2004-07-13 22:05:02 +04:00
/*
Unix SMB / CIFS implementation .
DRSUapi tests
Copyright ( C ) Andrew Tridgell 2003
Copyright ( C ) Stefan ( metze ) Metzmacher 2004
2006-12-28 02:54:40 +03:00
Copyright ( C ) Andrew Bartlett < abartlet @ samba . org > 2005 - 2006
2005-08-30 07:37:14 +04:00
2005-10-07 12:12:05 +04:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-10 06:07:03 +04:00
the Free Software Foundation ; either version 3 of the License , or
2005-10-07 12:12:05 +04:00
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
2007-07-10 06:07:03 +04:00
along with this program . If not , see < http : //www.gnu.org/licenses/>.
2005-10-07 12:12:05 +04:00
*/
2005-09-02 07:19:27 +04:00
2005-10-07 12:12:05 +04:00
# include "includes.h"
2006-01-03 16:41:17 +03:00
# include "torture/torture.h"
2006-03-15 02:35:30 +03:00
# include "librpc/gen_ndr/ndr_drsuapi_c.h"
2006-03-14 18:02:05 +03:00
# include "torture/rpc/rpc.h"
2007-09-01 02:34:52 +04:00
# include "dlinklist.h"
2007-09-08 16:42:09 +04:00
# include "param/param.h"
2005-09-02 07:19:27 +04:00
2006-11-17 14:19:15 +03:00
# define TEST_MACHINE_NAME "torturetest"
2007-08-31 17:30:47 +04:00
bool test_DsBind ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2005-10-07 13:19:59 +04:00
struct DsPrivate * priv )
2005-10-07 12:12:05 +04:00
{
NTSTATUS status ;
struct drsuapi_DsBind r ;
2007-09-01 02:34:52 +04:00
struct torture_rpc_tcase_data * rpc_tcase ;
2005-09-02 07:19:27 +04:00
2005-10-07 12:12:05 +04:00
GUID_from_string ( DRSUAPI_DS_BIND_GUID , & priv - > bind_guid ) ;
2005-09-02 07:19:27 +04:00
2005-10-07 12:12:05 +04:00
r . in . bind_guid = & priv - > bind_guid ;
r . in . bind_info = NULL ;
r . out . bind_handle = & priv - > bind_handle ;
2005-09-01 06:23:38 +04:00
2007-08-31 17:30:47 +04:00
status = dcerpc_drsuapi_DsBind ( p , tctx , & r ) ;
2007-09-01 02:34:52 +04:00
torture_assert_ntstatus_ok ( tctx , status , " DsBind " ) ;
torture_assert_werr_ok ( tctx , r . out . result , " DsBind " ) ;
rpc_tcase = ( struct torture_rpc_tcase_data * ) tctx - > active_tcase - > data ;
priv - > join = rpc_tcase - > join_ctx ;
return true ;
}
bool test_DsUnbind ( struct dcerpc_pipe * p , struct torture_context * tctx ,
struct DsPrivate * priv )
{
NTSTATUS status ;
struct drsuapi_DsUnbind r ;
r . in . bind_handle = & priv - > bind_handle ;
r . out . bind_handle = & priv - > bind_handle ;
status = dcerpc_drsuapi_DsUnbind ( p , tctx , & r ) ;
torture_assert_ntstatus_ok ( tctx , status ,
" dcerpc_drsuapi_DsUnbind failed " ) ;
torture_assert_werr_ok ( tctx , r . out . result , " DsBind failed " ) ;
2005-09-01 06:23:38 +04:00
2007-08-31 17:30:47 +04:00
return true ;
2004-10-13 18:25:44 +04:00
}
2007-09-01 02:34:52 +04:00
static bool wrap_test_drsuapi ( struct torture_context * tctx ,
struct torture_tcase * tcase ,
struct torture_test * test )
{
bool ( * fn ) ( struct torture_context * , struct dcerpc_pipe * , struct DsPrivate * ) ;
struct torture_rpc_tcase_data * tcase_data =
( struct torture_rpc_tcase_data * ) tcase - > data ;
bool ret ;
struct DsPrivate priv ;
ZERO_STRUCT ( priv ) ;
fn = test - > fn ;
if ( ! test_DsBind ( tcase_data - > pipe , tctx , & priv ) )
return false ;
ret = fn ( tctx , tcase_data - > pipe , & priv ) ;
if ( ! test_DsUnbind ( tcase_data - > pipe , tctx , & priv ) )
return false ;
return ret ;
}
static struct torture_test * torture_rpc_tcase_add_drsuapi_test (
struct torture_rpc_tcase * tcase ,
const char * name ,
bool ( * fn ) ( struct torture_context * , struct dcerpc_pipe * , struct DsPrivate * priv ) )
{
struct torture_test * test ;
test = talloc ( tcase , struct torture_test ) ;
test - > name = talloc_strdup ( test , name ) ;
test - > description = NULL ;
test - > run = wrap_test_drsuapi ;
test - > dangerous = false ;
test - > data = NULL ;
test - > fn = fn ;
DLIST_ADD ( tcase - > tcase . tests , test ) ;
return test ;
}
static bool test_DsGetDomainControllerInfo ( struct torture_context * torture ,
struct dcerpc_pipe * p ,
2007-08-31 19:29:38 +04:00
struct DsPrivate * priv )
2004-10-15 13:48:40 +04:00
{
NTSTATUS status ;
struct drsuapi_DsGetDomainControllerInfo r ;
2007-09-01 02:34:52 +04:00
bool found = false ;
2006-12-27 05:01:38 +03:00
int i , j , k ;
struct {
const char * name ;
WERROR expected ;
} names [ ] = {
{
. name = torture_join_dom_netbios_name ( priv - > join ) ,
. expected = WERR_OK
} ,
{
. name = torture_join_dom_dns_name ( priv - > join ) ,
. expected = WERR_OK
} ,
{
. name = " __UNKNOWN_DOMAIN__ " ,
. expected = WERR_DS_OBJ_NOT_FOUND
} ,
{
. name = " unknown.domain.samba.example.com " ,
. expected = WERR_DS_OBJ_NOT_FOUND
} ,
} ;
int levels [ ] = { 1 , 2 } ;
int level ;
for ( i = 0 ; i < ARRAY_SIZE ( levels ) ; i + + ) {
for ( j = 0 ; j < ARRAY_SIZE ( names ) ; j + + ) {
level = levels [ i ] ;
r . in . bind_handle = & priv - > bind_handle ;
r . in . level = 1 ;
r . in . req . req1 . domain_name = names [ j ] . name ;
r . in . req . req1 . level = level ;
2007-08-31 17:30:47 +04:00
torture_comment ( torture ,
" testing DsGetDomainControllerInfo level %d on domainname '%s' \n " ,
2006-12-27 05:01:38 +03:00
r . in . req . req1 . level , r . in . req . req1 . domain_name ) ;
2007-08-31 17:30:47 +04:00
status = dcerpc_drsuapi_DsGetDomainControllerInfo ( p , torture , & r ) ;
torture_assert_ntstatus_ok ( torture , status ,
" dcerpc_drsuapi_DsGetDomainControllerInfo with dns domain failed " ) ;
torture_assert_werr_equal ( torture ,
r . out . result , names [ j ] . expected ,
" DsGetDomainControllerInfo level with dns domain failed " ) ;
2006-12-27 05:01:38 +03:00
if ( ! W_ERROR_IS_OK ( r . out . result ) ) {
/* If this was an error, we can't read the result structure */
continue ;
}
2007-08-31 17:30:47 +04:00
torture_assert_int_equal ( torture ,
2007-08-31 19:29:38 +04:00
r . in . req . req1 . level , r . out . level_out ,
" dcerpc_drsuapi_DsGetDomainControllerInfo level " ) ;
2007-08-31 17:30:47 +04:00
2006-12-27 05:01:38 +03:00
switch ( level ) {
case 1 :
for ( k = 0 ; k < r . out . ctr . ctr1 . count ; k + + ) {
if ( strcasecmp_m ( r . out . ctr . ctr1 . array [ k ] . netbios_name ,
2007-04-27 21:35:15 +04:00
torture_join_netbios_name ( priv - > join ) ) = = 0 ) {
2007-09-01 02:34:52 +04:00
found = true ;
2007-04-27 21:35:15 +04:00
break ;
2006-12-27 05:01:38 +03:00
}
}
break ;
case 2 :
for ( k = 0 ; k < r . out . ctr . ctr2 . count ; k + + ) {
if ( strcasecmp_m ( r . out . ctr . ctr2 . array [ k ] . netbios_name ,
2007-04-27 21:35:15 +04:00
torture_join_netbios_name ( priv - > join ) ) = = 0 ) {
2007-09-01 02:34:52 +04:00
found = true ;
2007-04-27 21:35:15 +04:00
priv - > dcinfo = r . out . ctr . ctr2 . array [ k ] ;
2006-12-28 02:54:40 +03:00
break ;
2006-12-27 05:01:38 +03:00
}
}
break ;
}
2007-08-31 17:30:47 +04:00
torture_assert ( torture , found ,
" dcerpc_drsuapi_DsGetDomainControllerInfo: Failed to find the domain controller we just created during the join " ) ;
2004-10-15 13:48:40 +04:00
}
}
2006-12-27 05:01:38 +03:00
r . in . bind_handle = & priv - > bind_handle ;
r . in . level = 1 ;
r . in . req . req1 . domain_name = " __UNKNOWN_DOMAIN__ " ; /* This is clearly ignored for this level */
2004-10-15 13:48:40 +04:00
r . in . req . req1 . level = - 1 ;
2006-12-27 05:01:38 +03:00
2007-08-31 19:29:38 +04:00
torture_comment ( torture ,
" testing DsGetDomainControllerInfo level %d on domainname '%s' \n " ,
2006-12-27 05:01:38 +03:00
r . in . req . req1 . level , r . in . req . req1 . domain_name ) ;
2007-08-31 17:30:47 +04:00
status = dcerpc_drsuapi_DsGetDomainControllerInfo ( p , torture , & r ) ;
torture_assert_ntstatus_ok ( torture , status ,
" dcerpc_drsuapi_DsGetDomainControllerInfo with dns domain failed " ) ;
torture_assert_werr_ok ( torture , r . out . result ,
" DsGetDomainControllerInfo with dns domain failed " ) ;
2006-12-27 05:01:38 +03:00
{
2007-08-31 17:30:47 +04:00
const char * dc_account = talloc_asprintf ( torture , " %s \\ %s$ " ,
2006-12-27 05:01:38 +03:00
torture_join_dom_netbios_name ( priv - > join ) ,
priv - > dcinfo . netbios_name ) ;
2006-12-27 20:57:20 +03:00
for ( k = 0 ; k < r . out . ctr . ctr01 . count ; k + + ) {
if ( strcasecmp_m ( r . out . ctr . ctr01 . array [ k ] . client_account ,
2006-12-27 05:01:38 +03:00
dc_account ) ) {
2007-09-01 02:34:52 +04:00
found = true ;
2006-12-28 02:54:40 +03:00
break ;
2006-12-27 05:01:38 +03:00
}
2004-10-15 13:48:40 +04:00
}
2007-08-31 17:30:47 +04:00
torture_assert ( torture , found ,
" dcerpc_drsuapi_DsGetDomainControllerInfo level: Failed to find the domain controller in last logon records " ) ;
