diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2008-05-21 12:37:36 +1000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2008-05-21 12:37:36 +1000 |
| commit | f67156fc920b9a5c84c4fcaf1bf41640ddae6005 (patch) | |
| tree | f02f96e7e94448b4597426734afd3d71bdfae0d7 /source4/torture/ldap/cldap.c | |
| parent | fdec7fdaf5d4150e14311d9b3bb2da7358a407ff (diff) | |
| download | samba-f67156fc920b9a5c84c4fcaf1bf41640ddae6005.tar.gz samba-f67156fc920b9a5c84c4fcaf1bf41640ddae6005.tar.bz2 samba-f67156fc920b9a5c84c4fcaf1bf41640ddae6005.zip | |
Extend the 'netlogon' CLDAP and NBT implementation.
This now handles checking if the user exists, including validating the
ACB mask on the user.
This would be a nasty security hole, if Kerberos did not already
expose this information anonymously...
Andrew Bartlett
(This used to be commit 441b286c00f9a7743cdefeb243545bdbd2c94c5e)
Diffstat (limited to 'source4/torture/ldap/cldap.c')
| -rw-r--r-- | source4/torture/ldap/cldap.c | 22 |
1 files changed, 21 insertions, 1 deletions
diff --git a/source4/torture/ldap/cldap.c b/source4/torture/ldap/cldap.c index a77920d4e6..5d4acd581b 100644 --- a/source4/torture/ldap/cldap.c +++ b/source4/torture/ldap/cldap.c @@ -144,18 +144,38 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) CHECK_STATUS(status, NT_STATUS_NOT_FOUND); printf("Trying with a AAC\n"); - search.in.acct_control = 0x180; + search.in.acct_control = ACB_WSTRUST|ACB_SVRTRUST; search.in.realm = n1.nt5_ex.dns_domain; status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); CHECK_STRING(search.out.netlogon.nt5_ex.user_name, ""); + printf("Trying with a zero AAC\n"); + search.in.acct_control = 0x0; + search.in.realm = n1.nt5_ex.dns_domain; + status = cldap_netlogon(cldap, tctx, &search); + CHECK_STATUS(status, NT_STATUS_OK); + CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); + CHECK_STRING(search.out.netlogon.nt5_ex.user_name, ""); + + printf("Trying with a zero AAC and user=Administrator\n"); + search.in.acct_control = 0x0; + search.in.user = "Administrator"; + search.in.realm = n1.nt5_ex.dns_domain; + status = cldap_netlogon(cldap, tctx, &search); + CHECK_STATUS(status, NT_STATUS_OK); + CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX); + CHECK_STRING(search.out.netlogon.nt5_ex.user_name, "Administrator"); + printf("Trying with a bad AAC\n"); + search.in.user = NULL; search.in.acct_control = 0xFF00FF00; search.in.realm = n1.nt5_ex.dns_domain; status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); + CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); + CHECK_STRING(search.out.netlogon.nt5_ex.user_name, ""); printf("Trying with a user only\n"); search = empty_search; |