2 Unix SMB/CIFS mplementation.
6 Copyright (C) Andrew Tridgell 2005
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "libcli/cldap/cldap.h"
25 #include "libcli/ldap/ldap.h"
26 #include "librpc/gen_ndr/ndr_nbt.h"
27 #include "torture/torture.h"
28 #include "lib/ldb/include/ldb.h"
29 #include "param/param.h"
31 #define CHECK_STATUS(status, correct) torture_assert_ntstatus_equal(tctx, status, correct, "incorrect status")
33 #define CHECK_VAL(v, correct) torture_assert_int_equal(tctx, (v), (correct), "incorrect value");
35 #define CHECK_STRING(v, correct) torture_assert_str_equal(tctx, v, correct, "incorrect value");
37 test netlogon operations
39 static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest)
41 struct cldap_socket *cldap;
43 struct cldap_netlogon search, empty_search;
44 struct netlogon_samlogon_response n1;
48 cldap = cldap_socket_init(tctx, tctx->ev, lp_iconv_convenience(tctx->lp_ctx));
51 search.in.dest_address = dest;
52 search.in.dest_port = lp_cldap_port(tctx->lp_ctx);
53 search.in.acct_control = -1;
54 search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
55 search.in.map_response = true;
57 empty_search = search;
59 printf("Trying without any attributes\n");
60 search = empty_search;
61 status = cldap_netlogon(cldap, tctx, &search);
62 CHECK_STATUS(status, NT_STATUS_OK);
64 n1 = search.out.netlogon;
66 search.in.user = "Administrator";
67 search.in.realm = n1.data.nt5_ex.dns_domain;
68 search.in.host = "__cldap_torture__";
70 printf("Scanning for netlogon levels\n");
72 search.in.version = i;
73 printf("Trying netlogon level %d\n", i);
74 status = cldap_netlogon(cldap, tctx, &search);
75 CHECK_STATUS(status, NT_STATUS_OK);
78 printf("Scanning for netlogon level bits\n");
80 search.in.version = (1<<i);
81 printf("Trying netlogon level 0x%x\n", i);
82 status = cldap_netlogon(cldap, tctx, &search);
83 CHECK_STATUS(status, NT_STATUS_OK);
86 search.in.version = NETLOGON_NT_VERSION_5|NETLOGON_NT_VERSION_5EX|NETLOGON_NT_VERSION_IP;
88 status = cldap_netlogon(cldap, tctx, &search);
89 CHECK_STATUS(status, NT_STATUS_OK);
91 printf("Trying with User=NULL\n");
93 search.in.user = NULL;
94 status = cldap_netlogon(cldap, tctx, &search);
95 CHECK_STATUS(status, NT_STATUS_OK);
96 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
97 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
99 printf("Trying with User=Administrator\n");
101 search.in.user = "Administrator";
102 status = cldap_netlogon(cldap, tctx, &search);
103 CHECK_STATUS(status, NT_STATUS_OK);
105 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user);
106 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX);
108 search.in.version = NETLOGON_NT_VERSION_5;
109 status = cldap_netlogon(cldap, tctx, &search);
110 CHECK_STATUS(status, NT_STATUS_OK);
112 printf("Trying with User=NULL\n");
114 search.in.user = NULL;
115 status = cldap_netlogon(cldap, tctx, &search);
116 CHECK_STATUS(status, NT_STATUS_OK);
117 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
118 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE);
120 printf("Trying with User=Administrator\n");
122 search.in.user = "Administrator";
123 status = cldap_netlogon(cldap, tctx, &search);
124 CHECK_STATUS(status, NT_STATUS_OK);
126 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user);
127 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN);
129 search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
131 printf("Trying with a GUID\n");
132 search.in.realm = NULL;
133 search.in.domain_guid = GUID_string(tctx, &n1.data.nt5_ex.domain_uuid);
134 status = cldap_netlogon(cldap, tctx, &search);
135 CHECK_STATUS(status, NT_STATUS_OK);
136 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX);