2004-10-15 13:48:40 +04:00
}
2006-12-27 05:01:38 +03:00
2007-08-31 17:30:47 +04:00
return true ;
2004-10-15 13:48:40 +04:00
}
2007-09-01 02:34:52 +04:00
static bool test_DsWriteAccountSpn ( struct torture_context * tctx ,
struct dcerpc_pipe * p ,
2006-11-17 14:19:15 +03:00
struct DsPrivate * priv )
2004-11-23 11:57:42 +03:00
{
NTSTATUS status ;
struct drsuapi_DsWriteAccountSpn r ;
struct drsuapi_DsNameString names [ 2 ] ;
r . in . bind_handle = & priv - > bind_handle ;
r . in . level = 1 ;
r . in . req . req1 . operation = DRSUAPI_DS_SPN_OPERATION_ADD ;
r . in . req . req1 . unknown1 = 0 ;
r . in . req . req1 . object_dn = priv - > dcinfo . computer_dn ;
r . in . req . req1 . count = 2 ;
r . in . req . req1 . spn_names = names ;
2007-08-31 19:29:38 +04:00
names [ 0 ] . str = talloc_asprintf ( tctx , " smbtortureSPN/%s " , priv - > dcinfo . netbios_name ) ;
names [ 1 ] . str = talloc_asprintf ( tctx , " smbtortureSPN/%s " , priv - > dcinfo . dns_name ) ;
2004-11-23 11:57:42 +03:00
2007-08-31 19:29:38 +04:00
status = dcerpc_drsuapi_DsWriteAccountSpn ( p , tctx , & r ) ;
torture_assert_ntstatus_ok ( tctx , status ,
" dcerpc_drsuapi_DsWriteAccountSpn failed " ) ;
torture_assert_werr_ok ( tctx , r . out . result , " DsWriteAccountSpn failed " ) ;
2004-11-23 11:57:42 +03:00
r . in . req . req1 . operation = DRSUAPI_DS_SPN_OPERATION_DELETE ;
r . in . req . req1 . unknown1 = 0 ;
2007-08-31 19:29:38 +04:00
status = dcerpc_drsuapi_DsWriteAccountSpn ( p , tctx , & r ) ;
torture_assert_ntstatus_ok ( tctx , status ,
" dcerpc_drsuapi_DsWriteAccountSpn failed " ) ;
torture_assert_werr_ok ( tctx , r . out . result , " DsWriteAccountSpn failed " ) ;
2004-11-23 11:57:42 +03:00
2007-08-31 19:29:38 +04:00
return true ;
2004-11-23 11:57:42 +03:00
}
2007-09-01 02:34:52 +04:00
static bool test_DsReplicaGetInfo ( struct torture_context * tctx ,
struct dcerpc_pipe * p ,
2007-08-31 19:29:38 +04:00
struct DsPrivate * priv )
2004-12-07 15:20:28 +03:00
{
NTSTATUS status ;
struct drsuapi_DsReplicaGetInfo r ;
int i ;
struct {
2005-01-27 09:16:59 +03:00
int32_t level ;
int32_t infotype ;
2004-12-07 15:20:28 +03:00
const char * obj_dn ;
} array [ ] = {
{
DRSUAPI_DS_REPLICA_GET_INFO ,
DRSUAPI_DS_REPLICA_INFO_NEIGHBORS ,
NULL
} , {
DRSUAPI_DS_REPLICA_GET_INFO ,
DRSUAPI_DS_REPLICA_INFO_CURSORS ,
NULL
} , {
DRSUAPI_DS_REPLICA_GET_INFO ,
DRSUAPI_DS_REPLICA_INFO_OBJ_METADATA ,
NULL
} , {
DRSUAPI_DS_REPLICA_GET_INFO ,
DRSUAPI_DS_REPLICA_INFO_KCC_DSA_CONNECT_FAILURES ,
NULL
} , {
DRSUAPI_DS_REPLICA_GET_INFO ,
DRSUAPI_DS_REPLICA_INFO_KCC_DSA_LINK_FAILURES ,
NULL
} , {
DRSUAPI_DS_REPLICA_GET_INFO ,
DRSUAPI_DS_REPLICA_INFO_PENDING_OPS ,
NULL
} , {
DRSUAPI_DS_REPLICA_GET_INFO2 ,
DRSUAPI_DS_REPLICA_INFO_ATTRIBUTE_VALUE_METADATA ,
NULL
} , {
DRSUAPI_DS_REPLICA_GET_INFO2 ,
DRSUAPI_DS_REPLICA_INFO_CURSORS2 ,
NULL
} , {
DRSUAPI_DS_REPLICA_GET_INFO2 ,
DRSUAPI_DS_REPLICA_INFO_CURSORS3 ,
NULL
} , {
DRSUAPI_DS_REPLICA_GET_INFO2 ,
DRSUAPI_DS_REPLICA_INFO_OBJ_METADATA2 ,
NULL
} , {
DRSUAPI_DS_REPLICA_GET_INFO2 ,
DRSUAPI_DS_REPLICA_INFO_ATTRIBUTE_VALUE_METADATA2 ,
NULL
} , {
DRSUAPI_DS_REPLICA_GET_INFO2 ,
DRSUAPI_DS_REPLICA_INFO_NEIGHBORS02 ,
NULL
} , {
DRSUAPI_DS_REPLICA_GET_INFO2 ,
DRSUAPI_DS_REPLICA_INFO_CONNECTIONS04 ,
" __IGNORED__ "
} , {
DRSUAPI_DS_REPLICA_GET_INFO2 ,
2007-01-03 18:18:17 +03:00
DRSUAPI_DS_REPLICA_INFO_CURSORS05 ,
2004-12-07 15:20:28 +03:00
NULL
} , {
DRSUAPI_DS_REPLICA_GET_INFO2 ,
DRSUAPI_DS_REPLICA_INFO_06 ,
NULL
}
} ;
r . in . bind_handle = & priv - > bind_handle ;
for ( i = 0 ; i < ARRAY_SIZE ( array ) ; i + + ) {
const char * object_dn ;
2007-08-31 19:29:38 +04:00
torture_comment ( tctx ,
" testing DsReplicaGetInfo level %d infotype %d \n " ,
2004-12-07 15:20:28 +03:00
array [ i ] . level , array [ i ] . infotype ) ;
object_dn = ( array [ i ] . obj_dn ? array [ i ] . obj_dn : priv - > domain_obj_dn ) ;
r . in . level = array [ i ] . level ;
switch ( r . in . level ) {
case DRSUAPI_DS_REPLICA_GET_INFO :
r . in . req . req1 . info_type = array [ i ] . infotype ;
r . in . req . req1 . object_dn = object_dn ;
ZERO_STRUCT ( r . in . req . req1 . guid1 ) ;
break ;
case DRSUAPI_DS_REPLICA_GET_INFO2 :
r . in . req . req2 . info_type = array [ i ] . infotype ;
r . in . req . req2 . object_dn = object_dn ;
ZERO_STRUCT ( r . in . req . req1 . guid1 ) ;
r . in . req . req2 . unknown1 = 0 ;
r . in . req . req2 . string1 = NULL ;
r . in . req . req2 . string2 = NULL ;
r . in . req . req2 . unknown2 = 0 ;
break ;
}
2007-08-31 19:29:38 +04:00
status = dcerpc_drsuapi_DsReplicaGetInfo ( p , tctx , & r ) ;
torture_assert_ntstatus_ok ( tctx , status ,
" dcerpc_drsuapi_DsReplicaGetInfo failed " ) ;
torture_assert_werr_ok ( tctx , r . out . result ,
" DsReplicaGetInfo failed " ) ;
2004-12-07 15:20:28 +03:00
}
2007-08-31 19:29:38 +04:00
return true ;
2004-12-07 15:20:28 +03:00
}
2007-09-01 02:34:52 +04:00
static bool test_DsReplicaSync ( struct torture_context * tctx ,
struct dcerpc_pipe * p ,
2007-08-31 19:29:38 +04:00
struct DsPrivate * priv )
2004-12-13 13:29:44 +03:00
{
NTSTATUS status ;
int i ;
struct drsuapi_DsReplicaSync r ;
2005-03-15 17:42:09 +03:00
struct drsuapi_DsReplicaObjectIdentifier nc ;
struct GUID null_guid ;
struct dom_sid null_sid ;
2004-12-13 13:29:44 +03:00
struct {
2005-01-27 09:16:59 +03:00
int32_t level ;
2004-12-13 13:29:44 +03:00
} array [ ] = {
{
1
}
} ;
2005-03-15 17:42:09 +03:00
ZERO_STRUCT ( null_guid ) ;
ZERO_STRUCT ( null_sid ) ;
2004-12-13 13:29:44 +03:00
r . in . bind_handle = & priv - > bind_handle ;
for ( i = 0 ; i < ARRAY_SIZE ( array ) ; i + + ) {
2007-08-31 19:29:38 +04:00
torture_comment ( tctx , " testing DsReplicaSync level %d \n " ,
array [ i ] . level ) ;
2004-12-13 13:29:44 +03:00
r . in . level = array [ i ] . level ;
switch ( r . in . level ) {
2004-12-13 14:34:57 +03:00
case 1 :
2005-03-15 17:42:09 +03:00
nc . guid = null_guid ;
nc . sid = null_sid ;
nc . dn = priv - > domain_obj_dn ? priv - > domain_obj_dn : " " ;
r . in . req . req1 . naming_context = & nc ;
2007-03-13 14:10:48 +03:00
r . in . req . req1 . source_dsa_guid = priv - > dcinfo . ntds_guid ;
r . in . req . req1 . other_info = NULL ;
2005-03-11 15:15:50 +03:00
r . in . req . req1 . options = 16 ;
2004-12-13 13:29:44 +03:00
break ;
}
2007-08-31 19:29:38 +04:00
status = dcerpc_drsuapi_DsReplicaSync ( p , tctx , & r ) ;
torture_assert_ntstatus_ok ( tctx , status ,
" dcerpc_drsuapi_DsReplicaSync failed " ) ;
torture_assert_werr_ok ( tctx , r . out . result ,
" DsReplicaSync failed " ) ;
2004-12-13 13:29:44 +03:00
}
2007-08-31 19:29:38 +04:00
return true ;
2004-12-13 13:29:44 +03:00
}
2007-09-01 02:34:52 +04:00
static bool test_DsReplicaUpdateRefs ( struct torture_context * tctx ,
struct dcerpc_pipe * p ,
2007-08-31 19:29:38 +04:00
struct DsPrivate * priv )
2005-03-11 15:15:50 +03:00
{
NTSTATUS status ;
int i ;
struct drsuapi_DsReplicaUpdateRefs r ;
2005-03-15 17:42:09 +03:00
struct drsuapi_DsReplicaObjectIdentifier nc ;
2005-03-11 15:15:50 +03:00
struct GUID null_guid ;
2005-03-15 17:42:09 +03:00
struct dom_sid null_sid ;
2005-03-11 15:15:50 +03:00
struct {
int32_t level ;
} array [ ] = {
{
1
}
} ;
ZERO_STRUCT ( null_guid ) ;
2005-03-15 17:42:09 +03:00
ZERO_STRUCT ( null_sid ) ;
2005-03-11 15:15:50 +03:00
r . in . bind_handle = & priv - > bind_handle ;
for ( i = 0 ; i < ARRAY_SIZE ( array ) ; i + + ) {
2007-09-01 02:34:52 +04:00
torture_comment ( tctx , " testing DsReplicaUpdateRefs level %d \n " ,
2005-03-11 15:15:50 +03:00
array [ i ] . level ) ;
r . in . level = array [ i ] . level ;
switch ( r . in . level ) {
case 1 :
2005-03-15 17:42:09 +03:00
nc . guid = null_guid ;
nc . sid = null_sid ;
nc . dn = priv - > domain_obj_dn ? priv - > domain_obj_dn : " " ;
r . in . req . req1 . naming_context = & nc ;
2007-08-31 19:29:38 +04:00
r . in . req . req1 . dest_dsa_dns_name = talloc_asprintf ( tctx , " __some_dest_dsa_guid_string._msdn.%s " ,
2005-03-11 15:15:50 +03:00
priv - > domain_dns_name ) ;
2005-03-15 17:42:09 +03:00
r . in . req . req1 . dest_dsa_guid = null_guid ;
r . in . req . req1 . options = 0 ;
2005-03-11 15:15:50 +03:00
break ;
}
2007-08-31 19:29:38 +04:00
status = dcerpc_drsuapi_DsReplicaUpdateRefs ( p , tctx , & r ) ;
torture_assert_ntstatus_ok ( tctx , status ,
" dcerpc_drsuapi_DsReplicaUpdateRefs failed " ) ;
torture_assert_werr_ok ( tctx , r . out . result ,
" DsReplicaUpdateRefs failed " ) ;
2005-03-11 15:15:50 +03:00
}
2007-08-31 19:29:38 +04:00
return true ;
2005-03-11 15:15:50 +03:00
}
2007-09-01 02:34:52 +04:00
static bool test_DsGetNCChanges ( struct torture_context * tctx ,
