The branch, master has been updated
via f6d1578 drs-cracknames: Add some debugs in the torture to know
better which test has failed
via 3de2547 Remove the knownfail flag on cracknames as it didn't fail
anymore
via 7fe4630 drs-cracksname: fix problems that prevented to pass our
torture tests
via 029e80d drs-crackname: Fix error code so that we have the same as
windows
via 552b4f3 drs-cracknames: When cracking NT4 names we should just look
at netbios for the match
via aa17a2c drs-crackname: Fix cracknames for the format UNKNOWN when
the data is actually a GUID
via beead4d drs-cracknames: Reorganise the cracknames list so that
similar format names are group together
via 2f7d772 Add Notes related to DRSUAPI
via b67085d s4-netlogon: honnor DS_RETURN_DNS_NAME flag
via 927a103 s4-netlogon: do not add \ it has already be done in the
fill_netlogon_samlogon_response
via 5300984 torture: Quiet a warning about set but not used variable
via 0eb304d torture-drsuapi: Make the name of the dc variable
from 8b1a214 s3-netlogon: Connecting with the system token should be
sufficient.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit f6d157858feeb8b59eb353a1a237fe9e359a5dcf
Author: Matthieu Patou <m...@matws.net>
Date: Tue Jul 30 16:09:00 2013 -0700
drs-cracknames: Add some debugs in the torture to know better which test
has failed
Signed-off-by: Matthieu Patou <m...@matws.net>
Reviewed-By: Andrew Bartlett <abarl...@samba.org>
Autobuild-User(master): Matthieu Patou <m...@samba.org>
Autobuild-Date(master): Wed Aug 7 08:10:58 CEST 2013 on sn-devel-104
commit 3de2547e29cd29ff4a48cadaf392129d7893d77a
Author: Matthieu Patou <m...@matws.net>
Date: Sun Jun 30 20:45:28 2013 -0700
Remove the knownfail flag on cracknames as it didn't fail anymore
Signed-off-by: Matthieu Patou <m...@matws.net>
Reviewed-by: Andrew Bartlett <abarl...@samba.org>
commit 7fe4630bad232c09e29739beedda2e2fb63747ed
Author: Matthieu Patou <m...@matws.net>
Date: Sun Jun 30 20:44:22 2013 -0700
drs-cracksname: fix problems that prevented to pass our torture tests
Some of the problems where also reported by Microsoft testing tools
Signed-off-by: Matthieu Patou <m...@matws.net>
Reviewed-by: Andrew Bartlett <abarl...@samba.org>
commit 029e80da9d1ab5096cd0981110b588245f8fd50d
Author: Matthieu Patou <m...@matws.net>
Date: Sun Jun 30 02:04:20 2013 -0700
drs-crackname: Fix error code so that we have the same as windows
Signed-off-by: Matthieu Patou <m...@matws.net>
Reviewed-by: Andrew Bartlett <abarl...@samba.org>
commit 552b4f3e022dca594e1dada7979fe351eee8cf9b
Author: Matthieu Patou <m...@matws.net>
Date: Sun Jun 30 02:03:02 2013 -0700
drs-cracknames: When cracking NT4 names we should just look at netbios for
the match
Looking at dnsRoot will yield a result for domain.tld\username when it
shouldn't work.
Signed-off-by: Matthieu Patou <m...@matws.net>
Reviewed-by: Andrew Bartlett <abarl...@samba.org>
commit aa17a2c01dbab2e522a8ccccaed7943963bab5b9
Author: Matthieu Patou <m...@matws.net>
Date: Sat Jun 29 16:02:32 2013 -0700
drs-crackname: Fix cracknames for the format UNKNOWN when the data is
actually a GUID
The cannonical crackname expect a "/" or it returns
DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR, when doing UNKNOWN format it's not
an error to not have a "/" in the name to crack it's just a sign the
name is not a cannonical one.
