The branch, master has been updated via f6d1578 drs-cracknames: Add some debugs in the torture to know better which test has failed via 3de2547 Remove the knownfail flag on cracknames as it didn't fail anymore via 7fe4630 drs-cracksname: fix problems that prevented to pass our torture tests via 029e80d drs-crackname: Fix error code so that we have the same as windows via 552b4f3 drs-cracknames: When cracking NT4 names we should just look at netbios for the match via aa17a2c drs-crackname: Fix cracknames for the format UNKNOWN when the data is actually a GUID via beead4d drs-cracknames: Reorganise the cracknames list so that similar format names are group together via 2f7d772 Add Notes related to DRSUAPI via b67085d s4-netlogon: honnor DS_RETURN_DNS_NAME flag via 927a103 s4-netlogon: do not add \ it has already be done in the fill_netlogon_samlogon_response via 5300984 torture: Quiet a warning about set but not used variable via 0eb304d torture-drsuapi: Make the name of the dc variable from 8b1a214 s3-netlogon: Connecting with the system token should be sufficient.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit f6d157858feeb8b59eb353a1a237fe9e359a5dcf Author: Matthieu Patou <m...@matws.net> Date: Tue Jul 30 16:09:00 2013 -0700 drs-cracknames: Add some debugs in the torture to know better which test has failed Signed-off-by: Matthieu Patou <m...@matws.net> Reviewed-By: Andrew Bartlett <abarl...@samba.org> Autobuild-User(master): Matthieu Patou <m...@samba.org> Autobuild-Date(master): Wed Aug 7 08:10:58 CEST 2013 on sn-devel-104 commit 3de2547e29cd29ff4a48cadaf392129d7893d77a Author: Matthieu Patou <m...@matws.net> Date: Sun Jun 30 20:45:28 2013 -0700 Remove the knownfail flag on cracknames as it didn't fail anymore Signed-off-by: Matthieu Patou <m...@matws.net> Reviewed-by: Andrew Bartlett <abarl...@samba.org> commit 7fe4630bad232c09e29739beedda2e2fb63747ed Author: Matthieu Patou <m...@matws.net> Date: Sun Jun 30 20:44:22 2013 -0700 drs-cracksname: fix problems that prevented to pass our torture tests Some of the problems where also reported by Microsoft testing tools Signed-off-by: Matthieu Patou <m...@matws.net> Reviewed-by: Andrew Bartlett <abarl...@samba.org> commit 029e80da9d1ab5096cd0981110b588245f8fd50d Author: Matthieu Patou <m...@matws.net> Date: Sun Jun 30 02:04:20 2013 -0700 drs-crackname: Fix error code so that we have the same as windows Signed-off-by: Matthieu Patou <m...@matws.net> Reviewed-by: Andrew Bartlett <abarl...@samba.org> commit 552b4f3e022dca594e1dada7979fe351eee8cf9b Author: Matthieu Patou <m...@matws.net> Date: Sun Jun 30 02:03:02 2013 -0700 drs-cracknames: When cracking NT4 names we should just look at netbios for the match Looking at dnsRoot will yield a result for domain.tld\username when it shouldn't work. Signed-off-by: Matthieu Patou <m...@matws.net> Reviewed-by: Andrew Bartlett <abarl...@samba.org> commit aa17a2c01dbab2e522a8ccccaed7943963bab5b9 Author: Matthieu Patou <m...@matws.net> Date: Sat Jun 29 16:02:32 2013 -0700 drs-crackname: Fix cracknames for the format UNKNOWN when the data is actually a GUID The cannonical crackname expect a "/" or it returns DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR, when doing UNKNOWN format it's not an error to not have a "/" in the name to crack it's just a sign the name is not a cannonical one. Signed-off-by: Matthieu Patou <m...