struct dcerpc_pipe * p ,
2007-08-31 19:29:38 +04:00
struct DsPrivate * priv )
2005-03-15 17:42:09 +03:00
{
NTSTATUS status ;
int i ;
struct drsuapi_DsGetNCChanges r ;
struct drsuapi_DsReplicaObjectIdentifier nc ;
struct GUID null_guid ;
struct dom_sid null_sid ;
struct {
int32_t level ;
} array [ ] = {
{
5
} ,
{
8
}
} ;
ZERO_STRUCT ( null_guid ) ;
ZERO_STRUCT ( null_sid ) ;
2005-03-23 21:54:06 +03:00
2005-03-15 17:42:09 +03:00
for ( i = 0 ; i < ARRAY_SIZE ( array ) ; i + + ) {
2007-08-31 19:29:38 +04:00
torture_comment ( tctx , " testing DsGetNCChanges level %d \n " ,
2005-03-15 17:42:09 +03:00
array [ i ] . level ) ;
r . in . bind_handle = & priv - > bind_handle ;
2007-01-11 07:12:35 +03:00
r . in . level = & array [ i ] . level ;
2005-03-15 17:42:09 +03:00
2007-01-11 07:12:35 +03:00
switch ( * r . in . level ) {
2005-03-15 17:42:09 +03:00
case 5 :
2005-03-22 17:49:11 +03:00
nc . guid = null_guid ;
nc . sid = null_sid ;
nc . dn = priv - > domain_obj_dn ? priv - > domain_obj_dn : " " ;
r . in . req . req5 . destination_dsa_guid = GUID_random ( ) ;
2006-12-08 20:34:15 +03:00
r . in . req . req5 . source_dsa_invocation_id = null_guid ;
2005-03-22 17:49:11 +03:00
r . in . req . req5 . naming_context = & nc ;
2005-03-23 21:55:12 +03:00
r . in . req . req5 . highwatermark . tmp_highest_usn = 0 ;
2005-03-23 21:54:06 +03:00
r . in . req . req5 . highwatermark . reserved_usn = 0 ;
r . in . req . req5 . highwatermark . highest_usn = 0 ;
r . in . req . req5 . uptodateness_vector = NULL ;
2005-03-29 10:19:44 +04:00
r . in . req . req5 . replica_flags = 0 ;
2007-09-08 20:46:30 +04:00
if ( lp_parm_bool ( NULL , " drsuapi " , " compression " , false ) ) {
2005-03-29 10:19:44 +04:00
r . in . req . req5 . replica_flags | = DRSUAPI_DS_REPLICA_NEIGHBOUR_COMPRESS_CHANGES ;
}
2006-11-30 14:18:18 +03:00
r . in . req . req5 . max_object_count = 0 ;
r . in . req . req5 . max_ndr_size = 0 ;
2005-03-22 17:49:11 +03:00
r . in . req . req5 . unknown4 = 0 ;
r . in . req . req5 . h1 = 0 ;
2005-03-16 18:47:19 +03:00
2005-03-15 17:42:09 +03:00
break ;
case 8 :
2005-03-22 17:49:11 +03:00
nc . guid = null_guid ;
nc . sid = null_sid ;
nc . dn = priv - > domain_obj_dn ? priv - > domain_obj_dn : " " ;
r . in . req . req8 . destination_dsa_guid = GUID_random ( ) ;
2006-12-08 20:34:15 +03:00
r . in . req . req8 . source_dsa_invocation_id = null_guid ;
2005-03-22 17:49:11 +03:00
r . in . req . req8 . naming_context = & nc ;
2005-03-23 21:54:06 +03:00
r . in . req . req8 . highwatermark . tmp_highest_usn = 0 ;
r . in . req . req8 . highwatermark . reserved_usn = 0 ;
r . in . req . req8 . highwatermark . highest_usn = 0 ;
r . in . req . req8 . uptodateness_vector = NULL ;
r10865: merge branches/SOC/SAMBA_4_0 into main the main SAMBA_4_0 tree
metze
r8017@SERNOX: metze | 2005-06-30 13:44:23 +0200
create the SAMBA_4_0 branch for the Summer Of Code Project
metze
r8730@SERNOX: brad | 2005-07-24 03:09:48 +0200
Branching Samba 4
r8731@SERNOX: brad | 2005-07-24 06:39:00 +0200
added 'make installmisc' to howto.txt
added existing 'compression' option to level8 drsuapi torture test
added new 'neighbour_writeable' option to level8 drsuapi torture test
r8732@SERNOX: brad | 2005-07-24 06:42:38 +0200
added metze's dssync patch as source/torture/rpc/dssync.c
r8739@SERNOX: brad | 2005-07-25 00:24:46 +0200
added a test called RPC-DSSYNC to config.mk
hacking at dssync.c in an attempt to make it compile
r8754@SERNOX: brad | 2005-07-25 15:19:21 +0200
Changing dssync.c to use ldb routines for accessing ldap rather than raw ldap calls.
r8765@SERNOX: brad | 2005-07-26 03:35:38 +0200
more ldb changes to test_CompleteJoin(), it mostly kind of almost works now!
r8766@SERNOX: brad | 2005-07-26 03:56:00 +0200
Trying to fix the crazy nesting in the branch
r8769@SERNOX: brad | 2005-07-26 04:48:29 +0200
merging latest changes
r8770@SERNOX: brad | 2005-07-26 04:53:43 +0200
removing nested branch
r8793@SERNOX: jerry | 2005-07-27 05:04:57 +0200
merging on of Brad missing changes from the nested 4.0 branch debacle
r8794@SERNOX: jerry | 2005-07-27 05:14:42 +0200
syncing up with the main 4_0 branch for Brad
r8842@SERNOX: brad | 2005-07-29 00:26:30 +0200
merging changes from branches/SAMBA_4_0
r8850@SERNOX: brad | 2005-07-29 21:07:57 +0200
Bringing my tree up to date
r8851@SERNOX: brad | 2005-07-30 00:48:04 +0200
making dssync.c more ldb-centric, reverted samlogon.c from rev. 8845 to get my branch to compile again.
r8856@SERNOX: brad | 2005-07-30 03:20:33 +0200
I think I have the ldb code down in test_CompleteJoin (not complete yet though)
r8860@SERNOX: brad | 2005-07-30 07:08:13 +0200
Changed comments to C style /**/ (thanks Richard), some more changes to test_CompleteJoin().
r8862@SERNOX: brad | 2005-07-31 04:45:32 +0200
Bringing the SOC/SAMBA_4_0 branch up to date.
r8863@SERNOX: brad | 2005-07-31 20:00:41 +0200
Updated some missing files from the branch
r8864@SERNOX: brad | 2005-07-31 20:25:50 +0200
Removing autogenerated files from branch
r8865@SERNOX: brad | 2005-07-31 20:43:58 +0200
last of the unneeded files in SOC/SAMBA_4_0
r9004@SERNOX: brad | 2005-08-03 18:51:23 +0200
r5214@buttercup: j0j0 | 2005-08-03 10:44:30 -0600
r@buttercup: j0j0 | 2005-08-02 22:54:13 -0600
creating a local branch of branches/SAMBA_4_0
r9013@SERNOX: brad | 2005-08-03 20:57:48 +0200
r5228@buttercup: j0j0 | 2005-08-03 13:00:11 -0600
Fixing differences between this branch and /branches/SAMBA_4_0
r9014@SERNOX: brad | 2005-08-03 21:18:05 +0200
r5231@buttercup: j0j0 | 2005-08-03 13:23:12 -0600
Updating config.mk so that smbtorture builds again
r9061@SERNOX: brad | 2005-08-04 18:17:36 +0200
r5249@buttercup: j0j0 | 2005-08-03 21:01:02 -0600
Start using libnet_Join() for DC join.
r9062@SERNOX: brad | 2005-08-04 18:17:47 +0200
r5250@buttercup: j0j0 | 2005-08-04 10:21:34 -0600
Some more work towards performing a dc join.
r9064@SERNOX: brad | 2005-08-04 18:53:51 +0200
r5253@buttercup: j0j0 | 2005-08-04 10:53:00 -0600
Fixed a bug (passing a TALLOC_CTX to libnet_context_init() )
r9069@SERNOX: brad | 2005-08-04 21:59:55 +0200
r5279@buttercup: j0j0 | 2005-08-04 14:04:55 -0600
Some more work on the domain join
r9117@SERNOX: brad | 2005-08-05 16:50:26 +0200
r5281@buttercup: j0j0 | 2005-08-05 08:55:58 -0600
Committing minor changes before merge
r9180@SERNOX: brad | 2005-08-07 17:25:25 +0200
r5314@buttercup: j0j0 | 2005-08-07 09:30:12 -0600
Reworked libnet_join to use two join levels, AUTOMATIC and SPECIFIED.
r9181@SERNOX: brad | 2005-08-07 17:25:36 +0200
r5315@buttercup: j0j0 | 2005-08-07 09:31:22 -0600
Working with libnet_Join(), code cleanup needed in the near future.
r9192@SERNOX: brad | 2005-08-07 21:40:22 +0200
r5373@buttercup: j0j0 | 2005-08-07 13:46:09 -0600
Some code cleanup to make things a little more readable.
r9249@SERNOX: brad | 2005-08-12 01:31:48 +0200
r5375@buttercup: j0j0 | 2005-08-11 17:38:44 -0600
Split libnet_JoinDomain() into libnet_JoinDomain() and libnet_JoinADSDomain().
r9256@SERNOX: brad | 2005-08-12 04:55:11 +0200
r5413@buttercup: j0j0 | 2005-08-11 21:02:27 -0600
Clean up libnet_JoinADSDomain() a little, added a comment to the test_join struct.
r9314@SERNOX: brad | 2005-08-16 03:53:20 +0200
r5436@buttercup: j0j0 | 2005-08-15 20:01:21 -0600
libnet_JoinDomain() should honour LIBNET_JOIN_TORTURE now.
torture_join_domain() should properly use libnet_JoinDomain().
dssync.c uses torture_join_domain() again.
r9351@SERNOX: brad | 2005-08-17 07:15:31 +0200
r5438@buttercup: j0j0 | 2005-08-16 23:23:58 -0600
Removed LIBNET_JOIN_TORTURE level, as it became unnecessary once libnet_Join_primary_domain() handled netbios names better.
Corrected libnet_JoinDomain() and libnet_JoinADSDomain().
r9352@SERNOX: brad | 2005-08-17 07:24:49 +0200
r5440@buttercup: j0j0 | 2005-08-16 23:33:25 -0600
Fixed a typo.
r9354@SERNOX: metze | 2005-08-17 10:28:25 +0200
remove object files from svn
metze
r9376@SERNOX: brad | 2005-08-18 05:15:48 +0200
r5476@buttercup: j0j0 | 2005-08-17 21:24:33 -0600
Proof that I shouldn't code when i'm tired (silly bugfixes).
r9405@SERNOX: brad | 2005-08-19 22:50:10 +0200
r5500@buttercup: j0j0 | 2005-08-19 14:56:25 -0600
Get dssync.c compiling again after merge (ldb_dn changes from rev. 9391).
r9407@SERNOX: brad | 2005-08-20 03:22:42 +0200
r5502@buttercup: j0j0 | 2005-08-19 19:28:22 -0600
libnet/libnet_join.c
Some more fixes so ldb uses ldb_dn's.
torture/rpc/dssync.c
Some debugging printf()'s.
ldb_dn fixes.
torture/rpc/testjoin.c
Change torture_join_domain() to use libnet_JoinDomain() rather than libnet_Join().
