source4/torture/ldap/cldap.c

   1 /*
   2    Unix SMB/CIFS mplementation.
   3
   4    test CLDAP operations
   5
   6    Copyright (C) Andrew Tridgell 2005
   7    Copyright (C) Matthias Dieter Wallnöfer 2009
   8
   9    This program is free software; you can redistribute it and/or modify
  10    it under the terms of the GNU General Public License as published by
  11    the Free Software Foundation; either version 3 of the License, or
  12    (at your option) any later version.
  13
  14    This program is distributed in the hope that it will be useful,
  15    but WITHOUT ANY WARRANTY; without even the implied warranty of
  16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17    GNU General Public License for more details.
  18
  19    You should have received a copy of the GNU General Public License
  20    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  21
  22 */
  23
  24 #include "includes.h"
  25 #include "libcli/cldap/cldap.h"
  26 #include "libcli/ldap/libcli_ldap.h"
  27 #include "librpc/gen_ndr/netlogon.h"
  28 #include "torture/torture.h"
  29 #include "param/param.h"
  30 #include "../lib/tsocket/tsocket.h"
  31
  32 #define CHECK_STATUS(status, correct) torture_assert_ntstatus_equal(tctx, status, correct, "incorrect status")
  33
  34 #define CHECK_VAL(v, correct) torture_assert_int_equal(tctx, (v), (correct), "incorrect value");
  35
  36 #define CHECK_STRING(v, correct) torture_assert_str_equal(tctx, v, correct, "incorrect value");
  37 /*
  38   test netlogon operations
  39 */
  40 static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest)
  41 {
  42         struct cldap_socket *cldap;
  43         NTSTATUS status;
  44         struct cldap_netlogon search, empty_search;
  45         struct netlogon_samlogon_response n1;
  46         struct GUID guid;
  47         int i;
  48         struct tsocket_address *dest_addr;
  49         int ret;
  50
  51         ret = tsocket_address_inet_from_strings(tctx, "ip",
  52                                                 dest,
  53                                                 lp_cldap_port(tctx->lp_ctx),
  54                                                 &dest_addr);
  55         CHECK_VAL(ret, 0);
  56
  57         status = cldap_socket_init(tctx, NULL, NULL, dest_addr, &cldap);
  58         CHECK_STATUS(status, NT_STATUS_OK);
  59
  60         ZERO_STRUCT(search);
  61         search.in.dest_address = NULL;
  62         search.in.dest_port = 0;
  63         search.in.acct_control = -1;
  64         search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
  65         search.in.map_response = true;
  66
  67         empty_search = search;
  68
  69         printf("Trying without any attributes\n");
  70         search = empty_search;
  71         status = cldap_netlogon(cldap, tctx, &search);
  72         CHECK_STATUS(status, NT_STATUS_OK);
  73
  74         n1 = search.out.netlogon;
  75
  76         search.in.user         = "Administrator";
  77         search.in.realm        = n1.data.nt5_ex.dns_domain;
  78         search.in.host         = "__cldap_torture__";
  79
  80         printf("Scanning for netlogon levels\n");
  81         for (i=0;i<256;i++) {
  82                 search.in.version = i;
  83                 printf("Trying netlogon level %d\n", i);
  84                 status = cldap_netlogon(cldap, tctx, &search);
  85                 CHECK_STATUS(status, NT_STATUS_OK);
  86         }
  87
  88         printf("Scanning for netlogon level bits\n");
  89         for (i=0;i<31;i++) {
  90                 search.in.version = (1<<i);
  91                 printf("Trying netlogon level 0x%x\n", i);
  92                 status = cldap_netlogon(cldap, tctx, &search);
  93                 CHECK_STATUS(status, NT_STATUS_OK);
  94         }
  95
  96         search.in.version = NETLOGON_NT_VERSION_5|NETLOGON_NT_VERSION_5EX|NETLOGON_NT_VERSION_IP;
  97         status = cldap_netlogon(cldap, tctx, &search);
  98         CHECK_STATUS(status, NT_STATUS_OK);
  99
 100         printf("Trying with User=NULL\n");
 101         search.in.user = NULL;
 102         status = cldap_netlogon(cldap, tctx, &search);
 103         CHECK_STATUS(status, NT_STATUS_OK);
 104         CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
