static NTSTATUS tcp_ldap_rootdse(void *data, TALLOC_CTX *mem_ctx, struct cldap_search *io) { struct ldap_connection *conn = talloc_get_type(data, struct ldap_connection); struct ldap_message *msg, *result; struct ldap_request *req; int i; NTSTATUS status; msg = new_ldap_message(mem_ctx); if (!msg) { return NT_STATUS_NO_MEMORY; } msg->type = LDAP_TAG_SearchRequest; msg->r.SearchRequest.basedn = ""; msg->r.SearchRequest.scope = LDAP_SEARCH_SCOPE_BASE; msg->r.SearchRequest.deref = LDAP_DEREFERENCE_NEVER; msg->r.SearchRequest.timelimit = 0; msg->r.SearchRequest.sizelimit = 0; msg->r.SearchRequest.attributesonly = false; msg->r.SearchRequest.tree = ldb_parse_tree(msg, io->in.filter); msg->r.SearchRequest.num_attributes = str_list_length(io->in.attributes); msg->r.SearchRequest.attributes = io->in.attributes; req = ldap_request_send(conn, msg); if (req == NULL) { printf("Could not setup ldap search\n"); return NT_STATUS_UNSUCCESSFUL; } ZERO_STRUCT(io->out); for (i = 0; i < 2; ++i) { status = ldap_result_n(req, i, &result); if (!NT_STATUS_IS_OK(status)) { return status; } switch (result->type) { case LDAP_TAG_SearchResultEntry: if (i != 0) { return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR); } io->out.response = &result->r.SearchResultEntry; break; case LDAP_TAG_SearchResultDone: io->out.result = &result->r.SearchResultDone; if (io->out.result->resultcode != LDAP_SUCCESS) { return NT_STATUS_LDAP(io->out.result->resultcode); } return NT_STATUS_OK; default: return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR); } } return NT_STATUS_OK; }
static struct ldap_message *new_ldap_sasl_bind_msg(struct ldap_connection *conn, const char *sasl_mechanism, DATA_BLOB *secblob) { struct ldap_message *res; res = new_ldap_message(conn); if (!res) { return NULL; } res->type = LDAP_TAG_BindRequest; res->r.BindRequest.version = 3; res->r.BindRequest.dn = ""; res->r.BindRequest.mechanism = LDAP_AUTH_MECH_SASL; res->r.BindRequest.creds.SASL.mechanism = talloc_strdup(res, sasl_mechanism); if (secblob) { res->r.BindRequest.creds.SASL.secblob = talloc(res, DATA_BLOB); if (!res->r.BindRequest.creds.SASL.secblob) { talloc_free(res); return NULL; } *res->r.BindRequest.creds.SASL.secblob = *secblob; } else { res->r.BindRequest.creds.SASL.secblob = NULL; } res->controls = NULL; return res; }
static bool test_search_auth_empty_substring(struct ldap_connection *conn, const char *basedn) { bool ret = true; struct ldap_message *msg, *result; struct ldap_request *req; NTSTATUS status; struct ldap_Result *r; printf("Testing authenticated base Search with objectclass= substring filter\n"); msg = new_ldap_message(conn); if (!msg) { return false; } msg->type = LDAP_TAG_SearchRequest; msg->r.SearchRequest.basedn = basedn; msg->r.SearchRequest.scope = LDAP_SEARCH_SCOPE_BASE; msg->r.SearchRequest.deref = LDAP_DEREFERENCE_NEVER; msg->r.SearchRequest.timelimit = 0; msg->r.SearchRequest.sizelimit = 0; msg->r.SearchRequest.attributesonly = false; msg->r.SearchRequest.tree = ldb_parse_tree(msg, "(objectclass=*)"); msg->r.SearchRequest.tree->operation = LDB_OP_SUBSTRING; msg->r.SearchRequest.tree->u.substring.attr = "objectclass"; msg->r.SearchRequest.tree->u.substring.start_with_wildcard = 1; msg->r.SearchRequest.tree->u.substring.end_with_wildcard = 1; msg->r.SearchRequest.tree->u.substring.chunks = NULL; msg->r.SearchRequest.num_attributes = 0; msg->r.SearchRequest.attributes = NULL; req = ldap_request_send(conn, msg); if (req == NULL) { printf("Could not setup ldap search\n"); return false; } status = ldap_result_one(req, &result, LDAP_TAG_SearchResultDone); if (!NT_STATUS_IS_OK(status)) { printf("looking for search result done failed - %s\n", nt_errstr(status)); return false; } printf("received %d replies\n", req->num_replies); r = &result->r.SearchResultDone; if (r->resultcode != LDAP_SUCCESS) { printf("search result done gave error - %s\n", ldb_strerror(r->resultcode)); return false; } return ret; }
static struct ldap_message *new_ldap_simple_bind_msg(struct ldap_connection *conn, const char *dn, const char *pw) { struct ldap_message *res; res = new_ldap_message(conn); if (!res) { return NULL; } res->type = LDAP_TAG_BindRequest; res->r.BindRequest.version = 3; res->r.BindRequest.dn = talloc_strdup(res, dn); res->r.BindRequest.mechanism = LDAP_AUTH_MECH_SIMPLE; res->r.BindRequest.creds.password = talloc_strdup(res, pw); res->controls = NULL; return res; }
static bool test_compare_sasl(struct ldap_connection *conn, const char *basedn) { struct ldap_message *msg, *rep; struct ldap_request *req; const char *val; NTSTATUS status; printf("Testing SASL Compare: %s\n", basedn); if (!basedn) { return false; } msg = new_ldap_message(conn); if (!msg) { return false; } msg->type = LDAP_TAG_CompareRequest; msg->r.CompareRequest.dn = basedn; msg->r.CompareRequest.attribute = talloc_strdup(msg, "objectClass"); val = "domain"; msg->r.CompareRequest.value = data_blob_talloc(msg, val, strlen(val)); req = ldap_request_send(conn, msg); if (!req) { return false; } status = ldap_result_one(req, &rep, LDAP_TAG_CompareResponse); if (!NT_STATUS_IS_OK(status)) { printf("error in ldap compare request - %s\n", nt_errstr(status)); return false; } DEBUG(5,("Code: %d DN: [%s] ERROR:[%s] REFERRAL:[%s]\n", rep->r.CompareResponse.resultcode, rep->r.CompareResponse.dn, rep->r.CompareResponse.errormessage, rep->r.CompareResponse.referral)); return true; }
static bool test_abandon_request(struct torture_context *tctx, struct ldap_connection *conn, const char *basedn) { struct ldap_message *msg; struct ldap_request *req; NTSTATUS status; printf("Testing the AbandonRequest with an old message id!\n"); if (!basedn) { return false; } msg = new_ldap_message(conn); if (!msg) { return false; } printf(" Try a AbandonRequest for an old message id\n"); msg->type = LDAP_TAG_AbandonRequest; msg->r.AbandonRequest.messageid = 1; req = ldap_request_send(conn, msg); if (!req) { return false; } status = ldap_request_wait(req); if (!NT_STATUS_IS_OK(status)) { printf("error in ldap abandon request - %s\n", nt_errstr(status)); return false; } return true; }
