2 Unix SMB/CIFS implementation.
4 DsGetNCChanges replication test
6 Copyright (C) Stefan (metze) Metzmacher 2005
7 Copyright (C) Brad Henry 2005
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25 #include "lib/cmdline/popt_common.h"
26 #include "librpc/gen_ndr/ndr_drsuapi_c.h"
27 #include "libcli/cldap/cldap.h"
28 #include "libcli/ldap/ldap_client.h"
29 #include "torture/torture.h"
30 #include "torture/ldap/proto.h"
31 #include "libcli/auth/libcli_auth.h"
32 #include "lib/crypto/crypto.h"
33 #include "auth/credentials/credentials.h"
34 #include "libcli/auth/libcli_auth.h"
35 #include "auth/gensec/gensec.h"
37 struct DsSyncBindInfo {
38 struct dcerpc_pipe *pipe;
39 struct drsuapi_DsBind req;
40 struct GUID bind_guid;
41 struct drsuapi_DsBindInfoCtr our_bind_info_ctr;
42 struct drsuapi_DsBindInfo28 our_bind_info28;
43 struct drsuapi_DsBindInfo28 peer_bind_info28;
44 struct policy_handle bind_handle;
47 struct DsSyncLDAPInfo {
48 struct ldap_connection *conn;
52 struct dcerpc_binding *drsuapi_binding;
55 const char *site_name;
57 const char *domain_dn;
59 /* what we need to do as 'Administrator' */
61 struct cli_credentials *credentials;
62 struct DsSyncBindInfo drsuapi;
63 struct DsSyncLDAPInfo ldap;
66 /* what we need to do as the new dc machine account */
68 struct cli_credentials *credentials;
69 struct DsSyncBindInfo drsuapi;
70 struct drsuapi_DsGetDCInfo2 dc_info2;
71 struct GUID invocation_id;
72 struct GUID object_guid;
75 /* info about the old dc */
77 struct drsuapi_DsGetDomainControllerInfo dc_info;
81 static struct DsSyncTest *test_create_context(TALLOC_CTX *mem_ctx)
84 struct DsSyncTest *ctx;
85 struct drsuapi_DsBindInfo28 *our_bind_info28;
86 struct drsuapi_DsBindInfoCtr *our_bind_info_ctr;
87 const char *binding = lp_parm_string(-1, "torture", "binding");
88 ctx = talloc_zero(mem_ctx, struct DsSyncTest);
89 if (!ctx) return NULL;
91 status = dcerpc_parse_binding(ctx, binding, &ctx->drsuapi_binding);
92 if (!NT_STATUS_IS_OK(status)) {
93 printf("Bad binding string %s\n", binding);
96 ctx->drsuapi_binding->flags |= DCERPC_SIGN | DCERPC_SEAL;
98 ctx->ldap_url = talloc_asprintf(ctx, "ldap://%s/", ctx->drsuapi_binding->host);
101 ctx->admin.credentials = cmdline_credentials;
103 our_bind_info28 = &ctx->admin.drsuapi.our_bind_info28;
104 our_bind_info28->supported_extensions = 0xFFFFFFFF;
105 our_bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3;
106 our_bind_info28->site_guid = GUID_zero();
107 our_bind_info28->u1 = 0;
108 our_bind_info28->repl_epoch = 1;
110 our_bind_info_ctr = &ctx->admin.drsuapi.our_bind_info_ctr;
111 our_bind_info_ctr->length = 28;
112 our_bind_info_ctr->info.info28 = *our_bind_info28;
114 GUID_from_string(DRSUAPI_DS_BIND_GUID, &ctx->admin.drsuapi.bind_guid);
116 ctx->admin.drsuapi.req.in.bind_guid = &ctx->admin.drsuapi.bind_guid;
117 ctx->admin.drsuapi.req.in.bind_info = our_bind_info_ctr;
118 ctx->admin.drsuapi.req.out.bind_handle = &ctx->admin.drsuapi.bind_handle;
121 ctx->new_dc.credentials = cmdline_credentials;
123 our_bind_info28 = &ctx->new_dc.drsuapi.our_bind_info28;
124 our_bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_BASE;
125 our_bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION;
126 our_bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI;
127 our_bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2;
128 our_bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS;
129 our_bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1;
130 our_bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION;
131 our_bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE;
132 our_bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2;
