/* Unix SMB/CIFS Implementation. test CLDAP/LDAP netlogon operations Copyright (C) Andrew Tridgell 2005 Copyright (C) Matthias Dieter Wallnöfer 2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "includes.h" #include "libcli/cldap/cldap.h" #include "libcli/ldap/ldap_client.h" #include "libcli/ldap/ldap_ndr.h" #include "libcli/resolve/resolve.h" #include "librpc/gen_ndr/netlogon.h" #include "param/param.h" #include "../lib/tsocket/tsocket.h" #include "torture/torture.h" #include "torture/ldap/proto.h" #undef strcasecmp #define CHECK_STATUS(status, correct) torture_assert_ntstatus_equal(tctx, status, correct, "incorrect status") #define CHECK_VAL(v, correct) torture_assert_int_equal(tctx, (v), (correct), "incorrect value"); #define CHECK_STRING(v, correct) torture_assert_str_equal(tctx, v, correct, "incorrect value"); typedef NTSTATUS (*request_netlogon_t)(void *con, TALLOC_CTX *mem_ctx, struct cldap_netlogon *io); typedef NTSTATUS (*request_rootdse_t)(void *con, TALLOC_CTX *mem_ctx, struct cldap_search *io); /* test netlogon operations */ static bool test_ldap_netlogon(struct torture_context *tctx, request_netlogon_t request_netlogon, void *cldap, const char *dest) { NTSTATUS status; struct cldap_netlogon search, empty_search; struct netlogon_samlogon_response n1; struct GUID guid; int i; ZERO_STRUCT(search); search.in.dest_address = NULL; search.in.dest_port = 0; search.in.acct_control = -1; search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX; search.in.map_response = true; empty_search = search; printf("Trying without any attributes\n"); search = empty_search; status = request_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); n1 = search.out.netlogon; search.in.user = "Administrator"; search.in.realm = n1.data.nt5_ex.dns_domain; search.in.host = "__cldap_torture__"; printf("Scanning for netlogon levels\n"); for (i=0;i<256;i++) { search.in.version = i; printf("Trying netlogon level %d\n", i); status = request_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); } printf("Scanning for netlogon level bits\n"); for (i=0;i<31;i++) { search.in.version = (1<type = LDAP_TAG_SearchRequest; msg->r.SearchRequest.basedn = ""; msg->r.SearchRequest.scope = LDAP_SEARCH_SCOPE_BASE; msg->r.SearchRequest.deref = LDAP_DEREFERENCE_NEVER; msg->r.SearchRequest.timelimit = 0; msg->r.SearchRequest.sizelimit = 0; msg->r.SearchRequest.attributesonly = false; msg->r.SearchRequest.tree = ldb_parse_tree(msg, io->in.filter); msg->r.SearchRequest.num_attributes = str_list_length(io->in.attributes); msg->r.SearchRequest.attributes = io->in.attributes; req = ldap_request_send(conn, msg); if (req == NULL) { printf("Could not setup ldap search\n"); return NT_STATUS_UNSUCCESSFUL; } ZERO_STRUCT(io->out); for (i = 0; i < 2; ++i) { status = ldap_result_n(req, i, &result); if (!NT_STATUS_IS_OK(status)) { return status; } switch (result->type) { case LDAP_TAG_SearchResultEntry: if (i != 0) { return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR); } io->out.response = &result->r.SearchResultEntry; break; case LDAP_TAG_SearchResultDone: io->out.result = &result->r.SearchResultDone; if (io->out.result->resultcode != LDAP_SUCCESS) { return NT_STATUS_LDAP(io->out.result->resultcode); } return NT_STATUS_OK; default: return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR); } } return NT_STATUS_OK; } static NTSTATUS