Some more debugging statements.
I'm not sure why, but GUID_all_zero(user_handle.uuid) is returning true in torture_leave_domain() when called it from torture_destroy_context() in torture/rpc/dssync.c.
That's what i'm working out now.
r9427@SERNOX: brad | 2005-08-20 18:38:29 +0200
r5504@buttercup: j0j0 | 2005-08-20 10:44:52 -0600
Some bugfixes.
Removed a bunch of debugging code.
torture_leave_domain() works again! not 100% perfect yet though...
r9428@SERNOX: brad | 2005-08-20 19:09:26 +0200
r5506@buttercup: j0j0 | 2005-08-20 11:15:54 -0600
Restructure torture_join_domain() so that it joins itself, removes itself, and joins itself to the domain again to ensure that its account information is all current and as expected.
r9452@SERNOX: brad | 2005-08-21 19:33:51 +0200
r5508@buttercup: j0j0 | 2005-08-21 11:40:36 -0600
Bugfixes, trying to get things straight between contexts.
r9467@SERNOX: brad | 2005-08-22 04:00:48 +0200
r5510@buttercup: j0j0 | 2005-08-21 20:06:55 -0600
Another round of bugfixing.
r9521@SERNOX: brad | 2005-08-23 15:26:44 +0200
r5596@buttercup: j0j0 | 2005-08-23 07:33:06 -0600
Merging changes
r9524@SERNOX: metze | 2005-08-23 16:09:42 +0200
- fix the build caused by changes in the main samba4 tree,
- add an option "dssync:german=yes" to allow me to run against my german w2k3 server
this should be replaces by CLDAP calls to get the Default-First-Site-Name dynamicly
- remove some temporary comments, as DsAddEntry works now
metze
r9528@SERNOX: metze | 2005-08-23 18:22:22 +0200
the RPC-DSSYNC test is now able to fetch the whole tree,
including the unicodePwd, ntPwdHistory fields
metze
r9559@SERNOX: brad | 2005-08-24 04:11:47 +0200
r5612@buttercup: j0j0 | 2005-08-23 20:19:12 -0600
Some fixes around using talloc in a hierarchical fashion.
Still not right, but better.
r9564@SERNOX: brad | 2005-08-24 05:43:11 +0200
r5614@buttercup: j0j0 | 2005-08-23 21:50:38 -0600
Gave libnet_JoinADSDomain() its own tmp_ctx rather than passing it from libnet_JoinDomain() as a parameter (yuk).
As a side effect, it proves that my bug lies in libnet_JoinDomain(), not libnet_JoinADSDomain().
r9565@SERNOX: brad | 2005-08-24 06:09:46 +0200
r5616@buttercup: j0j0 | 2005-08-23 22:17:12 -0600
Small fix, if r->out.error_string and r2->samr_handle.out.error_string weren't set to NULL, torture_join_domain() would segfault on the second join.
r9630@SERNOX: brad | 2005-08-26 06:42:50 +0200
Commented out the parts of the dssync test which perform the dc join and create/remove associated ldap entries.
Commented out the test for the 'german' dssync option, because now we detect the Site-Name using CLDAP. If cldap_netlogon() does not return ok, the code defaults to 'Default-First-Site-Name'.
r9670@SERNOX: brad | 2005-08-27 02:30:11 +0200
Added a patch from metze.
To showcase what i've learned today, i've created two new parameters which can be set at runtime, drsuapi:last_usn and drsuapi:partition.
drsuapi:last_usn takes an integer representing the USN of the last recieved replication update for a particular partition (uses the domain dn if drsuapi:parition isn't set).
That value is passed in the DsGetNCChanges() call so that only info which has been updated since that point in time is returned. If this option is not set, 0 is used by default, and all updates for that partition are returned.
drsuapi:partition takes a string dn and uses that as the name of the AD partition to replicate.
Some debugging output was also added.
r9723@SERNOX: brad | 2005-08-29 01:07:51 +0200
Added some copyright notices.
Changed some things in net_join.c to try and figure out why 'net join <domain> bdc' segfaults.
It occurs when the last talloc_free() happens, so i'm sure it's something to do with the memory fiddling i'm doing in libnet_join.
Added some drsuapi attribute ids that I figured out today.
I put some (many, dry) notes together while doing that, so i'll try to put them up on a blog at samba.org a little later tonight.
r9740@SERNOX: metze | 2005-08-29 16:58:03 +0200
fix up the DsGetNCchanges loop,
and remove misleading comments
metze
r9743@SERNOX: metze | 2005-08-29 17:26:45 +0200
make the logic a bit clearer
metze
r9815@SERNOX: brad | 2005-08-31 02:36:21 +0200
Added cldap_netlogon() AD Site-Name lookup into libnet/libnet_join.c.
Bugfixing rampage in libnet_join.c to resolve misunderstanding of talloc_steal().
libnet_join now creates the CN=<netbios name>,CN=Servers,CN=<site name>,CN=Sites,CN=Configuration,<domain dn> container on a dc join.
r9858@SERNOX: brad | 2005-09-01 03:17:17 +0200
Removed extraneous NDR_ALL subsystem requirement from torture/config.mk.
Added lots of error checking as per metze's advice.
Removed commented out code.
More bug chasing.
r9863@SERNOX: brad | 2005-09-01 05:53:19 +0200
Cleaned up dssync.c, removed the unneeded DsCrackNames() call, removed DC join/leave related stuff.
It no longer looks like my house does!
r9887@SERNOX: metze | 2005-09-01 11:34:03 +0200
- fix dssync:highest_usn parameter handling
- ask for LINKED_ATTRIBUTE replication
metze
r9891@SERNOX: metze | 2005-09-01 14:13:18 +0200
make the code more readable, and fix a few bugs
metze
r9911@SERNOX: brad | 2005-09-01 20:36:27 +0200
Bugfixes in libnet_join.c.
Cleaned up comments.
Added domain_dn_str and account_dn_str to struct libnet_JoinDomain.
Removed struct dcerpc_pipe *samr_pipe and struct policy_handle user_handle from struct libnet_Join.
r9920@SERNOX: brad | 2005-09-01 23:34:13 +0200
Added disclaimer (I can't seem to get libnet_JoinDomain() to keep the samr_pipe and u_handle open past the function call, grrrr....).
r9921@SERNOX: brad | 2005-09-01 23:37:54 +0200
Added copyright statement.
Cleaned up unneeded variables from torture_join_domain().
r9932@SERNOX: brad | 2005-09-02 01:49:42 +0200
Really rushed project notes.
r10841@SERNOX: metze | 2005-10-08 20:01:45 +0200
remove diff to main SAMBA_4_0 branch
metze
r10862@SERNOX: metze | 2005-10-10 10:31:52 +0200
remove the differences between SAMBA_4_0 and SOC/SAMBA_4_0
metze
r10863@SERNOX: metze | 2005-10-10 10:34:26 +0200
fix the build
metze
r10864@SERNOX: metze | 2005-10-10 11:10:08 +0200
remove README file to reduce, diffs to main SAMBA_4_0 branch:
metze
README:
This project was centered around adding a torture test to Samba 4, which used drsuapi_DsGetNCChanges() to retrieve the contents of an Active Directory in the same manner as an Active Directory DC replication event.
As the project unfolded, I also applied some changes to the functionality of the libnet library related to joining a machine account to a domain.
One of the first things that I implemented in this project was a 'neighbour_writeable' option for the RPC-DRSUAPI torture test. The command line to execute this torture test is as follows:
smbtorture --option=drsuapi:neighbour_writeable=True -W <domain name> -U <admin username>%<password> ncacn_ip_tcp:<domain controller dns name> RPC-DRSUAPI
This option provides us with runtime control over the DRSUAPI_DS_REPLICA_NEIGHBOUR_WRITEABLE flag in the struct drsuapi_DsGetNCChanges.in.req.req<level>.replica_flags, allowing us to easily test for differences in the behaviour of AD replication with the switch on or off.
In the course of the project, I also implemented two more flags for the RPC-DSSYNC test. dssync:last_usn takes an integer representing the USN (Universal Serial Number) of the last recieved replication update for a particular partition (uses the domain DN if drsuapi:parition isn't set). That value is passed in the DsGetNCChanges() call so that only info which has been updated since that point in time is returned. If this option is not set, 0 is used by default, and all updates for that partition are returned. dssync:partition takes a string DN and uses that as the name of the AD partition to replicate.
Based initially on a patch provided to me by one of my mentors, Stephan (metze) Metzmacher, the RPC-DSSYNC test was implemented for this project. Initially functionality was included to perform a DC join prior to initiating replication, but the code was removed when it was realized that replication could indeed take place without being a member of the domain in any way. It has been recently suggested that we may need a DC join after all to get all of the information we may want from the AD replication. This is probably best added using a torture_join_domain() call once the libnet code is able to keep the user policy handle and SAMR RPC pipe open.
The DC join code was taken out of the RPC-DSSYNC and implemented for the most part in the libnet libraries. To test this, the RPC-NETLOGON test was modified to perform a domain join, leave and rejoin. Currently, the test has a fault in that it is unable to leave the domain using the same SAMR RPC pipe and user_policy information as was used for the first join. This is because I was unable to get the code working properly in libnet to provide that functionality. Currently missing from the DC join in libnet is the code to create the CN=NTDS Settings,CN=<DC NETBIOS NAME>,CN=<Site-Name>,CN=Sites,CN=Configuration,<domain DN> container using the dcerpc_drsuapi_DsAddEntry() call. I did not want to implement this functionality in libnet while there were still problems with the code.
I also provided the ability in libnet and the RPC-DSSYNC test to look up the proper site name using the cldap library.
In my investigations, I was unable to find out any information regarding the UnicodePwd attribute, except that the same password is represented differently for two different users in the same directory.
I was also able to resolve and confirm the meaning of some DRSUAPI_ATTRIBUTE ID's.
DRSUAPI_OBJECTCLASS_domain (0xA0042)
DRSUAPI_OBJECTCLASS_domainDNS (0xA0043)
wellKnownObjects (0x9026A)
fSMORoleOwner (0x90171)
name or dc (0x90001)
whenCreated (0x20002)
instanceType (0x20001)
gPLink (0x9037B)
These were added to the IDL for drsuapi (source/librpc/idl/drsuapi.idl).
I would like to thank everyone on the Samba team who worked with me and assisted me with this project, specifically all the work done by Stephan Metzmacher, Andrew Bartlett and Jerry Carter. Working on this project with the Samba team really has been a life changing experience, as corny as that sounds.
I've realized that I was born to be a systems developer, and it has helped confirm in my mind that Open Source (specifically Samba) development is exactly what i've been missing!
I would also like to take this opportunity to thank Chris Dibona and Google for the amazing opportunity. I don't know if I would have taken the leap in other circumstances.