133 our_bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION;
134 our_bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2;
135 our_bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD;
136 our_bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND;
137 our_bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO;
138 our_bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION;
139 our_bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01;
140 our_bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP;
141 our_bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY;
142 our_bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3;
143 our_bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2;
144 our_bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6;
145 our_bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS;
146 our_bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8;
147 our_bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5;
148 our_bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6;
149 our_bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3;
150 our_bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7;
151 our_bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT;
152 if (lp_parm_bool(-1,"dssync","xpress",False)) {
153 our_bind_info28->supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS;
155 our_bind_info28->site_guid = GUID_zero();
156 our_bind_info28->u1 = 508;
157 our_bind_info28->repl_epoch = 0;
159 our_bind_info_ctr = &ctx->new_dc.drsuapi.our_bind_info_ctr;
160 our_bind_info_ctr->length = 28;
161 our_bind_info_ctr->info.info28 = *our_bind_info28;
163 GUID_from_string(DRSUAPI_DS_BIND_GUID_W2K3, &ctx->new_dc.drsuapi.bind_guid);
165 ctx->new_dc.drsuapi.req.in.bind_guid = &ctx->new_dc.drsuapi.bind_guid;
166 ctx->new_dc.drsuapi.req.in.bind_info = our_bind_info_ctr;
167 ctx->new_dc.drsuapi.req.out.bind_handle = &ctx->new_dc.drsuapi.bind_handle;
169 ctx->new_dc.invocation_id = ctx->new_dc.drsuapi.bind_guid;
176 static BOOL _test_DsBind(struct DsSyncTest *ctx, struct cli_credentials *credentials, struct DsSyncBindInfo *b)
180 struct event_context *event = NULL;
182 status = dcerpc_pipe_connect_b(ctx,
183 &b->pipe, ctx->drsuapi_binding,
184 &dcerpc_table_drsuapi,
187 if (!NT_STATUS_IS_OK(status)) {
188 printf("Failed to connect to server as a BDC: %s\n", nt_errstr(status));
192 status = dcerpc_drsuapi_DsBind(b->pipe, ctx, &b->req);
193 if (!NT_STATUS_IS_OK(status)) {
194 const char *errstr = nt_errstr(status);
195 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
196 errstr = dcerpc_errstr(ctx, b->pipe->last_fault_code);
198 printf("dcerpc_drsuapi_DsBind failed - %s\n", errstr);
200 } else if (!W_ERROR_IS_OK(b->req.out.result)) {
201 printf("DsBind failed - %s\n", win_errstr(b->req.out.result));
205 ZERO_STRUCT(b->peer_bind_info28);
206 if (b->req.out.bind_info) {
207 switch (b->req.out.bind_info->length) {
209 struct drsuapi_DsBindInfo24 *info24;
210 info24 = &b->req.out.bind_info->info.info24;
211 b->peer_bind_info28.supported_extensions= info24->supported_extensions;
212 b->peer_bind_info28.site_guid = info24->site_guid;
213 b->peer_bind_info28.u1 = info24->u1;
214 b->peer_bind_info28.repl_epoch = 0;
218 b->peer_bind_info28 = b->req.out.bind_info->info.info28;
226 static BOOL test_LDAPBind(struct DsSyncTest *ctx, struct cli_credentials *credentials, struct DsSyncLDAPInfo *l)
231 status = torture_ldap_connection(ctx, &l->conn, ctx->ldap_url);
232 if (!NT_STATUS_IS_OK(status)) {
233 printf("failed to connect to LDAP: %s\n", ctx->ldap_url);
237 printf("connected to LDAP: %s\n", ctx->ldap_url);
