From f67156fc920b9a5c84c4fcaf1bf41640ddae6005 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 21 May 2008 12:37:36 +1000 Subject: Extend the 'netlogon' CLDAP and NBT implementation. This now handles checking if the user exists, including validating the ACB mask on the user. This would be a nasty security hole, if Kerberos did not already expose this information anonymously... Andrew Bartlett (This used to be commit 441b286c00f9a7743cdefeb243545bdbd2c94c5e) --- source4/torture/ldap/cldap.c | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) (limited to 'source4/torture/ldap') diff --git a/source4/torture/ldap/cldap.c b/source4/torture/ldap/cldap.c index a77920d4e6..5d4acd581b 100644 --- a/source4/torture/ldap/cldap.c +++ b/source4/torture/ldap/cldap.c @@ -144,18 +144,38 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) CHECK_STATUS(status, NT_STATUS_NOT_FOUND); printf("Trying with a AAC\n"); - search.in.acct_control = 0x180; + search.in.acct_control = ACB_WSTRUST|ACB_SVRTRUST; search.in.realm = n1.nt5_ex.dns_domain; status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); CHECK_STRING(search.out.netlogon.nt5_ex.user_name, ""); + printf("Trying with a zero AAC\n"); + search.in.acct_control = 0x0; + search.in.realm = n1.nt5_ex.dns_domain; + status = cldap_netlogon(cldap, tctx, &search); + CHECK_STATUS(status, NT_STATUS_OK); + CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); + CHECK_STRING(search.out.netlogon.nt5_ex.user_name, ""); + + printf("Trying with a zero AAC and user=Administrator\n"); + search.in.acct_control = 0x0; + search.in.user = "Administrator"; + search.in.realm = n1.nt5_ex.dns_domain; + status = cldap_netlogon(cldap, tctx, &search); + CHECK_STATUS(status, NT_STATUS_OK); + CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX); + CHECK_STRING(search.out.netlogon.nt5_ex.user_name, "Administrator"); + printf("Trying with a bad AAC\n"); + search.in.user = NULL; search.in.acct_control = 0xFF00FF00; search.in.realm = n1.nt5_ex.dns_domain; status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); + CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); + CHECK_STRING(search.out.netlogon.nt5_ex.user_name, ""); printf("Trying with a user only\n"); search = empty_search; -- cgit