@matws.net> Reviewed-by: Andrew Bartlett <abarl...@samba.org> commit beead4d431b4d0cdd5e9f58fef481848d9daeaff Author: Matthieu Patou <m...@matws.net> Date: Fri Jun 28 01:11:46 2013 -0700 drs-cracknames: Reorganise the cracknames list so that similar format names are group together It makes easier when reviewing failed test case in DRSR testsuite Signed-off-by: Matthieu Patou <m...@matws.net> Reviewed-by: Andrew Bartlett <abarl...@samba.org> commit 2f7d772583c8cdb6f7fc2b96addc54b9f9b12cd1 Author: Matthieu Patou <m...@matws.net> Date: Thu Jun 27 23:58:41 2013 -0700 Add Notes related to DRSUAPI Signed-off-by: Matthieu Patou <m...@matws.net> Reviewed-by: Andrew Bartlett <abarl...@samba.org> commit b67085de7fdfb41c42c71438f2e4b5474b3b111a Author: Matthieu Patou <m...@matws.net> Date: Tue Sep 27 14:06:03 2011 -0400 s4-netlogon: honnor DS_RETURN_DNS_NAME flag Reviewed-By: Andrew Bartlett <abarl...@samba.org> commit 927a1030d78c25dbc43b6470f9ffe8b5fe664835 Author: Matthieu Patou <m...@matws.net> Date: Mon Sep 26 18:54:04 2011 -0400 s4-netlogon: do not add \\ it has already be done in the fill_netlogon_samlogon_response Reviewed-By: Andrew Bartlett <abarl...@samba.org> commit 530098440ee34b6fc23c2786b2df411978d15c97 Author: Matthieu Patou <m...@matws.net> Date: Tue Jul 30 16:07:56 2013 -0700 torture: Quiet a warning about set but not used variable Signed-off-by: Matthieu Patou <m...@matws.net> Reviewed-By: Andrew Bartlett <abarl...@samba.org> commit 0eb304d536f27bcb647d7f8c0e57d187b59c0caa Author: Matthieu Patou <mat@debian> Date: Tue Jul 30 21:45:59 2013 -0700 torture-drsuapi: Make the name of the dc variable In case some tests fails or if the removal takes sometime to replicate to all the DCs Reviewed-By: Andrew Bartlett <abarl...@samba.org> ----------------------------------------------------------------------- Summary of changes: selftest/knownfail | 2 - source4/dsdb/samdb/cracknames.c | 36 ++++++++++++++++++------ source4/rpc_server/drsuapi/dcesrv_drsuapi.c | 12 ++++---- source4/rpc_server/drsuapi/updaterefs.c | 1 + source4/rpc_server/netlogon/dcerpc_netlogon.c | 13 ++++++++- source4/torture/rpc/drsuapi.c | 23 ++++++++------- source4/torture/rpc/drsuapi_cracknames.c | 4 +++ 7 files changed, 62 insertions(+), 29 deletions(-) Changeset truncated at 500 lines: diff --git a/selftest/knownfail b/selftest/knownfail index 0c501fa..c075ba6 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -93,7 +93,6 @@ ^samba4.rpc.lsalookup with seal,padcheck ^samba4.rpc.lsalookup with validate ^samba4.rpc.lsalookup with bigendian -^samba4.rpc.cracknames ^samba4.rpc.netlogon.*.LogonUasLogon ^samba4.rpc.netlogon.*.LogonUasLogoff ^samba4.rpc.netlogon.*.DatabaseSync @@ -155,7 +154,6 @@ #^samba4.ldap.dirsync.python.dc..__main__.ExtendedDirsyncTests.* ^samba4.libsmbclient.opendir.opendir # This requires netbios browsing ^samba4.rpc.drsuapi.*.drsuapi.DsGetDomainControllerInfo\(.*\)$ -^samba4.rpc.drsuapi.*.drsuapi.DsCrackNames\(.*\)$ ^samba4.smb2.oplock.exclusive2\(.*\)$ # samba 4 oplocks are a mess ^samba4.smb2.oplock.exclusive5\(.*\)$ # samba 4 oplocks are a mess ^samba4.smb2.oplock.exclusive6\(.