137 CHECK_STRING(GUID_string(tctx, &search.out.netlogon.data.nt5_ex.domain_uuid), search.in.domain_guid);
139 printf("Trying with a incorrect GUID\n");
140 guid = GUID_random();
141 search.in.user = NULL;
142 search.in.domain_guid = GUID_string(tctx, &guid);
143 status = cldap_netlogon(cldap, tctx, &search);
144 CHECK_STATUS(status, NT_STATUS_NOT_FOUND);
146 printf("Trying with a AAC\n");
147 search.in.acct_control = ACB_WSTRUST|ACB_SVRTRUST;
148 search.in.realm = n1.data.nt5_ex.dns_domain;
149 status = cldap_netlogon(cldap, tctx, &search);
150 CHECK_STATUS(status, NT_STATUS_OK);
151 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
152 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
154 printf("Trying with a zero AAC\n");
155 search.in.acct_control = 0x0;
156 search.in.realm = n1.data.nt5_ex.dns_domain;
157 status = cldap_netlogon(cldap, tctx, &search);
158 CHECK_STATUS(status, NT_STATUS_OK);
159 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
160 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
162 printf("Trying with a zero AAC and user=Administrator\n");
163 search.in.acct_control = 0x0;
164 search.in.user = "Administrator";
165 search.in.realm = n1.data.nt5_ex.dns_domain;
166 status = cldap_netlogon(cldap, tctx, &search);
167 CHECK_STATUS(status, NT_STATUS_OK);
168 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX);
169 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "Administrator");
171 printf("Trying with a bad AAC\n");
172 search.in.user = NULL;
173 search.in.acct_control = 0xFF00FF00;
174 search.in.realm = n1.data.nt5_ex.dns_domain;
175 status = cldap_netlogon(cldap, tctx, &search);
176 CHECK_STATUS(status, NT_STATUS_OK);
177 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
178 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
180 printf("Trying with a user only\n");
181 search = empty_search;
182 search.in.user = "Administrator";
183 status = cldap_netlogon(cldap, tctx, &search);
184 CHECK_STATUS(status, NT_STATUS_OK);
185 CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
186 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user);
188 printf("Trying with just a bad username\n");
189 search.in.user = "___no_such_user___";
190 status = cldap_netlogon(cldap, tctx, &search);
191 CHECK_STATUS(status, NT_STATUS_OK);
192 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user);
193 CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
194 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX);
196 printf("Trying with just a bad domain\n");
197 search = empty_search;
198 search.in.realm = "___no_such_domain___";
199 status = cldap_netlogon(cldap, tctx, &search);
200 CHECK_STATUS(status, NT_STATUS_NOT_FOUND);
202 printf("Trying with a incorrect domain and correct guid\n");
203 search.in.domain_guid = GUID_string(tctx, &n1.data.nt5_ex.domain_uuid);
204 status = cldap_netlogon(cldap, tctx, &search);
205 CHECK_STATUS(status, NT_STATUS_OK);
206 CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
207 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
208 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
210 printf("Trying with a incorrect domain and incorrect guid\n");
211 search.in.domain_guid = GUID_string(tctx, &guid);
212 status = cldap_netlogon(cldap, tctx, &search);
213 CHECK_STATUS(status, NT_STATUS_NOT_FOUND);
214 CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
215 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
216 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
218 printf("Trying with a incorrect GUID and correct domain\n");
219 search.in.domain_guid = GUID_string(tctx, &guid);
220 search.in.realm = n1.data.nt5_ex.dns_domain;
221 status = cldap_netlogon(cldap, tctx, &search);
222 CHECK_STATUS(status, NT_STATUS_OK);