 105         CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
 106
 107         printf("Trying with User=Administrator\n");
 108         search.in.user = "Administrator";
 109         status = cldap_netlogon(cldap, tctx, &search);
 110         CHECK_STATUS(status, NT_STATUS_OK);
 111         CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX);
 112         CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user);
 113
 114         search.in.version = NETLOGON_NT_VERSION_5;
 115         status = cldap_netlogon(cldap, tctx, &search);
 116         CHECK_STATUS(status, NT_STATUS_OK);
 117
 118         printf("Trying with User=NULL\n");
 119         search.in.user = NULL;
 120         status = cldap_netlogon(cldap, tctx, &search);
 121         CHECK_STATUS(status, NT_STATUS_OK);
 122         CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE);
 123         CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
 124
 125         printf("Trying with User=Administrator\n");
 126         search.in.user = "Administrator";
 127         status = cldap_netlogon(cldap, tctx, &search);
 128         CHECK_STATUS(status, NT_STATUS_OK);
 129         CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN);
 130         CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user);
 131
 132         search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
 133
 134         printf("Trying with a GUID\n");
 135         search.in.realm       = NULL;
 136         search.in.domain_guid = GUID_string(tctx, &n1.data.nt5_ex.domain_uuid);
 137         status = cldap_netlogon(cldap, tctx, &search);
 138         CHECK_STATUS(status, NT_STATUS_OK);
 139         CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX);
 140         CHECK_STRING(GUID_string(tctx, &search.out.netlogon.data.nt5_ex.domain_uuid), search.in.domain_guid);
 141
 142         printf("Trying with a incorrect GUID\n");
 143         guid = GUID_random();
 144         search.in.user        = NULL;
 145         search.in.domain_guid = GUID_string(tctx, &guid);
 146         status = cldap_netlogon(cldap, tctx, &search);
 147         CHECK_STATUS(status, NT_STATUS_NOT_FOUND);
 148
 149         printf("Trying with a AAC\n");
 150         search.in.acct_control = ACB_WSTRUST|ACB_SVRTRUST;
 151         search.in.realm = n1.data.nt5_ex.dns_domain;
 152         status = cldap_netlogon(cldap, tctx, &search);
 153         CHECK_STATUS(status, NT_STATUS_OK);
 154         CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
 155         CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
 156
 157         printf("Trying with a zero AAC\n");
 158         search.in.acct_control = 0x0;
 159         search.in.realm = n1.data.nt5_ex.dns_domain;
 160         status = cldap_netlogon(cldap, tctx, &search);
 161         CHECK_STATUS(status, NT_STATUS_OK);
 162         CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
 163         CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
 164
 165         printf("Trying with a zero AAC and user=Administrator\n");
 166         search.in.acct_control = 0x0;
 167         search.in.user = "Administrator";
 168         search.in.realm = n1.data.nt5_ex.dns_domain;
 169         status = cldap_netlogon(cldap, tctx, &search);
 170         CHECK_STATUS(status, NT_STATUS_OK);
 171         CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX);
 172         CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "Administrator");
 173
 174         printf("Trying with a bad AAC\n");
 175         search.in.user = NULL;
 176         search.in.acct_control = 0xFF00FF00;
 177         search.in.realm = n1.data.nt5_ex.dns_domain;
 178         status = cldap_netlogon(cldap, tctx, &search);
 179         CHECK_STATUS(status, NT_STATUS_OK);
 180         CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
 181         CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
 182
 183         printf("Trying with a user only\n");
 184         search = empty_search;
 185         search.in.user = "Administrator";
 186         status = cldap_netlogon(cldap, tctx, &search);
 187         CHECK_STATUS(status, NT_STATUS_OK);
 188         CHECK_STRING(search.out.netlogon.data.nt5_ex.forest, n1.data.nt5_ex.dns_domain);