*\)$ # samba 4 oplocks are a mess diff --git a/source4/dsdb/samdb/cracknames.c b/source4/dsdb/samdb/cracknames.c index 0c4cdfc..d09da25 100644 --- a/source4/dsdb/samdb/cracknames.c +++ b/source4/dsdb/samdb/cracknames.c @@ -468,7 +468,9 @@ WERROR DsCrackNameOneName(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx, /* TODO: - fill the correct names in all cases! * - handle format_flags */ - + if (format_desired == DRSUAPI_DS_NAME_FORMAT_UNKNOWN) { + return WERR_OK; + } /* here we need to set the domain_filter and/or the result_filter */ switch (format_offered) { case DRSUAPI_DS_NAME_FORMAT_UNKNOWN: @@ -488,7 +490,10 @@ WERROR DsCrackNameOneName(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx, if (!W_ERROR_IS_OK(werr)) { return werr; } - if (info1->status != DRSUAPI_DS_NAME_STATUS_NOT_FOUND) { + if (info1->status != DRSUAPI_DS_NAME_STATUS_NOT_FOUND && + (formats[i] != DRSUAPI_DS_NAME_FORMAT_CANONICAL || + info1->status != DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR)) + { return werr; } } @@ -574,8 +579,7 @@ WERROR DsCrackNameOneName(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx, } domain_filter = talloc_asprintf(mem_ctx, - "(&(objectClass=crossRef)(|(dnsRoot=%s)(netbiosName=%s))(systemFlags:%s:=%u))", - ldb_binary_encode_string(mem_ctx, domain), + "(&(objectClass=crossRef)(netbiosName=%s)(systemFlags:%s:=%u))", ldb_binary_encode_string(mem_ctx, domain), LDB_OID_COMPARATOR_AND, SYSTEM_FLAG_CR_NTDS_DOMAIN); @@ -931,9 +935,25 @@ static WERROR DsCrackNameOneFilter(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ int ret; struct ldb_result *res; uint32_t dsdb_flags = 0; - struct ldb_dn *real_search_dn; + struct ldb_dn *real_search_dn = NULL; + info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND; - if (domain_res) { + /* + * From 4.1.4.2.11 of MS-DRSR + * if DS_NAME_FLAG_GCVERIFY in flags then + * rt := select all O from all + * where attrValue in GetAttrVals(O, att, false) + * else + * rt := select all O from subtree DefaultNC() + * where attrValue in GetAttrVals(O, att, false) + * endif + * return rt + */ + if (format_flags & DRSUAPI_DS_NAME_FLAG_GCVERIFY || + format_offered == DRSUAPI_DS_NAME_FORMAT_GUID) + { + dsdb_flags = DSDB_SEARCH_SEARCH_ALL_PARTITIONS; + } else if (domain_res) { if (!search_dn) { struct ldb_dn *tmp_dn = samdb_result_dn(sam_ctx, mem_ctx, domain_res->msgs[0], "ncName", NULL); real_search_dn = tmp_dn; @@ -941,13 +961,11 @@ static WERROR DsCrackNameOneFilter(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ real_search_dn = search_dn; } } else { - dsdb_flags = DSDB_SEARCH_SEARCH_ALL_PARTITIONS; - real_search_dn = NULL; + real_search_dn = ldb_get_default_basedn(sam_ctx); } if (format_desired == DRSUAPI_DS_NAME_FORMAT_GUID){ dsdb_flags |= DSDB_SEARCH_SHOW_RECYCLED; } - /* search with the 'phantom root' flag */ ret = dsdb_search(sam_ctx, mem_ctx, &res, real_search_dn, diff --git a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c index 2ce6beb..879f63f 100644 --- a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c +++ b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c @@ -430,21 +430,21 @@ static WERROR dcesrv_drsuapi_DsCrackNames(struct dcesrv_call_state *dce_call, TA switch (r->in.level) { case 1: { switch(r->in.req->req1.format_offered){ - case DRSUAPI_DS_NAME_FORMAT_UPN_AND_ALTSECID: case DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT_NAME_SANS_DOMAIN_EX: - case