Signed-off-by: Matthieu Patou <m...@matws.net>
Reviewed-by: Andrew Bartlett <abarl...@samba.org>
commit beead4d431b4d0cdd5e9f58fef481848d9daeaff
Author: Matthieu Patou <m...@matws.net>
Date: Fri Jun 28 01:11:46 2013 -0700
drs-cracknames: Reorganise the cracknames list so that similar format names
are group together
It makes easier when reviewing failed test case in DRSR testsuite
Signed-off-by: Matthieu Patou <m...@matws.net>
Reviewed-by: Andrew Bartlett <abarl...@samba.org>
commit 2f7d772583c8cdb6f7fc2b96addc54b9f9b12cd1
Author: Matthieu Patou <m...@matws.net>
Date: Thu Jun 27 23:58:41 2013 -0700
Add Notes related to DRSUAPI
Signed-off-by: Matthieu Patou <m...@matws.net>
Reviewed-by: Andrew Bartlett <abarl...@samba.org>
commit b67085de7fdfb41c42c71438f2e4b5474b3b111a
Author: Matthieu Patou <m...@matws.net>
Date: Tue Sep 27 14:06:03 2011 -0400
s4-netlogon: honnor DS_RETURN_DNS_NAME flag
Reviewed-By: Andrew Bartlett <abarl...@samba.org>
commit 927a1030d78c25dbc43b6470f9ffe8b5fe664835
Author: Matthieu Patou <m...@matws.net>
Date: Mon Sep 26 18:54:04 2011 -0400
s4-netlogon: do not add \\ it has already be done in the
fill_netlogon_samlogon_response
Reviewed-By: Andrew Bartlett <abarl...@samba.org>
commit 530098440ee34b6fc23c2786b2df411978d15c97
Author: Matthieu Patou <m...@matws.net>
Date: Tue Jul 30 16:07:56 2013 -0700
torture: Quiet a warning about set but not used variable
Signed-off-by: Matthieu Patou <m...@matws.net>
Reviewed-By: Andrew Bartlett <abarl...@samba.org>
commit 0eb304d536f27bcb647d7f8c0e57d187b59c0caa
Author: Matthieu Patou <mat@debian>
Date: Tue Jul 30 21:45:59 2013 -0700
torture-drsuapi: Make the name of the dc variable
In case some tests fails or if the removal takes sometime to replicate
to all the DCs
Reviewed-By: Andrew Bartlett <abarl...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
selftest/knownfail | 2 -
source4/dsdb/samdb/cracknames.c | 36 ++++++++++++++++++------
source4/rpc_server/drsuapi/dcesrv_drsuapi.c | 12 ++++----
source4/rpc_server/drsuapi/updaterefs.c | 1 +
source4/rpc_server/netlogon/dcerpc_netlogon.c | 13 ++++++++-
source4/torture/rpc/drsuapi.c | 23 ++++++++-------
source4/torture/rpc/drsuapi_cracknames.c | 4 +++
7 files changed, 62 insertions(+), 29 deletions(-)
Changeset truncated at 500 lines:
diff --git a/selftest/knownfail b/selftest/knownfail
index 0c501fa..c075ba6 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -93,7 +93,6 @@
^samba4.rpc.lsalookup with seal,padcheck
^samba4.rpc.lsalookup with validate
^samba4.rpc.lsalookup with bigendian
-^samba4.rpc.cracknames
^samba4.rpc.netlogon.*.LogonUasLogon
^samba4.rpc.netlogon.*.LogonUasLogoff
^samba4.rpc.netlogon.*.DatabaseSync
@@ -155,7 +154,6 @@
#^samba4.ldap.dirsync.python.dc..__main__.ExtendedDirsyncTests.*
^samba4.libsmbclient.opendir.opendir # This requires netbios browsing
^samba4.rpc.drsuapi.*.drsuapi.DsGetDomainControllerInfo\(.*\)$
-^samba4.rpc.drsuapi.*.drsuapi.DsCrackNames\(.*\)$
^samba4.smb2.oplock.exclusive2\(.*\)$ # samba 4 oplocks are a mess
^samba4.smb2.oplock.exclusive5\(.*\)$ # samba 4 oplocks are a mess
^samba4.smb2.oplock.exclusive6\(.*\)$ # samba 4 oplocks are a mess
diff --git a/source4/dsdb/samdb/cracknames.c b/source4/dsdb/samdb/cracknames.c
index 0c4cdfc..d09da25 100644
--- a/source4/dsdb/samdb/cracknames.c
+++ b/source4/dsdb/samdb/cracknames.c
@@ -468,7 +468,9 @@ WERROR DsCrackNameOneName(struct ldb_context *sam_ctx,
TALLOC_CTX *mem_ctx,
/* TODO: - fill the correct names in all cases!