 189         CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
 190         CHECK_STRING(search.out.netlogon.data.nt5_ex.domain_name, n1.data.nt5_ex.domain_name);
 191         CHECK_STRING(search.out.netlogon.data.nt5_ex.pdc_name, n1.data.nt5_ex.pdc_name);
 192         CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user);
 193         CHECK_STRING(search.out.netlogon.data.nt5_ex.server_site, n1.data.nt5_ex.server_site);
 194         CHECK_STRING(search.out.netlogon.data.nt5_ex.client_site, n1.data.nt5_ex.client_site);
 195
 196         printf("Trying with just a bad username\n");
 197         search.in.user = "___no_such_user___";
 198         status = cldap_netlogon(cldap, tctx, &search);
 199         CHECK_STATUS(status, NT_STATUS_OK);
 200         CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX);
 201         CHECK_STRING(search.out.netlogon.data.nt5_ex.forest, n1.data.nt5_ex.dns_domain);
 202         CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
 203         CHECK_STRING(search.out.netlogon.data.nt5_ex.domain_name, n1.data.nt5_ex.domain_name);
 204         CHECK_STRING(search.out.netlogon.data.nt5_ex.pdc_name, n1.data.nt5_ex.pdc_name);
 205         CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user);
 206         CHECK_STRING(search.out.netlogon.data.nt5_ex.server_site, n1.data.nt5_ex.server_site);
 207         CHECK_STRING(search.out.netlogon.data.nt5_ex.client_site, n1.data.nt5_ex.client_site);
 208
 209         printf("Trying with just a bad domain\n");
 210         search = empty_search;
 211         search.in.realm = "___no_such_domain___";
 212         status = cldap_netlogon(cldap, tctx, &search);
 213         CHECK_STATUS(status, NT_STATUS_NOT_FOUND);
 214
 215         printf("Trying with a incorrect domain and correct guid\n");
 216         search.in.domain_guid = GUID_string(tctx, &n1.data.nt5_ex.domain_uuid);
 217         status = cldap_netlogon(cldap, tctx, &search);
 218         CHECK_STATUS(status, NT_STATUS_OK);
 219         CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
 220         CHECK_STRING(search.out.netlogon.data.nt5_ex.forest, n1.data.nt5_ex.dns_domain);
 221         CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
 222         CHECK_STRING(search.out.netlogon.data.nt5_ex.domain_name, n1.data.nt5_ex.domain_name);
 223         CHECK_STRING(search.out.netlogon.data.nt5_ex.pdc_name, n1.data.nt5_ex.pdc_name);
 224         CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
 225         CHECK_STRING(search.out.netlogon.data.nt5_ex.server_site, n1.data.nt5_ex.server_site);
 226         CHECK_STRING(search.out.netlogon.data.nt5_ex.client_site, n1.data.nt5_ex.client_site);
 227
 228         printf("Trying with a incorrect domain and incorrect guid\n");
 229         search.in.domain_guid = GUID_string(tctx, &guid);
 230         status = cldap_netlogon(cldap, tctx, &search);
 231         CHECK_STATUS(status, NT_STATUS_NOT_FOUND);
 232         CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
 233         CHECK_STRING(search.out.netlogon.data.nt5_ex.forest, n1.data.nt5_ex.dns_domain);
 234         CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
 235         CHECK_STRING(search.out.netlogon.data.nt5_ex.domain_name, n1.data.nt5_ex.domain_name);
 236         CHECK_STRING(search.out.netlogon.data.nt5_ex.pdc_name, n1.data.nt5_ex.pdc_name);
 237         CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
 238         CHECK_STRING(search.out.netlogon.data.nt5_ex.server_site, n1.data.nt5_ex.server_site);
 239         CHECK_STRING(search.out.netlogon.data.nt5_ex.client_site, n1.data.nt5_ex.client_site);
 240
 241         printf("Trying with a incorrect GUID and correct domain\n");
 242         search.in.domain_guid = GUID_string(tctx, &guid);
 243         search.in.realm = n1.data.nt5_ex.dns_domain;
 244         status = cldap_netlogon(cldap, tctx, &search);
 245         CHECK_STATUS(status, NT_STATUS_OK);
 246         CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
 247         CHECK_STRING(search.out.netlogon.data.nt5_ex.forest, n1.data.nt5_ex.dns_domain);
 248         CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
 249         CHECK_STRING(search.out.netlogon.data.nt5_ex.domain_name, n1.data.nt5_ex.domain_name);