I know these notes sound a little rushed, but it is 23:55 after all! :)
(This used to be commit 55552b41cbaa8c57a30373a53176e7f3ae945290)
2005-10-10 13:33:06 +04:00
r . in . req . req8 . replica_flags = 0 ;
2007-09-08 20:46:30 +04:00
if ( lp_parm_bool ( NULL , " drsuapi " , " compression " , false ) ) {
r10865: merge branches/SOC/SAMBA_4_0 into main the main SAMBA_4_0 tree
metze
r8017@SERNOX: metze | 2005-06-30 13:44:23 +0200
create the SAMBA_4_0 branch for the Summer Of Code Project
metze
r8730@SERNOX: brad | 2005-07-24 03:09:48 +0200
Branching Samba 4
r8731@SERNOX: brad | 2005-07-24 06:39:00 +0200
added 'make installmisc' to howto.txt
added existing 'compression' option to level8 drsuapi torture test
added new 'neighbour_writeable' option to level8 drsuapi torture test
r8732@SERNOX: brad | 2005-07-24 06:42:38 +0200
added metze's dssync patch as source/torture/rpc/dssync.c
r8739@SERNOX: brad | 2005-07-25 00:24:46 +0200
added a test called RPC-DSSYNC to config.mk
hacking at dssync.c in an attempt to make it compile
r8754@SERNOX: brad | 2005-07-25 15:19:21 +0200
Changing dssync.c to use ldb routines for accessing ldap rather than raw ldap calls.
r8765@SERNOX: brad | 2005-07-26 03:35:38 +0200
more ldb changes to test_CompleteJoin(), it mostly kind of almost works now!
r8766@SERNOX: brad | 2005-07-26 03:56:00 +0200
Trying to fix the crazy nesting in the branch
r8769@SERNOX: brad | 2005-07-26 04:48:29 +0200
merging latest changes
r8770@SERNOX: brad | 2005-07-26 04:53:43 +0200
removing nested branch
r8793@SERNOX: jerry | 2005-07-27 05:04:57 +0200
merging on of Brad missing changes from the nested 4.0 branch debacle
r8794@SERNOX: jerry | 2005-07-27 05:14:42 +0200
syncing up with the main 4_0 branch for Brad
r8842@SERNOX: brad | 2005-07-29 00:26:30 +0200
merging changes from branches/SAMBA_4_0
r8850@SERNOX: brad | 2005-07-29 21:07:57 +0200
Bringing my tree up to date
r8851@SERNOX: brad | 2005-07-30 00:48:04 +0200
making dssync.c more ldb-centric, reverted samlogon.c from rev. 8845 to get my branch to compile again.
r8856@SERNOX: brad | 2005-07-30 03:20:33 +0200
I think I have the ldb code down in test_CompleteJoin (not complete yet though)
r8860@SERNOX: brad | 2005-07-30 07:08:13 +0200
Changed comments to C style /**/ (thanks Richard), some more changes to test_CompleteJoin().
r8862@SERNOX: brad | 2005-07-31 04:45:32 +0200
Bringing the SOC/SAMBA_4_0 branch up to date.
r8863@SERNOX: brad | 2005-07-31 20:00:41 +0200
Updated some missing files from the branch
r8864@SERNOX: brad | 2005-07-31 20:25:50 +0200
Removing autogenerated files from branch
r8865@SERNOX: brad | 2005-07-31 20:43:58 +0200
last of the unneeded files in SOC/SAMBA_4_0
r9004@SERNOX: brad | 2005-08-03 18:51:23 +0200
r5214@buttercup: j0j0 | 2005-08-03 10:44:30 -0600
r@buttercup: j0j0 | 2005-08-02 22:54:13 -0600
creating a local branch of branches/SAMBA_4_0
r9013@SERNOX: brad | 2005-08-03 20:57:48 +0200
r5228@buttercup: j0j0 | 2005-08-03 13:00:11 -0600
Fixing differences between this branch and /branches/SAMBA_4_0
r9014@SERNOX: brad | 2005-08-03 21:18:05 +0200
r5231@buttercup: j0j0 | 2005-08-03 13:23:12 -0600
Updating config.mk so that smbtorture builds again
r9061@SERNOX: brad | 2005-08-04 18:17:36 +0200
r5249@buttercup: j0j0 | 2005-08-03 21:01:02 -0600
Start using libnet_Join() for DC join.
r9062@SERNOX: brad | 2005-08-04 18:17:47 +0200
r5250@buttercup: j0j0 | 2005-08-04 10:21:34 -0600
Some more work towards performing a dc join.
r9064@SERNOX: brad | 2005-08-04 18:53:51 +0200
r5253@buttercup: j0j0 | 2005-08-04 10:53:00 -0600
Fixed a bug (passing a TALLOC_CTX to libnet_context_init() )
r9069@SERNOX: brad | 2005-08-04 21:59:55 +0200
r5279@buttercup: j0j0 | 2005-08-04 14:04:55 -0600
Some more work on the domain join
r9117@SERNOX: brad | 2005-08-05 16:50:26 +0200
r5281@buttercup: j0j0 | 2005-08-05 08:55:58 -0600
Committing minor changes before merge
r9180@SERNOX: brad | 2005-08-07 17:25:25 +0200
r5314@buttercup: j0j0 | 2005-08-07 09:30:12 -0600
Reworked libnet_join to use two join levels, AUTOMATIC and SPECIFIED.
r9181@SERNOX: brad | 2005-08-07 17:25:36 +0200
r5315@buttercup: j0j0 | 2005-08-07 09:31:22 -0600
Working with libnet_Join(), code cleanup needed in the near future.
r9192@SERNOX: brad | 2005-08-07 21:40:22 +0200
r5373@buttercup: j0j0 | 2005-08-07 13:46:09 -0600
Some code cleanup to make things a little more readable.
r9249@SERNOX: brad | 2005-08-12 01:31:48 +0200
r5375@buttercup: j0j0 | 2005-08-11 17:38:44 -0600
Split libnet_JoinDomain() into libnet_JoinDomain() and libnet_JoinADSDomain().
r9256@SERNOX: brad | 2005-08-12 04:55:11 +0200
r5413@buttercup: j0j0 | 2005-08-11 21:02:27 -0600
Clean up libnet_JoinADSDomain() a little, added a comment to the test_join struct.
r9314@SERNOX: brad | 2005-08-16 03:53:20 +0200
r5436@buttercup: j0j0 | 2005-08-15 20:01:21 -0600
libnet_JoinDomain() should honour LIBNET_JOIN_TORTURE now.
torture_join_domain() should properly use libnet_JoinDomain().
dssync.c uses torture_join_domain() again.
r9351@SERNOX: brad | 2005-08-17 07:15:31 +0200
r5438@buttercup: j0j0 | 2005-08-16 23:23:58 -0600
Removed LIBNET_JOIN_TORTURE level, as it became unnecessary once libnet_Join_primary_domain() handled netbios names better.
Corrected libnet_JoinDomain() and libnet_JoinADSDomain().
r9352@SERNOX: brad | 2005-08-17 07:24:49 +0200
r5440@buttercup: j0j0 | 2005-08-16 23:33:25 -0600
Fixed a typo.
r9354@SERNOX: metze | 2005-08-17 10:28:25 +0200
remove object files from svn
metze
r9376@SERNOX: brad | 2005-08-18 05:15:48 +0200
r5476@buttercup: j0j0 | 2005-08-17 21:24:33 -0600
Proof that I shouldn't code when i'm tired (silly bugfixes).
r9405@SERNOX: brad | 2005-08-19 22:50:10 +0200
r5500@buttercup: j0j0 | 2005-08-19 14:56:25 -0600
Get dssync.c compiling again after merge (ldb_dn changes from rev. 9391).
r9407@SERNOX: brad | 2005-08-20 03:22:42 +0200
r5502@buttercup: j0j0 | 2005-08-19 19:28:22 -0600
libnet/libnet_join.c
Some more fixes so ldb uses ldb_dn's.
torture/rpc/dssync.c
Some debugging printf()'s.
ldb_dn fixes.
torture/rpc/testjoin.c
Change torture_join_domain() to use libnet_JoinDomain() rather than libnet_Join().
Some more debugging statements.
I'm not sure why, but GUID_all_zero(user_handle.uuid) is returning true in torture_leave_domain() when called it from torture_destroy_context() in torture/rpc/dssync.c.
That's what i'm working out now.
r9427@SERNOX: brad | 2005-08-20 18:38:29 +0200
r5504@buttercup: j0j0 | 2005-08-20 10:44:52 -0600
Some bugfixes.
Removed a bunch of debugging code.
torture_leave_domain() works again! not 100% perfect yet though...
r9428@SERNOX: brad | 2005-08-20 19:09:26 +0200
r5506@buttercup: j0j0 | 2005-08-20 11:15:54 -0600
Restructure torture_join_domain() so that it joins itself, removes itself, and joins itself to the domain again to ensure that its account information is all current and as expected.
r9452@SERNOX: brad | 2005-08-21 19:33:51 +0200
r5508@buttercup: j0j0 | 2005-08-21 11:40:36 -0600
Bugfixes, trying to get things straight between contexts.
r9467@SERNOX: brad | 2005-08-22 04:00:48 +0200
r5510@buttercup: j0j0 | 2005-08-21 20:06:55 -0600
Another round of bugfixing.
r9521@SERNOX: brad | 2005-08-23 15:26:44 +0200
r5596@buttercup: j0j0 | 2005-08-23 07:33:06 -0600
Merging changes
r9524@SERNOX: metze | 2005-08-23 16:09:42 +0200
- fix the build caused by changes in the main samba4 tree,
- add an option "dssync:german=yes" to allow me to run against my german w2k3 server
this should be replaces by CLDAP calls to get the Default-First-Site-Name dynamicly
- remove some temporary comments, as DsAddEntry works now
metze
r9528@SERNOX: metze | 2005-08-23 18:22:22 +0200
the RPC-DSSYNC test is now able to fetch the whole tree,
including the unicodePwd, ntPwdHistory fields
metze
r9559@SERNOX: brad | 2005-08-24 04:11:47 +0200
r5612@buttercup: j0j0 | 2005-08-23 20:19:12 -0600
Some fixes around using talloc in a hierarchical fashion.
Still not right, but better.
r9564@SERNOX: brad | 2005-08-24 05:43:11 +0200
r5614@buttercup: j0j0 | 2005-08-23 21:50:38 -0600
Gave libnet_JoinADSDomain() its own tmp_ctx rather than passing it from libnet_JoinDomain() as a parameter (yuk).
As a side effect, it proves that my bug lies in libnet_JoinDomain(), not libnet_JoinADSDomain().
r9565@SERNOX: brad | 2005-08-24 06:09:46 +0200
r5616@buttercup: j0j0 | 2005-08-23 22:17:12 -0600
Small fix, if r->out.error_string and r2->samr_handle.out.error_string weren't set to NULL, torture_join_domain() would segfault on the second join.
r9630@SERNOX: brad | 2005-08-26 06:42:50 +0200
Commented out the parts of the dssync test which perform the dc join and create/remove associated ldap entries.
Commented out the test for the 'german' dssync option, because now we detect the Site-Name using CLDAP. If cldap_netlogon() does not return ok, the code defaults to 'Default-First-Site-Name'.
r9670@SERNOX: brad | 2005-08-27 02:30:11 +0200
Added a patch from metze.
To showcase what i've learned today, i've created two new parameters which can be set at runtime, drsuapi:last_usn and drsuapi:partition.
drsuapi:last_usn takes an integer representing the USN of the last recieved replication update for a particular partition (uses the domain dn if drsuapi:parition isn't set).
That value is passed in the DsGetNCChanges() call so that only info which has been updated since that point in time is returned. If this option is not set, 0 is used by default, and all updates for that partition are returned.
drsuapi:partition takes a string dn and uses that as the name of the AD partition to replicate.
Some debugging output was also added.
r9723@SERNOX: brad | 2005-08-29 01:07:51 +0200
Added some copyright notices.
Changed some things in net_join.c to try and figure out why 'net join <domain> bdc' segfaults.
It occurs when the last talloc_free() happens, so i'm sure it's something to do with the memory fiddling i'm doing in libnet_join.
Added some drsuapi attribute ids that I figured out today.