239 status = torture_ldap_bind_sasl(l->conn, credentials);
240 if (!NT_STATUS_IS_OK(status)) {
241 printf("failed to bind to LDAP:\n");
244 printf("bound to LDAP.\n");
249 static BOOL test_GetInfo(struct DsSyncTest *ctx)
252 struct drsuapi_DsCrackNames r;
253 struct drsuapi_DsNameString names[1];
256 struct cldap_socket *cldap = cldap_socket_init(ctx, NULL);
257 struct cldap_netlogon search;
259 r.in.bind_handle = &ctx->admin.drsuapi.bind_handle;
261 r.in.req.req1.codepage = 1252; /* western european */
262 r.in.req.req1.language = 0x00000407; /* german */
263 r.in.req.req1.count = 1;
264 r.in.req.req1.names = names;
265 r.in.req.req1.format_flags = DRSUAPI_DS_NAME_FLAG_NO_FLAGS;
266 r.in.req.req1.format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT;
267 r.in.req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
268 names[0].str = talloc_asprintf(ctx, "%s\\", lp_workgroup());
270 status = dcerpc_drsuapi_DsCrackNames(ctx->admin.drsuapi.pipe, ctx, &r);
271 if (!NT_STATUS_IS_OK(status)) {
272 const char *errstr = nt_errstr(status);
273 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
274 errstr = dcerpc_errstr(ctx, ctx->admin.drsuapi.pipe->last_fault_code);
276 printf("dcerpc_drsuapi_DsCrackNames failed - %s\n", errstr);
278 } else if (!W_ERROR_IS_OK(r.out.result)) {
279 printf("DsCrackNames failed - %s\n", win_errstr(r.out.result));
283 ctx->domain_dn = r.out.ctr.ctr1->array[0].result_name;
286 search.in.dest_address = ctx->drsuapi_binding->host;
287 search.in.acct_control = -1;
288 search.in.version = 6;
289 status = cldap_netlogon(cldap, ctx, &search);
290 if (!NT_STATUS_IS_OK(status)) {
291 const char *errstr = nt_errstr(status);
292 ctx->site_name = talloc_asprintf(ctx, "%s", "Default-First-Site-Name");
293 printf("cldap_netlogon() returned %s. Defaulting to Site-Name: %s\n", errstr, ctx->site_name);
295 ctx->site_name = talloc_steal(ctx, search.out.netlogon.logon5.client_site);
296 printf("cldap_netlogon() returned Client Site-Name: %s.\n",ctx->site_name);
297 printf("cldap_netlogon() returned Server Site-Name: %s.\n",search.out.netlogon.logon5.server_site);
303 static void sam_rid_crypt_len(uint_t rid, uint32_t len, const uint8_t *in, uint8_t *out, int forw)
306 uint8_t in_pad[8], out_pad[8];
307 uint32_t b_off, s_off = 0;
309 s[0] = s[4] = s[8] = s[12] = (uint8_t)(rid & 0xFF);
310 s[1] = s[5] = s[9] = s[13] = (uint8_t)((rid >> 8) & 0xFF);
311 s[2] = s[6] = s[10] = (uint8_t)((rid >> 16) & 0xFF);
312 s[3] = s[7] = s[11] = (uint8_t)((rid >> 24) & 0xFF);
314 for (b_off=0; b_off < len; b_off += 8) {
315 uint32_t left = len - b_off;
317 des_crypt56(out + b_off, in + b_off, s + s_off, forw);
320 memcpy(in_pad, in + b_off, left);
321 des_crypt56(out_pad, in + b_off, s + s_off, forw);
322 memcpy(out + b_off, out_pad, left);
323 ZERO_STRUCT(out_pad);
333 static DATA_BLOB decrypt_blob(TALLOC_CTX *mem_ctx,
334 const DATA_BLOB *gensec_skey,
336 struct drsuapi_DsReplicaObjectIdentifier *id,
338 const DATA_BLOB *buffer)
340 DATA_BLOB confounder;
341 DATA_BLOB enc_buffer;
343 struct MD5Context md5;
344 uint8_t _enc_key[16];
347 DATA_BLOB dec_buffer;
348 DATA_BLOB plain_buffer;
351 * the combination "c[3] s[1] e[1] d[0]..."
352 * was successful!!!!!!!!!!!!!!!!!!!!!!!!!!
355 /* the first 16 bytes at the beginning are the confounder */
356 if (buffer->length <= 16) {
357 return data_blob_const(NULL, 0);
359 confounder = data_blob_const(buffer->data, 16);
360 enc_buffer = data_blob_const(buffer->data + 16, buffer->length - 16);
363 * build the encryption key md5 over the session key followed
366 * here the gensec session key is used and
367 * not the dcerpc ncacn_ip_tcp "SystemLibraryDTC" key!