 250         CHECK_STRING(search.out.netlogon.data.nt5_ex.pdc_name, n1.data.nt5_ex.pdc_name);
 251         CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
 252         CHECK_STRING(search.out.netlogon.data.nt5_ex.server_site, n1.data.nt5_ex.server_site);
 253         CHECK_STRING(search.out.netlogon.data.nt5_ex.client_site, n1.data.nt5_ex.client_site);
 254
 255         printf("Proof other results\n");
 256         search.in.user = "Administrator";
 257         status = cldap_netlogon(cldap, tctx, &search);
 258         CHECK_STATUS(status, NT_STATUS_OK);
 259         CHECK_STRING(search.out.netlogon.data.nt5_ex.forest, n1.data.nt5_ex.dns_domain);
 260         CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
 261         CHECK_STRING(search.out.netlogon.data.nt5_ex.domain_name, n1.data.nt5_ex.domain_name);
 262         CHECK_STRING(search.out.netlogon.data.nt5_ex.pdc_name, n1.data.nt5_ex.pdc_name);
 263         CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user);
 264         CHECK_STRING(search.out.netlogon.data.nt5_ex.server_site, n1.data.nt5_ex.server_site);
 265         CHECK_STRING(search.out.netlogon.data.nt5_ex.client_site, n1.data.nt5_ex.client_site);
 266
 267         return true;
 268 }
 269
 270 /*
 271   test cldap netlogon server type flags
 272 */
 273 static bool test_cldap_netlogon_flags(struct torture_context *tctx,
 274         const char *dest)
 275 {
 276         struct cldap_socket *cldap;
 277         NTSTATUS status;
 278         struct cldap_netlogon search;
 279         struct netlogon_samlogon_response n1;
 280         uint32_t server_type;
 281         struct tsocket_address *dest_addr;
 282         int ret;
 283
 284         ret = tsocket_address_inet_from_strings(tctx, "ip",
 285                                                 dest,
 286                                                 lp_cldap_port(tctx->lp_ctx),
 287                                                 &dest_addr);
 288         CHECK_VAL(ret, 0);
 289
 290         /* cldap_socket_init should now know about the dest. address */
 291         status = cldap_socket_init(tctx, NULL, NULL, dest_addr, &cldap);
 292         CHECK_STATUS(status, NT_STATUS_OK);
 293
 294         printf("Printing out netlogon server type flags: %s\n", dest);
 295
 296         ZERO_STRUCT(search);
 297         search.in.dest_address = NULL;
 298         search.in.dest_port = 0;
 299         search.in.acct_control = -1;
 300         search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
 301         search.in.map_response = true;
 302
 303         status = cldap_netlogon(cldap, tctx, &search);
 304         CHECK_STATUS(status, NT_STATUS_OK);
 305
 306         n1 = search.out.netlogon;
 307         if (n1.ntver == NETLOGON_NT_VERSION_5)
 308                 server_type = n1.data.nt5.server_type;
 309         else if (n1.ntver == NETLOGON_NT_VERSION_5EX)
 310                 server_type = n1.data.nt5_ex.server_type;
 311
 312         printf("The word is: %i\n", server_type);
 313         if (server_type & NBT_SERVER_PDC)
 314                 printf("NBT_SERVER_PDC ");
 315         if (server_type & NBT_SERVER_GC)
 316                 printf("NBT_SERVER_GC ");
 317         if (server_type & NBT_SERVER_LDAP)
 318                 printf("NBT_SERVER_LDAP ");
 319         if (server_type & NBT_SERVER_DS)
 320                 printf("NBT_SERVER_DS ");
 321         if (server_type & NBT_SERVER_KDC)
 322                 printf("NBT_SERVER_KDC ");
 323         if (server_type & NBT_SERVER_TIMESERV)
 324                 printf("NBT_SERVER_TIMESERV ");
 325         if (server_type & NBT_SERVER_CLOSEST)
 326                 printf("NBT_SERVER_CLOSEST ");
 327         if (server_type & NBT_SERVER_WRITABLE)
 328                 printf("NBT_SERVER_WRITABLE ");
 329         if (server_type & NBT_SERVER_GOOD_TIMESERV)
 330                 printf("NBT_SERVER_GOOD_TIMESERV ");
 331         if (server_type & NBT_SERVER_NDNC)
 332                 printf("NBT_SERVER_NDNC ");
 333         if (server_type & NBT_SERVER_SELECT_SECRET_DOMAIN_6)
 334                 printf("NBT_SERVER_SELECT_SECRET_DOMAIN_6");
 335         if (server_type & NBT_SERVER_FULL_SECRET_DOMAIN_6)
 336                 printf("NBT_SERVER_FULL_SECRET_DOMAIN_6");
 337         if (server_type & DS_DNS_CONTROLLER)
