1 files changed, 122 insertions, 0 deletions

diff --git a/source4/torture/ldap/session_expiry.c b/source4/torture/ldap/session_expiry.c
new file mode 100644
index 0000000..e910662
--- /dev/null
+++ b/source4/torture/ldap/session_expiry.c
@@ -0,0 +1,122 @@
+/*
+ * Unix SMB/CIFS implementation.
+ *
+ * Test LDB attribute functions
+ *
+ * Copyright (C) Andrew Bartlet <abartlet@samba.org> 2008-2009
+ * Copyright (C) Matthieu Patou <mat@matws.net> 2009
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.	See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.	If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+#include "lib/events/events.h"
+#include <ldb.h>
+#include <ldb_errors.h>
+#include "ldb_wrap.h"
+#include "param/param.h"
+#include "lib/cmdline/cmdline.h"
+#include "auth/credentials/credentials.h"
+#include "libcli/ldap/ldap_client.h"
+#include "torture/smbtorture.h"
+#include "torture/ldap/proto.h"
+
+bool torture_ldap_session_expiry(struct torture_context *torture)
+{
+	const char *host = torture_setting_string(torture, "host", NULL);
+	struct cli_credentials *credentials = samba_cmdline_get_creds();
+	struct ldb_context *ldb = NULL;
+	const char *url = NULL;
+	bool ret = false;
+	bool ok;
+	struct ldb_dn *rootdn = NULL;
+	struct ldb_result *result = NULL;
+	int rc = LDB_SUCCESS;
+
+	/*
+	 * Further down we request a ticket lifetime of 4
+	 * seconds. Give the server 10 seconds for this to kick in
+	 */
+	const struct timeval endtime = timeval_current_ofs(10, 0);
+
+	url = talloc_asprintf(torture, "ldap://%s/", host);
+	torture_assert_goto(
+		torture, url!=NULL, ret, fail, "talloc_asprintf failed");
+
+	cli_credentials_set_kerberos_state(credentials,
+					   CRED_USE_KERBEROS_REQUIRED,
+					   CRED_SPECIFIED);
+
+	ok = lpcfg_set_option(
+		torture->lp_ctx, "gensec_gssapi:requested_life_time=4");
+	torture_assert_goto(
+		torture, ok, ret, fail, "lpcfg_set_option failed");
+
+	ldb = ldb_wrap_connect(
+		torture,
+		torture->ev,
+		torture->lp_ctx,
+		url,
+		NULL,
+		credentials,
+		0);
+	torture_assert_goto(
+		torture, ldb!=NULL, ret, fail, "ldb_wrap_connect failed");
+
+	rootdn = ldb_dn_new(ldb, ldb, NULL);
+	torture_assert_goto(
+		torture, rootdn!=NULL, ret, fail, "ldb_dn_new failed");
+
+	rc = ldb_search(
+		ldb,		    /* ldb */
+		ldb,		    /* mem_ctx */
+		&result,	    /* result */
+		rootdn,		    /* base */
+		LDB_SCOPE_BASE,	    /* scope */
+		NULL,		    /* attrs */
+		"(objectclass=*)"); /* exp_fmt */
+	torture_assert_goto(
+		torture, rc==LDB_SUCCESS, ret, fail, "1st ldb_search failed");
+
+	do {
+		smb_msleep(1000);
+
+		rc = ldb_search(
+			ldb,		/* ldb */
+			ldb,		/* mem_ctx */
+			&result,	/* result */
+			rootdn,		/* base */
+			LDB_SCOPE_BASE, /* scope */
+			NULL,		/* attrs */
+			"(objectclass=*)"); /* exp_fmt */
+		printf("ldb_search returned %s\n", ldb_strerror(rc));
+		TALLOC_FREE(result);
+
+		if (rc != LDB_SUCCESS) {
+			break;
+		}
+	} while (!timeval_expired(&endtime));
+
+	torture_assert_goto(
+		torture,
+		rc==LDB_ERR_PROTOCOL_ERROR,
+		ret,
+		fail,
+		"expected LDB_ERR_PROTOCOL_ERROR after 4 seconds");
+
+	ret = true;
+fail:
+	TALLOC_FREE(ldb);
+	return ret;
+}