2004-08-13 11:10:46 +04:00
/*
Unix SMB / CIFS mplementation .
LDAP protocol helper functions for SAMBA
Copyright ( C ) Stefan Metzmacher 2004
Copyright ( C ) Simo Sorce 2004
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 2 of the License , or
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program ; if not , write to the Free Software
Foundation , Inc . , 675 Mass Ave , Cambridge , MA 0213 9 , USA .
*/
2004-08-12 12:00:45 +04:00
# include "includes.h"
2005-02-10 10:08:40 +03:00
# include "libcli/ldap/ldap.h"
2004-08-12 12:00:45 +04:00
2004-08-13 09:26:38 +04:00
BOOL test_bind_simple ( struct ldap_connection * conn , const char * userdn , const char * password )
2004-08-13 02:25:01 +04:00
{
NTSTATUS status ;
BOOL ret = True ;
status = torture_ldap_bind ( conn , userdn , password ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2004-08-13 09:26:38 +04:00
ret = False ;
2004-08-13 02:25:01 +04:00
}
2004-08-13 09:26:38 +04:00
return ret ;
}
BOOL test_bind_sasl ( struct ldap_connection * conn , const char * username , const char * domain , const char * password )
{
NTSTATUS status ;
BOOL ret = True ;
2004-08-17 15:04:12 +04:00
printf ( " Testing sasl bind as user \n " ) ;
2004-08-13 09:26:38 +04:00
status = torture_ldap_bind_sasl ( conn , username , domain , password ) ;
2004-08-13 02:25:01 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2004-08-13 09:26:38 +04:00
ret = False ;
}
return ret ;
}
BOOL test_multibind ( struct ldap_connection * conn , const char * userdn , const char * password )
{
BOOL ret = True ;
2004-08-17 15:04:12 +04:00
printf ( " Testing multiple binds on a single connnection as anonymous and user \n " ) ;
2004-08-13 09:26:38 +04:00
ret = test_bind_simple ( conn , NULL , NULL ) ;
if ( ! ret ) {
printf ( " 1st bind as anonymous failed \n " ) ;
return ret ;
}
ret = test_bind_simple ( conn , userdn , password ) ;
if ( ! ret ) {
printf ( " 2nd bind as authenticated user failed \n " ) ;
2004-08-13 02:25:01 +04:00
}
return ret ;
}
2004-10-07 19:13:20 +04:00
static BOOL test_search_rootDSE ( struct ldap_connection * conn , char * * basedn )
{
BOOL ret = True ;
struct ldap_message * msg , * result ;
printf ( " Testing RootDSE Search \n " ) ;
* basedn = NULL ;
conn - > searchid = 0 ;
conn - > next_msgid = 30 ;
2004-11-06 23:15:39 +03:00
msg = new_ldap_message ( conn ) ;
2004-10-07 19:13:20 +04:00
if ( ! msg ) {
return False ;
}
msg - > type = LDAP_TAG_SearchRequest ;
msg - > r . SearchRequest . basedn = " " ;
msg - > r . SearchRequest . scope = LDAP_SEARCH_SCOPE_BASE ;
msg - > r . SearchRequest . deref = LDAP_DEREFERENCE_NEVER ;
msg - > r . SearchRequest . timelimit = 0 ;
msg - > r . SearchRequest . sizelimit = 0 ;
msg - > r . SearchRequest . attributesonly = False ;
msg - > r . SearchRequest . filter = talloc_strdup ( msg - > mem_ctx , " (objectclass=*) " ) ;
msg - > r . SearchRequest . num_attributes = 0 ;
msg - > r . SearchRequest . attributes = NULL ;
if ( ! ldap_setsearchent ( conn , msg , NULL ) ) {
printf ( " Could not setsearchent \n " ) ;
return False ;
}
result = ldap_getsearchent ( conn , NULL ) ;
if ( result ) {
int i ;
struct ldap_SearchResEntry * r = & result - > r . SearchResultEntry ;
DEBUG ( 1 , ( " \t dn: %s \n " , r - > dn ) ) ;
for ( i = 0 ; i < r - > num_attributes ; i + + ) {
int j ;
for ( j = 0 ; j < r - > attributes [ i ] . num_values ; j + + ) {
DEBUG ( 1 , ( " \t %s: %d %.*s \n " , r - > attributes [ i ] . name ,
r - > attributes [ i ] . values [ j ] . length ,
r - > attributes [ i ] . values [ j ] . length ,
