summaryrefslogtreecommitdiff
path: root/source4/torture/ldap
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2013-06-22 16:55:08 +1000
committerJeremy Allison <jra@samba.org>2013-06-24 23:55:07 +0200
commit7bf8fc7ca2321c25b9194a0a13df6a8b4e783c9e (patch)
tree10d45a6d3263363c718c70952a40ebc52910d2ac /source4/torture/ldap
parent70cb7fd214041e8ffacc98de4dbde3ecd77bba85 (diff)
downloadsamba-7bf8fc7ca2321c25b9194a0a13df6a8b4e783c9e.tar.gz
samba-7bf8fc7ca2321c25b9194a0a13df6a8b4e783c9e.tar.bz2
samba-7bf8fc7ca2321c25b9194a0a13df6a8b4e783c9e.zip
torture: Add tests for LDAP substring search with no strings provided
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Mon Jun 24 23:55:07 CEST 2013 on sn-devel-104
Diffstat (limited to 'source4/torture/ldap')
-rw-r--r--source4/torture/ldap/basic.c110
1 files changed, 110 insertions, 0 deletions
diff --git a/source4/torture/ldap/basic.c b/source4/torture/ldap/basic.c
index 2d65948e42..8d964ac80e 100644
--- a/source4/torture/ldap/basic.c
+++ b/source4/torture/ldap/basic.c
@@ -156,6 +156,108 @@ static bool test_search_rootDSE(struct ldap_connection *conn, const char **based
return ret;
}
+static bool test_search_rootDSE_empty_substring(struct ldap_connection *conn)
+{
+ bool ret = true;
+ struct ldap_message *msg, *result;
+ struct ldap_request *req;
+ NTSTATUS status;
+
+ printf("Testing RootDSE Search with objectclass= substring filter\n");
+
+ msg = new_ldap_message(conn);
+ if (!msg) {
+ return false;
+ }
+
+ msg->type = LDAP_TAG_SearchRequest;
+ msg->r.SearchRequest.basedn = "";
+ msg->r.SearchRequest.scope = LDAP_SEARCH_SCOPE_BASE;
+ msg->r.SearchRequest.deref = LDAP_DEREFERENCE_NEVER;
+ msg->r.SearchRequest.timelimit = 0;
+ msg->r.SearchRequest.sizelimit = 0;
+ msg->r.SearchRequest.attributesonly = false;
+ msg->r.SearchRequest.tree = ldb_parse_tree(msg, "(objectclass=*)");
+ msg->r.SearchRequest.tree->operation = LDB_OP_SUBSTRING;
+ msg->r.SearchRequest.tree->u.substring.attr = "objectclass";
+ msg->r.SearchRequest.tree->u.substring.start_with_wildcard = 1;
+ msg->r.SearchRequest.tree->u.substring.end_with_wildcard = 1;
+ msg->r.SearchRequest.tree->u.substring.chunks = NULL;
+ msg->r.SearchRequest.num_attributes = 0;
+ msg->r.SearchRequest.attributes = NULL;
+
+ req = ldap_request_send(conn, msg);
+ if (req == NULL) {
+ printf("Could not setup ldap search\n");
+ return false;
+ }
+
+ status = ldap_result_one(req, &result, LDAP_TAG_SearchResultEntry);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("looking for search result reply failed - %s\n", nt_errstr(status));
+ return false;
+ }
+
+ printf("received %d replies\n", req->num_replies);
+
+ return ret;
+}
+
+static bool test_search_auth_empty_substring(struct ldap_connection *conn, const char *basedn)
+{
+ bool ret = true;
+ struct ldap_message *msg, *result;
+ struct ldap_request *req;
+ NTSTATUS status;
+ struct ldap_Result *r;
+
+ printf("Testing authenticated base Search with objectclass= substring filter\n");
+
+ msg = new_ldap_message(conn);
+ if (!msg) {
+ return false;
+ }
+
+ msg->type = LDAP_TAG_SearchRequest;
+ msg->r.SearchRequest.basedn = basedn;
+ msg->r.SearchRequest.scope = LDAP_SEARCH_SCOPE_BASE;
+ msg->r.SearchRequest.deref = LDAP_DEREFERENCE_NEVER;
+ msg->r.SearchRequest.timelimit = 0;
+ msg->r.SearchRequest.sizelimit = 0;
+ msg->r.SearchRequest.attributesonly = false;
+ msg->r.SearchRequest.tree = ldb_parse_tree(msg, "(objectclass=*)");
+ msg->r.SearchRequest.tree->operation = LDB_OP_SUBSTRING;
+ msg->r.SearchRequest.tree->u.substring.attr = "objectclass";
+ msg->r.SearchRequest.tree->u.substring.start_with_wildcard = 1;
+ msg->r.SearchRequest.tree->u.substring.end_with_wildcard = 1;
+ msg->r.SearchRequest.tree->u.substring.chunks = NULL;
+ msg->r.SearchRequest.num_attributes = 0;
+ msg->r.SearchRequest.attributes = NULL;
+
+ req = ldap_request_send(conn, msg);
+ if (req == NULL) {
+ printf("Could not setup ldap search\n");
+ return false;
+ }
+
+ status = ldap_result_one(req, &result, LDAP_TAG_SearchResultDone);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("looking for search result done failed - %s\n", nt_errstr(status));
+ return false;
+ }
+
+ printf("received %d replies\n", req->num_replies);
+
+ r = &result->r.SearchResultDone;
+
+ if (r->resultcode != LDAP_SUCCESS) {
+ printf("search result done gave error - %s\n", ldb_strerror(r->resultcode));
+ return false;
+ }
+
+ return ret;
+}
+
static bool test_compare_sasl(struct ldap_connection *conn, const char *basedn)
{
struct ldap_message *msg, *rep;
@@ -856,6 +958,10 @@ bool torture_ldap_basic(struct torture_context *torture)
ret = false;
}
+ if (!test_search_rootDSE_empty_substring(conn)) {
+ ret = false;
+ }
+
/* other bind tests here */
if (!test_multibind(conn, userdn, secret)) {
@@ -866,6 +972,10 @@ bool torture_ldap_basic(struct torture_context *torture)
ret = false;
}
+ if (!test_search_auth_empty_substring(conn, basedn)) {
+ ret = false;
+ }
+
if (!test_compare_sasl(conn, basedn)) {
ret = false;
}