DRSUAPI_DS_NAME_FORMAT_LIST_GLOBAL_CATALOG_SERVERS: - case DRSUAPI_DS_NAME_FORMAT_UPN_FOR_LOGON: - case DRSUAPI_DS_NAME_FORMAT_LIST_SERVERS_WITH_DCS_IN_SITE: + case DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT_NAME_SANS_DOMAIN: case DRSUAPI_DS_NAME_FORMAT_STRING_SID_NAME: case DRSUAPI_DS_NAME_FORMAT_ALT_SECURITY_IDENTITIES_NAME: + case DRSUAPI_DS_NAME_FORMAT_MAP_SCHEMA_GUID: case DRSUAPI_DS_NAME_FORMAT_LIST_NCS: case DRSUAPI_DS_NAME_FORMAT_LIST_DOMAINS: - case DRSUAPI_DS_NAME_FORMAT_MAP_SCHEMA_GUID: - case DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT_NAME_SANS_DOMAIN: + case DRSUAPI_DS_NAME_FORMAT_LIST_GLOBAL_CATALOG_SERVERS: + case DRSUAPI_DS_NAME_FORMAT_LIST_SERVERS_WITH_DCS_IN_SITE: case DRSUAPI_DS_NAME_FORMAT_LIST_SERVERS_FOR_DOMAIN_IN_SITE: case DRSUAPI_DS_NAME_FORMAT_LIST_DOMAINS_IN_SITE: case DRSUAPI_DS_NAME_FORMAT_LIST_SERVERS_IN_SITE: case DRSUAPI_DS_NAME_FORMAT_LIST_SITES: + case DRSUAPI_DS_NAME_FORMAT_UPN_AND_ALTSECID: + case DRSUAPI_DS_NAME_FORMAT_UPN_FOR_LOGON: DEBUG(0, ("DsCrackNames: Unsupported operation requested: %X", r->in.req->req1.format_offered)); return WERR_OK; diff --git a/source4/rpc_server/drsuapi/updaterefs.c b/source4/rpc_server/drsuapi/updaterefs.c index 14bd3f6..ae87117 100644 --- a/source4/rpc_server/drsuapi/updaterefs.c +++ b/source4/rpc_server/drsuapi/updaterefs.c @@ -160,6 +160,7 @@ WERROR drsuapi_UpdateRefs(struct drsuapi_bind_state *b_state, TALLOC_CTX *mem_ct return WERR_DS_DRA_INVALID_PARAMETER; } + /* FIXME it seems that we should check the length of the stuff too*/ if (req->dest_dsa_dns_name == NULL) { return WERR_DS_DRA_INVALID_PARAMETER; } diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index 5cc3b34..de8f0e5 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -1840,7 +1840,9 @@ static WERROR dcesrv_netr_DsRGetDCNameEx2(struct dcesrv_call_state *dce_call, info = talloc(mem_ctx, struct netr_DsRGetDCNameInfo); W_ERROR_HAVE_NO_MEMORY(info); - info->dc_unc = talloc_asprintf(mem_ctx, "\\\\%s", dc_name); + info->dc_unc = talloc_asprintf(mem_ctx, "%s%s", + dc_name[0] == '\\'? "\\\\":"", + talloc_strdup(mem_ctx, dc_name)); W_ERROR_HAVE_NO_MEMORY(info->dc_unc); load_interface_list(mem_ctx, lp_ctx, &ifaces); @@ -1855,6 +1857,15 @@ static WERROR dcesrv_netr_DsRGetDCNameEx2(struct dcesrv_call_state *dce_call, info->domain_name = domain_name; info->forest_name = response.data.nt5_ex.forest; info->dc_flags = response.data.nt5_ex.server_type; + if (r->in.flags & DS_RETURN_DNS_NAME) { + /* As MS-NRPC.pdf in 2.2.1.2.1 the DS_DNS_CONTROLLER flag should be + * returned if we are returning info->dc_unc containing a FQDN. + * This attribute is called DomainControllerName in the specs, + * it seems that we decide to return FQDN or netbios depending on + * DS_RETURN_DNS_NAME. + */ + info->dc_flags |= DS_DNS_CONTROLLER; + } info->dc_site_name = response.data.nt5_ex.server_site; info->client_site_name = response.data.nt5_ex.client_site; diff --git a/source4/torture/rpc/drsuapi.c b/source4/torture/rpc/drsuapi.c index 86b0d32..1d535ac 100644 --- a/source4/torture/rpc/drsuapi.c +++ b/source4/torture/rpc/drsuapi.c @@ -774,7 +774,9 @@ bool torture_rpc_drsuapi_get_dcinfo(struct torture_context *torture, */ bool torture_drsuapi_tcase_setup_common(struct torture_context *tctx, struct DsPrivate *priv) { - NTSTATUS