out.netlogon.data.nt5_ex.pdc_name, n1.data.nt5_ex.pdc_name);
 241         CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
 242         CHECK_STRING(search.out.netlogon.data.nt5_ex.server_site, n1.data.nt5_ex.server_site);
 243         CHECK_STRING(search.out.netlogon.data.nt5_ex.client_site, n1.data.nt5_ex.client_site);
 244
 245         printf("Trying with a incorrect domain and incorrect guid\n");
 246         search.in.domain_guid = GUID_string(tctx, &guid);
 247         status = cldap_netlogon(cldap, tctx, &search);
 248         CHECK_STATUS(status, NT_STATUS_NOT_FOUND);
 249         CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
 250         CHECK_STRING(search.out.netlogon.data.nt5_ex.forest, n1.data.nt5_ex.dns_domain);
 251         CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
 252         CHECK_STRING(search.out.netlogon.data.nt5_ex.domain_name, n1.data.nt5_ex.domain_name);
 253         CHECK_STRING(search.out.netlogon.data.nt5_ex.pdc_name, n1.data.nt5_ex.pdc_name);
 254         CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
 255         CHECK_STRING(search.out.netlogon.data.nt5_ex.server_site, n1.data.nt5_ex.server_site);
 256         CHECK_STRING(search.out.netlogon.data.nt5_ex.client_site, n1.data.nt5_ex.client_site);
 257
 258         printf("Trying with a incorrect GUID and correct domain\n");
 259         search.in.domain_guid = GUID_string(tctx, &guid);
 260         search.in.realm = n1.data.nt5_ex.dns_domain;
 261         status = cldap_netlogon(cldap, tctx, &search);
 262         CHECK_STATUS(status, NT_STATUS_OK);
 263         CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
 264         CHECK_STRING(search.out.netlogon.data.nt5_ex.forest, n1.data.nt5_ex.dns_domain);
 265         CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
 266         CHECK_STRING(search.out.netlogon.data.nt5_ex.domain_name, n1.data.nt5_ex.domain_name);
 267         CHECK_STRING(search.out.netlogon.data.nt5_ex.pdc_name, n1.data.nt5_ex.pdc_name);
 268         CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
 269         CHECK_STRING(search.out.netlogon.data.nt5_ex.server_site, n1.data.nt5_ex.server_site);
 270         CHECK_STRING(search.out.netlogon.data.nt5_ex.client_site, n1.data.nt5_ex.client_site);
 271
 272         printf("Proof other results\n");
 273         search.in.user = "Administrator";
 274         status = cldap_netlogon(cldap, tctx, &search);
 275         CHECK_STATUS(status, NT_STATUS_OK);
 276         CHECK_STRING(search.out.netlogon.data.nt5_ex.forest, n1.data.nt5_ex.dns_domain);
 277         CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
 278         CHECK_STRING(search.out.netlogon.data.nt5_ex.domain_name, n1.data.nt5_ex.domain_name);
 279         CHECK_STRING(search.out.netlogon.data.nt5_ex.pdc_name, n1.data.nt5_ex.pdc_name);
 280         CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user);
 281         CHECK_STRING(search.out.netlogon.data.nt5_ex.server_site, n1.data.nt5_ex.server_site);
 282         CHECK_STRING(search.out.netlogon.data.nt5_ex.client_site, n1.data.nt5_ex.client_site);
 283
 284         return true;
 285 }
 286
 287 /*
 288   test cldap netlogon server type flags
 289 */
 290 static bool test_cldap_netlogon_flags(struct torture_context *tctx,
 291         const char *dest)
 292 {
 293         struct cldap_socket *cldap;
 294         NTSTATUS status;
 295         struct cldap_netlogon search;
 296         struct netlogon_samlogon_response n1;
 297         uint32_t server_type;
 298         struct tsocket_address *dest_addr;
 299         int ret;
 300
 301         ret = tsocket_address_inet_from_strings(tctx, "ip",
 302                                                 dest,