tcp_ldap_netlogon(void *conn, TALLOC_CTX *mem_ctx, struct cldap_netlogon *io) { struct cldap_search search; struct ldap_SearchResEntry *res; NTSTATUS status; DATA_BLOB *blob; ZERO_STRUCT(search); search.in.attributes = (const char *[]) { "netlogon", NULL }; search.in.filter = cldap_netlogon_create_filter(mem_ctx, io); if (search.in.filter == NULL) { return NT_STATUS_NO_MEMORY; } status = tcp_ldap_rootdse(conn, mem_ctx, &search); if (!NT_STATUS_IS_OK(status)) { return status; } res = search.out.response; if (res == NULL) { return NT_STATUS_NOT_FOUND; } if (res->num_attributes != 1 || strcasecmp(res->attributes[0].name, "netlogon") != 0 || res->attributes[0].num_values != 1 || res->attributes[0].values->length < 2) { return NT_STATUS_UNEXPECTED_NETWORK_ERROR; } blob = res->attributes[0].values; status = pull_netlogon_samlogon_response(blob, mem_ctx, &io->out.netlogon); if (!NT_STATUS_IS_OK(status)) { return status; } if (io->in.map_response) { map_netlogon_samlogon_response(&io->out.netlogon); } return NT_STATUS_OK; } static NTSTATUS udp_ldap_rootdse(void *data, TALLOC_CTX *mem_ctx, struct cldap_search *io) { struct cldap_socket *cldap = talloc_get_type(data, struct cldap_socket); return cldap_search(cldap, mem_ctx, io); } static bool test_netlogon_extra_attrs(struct torture_context *tctx, request_rootdse_t request_rootdse, void *conn) { struct cldap_search io; NTSTATUS status; const char *attrs[] = { "netlogon", "supportedCapabilities", NULL }; const char *attrs2[] = { "netlogon", "*", NULL }; struct ldb_message ldbmsg = { NULL, 0, NULL }; ZERO_STRUCT(io); io.in.dest_address = NULL; io.in.dest_port = 0; io.in.timeout = 2; io.in.retries = 2; /* Additional attributes may be requested next to netlogon */ torture_comment(tctx, "Requesting netlogon with additional attribute\n"); io.in.filter = talloc_asprintf(tctx, "(&" "(NtVer=%s)(AAC=%s)" /* Query for LDAP_CAP_ACTIVE_DIRECTORY_OID */ "(supportedCapabilities=1.2.840.113556.1.4.800)" ")", ldap_encode_ndr_uint32(tctx, NETLOGON_NT_VERSION_5EX), ldap_encode_ndr_uint32(tctx, 0)); torture_assert(tctx, io.in.filter != NULL, "OOM"); io.in.attributes = attrs; status = request_rootdse(conn, tctx, &io); CHECK_STATUS(status, NT_STATUS_OK); torture_assert(tctx, io.out.response != NULL, "No Entries found."); CHECK_VAL(io.out.response->num_attributes, 2); /* netlogon + '*' attr return zero results */ torture_comment(tctx, "Requesting netlogon and '*' attributes\n"); io.in.attributes = attrs2; status = request_rootdse(conn, tctx, &io); CHECK_STATUS(status, NT_STATUS_OK); torture_assert(tctx, io.out.response != NULL, "No Entries found."); ldbmsg.num_elements = io.out.response->num_attributes; ldbmsg.elements = io.out.response->attributes; torture_assert(tctx, ldb_msg_find_element(&ldbmsg, "netlogon") != NULL, "Attribute netlogon not found in Result Entry\n"); /* Wildcards are not allowed in filters when netlogon is requested. */ torture_comment(tctx, "Requesting netlogon with invalid attr filter\n"); io.in.filter = talloc_asprintf(tctx, "(&(NtVer=%s)(AAC=%s)(supportedCapabilities=*))", ldap_encode_ndr_uint32(tctx, NETLOGON_NT_VERSION_5EX), ldap_encode_ndr_uint32(tctx, 0)); torture_assert(tctx, io.in.filter != NULL, "OOM"); io.in.attributes = attrs; status = request_rootdse(conn, tctx, &io); CHECK_STATUS(status, NT_STATUS_OK); torture_assert(tctx, io.out.response == NULL, "A