git.samba.org / metze / samba / wip.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
DEBUG s4:torture/dssync: ...
[metze/samba/wip.git] / source4 / torture / drs / rpc / dssync.c
diff --git a/source4/torture/drs/rpc/dssync.c b/source4/torture/drs/rpc/dssync.c
index 2285dfc0b30a41ee5ae7f712dc0641d1f34b9f55..d5c6882268e86c1342566c9786010bc662cf6b86 100644 (file)
--- a/source4/torture/drs/rpc/dssync.c
+++ b/source4/torture/drs/rpc/dssync.c
@@ -105,8 +105,9 @@ static struct DsSyncTest *test_create_context(struct torture_context *tctx)
        make_nbt_name_server(&name, ctx->drsuapi_binding->host);
 
        /* do an initial name resolution to find its IP */
-       status = resolve_name(lpcfg_resolve_context(tctx->lp_ctx), &name, tctx,
-                             &ctx->dest_address, tctx->ev);
+       status = resolve_name_ex(lpcfg_resolve_context(tctx->lp_ctx),
+                                0, 0, &name, tctx,
+                                &ctx->dest_address, tctx->ev);
        if (!NT_STATUS_IS_OK(status)) {
                printf("Failed to resolve %s - %s\n",
                       name.name, nt_errstr(status));
@@ -265,15 +266,12 @@ static bool test_LDAPBind(struct torture_context *tctx, struct DsSyncTest *ctx,
        /* Despite us loading the schema from the AD server, we need
         * the samba handlers to get the extended DN syntax stuff */
        ret = ldb_register_samba_handlers(ldb);
-       if (ret == -1) {
+       if (ret != LDB_SUCCESS) {
                talloc_free(ldb);
                return NULL;
        }
 
-       ldb_set_modules_dir(ldb,
-                           talloc_asprintf(ldb,
-                                           "%s/ldb",
-                                           lpcfg_modulesdir(tctx->lp_ctx)));
+       ldb_set_modules_dir(ldb, modules_path(ldb, "ldb"));
 
        if (ldb_set_opaque(ldb, "credentials", credentials)) {
                talloc_free(ldb);
@@ -321,6 +319,8 @@ static bool test_analyse_objects(struct torture_context *tctx,
                                 const struct drsuapi_DsReplicaOIDMapping_Ctr *mapping_ctr,
                                 uint32_t object_count,
                                 const struct drsuapi_DsReplicaObjectListItemEx *first_object,
+                                uint32_t linked_attributes_count,
+                                const struct drsuapi_DsReplicaLinkedAttribute *linked_attributes,
                                 const DATA_BLOB *gensec_skey)
 {
        static uint32_t object_id;
@@ -340,15 +340,18 @@ static bool test_analyse_objects(struct torture_context *tctx,
                       "drs_util_dsdb_schema_load_ldb() failed");
        ldap_schema = dsdb_get_schema(ldb, NULL);
 
-       status = dsdb_extended_replicated_objects_convert(ldb,
-                                                         partition,
-                                                         mapping_ctr,
-                                                         object_count,
-                                                         first_object,
-                                                         0, NULL,
-                                                         NULL, NULL,
-                                                         gensec_skey,
-                                                         ctx, &objs);
+       status = dsdb_replicated_objects_convert(ldb,
+                                                ldap_schema,
+                                                partition,
+                                                mapping_ctr,
+                                                object_count,
+                                                first_object,
+                                                linked_attributes_count,
+                                                linked_attributes,
+                                                NULL, NULL,
+                                                gensec_skey,
+                                                0,
+                                                ctx, &objs);
        torture_assert_werr_ok(tctx, status, "dsdb_extended_replicated_objects_convert() failed!");
 
        extended_dn_ctrl = talloc(objs, struct ldb_extended_dn_control);
@@ -361,10 +364,12 @@ static bool test_analyse_objects(struct torture_context *tctx,
                struct ldb_request *search_req;
                struct ldb_result *res;
                struct ldb_message *new_msg, *drs_msg, *ldap_msg;
-               const char **attrs = talloc_array(objs, const char *, objs->objects[i].msg->num_elements+1);
+               const char **attrs = talloc_array(objs, const char *, objs->objects[i].msg->num_elements+1+1);
                for (j=0; j < objs->objects[i].msg->num_elements; j++) {
                        attrs[j] = objs->objects[i].msg->elements[j].name;
                }
+               attrs[j] = "uSNChanged";
+               j++;
                attrs[j] = NULL;
                res = talloc_zero(objs, struct ldb_result);
                if (!res) {
@@ -388,6 +393,11 @@ static bool test_analyse_objects(struct torture_context *tctx,
                        return false;
                }
 