* - handle format_flags
*/
-
+ if (format_desired == DRSUAPI_DS_NAME_FORMAT_UNKNOWN) {
+ return WERR_OK;
+ }
/* here we need to set the domain_filter and/or the result_filter */
switch (format_offered) {
case DRSUAPI_DS_NAME_FORMAT_UNKNOWN:
@@ -488,7 +490,10 @@ WERROR DsCrackNameOneName(struct ldb_context *sam_ctx,
TALLOC_CTX *mem_ctx,
if (!W_ERROR_IS_OK(werr)) {
return werr;
}
- if (info1->status != DRSUAPI_DS_NAME_STATUS_NOT_FOUND) {
+ if (info1->status != DRSUAPI_DS_NAME_STATUS_NOT_FOUND &&
+ (formats[i] != DRSUAPI_DS_NAME_FORMAT_CANONICAL ||
+ info1->status !=
DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR))
+ {
return werr;
}
}
@@ -574,8 +579,7 @@ WERROR DsCrackNameOneName(struct ldb_context *sam_ctx,
TALLOC_CTX *mem_ctx,
}
domain_filter = talloc_asprintf(mem_ctx,
-
"(&(objectClass=crossRef)(|(dnsRoot=%s)(netbiosName=%s))(systemFlags:%s:=%u))",
-
ldb_binary_encode_string(mem_ctx, domain),
+
"(&(objectClass=crossRef)(netbiosName=%s)(systemFlags:%s:=%u))",
ldb_binary_encode_string(mem_ctx, domain),
LDB_OID_COMPARATOR_AND,
SYSTEM_FLAG_CR_NTDS_DOMAIN);
@@ -931,9 +935,25 @@ static WERROR DsCrackNameOneFilter(struct ldb_context
*sam_ctx, TALLOC_CTX *mem_
int ret;
struct ldb_result *res;
uint32_t dsdb_flags = 0;
- struct ldb_dn *real_search_dn;
+ struct ldb_dn *real_search_dn = NULL;
+ info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
- if (domain_res) {
+ /*
+ * From 4.1.4.2.11 of MS-DRSR
+ * if DS_NAME_FLAG_GCVERIFY in flags then
+ * rt := select all O from all
+ * where attrValue in GetAttrVals(O, att, false)
+ * else
+ * rt := select all O from subtree DefaultNC()
+ * where attrValue in GetAttrVals(O, att, false)
+ * endif
+ * return rt
+ */
+ if (format_flags & DRSUAPI_DS_NAME_FLAG_GCVERIFY ||
+ format_offered == DRSUAPI_DS_NAME_FORMAT_GUID)
+ {
+ dsdb_flags = DSDB_SEARCH_SEARCH_ALL_PARTITIONS;
+ } else if (domain_res) {
if (!search_dn) {
struct ldb_dn *tmp_dn =
samdb_result_dn(sam_ctx, mem_ctx, domain_res->msgs[0], "ncName", NULL);
real_search_dn = tmp_dn;
@@ -941,13 +961,11 @@ static WERROR DsCrackNameOneFilter(struct ldb_context
*sam_ctx, TALLOC_CTX *mem_
real_search_dn = search_dn;
}
} else {
- dsdb_flags = DSDB_SEARCH_SEARCH_ALL_PARTITIONS;
- real_search_dn = NULL;
+ real_search_dn = ldb_get_default_basedn(sam_ctx);
}
if (format_desired == DRSUAPI_DS_NAME_FORMAT_GUID){
dsdb_flags |= DSDB_SEARCH_SHOW_RECYCLED;
}
-
/* search with the 'phantom root' flag */
ret = dsdb_search(sam_ctx, mem_ctx, &res,
real_search_dn,
diff --git a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
index 2ce6beb..879f63f 100644
--- a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
+++ b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
@@ -430,21 +430,21 @@ static WERROR dcesrv_drsuapi_DsCrackNames(struct
dcesrv_call_state *dce_call, TA
switch (r->in.level) {
case 1: {
switch(r->in.req->req1.format_offered){
- case DRSUAPI_DS_NAME_FORMAT_UPN_AND_ALTSECID:
