struct drsuapi_DsBindInfo28 *our_bind_info28;
struct drsuapi_DsBindInfoCtr *our_bind_info_ctr;
const char *binding = torture_setting_string(tctx, "binding", NULL);
+ const char *host;
struct nbt_name name;
ctx = talloc_zero(tctx, struct DsSyncTest);
printf("Bad binding string %s\n", binding);
return NULL;
}
- ctx->drsuapi_binding->flags |= DCERPC_SIGN | DCERPC_SEAL;
+ status = dcerpc_binding_set_flags(ctx->drsuapi_binding,
+ DCERPC_SIGN | DCERPC_SEAL, 0);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("dcerpc_binding_set_flags - %s\n", nt_errstr(status));
+ return NULL;
+ }
+
+ host = dcerpc_binding_get_string_option(ctx->drsuapi_binding, "host");
- ctx->ldap_url = talloc_asprintf(ctx, "ldap://%s", ctx->drsuapi_binding->host);
+ ctx->ldap_url = talloc_asprintf(ctx, "ldap://%s", host);
- make_nbt_name_server(&name, ctx->drsuapi_binding->host);
+ make_nbt_name_server(&name, host);
/* do an initial name resolution to find its IP */
- status = resolve_name(lpcfg_resolve_context(tctx->lp_ctx), &name, tctx,
- &ctx->dest_address, tctx->ev);
+ status = resolve_name_ex(lpcfg_resolve_context(tctx->lp_ctx),
+ 0, 0, &name, tctx,
+ &ctx->dest_address, tctx->ev);
if (!NT_STATUS_IS_OK(status)) {
printf("Failed to resolve %s - %s\n",
name.name, nt_errstr(status));
b->peer_bind_info28.repl_epoch = 0;
break;
}
+ case 28: {
+ b->peer_bind_info28 = b->req.out.bind_info->info.info28;
+ break;
+ }
+ case 32: {
+ struct drsuapi_DsBindInfo32 *info32;
+ info32 = &b->req.out.bind_info->info.info32;
+ b->peer_bind_info28.supported_extensions= info32->supported_extensions;
+ b->peer_bind_info28.site_guid = info32->site_guid;
+ b->peer_bind_info28.pid = info32->pid;
+ b->peer_bind_info28.repl_epoch = info32->repl_epoch;
+ break;
+ }
case 48: {
struct drsuapi_DsBindInfo48 *info48;
info48 = &b->req.out.bind_info->info.info48;
b->peer_bind_info28.repl_epoch = info48->repl_epoch;
break;
}
- case 28:
- b->peer_bind_info28 = b->req.out.bind_info->info.info28;
+ case 52: {
+ struct drsuapi_DsBindInfo52 *info52;
+ info52 = &b->req.out.bind_info->info.info52;
+ b->peer_bind_info28.supported_extensions= info52->supported_extensions;
+ b->peer_bind_info28.site_guid = info52->site_guid;
+ b->peer_bind_info28.pid = info52->pid;
+ b->peer_bind_info28.repl_epoch = info52->repl_epoch;
break;
+ }
default:
printf("DsBind - warning: unknown BindInfo length: %u\n",
b->req.out.bind_info->length);
/* Despite us loading the schema from the AD server, we need
* the samba handlers to get the extended DN syntax stuff */
ret = ldb_register_samba_handlers(ldb);
- if (ret == -1) {
+ if (ret != LDB_SUCCESS) {
talloc_free(ldb);
return NULL;
}
- ldb_set_modules_dir(ldb,
- talloc_asprintf(ldb,
- "%s/ldb",
- lpcfg_modulesdir(tctx->lp_ctx)));
+ ldb_set_modules_dir(ldb, modules_path(ldb, "ldb"));
if (ldb_set_opaque(ldb, "credentials", credentials)) {
talloc_free(ldb);
