diff options
-rw-r--r-- | source4/libcli/cldap/cldap.c | 16 | ||||
-rw-r--r-- | source4/torture/ldap/cldap.c | 25 |
2 files changed, 36 insertions, 5 deletions
diff --git a/source4/libcli/cldap/cldap.c b/source4/libcli/cldap/cldap.c index ed416532a2..b52b2f53f0 100644 --- a/source4/libcli/cldap/cldap.c +++ b/source4/libcli/cldap/cldap.c @@ -502,23 +502,32 @@ struct cldap_request *cldap_netlogon_send(struct cldap_socket *cldap, const char *attr[] = { "NetLogon", NULL }; TALLOC_CTX *tmp_ctx = talloc_new(cldap); - filter = talloc_asprintf(tmp_ctx, - "(&(DnsDomain=%s)(Host=%s)(NtVer=%s)", - io->in.realm, io->in.host, + filter = talloc_asprintf(tmp_ctx, "(&(NtVer=%s)", ldap_encode_ndr_uint32(tmp_ctx, io->in.version)); if (filter == NULL) goto failed; if (io->in.user) { filter = talloc_asprintf_append(filter, "(User=%s)", io->in.user); + if (filter == NULL) goto failed; + } + if (io->in.host) { + filter = talloc_asprintf_append(filter, "(Host=%s)", io->in.host); + if (filter == NULL) goto failed; + } + if (io->in.realm) { + filter = talloc_asprintf_append(filter, "(DnsDomain=%s)", io->in.realm); + if (filter == NULL) goto failed; } if (io->in.acct_control != -1) { filter = talloc_asprintf_append(filter, "(AAC=%s)", ldap_encode_ndr_uint32(tmp_ctx, io->in.acct_control)); + if (filter == NULL) goto failed; } if (io->in.domain_sid) { struct dom_sid *sid = dom_sid_parse_talloc(tmp_ctx, io->in.domain_sid); if (sid == NULL) goto failed; filter = talloc_asprintf_append(filter, "(domainSid=%s)", ldap_encode_ndr_dom_sid(tmp_ctx, sid)); + if (filter == NULL) goto failed; } if (io->in.domain_guid) { struct GUID guid; @@ -527,6 +536,7 @@ struct cldap_request *cldap_netlogon_send(struct cldap_socket *cldap, if (!NT_STATUS_IS_OK(status)) goto failed; filter = talloc_asprintf_append(filter, "(DomainGuid=%s)", ldap_encode_ndr_GUID(tmp_ctx, &guid)); + if (filter == NULL) goto failed; } filter = talloc_asprintf_append(filter, ")"); if (filter == NULL) goto failed; diff --git a/source4/torture/ldap/cldap.c b/source4/torture/ldap/cldap.c index 5f6ef3f649..b22dc7b47c 100644 --- a/source4/torture/ldap/cldap.c +++ b/source4/torture/ldap/cldap.c @@ -80,6 +80,7 @@ static BOOL test_cldap_netlogon(TALLOC_CTX *mem_ctx, const char *dest) CHECK_STATUS(status, NT_STATUS_OK); printf("Trying with a GUID\n"); + search.in.realm = NULL; search.in.domain_guid = GUID_string(mem_ctx, &n1.logon4.domain_uuid); status = cldap_netlogon(cldap, mem_ctx, &search); CHECK_STATUS(status, NT_STATUS_OK); @@ -89,11 +90,17 @@ static BOOL test_cldap_netlogon(TALLOC_CTX *mem_ctx, const char *dest) search.in.user = NULL; search.in.domain_guid = GUID_string(mem_ctx, &guid); status = cldap_netlogon(cldap, mem_ctx, &search); + CHECK_STATUS(status, NT_STATUS_NOT_FOUND); + + printf("Trying with a incorrect domain and correct guid\n"); + search.in.realm = "test.example.com"; + search.in.domain_guid = GUID_string(mem_ctx, &n1.logon4.domain_uuid); + status = cldap_netlogon(cldap, mem_ctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - printf("Trying with a incorrect domain\n"); + printf("Trying with a incorrect domain and incorrect guid\n"); search.in.realm = "test.example.com"; - search.in.domain_guid = NULL; + search.in.domain_guid = GUID_string(mem_ctx, &guid); status = cldap_netlogon(cldap, mem_ctx, &search); CHECK_STATUS(status, NT_STATUS_NOT_FOUND); @@ -109,6 +116,20 @@ static BOOL test_cldap_netlogon(TALLOC_CTX *mem_ctx, const char *dest) status = cldap_netlogon(cldap, mem_ctx, &search); CHECK_STATUS(status, NT_STATUS_OK); + printf("Trying with a user only\n"); + search.in.acct_control = -1; + search.in.user = "Administrator"; + search.in.realm = NULL; + search.in.domain_guid = NULL; + status = cldap_netlogon(cldap, mem_ctx, &search); + CHECK_STATUS(status, NT_STATUS_OK); + + printf("Trying without any attributes\n"); + search.in.user = NULL; + search.in.host = NULL; + status = cldap_netlogon(cldap, mem_ctx, &search); + CHECK_STATUS(status, NT_STATUS_OK); + done: return ret; } |