diff options
Diffstat (limited to 'source4/torture/ldap/cldap.c')
-rw-r--r-- | source4/torture/ldap/cldap.c | 329 |
1 files changed, 0 insertions, 329 deletions
diff --git a/source4/torture/ldap/cldap.c b/source4/torture/ldap/cldap.c index 28859a544d..6a925cf454 100644 --- a/source4/torture/ldap/cldap.c +++ b/source4/torture/ldap/cldap.c @@ -24,7 +24,6 @@ #include "includes.h" #include "libcli/cldap/cldap.h" #include "libcli/ldap/ldap_client.h" -#include "librpc/gen_ndr/netlogon.h" #include "param/param.h" #include "../lib/tsocket/tsocket.h" @@ -36,332 +35,6 @@ #define CHECK_VAL(v, correct) torture_assert_int_equal(tctx, (v), (correct), "incorrect value"); #define CHECK_STRING(v, correct) torture_assert_str_equal(tctx, v, correct, "incorrect value"); -/* - test netlogon operations -*/ -static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) -{ - struct cldap_socket *cldap; - NTSTATUS status; - struct cldap_netlogon search, empty_search; - struct netlogon_samlogon_response n1; - struct GUID guid; - int i; - struct tsocket_address *dest_addr; - int ret; - - ret = tsocket_address_inet_from_strings(tctx, "ip", - dest, - lpcfg_cldap_port(tctx->lp_ctx), - &dest_addr); - CHECK_VAL(ret, 0); - - status = cldap_socket_init(tctx, NULL, dest_addr, &cldap); - CHECK_STATUS(status, NT_STATUS_OK); - - ZERO_STRUCT(search); - search.in.dest_address = NULL; - search.in.dest_port = 0; - search.in.acct_control = -1; - search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX; - search.in.map_response = true; - - empty_search = search; - - printf("Trying without any attributes\n"); - search = empty_search; - status = cldap_netlogon(cldap, tctx, &search); - CHECK_STATUS(status, NT_STATUS_OK); - - n1 = search.out.netlogon; - - search.in.user = "Administrator"; - search.in.realm = n1.data.nt5_ex.dns_domain; - search.in.host = "__cldap_torture__"; - - printf("Scanning for netlogon levels\n"); - for (i=0;i<256;i++) { - search.in.version = i; - printf("Trying netlogon level %d\n", i); - status = cldap_netlogon(cldap, tctx, &search); - CHECK_STATUS(status, NT_STATUS_OK); - } - - printf("Scanning for netlogon level bits\n"); - for (i=0;i<31;i++) { - search.in.version = (1<<i); - printf("Trying netlogon level 0x%x\n", i); - status = cldap_netlogon(cldap, tctx, &search); - CHECK_STATUS(status, NT_STATUS_OK); - } - - search.in.version = NETLOGON_NT_VERSION_5|NETLOGON_NT_VERSION_5EX|NETLOGON_NT_VERSION_IP; - status = cldap_netlogon(cldap, tctx, &search); - CHECK_STATUS(status, NT_STATUS_OK); - - printf("Trying with User=NULL\n"); - search.in.user = NULL; - status = cldap_netlogon(cldap, tctx, &search); - CHECK_STATUS(status, NT_STATUS_OK); - CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); - CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, ""); - torture_assert(tctx, - strstr(search.out.netlogon.data.nt5_ex.pdc_name, "\\\\") == NULL, - "PDC name should not be in UNC form"); - - printf("Trying with User=Administrator\n"); - search.in.user = "Administrator"; - status = cldap_netlogon(cldap, tctx, &search); - CHECK_STATUS(status, NT_STATUS_OK); - CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX); - CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user); - torture_assert(tctx, - strstr(search.out.netlogon.data.nt5_ex.pdc_name, "\\\\") == NULL, - "PDC name should not be in UNC form"); - - search.in.version = NETLOGON_NT_VERSION_5; - status = cldap_netlogon(cldap, tctx, &search); - CHECK_STATUS(status, NT_STATUS_OK); - - printf("Trying with User=NULL\n"); - search.in.user = NULL; - status = cldap_netlogon(cldap, tctx, &search); - CHECK_STATUS(status, NT_STATUS_OK); - CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE); - CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, ""); - torture_assert(tctx, - strstr(search.out.netlogon.data.nt5_ex.pdc_name, "\\\\") != NULL, - "PDC name should be in UNC form"); - - printf("Trying with User=Administrator\n"); - search.in.user = "Administrator"; - status = cldap_netlogon(cldap, tctx, &search); - CHECK_STATUS(status, NT_STATUS_OK); - CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN); - CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user); - torture_assert(tctx, - strstr(search.out.netlogon.data.nt5_ex.pdc_name, "\\\\") != NULL, - "PDC name should be in UNC form"); - - search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX; - - printf("Trying with a GUID\n"); - search.in.realm = NULL; - search.in.domain_guid = GUID_string(tctx, &n1.data.nt5_ex.domain_uuid); - status = cldap_netlogon(cldap, tctx, &search); - CHECK_STATUS(status, NT_STATUS_OK); - CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX); - CHECK_STRING(GUID_string(tctx, &search.out.netlogon.data.nt5_ex.domain_uuid), search.in.domain_guid); - torture_assert(tctx, - strstr(search.out.netlogon.data.nt5_ex.pdc_name, "\\\\") == NULL, - "PDC name should not be in UNC form"); - - printf("Trying with a incorrect GUID\n"); - guid = GUID_random(); - search.in.user = NULL; - search.in.domain_guid = GUID_string(tctx, &guid); - status = cldap_netlogon(cldap, tctx, &search); - CHECK_STATUS(status, NT_STATUS_NOT_FOUND); - - printf("Trying with a AAC\n"); - search.in.acct_control = ACB_WSTRUST|ACB_SVRTRUST; - search.in.realm = n1.data.nt5_ex.dns_domain; - status = cldap_netlogon(cldap, tctx, &search); - CHECK_STATUS(status, NT_STATUS_OK); - CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); - CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, ""); - - printf("Trying with a zero AAC\n"); - search.in.acct_control = 0x0; - search.in.realm = n1.data.nt5_ex.dns_domain; - status = cldap_netlogon(cldap, tctx, &search); - CHECK_STATUS(status, NT_STATUS_OK); - CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); - CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, ""); - - printf("Trying with a zero AAC and user=Administrator\n"); - search.in.acct_control = 0x0; - search.in.user = "Administrator"; - search.in.realm = n1.data.nt5_ex.dns_domain; - status = cldap_netlogon(cldap, tctx, &search); - CHECK_STATUS(status, NT_STATUS_OK); - CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX); - CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "Administrator"); - - printf("Trying with a bad AAC\n"); - search.in.user = NULL; - search.in.acct_control = 0xFF00FF00; - search.in.realm = n1.data.nt5_ex.dns_domain; - status = cldap_netlogon(cldap, tctx, &search); - CHECK_STATUS(status, NT_STATUS_OK); - CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); - CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, ""); - - printf("Trying with a user only\n"); - search = empty_search; - search.in.user = "Administrator"; - status = cldap_netlogon(cldap, tctx, &search); - CHECK_STATUS(status, NT_STATUS_OK); - CHECK_STRING(search.out.netlogon.data.nt5_ex.forest, n1.data.nt5_ex.dns_domain); - CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain); - CHECK_STRING(search.out.netlogon.data.nt5_ex.domain_name, n1.data.nt5_ex.domain_name); - CHECK_STRING(search.out.netlogon.data.nt5_ex.pdc_name, n1.data.nt5_ex.pdc_name); - CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user); - CHECK_STRING(search.out.netlogon.data.nt5_ex.server_site, n1.data.nt5_ex.server_site); - CHECK_STRING(search.out.netlogon.data.nt5_ex.client_site, n1.data.nt5_ex.client_site); - - printf("Trying