static bool test_search_rootDSE(struct ldap_connection *conn, const char **basedn, const char ***partitions) { bool ret = true; struct ldap_message *msg, *result; struct ldap_request *req; int i; struct ldap_SearchResEntry *r; NTSTATUS status; printf("Testing RootDSE Search\n"); *basedn = NULL; if (partitions != NULL) { *partitions = const_str_list(str_list_make_empty(conn)); } msg = new_ldap_message(conn); if (!msg) { return false; } msg->type = LDAP_TAG_SearchRequest; msg->r.SearchRequest.basedn = ""; msg->r.SearchRequest.scope = LDAP_SEARCH_SCOPE_BASE; msg->r.SearchRequest.deref = LDAP_DEREFERENCE_NEVER; msg->r.SearchRequest.timelimit = 0; msg->r.SearchRequest.sizelimit = 0; msg->r.SearchRequest.attributesonly = false; msg->r.SearchRequest.tree = ldb_parse_tree(msg, "(objectclass=*)"); msg->r.SearchRequest.num_attributes = 0; msg->r.SearchRequest.attributes = NULL; req = ldap_request_send(conn, msg); if (req == NULL) { printf("Could not setup ldap search\n"); return false; } status = ldap_result_one(req, &result, LDAP_TAG_SearchResultEntry); if (!NT_STATUS_IS_OK(status)) { printf("search failed - %s\n", nt_errstr(status)); return false; } printf("received %d replies\n", req->num_replies); r = &result->r.SearchResultEntry; DEBUG(1,("\tdn: %s\n", r->dn)); for (i=0; i<r->num_attributes; i++) { int j; for (j=0; j<r->attributes[i].num_values; j++) { DEBUG(1,("\t%s: %d %.*s\n", r->attributes[i].name, (int)r->attributes[i].values[j].length, (int)r->attributes[i].values[j].length, (char *)r->attributes[i].values[j].data)); if (!(*basedn) && strcasecmp("defaultNamingContext",r->attributes[i].name)==0) { *basedn = talloc_asprintf(conn, "%.*s", (int)r->attributes[i].values[j].length, (char *)r->attributes[i].values[j].data); } if ((partitions != NULL) && (strcasecmp("namingContexts", r->attributes[i].name) == 0)) { char *entry = talloc_asprintf(conn, "%.*s", (int)r->attributes[i].values[j].length, (char *)r->attributes[i].values[j].data); *partitions = str_list_add(*partitions, entry); } } } return ret; }
/* This has to be done using the LDAP API since the LDB API does only transmit * the error code and not the error message. */ static bool test_error_codes(struct torture_context *tctx, struct ldap_connection *conn, const char *basedn) { struct ldap_message *msg, *rep; struct ldap_request *req; const char *err_code_str; char *endptr; WERROR err; NTSTATUS status; printf("Testing the most important error code -> error message conversions!\n"); if (!basedn) { return false; } msg = new_ldap_message(conn); if (!msg) { return false; } printf(" Try a wrong addition\n"); msg->type = LDAP_TAG_AddRequest; msg->r.AddRequest.dn = basedn; msg->r.AddRequest.num_attributes = 0; msg->r.AddRequest.attributes = NULL; req = ldap_request_send(conn, msg); if (!req) { return false; } status = ldap_result_one(req, &rep, LDAP_TAG_AddResponse); if (!NT_STATUS_IS_OK(status)) { printf("error in ldap add request - %s\n", nt_errstr(status)); return false; } if ((rep->r.AddResponse.resultcode == 0) || (rep->r.AddResponse.errormessage == NULL) || (strtol(rep->r.AddResponse.errormessage, &endptr,16) <= 0) || (*endptr != ':')) { printf("Invalid error message!