case
DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT_NAME_SANS_DOMAIN_EX:
- case DRSUAPI_DS_NAME_FORMAT_LIST_GLOBAL_CATALOG_SERVERS:
- case DRSUAPI_DS_NAME_FORMAT_UPN_FOR_LOGON:
- case
DRSUAPI_DS_NAME_FORMAT_LIST_SERVERS_WITH_DCS_IN_SITE:
+ case
DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT_NAME_SANS_DOMAIN:
case DRSUAPI_DS_NAME_FORMAT_STRING_SID_NAME:
case
DRSUAPI_DS_NAME_FORMAT_ALT_SECURITY_IDENTITIES_NAME:
+ case DRSUAPI_DS_NAME_FORMAT_MAP_SCHEMA_GUID:
case DRSUAPI_DS_NAME_FORMAT_LIST_NCS:
case DRSUAPI_DS_NAME_FORMAT_LIST_DOMAINS:
- case DRSUAPI_DS_NAME_FORMAT_MAP_SCHEMA_GUID:
- case
DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT_NAME_SANS_DOMAIN:
+ case DRSUAPI_DS_NAME_FORMAT_LIST_GLOBAL_CATALOG_SERVERS:
+ case
DRSUAPI_DS_NAME_FORMAT_LIST_SERVERS_WITH_DCS_IN_SITE:
case
DRSUAPI_DS_NAME_FORMAT_LIST_SERVERS_FOR_DOMAIN_IN_SITE:
case DRSUAPI_DS_NAME_FORMAT_LIST_DOMAINS_IN_SITE:
case DRSUAPI_DS_NAME_FORMAT_LIST_SERVERS_IN_SITE:
case DRSUAPI_DS_NAME_FORMAT_LIST_SITES:
+ case DRSUAPI_DS_NAME_FORMAT_UPN_AND_ALTSECID:
+ case DRSUAPI_DS_NAME_FORMAT_UPN_FOR_LOGON:
DEBUG(0, ("DsCrackNames: Unsupported operation
requested: %X",
r->in.req->req1.format_offered));
return WERR_OK;
diff --git a/source4/rpc_server/drsuapi/updaterefs.c
b/source4/rpc_server/drsuapi/updaterefs.c
index 14bd3f6..ae87117 100644
--- a/source4/rpc_server/drsuapi/updaterefs.c
+++ b/source4/rpc_server/drsuapi/updaterefs.c
@@ -160,6 +160,7 @@ WERROR drsuapi_UpdateRefs(struct drsuapi_bind_state
*b_state, TALLOC_CTX *mem_ct
return WERR_DS_DRA_INVALID_PARAMETER;
}
+ /* FIXME it seems that we should check the length of the stuff too*/
if (req->dest_dsa_dns_name == NULL) {
return WERR_DS_DRA_INVALID_PARAMETER;
}
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c
b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 5cc3b34..de8f0e5 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -1840,7 +1840,9 @@ static WERROR dcesrv_netr_DsRGetDCNameEx2(struct
dcesrv_call_state *dce_call,
info = talloc(mem_ctx, struct netr_DsRGetDCNameInfo);
W_ERROR_HAVE_NO_MEMORY(info);
- info->dc_unc = talloc_asprintf(mem_ctx, "\\\\%s", dc_name);
+ info->dc_unc = talloc_asprintf(mem_ctx, "%s%s",
+ dc_name[0] == '\\'? "\\\\":"",
+ talloc_strdup(mem_ctx, dc_name));
W_ERROR_HAVE_NO_MEMORY(info->dc_unc);
load_interface_list(mem_ctx, lp_ctx, &ifaces);
@@ -1855,6 +1857,15 @@ static WERROR dcesrv_netr_DsRGetDCNameEx2(struct
dcesrv_call_state *dce_call,
info->domain_name = domain_name;
info->forest_name = response.data.nt5_ex.forest;
info->dc_flags = response.data.nt5_ex.server_type;
+ if (r->in.flags & DS_RETURN_DNS_NAME) {
+ /* As MS-NRPC.pdf in 2.2.1.2.1 the DS_DNS_CONTROLLER flag
should be
+ * returned if we are returning info->dc_unc containing a FQDN.
+ * This attribute is called DomainControllerName in the specs,
+ * it seems that we decide to return FQDN or netbios depending
on
+ * DS_RETURN_DNS_NAME.