const struct drsuapi_DsReplicaOIDMapping_Ctr *mapping_ctr,
uint32_t object_count,
const struct drsuapi_DsReplicaObjectListItemEx *first_object,
+ uint32_t linked_attributes_count,
+ const struct drsuapi_DsReplicaLinkedAttribute *linked_attributes,
const DATA_BLOB *gensec_skey)
{
static uint32_t object_id;
struct dsdb_extended_replicated_objects *objs;
struct ldb_extended_dn_control *extended_dn_ctrl;
struct dsdb_schema *ldap_schema;
+ struct ldb_dn *partition_dn = ldb_dn_new(tctx, ldb, partition);
+
+ torture_assert_not_null(tctx, partition_dn, "Failed to parse partition DN as as DN");
/* load dsdb_schema using remote prefixMap */
torture_assert(tctx,
"drs_util_dsdb_schema_load_ldb() failed");
ldap_schema = dsdb_get_schema(ldb, NULL);
- status = dsdb_extended_replicated_objects_convert(ldb,
- partition,
- mapping_ctr,
- object_count,
- first_object,
- 0, NULL,
- NULL, NULL,
- gensec_skey,
- ctx, &objs);
+ status = dsdb_replicated_objects_convert(ldb,
+ ldap_schema,
+ partition_dn,
+ mapping_ctr,
+ object_count,
+ first_object,
+ linked_attributes_count,
+ linked_attributes,
+ NULL, NULL,
+ gensec_skey,
+ 0,
+ ctx, &objs);
torture_assert_werr_ok(tctx, status, "dsdb_extended_replicated_objects_convert() failed!");
extended_dn_ctrl = talloc(objs, struct ldb_extended_dn_control);
deleted_dn = ldb_dn_new(objs, ldb, partition);
ldb_dn_add_child_fmt(deleted_dn, "CN=Deleted Objects");
- for (i=0; i < object_count; i++) {
+ for (i=0; i < objs->num_objects; i++) {
struct ldb_request *search_req;
struct ldb_result *res;
struct ldb_message *new_msg, *drs_msg, *ldap_msg;
- const char **attrs = talloc_array(objs, const char *, objs->objects[i].msg->num_elements+1);
+ size_t num_attrs = objs->objects[i].msg->num_elements+1+1;
+ const char **attrs = talloc_array(objs, const char *, num_attrs);
for (j=0; j < objs->objects[i].msg->num_elements; j++) {
attrs[j] = objs->objects[i].msg->elements[j].name;
}
+ attrs[j] = "uSNChanged";
+ j++;
attrs[j] = NULL;
res = talloc_zero(objs, struct ldb_result);
if (!res) {
return false;
}
+ ret = ldb_request_add_control(search_req, LDB_CONTROL_SHOW_RECYCLED_OID, false, NULL);
+ if (ret != LDB_SUCCESS) {
+ return false;
+ }
+
ret = ldb_request_add_control(search_req, LDB_CONTROL_EXTENDED_DN_OID, true, extended_dn_ctrl);
if (ret != LDB_SUCCESS) {
return false;
ldb_errstring(ldb)));
torture_assert_int_equal(tctx, res->count, 1, "Could not re-fetch object just delivered over DRS");
ldap_msg = res->msgs[0];
+
+{
+uint64_t usn = ldb_msg_find_attr_as_int64(ldap_msg, "uSNChanged", 0);
+struct GUID g;
+GUID_from_ndr_blob(&objs->objects[i].guid_value, &g);
+torture_comment(tctx, "o[%d] usn_changed[%llu]: %s - %s\n", i, (unsigned long long)usn,
+ GUID_string(objs, &g),
+ ldb_dn_get_linearized(objs->objects[i].msg->dn));
+continue;
+}
for (j=0; j < ldap_msg->num_elements; j++) {
ldap_msg->elements[j].flags = LDB_FLAG_MOD_ADD;