\n"); return false; } err = ad_error(rep->r.AddResponse.errormessage, &endptr); err_code_str = win_errstr(err); printf(" - Errorcode: %s; Reason: %s\n", err_code_str, endptr); if ((!W_ERROR_EQUAL(err, WERR_DS_REFERRAL)) || (rep->r.AddResponse.resultcode != LDAP_REFERRAL)) { return false; } if ((rep->r.AddResponse.referral == NULL) || (strstr(rep->r.AddResponse.referral, basedn) == NULL)) { return false; } printf(" Try another wrong addition\n"); msg->type = LDAP_TAG_AddRequest; msg->r.AddRequest.dn = ""; msg->r.AddRequest.num_attributes = 0; msg->r.AddRequest.attributes = NULL; req = ldap_request_send(conn, msg); if (!req) { return false; } status = ldap_result_one(req, &rep, LDAP_TAG_AddResponse); if (!NT_STATUS_IS_OK(status)) { printf("error in ldap add request - %s\n", nt_errstr(status)); return false; } if ((rep->r.AddResponse.resultcode == 0) || (rep->r.AddResponse.errormessage == NULL) || (strtol(rep->r.AddResponse.errormessage, &endptr,16) <= 0) || (*endptr != ':')) { printf("Invalid error message!\n"); return false; } err = ad_error(rep->r.AddResponse.errormessage, &endptr); err_code_str = win_errstr(err); printf(" - Errorcode: %s; Reason: %s\n", err_code_str, endptr); if ((!W_ERROR_EQUAL(err, WERR_DS_ROOT_MUST_BE_NC) && !W_ERROR_EQUAL(err, WERR_DS_NAMING_VIOLATION)) || (rep->r.AddResponse.resultcode != LDAP_NAMING_VIOLATION)) { return false; } printf(" Try a wrong modification\n"); msg->type = LDAP_TAG_ModifyRequest; msg->r.ModifyRequest.dn = basedn; msg->r.ModifyRequest.num_mods = 0; msg->r.ModifyRequest.mods = NULL; req = ldap_request_send(conn, msg); if (!req) { return false; } status = ldap_result_one(req, &rep, LDAP_TAG_ModifyResponse); if (!NT_STATUS_IS_OK(status)) { printf("error in ldap modifification request - %s\n", nt_errstr(status)); return false; } if ((rep->r.ModifyResponse.resultcode == 0) || (rep->r.ModifyResponse.errormessage == NULL) || (strtol(rep->r.ModifyResponse.errormessage, &endptr,16) <= 0) || (*endptr != ':')) { printf("Invalid error message!\n"); return false; } err = ad_error(rep->r.ModifyResponse.errormessage, &endptr); err_code_str = win_errstr(err); printf(" - Errorcode: %s; Reason: %s\n", err_code_str, endptr); if ((!W_ERROR_EQUAL(err, WERR_INVALID_PARAMETER) && !W_ERROR_EQUAL(err, WERR_DS_UNWILLING_TO_PERFORM)) || (rep->r.ModifyResponse.resultcode != LDAP_UNWILLING_TO_PERFORM)) { return false; } printf(" Try another wrong modification\n"); msg->type = LDAP_TAG_ModifyRequest; msg->r.ModifyRequest.dn = ""; msg->r.ModifyRequest.num_mods = 0; msg->r.ModifyRequest.mods = NULL; req = ldap_request_send(conn, msg); if (!req) { return false; } status = ldap_result_one(req, &rep, LDAP_TAG_ModifyResponse); if (!NT_STATUS_IS_OK(status)) { printf("error in ldap modifification request - %s\n", nt_errstr(status)); return false; } if ((rep->r.ModifyResponse.resultcode == 0) || (rep->r.ModifyResponse.errormessage == NULL) || (strtol(rep->r.ModifyResponse.errormessage, &endptr,16) <= 0) || (*endptr != ':')) { printf("Invalid error message!