( char * ) r - > attributes [ i ] . values [ j ] . data ) ) ;
if ( ! ( * basedn ) & &
strcasecmp ( " defaultNamingContext " , r - > attributes [ i ] . name ) = = 0 ) {
* basedn = talloc_asprintf ( conn - > mem_ctx , " %.*s " ,
r - > attributes [ i ] . values [ j ] . length ,
( char * ) r - > attributes [ i ] . values [ j ] . data ) ;
}
}
}
} else {
ret = False ;
}
ldap_endsearchent ( conn , NULL ) ;
return ret ;
}
static BOOL test_compare_sasl ( struct ldap_connection * conn , const char * basedn )
{
BOOL ret = True ;
struct ldap_message * msg , * result ;
const char * val ;
printf ( " Testing SASL Compare: %s \n " , basedn ) ;
if ( ! basedn ) {
return False ;
}
conn - > next_msgid = 55 ;
2004-11-06 23:15:39 +03:00
msg = new_ldap_message ( conn ) ;
2004-10-07 19:13:20 +04:00
if ( ! msg ) {
return False ;
}
msg - > type = LDAP_TAG_CompareRequest ;
msg - > r . CompareRequest . dn = basedn ;
msg - > r . CompareRequest . attribute = talloc_strdup ( msg - > mem_ctx , " objectClass " ) ;
val = " domain " ;
msg - > r . CompareRequest . value = data_blob_talloc ( msg - > mem_ctx , val , strlen ( val ) ) ;
if ( ! ldap_sasl_send_msg ( conn , msg , NULL ) ) {
return False ;
}
DEBUG ( 5 , ( " Code: %d DN: [%s] ERROR:[%s] REFERRAL:[%s] \n " ,
msg - > r . CompareResponse . resultcode ,
msg - > r . CompareResponse . dn ,
msg - > r . CompareResponse . errormessage ,
msg - > r . CompareResponse . referral ) ) ;
return True ;
if ( ! result ) {
return False ;
}
if ( result - > type ! = LDAP_TAG_CompareResponse ) {
return False ;
}
return ret ;
}
2004-10-28 17:40:50 +04:00
BOOL torture_ldap_basic ( void )
2004-08-12 12:00:45 +04:00
{
NTSTATUS status ;
struct ldap_connection * conn ;
TALLOC_CTX * mem_ctx ;
BOOL ret = True ;
const char * host = lp_parm_string ( - 1 , " torture " , " host " ) ;
2004-08-13 09:26:38 +04:00
const char * username = lp_parm_string ( - 1 , " torture " , " username " ) ;
2004-08-25 18:31:59 +04:00
const char * domain = lp_parm_string ( - 1 , " torture " , " userdomain " ) ;
2004-08-13 09:26:38 +04:00
const char * password = lp_parm_string ( - 1 , " torture " , " password " ) ;
2004-08-13 02:25:01 +04:00
const char * userdn = lp_parm_string ( - 1 , " torture " , " ldap_userdn " ) ;
2004-08-17 15:04:12 +04:00
/*const char *basedn = lp_parm_string(-1, "torture", "ldap_basedn");*/
2004-08-13 02:25:01 +04:00
const char * secret = lp_parm_string ( - 1 , " torture " , " ldap_secret " ) ;
2004-08-12 12:00:45 +04:00
char * url ;
2004-10-07 19:13:20 +04:00
char * basedn ;
2004-08-12 12:00:45 +04:00
mem_ctx = talloc_init ( " torture_ldap_basic " ) ;
url = talloc_asprintf ( mem_ctx , " ldap://%s/ " , host ) ;
2004-11-06 23:15:39 +03:00
status = torture_ldap_connection ( mem_ctx , & conn , url , userdn , secret ) ;
2004-08-12 12:00:45 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
return False ;
}
/* other basic tests here */
2004-08-13 09:26:38 +04:00
if ( ! test_multibind ( conn , userdn , secret ) ) {
ret = False ;
}
2004-10-07 19:13:20 +04:00
if ( ! test_search_rootDSE ( conn , & basedn ) ) {
ret = False ;
}
2004-08-13 09:26:38 +04:00
if ( ! test_bind_sasl ( conn , username , domain , password ) ) {
2004-08-13 02:25:01 +04:00
ret = False ;
}
2004-08-12 12:00:45 +04:00
2004-10-07 19:13:20 +04:00
if ( ! test_compare_sasl ( conn , basedn ) ) {
ret = False ;
}
2004-08-12 12:00:45 +04:00
/* no more test we are closing */
2005-01-27 10:08:20 +03:00
talloc_free ( mem_ctx ) ;
2004-08-12 12:00:45 +04:00
torture_ldap_close ( conn ) ;
return ret ;
}