with just a bad username\n"); - search.in.user = "___no_such_user___"; - status = cldap_netlogon(cldap, tctx, &search); - CHECK_STATUS(status, NT_STATUS_OK); - CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX); - CHECK_STRING(search.out.netlogon.data.nt5_ex.forest, n1.data.nt5_ex.dns_domain); - CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain); - CHECK_STRING(search.out.netlogon.data.nt5_ex.domain_name, n1.data.nt5_ex.domain_name); - CHECK_STRING(search.out.netlogon.data.nt5_ex.pdc_name, n1.data.nt5_ex.pdc_name); - CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user); - CHECK_STRING(search.out.netlogon.data.nt5_ex.server_site, n1.data.nt5_ex.server_site); - CHECK_STRING(search.out.netlogon.data.nt5_ex.client_site, n1.data.nt5_ex.client_site); - - printf("Trying with just a bad domain\n"); - search = empty_search; - search.in.realm = "___no_such_domain___"; - status = cldap_netlogon(cldap, tctx, &search); - CHECK_STATUS(status, NT_STATUS_NOT_FOUND); - - printf("Trying with a incorrect domain and correct guid\n"); - search.in.domain_guid = GUID_string(tctx, &n1.data.nt5_ex.domain_uuid); - status = cldap_netlogon(cldap, tctx, &search); - CHECK_STATUS(status, NT_STATUS_OK); - CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); - CHECK_STRING(search.out.netlogon.data.nt5_ex.forest, n1.data.nt5_ex.dns_domain); - CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain); - CHECK_STRING(search.out.netlogon.data.nt5_ex.domain_name, n1.data.nt5_ex.domain_name); - CHECK_STRING(search.out.netlogon.data.nt5_ex.pdc_name, n1.data.nt5_ex.pdc_name); - CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, ""); - CHECK_STRING(search.out.netlogon.data.nt5_ex.server_site, n1.data.nt5_ex.server_site); - CHECK_STRING(search.out.netlogon.data.nt5_ex.client_site, n1.data.nt5_ex.client_site); - - printf("Trying with a incorrect domain and incorrect guid\n"); - search.in.domain_guid = GUID_string(tctx, &guid); - status = cldap_netlogon(cldap, tctx, &search); - CHECK_STATUS(status, NT_STATUS_NOT_FOUND); - CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); - CHECK_STRING(search.out.netlogon.data.nt5_ex.forest, n1.data.nt5_ex.dns_domain); - CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain); - CHECK_STRING(search.out.netlogon.data.nt5_ex.domain_name, n1.data.nt5_ex.domain_name); - CHECK_STRING(search.out.netlogon.data.nt5_ex.pdc_name, n1.data.nt5_ex.pdc_name); - CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, ""); - CHECK_STRING(search.out.netlogon.data.nt5_ex.server_site, n1.data.nt5_ex.server_site); - CHECK_STRING(search.out.netlogon.data.nt5_ex.client_site, n1.data.nt5_ex.client_site); - - printf("Trying with a incorrect GUID and correct domain\n"); - search.in.domain_guid = GUID_string(tctx, &guid); - search.in.realm = n1.data.nt5_ex.dns_domain; - status = cldap_netlogon(cldap, tctx, &search); - CHECK_STATUS(status, NT_STATUS_OK); - CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); - CHECK_STRING(search.out.netlogon.data.nt5_ex.forest, n1.data.nt5_ex.dns_domain); - CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain); - CHECK_STRING(search.out.netlogon.data.nt5_ex.domain_name, n1.data.nt5_ex.domain_name); - CHECK_STRING(search.out.netlogon.data.nt5_ex.pdc_name, n1.data.nt5_ex.pdc_name); - CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, ""); - CHECK_STRING(search.out.netlogon.data.nt5_ex.server_site, n1.data.nt5_ex.server_site); - CHECK_STRING(search.out.netlogon.data.nt5_ex.client_site, n1.data.nt5_ex.client_site); - - printf("Proof