 338                 printf("DS_DNS_CONTROLLER ");
 339         if (server_type & DS_DNS_DOMAIN)
 340                 printf("DS_DNS_DOMAIN ");
 341         if (server_type & DS_DNS_FOREST_ROOT)
 342                 printf("DS_DNS_FOREST_ROOT ");
 343
 344         printf("\n");
 345
 346         return true;
 347 }
 348
 349 /*
 350   convert a ldap result message to a ldb message. This allows us to
 351   use the convenient ldif dump routines in ldb to print out cldap
 352   search results
 353 */
 354 static struct ldb_message *ldap_msg_to_ldb(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, struct ldap_SearchResEntry *res)
 355 {
 356         struct ldb_message *msg;
 357
 358         msg = ldb_msg_new(mem_ctx);
 359         msg->dn = ldb_dn_new(msg, ldb, res->dn);
 360         msg->num_elements = res->num_attributes;
 361         msg->elements = talloc_steal(msg, res->attributes);
 362         return msg;
 363 }
 364
 365 /*
 366   dump a set of cldap results
 367 */
 368 static void cldap_dump_results(struct cldap_search *search)
 369 {
 370         struct ldb_ldif ldif;
 371         struct ldb_context *ldb;
 372
 373         if (!search || !(search->out.response)) {
 374                 return;
 375         }
 376
 377         /* we need a ldb context to use ldb_ldif_write_file() */
 378         ldb = ldb_init(NULL, NULL);
 379
 380         ZERO_STRUCT(ldif);
 381         ldif.msg = ldap_msg_to_ldb(ldb, ldb, search->out.response);
 382
 383         ldb_ldif_write_file(ldb, stdout, &ldif);
 384
 385         talloc_free(ldb);
 386 }
 387
 388
 389 /*
 390   test cldap netlogon server type flag "NBT_SERVER_FOREST_ROOT"
 391 */
 392 static bool test_cldap_netlogon_flag_ds_dns_forest(struct torture_context *tctx,
 393         const char *dest)
 394 {
 395         struct cldap_socket *cldap;
 396         NTSTATUS status;
 397         struct cldap_netlogon search;
 398         uint32_t server_type;
 399         struct netlogon_samlogon_response n1;
 400         bool result = true;
 401         struct tsocket_address *dest_addr;
 402         int ret;
 403
 404         ret = tsocket_address_inet_from_strings(tctx, "ip",
 405                                                 dest,
 406                                                 lp_cldap_port(tctx->lp_ctx),
 407                                                 &dest_addr);
 408         CHECK_VAL(ret, 0);
 409
 410         /* cldap_socket_init should now know about the dest. address */
 411         status = cldap_socket_init(tctx, NULL, NULL, dest_addr, &cldap);
 412         CHECK_STATUS(status, NT_STATUS_OK);
 413
 414         printf("Testing netlogon server type flag NBT_SERVER_FOREST_ROOT: ");
 415
 416         ZERO_STRUCT(search);
 417         search.in.dest_address = NULL;
 418         search.in.dest_port = 0;
 419         search.in.acct_control = -1;
 420         search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
 421         search.in.map_response = true;
 422
 423         status = cldap_netlogon(cldap, tctx, &search);
 424         CHECK_STATUS(status, NT_STATUS_OK);
 425
 426         n1 = search.out.netlogon;
 427         if (n1.ntver == NETLOGON_NT_VERSION_5)
 428                 server_type = n1.data.nt5.server_type;
 429         else if (n1.ntver == NETLOGON_NT_VERSION_5EX)
 430                 server_type = n1.data.nt5_ex.server_type;
 431
 432         if (server_type & DS_DNS_FOREST_ROOT) {
 433                 struct cldap_search search2;
 434                 const char *attrs[] = { "defaultNamingContext", "rootDomainNamingContext",
 435                         NULL };
 436                 struct ldb_context *ldb;
 437                 struct ldb_message *msg;
 438
 439                 /* Trying to fetch the attributes "defaultNamingContext" and
 440                    "rootDomainNamingContext" */
 441                 ZERO_STRUCT(search2);
 442                 search2.in.dest_address = dest;
 443                 search2.in.dest_port = lp_cldap_port(tctx->lp_ctx);
 444                 search2.in.timeout = 10;
 445                 search2.in.retries = 3;
 446                 search2.in.filter = "(objectclass=*)";
 447                 search2.in.attributes = attrs;
 448
 449                 status = cldap_search(cldap, tctx, &search2);
