/*
Unix SMB/CIFS mplementation.
test CLDAP/LDAP netlogon operations
Copyright (C) Andrew Tridgell 2005
Copyright (C) Matthias Dieter Wallnöfer 2009
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see .
*/
#include "includes.h"
#include "libcli/cldap/cldap.h"
#include "libcli/ldap/ldap_client.h"
#include "librpc/gen_ndr/netlogon.h"
#include "param/param.h"
#include "../lib/tsocket/tsocket.h"
#include "torture/torture.h"
#include "torture/ldap/proto.h"
#define CHECK_STATUS(status, correct) torture_assert_ntstatus_equal(tctx, status, correct, "incorrect status")
#define CHECK_VAL(v, correct) torture_assert_int_equal(tctx, (v), (correct), "incorrect value");
#define CHECK_STRING(v, correct) torture_assert_str_equal(tctx, v, correct, "incorrect value");
typedef NTSTATUS (*request_netlogon_t)(void *cldap,
TALLOC_CTX *mem_ctx,
struct cldap_netlogon *io);
/*
test netlogon operations
*/
static bool test_ldap_netlogon(struct torture_context *tctx,
request_netlogon_t request_netlogon,
void *cldap,
const char *dest)
{
NTSTATUS status;
struct cldap_netlogon search, empty_search;
struct netlogon_samlogon_response n1;
struct GUID guid;
int i;
struct tsocket_address *dest_addr;
int ret;
ZERO_STRUCT(search);
search.in.dest_address = NULL;
search.in.dest_port = 0;
search.in.acct_control = -1;
search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
search.in.map_response = true;
empty_search = search;
printf("Trying without any attributes\n");
search = empty_search;
status = request_netlogon(cldap, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
n1 = search.out.netlogon;
search.in.user = "Administrator";
search.in.realm = n1.data.nt5_ex.dns_domain;
search.in.host = "__cldap_torture__";
printf("Scanning for netlogon levels\n");
for (i=0;i<256;i++) {
search.in.version = i;
printf("Trying netlogon level %d\n", i);
status = request_netlogon(cldap, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
}
printf("Scanning for netlogon level bits\n");
for (i=0;i<31;i++) {
search.in.version = (1<type = LDAP_TAG_SearchRequest;
msg->r.SearchRequest.basedn = "";
msg->r.SearchRequest.scope = LDAP_SEARCH_SCOPE_BASE;
msg->r.SearchRequest.deref = LDAP_DEREFERENCE_NEVER;
msg->r.SearchRequest.timelimit = 0;
msg->r.SearchRequest.sizelimit = 0;
msg->r.SearchRequest.attributesonly = false;
msg->r.SearchRequest.tree = ldb_parse_tree(msg, filter);
msg->r.SearchRequest.num_attributes = 1;
msg->r.SearchRequest.attributes = (const char *[]) { "netlogon" };
req = ldap_request_send(conn, msg);
if (req == NULL) {
printf("Could not setup ldap search\n");
return NT_STATUS_UNSUCCESSFUL;
}
status = ldap_result_one(req, &result, LDAP_TAG_SearchResultEntry);
if (!NT_STATUS_IS_OK(status)) {
/* Throw same error as cldap_netlogon. */
if (NT_STATUS_EQUAL(status, NT_STATUS_UNEXPECTED_NETWORK_ERROR)) {
return NT_STATUS_NOT_FOUND;
} else {
return status;
}
}
res = &result->r.SearchResultEntry;
if (res->num_attributes != 1 ||
strcasecmp(res->attributes[0].name, "netlogon") != 0 ||
res->attributes[0].num_values != 1 ||
res->attributes[0].values->length < 2) {
return NT_STATUS_UNEXPECTED_NETWORK_ERROR;
}
blob = res->attributes[0].values;
status = pull_netlogon_samlogon_response(blob, mem_ctx,
&io->out.netlogon);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
if (io->in.map_response) {
map_netlogon_samlogon_response(&io->out.netlogon);
}
return NT_STATUS_OK;
}
bool torture_netlogon_tcp(struct torture_context *tctx)
{
const char *host = torture_setting_string(tctx, "host", NULL);
bool ret = true;
NTSTATUS status;
struct ldap_connection *conn;
TALLOC_CTX *mem_ctx;
const char *url;
mem_ctx = talloc_init("torture_ldap_netlogon");
url = talloc_asprintf(mem_ctx, "ldap://%s/", host);
status = torture_ldap_connection(tctx, &conn, url);
if (!NT_STATUS_IS_OK(status)) {
return false;
}
ret &= test_ldap_netlogon(tctx, tcp_ldap_netlogon, conn, host);
ret &= test_ldap_netlogon_flags(tctx, tcp_ldap_netlogon, conn, host);
return ret;
}
static NTSTATUS udp_ldap_netlogon(void *data,
TALLOC_CTX *mem_ctx,
struct cldap_netlogon *io)
{
struct cldap_socket *cldap = talloc_get_type(data,
struct cldap_socket);
return cldap_netlogon(cldap, mem_ctx, io);
}
bool torture_netlogon_udp(struct torture_context *tctx)
{
const char *host = torture_setting_string(tctx, "host", NULL);
bool ret = true;
int r;
struct cldap_socket *cldap;
NTSTATUS status;
struct tsocket_address *dest_addr;
r = tsocket_address_inet_from_strings(tctx, "ip",
host,
lpcfg_cldap_port(tctx->lp_ctx),
&dest_addr);
CHECK_VAL(r, 0);
/* cldap_socket_init should now know about the dest. address */
status = cldap_socket_init(tctx, NULL, dest_addr, &cldap);
CHECK_STATUS(status, NT_STATUS_OK);
ret &= test_ldap_netlogon(tctx, udp_ldap_netlogon, cldap, host);
ret &= test_ldap_netlogon_flags(tctx, udp_ldap_netlogon, cldap, host);
return ret;
}