369 enc_key = data_blob_const(_enc_key, sizeof(_enc_key));
371 MD5Update(&md5, gensec_skey->data, gensec_skey->length);
372 MD5Update(&md5, confounder.data, confounder.length);
373 MD5Final(enc_key.data, &md5);
376 * copy the encrypted buffer part and
377 * decrypt it using the created encryption key using arcfour
379 dec_buffer = data_blob_talloc(mem_ctx, enc_buffer.data, enc_buffer.length);
380 if (!dec_buffer.data) {
381 return data_blob_const(NULL, 0);
383 arcfour_crypt_blob(dec_buffer.data, dec_buffer.length, &enc_key);
386 * some attributes seem to be in a usable form after this decryption
387 * (supplementalCredentials, priorValue, currentValue, trustAuthOutgoing,
388 * trustAuthIncoming, initialAuthOutgoing, initialAuthIncoming)
389 * At least supplementalCredentials contains plaintext
390 * like "Primary:Kerberos" (in unicode form)
392 * some attributes seem to have some additional encryption
393 * dBCSPwd, unicodePwd, ntPwdHistory, lmPwdHistory
395 * it's the sam_rid_crypt() function, as the value is constant,
396 * so it doesn't depend on sessionkeys. But for the unicodePwd attribute
397 * which contains the nthash has 20 bytes at this point.
399 * the first 4 byte are unknown yet, but the last 16 byte are the
403 plain_buffer = data_blob_talloc(mem_ctx, dec_buffer.data, dec_buffer.length);
404 if (!plain_buffer.data) {
405 return data_blob_const(NULL, 0);
407 if (plain_buffer.length < 20) {
408 return data_blob_const(NULL, 0);
411 * TODO: check if that's correct for the history fields,
412 * which can be larger than 16 bytes (but in 16 byte steps)
413 * maybe we need to call the 16 byte sam_rid_crypt() function
414 * for each hash, but here we assume the rid des key is shifted
415 * by one for each 8 byte block.
417 sam_rid_crypt_len(rid, dec_buffer.length - 4, dec_buffer.data + 4, plain_buffer.data + 4, 0);
419 plain_buffer = dec_buffer;
425 static void test_analyse_objects(struct DsSyncTest *ctx,
426 const DATA_BLOB *gensec_skey,
427 struct drsuapi_DsReplicaObjectListItemEx *cur)
429 if (!lp_parm_bool(-1,"dssync","print_pwd_blobs",False)) {
433 for (; cur; cur = cur->next_object) {
435 struct dom_sid *sid = NULL;
437 BOOL dn_printed = False;
440 if (!cur->object.identifier) continue;
442 dn = cur->object.identifier->dn;
443 if (cur->object.identifier->sid.num_auths > 0) {
444 sid = &cur->object.identifier->sid;
445 rid = sid->sub_auths[sid->num_auths - 1];
448 for (i=0; i < cur->object.attribute_ctr.num_attributes; i++) {
449 const char *name = NULL;
451 DATA_BLOB *enc_data = NULL;
452 DATA_BLOB plain_data;
453 struct drsuapi_DsReplicaAttribute *attr;
454 attr = &cur->object.attribute_ctr.attributes[i];
456 switch (attr->attid) {
457 case DRSUAPI_ATTRIBUTE_dBCSPwd:
461 case DRSUAPI_ATTRIBUTE_unicodePwd:
465 case DRSUAPI_ATTRIBUTE_ntPwdHistory:
466 name = "ntPwdHistory";
469 case DRSUAPI_ATTRIBUTE_lmPwdHistory:
470 name = "lmPwdHistory";
473 case DRSUAPI_ATTRIBUTE_supplementalCredentials:
474 name = "supplementalCredentials";
