summaryrefslogtreecommitdiff
path: root/source4/torture/ldap/netlogon.c
diff options
context:
space:
mode:
Diffstat (limited to 'source4/torture/ldap/netlogon.c')
-rw-r--r--source4/torture/ldap/netlogon.c45
1 files changed, 45 insertions, 0 deletions
diff --git a/source4/torture/ldap/netlogon.c b/source4/torture/ldap/netlogon.c
index bdf30e95d4..5605570396 100644
--- a/source4/torture/ldap/netlogon.c
+++ b/source4/torture/ldap/netlogon.c
@@ -24,6 +24,7 @@
#include "includes.h"
#include "libcli/cldap/cldap.h"
#include "libcli/ldap/ldap_client.h"
+#include "libcli/ldap/ldap_ndr.h"
#include "librpc/gen_ndr/netlogon.h"
#include "param/param.h"
#include "../lib/tsocket/tsocket.h"
@@ -439,6 +440,48 @@ static NTSTATUS tcp_ldap_netlogon(void *data,
return NT_STATUS_OK;
}
+static bool test_netlogon_extra_attrs(struct torture_context *tctx,
+ struct ldap_connection *conn)
+{
+ char *filter;
+ NTSTATUS status;
+ struct ldap_SearchResEntry *res;
+ const char *attrs[] = {
+ "netlogon",
+ "supportedCapabilities"
+ };
+ int num_attrs = ARRAY_SIZE(attrs);
+
+ /* Additional attributes may be requested next to netlogon */
+ torture_comment(tctx, "Requesting netlogon with additional attribute\n");
+ filter = talloc_asprintf(tctx, "(&"
+ "(NtVer=%s)(AAC=%s)"
+ /* Query for LDAP_CAP_ACTIVE_DIRECTORY_OID */
+ "(supportedCapabilities=1.2.840.113556.1.4.800)"
+ ")",
+ ldap_encode_ndr_uint32(tctx,
+ NETLOGON_NT_VERSION_5EX),
+ ldap_encode_ndr_uint32(tctx, 0));
+ torture_assert(tctx, filter != NULL, "OOM");
+ status = ldap_rootdse(conn, tctx, filter, attrs, num_attrs, &res);
+ CHECK_STATUS(status, NT_STATUS_OK);
+ CHECK_VAL(res->num_attributes, ARRAY_SIZE(attrs));
+
+ /* Wildcards are not allowed in filters when netlogon is requested. */
+ torture_comment(tctx, "Requesting netlogon with invalid attr filter\n");
+ filter = talloc_asprintf(tctx,
+ "(&(NtVer=%s)(AAC=%s)(supportedCapabilities=*))",
+ ldap_encode_ndr_uint32(tctx,
+ NETLOGON_NT_VERSION_5EX),
+ ldap_encode_ndr_uint32(tctx, 0));
+ torture_assert(tctx, filter != NULL, "OOM");
+ status = ldap_rootdse(conn, tctx, filter, attrs, num_attrs, &res);
+ CHECK_STATUS(status, NT_STATUS_NOT_FOUND);
+
+ return true;
+}
+
+
bool torture_netlogon_tcp(struct torture_context *tctx)
{
const char *host = torture_setting_string(tctx, "host", NULL);
@@ -460,6 +503,8 @@ bool torture_netlogon_tcp(struct torture_context *tctx)
ret &= test_ldap_netlogon(tctx, tcp_ldap_netlogon, conn, host);
ret &= test_ldap_netlogon_flags(tctx, tcp_ldap_netlogon, conn, host);
+ ret &= test_netlogon_extra_attrs(tctx, conn);
+
return ret;
}