I put some (many, dry) notes together while doing that, so i'll try to put them up on a blog at samba.org a little later tonight.
r9740@SERNOX: metze | 2005-08-29 16:58:03 +0200
fix up the DsGetNCchanges loop,
and remove misleading comments
metze
r9743@SERNOX: metze | 2005-08-29 17:26:45 +0200
make the logic a bit clearer
metze
r9815@SERNOX: brad | 2005-08-31 02:36:21 +0200
Added cldap_netlogon() AD Site-Name lookup into libnet/libnet_join.c.
Bugfixing rampage in libnet_join.c to resolve misunderstanding of talloc_steal().
libnet_join now creates the CN=<netbios name>,CN=Servers,CN=<site name>,CN=Sites,CN=Configuration,<domain dn> container on a dc join.
r9858@SERNOX: brad | 2005-09-01 03:17:17 +0200
Removed extraneous NDR_ALL subsystem requirement from torture/config.mk.
Added lots of error checking as per metze's advice.
Removed commented out code.
More bug chasing.
r9863@SERNOX: brad | 2005-09-01 05:53:19 +0200
Cleaned up dssync.c, removed the unneeded DsCrackNames() call, removed DC join/leave related stuff.
It no longer looks like my house does!
r9887@SERNOX: metze | 2005-09-01 11:34:03 +0200
- fix dssync:highest_usn parameter handling
- ask for LINKED_ATTRIBUTE replication
metze
r9891@SERNOX: metze | 2005-09-01 14:13:18 +0200
make the code more readable, and fix a few bugs
metze
r9911@SERNOX: brad | 2005-09-01 20:36:27 +0200
Bugfixes in libnet_join.c.
Cleaned up comments.
Added domain_dn_str and account_dn_str to struct libnet_JoinDomain.
Removed struct dcerpc_pipe *samr_pipe and struct policy_handle user_handle from struct libnet_Join.
r9920@SERNOX: brad | 2005-09-01 23:34:13 +0200
Added disclaimer (I can't seem to get libnet_JoinDomain() to keep the samr_pipe and u_handle open past the function call, grrrr....).
r9921@SERNOX: brad | 2005-09-01 23:37:54 +0200
Added copyright statement.
Cleaned up unneeded variables from torture_join_domain().
r9932@SERNOX: brad | 2005-09-02 01:49:42 +0200
Really rushed project notes.
r10841@SERNOX: metze | 2005-10-08 20:01:45 +0200
remove diff to main SAMBA_4_0 branch
metze
r10862@SERNOX: metze | 2005-10-10 10:31:52 +0200
remove the differences between SAMBA_4_0 and SOC/SAMBA_4_0
metze
r10863@SERNOX: metze | 2005-10-10 10:34:26 +0200
fix the build
metze
r10864@SERNOX: metze | 2005-10-10 11:10:08 +0200
remove README file to reduce, diffs to main SAMBA_4_0 branch:
metze
README:
This project was centered around adding a torture test to Samba 4, which used drsuapi_DsGetNCChanges() to retrieve the contents of an Active Directory in the same manner as an Active Directory DC replication event.
As the project unfolded, I also applied some changes to the functionality of the libnet library related to joining a machine account to a domain.
One of the first things that I implemented in this project was a 'neighbour_writeable' option for the RPC-DRSUAPI torture test. The command line to execute this torture test is as follows:
smbtorture --option=drsuapi:neighbour_writeable=True -W <domain name> -U <admin username>%<password> ncacn_ip_tcp:<domain controller dns name> RPC-DRSUAPI
This option provides us with runtime control over the DRSUAPI_DS_REPLICA_NEIGHBOUR_WRITEABLE flag in the struct drsuapi_DsGetNCChanges.in.req.req<level>.replica_flags, allowing us to easily test for differences in the behaviour of AD replication with the switch on or off.
In the course of the project, I also implemented two more flags for the RPC-DSSYNC test. dssync:last_usn takes an integer representing the USN (Universal Serial Number) of the last recieved replication update for a particular partition (uses the domain DN if drsuapi:parition isn't set). That value is passed in the DsGetNCChanges() call so that only info which has been updated since that point in time is returned. If this option is not set, 0 is used by default, and all updates for that partition are returned. dssync:partition takes a string DN and uses that as the name of the AD partition to replicate.
Based initially on a patch provided to me by one of my mentors, Stephan (metze) Metzmacher, the RPC-DSSYNC test was implemented for this project. Initially functionality was included to perform a DC join prior to initiating replication, but the code was removed when it was realized that replication could indeed take place without being a member of the domain in any way. It has been recently suggested that we may need a DC join after all to get all of the information we may want from the AD replication. This is probably best added using a torture_join_domain() call once the libnet code is able to keep the user policy handle and SAMR RPC pipe open.
The DC join code was taken out of the RPC-DSSYNC and implemented for the most part in the libnet libraries. To test this, the RPC-NETLOGON test was modified to perform a domain join, leave and rejoin. Currently, the test has a fault in that it is unable to leave the domain using the same SAMR RPC pipe and user_policy information as was used for the first join. This is because I was unable to get the code working properly in libnet to provide that functionality. Currently missing from the DC join in libnet is the code to create the CN=NTDS Settings,CN=<DC NETBIOS NAME>,CN=<Site-Name>,CN=Sites,CN=Configuration,<domain DN> container using the dcerpc_drsuapi_DsAddEntry() call. I did not want to implement this functionality in libnet while there were still problems with the code.
I also provided the ability in libnet and the RPC-DSSYNC test to look up the proper site name using the cldap library.
In my investigations, I was unable to find out any information regarding the UnicodePwd attribute, except that the same password is represented differently for two different users in the same directory.
I was also able to resolve and confirm the meaning of some DRSUAPI_ATTRIBUTE ID's.
DRSUAPI_OBJECTCLASS_domain (0xA0042)
DRSUAPI_OBJECTCLASS_domainDNS (0xA0043)
wellKnownObjects (0x9026A)
fSMORoleOwner (0x90171)
name or dc (0x90001)
whenCreated (0x20002)
instanceType (0x20001)
gPLink (0x9037B)
These were added to the IDL for drsuapi (source/librpc/idl/drsuapi.idl).
I would like to thank everyone on the Samba team who worked with me and assisted me with this project, specifically all the work done by Stephan Metzmacher, Andrew Bartlett and Jerry Carter. Working on this project with the Samba team really has been a life changing experience, as corny as that sounds.
I've realized that I was born to be a systems developer, and it has helped confirm in my mind that Open Source (specifically Samba) development is exactly what i've been missing!
I would also like to take this opportunity to thank Chris Dibona and Google for the amazing opportunity. I don't know if I would have taken the leap in other circumstances.
I know these notes sound a little rushed, but it is 23:55 after all! :)
(This used to be commit 55552b41cbaa8c57a30373a53176e7f3ae945290)
2005-10-10 13:33:06 +04:00
r . in . req . req8 . replica_flags | = DRSUAPI_DS_REPLICA_NEIGHBOUR_COMPRESS_CHANGES ;
}
2007-09-08 20:46:30 +04:00
if ( lp_parm_bool ( NULL , " drsuapi " , " neighbour_writeable " , true ) ) {
r10865: merge branches/SOC/SAMBA_4_0 into main the main SAMBA_4_0 tree
metze
r8017@SERNOX: metze | 2005-06-30 13:44:23 +0200
create the SAMBA_4_0 branch for the Summer Of Code Project
metze
r8730@SERNOX: brad | 2005-07-24 03:09:48 +0200
Branching Samba 4
r8731@SERNOX: brad | 2005-07-24 06:39:00 +0200
added 'make installmisc' to howto.txt
added existing 'compression' option to level8 drsuapi torture test
added new 'neighbour_writeable' option to level8 drsuapi torture test
r8732@SERNOX: brad | 2005-07-24 06:42:38 +0200
added metze's dssync patch as source/torture/rpc/dssync.c
r8739@SERNOX: brad | 2005-07-25 00:24:46 +0200
added a test called RPC-DSSYNC to config.mk
hacking at dssync.c in an attempt to make it compile
r8754@SERNOX: brad | 2005-07-25 15:19:21 +0200
Changing dssync.c to use ldb routines for accessing ldap rather than raw ldap calls.
r8765@SERNOX: brad | 2005-07-26 03:35:38 +0200
more ldb changes to test_CompleteJoin(), it mostly kind of almost works now!
r8766@SERNOX: brad | 2005-07-26 03:56:00 +0200
Trying to fix the crazy nesting in the branch
r8769@SERNOX: brad | 2005-07-26 04:48:29 +0200
merging latest changes
r8770@SERNOX: brad | 2005-07-26 04:53:43 +0200
removing nested branch
r8793@SERNOX: jerry | 2005-07-27 05:04:57 +0200
merging on of Brad missing changes from the nested 4.0 branch debacle
r8794@SERNOX: jerry | 2005-07-27 05:14:42 +0200
syncing up with the main 4_0 branch for Brad
r8842@SERNOX: brad | 2005-07-29 00:26:30 +0200
merging changes from branches/SAMBA_4_0
r8850@SERNOX: brad | 2005-07-29 21:07:57 +0200
Bringing my tree up to date
r8851@SERNOX: brad | 2005-07-30 00:48:04 +0200
making dssync.c more ldb-centric, reverted samlogon.c from rev. 8845 to get my branch to compile again.
r8856@SERNOX: brad | 2005-07-30 03:20:33 +0200
I think I have the ldb code down in test_CompleteJoin (not complete yet though)
r8860@SERNOX: brad | 2005-07-30 07:08:13 +0200
Changed comments to C style /**/ (thanks Richard), some more changes to test_CompleteJoin().
r8862@SERNOX: brad | 2005-07-31 04:45:32 +0200
Bringing the SOC/SAMBA_4_0 branch up to date.
r8863@SERNOX: brad | 2005-07-31 20:00:41 +0200
Updated some missing files from the branch
r8864@SERNOX: brad | 2005-07-31 20:25:50 +0200
Removing autogenerated files from branch
r8865@SERNOX: brad | 2005-07-31 20:43:58 +0200
last of the unneeded files in SOC/SAMBA_4_0
r9004@SERNOX: brad | 2005-08-03 18:51:23 +0200
r5214@buttercup: j0j0 | 2005-08-03 10:44:30 -0600
r@buttercup: j0j0 | 2005-08-02 22:54:13 -0600
creating a local branch of branches/SAMBA_4_0
r9013@SERNOX: brad | 2005-08-03 20:57:48 +0200
r5228@buttercup: j0j0 | 2005-08-03 13:00:11 -0600
Fixing differences between this branch and /branches/SAMBA_4_0
r9014@SERNOX: brad | 2005-08-03 21:18:05 +0200
r5231@buttercup: j0j0 | 2005-08-03 13:23:12 -0600
Updating config.mk so that smbtorture builds again
r9061@SERNOX: brad | 2005-08-04 18:17:36 +0200
r5249@buttercup: j0j0 | 2005-08-03 21:01:02 -0600
Start using libnet_Join() for DC join.
r9062@SERNOX: brad | 2005-08-04 18:17:47 +0200
r5250@buttercup: j0j0 | 2005-08-04 10:21:34 -0600
Some more work towards performing a dc join.
r9064@SERNOX: brad | 2005-08-04 18:53:51 +0200
r5253@buttercup: j0j0 | 2005-08-04 10:53:00 -0600
Fixed a bug (passing a TALLOC_CTX to libnet_context_init() )
r9069@SERNOX: brad | 2005-08-04 21:59:55 +0200
r5279@buttercup: j0j0 | 2005-08-04 14:04:55 -0600
Some more work on the domain join
r9117@SERNOX: brad | 2005-08-05 16:50:26 +0200
r5281@buttercup: j0j0 | 2005-08-05 08:55:58 -0600
Committing minor changes before merge
r9180@SERNOX: brad | 2005-08-07 17:25:25 +0200
r5314@buttercup: j0j0 | 2005-08-07 09:30:12 -0600
Reworked libnet_join to use two join levels, AUTOMATIC and SPECIFIED.
r9181@SERNOX: brad | 2005-08-07 17:25:36 +0200
r5315@buttercup: j0j0 | 2005-08-07 09:31:22 -0600
Working with libnet_Join(), code cleanup needed in the near future.
r9192@SERNOX: brad | 2005-08-07 21:40:22 +0200
r5373@buttercup: j0j0 | 2005-08-07 13:46:09 -0600
Some code cleanup to make things a little more readable.
r9249@SERNOX: brad | 2005-08-12 01:31:48 +0200
r5375@buttercup: j0j0 | 2005-08-11 17:38:44 -0600
Split libnet_JoinDomain() into libnet_JoinDomain() and libnet_JoinADSDomain().
r9256@SERNOX: brad | 2005-08-12 04:55:11 +0200
r5413@buttercup: j0j0 | 2005-08-11 21:02:27 -0600
Clean up libnet_JoinADSDomain() a little, added a comment to the test_join struct.
r9314@SERNOX: brad | 2005-08-16 03:53:20 +0200
r5436@buttercup: j0j0 | 2005-08-15 20:01:21 -0600
libnet_JoinDomain() should honour LIBNET_JOIN_TORTURE now.
torture_join_domain() should properly use libnet_JoinDomain().
dssync.c uses torture_join_domain() again.
r9351@SERNOX: brad | 2005-08-17 07:15:31 +0200
r5438@buttercup: j0j0 | 2005-08-16 23:23:58 -0600
Removed LIBNET_JOIN_TORTURE level, as it became unnecessary once libnet_Join_primary_domain() handled netbios names better.