status; + NTSTATUS status; + int rnd = rand() % 1000; + char *name = talloc_asprintf(tctx, "%s%d", TEST_MACHINE_NAME, rnd); struct cli_credentials *machine_credentials; torture_assert(tctx, priv, "Invalid argument"); @@ -785,8 +787,8 @@ bool torture_drsuapi_tcase_setup_common(struct torture_context *tctx, struct DsP &ndr_table_drsuapi); torture_assert(tctx, NT_STATUS_IS_OK(status), "Unable to connect to DRSUAPI pipe"); - torture_comment(tctx, "About to join domain\n"); - priv->join = torture_join_domain(tctx, TEST_MACHINE_NAME, ACB_SVRTRUST, + torture_comment(tctx, "About to join domain with name %s\n", name); + priv->join = torture_join_domain(tctx, name, ACB_SVRTRUST, &machine_credentials); torture_assert(tctx, priv->join, "Failed to join as BDC"); @@ -848,7 +850,6 @@ void torture_rpc_drsuapi_tcase(struct torture_suite *suite) { typedef bool (*run_func) (struct torture_context *test, void *tcase_data); - struct torture_test *test; struct torture_tcase *tcase = torture_suite_add_tcase(suite, "drsuapi"); torture_tcase_set_fixture(tcase, torture_drsuapi_tcase_setup, @@ -858,17 +859,17 @@ void torture_rpc_drsuapi_tcase(struct torture_suite *suite) test = torture_tcase_add_simple_test(tcase, "QuerySitesByCost", (run_func)test_QuerySitesByCost); #endif - test = torture_tcase_add_simple_test(tcase, "DsGetDomainControllerInfo", (run_func)test_DsGetDomainControllerInfo); + torture_tcase_add_simple_test(tcase, "DsGetDomainControllerInfo", (run_func)test_DsGetDomainControllerInfo); - test = torture_tcase_add_simple_test(tcase, "DsCrackNames", (run_func)test_DsCrackNames); + torture_tcase_add_simple_test(tcase, "DsCrackNames", (run_func)test_DsCrackNames); - test = torture_tcase_add_simple_test(tcase, "DsWriteAccountSpn", (run_func)test_DsWriteAccountSpn); + torture_tcase_add_simple_test(tcase, "DsWriteAccountSpn", (run_func)test_DsWriteAccountSpn); - test = torture_tcase_add_simple_test(tcase, "DsReplicaGetInfo", (run_func)test_DsReplicaGetInfo); + torture_tcase_add_simple_test(tcase, "DsReplicaGetInfo", (run_func)test_DsReplicaGetInfo); - test = torture_tcase_add_simple_test(tcase, "DsReplicaSync", (run_func)test_DsReplicaSync); + torture_tcase_add_simple_test(tcase, "DsReplicaSync", (run_func)test_DsReplicaSync); - test = torture_tcase_add_simple_test(tcase, "DsReplicaUpdateRefs", (run_func)test_DsReplicaUpdateRefs); + torture_tcase_add_simple_test(tcase, "DsReplicaUpdateRefs", (run_func)test_DsReplicaUpdateRefs); - test = torture_tcase_add_simple_test(tcase, "DsGetNCChanges", (run_func)test_DsGetNCChanges); + torture_tcase_add_simple_test(tcase, "DsGetNCChanges", (run_func)test_DsGetNCChanges); } diff --git a/source4/torture/rpc/drsuapi_cracknames.c b/source4/torture/rpc/drsuapi_cracknames.c index 465f6db..ac39d1d 100644 --- a/source4/torture/rpc/drsuapi_cracknames.c +++ b/source4/torture/rpc/drsuapi_cracknames.c @@ -199,6 +199,10 @@ static bool test_DsCrackNamesMatrix(struct torture_context *tctx, for (i = 0; i < ARRAY_SIZE(formats); i++) { for (j = 0; j < ARRAY_SIZE(formats); j++) { + torture_comment(tctx, "Converting %s (format %d)" + " to %d gave %s\n", + n_from[i], formats[i], + formats[j], n_matrix[i][j]); if (n_matrix[i][j] == n_from[j]) { /* We don't have a from name for these yet (and we can't map to them to find it out) */ -- Samba Shared Repository