summaryrefslogtreecommitdiff
path: root/source4/torture/ldap
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2008-05-21 12:37:36 +1000
committerAndrew Bartlett <abartlet@samba.org>2008-05-21 12:37:36 +1000
commitf67156fc920b9a5c84c4fcaf1bf41640ddae6005 (patch)
treef02f96e7e94448b4597426734afd3d71bdfae0d7 /source4/torture/ldap
parentfdec7fdaf5d4150e14311d9b3bb2da7358a407ff (diff)
downloadsamba-f67156fc920b9a5c84c4fcaf1bf41640ddae6005.tar.gz
samba-f67156fc920b9a5c84c4fcaf1bf41640ddae6005.tar.bz2
samba-f67156fc920b9a5c84c4fcaf1bf41640ddae6005.zip
Extend the 'netlogon' CLDAP and NBT implementation.
This now handles checking if the user exists, including validating the ACB mask on the user. This would be a nasty security hole, if Kerberos did not already expose this information anonymously... Andrew Bartlett (This used to be commit 441b286c00f9a7743cdefeb243545bdbd2c94c5e)
Diffstat (limited to 'source4/torture/ldap')
-rw-r--r--source4/torture/ldap/cldap.c22
1 files changed, 21 insertions, 1 deletions
diff --git a/source4/torture/ldap/cldap.c b/source4/torture/ldap/cldap.c
index a77920d4e6..5d4acd581b 100644
--- a/source4/torture/ldap/cldap.c
+++ b/source4/torture/ldap/cldap.c
@@ -144,18 +144,38 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest)
CHECK_STATUS(status, NT_STATUS_NOT_FOUND);
printf("Trying with a AAC\n");
- search.in.acct_control = 0x180;
+ search.in.acct_control = ACB_WSTRUST|ACB_SVRTRUST;
search.in.realm = n1.nt5_ex.dns_domain;
status = cldap_netlogon(cldap, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
CHECK_STRING(search.out.netlogon.nt5_ex.user_name, "");
+ printf("Trying with a zero AAC\n");
+ search.in.acct_control = 0x0;
+ search.in.realm = n1.nt5_ex.dns_domain;
+ status = cldap_netlogon(cldap, tctx, &search);
+ CHECK_STATUS(status, NT_STATUS_OK);
+ CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
+ CHECK_STRING(search.out.netlogon.nt5_ex.user_name, "");
+
+ printf("Trying with a zero AAC and user=Administrator\n");
+ search.in.acct_control = 0x0;
+ search.in.user = "Administrator";
+ search.in.realm = n1.nt5_ex.dns_domain;
+ status = cldap_netlogon(cldap, tctx, &search);
+ CHECK_STATUS(status, NT_STATUS_OK);
+ CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX);
+ CHECK_STRING(search.out.netlogon.nt5_ex.user_name, "Administrator");
+
printf("Trying with a bad AAC\n");
+ search.in.user = NULL;
search.in.acct_control = 0xFF00FF00;
search.in.realm = n1.nt5_ex.dns_domain;
status = cldap_netlogon(cldap, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
+ CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
+ CHECK_STRING(search.out.netlogon.nt5_ex.user_name, "");
printf("Trying with a user only\n");
search = empty_search;