476 case DRSUAPI_ATTRIBUTE_priorValue:
479 case DRSUAPI_ATTRIBUTE_currentValue:
480 name = "currentValue";
482 case DRSUAPI_ATTRIBUTE_trustAuthOutgoing:
483 name = "trustAuthOutgoing";
485 case DRSUAPI_ATTRIBUTE_trustAuthIncoming:
486 name = "trustAuthIncoming";
488 case DRSUAPI_ATTRIBUTE_initialAuthOutgoing:
489 name = "initialAuthOutgoing";
491 case DRSUAPI_ATTRIBUTE_initialAuthIncoming:
492 name = "initialAuthIncoming";
498 if (attr->value_ctr.num_values != 1) continue;
500 if (!attr->value_ctr.values[0].blob) continue;
502 enc_data = attr->value_ctr.values[0].blob;
503 ZERO_STRUCT(plain_data);
505 plain_data = decrypt_blob(ctx, gensec_skey, rcrypt,
506 cur->object.identifier, rid,
509 DEBUG(0,("DN: %s\n", dn));
512 DEBUGADD(0,("ATTR: %s enc.length=%lu plain.length=%lu\n",
513 name, (long)enc_data->length, (long)plain_data.length));
514 if (plain_data.length) {
515 dump_data(0, plain_data.data, plain_data.length);
517 dump_data(0, enc_data->data, enc_data->length);
523 static BOOL test_FetchData(struct DsSyncTest *ctx)
528 uint64_t highest_usn = 0;
529 const char *partition = NULL;
530 struct drsuapi_DsGetNCChanges r;
531 struct drsuapi_DsReplicaObjectIdentifier nc;
532 struct drsuapi_DsGetNCChangesCtr1 *ctr1 = NULL;
533 struct drsuapi_DsGetNCChangesCtr6 *ctr6 = NULL;
534 int32_t out_level = 0;
535 struct GUID null_guid;
536 struct dom_sid null_sid;
537 DATA_BLOB gensec_skey;
549 ZERO_STRUCT(null_guid);
550 ZERO_STRUCT(null_sid);
552 partition = lp_parm_string(-1, "dssync", "partition");
553 if (partition == NULL) {
554 partition = ctx->domain_dn;
555 printf("dssync:partition not specified, defaulting to %s.\n", ctx->domain_dn);
558 highest_usn = lp_parm_int(-1, "dssync", "highest_usn", 0);
560 if (lp_parm_bool(-1,"dssync","print_pwd_blobs",False)) {
561 const struct samr_Password *nthash;
562 nthash = cli_credentials_get_nt_hash(ctx->new_dc.credentials, ctx);
564 DEBUG(0,("CREDENTIALS nthash:\n"));
565 dump_data(0, nthash->hash, sizeof(nthash->hash));
568 status = gensec_session_key(ctx->new_dc.drsuapi.pipe->conn->security_state.generic_state,
570 if (!NT_STATUS_IS_OK(status)) {
571 printf("failed to get gensec session key: %s\n", nt_errstr(status));
575 for (i=0; i < ARRAY_SIZE(array); i++) {
576 printf("testing DsGetNCChanges level %d\n",
579 r.in.bind_handle = &ctx->new_dc.drsuapi.bind_handle;
580 r.in.level = &array[i].level;
582 switch (*r.in.level) {
588 r.in.req.req5.destination_dsa_guid = ctx->new_dc.invocation_id;
589 r.in.req.req5.source_dsa_invocation_id = null_guid;
590 r.in.req.req5.naming_context = &nc;
591 r.in.req.req5.highwatermark.tmp_highest_usn = highest_usn;
592 r.in.req.req5.highwatermark.reserved_usn = 0;
593 r.in.req.req5.highwatermark.highest_usn = highest_usn;
594 r.in.req.req5.uptodateness_vector = NULL;
595 r.in.req.req5.replica_flags = 0;
596 if (lp_parm_bool(-1,"dssync","compression",False)) {
597 r.in.req.req5.replica_flags |= DRSUAPI_DS_REPLICA_NEIGHBOUR_COMPRESS_CHANGES;
599 if (lp_parm_bool(-1,"dssync","neighbour_writeable",True)) {