+               ret = ldb_request_add_control(search_req, LDB_CONTROL_SHOW_RECYCLED_OID, false, NULL);
+               if (ret != LDB_SUCCESS) {
+                       return false;
+               }
+
                ret = ldb_request_add_control(search_req, LDB_CONTROL_EXTENDED_DN_OID, true, extended_dn_ctrl);
                if (ret != LDB_SUCCESS) {
                        return false;
@@ -404,6 +414,16 @@ static bool test_analyse_objects(struct torture_context *tctx,
                                                         ldb_errstring(ldb)));
                torture_assert_int_equal(tctx, res->count, 1, "Could not re-fetch object just delivered over DRS");
                ldap_msg = res->msgs[0];
+
+{
+uint64_t usn = ldb_msg_find_attr_as_int64(ldap_msg, "uSNChanged", 0);
+struct GUID g;
+GUID_from_ndr_blob(&objs->objects[i].guid_value, &g);
+torture_comment(tctx, "o[%d] usn_changed[%llu]: %s - %s\n", i, (unsigned long long)usn,
+       GUID_string(objs, &g),
+               ldb_dn_get_linearized(objs->objects[i].msg->dn));
+continue;
+}
                for (j=0; j < ldap_msg->num_elements; j++) {
                        ldap_msg->elements[j].flags = LDB_FLAG_MOD_ADD;
                        /* For unknown reasons, there is no nTSecurityDescriptor on cn=deleted objects over LDAP, but there is over DRS!  Skip it on both transports for now here so */
@@ -510,6 +530,12 @@ static bool test_analyse_objects(struct torture_context *tctx,
                talloc_free(search_req);
        }
 
+       for (i=0; i < objs->linked_attributes_count; i++) {
+torture_comment(tctx, "l[%d] usn_changed[%llu]: attid[%u] %s\n", i,
+       (unsigned long long)objs->linked_attributes[i].meta_data.originating_usn,
+       objs->linked_attributes[i].attid,
+       GUID_string(objs, &objs->linked_attributes[i].identifier->guid));
+       }
        if (!lpcfg_parm_bool(tctx->lp_ctx, NULL, "dssync", "print_pwd_blobs", false)) {
                talloc_free(objs);
                return true;
@@ -532,10 +558,7 @@ static bool test_analyse_objects(struct torture_context *tctx,
                }
 
                for (i=0; i < cur->object.attribute_ctr.num_attributes; i++) {
-                       WERROR werr;
                        const char *name = NULL;
-                       bool rcrypt = false;
-                       DATA_BLOB *enc_data = NULL;
                        DATA_BLOB plain_data;
                        struct drsuapi_DsReplicaAttribute *attr;
                        ndr_pull_flags_fn_t pull_fn = NULL;
@@ -544,50 +567,46 @@ static bool test_analyse_objects(struct torture_context *tctx,
                        attr = &cur->object.attribute_ctr.attributes[i];
 
