From a90c731ec5d33028380aeb66b411b5f1682fb874 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 13 May 2005 06:10:10 +0000 Subject: r6765: expanded the cldap test suite to test the usage of the DomainGuid, AAC, and User attributes in cldap netlogon queries interestingly, while WinXP generated cldap filters with these set, the w2k3 cldap server seems to completely ignore them, so I didn't need to alter our cldap server at all to pass the test :-) (This used to be commit 177c8becd2051c9d1f261358baf4b85ca89700d8) --- source4/torture/ldap/cldap.c | 65 ++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 60 insertions(+), 5 deletions(-) (limited to 'source4') diff --git a/source4/torture/ldap/cldap.c b/source4/torture/ldap/cldap.c index 24cbc184ad..5f6ef3f649 100644 --- a/source4/torture/ldap/cldap.c +++ b/source4/torture/ldap/cldap.c @@ -26,6 +26,14 @@ #include "libcli/ldap/ldap.h" #include "lib/events/events.h" +#define CHECK_STATUS(status, correct) do { \ + if (!NT_STATUS_EQUAL(status, correct)) { \ + printf("(%s) Incorrect status %s - should be %s\n", \ + __location__, nt_errstr(status), nt_errstr(correct)); \ + ret = False; \ + goto done; \ + }} while (0) + /* test netlogon operations @@ -35,27 +43,74 @@ static BOOL test_cldap_netlogon(TALLOC_CTX *mem_ctx, const char *dest) struct cldap_socket *cldap = cldap_socket_init(mem_ctx, NULL); NTSTATUS status; struct cldap_netlogon search; + union nbt_cldap_netlogon n1; + struct GUID guid; int i; + BOOL ret = True; search.in.dest_address = dest; search.in.realm = lp_realm(); search.in.host = lp_netbios_name(); + search.in.user = NULL; + search.in.domain_guid = NULL; + search.in.domain_sid = NULL; + search.in.acct_control = -1; + printf("Scanning for netlogon levels\n"); for (i=0;i<256;i++) { search.in.version = i; printf("Trying netlogon level %d\n", i); status = cldap_netlogon(cldap, mem_ctx, &search); - if (!NT_STATUS_IS_OK(status)) { - printf("netlogon[%d] failed - %s\n", i, nt_errstr(status)); - } else { + CHECK_STATUS(status, NT_STATUS_OK); + if (DEBUGLVL(10)) { NDR_PRINT_UNION_DEBUG(nbt_cldap_netlogon, i & 0xF, &search.out.netlogon); } } - printf("cldap_search gave %s\n", nt_errstr(status)); + search.in.version = 6; + status = cldap_netlogon(cldap, mem_ctx, &search); + CHECK_STATUS(status, NT_STATUS_OK); + n1 = search.out.netlogon; + + printf("Trying with User=Administrator\n"); + + search.in.user = "Administrator"; + status = cldap_netlogon(cldap, mem_ctx, &search); + CHECK_STATUS(status, NT_STATUS_OK); + + printf("Trying with a GUID\n"); + search.in.domain_guid = GUID_string(mem_ctx, &n1.logon4.domain_uuid); + status = cldap_netlogon(cldap, mem_ctx, &search); + CHECK_STATUS(status, NT_STATUS_OK); + + printf("Trying with a incorrect GUID\n"); + guid = GUID_random(); + search.in.user = NULL; + search.in.domain_guid = GUID_string(mem_ctx, &guid); + status = cldap_netlogon(cldap, mem_ctx, &search); + CHECK_STATUS(status, NT_STATUS_OK); + + printf("Trying with a incorrect domain\n"); + search.in.realm = "test.example.com"; + search.in.domain_guid = NULL; + status = cldap_netlogon(cldap, mem_ctx, &search); + CHECK_STATUS(status, NT_STATUS_NOT_FOUND); + + printf("Trying with a AAC\n"); + search.in.acct_control = 0x180; + search.in.realm = lp_realm(); + status = cldap_netlogon(cldap, mem_ctx, &search); + CHECK_STATUS(status, NT_STATUS_OK); + + printf("Trying with a bad AAC\n"); + search.in.acct_control = 0xFF00FF00; + search.in.realm = lp_realm(); + status = cldap_netlogon(cldap, mem_ctx, &search); + CHECK_STATUS(status, NT_STATUS_OK); - return True; +done: + return ret; } BOOL torture_cldap(void) -- cgit