summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/libcli/cldap/cldap.c16
-rw-r--r--source4/torture/ldap/cldap.c25
2 files changed, 36 insertions, 5 deletions
diff --git a/source4/libcli/cldap/cldap.c b/source4/libcli/cldap/cldap.c
index ed416532a2..b52b2f53f0 100644
--- a/source4/libcli/cldap/cldap.c
+++ b/source4/libcli/cldap/cldap.c
@@ -502,23 +502,32 @@ struct cldap_request *cldap_netlogon_send(struct cldap_socket *cldap,
const char *attr[] = { "NetLogon", NULL };
TALLOC_CTX *tmp_ctx = talloc_new(cldap);
- filter = talloc_asprintf(tmp_ctx,
- "(&(DnsDomain=%s)(Host=%s)(NtVer=%s)",
- io->in.realm, io->in.host,
+ filter = talloc_asprintf(tmp_ctx, "(&(NtVer=%s)",
ldap_encode_ndr_uint32(tmp_ctx, io->in.version));
if (filter == NULL) goto failed;
if (io->in.user) {
filter = talloc_asprintf_append(filter, "(User=%s)", io->in.user);
+ if (filter == NULL) goto failed;
+ }
+ if (io->in.host) {
+ filter = talloc_asprintf_append(filter, "(Host=%s)", io->in.host);
+ if (filter == NULL) goto failed;
+ }
+ if (io->in.realm) {
+ filter = talloc_asprintf_append(filter, "(DnsDomain=%s)", io->in.realm);
+ if (filter == NULL) goto failed;
}
if (io->in.acct_control != -1) {
filter = talloc_asprintf_append(filter, "(AAC=%s)",
ldap_encode_ndr_uint32(tmp_ctx, io->in.acct_control));
+ if (filter == NULL) goto failed;
}
if (io->in.domain_sid) {
struct dom_sid *sid = dom_sid_parse_talloc(tmp_ctx, io->in.domain_sid);
if (sid == NULL) goto failed;
filter = talloc_asprintf_append(filter, "(domainSid=%s)",
ldap_encode_ndr_dom_sid(tmp_ctx, sid));
+ if (filter == NULL) goto failed;
}
if (io->in.domain_guid) {
struct GUID guid;
@@ -527,6 +536,7 @@ struct cldap_request *cldap_netlogon_send(struct cldap_socket *cldap,
if (!NT_STATUS_IS_OK(status)) goto failed;
filter = talloc_asprintf_append(filter, "(DomainGuid=%s)",
ldap_encode_ndr_GUID(tmp_ctx, &guid));
+ if (filter == NULL) goto failed;
}
filter = talloc_asprintf_append(filter, ")");
if (filter == NULL) goto failed;
diff --git a/source4/torture/ldap/cldap.c b/source4/torture/ldap/cldap.c
index 5f6ef3f649..b22dc7b47c 100644
--- a/source4/torture/ldap/cldap.c
+++ b/source4/torture/ldap/cldap.c
@@ -80,6 +80,7 @@ static BOOL test_cldap_netlogon(TALLOC_CTX *mem_ctx, const char *dest)
CHECK_STATUS(status, NT_STATUS_OK);
printf("Trying with a GUID\n");
+ search.in.realm = NULL;
search.in.domain_guid = GUID_string(mem_ctx, &n1.logon4.domain_uuid);
status = cldap_netlogon(cldap, mem_ctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
@@ -89,11 +90,17 @@ static BOOL test_cldap_netlogon(TALLOC_CTX *mem_ctx, const char *dest)
search.in.user = NULL;
search.in.domain_guid = GUID_string(mem_ctx, &guid);
status = cldap_netlogon(cldap, mem_ctx, &search);
+ CHECK_STATUS(status, NT_STATUS_NOT_FOUND);
+
+ printf("Trying with a incorrect domain and correct guid\n");
+ search.in.realm = "test.example.com";
+ search.in.domain_guid = GUID_string(mem_ctx, &n1.logon4.domain_uuid);
+ status = cldap_netlogon(cldap, mem_ctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
- printf("Trying with a incorrect domain\n");
+ printf("Trying with a incorrect domain and incorrect guid\n");
search.in.realm = "test.example.com";
- search.in.domain_guid = NULL;
+ search.in.domain_guid = GUID_string(mem_ctx, &guid);
status = cldap_netlogon(cldap, mem_ctx, &search);
CHECK_STATUS(status, NT_STATUS_NOT_FOUND);
@@ -109,6 +116,20 @@ static BOOL test_cldap_netlogon(TALLOC_CTX *mem_ctx, const char *dest)
status = cldap_netlogon(cldap, mem_ctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
+ printf("Trying with a user only\n");
+ search.in.acct_control = -1;
+ search.in.user = "Administrator";
+ search.in.realm = NULL;
+ search.in.domain_guid = NULL;
+ status = cldap_netlogon(cldap, mem_ctx, &search);
+ CHECK_STATUS(status, NT_STATUS_OK);
+
+ printf("Trying without any attributes\n");
+ search.in.user = NULL;
+ search.in.host = NULL;
+ status = cldap_netlogon(cldap, mem_ctx, &search);
+ CHECK_STATUS(status, NT_STATUS_OK);
+
done:
return ret;
}