/* For unknown reasons, there is no nTSecurityDescriptor on cn=deleted objects over LDAP, but there is over DRS! Skip it on both transports for now here so */
j--;
} else if (ldb_attr_cmp(drs_msg->elements[j].name, "unicodePwd") == 0 ||
ldb_attr_cmp(drs_msg->elements[j].name, "dBCSPwd") == 0 ||
+ ldb_attr_cmp(drs_msg->elements[j].name, "userPassword") == 0 ||
ldb_attr_cmp(drs_msg->elements[j].name, "ntPwdHistory") == 0 ||
ldb_attr_cmp(drs_msg->elements[j].name, "lmPwdHistory") == 0 ||
ldb_attr_cmp(drs_msg->elements[j].name, "supplementalCredentials") == 0 ||
talloc_free(search_req);
}
+ for (i=0; i < objs->linked_attributes_count; i++) {
+torture_comment(tctx, "l[%d] usn_changed[%llu]: attid[%u] %s\n", i,
+ (unsigned long long)objs->linked_attributes[i].meta_data.originating_usn,
+ objs->linked_attributes[i].attid,
+ GUID_string(objs, &objs->linked_attributes[i].identifier->guid));
+ }
if (!lpcfg_parm_bool(tctx->lp_ctx, NULL, "dssync", "print_pwd_blobs", false)) {
talloc_free(objs);
return true;
for (cur = first_object; cur; cur = cur->next_object) {
const char *dn;
- struct dom_sid *sid = NULL;
- uint32_t rid = 0;
bool dn_printed = false;
if (!cur->object.identifier) continue;
dn = cur->object.identifier->dn;
- if (cur->object.identifier->sid.num_auths > 0) {
- sid = &cur->object.identifier->sid;
- rid = sid->sub_auths[sid->num_auths - 1];
- }
for (i=0; i < cur->object.attribute_ctr.num_attributes; i++) {
- WERROR werr;
const char *name = NULL;
- bool rcrypt = false;
- DATA_BLOB *enc_data = NULL;
DATA_BLOB plain_data;
struct drsuapi_DsReplicaAttribute *attr;
ndr_pull_flags_fn_t pull_fn = NULL;
attr = &cur->object.attribute_ctr.attributes[i];
switch (attr->attid) {
- case DRSUAPI_ATTRIBUTE_dBCSPwd:
+ case DRSUAPI_ATTID_dBCSPwd:
name = "dBCSPwd";
- rcrypt = true;
break;
- case DRSUAPI_ATTRIBUTE_unicodePwd:
+ case DRSUAPI_ATTID_unicodePwd:
name = "unicodePwd";
- rcrypt = true;
break;
- case DRSUAPI_ATTRIBUTE_ntPwdHistory:
+ case DRSUAPI_ATTID_ntPwdHistory:
name = "ntPwdHistory";
- rcrypt = true;
break;
- case DRSUAPI_ATTRIBUTE_lmPwdHistory:
+ case DRSUAPI_ATTID_lmPwdHistory:
name = "lmPwdHistory";
- rcrypt = true;
break;
- case DRSUAPI_ATTRIBUTE_supplementalCredentials:
+ case DRSUAPI_ATTID_supplementalCredentials:
name = "supplementalCredentials";
pull_fn = (ndr_pull_flags_fn_t)ndr_pull_supplementalCredentialsBlob;
print_fn = (ndr_print_fn_t)ndr_print_supplementalCredentialsBlob;
ptr = talloc(ctx, struct supplementalCredentialsBlob);
break;
- case DRSUAPI_ATTRIBUTE_priorValue:
+ case DRSUAPI_ATTID_priorValue:
name = "priorValue";
break;
- case DRSUAPI_ATTRIBUTE_currentValue:
+ case DRSUAPI_ATTID_currentValue:
name = "currentValue";
break;
- case DRSUAPI_ATTRIBUTE_trustAuthOutgoing:
+ case DRSUAPI_ATTID_trustAuthOutgoing:
name = "trustAuthOutgoing";
pull_fn = (ndr_pull_flags_fn_t)ndr_pull_trustAuthInOutBlob;