\n"); return false; } err = ad_error(rep->r.ModifyResponse.errormessage, &endptr); err_code_str = win_errstr(err); printf(" - Errorcode: %s; Reason: %s\n", err_code_str, endptr); if ((!W_ERROR_EQUAL(err, WERR_INVALID_PARAMETER) && !W_ERROR_EQUAL(err, WERR_DS_UNWILLING_TO_PERFORM)) || (rep->r.ModifyResponse.resultcode != LDAP_UNWILLING_TO_PERFORM)) { return false; } printf(" Try a wrong removal\n"); msg->type = LDAP_TAG_DelRequest; msg->r.DelRequest.dn = basedn; req = ldap_request_send(conn, msg); if (!req) { return false; } status = ldap_result_one(req, &rep, LDAP_TAG_DelResponse); if (!NT_STATUS_IS_OK(status)) { printf("error in ldap removal request - %s\n", nt_errstr(status)); return false; } if ((rep->r.DelResponse.resultcode == 0) || (rep->r.DelResponse.errormessage == NULL) || (strtol(rep->r.DelResponse.errormessage, &endptr,16) <= 0) || (*endptr != ':')) { printf("Invalid error message!\n"); return false; } err = ad_error(rep->r.DelResponse.errormessage, &endptr); err_code_str = win_errstr(err); printf(" - Errorcode: %s; Reason: %s\n", err_code_str, endptr); if ((!W_ERROR_EQUAL(err, WERR_DS_CANT_DELETE) && !W_ERROR_EQUAL(err, WERR_DS_UNWILLING_TO_PERFORM)) || (rep->r.DelResponse.resultcode != LDAP_UNWILLING_TO_PERFORM)) { return false; } printf(" Try another wrong removal\n"); msg->type = LDAP_TAG_DelRequest; msg->r.DelRequest.dn = ""; req = ldap_request_send(conn, msg); if (!req) { return false; } status = ldap_result_one(req, &rep, LDAP_TAG_DelResponse); if (!NT_STATUS_IS_OK(status)) { printf("error in ldap removal request - %s\n", nt_errstr(status)); return false; } if ((rep->r.DelResponse.resultcode == 0) || (rep->r.DelResponse.errormessage == NULL) || (strtol(rep->r.DelResponse.errormessage, &endptr,16) <= 0) || (*endptr != ':')) { printf("Invalid error message!\n"); return false; } err = ad_error(rep->r.DelResponse.errormessage, &endptr); err_code_str = win_errstr(err); printf(" - Errorcode: %s; Reason: %s\n", err_code_str, endptr); if ((!W_ERROR_EQUAL(err, WERR_DS_OBJ_NOT_FOUND) && !W_ERROR_EQUAL(err, WERR_DS_NO_SUCH_OBJECT)) || (rep->r.DelResponse.resultcode != LDAP_NO_SUCH_OBJECT)) { return false; } printf(" Try a wrong rename\n"); msg->type = LDAP_TAG_ModifyDNRequest; msg->r.ModifyDNRequest.dn = basedn; msg->r.ModifyDNRequest.newrdn = "dc=test"; msg->r.ModifyDNRequest.deleteolddn = true; msg->r.ModifyDNRequest.newsuperior = NULL; req = ldap_request_send(conn, msg); if (!req) { return false; } status = ldap_result_one(req, &rep, LDAP_TAG_ModifyDNResponse); if (!NT_STATUS_IS_OK(status)) { printf("error in ldap rename request - %s\n", nt_errstr(status)); return false; } if ((rep->r.ModifyDNResponse.resultcode == 0) || (rep->r.ModifyDNResponse.errormessage == NULL) || (strtol(rep->r.ModifyDNResponse.errormessage, &endptr,16) <= 0) || (*endptr != ':')) { printf("Invalid error message!