other results\n"); - search.in.user = "Administrator"; - status = cldap_netlogon(cldap, tctx, &search); - CHECK_STATUS(status, NT_STATUS_OK); - CHECK_STRING(search.out.netlogon.data.nt5_ex.forest, n1.data.nt5_ex.dns_domain); - CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain); - CHECK_STRING(search.out.netlogon.data.nt5_ex.domain_name, n1.data.nt5_ex.domain_name); - CHECK_STRING(search.out.netlogon.data.nt5_ex.pdc_name, n1.data.nt5_ex.pdc_name); - CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user); - CHECK_STRING(search.out.netlogon.data.nt5_ex.server_site, n1.data.nt5_ex.server_site); - CHECK_STRING(search.out.netlogon.data.nt5_ex.client_site, n1.data.nt5_ex.client_site); - - return true; -} - -/* - test cldap netlogon server type flags -*/ -static bool test_cldap_netlogon_flags(struct torture_context *tctx, - const char *dest) -{ - struct cldap_socket *cldap; - NTSTATUS status; - struct cldap_netlogon search; - struct netlogon_samlogon_response n1; - uint32_t server_type; - struct tsocket_address *dest_addr; - int ret; - - ret = tsocket_address_inet_from_strings(tctx, "ip", - dest, - lpcfg_cldap_port(tctx->lp_ctx), - &dest_addr); - CHECK_VAL(ret, 0); - - /* cldap_socket_init should now know about the dest. address */ - status = cldap_socket_init(tctx, NULL, dest_addr, &cldap); - CHECK_STATUS(status, NT_STATUS_OK); - - printf("Printing out netlogon server type flags: %s\n", dest); - - ZERO_STRUCT(search); - search.in.dest_address = NULL; - search.in.dest_port = 0; - search.in.acct_control = -1; - search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX; - search.in.map_response = true; - - status = cldap_netlogon(cldap, tctx, &search); - CHECK_STATUS(status, NT_STATUS_OK); - - n1 = search.out.netlogon; - if (n1.ntver == NETLOGON_NT_VERSION_5) - server_type = n1.data.nt5.server_type; - else if (n1.ntver == NETLOGON_NT_VERSION_5EX) - server_type = n1.data.nt5_ex.server_type; - - printf("The word is: %i\n", server_type); - if (server_type & NBT_SERVER_PDC) - printf("NBT_SERVER_PDC "); - if (server_type & NBT_SERVER_GC) - printf("NBT_SERVER_GC "); - if (server_type & NBT_SERVER_LDAP) - printf("NBT_SERVER_LDAP "); - if (server_type & NBT_SERVER_DS) - printf("NBT_SERVER_DS "); - if (server_type & NBT_SERVER_KDC) - printf("NBT_SERVER_KDC "); - if (server_type & NBT_SERVER_TIMESERV) - printf("NBT_SERVER_TIMESERV "); - if (server_type & NBT_SERVER_CLOSEST) - printf("NBT_SERVER_CLOSEST "); - if (server_type & NBT_SERVER_WRITABLE) - printf("NBT_SERVER_WRITABLE "); - if (server_type & NBT_SERVER_GOOD_TIMESERV) - printf("NBT_SERVER_GOOD_TIMESERV "); - if (server_type & NBT_SERVER_NDNC) - printf("NBT_SERVER_NDNC "); - if (server_type & NBT_SERVER_SELECT_SECRET_DOMAIN_6) - printf("NBT_SERVER_SELECT_SECRET_DOMAIN_6"); - if (server_type & NBT_SERVER_FULL_SECRET_DOMAIN_6) - printf("NBT_SERVER_FULL_SECRET_DOMAIN_6"); - if (server_type & DS_DNS_CONTROLLER) - printf("DS_DNS_CONTROLLER "); - if (server_type & DS_DNS_DOMAIN) - printf("DS_DNS_DOMAIN "); - if (server_type & DS_DNS_FOREST_ROOT) - printf("DS_DNS_FOREST_ROOT "); - - printf("\n"); - - return true; -} /* convert a ldap result message to a ldb message. This allows us to @@ -488,8 +161,6 @@ bool torture_cldap(struct torture_context *torture) bool ret = true; const char *host = torture_setting_string(torture, "host", NULL); - ret &= test_cldap_netlogon(torture, host); - ret &= test_cldap_netlogon_flags(torture, host); ret &= test_cldap_generic(torture, host); return ret; |