2 Unix SMB/CIFS mplementation.
6 Copyright (C) Andrew Tridgell 2005
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "libcli/cldap/cldap.h"
25 #include "libcli/ldap/ldap.h"
26 #include "librpc/gen_ndr/ndr_nbt.h"
27 #include "torture/torture.h"
28 #include "lib/ldb/include/ldb.h"
29 #include "param/param.h"
31 #define CHECK_STATUS(status, correct) torture_assert_ntstatus_equal(tctx, status, correct, "incorrect status")
33 #define CHECK_VAL(v, correct) torture_assert_int_equal(tctx, (v), (correct), "incorrect value");
35 #define CHECK_STRING(v, correct) torture_assert_str_equal(tctx, v, correct, "incorrect value");
37 test netlogon operations
39 static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest)
41 struct cldap_socket *cldap = cldap_socket_init(tctx, NULL, lp_iconv_convenience(tctx->lp_ctx));
43 struct cldap_netlogon search, empty_search;
44 union nbt_cldap_netlogon n1;
49 search.in.dest_address = dest;
50 search.in.dest_port = lp_cldap_port(tctx->lp_ctx);
51 search.in.acct_control = -1;
52 search.in.version = 6;
54 empty_search = search;
56 printf("Trying without any attributes\n");
57 search = empty_search;
58 status = cldap_netlogon(cldap, tctx, &search);
59 CHECK_STATUS(status, NT_STATUS_OK);
61 n1 = search.out.netlogon;
63 search.in.user = "Administrator";
64 search.in.realm = n1.logon5.dns_domain;
65 search.in.host = "__cldap_torture__";
67 printf("Scanning for netlogon levels\n");
69 search.in.version = i;
70 printf("Trying netlogon level %d\n", i);
71 status = cldap_netlogon(cldap, tctx, &search);
72 CHECK_STATUS(status, NT_STATUS_OK);
75 printf("Scanning for netlogon level bits\n");
77 search.in.version = (1<<i);
78 printf("Trying netlogon level 0x%x\n", i);
79 status = cldap_netlogon(cldap, tctx, &search);
80 CHECK_STATUS(status, NT_STATUS_OK);
83 search.in.version = 0x20000006;
84 status = cldap_netlogon(cldap, tctx, &search);
85 CHECK_STATUS(status, NT_STATUS_OK);
87 printf("Trying with User=NULL\n");
89 search.in.user = NULL;
90 status = cldap_netlogon(cldap, tctx, &search);
91 CHECK_STATUS(status, NT_STATUS_OK);
92 CHECK_STRING(search.out.netlogon.logon5.user_name, "");
93 CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC2);
95 printf("Trying with User=Administrator\n");
97 search.in.user = "Administrator";
98 status = cldap_netlogon(cldap, tctx, &search);
99 CHECK_STATUS(status, NT_STATUS_OK);
101 CHECK_STRING(search.out.netlogon.logon5.user_name, search.in.user);
102 CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC_USER);
104 search.in.version = 6;
105 status = cldap_netlogon(cldap, tctx, &search);
106 CHECK_STATUS(status, NT_STATUS_OK);
108 printf("Trying with User=NULL\n");
110 search.in.user = NULL;
111 status = cldap_netlogon(cldap, tctx, &search);
112 CHECK_STATUS(status, NT_STATUS_OK);
113 CHECK_STRING(search.out.netlogon.logon5.user_name, "");
114 CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC2);
116 printf("Trying with User=Administrator\n");
118 search.in.user = "Administrator";
119 status = cldap_netlogon(cldap, tctx, &search);
120 CHECK_STATUS(status, NT_STATUS_OK);
122 CHECK_STRING(search.out.netlogon.logon5.user_name, search.in.user);
123 CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC_USER);
125 printf("Trying with a GUID\n");
126 search.in.realm = NULL;
127 search.in.domain_guid = GUID_string(tctx, &n1.logon5.domain_uuid);
128 status = cldap_netlogon(cldap, tctx, &search);
129 CHECK_STATUS(status, NT_STATUS_OK);
130 CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC_USER);
131 CHECK_STRING(GUID_string(tctx, &search.out.netlogon.logon5.domain_uuid), search.in.domain_guid);
133 printf("Trying with a incorrect GUID\n");
134 guid = GUID_random();
135 search.in.user = NULL;
136 search.in.domain_guid = GUID_string(tctx, &guid);
137 status = cldap_netlogon(cldap, tctx, &search);
138 CHECK_STATUS(status, NT_STATUS_NOT_FOUND);
140 printf("Trying with a AAC\n");
141 search.in.acct_control = 0x180;
142 search.in.realm = n1.logon5.dns_domain;
143 status = cldap_netlogon(cldap, tctx, &search);
144 CHECK_STATUS(status, NT_STATUS_OK);
145 CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC2);
146 CHECK_STRING(search.out.netlogon.logon5.user_name, "");
148 printf("Trying with a bad AAC\n");
149 search.in.acct_control = 0xFF00FF00;
150 search.in.realm = n1.logon5.dns_domain;
151 status = cldap_netlogon(cldap, tctx, &search);
152 CHECK_STATUS(status, NT_STATUS_OK);
154 printf("Trying with a user only\n");
155 search = empty_search;
156 search.in.user = "Administrator";
157 status = cldap_netlogon(cldap, tctx, &search);
158 CHECK_STATUS(status, NT_STATUS_OK);
159 CHECK_STRING(search.out.netlogon.logon5.dns_domain, n1.logon5.dns_domain);
160 CHECK_STRING(search.out.netlogon.logon5.user_name, search.in.user);
162 printf("Trying with just a bad username\n");
163 search.in.user = "___no_such_user___";