                        switch (attr->attid) {
-                       case DRSUAPI_ATTRIBUTE_dBCSPwd:
+                       case DRSUAPI_ATTID_dBCSPwd:
                                name    = "dBCSPwd";
-                               rcrypt  = true;
                                break;
-                       case DRSUAPI_ATTRIBUTE_unicodePwd:
+                       case DRSUAPI_ATTID_unicodePwd:
                                name    = "unicodePwd";
-                               rcrypt  = true;
                                break;
-                       case DRSUAPI_ATTRIBUTE_ntPwdHistory:
+                       case DRSUAPI_ATTID_ntPwdHistory:
                                name    = "ntPwdHistory";
-                               rcrypt  = true;
                                break;
-                       case DRSUAPI_ATTRIBUTE_lmPwdHistory:
+                       case DRSUAPI_ATTID_lmPwdHistory:
                                name    = "lmPwdHistory";
-                               rcrypt  = true;
                                break;
-                       case DRSUAPI_ATTRIBUTE_supplementalCredentials:
+                       case DRSUAPI_ATTID_supplementalCredentials:
                                name    = "supplementalCredentials";
                                pull_fn = (ndr_pull_flags_fn_t)ndr_pull_supplementalCredentialsBlob;
                                print_fn = (ndr_print_fn_t)ndr_print_supplementalCredentialsBlob;
                                ptr = talloc(ctx, struct supplementalCredentialsBlob);
                                break;
-                       case DRSUAPI_ATTRIBUTE_priorValue:
+                       case DRSUAPI_ATTID_priorValue:
                                name    = "priorValue";
                                break;
-                       case DRSUAPI_ATTRIBUTE_currentValue:
+                       case DRSUAPI_ATTID_currentValue:
                                name    = "currentValue";
                                break;
-                       case DRSUAPI_ATTRIBUTE_trustAuthOutgoing:
+                       case DRSUAPI_ATTID_trustAuthOutgoing:
                                name    = "trustAuthOutgoing";
                                pull_fn = (ndr_pull_flags_fn_t)ndr_pull_trustAuthInOutBlob;
                                print_fn = (ndr_print_fn_t)ndr_print_trustAuthInOutBlob;
                                ptr = talloc(ctx, struct trustAuthInOutBlob);
                                break;
-                       case DRSUAPI_ATTRIBUTE_trustAuthIncoming:
+                       case DRSUAPI_ATTID_trustAuthIncoming:
                                name    = "trustAuthIncoming";
                                pull_fn = (ndr_pull_flags_fn_t)ndr_pull_trustAuthInOutBlob;
                                print_fn = (ndr_print_fn_t)ndr_print_trustAuthInOutBlob;
                                ptr = talloc(ctx, struct trustAuthInOutBlob);
                                break;
-                       case DRSUAPI_ATTRIBUTE_initialAuthOutgoing:
+                       case DRSUAPI_ATTID_initialAuthOutgoing:
                                name    = "initialAuthOutgoing";
                                break;
-                       case DRSUAPI_ATTRIBUTE_initialAuthIncoming:
+                       case DRSUAPI_ATTID_initialAuthIncoming:
                                name    = "initialAuthIncoming";
                                break;
                        default:
@@ -598,23 +617,15 @@ static bool test_analyse_objects(struct torture_context *tctx,
 
                        if (!attr->value_ctr.values[0].blob) continue;
 
-                       enc_data = attr->value_ctr.values[0].blob;
-                       ZERO_STRUCT(plain_data);
+                       plain_data = *attr->value_ctr.values[0].blob;
 
-                       werr = drsuapi_decrypt_attribute_value(ctx, gensec_skey, rcrypt,
-                                                              rid,
-                                                              enc_data, &plain_data);
-                       if (!W_ERROR_IS_OK(werr)) {
-                               DEBUG(0, ("Failed to decrypt %s\n", name));
-                               continue;
-                       }
                        if (!dn_printed) {
                                object_id++;
                                DEBUG(0,("DN[%u] %s\n", object_id, dn));
                                dn_printed = true;
                        }
-                       DEBUGADD(0,("ATTR: %s enc.length=%lu plain.length=%lu\n",
-                                   name, (long)enc_data->length, (long)plain_data.length));
+                       DEBUGADD(0,("ATTR: %s plain.length=%lu\n",
+                                   name, (long)plain_data.length));
                        if (plain_data.length) {
                                enum ndr_err_code ndr_err;
                                dump_data(0, plain_data.data, plain_data.length);
@@ -643,8 +654,6 @@ static bool test_analyse_objects(struct torture_context *tctx,
                                                DEBUG(0, ("Failed to decode %s\n", name));
                                        }
                                }
-                       } else {
-                               dump_data(0, enc_data->data, enc_data->length);
                        }
                        talloc_free(ptr);
                }
@@ -681,6 +690,29 @@ static bool test_GetNCChanges(struct torture_context *tctx,
                }
        };
 