223 CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
224 CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
225 CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
231 test cldap netlogon server type flags
233 static bool test_cldap_netlogon_flags(struct torture_context *tctx,
236 struct cldap_socket *cldap;
238 struct cldap_netlogon search;
239 struct netlogon_samlogon_response n1;
240 uint32_t server_type;
242 cldap = cldap_socket_init(tctx, tctx->ev, lp_iconv_convenience(tctx->lp_ctx));
244 printf("Printing out netlogon server type flags:\n");
247 search.in.dest_address = dest;
248 search.in.dest_port = lp_cldap_port(tctx->lp_ctx);
249 search.in.acct_control = -1;
250 search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
251 search.in.map_response = true;
253 status = cldap_netlogon(cldap, tctx, &search);
254 CHECK_STATUS(status, NT_STATUS_OK);
256 n1 = search.out.netlogon;
257 if (n1.ntver == NETLOGON_NT_VERSION_5)
258 server_type = n1.data.nt5.server_type;
259 else if (n1.ntver == NETLOGON_NT_VERSION_5EX)
260 server_type = n1.data.nt5_ex.server_type;
262 printf("The word is: %i\n", server_type);
263 if (server_type & NBT_SERVER_PDC)
264 printf("NBT_SERVER_PDC ");
265 if (server_type & NBT_SERVER_GC)
266 printf("NBT_SERVER_GC ");
267 if (server_type & NBT_SERVER_LDAP)
268 printf("NBT_SERVER_LDAP ");
269 if (server_type & NBT_SERVER_DS)
270 printf("NBT_SERVER_DS ");
271 if (server_type & NBT_SERVER_KDC)
272 printf("NBT_SERVER_KDC ");
273 if (server_type & NBT_SERVER_TIMESERV)
274 printf("NBT_SERVER_TIMESERV ");
275 if (server_type & NBT_SERVER_CLOSEST)
276 printf("NBT_SERVER_CLOSEST ");
277 if (server_type & NBT_SERVER_WRITABLE)
278 printf("NBT_SERVER_WRITABLE ");
279 if (server_type & NBT_SERVER_GOOD_TIMESERV)
280 printf("NBT_SERVER_GOOD_TIMESERV ");
281 if (server_type & NBT_SERVER_NDNC)
282 printf("NBT_SERVER_NDNC ");
283 if (server_type & NBT_SERVER_SEL_SEC_DOM_6)
284 printf("NBT_SERVER_SEL_SEC_DOM_6 ");
285 if (server_type & NBT_SERVER_FUL_SEC_DOM_6)
286 printf("NBT_SERVER_FUL_SEC_DOM_6 ");
287 if (server_type & NBT_SERVER_DS_DNS_CONTR)
288 printf("NBT_SERVER_DS_DNS_CONTR ");
289 if (server_type & NBT_SERVER_DS_DNS_DOMAIN)
290 printf("NBT_SERVER_DS_DNS_DOMAIN ");
291 if (server_type & NBT_SERVER_DS_DNS_FOREST)
292 printf("NBT_SERVER_DS_DNS_FOREST ");
300 convert a ldap result message to a ldb message. This allows us to
301 use the convenient ldif dump routines in ldb to print out cldap
304 static struct ldb_message *ldap_msg_to_ldb(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, struct ldap_SearchResEntry *res)
306 struct ldb_message *msg;
308 msg = ldb_msg_new(mem_ctx);
309 msg->dn = ldb_dn_new(msg, ldb, res->dn);
310 msg->num_elements = res->num_attributes;
311 msg->elements = talloc_steal(msg, res->attributes);
316 dump a set of cldap results
318 static void cldap_dump_results(struct cldap_search *search)
320 struct ldb_ldif ldif;
321 struct ldb_context *ldb;
323 if (!search || !(search->out.response)) {
327 /* we need a ldb context to use ldb_ldif_write_file() */
328 ldb = ldb_init(NULL, NULL);
331 ldif.msg = ldap_msg_to_ldb(ldb, ldb, search->out.response);
333 ldb_ldif_write_file(ldb, stdout, &ldif);
340 test cldap netlogon server type flag "NBT_SERVER_DS_DNS_FOREST"
342 static bool test_cldap_netlogon_flag_ds_dns_forest(struct torture_context *tctx,
345 struct cldap_socket *cldap;
347 struct cldap_netlogon search;
348 uint32_t server_type;
349 struct netlogon_samlogon_response n1;
353 cldap = cldap_socket_init(tctx, tctx->ev, lp_iconv_convenience(tctx->lp_ctx));
355 printf("Testing netlogon server type flag NBT_SERVER_DS_DNS_FOREST: ");
358 search.in.dest_address = dest;
359 search.in.dest_port = lp_cldap_port(tctx->lp_ctx);