Corrected libnet_JoinDomain() and libnet_JoinADSDomain().
r9352@SERNOX: brad | 2005-08-17 07:24:49 +0200
r5440@buttercup: j0j0 | 2005-08-16 23:33:25 -0600
Fixed a typo.
r9354@SERNOX: metze | 2005-08-17 10:28:25 +0200
remove object files from svn
metze
r9376@SERNOX: brad | 2005-08-18 05:15:48 +0200
r5476@buttercup: j0j0 | 2005-08-17 21:24:33 -0600
Proof that I shouldn't code when i'm tired (silly bugfixes).
r9405@SERNOX: brad | 2005-08-19 22:50:10 +0200
r5500@buttercup: j0j0 | 2005-08-19 14:56:25 -0600
Get dssync.c compiling again after merge (ldb_dn changes from rev. 9391).
r9407@SERNOX: brad | 2005-08-20 03:22:42 +0200
r5502@buttercup: j0j0 | 2005-08-19 19:28:22 -0600
libnet/libnet_join.c
Some more fixes so ldb uses ldb_dn's.
torture/rpc/dssync.c
Some debugging printf()'s.
ldb_dn fixes.
torture/rpc/testjoin.c
Change torture_join_domain() to use libnet_JoinDomain() rather than libnet_Join().
Some more debugging statements.
I'm not sure why, but GUID_all_zero(user_handle.uuid) is returning true in torture_leave_domain() when called it from torture_destroy_context() in torture/rpc/dssync.c.
That's what i'm working out now.
r9427@SERNOX: brad | 2005-08-20 18:38:29 +0200
r5504@buttercup: j0j0 | 2005-08-20 10:44:52 -0600
Some bugfixes.
Removed a bunch of debugging code.
torture_leave_domain() works again! not 100% perfect yet though...
r9428@SERNOX: brad | 2005-08-20 19:09:26 +0200
r5506@buttercup: j0j0 | 2005-08-20 11:15:54 -0600
Restructure torture_join_domain() so that it joins itself, removes itself, and joins itself to the domain again to ensure that its account information is all current and as expected.
r9452@SERNOX: brad | 2005-08-21 19:33:51 +0200
r5508@buttercup: j0j0 | 2005-08-21 11:40:36 -0600
Bugfixes, trying to get things straight between contexts.
r9467@SERNOX: brad | 2005-08-22 04:00:48 +0200
r5510@buttercup: j0j0 | 2005-08-21 20:06:55 -0600
Another round of bugfixing.
r9521@SERNOX: brad | 2005-08-23 15:26:44 +0200
r5596@buttercup: j0j0 | 2005-08-23 07:33:06 -0600
Merging changes
r9524@SERNOX: metze | 2005-08-23 16:09:42 +0200
- fix the build caused by changes in the main samba4 tree,
- add an option "dssync:german=yes" to allow me to run against my german w2k3 server
this should be replaces by CLDAP calls to get the Default-First-Site-Name dynamicly
- remove some temporary comments, as DsAddEntry works now
metze
r9528@SERNOX: metze | 2005-08-23 18:22:22 +0200
the RPC-DSSYNC test is now able to fetch the whole tree,
including the unicodePwd, ntPwdHistory fields
metze
r9559@SERNOX: brad | 2005-08-24 04:11:47 +0200
r5612@buttercup: j0j0 | 2005-08-23 20:19:12 -0600
Some fixes around using talloc in a hierarchical fashion.
Still not right, but better.
r9564@SERNOX: brad | 2005-08-24 05:43:11 +0200
r5614@buttercup: j0j0 | 2005-08-23 21:50:38 -0600
Gave libnet_JoinADSDomain() its own tmp_ctx rather than passing it from libnet_JoinDomain() as a parameter (yuk).
As a side effect, it proves that my bug lies in libnet_JoinDomain(), not libnet_JoinADSDomain().
r9565@SERNOX: brad | 2005-08-24 06:09:46 +0200
r5616@buttercup: j0j0 | 2005-08-23 22:17:12 -0600
Small fix, if r->out.error_string and r2->samr_handle.out.error_string weren't set to NULL, torture_join_domain() would segfault on the second join.
r9630@SERNOX: brad | 2005-08-26 06:42:50 +0200
Commented out the parts of the dssync test which perform the dc join and create/remove associated ldap entries.
Commented out the test for the 'german' dssync option, because now we detect the Site-Name using CLDAP. If cldap_netlogon() does not return ok, the code defaults to 'Default-First-Site-Name'.
r9670@SERNOX: brad | 2005-08-27 02:30:11 +0200
Added a patch from metze.
To showcase what i've learned today, i've created two new parameters which can be set at runtime, drsuapi:last_usn and drsuapi:partition.
drsuapi:last_usn takes an integer representing the USN of the last recieved replication update for a particular partition (uses the domain dn if drsuapi:parition isn't set).
That value is passed in the DsGetNCChanges() call so that only info which has been updated since that point in time is returned. If this option is not set, 0 is used by default, and all updates for that partition are returned.
drsuapi:partition takes a string dn and uses that as the name of the AD partition to replicate.
Some debugging output was also added.
r9723@SERNOX: brad | 2005-08-29 01:07:51 +0200
Added some copyright notices.
Changed some things in net_join.c to try and figure out why 'net join <domain> bdc' segfaults.
It occurs when the last talloc_free() happens, so i'm sure it's something to do with the memory fiddling i'm doing in libnet_join.
Added some drsuapi attribute ids that I figured out today.
I put some (many, dry) notes together while doing that, so i'll try to put them up on a blog at samba.org a little later tonight.
r9740@SERNOX: metze | 2005-08-29 16:58:03 +0200
fix up the DsGetNCchanges loop,
and remove misleading comments
metze
r9743@SERNOX: metze | 2005-08-29 17:26:45 +0200
make the logic a bit clearer
metze
r9815@SERNOX: brad | 2005-08-31 02:36:21 +0200
Added cldap_netlogon() AD Site-Name lookup into libnet/libnet_join.c.
Bugfixing rampage in libnet_join.c to resolve misunderstanding of talloc_steal().
libnet_join now creates the CN=<netbios name>,CN=Servers,CN=<site name>,CN=Sites,CN=Configuration,<domain dn> container on a dc join.
r9858@SERNOX: brad | 2005-09-01 03:17:17 +0200
Removed extraneous NDR_ALL subsystem requirement from torture/config.mk.
Added lots of error checking as per metze's advice.
Removed commented out code.
More bug chasing.
r9863@SERNOX: brad | 2005-09-01 05:53:19 +0200
Cleaned up dssync.c, removed the unneeded DsCrackNames() call, removed DC join/leave related stuff.
It no longer looks like my house does!
r9887@SERNOX: metze | 2005-09-01 11:34:03 +0200
- fix dssync:highest_usn parameter handling
- ask for LINKED_ATTRIBUTE replication
metze
r9891@SERNOX: metze | 2005-09-01 14:13:18 +0200
make the code more readable, and fix a few bugs
metze
r9911@SERNOX: brad | 2005-09-01 20:36:27 +0200
Bugfixes in libnet_join.c.
Cleaned up comments.
Added domain_dn_str and account_dn_str to struct libnet_JoinDomain.
Removed struct dcerpc_pipe *samr_pipe and struct policy_handle user_handle from struct libnet_Join.
r9920@SERNOX: brad | 2005-09-01 23:34:13 +0200
Added disclaimer (I can't seem to get libnet_JoinDomain() to keep the samr_pipe and u_handle open past the function call, grrrr....).
r9921@SERNOX: brad | 2005-09-01 23:37:54 +0200
Added copyright statement.
Cleaned up unneeded variables from torture_join_domain().
r9932@SERNOX: brad | 2005-09-02 01:49:42 +0200
Really rushed project notes.
r10841@SERNOX: metze | 2005-10-08 20:01:45 +0200
remove diff to main SAMBA_4_0 branch
metze
r10862@SERNOX: metze | 2005-10-10 10:31:52 +0200
remove the differences between SAMBA_4_0 and SOC/SAMBA_4_0
metze
r10863@SERNOX: metze | 2005-10-10 10:34:26 +0200
fix the build
metze
r10864@SERNOX: metze | 2005-10-10 11:10:08 +0200
remove README file to reduce, diffs to main SAMBA_4_0 branch:
metze
README:
This project was centered around adding a torture test to Samba 4, which used drsuapi_DsGetNCChanges() to retrieve the contents of an Active Directory in the same manner as an Active Directory DC replication event.
As the project unfolded, I also applied some changes to the functionality of the libnet library related to joining a machine account to a domain.
One of the first things that I implemented in this project was a 'neighbour_writeable' option for the RPC-DRSUAPI torture test. The command line to execute this torture test is as follows:
smbtorture --option=drsuapi:neighbour_writeable=True -W <domain name> -U <admin username>%<password> ncacn_ip_tcp:<domain controller dns name> RPC-DRSUAPI
This option provides us with runtime control over the DRSUAPI_DS_REPLICA_NEIGHBOUR_WRITEABLE flag in the struct drsuapi_DsGetNCChanges.in.req.req<level>.replica_flags, allowing us to easily test for differences in the behaviour of AD replication with the switch on or off.
In the course of the project, I also implemented two more flags for the RPC-DSSYNC test. dssync:last_usn takes an integer representing the USN (Universal Serial Number) of the last recieved replication update for a particular partition (uses the domain DN if drsuapi:parition isn't set). That value is passed in the DsGetNCChanges() call so that only info which has been updated since that point in time is returned. If this option is not set, 0 is used by default, and all updates for that partition are returned. dssync:partition takes a string DN and uses that as the name of the AD partition to replicate.
Based initially on a patch provided to me by one of my mentors, Stephan (metze) Metzmacher, the RPC-DSSYNC test was implemented for this project. Initially functionality was included to perform a DC join prior to initiating replication, but the code was removed when it was realized that replication could indeed take place without being a member of the domain in any way. It has been recently suggested that we may need a DC join after all to get all of the information we may want from the AD replication. This is probably best added using a torture_join_domain() call once the libnet code is able to keep the user policy handle and SAMR RPC pipe open.
