diff options
author | Andrew Tridgell <tridge@samba.org> | 2005-05-13 06:10:10 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:16:42 -0500 |
commit | a90c731ec5d33028380aeb66b411b5f1682fb874 (patch) | |
tree | f0ad3abe420d1aa662d42ad72b7798a894bd7544 | |
parent | 06869ce014ffa249fb117df1d4d7182a1de24c5a (diff) | |
download | samba-a90c731ec5d33028380aeb66b411b5f1682fb874.tar.gz samba-a90c731ec5d33028380aeb66b411b5f1682fb874.tar.bz2 samba-a90c731ec5d33028380aeb66b411b5f1682fb874.zip |
r6765: expanded the cldap test suite to test the usage of the DomainGuid,
AAC, and User attributes in cldap netlogon queries
interestingly, while WinXP generated cldap filters with these set, the
w2k3 cldap server seems to completely ignore them, so I didn't need to
alter our cldap server at all to pass the test :-)
(This used to be commit 177c8becd2051c9d1f261358baf4b85ca89700d8)
-rw-r--r-- | source4/torture/ldap/cldap.c | 65 |
1 files changed, 60 insertions, 5 deletions
diff --git a/source4/torture/ldap/cldap.c b/source4/torture/ldap/cldap.c index 24cbc184ad..5f6ef3f649 100644 --- a/source4/torture/ldap/cldap.c +++ b/source4/torture/ldap/cldap.c @@ -26,6 +26,14 @@ #include "libcli/ldap/ldap.h" #include "lib/events/events.h" +#define CHECK_STATUS(status, correct) do { \ + if (!NT_STATUS_EQUAL(status, correct)) { \ + printf("(%s) Incorrect status %s - should be %s\n", \ + __location__, nt_errstr(status), nt_errstr(correct)); \ + ret = False; \ + goto done; \ + }} while (0) + /* test netlogon operations @@ -35,27 +43,74 @@ static BOOL test_cldap_netlogon(TALLOC_CTX *mem_ctx, const char *dest) struct cldap_socket *cldap = cldap_socket_init(mem_ctx, NULL); NTSTATUS status; struct cldap_netlogon search; + union nbt_cldap_netlogon n1; + struct GUID guid; int i; + BOOL ret = True; search.in.dest_address = dest; search.in.realm = lp_realm(); search.in.host = lp_netbios_name(); + search.in.user = NULL; + search.in.domain_guid = NULL; + search.in.domain_sid = NULL; + search.in.acct_control = -1; + printf("Scanning for netlogon levels\n"); for (i=0;i<256;i++) { search.in.version = i; printf("Trying netlogon level %d\n", i); status = cldap_netlogon(cldap, mem_ctx, &search); - if (!NT_STATUS_IS_OK(status)) { - printf("netlogon[%d] failed - %s\n", i, nt_errstr(status)); - } else { + CHECK_STATUS(status, NT_STATUS_OK); + if (DEBUGLVL(10)) { NDR_PRINT_UNION_DEBUG(nbt_cldap_netlogon, i & 0xF, &search.out.netlogon); } } - printf("cldap_search gave %s\n", nt_errstr(status)); + search.in.version = 6; + status = cldap_netlogon(cldap, mem_ctx, &search); + CHECK_STATUS(status, NT_STATUS_OK); + n1 = search.out.netlogon; + + printf("Trying with User=Administrator\n"); + + search.in.user = "Administrator"; + status = cldap_netlogon(cldap, mem_ctx, &search); + CHECK_STATUS(status, NT_STATUS_OK); + + printf("Trying with a GUID\n"); + search.in.domain_guid = GUID_string(mem_ctx, &n1.logon4.domain_uuid); + status = cldap_netlogon(cldap, mem_ctx, &search); + CHECK_STATUS(status, NT_STATUS_OK); + + printf("Trying with a incorrect GUID\n"); + guid = GUID_random(); + search.in.user = NULL; + search.in.domain_guid = GUID_string(mem_ctx, &guid); + status = cldap_netlogon(cldap, mem_ctx, &search); + CHECK_STATUS(status, NT_STATUS_OK); + + printf("Trying with a incorrect domain\n"); + search.in.realm = "test.example.com"; + search.in.domain_guid = NULL; + status = cldap_netlogon(cldap, mem_ctx, &search); + CHECK_STATUS(status, NT_STATUS_NOT_FOUND); + + printf("Trying with a AAC\n"); + search.in.acct_control = 0x180; + search.in.realm = lp_realm(); + status = cldap_netlogon(cldap, mem_ctx, &search); + CHECK_STATUS(status, NT_STATUS_OK); + + printf("Trying with a bad AAC\n"); + search.in.acct_control = 0xFF00FF00; + search.in.realm = lp_realm(); + status = cldap_netlogon(cldap, mem_ctx, &search); + CHECK_STATUS(status, NT_STATUS_OK); - return True; +done: + return ret; } BOOL torture_cldap(void) |