360 search.in.acct_control = -1;
361 search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
362 search.in.map_response = true;
364 status = cldap_netlogon(cldap, tctx, &search);
365 CHECK_STATUS(status, NT_STATUS_OK);
367 n1 = search.out.netlogon;
368 if (n1.ntver == NETLOGON_NT_VERSION_5)
369 server_type = n1.data.nt5.server_type;
370 else if (n1.ntver == NETLOGON_NT_VERSION_5EX)
371 server_type = n1.data.nt5_ex.server_type;
373 if (server_type & NBT_SERVER_DS_DNS_FOREST) {
374 struct cldap_search search2;
375 const char *attrs[] = { "defaultNamingContext", "rootDomainNamingContext",
377 struct ldb_context *ldb;
378 struct ldb_message *msg;
380 /* Trying to fetch the attributes "defaultNamingContext" and
381 "rootDomainNamingContext" */
382 ZERO_STRUCT(search2);
383 search2.in.dest_address = dest;
384 search2.in.dest_port = lp_cldap_port(tctx->lp_ctx);
385 search2.in.timeout = 10;
386 search2.in.retries = 3;
387 search2.in.filter = "(objectclass=*)";
388 search2.in.attributes = attrs;
390 status = cldap_search(cldap, tctx, &search2);
391 CHECK_STATUS(status, NT_STATUS_OK);
393 ldb = ldb_init(NULL, NULL);
395 msg = ldap_msg_to_ldb(ldb, ldb, search2.out.response);
397 /* Try to compare the two attributes */
398 if (ldb_msg_element_compare(ldb_msg_find_element(msg, attrs[0]),
399 ldb_msg_find_element(msg, attrs[1])))
414 test generic cldap operations
416 static bool test_cldap_generic(struct torture_context *tctx, const char *dest)
418 struct cldap_socket *cldap;
420 struct cldap_search search;
421 const char *attrs1[] = { "currentTime", "highestCommittedUSN", NULL };
422 const char *attrs2[] = { "currentTime", "highestCommittedUSN", "netlogon", NULL };
423 const char *attrs3[] = { "netlogon", NULL };
425 cldap = cldap_socket_init(tctx, tctx->ev, lp_iconv_convenience(tctx->lp_ctx));
428 search.in.dest_address = dest;
429 search.in.dest_port = lp_cldap_port(tctx->lp_ctx);
430 search.in.timeout = 10;
431 search.in.retries = 3;
433 status = cldap_search(cldap, tctx, &search);
434 CHECK_STATUS(status, NT_STATUS_OK);
436 printf("fetching whole rootDSE\n");
437 search.in.filter = "(objectclass=*)";
438 search.in.attributes = NULL;
440 status = cldap_search(cldap, tctx, &search);
441 CHECK_STATUS(status, NT_STATUS_OK);
443 if (DEBUGLVL(3)) cldap_dump_results(&search);
445 printf("fetching currentTime and USN\n");
446 search.in.filter = "(objectclass=*)";
447 search.in.attributes = attrs1;
449 status = cldap_search(cldap, tctx, &search);
450 CHECK_STATUS(status, NT_STATUS_OK);
452 if (DEBUGLVL(3)) cldap_dump_results(&search);
454 printf("Testing currentTime, USN and netlogon\n");
455 search.in.filter = "(objectclass=*)";
456 search.in.attributes = attrs2;
458 status = cldap_search(cldap, tctx, &search);
459 CHECK_STATUS(status, NT_STATUS_OK);
461 if (DEBUGLVL(3)) cldap_dump_results(&search);
463 printf("Testing objectClass=* and netlogon\n");
464 search.in.filter = "(objectclass2=*)";
465 search.in.attributes = attrs3;
467 status = cldap_search(cldap, tctx, &search);
468 CHECK_STATUS(status, NT_STATUS_OK);
470 if (DEBUGLVL(3)) cldap_dump_results(&search);
472 printf("Testing a false expression\n");
473 search.in.filter = "(&(objectclass=*)(highestCommittedUSN=2))";
474 search.in.attributes = attrs1;
476 status = cldap_search(cldap, tctx, &search);
477 CHECK_STATUS(status, NT_STATUS_OK);
479 if (DEBUGLVL(3)) cldap_dump_results(&search);
484 bool torture_cldap(struct torture_context *torture)
487 const char *host = torture_setting_string(torture, "host", NULL);
489 ret &= test_cldap_netlogon(torture, host);
490 ret &= test_cldap_netlogon_flags(torture, host);
491 ret &= test_cldap_netlogon_flag_ds_dns_forest(torture, host);
492 ret &= test_cldap_generic(torture, host);