+ */
+ info->dc_flags |= DS_DNS_CONTROLLER;
+ }
info->dc_site_name = response.data.nt5_ex.server_site;
info->client_site_name = response.data.nt5_ex.client_site;
diff --git a/source4/torture/rpc/drsuapi.c b/source4/torture/rpc/drsuapi.c
index 86b0d32..1d535ac 100644
--- a/source4/torture/rpc/drsuapi.c
+++ b/source4/torture/rpc/drsuapi.c
@@ -774,7 +774,9 @@ bool torture_rpc_drsuapi_get_dcinfo(struct torture_context
*torture,
*/
bool torture_drsuapi_tcase_setup_common(struct torture_context *tctx, struct
DsPrivate *priv)
{
- NTSTATUS status;
+ NTSTATUS status;
+ int rnd = rand() % 1000;
+ char *name = talloc_asprintf(tctx, "%s%d", TEST_MACHINE_NAME, rnd);
struct cli_credentials *machine_credentials;
torture_assert(tctx, priv, "Invalid argument");
@@ -785,8 +787,8 @@ bool torture_drsuapi_tcase_setup_common(struct
torture_context *tctx, struct DsP
&ndr_table_drsuapi);
torture_assert(tctx, NT_STATUS_IS_OK(status), "Unable to connect to
DRSUAPI pipe");
- torture_comment(tctx, "About to join domain\n");
- priv->join = torture_join_domain(tctx, TEST_MACHINE_NAME, ACB_SVRTRUST,
+ torture_comment(tctx, "About to join domain with name %s\n", name);
+ priv->join = torture_join_domain(tctx, name, ACB_SVRTRUST,
&machine_credentials);
torture_assert(tctx, priv->join, "Failed to join as BDC");
@@ -848,7 +850,6 @@ void torture_rpc_drsuapi_tcase(struct torture_suite *suite)
{
typedef bool (*run_func) (struct torture_context *test, void
*tcase_data);
- struct torture_test *test;
struct torture_tcase *tcase = torture_suite_add_tcase(suite, "drsuapi");
torture_tcase_set_fixture(tcase, torture_drsuapi_tcase_setup,
@@ -858,17 +859,17 @@ void torture_rpc_drsuapi_tcase(struct torture_suite
*suite)
test = torture_tcase_add_simple_test(tcase, "QuerySitesByCost",
(run_func)test_QuerySitesByCost);
#endif
- test = torture_tcase_add_simple_test(tcase,
"DsGetDomainControllerInfo", (run_func)test_DsGetDomainControllerInfo);
+ torture_tcase_add_simple_test(tcase, "DsGetDomainControllerInfo",
(run_func)test_DsGetDomainControllerInfo);
- test = torture_tcase_add_simple_test(tcase, "DsCrackNames",
(run_func)test_DsCrackNames);
+ torture_tcase_add_simple_test(tcase, "DsCrackNames",
(run_func)test_DsCrackNames);
- test = torture_tcase_add_simple_test(tcase, "DsWriteAccountSpn",
(run_func)test_DsWriteAccountSpn);
+ torture_tcase_add_simple_test(tcase, "DsWriteAccountSpn",
(run_func)test_DsWriteAccountSpn);
- test = torture_tcase_add_simple_test(tcase, "DsReplicaGetInfo",
(run_func)test_DsReplicaGetInfo);
+ torture_tcase_add_simple_test(tcase, "DsReplicaGetInfo",
(run_func)test_DsReplicaGetInfo);
- test = torture_tcase_add_simple_test(tcase, "DsReplicaSync",
(run_func)test_DsReplicaSync);
+ torture_tcase_add_simple_test(tcase, "DsReplicaSync",
(run_func)test_DsReplicaSync);
- test = torture_tcase_add_simple_test(tcase, "DsReplicaUpdateRefs",
(run_func)test_DsReplicaUpdateRefs);
+ torture_tcase_add_simple_test(tcase, "DsReplicaUpdateRefs",
(run_func)test_DsReplicaUpdateRefs);
- test = torture_tcase_add_simple_test(tcase, "DsGetNCChanges",
(run_func)test_DsGetNCChanges);
+ torture_tcase_add_simple_test(tcase, "DsGetNCChanges",
(run_func)test_DsGetNCChanges);
}
diff --git a/source4/torture/rpc/drsuapi_cracknames.c
b/source4/torture/rpc/drsuapi_cracknames.c
index 465f6db..ac39d1d 100644
--- a/source4/torture/rpc/drsuapi_cracknames.c
+++ b/source4/torture/rpc/drsuapi_cracknames.c
@@ -199,6 +199,10 @@ static bool test_DsCrackNamesMatrix(struct torture_context
*tctx,
for (i = 0; i < ARRAY_SIZE(formats); i++) {
for (j = 0; j < ARRAY_SIZE(formats); j++) {
+ torture_comment(tctx, "Converting %s (format %d)"
+ " to %d gave %s\n",
+ n_from[i], formats[i],
+ formats[j], n_matrix[i][j]);
if (n_matrix[i][j] == n_from[j]) {
/* We don't have a from name for these yet (and we
can't map to them to find it out) */
--
Samba Shared Repository