\n"); return false; } err = ad_error(rep->r.ModifyDNResponse.errormessage, &endptr); err_code_str = win_errstr(err); printf(" - Errorcode: %s; Reason: %s\n", err_code_str, endptr); if ((!W_ERROR_EQUAL(err, WERR_DS_NO_PARENT_OBJECT) && !W_ERROR_EQUAL(err, WERR_DS_GENERIC_ERROR)) || (rep->r.ModifyDNResponse.resultcode != LDAP_OTHER)) { return false; } printf(" Try another wrong rename\n"); msg->type = LDAP_TAG_ModifyDNRequest; msg->r.ModifyDNRequest.dn = basedn; msg->r.ModifyDNRequest.newrdn = basedn; msg->r.ModifyDNRequest.deleteolddn = true; msg->r.ModifyDNRequest.newsuperior = NULL; req = ldap_request_send(conn, msg); if (!req) { return false; } status = ldap_result_one(req, &rep, LDAP_TAG_ModifyDNResponse); if (!NT_STATUS_IS_OK(status)) { printf("error in ldap rename request - %s\n", nt_errstr(status)); return false; } if ((rep->r.ModifyDNResponse.resultcode == 0) || (rep->r.ModifyDNResponse.errormessage == NULL) || (strtol(rep->r.ModifyDNResponse.errormessage, &endptr,16) <= 0) || (*endptr != ':')) { printf("Invalid error message!\n"); return false; } err = ad_error(rep->r.ModifyDNResponse.errormessage, &endptr); err_code_str = win_errstr(err); printf(" - Errorcode: %s; Reason: %s\n", err_code_str, endptr); if ((!W_ERROR_EQUAL(err, WERR_INVALID_PARAMETER) && !W_ERROR_EQUAL(err, WERR_DS_NAMING_VIOLATION)) || (rep->r.ModifyDNResponse.resultcode != LDAP_NAMING_VIOLATION)) { return false; } printf(" Try another wrong rename\n"); msg->type = LDAP_TAG_ModifyDNRequest; msg->r.ModifyDNRequest.dn = basedn; msg->r.ModifyDNRequest.newrdn = ""; msg->r.ModifyDNRequest.deleteolddn = true; msg->r.ModifyDNRequest.newsuperior = NULL; req = ldap_request_send(conn, msg); if (!req) { return false; } status = ldap_result_one(req, &rep, LDAP_TAG_ModifyDNResponse); if (!NT_STATUS_IS_OK(status)) { printf("error in ldap rename request - %s\n", nt_errstr(status)); return false; } if ((rep->r.ModifyDNResponse.resultcode == 0) || (rep->r.ModifyDNResponse.errormessage == NULL) || (strtol(rep->r.ModifyDNResponse.errormessage, &endptr,16) <= 0) || (*endptr != ':')) { printf("Invalid error message!\n"); return false; } err = ad_error(rep->r.ModifyDNResponse.errormessage, &endptr); err_code_str = win_errstr(err); printf(" - Errorcode: %s; Reason: %s\n", err_code_str, endptr); if ((!W_ERROR_EQUAL(err, WERR_INVALID_PARAMETER) && !W_ERROR_EQUAL(err, WERR_DS_PROTOCOL_ERROR)) || (rep->r.ModifyDNResponse.resultcode != LDAP_PROTOCOL_ERROR)) { return false; } printf(" Try another wrong rename\n"); msg->type = LDAP_TAG_ModifyDNRequest; msg->r.ModifyDNRequest.dn = ""; msg->r.ModifyDNRequest.newrdn = "cn=temp"; msg->r.ModifyDNRequest.deleteolddn = true; msg->r.ModifyDNRequest.newsuperior = NULL; req = ldap_request_send(conn, msg); if (!req) { return false; } status = ldap_result_one(req, &rep, LDAP_TAG_ModifyDNResponse); if (!NT_STATUS_IS_OK(status)) { printf("error in ldap rename request - %s\n", nt_errstr(status)); return false; } if ((rep->r.ModifyDNResponse.resultcode == 0) || (rep->r.ModifyDNResponse.errormessage == NULL) || (strtol(rep->r.ModifyDNResponse.errormessage, &endptr,16) <= 0) || (*endptr != ':')) { printf("Invalid error message!\n"); return false; } err = ad_error(rep->r.ModifyDNResponse.errormessage, &endptr); err_code_str = win_errstr(err); printf(" - Errorcode: %s; Reason: %s\n", err_code_str, endptr); if ((!W_ERROR_EQUAL(err, WERR_DS_OBJ_NOT_FOUND) && !W_ERROR_EQUAL(err, WERR_DS_NO_SUCH_OBJECT)) || (rep->r.ModifyDNResponse.resultcode != LDAP_NO_SUCH_OBJECT)) { return false; } return true; }