600 r.in.req.req5.replica_flags |= DRSUAPI_DS_REPLICA_NEIGHBOUR_WRITEABLE;
602 r.in.req.req5.replica_flags |= DRSUAPI_DS_REPLICA_NEIGHBOUR_SYNC_ON_STARTUP
603 | DRSUAPI_DS_REPLICA_NEIGHBOUR_DO_SCHEDULED_SYNCS
604 | DRSUAPI_DS_REPLICA_NEIGHBOUR_RETURN_OBJECT_PARENTS
605 | DRSUAPI_DS_REPLICA_NEIGHBOUR_NEVER_SYNCED
607 r.in.req.req5.max_object_count = 133;
608 r.in.req.req5.max_ndr_size = 1336770;
609 r.in.req.req5.unknown4 = 0;
610 r.in.req.req5.h1 = 0;
617 /* nc.dn can be set to any other ad partition */
619 r.in.req.req8.destination_dsa_guid = ctx->new_dc.invocation_id;
620 r.in.req.req8.source_dsa_invocation_id = null_guid;
621 r.in.req.req8.naming_context = &nc;
622 r.in.req.req8.highwatermark.tmp_highest_usn = highest_usn;
623 r.in.req.req8.highwatermark.reserved_usn = 0;
624 r.in.req.req8.highwatermark.highest_usn = highest_usn;
625 r.in.req.req8.uptodateness_vector = NULL;
626 r.in.req.req8.replica_flags = 0;
627 if (lp_parm_bool(-1,"dssync","compression",False)) {
628 r.in.req.req8.replica_flags |= DRSUAPI_DS_REPLICA_NEIGHBOUR_COMPRESS_CHANGES;
630 if (lp_parm_bool(-1,"dssync","neighbour_writeable",True)) {
631 r.in.req.req8.replica_flags |= DRSUAPI_DS_REPLICA_NEIGHBOUR_WRITEABLE;
633 r.in.req.req8.replica_flags |= DRSUAPI_DS_REPLICA_NEIGHBOUR_SYNC_ON_STARTUP
634 | DRSUAPI_DS_REPLICA_NEIGHBOUR_DO_SCHEDULED_SYNCS
635 | DRSUAPI_DS_REPLICA_NEIGHBOUR_RETURN_OBJECT_PARENTS
636 | DRSUAPI_DS_REPLICA_NEIGHBOUR_NEVER_SYNCED
638 r.in.req.req8.max_object_count = 402;
639 r.in.req.req8.max_ndr_size = 402116;
641 r.in.req.req8.unknown4 = 0;
642 r.in.req.req8.h1 = 0;
643 r.in.req.req8.unique_ptr1 = 0;
644 r.in.req.req8.unique_ptr2 = 0;
645 r.in.req.req8.mapping_ctr.num_mappings = 0;
646 r.in.req.req8.mapping_ctr.mappings = NULL;
651 printf("Dumping AD partition: %s\n", nc.dn);
655 r.out.level = &_level;
657 if (*r.in.level == 5) {
658 DEBUG(0,("start[%d] tmp_higest_usn: %llu , highest_usn: %llu\n",y,
659 (long long)r.in.req.req5.highwatermark.tmp_highest_usn,
660 (long long)r.in.req.req5.highwatermark.highest_usn));
663 if (*r.in.level == 8) {
664 DEBUG(0,("start[%d] tmp_higest_usn: %llu , highest_usn: %llu\n",y,
665 (long long)r.in.req.req8.highwatermark.tmp_highest_usn,
666 (long long)r.in.req.req8.highwatermark.highest_usn));
669 status = dcerpc_drsuapi_DsGetNCChanges(ctx->new_dc.drsuapi.pipe, ctx, &r);
670 if (!NT_STATUS_IS_OK(status)) {
671 const char *errstr = nt_errstr(status);
672 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
673 errstr = dcerpc_errstr(ctx, ctx->new_dc.drsuapi.pipe->last_fault_code);
675 printf("dcerpc_drsuapi_DsGetNCChanges failed - %s\n", errstr);
677 } else if (!W_ERROR_IS_OK(r.out.result)) {
678 printf("DsGetNCChanges failed - %s\n", win_errstr(r.out.result));
682 if (ret == True && *r.out.level == 1) {
684 ctr1 = &r.out.ctr.ctr1;
685 } else if (ret == True && *r.out.level == 2) {
687 ctr1 = r.out.ctr.ctr2.ctr.mszip1.ctr1;
690 if (out_level == 1) {
691 DEBUG(0,("end[%d] tmp_highest_usn: %llu , highest_usn: %llu\n",y,