 450                 CHECK_STATUS(status, NT_STATUS_OK);
 451
 452                 ldb = ldb_init(NULL, NULL);
 453
 454                 msg = ldap_msg_to_ldb(ldb, ldb, search2.out.response);
 455
 456                 /* Try to compare the two attributes */
 457                 if (ldb_msg_element_compare(ldb_msg_find_element(msg, attrs[0]),
 458                         ldb_msg_find_element(msg, attrs[1])))
 459                         result = false;
 460
 461                 talloc_free(ldb);
 462         }
 463
 464         if (result)
 465                 printf("passed\n");
 466         else
 467                 printf("failed\n");
 468
 469         return result;
 470 }
 471
 472 /*
 473   test generic cldap operations
 474 */
 475 static bool test_cldap_generic(struct torture_context *tctx, const char *dest)
 476 {
 477         struct cldap_socket *cldap;
 478         NTSTATUS status;
 479         struct cldap_search search;
 480         const char *attrs1[] = { "currentTime", "highestCommittedUSN", NULL };
 481         const char *attrs2[] = { "currentTime", "highestCommittedUSN", "netlogon", NULL };
 482         const char *attrs3[] = { "netlogon", NULL };
 483         struct tsocket_address *dest_addr;
 484         int ret;
 485
 486         ret = tsocket_address_inet_from_strings(tctx, "ip",
 487                                                 dest,
 488                                                 lp_cldap_port(tctx->lp_ctx),
 489                                                 &dest_addr);
 490         CHECK_VAL(ret, 0);
 491
 492         /* cldap_socket_init should now know about the dest. address */
 493         status = cldap_socket_init(tctx, NULL, NULL, dest_addr, &cldap);
 494         CHECK_STATUS(status, NT_STATUS_OK);
 495
 496         ZERO_STRUCT(search);
 497         search.in.dest_address = NULL;
 498         search.in.dest_port = 0;
 499         search.in.timeout = 10;
 500         search.in.retries = 3;
 501
 502         status = cldap_search(cldap, tctx, &search);
 503         CHECK_STATUS(status, NT_STATUS_OK);
 504
 505         printf("fetching whole rootDSE\n");
 506         search.in.filter = "(objectclass=*)";
 507         search.in.attributes = NULL;
 508
 509         status = cldap_search(cldap, tctx, &search);
 510         CHECK_STATUS(status, NT_STATUS_OK);
 511
 512         if (DEBUGLVL(3)) cldap_dump_results(&search);
 513
 514         printf("fetching currentTime and USN\n");
 515         search.in.filter = "(objectclass=*)";
 516         search.in.attributes = attrs1;
 517
 518         status = cldap_search(cldap, tctx, &search);
 519         CHECK_STATUS(status, NT_STATUS_OK);
 520
 521         if (DEBUGLVL(3)) cldap_dump_results(&search);
 522
 523         printf("Testing currentTime, USN and netlogon\n");
 524         search.in.filter = "(objectclass=*)";
 525         search.in.attributes = attrs2;
 526
 527         status = cldap_search(cldap, tctx, &search);
 528         CHECK_STATUS(status, NT_STATUS_OK);
 529
 530         if (DEBUGLVL(3)) cldap_dump_results(&search);
 531
 532         printf("Testing objectClass=* and netlogon\n");
 533         search.in.filter = "(objectclass2=*)";
 534         search.in.attributes = attrs3;
 535
 536         status = cldap_search(cldap, tctx, &search);
 537         CHECK_STATUS(status, NT_STATUS_OK);
 538
 539         if (DEBUGLVL(3)) cldap_dump_results(&search);
 540
 541         printf("Testing a false expression\n");
 542         search.in.filter = "(&(objectclass=*)(highestCommittedUSN=2))";
 543         search.in.attributes = attrs1;
 544
 545         status = cldap_search(cldap, tctx, &search);
 546         CHECK_STATUS(status, NT_STATUS_OK);
 547
 548         if (DEBUGLVL(3)) cldap_dump_results(&search);
 549
 550         return true;
 551 }
 552
 553 bool torture_cldap(struct torture_context *torture)
 554 {
 555         bool ret = true;
 556         const char *host = torture_setting_string(torture, "host", NULL);
 557
 558         ret &= test_cldap_netlogon(torture, host);
 559         ret &= test_cldap_netlogon_flags(torture, host);
 560         ret &= test_cldap_netlogon_flag_ds_dns_forest(torture, host);
 561         ret &= test_cldap_generic(torture, host);
 562
 563         return ret;
 564 }
 565