wildcard filter should return no entries."); return true; } /* Bug #11392: Huawei Unified Storage System S5500 V3 sends no NtVer [MS-ADTS] Section 7.3.3.2 "Domain Controller Response to an LDAP Ping" */ static bool test_netlogon_huawei(struct torture_context *tctx, request_rootdse_t request_rootdse, void *conn) { struct cldap_search io; struct netlogon_samlogon_response n1; NTSTATUS status; const char *attrs[] = { "netlogon", NULL }; struct ldb_message ldbmsg = { NULL, 0, NULL }; ZERO_STRUCT(io); io.in.dest_address = NULL; io.in.dest_port = 0; io.in.timeout = 2; io.in.retries = 2; torture_comment(tctx, "Requesting netlogon without NtVer filter\n"); io.in.filter = talloc_asprintf(tctx, "(&(DnsDomain=%s))", lpcfg_dnsdomain(tctx->lp_ctx)); torture_assert(tctx, io.in.filter != NULL, "OOM"); io.in.attributes = attrs; status = request_rootdse(conn, tctx, &io); CHECK_STATUS(status, NT_STATUS_OK); torture_assert(tctx, io.out.response != NULL, "No Entries found."); CHECK_VAL(io.out.response->num_attributes, 1); ldbmsg.num_elements = io.out.response->num_attributes; ldbmsg.elements = io.out.response->attributes; torture_assert(tctx, ldb_msg_find_element(&ldbmsg, "netlogon") != NULL, "Attribute netlogon not found in Result Entry\n"); status = pull_netlogon_samlogon_response( io.out.response->attributes[0].values, tctx, &n1); CHECK_STATUS(status, NT_STATUS_OK); CHECK_VAL(n1.ntver, NETLOGON_NT_VERSION_5); return true; } bool torture_netlogon_tcp(struct torture_context *tctx) { const char *host = torture_setting_string(tctx, "host", NULL); bool ret = true; NTSTATUS status; struct ldap_connection *conn; TALLOC_CTX *mem_ctx; const char *url; mem_ctx = talloc_init("torture_ldap_netlogon"); url = talloc_asprintf(mem_ctx, "ldap://%s/", host); status = torture_ldap_connection(tctx, &conn, url); if (!NT_STATUS_IS_OK(status)) { return false; } ret &= test_ldap_netlogon(tctx, tcp_ldap_netlogon, conn, host); ret &= test_ldap_netlogon_flags(tctx, tcp_ldap_netlogon, conn, host); ret &= test_netlogon_extra_attrs(tctx, tcp_ldap_rootdse, conn); return ret; } static NTSTATUS udp_ldap_netlogon(void *data, TALLOC_CTX *mem_ctx, struct cldap_netlogon *io) { struct cldap_socket *cldap = talloc_get_type(data, struct cldap_socket); return cldap_netlogon(cldap, mem_ctx, io); } bool torture_netlogon_udp(struct torture_context *tctx) { const char *host = torture_setting_string(tctx, "host", NULL); const char *ip; struct nbt_name nbt_name; bool ret = true; int r; struct cldap_socket *cldap; NTSTATUS status; struct tsocket_address *dest_addr; make_nbt_name_server(&nbt_name, host); status = resolve_name_ex(lpcfg_resolve_context(tctx->lp_ctx), 0, 0, &nbt_name, tctx, &ip, tctx->ev); torture_assert_ntstatus_ok(tctx, status, talloc_asprintf(tctx,"Failed to resolve %s: %s", nbt_name.name, nt_errstr(status))); r = tsocket_address_inet_from_strings(tctx, "ip", ip, lpcfg_cldap_port(tctx->lp_ctx), &dest_addr); CHECK_VAL(r, 0); /* cldap_socket_init should now know about the dest. address */ status = cldap_socket_init(tctx, NULL, dest_addr, &cldap); CHECK_STATUS(status, NT_STATUS_OK); ret &= test_ldap_netlogon(tctx, udp_ldap_netlogon, cldap, host); ret &= test_ldap_netlogon_flags(tctx, udp_ldap_netlogon, cldap, host); ret &= test_netlogon_extra_attrs(tctx, udp_ldap_rootdse, cldap); ret &= test_netlogon_huawei(tctx, udp_ldap_rootdse, cldap); return ret; }