print_fn = (ndr_print_fn_t)ndr_print_trustAuthInOutBlob;
ptr = talloc(ctx, struct trustAuthInOutBlob);
break;
- case DRSUAPI_ATTRIBUTE_trustAuthIncoming:
+ case DRSUAPI_ATTID_trustAuthIncoming:
name = "trustAuthIncoming";
pull_fn = (ndr_pull_flags_fn_t)ndr_pull_trustAuthInOutBlob;
print_fn = (ndr_print_fn_t)ndr_print_trustAuthInOutBlob;
ptr = talloc(ctx, struct trustAuthInOutBlob);
break;
- case DRSUAPI_ATTRIBUTE_initialAuthOutgoing:
+ case DRSUAPI_ATTID_initialAuthOutgoing:
name = "initialAuthOutgoing";
break;
- case DRSUAPI_ATTRIBUTE_initialAuthIncoming:
+ case DRSUAPI_ATTID_initialAuthIncoming:
name = "initialAuthIncoming";
break;
default:
if (!attr->value_ctr.values[0].blob) continue;
- enc_data = attr->value_ctr.values[0].blob;
- ZERO_STRUCT(plain_data);
+ plain_data = *attr->value_ctr.values[0].blob;
- werr = drsuapi_decrypt_attribute_value(ctx, gensec_skey, rcrypt,
- rid,
- enc_data, &plain_data);
- if (!W_ERROR_IS_OK(werr)) {
- DEBUG(0, ("Failed to decrypt %s\n", name));
- continue;
- }
if (!dn_printed) {
object_id++;
DEBUG(0,("DN[%u] %s\n", object_id, dn));
dn_printed = true;
}
- DEBUGADD(0,("ATTR: %s enc.length=%lu plain.length=%lu\n",
- name, (long)enc_data->length, (long)plain_data.length));
+ DEBUGADD(0,("ATTR: %s plain.length=%lu\n",
+ name, (long)plain_data.length));
if (plain_data.length) {
enum ndr_err_code ndr_err;
dump_data(0, plain_data.data, plain_data.length);
DEBUG(0, ("Failed to decode %s\n", name));
}
}
- } else {
- dump_data(0, enc_data->data, enc_data->length);
}
talloc_free(ptr);
}
}
};
+ struct drsuapi_DsReplicaCursorCtrEx utdv;
+ struct drsuapi_DsReplicaCursor cursors[1];
+
+ ZERO_STRUCT(utdv);
+ utdv.version = 1;
+ utdv.count = ARRAY_SIZE(cursors);
+ utdv.cursors = cursors;
+ ZERO_STRUCT(cursors);
+ GUID_from_string("0d36ca05-5507-4e62-aca3-354bab0d39e1",
+ &cursors[0].source_dsa_invocation_id);
+ cursors[0].highest_usn = 12755;
+/*
+ uptodateness_vector : *
+ uptodateness_vector: struct drsuapi_DsReplicaCursorCtrEx
+ version : 0x00000001 (1)
+ reserved1 : 0x00000000 (0)
+ count : 0x00000001 (1)
+ reserved2 : 0x00000000 (0)
+ cursors: ARRAY(1)
+ cursors: struct drsuapi_DsReplicaCursor
+ source_dsa_invocation_id : 0d36ca05-5507-4e62-aca3-354bab0d39e1
+ highest_usn : 0x00000000000031d3 (12755)
+*/
ZERO_STRUCT(null_guid);
ZERO_STRUCT(null_sid);
}
}
status = gensec_session_key(ctx->new_dc.drsuapi.drs_pipe->conn->security_state.generic_state,
- &gensec_skey);
+ ctx, &gensec_skey);
if (!NT_STATUS_IS_OK(status)) {
printf("failed to get gensec session key: %s\n", nt_errstr(status));
return false;
r.in.req->req8.highwatermark.tmp_highest_usn = highest_usn;
r.in.req->req8.highwatermark.reserved_usn = 0;
r.in.req->req8.highwatermark.highest_usn = highest_usn;
- r.in.req->req8.uptodateness_vector = NULL;
+ r.in.req->req8.uptodateness_vector = NULL;//&utdv;
r.in.req->req8.replica_flags = 0;
