r1793: try to bind multiple times as anonimous and user

added -D parameter to torture to be able to specify:
- user dn
- base dn
- user secret
(This used to be commit 0eaec28f5c511a28764a1d350c2eaaf37272eb62)

diff --git a/source4/torture/ldap/basic.c b/source4/torture/ldap/basic.c
index 2227d70421b770c90c93dbd9cacf226c89c6ef10..a9ab023d9d81a814095470b6549f2014e515fa83 100644 (file)
--- a/source4/torture/ldap/basic.c
+++ b/source4/torture/ldap/basic.c
@@ -1,6 +1,28 @@
 
 #include "includes.h"
 
+BOOL test_multibind(struct ldap_connection *conn, TALLOC_CTX *mem_ctx, const char *userdn, const char *password)
+{
+       NTSTATUS status;
+       BOOL ret = True;
+
+       printf("\nTesting multiple binds on a single connnection as anonymous and user\n");
+
+       status = torture_ldap_bind(conn, userdn, password);
+       if (!NT_STATUS_IS_OK(status)) {
+               printf("1st bind as user over an anonymous bind failed\n");
+               return False;
+       }
+
+       status = torture_ldap_bind(conn, NULL, NULL);
+       if (!NT_STATUS_IS_OK(status)) {
+               printf("2nd bind as anonymous over an authenticated bind failed\n");
+               return False;
+       }
+
+       return ret;
+}
+
 BOOL torture_ldap_basic(int dummy)
 {
         NTSTATUS status;
@@ -8,20 +30,25 @@ BOOL torture_ldap_basic(int dummy)
        TALLOC_CTX *mem_ctx;
        BOOL ret = True;
        const char *host = lp_parm_string(-1, "torture", "host");
+       const char *userdn = lp_parm_string(-1, "torture", "ldap_userdn");
+       const char *basedn = lp_parm_string(-1, "torture", "ldap_basedn");
+       const char *secret = lp_parm_string(-1, "torture", "ldap_secret");
        char *url;
 
        mem_ctx = talloc_init("torture_ldap_basic");
 
        url = talloc_asprintf(mem_ctx, "ldap://%s/", host);
 
-       status = torture_ldap_connection(&conn, url);
+       status = torture_ldap_connection(&conn, url, NULL, NULL);
        if (!NT_STATUS_IS_OK(status)) {
                return False;
        }
 
        /* other basic tests here */
 
-       /* ---  nothing yet :-) --- */
+       if (!test_multibind(conn, mem_ctx, userdn, secret)) {
+               ret = False;
+       }
 
        /* no more test we are closing */
 

diff --git a/source4/torture/ldap/common.c b/source4/torture/ldap/common.c
index 7d8dcbe4da150e46dfbe94ad3039065530cc9f3f..7a3d8e48bed8ddeee867791e509ef9c40d3f7623 100644 (file)
--- a/source4/torture/ldap/common.c
+++ b/source4/torture/ldap/common.c
@@ -1,9 +1,30 @@
 #include "includes.h"
 
+NTSTATUS torture_ldap_bind(struct ldap_connection *conn, const char *userdn, const char *password)
+{
+        NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+       struct ldap_message *response;
+
+       if (!conn) {
+               printf("We need a valid ldap_connection structure and be connected\n");
+               return status;
+       }
+
+       response = ldap_bind_simple(conn, userdn, password);
+       if (!response || (response->r.BindResponse.response.resultcode != 0)) {
+               printf("Failed to bind with provided credentials\n");
+               /* FIXME: what abut actually implementing an ldap_connection_free() function ?
+                         :-) sss */
+               destroy_ldap_message(response);
+               return status;
+       }
+ 
+       return NT_STATUS_OK;
+}
+
 /* open a ldap connection to a server */
-/* TODO: Add support to pass over credentials */
 NTSTATUS torture_ldap_connection(struct ldap_connection **conn, 
-                               const char *url)
+                               const char *url, const char *userdn, const char *password)
 {
         NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
        BOOL ret;
@@ -19,9 +40,9 @@ NTSTATUS torture_ldap_connection(struct ldap_connection **conn,
                return status;
        }
 
-       ret = ldap_setup_connection(*conn, url);
+       ret = ldap_setup_connection(*conn, url, userdn, password);
        if (!ret) {
-               printf("Failed to connect with url [%s]", url);
+               printf("Failed to connect with url [%s]\n", url);
                /* FIXME: what abut actually implementing an ldap_connection_free() function ?
                          :-) sss */
                return status;

diff --git a/source4/torture/torture.c b/source4/torture/torture.c
index 6048d7c76da0362a0391be6ff09d1614e8908f23..c36ebde3cce129f05c223afb6bd15918a4de5cb7 100644 (file)
--- a/source4/torture/torture.c
+++ b/source4/torture/torture.c
@@ -4300,6 +4300,46 @@ static void parse_user(const char *user)
        }
 }
 
+static void parse_dns(const char *dns)
+{
+       char *userdn, *basedn, *secret;
+       char *p, *d;
+
+       /* retrievieng the userdn */
+       p = strchr_m(dns, '#');
+       if (!p) {
+               lp_set_cmdline("torture:ldap_userdn", "");
+               lp_set_cmdline("torture:ldap_basedn", "");
+               lp_set_cmdline("torture:ldap_secret", "");
+               return;
+       }
+       userdn = strndup(dns, p - dns);
+       lp_set_cmdline("torture:ldap_userdn", userdn);
+
+       /* retrieve the basedn */
+       d = p + 1;
+       p = strchr_m(d, '#');
+       if (!p) {
+               lp_set_cmdline("torture:ldap_basedn", "");
+               lp_set_cmdline("torture:ldap_secret", "");
+               return;
+       }
+       basedn = strndup(d, p - d);
+       lp_set_cmdline("torture:ldap_basedn", basedn);
+
+       /* retrieve the secret */
+       p = p + 1;
+       if (!p) {
+               lp_set_cmdline("torture:ldap_secret", "");
+               return;
+       }
+       secret = strdup(p);
+       lp_set_cmdline("torture:ldap_secret", secret);
+
+       printf ("%s - %s - %s\n", userdn, basedn, secret);
+
+}
+
 static void usage(void)
 {
        int i;
@@ -4393,7 +4433,7 @@ static void usage(void)
 
        srandom(time(NULL));
 
-       while ((opt = getopt(argc, argv, "p:hW:U:n:N:O:o:e:m:Ld:Ac:ks:f:s:t:C:X")) != EOF) {
+       while ((opt = getopt(argc, argv, "p:hW:D:U:n:N:O:o:e:m:Ld:Ac:ks:f:s:t:C:X")) != EOF) {
                switch (opt) {
                case 'p':
                        lp_set_cmdline("smb ports", optarg);
@@ -4452,6 +4492,9 @@ static void usage(void)
                case 'U':
                        parse_user(optarg);
                        break;
+               case 'D':
+                       parse_dns(optarg);
+                       break;
                case 'f':
                        torture_failures = atoi(optarg);
                        break;