 303                                                 lpcfg_cldap_port(tctx->lp_ctx),
 304                                                 &dest_addr);
 305         CHECK_VAL(ret, 0);
 306
 307         /* cldap_socket_init should now know about the dest. address */
 308         status = cldap_socket_init(tctx, NULL, dest_addr, &cldap);
 309         CHECK_STATUS(status, NT_STATUS_OK);
 310
 311         printf("Printing out netlogon server type flags: %s\n", dest);
 312
 313         ZERO_STRUCT(search);
 314         search.in.dest_address = NULL;
 315         search.in.dest_port = 0;
 316         search.in.acct_control = -1;
 317         search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
 318         search.in.map_response = true;
 319
 320         status = cldap_netlogon(cldap, tctx, &search);
 321         CHECK_STATUS(status, NT_STATUS_OK);
 322
 323         n1 = search.out.netlogon;
 324         if (n1.ntver == NETLOGON_NT_VERSION_5)
 325                 server_type = n1.data.nt5.server_type;
 326         else if (n1.ntver == NETLOGON_NT_VERSION_5EX)
 327                 server_type = n1.data.nt5_ex.server_type;
 328
 329         printf("The word is: %i\n", server_type);
 330         if (server_type & NBT_SERVER_PDC)
 331                 printf("NBT_SERVER_PDC ");
 332         if (server_type & NBT_SERVER_GC)
 333                 printf("NBT_SERVER_GC ");
 334         if (server_type & NBT_SERVER_LDAP)
 335                 printf("NBT_SERVER_LDAP ");
 336         if (server_type & NBT_SERVER_DS)
 337                 printf("NBT_SERVER_DS ");
 338         if (server_type & NBT_SERVER_KDC)
 339                 printf("NBT_SERVER_KDC ");
 340         if (server_type & NBT_SERVER_TIMESERV)
 341                 printf("NBT_SERVER_TIMESERV ");
 342         if (server_type & NBT_SERVER_CLOSEST)
 343                 printf("NBT_SERVER_CLOSEST ");
 344         if (server_type & NBT_SERVER_WRITABLE)
 345                 printf("NBT_SERVER_WRITABLE ");
 346         if (server_type & NBT_SERVER_GOOD_TIMESERV)
 347                 printf("NBT_SERVER_GOOD_TIMESERV ");
 348         if (server_type & NBT_SERVER_NDNC)
 349                 printf("NBT_SERVER_NDNC ");
 350         if (server_type & NBT_SERVER_SELECT_SECRET_DOMAIN_6)
 351                 printf("NBT_SERVER_SELECT_SECRET_DOMAIN_6");
 352         if (server_type & NBT_SERVER_FULL_SECRET_DOMAIN_6)
 353                 printf("NBT_SERVER_FULL_SECRET_DOMAIN_6");
 354         if (server_type & DS_DNS_CONTROLLER)
 355                 printf("DS_DNS_CONTROLLER ");
 356         if (server_type & DS_DNS_DOMAIN)
 357                 printf("DS_DNS_DOMAIN ");
 358         if (server_type & DS_DNS_FOREST_ROOT)
 359                 printf("DS_DNS_FOREST_ROOT ");
 360
 361         printf("\n");
 362
 363         return true;
 364 }
 365
 366 /*
 367   convert a ldap result message to a ldb message. This allows us to
 368   use the convenient ldif dump routines in ldb to print out cldap
 369   search results
 370 */
 371 static struct ldb_message *ldap_msg_to_ldb(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, struct ldap_SearchResEntry *res)
 372 {
 373         struct ldb_message *msg;
 374
 375         msg = ldb_msg_new(mem_ctx);
 376         msg->dn = ldb_dn_new(msg, ldb, res->dn);
 377         msg->num_elements = res->num_attributes;
 378         msg->elements = talloc_steal(msg, res->attributes);
 379         return msg;
 380 }
 381
 382 /*
 383   dump a set of cldap results
 384 */
 385 static void cldap_dump_results(struct cldap_search *search)
 386 {
 387         struct ldb_ldif ldif;
 388         struct ldb_context *ldb;
 389
 390         if (!search || !(search->out.response)) {
 391                 return;
 392         }
 393
 394         /* we need a ldb context to use ldb_ldif_write_file() */