+       struct drsuapi_DsReplicaCursorCtrEx utdv;
+       struct drsuapi_DsReplicaCursor cursors[1];
+
+       ZERO_STRUCT(utdv);
+       utdv.version = 1;
+       utdv.count = ARRAY_SIZE(cursors);
+       utdv.cursors = cursors;
+       ZERO_STRUCT(cursors);
+       GUID_from_string("0d36ca05-5507-4e62-aca3-354bab0d39e1",
+                       &cursors[0].source_dsa_invocation_id);
+       cursors[0].highest_usn = 12755;
+/*
+                    uptodateness_vector      : *
+                        uptodateness_vector: struct drsuapi_DsReplicaCursorCtrEx
+                            version                  : 0x00000001 (1)
+                            reserved1                : 0x00000000 (0)
+                            count                    : 0x00000001 (1)
+                            reserved2                : 0x00000000 (0)
+                            cursors: ARRAY(1)
+                                cursors: struct drsuapi_DsReplicaCursor
+                                    source_dsa_invocation_id : 0d36ca05-5507-4e62-aca3-354bab0d39e1
+                                    highest_usn              : 0x00000000000031d3 (12755)
+*/
        ZERO_STRUCT(null_guid);
        ZERO_STRUCT(null_sid);
 
@@ -696,7 +728,7 @@ static bool test_GetNCChanges(struct torture_context *tctx,
                }
        }
        status = gensec_session_key(ctx->new_dc.drsuapi.drs_pipe->conn->security_state.generic_state,
-                                   &gensec_skey);
+                                   ctx, &gensec_skey);
        if (!NT_STATUS_IS_OK(status)) {
                printf("failed to get gensec session key: %s\n", nt_errstr(status));
                return false;
@@ -754,7 +786,7 @@ static bool test_GetNCChanges(struct torture_context *tctx,
                        r.in.req->req8.highwatermark.tmp_highest_usn    = highest_usn;
                        r.in.req->req8.highwatermark.reserved_usn       = 0;
                        r.in.req->req8.highwatermark.highest_usn        = highest_usn;
-                       r.in.req->req8.uptodateness_vector              = NULL;
+                       r.in.req->req8.uptodateness_vector              = NULL;//&utdv;
                        r.in.req->req8.replica_flags                    = 0;
                        if (lpcfg_parm_bool(tctx->lp_ctx, NULL, "dssync", "compression", false)) {
                                r.in.req->req8.replica_flags            |= DRSUAPI_DRS_USE_COMPRESSION;
@@ -767,6 +799,8 @@ static bool test_GetNCChanges(struct torture_context *tctx,
                                                                        | DRSUAPI_DRS_GET_ANC
                                                                        | DRSUAPI_DRS_NEVER_SYNCED
                                                                        ;
+                       r.in.req->req8.replica_flags = 0x00201074;
+                       //r.in.req->req8.replica_flags |= DRSUAPI_DRS_GET_ANC;
                        r.in.req->req8.max_object_count                 = 402;
                        r.in.req->req8.max_ndr_size                     = 402116;
 
@@ -793,16 +827,16 @@ static bool test_GetNCChanges(struct torture_context *tctx,
                                torture_comment(tctx,
                                                "start[%d] tmp_higest_usn: %llu , highest_usn: %llu\n",
                                                y,
-                                               r.in.req->req5.highwatermark.tmp_highest_usn,
-                                               r.in.req->req5.highwatermark.highest_usn);
+                                               (unsigned long long) r.in.req->req5.highwatermark.tmp_highest_usn,
+                                               (unsigned long long) r.in.req->req5.highwatermark.highest_usn);
                        }
 
                        if (r.in.level == 8) {
                                torture_comment(tctx,
                                                "start[%d] tmp_higest_usn: %llu , highest_usn: %llu\n",
                                                y,
-                                               r.in.req->req8.highwatermark.tmp_highest_usn,
-                                               r.in.req->req8.highwatermark.highest_usn);
+                                               (unsigned long long) r.in.req->req8.highwatermark.tmp_highest_usn,
+                                               (unsigned long long) r.in.req->req8.highwatermark.highest_usn);
                        }
 