if (lpcfg_parm_bool(tctx->lp_ctx, NULL, "dssync", "compression", false)) {
r.in.req->req8.replica_flags |= DRSUAPI_DRS_USE_COMPRESSION;
| DRSUAPI_DRS_GET_ANC
| DRSUAPI_DRS_NEVER_SYNCED
;
+ r.in.req->req8.replica_flags = 0x00201074;
+ //r.in.req->req8.replica_flags |= DRSUAPI_DRS_GET_ANC;
r.in.req->req8.max_object_count = 402;
r.in.req->req8.max_ndr_size = 402116;
torture_comment(tctx,
"start[%d] tmp_higest_usn: %llu , highest_usn: %llu\n",
y,
- r.in.req->req5.highwatermark.tmp_highest_usn,
- r.in.req->req5.highwatermark.highest_usn);
+ (unsigned long long) r.in.req->req5.highwatermark.tmp_highest_usn,
+ (unsigned long long) r.in.req->req5.highwatermark.highest_usn);
}
if (r.in.level == 8) {
torture_comment(tctx,
"start[%d] tmp_higest_usn: %llu , highest_usn: %llu\n",
y,
- r.in.req->req8.highwatermark.tmp_highest_usn,
- r.in.req->req8.highwatermark.highest_usn);
+ (unsigned long long) r.in.req->req8.highwatermark.tmp_highest_usn,
+ (unsigned long long) r.in.req->req8.highwatermark.highest_usn);
}
status = dcerpc_drsuapi_DsGetNCChanges_r(ctx->new_dc.drsuapi.drs_handle, ctx, &r);
torture_comment(tctx,
"end[%d] tmp_highest_usn: %llu , highest_usn: %llu\n",
y,
- ctr1->new_highwatermark.tmp_highest_usn,
- ctr1->new_highwatermark.highest_usn);
+ (unsigned long long) ctr1->new_highwatermark.tmp_highest_usn,
+ (unsigned long long) ctr1->new_highwatermark.highest_usn);
if (!test_analyse_objects(tctx, ctx, nc_dn_str, &ctr1->mapping_ctr, ctr1->object_count,
- ctr1->first_object, &gensec_skey)) {
+ ctr1->first_object, 0, NULL, &gensec_skey)) {
return false;
}
torture_comment(tctx,
"end[%d] tmp_highest_usn: %llu , highest_usn: %llu\n",
y,
- ctr6->new_highwatermark.tmp_highest_usn,
- ctr6->new_highwatermark.highest_usn);
+ (unsigned long long) ctr6->new_highwatermark.tmp_highest_usn,
+ (unsigned long long) ctr6->new_highwatermark.highest_usn);
if (!test_analyse_objects(tctx, ctx, nc_dn_str, &ctr6->mapping_ctr, ctr6->object_count,
- ctr6->first_object, &gensec_skey)) {
+ ctr6->first_object,
+ ctr6->linked_attributes_count,
+ ctr6->linked_attributes,
+ &gensec_skey)) {
return false;
}
void torture_drs_rpc_dssync_tcase(struct torture_suite *suite)
{
typedef bool (*run_func) (struct torture_context *test, void *tcase_data);
-
- struct torture_test *test;
- struct torture_tcase *tcase = torture_suite_add_tcase(suite, "DSSYNC");
+ struct torture_tcase *tcase = torture_suite_add_tcase(suite, "dssync");
torture_tcase_set_fixture(tcase,
torture_dssync_tcase_setup,
torture_dssync_tcase_teardown);
- test = torture_tcase_add_simple_test(tcase, "DC_FetchData", (run_func)test_FetchData);
- test = torture_tcase_add_simple_test(tcase, "FetchNT4Data", (run_func)test_FetchNT4Data);
+ torture_tcase_add_simple_test(tcase, "DC_FetchData", (run_func)test_FetchData);
+ torture_tcase_add_simple_test(tcase, "FetchNT4Data", (run_func)test_FetchNT4Data);
}