164 status = cldap_netlogon(cldap, tctx, &search);
165 CHECK_STATUS(status, NT_STATUS_OK);
166 CHECK_STRING(search.out.netlogon.logon5.user_name, search.in.user);
167 CHECK_STRING(search.out.netlogon.logon5.dns_domain, n1.logon5.dns_domain);
169 printf("Trying with just a bad domain\n");
170 search = empty_search;
171 search.in.realm = "___no_such_domain___";
172 status = cldap_netlogon(cldap, tctx, &search);
173 CHECK_STATUS(status, NT_STATUS_NOT_FOUND);
175 printf("Trying with a incorrect domain and correct guid\n");
176 search.in.domain_guid = GUID_string(tctx, &n1.logon5.domain_uuid);
177 status = cldap_netlogon(cldap, tctx, &search);
178 CHECK_STATUS(status, NT_STATUS_OK);
179 CHECK_STRING(search.out.netlogon.logon5.dns_domain, n1.logon5.dns_domain);
180 CHECK_STRING(search.out.netlogon.logon5.user_name, "");
181 CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC2);
183 printf("Trying with a incorrect domain and incorrect guid\n");
184 search.in.domain_guid = GUID_string(tctx, &guid);
185 status = cldap_netlogon(cldap, tctx, &search);
186 CHECK_STATUS(status, NT_STATUS_NOT_FOUND);
187 CHECK_STRING(search.out.netlogon.logon5.dns_domain, n1.logon5.dns_domain);
188 CHECK_STRING(search.out.netlogon.logon5.user_name, "");
189 CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC2);
191 printf("Trying with a incorrect GUID and correct domain\n");
192 search.in.domain_guid = GUID_string(tctx, &guid);
193 search.in.realm = n1.logon5.dns_domain;
194 status = cldap_netlogon(cldap, tctx, &search);
195 CHECK_STATUS(status, NT_STATUS_OK);
196 CHECK_STRING(search.out.netlogon.logon5.dns_domain, n1.logon5.dns_domain);
197 CHECK_STRING(search.out.netlogon.logon5.user_name, "");
198 CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC2);
204 convert a ldap result message to a ldb message. This allows us to
205 use the convenient ldif dump routines in ldb to print out cldap
208 static struct ldb_message *ldap_msg_to_ldb(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, struct ldap_SearchResEntry *res)
210 struct ldb_message *msg;
212 msg = ldb_msg_new(mem_ctx);
213 msg->dn = ldb_dn_new(msg, ldb, res->dn);
214 msg->num_elements = res->num_attributes;
215 msg->elements = talloc_steal(msg, res->attributes);
220 dump a set of cldap results
222 static void cldap_dump_results(struct cldap_search *search)
224 struct ldb_ldif ldif;
225 struct ldb_context *ldb;
227 if (!search || !(search->out.response)) {
231 /* we need a ldb context to use ldb_ldif_write_file() */
232 ldb = ldb_init(NULL);
235 ldif.msg = ldap_msg_to_ldb(ldb, ldb, search->out.response);
237 ldb_ldif_write_file(ldb, stdout, &ldif);
243 test generic cldap operations
245 static bool test_cldap_generic(struct torture_context *tctx, const char *dest)
247 struct cldap_socket *cldap = cldap_socket_init(tctx, NULL, lp_iconv_convenience(tctx->lp_ctx));
249 struct cldap_search search;
250 const char *attrs1[] = { "currentTime", "highestCommittedUSN", NULL };
251 const char *attrs2[] = { "currentTime", "highestCommittedUSN", "netlogon", NULL };
252 const char *attrs3[] = { "netlogon", NULL };
255 search.in.dest_address = dest;
256 search.in.dest_port = lp_cldap_port(tctx->lp_ctx);
257 search.in.timeout = 10;
258 search.in.retries = 3;
260 status = cldap_search(cldap, tctx, &search);
261 CHECK_STATUS(status, NT_STATUS_OK);
263 printf("fetching whole rootDSE\n");
264 search.in.filter = "(objectclass=*)";
265 search.in.attributes = NULL;
267 status = cldap_search(cldap, tctx, &search);
268 CHECK_STATUS(status, NT_STATUS_OK);
270 if (DEBUGLVL(3)) cldap_dump_results(&search);
272 printf("fetching currentTime and USN\n");
273 search.in.filter = "(objectclass=*)";
274 search.in.attributes = attrs1;
276 status = cldap_search(cldap, tctx, &search);
277 CHECK_STATUS(status, NT_STATUS_OK);
279 if (DEBUGLVL(3)) cldap_dump_results(&search);
281 printf("Testing currentTime, USN and netlogon\n");
282 search.in.filter = "(objectclass=*)";
283 search.in.attributes = attrs2;
285 status = cldap_search(cldap, tctx, &search);
286 CHECK_STATUS(status, NT_STATUS_OK);
288 if (DEBUGLVL(3)) cldap_dump_results(&search);
290 printf("Testing objectClass=* and netlogon\n");
291 search.in.filter = "(objectclass2=*)";
292 search.in.attributes = attrs3;
294 status = cldap_search(cldap, tctx, &search);
295 CHECK_STATUS(status, NT_STATUS_OK);
297 if (DEBUGLVL(3)) cldap_dump_results(&search);
299 printf("Testing a false expression\n");
300 search.in.filter = "(&(objectclass=*)(highestCommittedUSN=2))";
301 search.in.attributes = attrs1;
303 status = cldap_search(cldap, tctx, &search);
304 CHECK_STATUS(status, NT_STATUS_OK);
306 if (DEBUGLVL(3)) cldap_dump_results(&search);
311 bool torture_cldap(struct torture_context *torture)
314 const char *host = torture_setting_string(torture, "host", NULL);
316 ret &= test_cldap_netlogon(torture, host);
317 ret &= test_cldap_generic(torture, host);