diff options
Diffstat (limited to 'source4/torture/ldap')
-rw-r--r-- | source4/torture/ldap/netlogon.c | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/source4/torture/ldap/netlogon.c b/source4/torture/ldap/netlogon.c index bdf30e95d4..5605570396 100644 --- a/source4/torture/ldap/netlogon.c +++ b/source4/torture/ldap/netlogon.c @@ -24,6 +24,7 @@ #include "includes.h" #include "libcli/cldap/cldap.h" #include "libcli/ldap/ldap_client.h" +#include "libcli/ldap/ldap_ndr.h" #include "librpc/gen_ndr/netlogon.h" #include "param/param.h" #include "../lib/tsocket/tsocket.h" @@ -439,6 +440,48 @@ static NTSTATUS tcp_ldap_netlogon(void *data, return NT_STATUS_OK; } +static bool test_netlogon_extra_attrs(struct torture_context *tctx, + struct ldap_connection *conn) +{ + char *filter; + NTSTATUS status; + struct ldap_SearchResEntry *res; + const char *attrs[] = { + "netlogon", + "supportedCapabilities" + }; + int num_attrs = ARRAY_SIZE(attrs); + + /* Additional attributes may be requested next to netlogon */ + torture_comment(tctx, "Requesting netlogon with additional attribute\n"); + filter = talloc_asprintf(tctx, "(&" + "(NtVer=%s)(AAC=%s)" + /* Query for LDAP_CAP_ACTIVE_DIRECTORY_OID */ + "(supportedCapabilities=1.2.840.113556.1.4.800)" + ")", + ldap_encode_ndr_uint32(tctx, + NETLOGON_NT_VERSION_5EX), + ldap_encode_ndr_uint32(tctx, 0)); + torture_assert(tctx, filter != NULL, "OOM"); + status = ldap_rootdse(conn, tctx, filter, attrs, num_attrs, &res); + CHECK_STATUS(status, NT_STATUS_OK); + CHECK_VAL(res->num_attributes, ARRAY_SIZE(attrs)); + + /* Wildcards are not allowed in filters when netlogon is requested. */ + torture_comment(tctx, "Requesting netlogon with invalid attr filter\n"); + filter = talloc_asprintf(tctx, + "(&(NtVer=%s)(AAC=%s)(supportedCapabilities=*))", + ldap_encode_ndr_uint32(tctx, + NETLOGON_NT_VERSION_5EX), + ldap_encode_ndr_uint32(tctx, 0)); + torture_assert(tctx, filter != NULL, "OOM"); + status = ldap_rootdse(conn, tctx, filter, attrs, num_attrs, &res); + CHECK_STATUS(status, NT_STATUS_NOT_FOUND); + + return true; +} + + bool torture_netlogon_tcp(struct torture_context *tctx) { const char *host = torture_setting_string(tctx, "host", NULL); @@ -460,6 +503,8 @@ bool torture_netlogon_tcp(struct torture_context *tctx) ret &= test_ldap_netlogon(tctx, tcp_ldap_netlogon, conn, host); ret &= test_ldap_netlogon_flags(tctx, tcp_ldap_netlogon, conn, host); + ret &= test_netlogon_extra_attrs(tctx, conn); + return ret; } |