The DC join code was taken out of the RPC-DSSYNC and implemented for the most part in the libnet libraries. To test this, the RPC-NETLOGON test was modified to perform a domain join, leave and rejoin. Currently, the test has a fault in that it is unable to leave the domain using the same SAMR RPC pipe and user_policy information as was used for the first join. This is because I was unable to get the code working properly in libnet to provide that functionality. Currently missing from the DC join in libnet is the code to create the CN=NTDS Settings,CN=<DC NETBIOS NAME>,CN=<Site-Name>,CN=Sites,CN=Configuration,<domain DN> container using the dcerpc_drsuapi_DsAddEntry() call. I did not want to implement this functionality in libnet while there were still problems with the code.
I also provided the ability in libnet and the RPC-DSSYNC test to look up the proper site name using the cldap library.
In my investigations, I was unable to find out any information regarding the UnicodePwd attribute, except that the same password is represented differently for two different users in the same directory.
I was also able to resolve and confirm the meaning of some DRSUAPI_ATTRIBUTE ID's.
DRSUAPI_OBJECTCLASS_domain (0xA0042)
DRSUAPI_OBJECTCLASS_domainDNS (0xA0043)
wellKnownObjects (0x9026A)
fSMORoleOwner (0x90171)
name or dc (0x90001)
whenCreated (0x20002)
instanceType (0x20001)
gPLink (0x9037B)
These were added to the IDL for drsuapi (source/librpc/idl/drsuapi.idl).
I would like to thank everyone on the Samba team who worked with me and assisted me with this project, specifically all the work done by Stephan Metzmacher, Andrew Bartlett and Jerry Carter. Working on this project with the Samba team really has been a life changing experience, as corny as that sounds.
I've realized that I was born to be a systems developer, and it has helped confirm in my mind that Open Source (specifically Samba) development is exactly what i've been missing!
I would also like to take this opportunity to thank Chris Dibona and Google for the amazing opportunity. I don't know if I would have taken the leap in other circumstances.
I know these notes sound a little rushed, but it is 23:55 after all! :)
(This used to be commit 55552b41cbaa8c57a30373a53176e7f3ae945290)
2005-10-10 13:33:06 +04:00
r . in . req . req8 . replica_flags | = DRSUAPI_DS_REPLICA_NEIGHBOUR_WRITEABLE ;
}
r . in . req . req8 . replica_flags | = DRSUAPI_DS_REPLICA_NEIGHBOUR_SYNC_ON_STARTUP
2005-03-23 21:54:06 +03:00
| DRSUAPI_DS_REPLICA_NEIGHBOUR_DO_SCHEDULED_SYNCS
| DRSUAPI_DS_REPLICA_NEIGHBOUR_RETURN_OBJECT_PARENTS
| DRSUAPI_DS_REPLICA_NEIGHBOUR_NEVER_SYNCED
;
2006-11-30 14:18:18 +03:00
r . in . req . req8 . max_object_count = 402 ;
r . in . req . req8 . max_ndr_size = 402116 ;
2005-03-22 17:49:11 +03:00
r . in . req . req8 . unknown4 = 0 ;
r . in . req . req8 . h1 = 0 ;
r . in . req . req8 . unique_ptr1 = 0 ;
r . in . req . req8 . unique_ptr2 = 0 ;
r20251: I found out that the oid-prefix to uint32-id-prefix mapping is transferred
in replication replies, but I don't know the exact encoding.
for example the oids are transferred as:
2.5.4 => uint8_t v[] = { 0x55, 0x04 };
2.5.5 => uint8_t v[] = { 0x55, 0x05 };
2.5.6 => uint8_t v[] = { 0x55, 0x06 };
2.5.18 => uint8_t v[] = { 0x55, 0x12 };
2.5.20 => uint8_t v[] = { 0x55, 0x14 };
2.5.21 => uint8_t v[] = { 0x55, 0x15 };
1.2.840.113556.1.2 => uint8_t v[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x14, 0x01, 0x02 };
1.2.840.113556.1.3 => uint8_t v[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x14, 0x01, 0x03 };
1.2.840.113556.1.4 => uint8_t v[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x14, 0x01, 0x04 };
1.2.840.113556.1.5 => uint8_t v[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x14, 0x01, 0x05 };
1.2.840.113556.1.5.7000 => uint8_t v[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x14, 0x01, 0x05, 0xb6, 0x58 };
1.2.840.113549.1.9 => uint8_t v[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09 };
2.16.840.1.113730.3 => uint8_t v[] = { 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x03 };
2.16.840.1.113730.3.1 => uint8_t v[] = { 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x03, 0x01 };
2.16.840.1.113730.3.2 => uint8_t v[] = { 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x03, 0x02 };
0.9.2342.19200300.100.1 => uint8_t v[] = { 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01 };
0.9.2342.19200300.100.4 => uint8_t v[] = { 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x04 };
1.3.6.1.4.1.250.1 => uint8_t v[] = { 0x2b, 0x06, 0x01, 0x04, 0x01, 0x81, 0x7a, 0x01 };
1.3.6.1.4.1.1466.101.119=> uint8_t v[] = { 0x2b, 0x06, 0x01, 0x04, 0x01, 0x8b, 0x3a, 0x65, 0x77 };
if someone knows how the encoding works, please tell me:-)
I assume some ASN.1 encoding...
metze
(This used to be commit aa720a15319392fee5c532959192d0df5bf4c718)
2006-12-19 16:38:42 +03:00
r . in . req . req8 . mapping_ctr . num_mappings = 0 ;
r . in . req . req8 . mapping_ctr . mappings = NULL ;
2005-03-16 18:47:19 +03:00
2005-03-15 17:42:09 +03:00
break ;
}
2007-08-31 19:29:38 +04:00
status = dcerpc_drsuapi_DsGetNCChanges ( p , tctx , & r ) ;
torture_assert_ntstatus_ok ( tctx , status ,
" dcerpc_drsuapi_DsGetNCChanges failed " ) ;
torture_assert_werr_ok ( tctx , r . out . result ,
" DsGetNCChanges failed " ) ;
2005-03-15 17:42:09 +03:00
}
2007-08-31 19:29:38 +04:00
return true ;
2005-03-15 17:42:09 +03:00
}
2007-09-01 02:34:52 +04:00
bool test_QuerySitesByCost ( struct torture_context * tctx , struct dcerpc_pipe * p ,
2007-05-30 13:54:19 +04:00
struct DsPrivate * priv )
{
NTSTATUS status ;
struct drsuapi_QuerySitesByCost r ;
const char * my_site = " Default-First-Site-Name " ;
const char * remote_site1 = " smbtorture-nonexisting-site1 " ;
const char * remote_site2 = " smbtorture-nonexisting-site2 " ;
r . in . bind_handle = & priv - > bind_handle ;
r . in . level = 1 ;
2007-08-31 19:29:38 +04:00
r . in . req . req1 . site_from = talloc_strdup ( tctx , my_site ) ;
2007-05-30 13:54:19 +04:00
r . in . req . req1 . num_req = 2 ;
2007-08-31 19:29:38 +04:00
r . in . req . req1 . site_to = talloc_zero_array ( tctx , const char * , r . in . req . req1 . num_req ) ;
r . in . req . req1 . site_to [ 0 ] = talloc_strdup ( tctx , remote_site1 ) ;
r . in . req . req1 . site_to [ 1 ] = talloc_strdup ( tctx , remote_site2 ) ;
2007-05-30 13:54:19 +04:00
r . in . req . req1 . flags = 0 ;
2007-08-31 19:29:38 +04:00
status = dcerpc_drsuapi_QuerySitesByCost ( p , tctx , & r ) ;
torture_assert_ntstatus_ok ( tctx , status , " drsuapi_QuerySitesByCost " ) ;
torture_assert_werr_ok ( tctx , r . out . result , " QuerySitesByCost failed " ) ;
2007-05-30 13:54:19 +04:00
2007-09-01 02:34:52 +04:00
torture_assert_werr_equal ( tctx , r . out . ctr . ctr1 . info [ 0 ] . error_code ,
WERR_DS_OBJ_NOT_FOUND , " expected not found error " ) ;
torture_assert_werr_equal ( tctx , r . out . ctr . ctr1 . info [ 1 ] . error_code ,
WERR_DS_OBJ_NOT_FOUND , " expected not found error " ) ;
2007-05-30 13:54:19 +04:00
2007-08-31 19:29:38 +04:00
torture_assert_int_equal ( tctx , r . out . ctr . ctr1 . info [ 0 ] . site_cost ,
( uint32_t ) - 1 , " unexpected site cost " ) ;
torture_assert_int_equal ( tctx , r . out . ctr . ctr1 . info [ 1 ] . site_cost ,
( uint32_t ) - 1 , " unexpected site cost " ) ;
2007-05-30 13:54:19 +04:00
2007-08-31 19:29:38 +04:00
return true ;
2007-05-30 13:54:19 +04:00
}
2007-09-01 02:34:52 +04:00
struct torture_suite * torture_rpc_drsuapi ( TALLOC_CTX * mem_ctx )
2004-07-13 22:05:02 +04:00
{
2007-09-01 02:34:52 +04:00
struct torture_suite * suite = torture_suite_create ( mem_ctx , " DRSUAPI " ) ;
struct torture_test * test ;
struct torture_rpc_tcase * tcase = torture_suite_add_machine_rpc_iface_tcase ( suite , " drsuapi " ,
& ndr_table_drsuapi , TEST_MACHINE_NAME ) ;
torture_rpc_tcase_add_drsuapi_test ( tcase , " QuerySitesByCost " , test_QuerySitesByCost ) ;
torture_rpc_tcase_add_drsuapi_test ( tcase , " DsGetDomainControllerInfo " , test_DsGetDomainControllerInfo ) ;
torture_rpc_tcase_add_drsuapi_test ( tcase , " DsCrackNames " , test_DsCrackNames ) ;
torture_rpc_tcase_add_drsuapi_test ( tcase , " DsWriteAccountSpn " , test_DsWriteAccountSpn ) ;
torture_rpc_tcase_add_drsuapi_test ( tcase , " DsReplicaGetInfo " , test_DsReplicaGetInfo ) ;
test = torture_rpc_tcase_add_drsuapi_test ( tcase , " DsReplicaSync " , test_DsReplicaSync ) ;
test - > dangerous = true ;
torture_rpc_tcase_add_drsuapi_test ( tcase , " DsReplicaUpdateRefs " , test_DsReplicaUpdateRefs ) ;
torture_rpc_tcase_add_drsuapi_test ( tcase , " DsGetNCChange " , test_DsGetNCChanges ) ;
return suite ;
2004-07-13 22:05:02 +04:00
}
2005-08-29 08:15:08 +04:00
2007-09-01 02:34:52 +04:00
struct torture_suite * torture_rpc_drsuapi_cracknames ( TALLOC_CTX * mem_ctx )
2006-12-12 02:59:03 +03:00
{
2007-09-01 02:34:52 +04:00
struct torture_suite * suite = torture_suite_create ( mem_ctx , " CRACKNAMES " ) ;
struct torture_rpc_tcase * tcase = torture_suite_add_machine_rpc_iface_tcase ( suite , " drsuapi " ,
& ndr_table_drsuapi , TEST_MACHINE_NAME ) ;
2006-12-12 02:59:03 +03:00
2007-09-01 02:34:52 +04:00
torture_rpc_tcase_add_drsuapi_test ( tcase , " DsGetDomainControllerInfo " , test_DsGetDomainControllerInfo ) ;
torture_rpc_tcase_add_drsuapi_test ( tcase , " DsCrackNames " , test_DsCrackNames ) ;
2006-12-12 02:59:03 +03:00
2007-09-01 02:34:52 +04:00
return suite ;
2006-12-12 02:59:03 +03:00
}