                        status = dcerpc_drsuapi_DsGetNCChanges_r(ctx->new_dc.drsuapi.drs_handle, ctx, &r);
@@ -822,11 +856,11 @@ static bool test_GetNCChanges(struct torture_context *tctx,
                                torture_comment(tctx,
                                                "end[%d] tmp_highest_usn: %llu , highest_usn: %llu\n",
                                                y,
-                                               ctr1->new_highwatermark.tmp_highest_usn,
-                                               ctr1->new_highwatermark.highest_usn);
+                                               (unsigned long long) ctr1->new_highwatermark.tmp_highest_usn,
+                                               (unsigned long long) ctr1->new_highwatermark.highest_usn);
 
                                if (!test_analyse_objects(tctx, ctx, nc_dn_str, &ctr1->mapping_ctr,  ctr1->object_count,
-                                                         ctr1->first_object, &gensec_skey)) {
+                                                         ctr1->first_object, 0, NULL, &gensec_skey)) {
                                        return false;
                                }
 
@@ -857,11 +891,14 @@ static bool test_GetNCChanges(struct torture_context *tctx,
                                torture_comment(tctx,
                                                "end[%d] tmp_highest_usn: %llu , highest_usn: %llu\n",
                                                y,
-                                               ctr6->new_highwatermark.tmp_highest_usn,
-                                               ctr6->new_highwatermark.highest_usn);
+                                               (unsigned long long) ctr6->new_highwatermark.tmp_highest_usn,
+                                               (unsigned long long) ctr6->new_highwatermark.highest_usn);
 
                                if (!test_analyse_objects(tctx, ctx, nc_dn_str, &ctr6->mapping_ctr,  ctr6->object_count,
-                                                         ctr6->first_object, &gensec_skey)) {
+                                                         ctr6->first_object,
+                                                         ctr6->linked_attributes_count,
+                                                         ctr6->linked_attributes,
+                                                         &gensec_skey)) {
                                        return false;
                                }
 
@@ -954,17 +991,20 @@ static bool test_FetchNT4Data(struct torture_context *tctx,
 
                status = dcerpc_drsuapi_DsGetNT4ChangeLog_r(ctx->new_dc.drsuapi.drs_handle, ctx, &r);
                if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)) {
-                       torture_skip(tctx, "DsGetNT4ChangeLog not supported by target server");
+                       torture_skip(tctx,
+                                    "DsGetNT4ChangeLog not supported: NT_STATUS_NOT_IMPLEMENTED");
                } else if (!NT_STATUS_IS_OK(status)) {
                        const char *errstr = nt_errstr(status);
                        if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE)) {
-                               torture_skip(tctx, "DsGetNT4ChangeLog not supported by target server");
+                               torture_skip(tctx,
+                                            "DsGetNT4ChangeLog not supported: NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE");
                        }
                        torture_fail(tctx,
                                     talloc_asprintf(tctx, "dcerpc_drsuapi_DsGetNT4ChangeLog failed - %s\n",
                                                     errstr));
                } else if (W_ERROR_EQUAL(r.out.result, WERR_INVALID_DOMAIN_ROLE)) {
-                       torture_skip(tctx, "DsGetNT4ChangeLog not supported by target server");
+                       torture_skip(tctx,
+                                    "DsGetNT4ChangeLog not supported: WERR_INVALID_DOMAIN_ROLE");
                } else if (!W_ERROR_IS_OK(r.out.result)) {
                        torture_fail(tctx,
                                     talloc_asprintf(tctx, "DsGetNT4ChangeLog failed - %s\n",
@@ -1051,7 +1091,7 @@ void torture_drs_rpc_dssync_tcase(struct torture_suite *suite)
        typedef bool (*run_func) (struct torture_context *test, void *tcase_data);
 
        struct torture_test *test;
-       struct torture_tcase *tcase = torture_suite_add_tcase(suite, "DSSYNC");
+       struct torture_tcase *tcase = torture_suite_add_tcase(suite, "dssync");
 
        torture_tcase_set_fixture(tcase,
                                  torture_dssync_tcase_setup,
Work in progress branches