diff options
Diffstat (limited to 'source4/torture/ldap/session_expiry.c')
-rw-r--r-- | source4/torture/ldap/session_expiry.c | 122 |
1 files changed, 122 insertions, 0 deletions
diff --git a/source4/torture/ldap/session_expiry.c b/source4/torture/ldap/session_expiry.c new file mode 100644 index 0000000..e910662 --- /dev/null +++ b/source4/torture/ldap/session_expiry.c @@ -0,0 +1,122 @@ +/* + * Unix SMB/CIFS implementation. + * + * Test LDB attribute functions + * + * Copyright (C) Andrew Bartlet <abartlet@samba.org> 2008-2009 + * Copyright (C) Matthieu Patou <mat@matws.net> 2009 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +#include "includes.h" +#include "lib/events/events.h" +#include <ldb.h> +#include <ldb_errors.h> +#include "ldb_wrap.h" +#include "param/param.h" +#include "lib/cmdline/cmdline.h" +#include "auth/credentials/credentials.h" +#include "libcli/ldap/ldap_client.h" +#include "torture/smbtorture.h" +#include "torture/ldap/proto.h" + +bool torture_ldap_session_expiry(struct torture_context *torture) +{ + const char *host = torture_setting_string(torture, "host", NULL); + struct cli_credentials *credentials = samba_cmdline_get_creds(); + struct ldb_context *ldb = NULL; + const char *url = NULL; + bool ret = false; + bool ok; + struct ldb_dn *rootdn = NULL; + struct ldb_result *result = NULL; + int rc = LDB_SUCCESS; + + /* + * Further down we request a ticket lifetime of 4 + * seconds. Give the server 10 seconds for this to kick in + */ + const struct timeval endtime = timeval_current_ofs(10, 0); + + url = talloc_asprintf(torture, "ldap://%s/", host); + torture_assert_goto( + torture, url!=NULL, ret, fail, "talloc_asprintf failed"); + + cli_credentials_set_kerberos_state(credentials, + CRED_USE_KERBEROS_REQUIRED, + CRED_SPECIFIED); + + ok = lpcfg_set_option( + torture->lp_ctx, "gensec_gssapi:requested_life_time=4"); + torture_assert_goto( + torture, ok, ret, fail, "lpcfg_set_option failed"); + + ldb = ldb_wrap_connect( + torture, + torture->ev, + torture->lp_ctx, + url, + NULL, + credentials, + 0); + torture_assert_goto( + torture, ldb!=NULL, ret, fail, "ldb_wrap_connect failed"); + + rootdn = ldb_dn_new(ldb, ldb, NULL); + torture_assert_goto( + torture, rootdn!=NULL, ret, fail, "ldb_dn_new failed"); + + rc = ldb_search( + ldb, /* ldb */ + ldb, /* mem_ctx */ + &result, /* result */ + rootdn, /* base */ + LDB_SCOPE_BASE, /* scope */ + NULL, /* attrs */ + "(objectclass=*)"); /* exp_fmt */ + torture_assert_goto( + torture, rc==LDB_SUCCESS, ret, fail, "1st ldb_search failed"); + + do { + smb_msleep(1000); + + rc = ldb_search( + ldb, /* ldb */ + ldb, /* mem_ctx */ + &result, /* result */ + rootdn, /* base */ + LDB_SCOPE_BASE, /* scope */ + NULL, /* attrs */ + "(objectclass=*)"); /* exp_fmt */ + printf("ldb_search returned %s\n", ldb_strerror(rc)); + TALLOC_FREE(result); + + if (rc != LDB_SUCCESS) { + break; + } + } while (!timeval_expired(&endtime)); + + torture_assert_goto( + torture, + rc==LDB_ERR_PROTOCOL_ERROR, + ret, + fail, + "expected LDB_ERR_PROTOCOL_ERROR after 4 seconds"); + + ret = true; +fail: + TALLOC_FREE(ldb); + return ret; +} |