 395         ldb = ldb_init(NULL, NULL);
 396
 397         ZERO_STRUCT(ldif);
 398         ldif.msg = ldap_msg_to_ldb(ldb, ldb, search->out.response);
 399
 400         ldb_ldif_write_file(ldb, stdout, &ldif);
 401
 402         talloc_free(ldb);
 403 }
 404
 405 /*
 406   test generic cldap operations
 407 */
 408 static bool test_cldap_generic(struct torture_context *tctx, const char *dest)
 409 {
 410         struct cldap_socket *cldap;
 411         NTSTATUS status;
 412         struct cldap_search search;
 413         const char *attrs1[] = { "currentTime", "highestCommittedUSN", NULL };
 414         const char *attrs2[] = { "currentTime", "highestCommittedUSN", "netlogon", NULL };
 415         const char *attrs3[] = { "netlogon", NULL };
 416         struct tsocket_address *dest_addr;
 417         int ret;
 418
 419         ret = tsocket_address_inet_from_strings(tctx, "ip",
 420                                                 dest,
 421                                                 lpcfg_cldap_port(tctx->lp_ctx),
 422                                                 &dest_addr);
 423         CHECK_VAL(ret, 0);
 424
 425         /* cldap_socket_init should now know about the dest. address */
 426         status = cldap_socket_init(tctx, NULL, dest_addr, &cldap);
 427         CHECK_STATUS(status, NT_STATUS_OK);
 428
 429         ZERO_STRUCT(search);
 430         search.in.dest_address = NULL;
 431         search.in.dest_port = 0;
 432         search.in.timeout = 10;
 433         search.in.retries = 3;
 434
 435         status = cldap_search(cldap, tctx, &search);
 436         CHECK_STATUS(status, NT_STATUS_OK);
 437
 438         printf("fetching whole rootDSE\n");
 439         search.in.filter = "(objectclass=*)";
 440         search.in.attributes = NULL;
 441
 442         status = cldap_search(cldap, tctx, &search);
 443         CHECK_STATUS(status, NT_STATUS_OK);
 444
 445         if (DEBUGLVL(3)) cldap_dump_results(&search);
 446
 447         printf("fetching currentTime and USN\n");
 448         search.in.filter = "(objectclass=*)";
 449         search.in.attributes = attrs1;
 450
 451         status = cldap_search(cldap, tctx, &search);
 452         CHECK_STATUS(status, NT_STATUS_OK);
 453
 454         if (DEBUGLVL(3)) cldap_dump_results(&search);
 455
 456         printf("Testing currentTime, USN and netlogon\n");
 457         search.in.filter = "(objectclass=*)";
 458         search.in.attributes = attrs2;
 459
 460         status = cldap_search(cldap, tctx, &search);
 461         CHECK_STATUS(status, NT_STATUS_OK);
 462
 463         if (DEBUGLVL(3)) cldap_dump_results(&search);
 464
 465         printf("Testing objectClass=* and netlogon\n");
 466         search.in.filter = "(objectclass2=*)";
 467         search.in.attributes = attrs3;
 468
 469         status = cldap_search(cldap, tctx, &search);
 470         CHECK_STATUS(status, NT_STATUS_OK);
 471
 472         if (DEBUGLVL(3)) cldap_dump_results(&search);
 473
 474         printf("Testing a false expression\n");
 475         search.in.filter = "(&(objectclass=*)(highestCommittedUSN=2))";
 476         search.in.attributes = attrs1;
 477
 478         status = cldap_search(cldap, tctx, &search);
 479         CHECK_STATUS(status, NT_STATUS_OK);
 480
 481         if (DEBUGLVL(3)) cldap_dump_results(&search);
 482
 483         return true;
 484 }
 485
 486 bool torture_cldap(struct torture_context *torture)
 487 {
 488         bool ret = true;
 489         const char *host = torture_setting_string(torture, "host", NULL);
 490
 491         ret &= test_cldap_netlogon(torture, host);
 492         ret &= test_cldap_netlogon_flags(torture, host);
 493         ret &= test_cldap_generic(torture, host);
 494
 495         return ret;
 496 }
 497