692 (long long)ctr1->new_highwatermark.tmp_highest_usn,
693 (long long)ctr1->new_highwatermark.highest_usn));
695 test_analyse_objects(ctx, &gensec_skey, ctr1->first_object);
697 if (ctr1->new_highwatermark.tmp_highest_usn > ctr1->new_highwatermark.highest_usn) {
698 r.in.req.req5.highwatermark = ctr1->new_highwatermark;
703 if (ret == True && *r.out.level == 6) {
705 ctr6 = &r.out.ctr.ctr6;
706 } else if (ret == True && *r.out.level == 7
707 && r.out.ctr.ctr7.level == 6
708 && r.out.ctr.ctr7.type == DRSUAPI_COMPRESSION_TYPE_MSZIP) {
710 ctr6 = r.out.ctr.ctr7.ctr.mszip6.ctr6;
713 if (out_level == 6) {
714 DEBUG(0,("end[%d] tmp_highest_usn: %llu , highest_usn: %llu\n",y,
715 (long long)ctr6->new_highwatermark.tmp_highest_usn,
716 (long long)ctr6->new_highwatermark.highest_usn));
718 test_analyse_objects(ctx, &gensec_skey, ctr6->first_object);
720 if (ctr6->new_highwatermark.tmp_highest_usn > ctr6->new_highwatermark.highest_usn) {
721 r.in.req.req8.highwatermark = ctr6->new_highwatermark;
733 static BOOL test_FetchNT4Data(struct DsSyncTest *ctx)
738 uint64_t highest_usn = 0;
739 const char *partition = NULL;
740 struct drsuapi_DsGetNT4ChangeLog r;
741 int32_t out_level = 0;
742 struct GUID null_guid;
743 struct dom_sid null_sid;
746 ZERO_STRUCT(null_guid);
747 ZERO_STRUCT(null_sid);
751 r.in.bind_handle = &ctx->new_dc.drsuapi.bind_handle;
754 r.in.req.req1.unknown1 = lp_parm_int(-1, "dssync", "nt4-1", 3);
755 r.in.req.req1.unknown2 = lp_parm_int(-1, "dssync", "nt4-2", 0x00004000);
758 r.in.req.req1.length = cookie.length;
759 r.in.req.req1.data = cookie.data;
761 status = dcerpc_drsuapi_DsGetNT4ChangeLog(ctx->new_dc.drsuapi.pipe, ctx, &r);
762 if (!NT_STATUS_IS_OK(status)) {
763 const char *errstr = nt_errstr(status);
764 if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
765 errstr = dcerpc_errstr(ctx, ctx->new_dc.drsuapi.pipe->last_fault_code);
767 printf("dcerpc_drsuapi_DsGetNT4ChangeLog failed - %s\n", errstr);
769 } else if (!W_ERROR_IS_OK(r.out.result)) {
770 printf("DsGetNT4ChangeLog failed - %s\n", win_errstr(r.out.result));
772 } else if (r.out.level != 1) {
773 printf("DsGetNT4ChangeLog unknown level - %u\n", r.out.level);
775 } else if (NT_STATUS_IS_OK(r.out.info.info1.status)) {
776 } else if (NT_STATUS_EQUAL(r.out.info.info1.status, STATUS_MORE_ENTRIES)) {
777 cookie.length = r.out.info.info1.length1;
778 cookie.data = r.out.info.info1.data1;
781 printf("DsGetNT4ChangeLog failed - %s\n", nt_errstr(r.out.info.info1.status));
791 BOOL torture_rpc_dssync(struct torture_context *torture)
795 struct DsSyncTest *ctx;
797 mem_ctx = talloc_init("torture_rpc_dssync");
798 ctx = test_create_context(mem_ctx);
800 ret &= _test_DsBind(ctx, ctx->admin.credentials, &ctx->admin.drsuapi);
801 ret &= test_LDAPBind(ctx, ctx->admin.credentials, &ctx->admin.ldap);
802 ret &= test_GetInfo(ctx);
803 ret &= _test_DsBind(ctx, ctx->new_dc.credentials, &ctx->new_dc.drsuapi);
804 ret &= test_FetchData(ctx);
805 ret &= test_FetchNT4Data(ctx);
git.samba.org / metze / samba / wip.git / blob