3 files changed, 172 insertions, 11 deletions

diff --git a/source4/scripting/devel/chgtdcpass b/source4/scripting/devel/chgtdcpass
index dc249834e0..4f5ea15a80 100755
--- a/source4/scripting/devel/chgtdcpass
+++ b/source4/scripting/devel/chgtdcpass
@@ -29,8 +29,9 @@ import samba.getopt as options
 from samba.credentials import DONT_USE_KERBEROS
 from samba.auth import system_session
 from samba import param
+from samba.provision import find_provision_key_parameters
 from samba.upgradehelpers import (get_paths,
-                                 find_provision_key_parameters, get_ldbs,
+                                  get_ldbs,
                                  update_machine_account_password)
 
 parser = optparse.OptionParser("chgtdcpass [options]")
diff --git a/source4/scripting/devel/demodirsync.py b/source4/scripting/devel/demodirsync.py
new file mode 100755
index 0000000000..41dac6ff51
--- /dev/null
+++ b/source4/scripting/devel/demodirsync.py
@@ -0,0 +1,156 @@
+#!/usr/bin/python
+
+
+import optparse
+import sys
+import base64
+
+sys.path.insert(0, "bin/python")
+
+import samba.getopt as options
+from samba.dcerpc import drsblobs, misc
+from samba.ndr import ndr_pack, ndr_unpack
+from samba import Ldb
+
+parser = optparse.OptionParser("get-descriptor [options]")
+sambaopts = options.SambaOptions(parser)
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+
+parser.add_option("-b", type="string", metavar="BASE",
+                  help="set base DN for the search")
+parser.add_option("--host", type="string", metavar="HOST",
+                  help="Ip of the host")
+
+lp = sambaopts.get_loadparm()
+creds = credopts.get_credentials(lp)
+
+opts = parser.parse_args()[0]
+
+def printdirsync(ctl):
+        arr = ctl.split(':')
+        if arr[0] == 'dirsync':
+            print "Need to continue: %s" % arr[1]
+            cookie = ndr_unpack(drsblobs.ldapControlDirSyncCookie, base64.b64decode(arr[3]))
+            print "DC's NTDS guid: %s " % cookie.blob.guid1
+            print "highest usn %s" % cookie.blob.highwatermark.highest_usn
+            print "tmp higest usn %s" % cookie.blob.highwatermark.tmp_highest_usn
+            print "reserved usn %s" % cookie.blob.highwatermark.reserved_usn
+            if cookie.blob.extra_length >0:
+                print "highest usn in extra %s" % cookie.blob.extra.ctr.cursors[0].highest_usn
+        return cookie
+
+remote_ldb= Ldb("ldap://" + opts.host + ":389", credentials=creds, lp=lp)
+tab = []
+if opts.b:
+    base = opts.b
+else:
+    base = None
+
+guid = None
+(msgs, ctrls) = remote_ldb.search(expression="(samaccountname=administrator)", base=base, attrs=["objectClass"], controls=["dirsync:1:1:50"])
+if (len(ctrls)):
+    for ctl in ctrls:
+        arr = ctl.split(':')
+        if arr[0] == 'dirsync':
+            cookie = ndr_unpack(drsblobs.ldapControlDirSyncCookie, base64.b64decode(arr[3]))
+            guid = cookie.blob.guid1
+            pass
+if not guid:
+    print "No dirsync control ... strange"
+    sys.exit(1)
+
+print ""
+print "Getting first guest without any cookie"
+(msgs, ctrls) = remote_ldb.searchex(expression="(samaccountname=guest)", base=base, attrs=["objectClass"], controls=["dirsync:1:1:50"])
+cookie = None
+if (len(ctrls)):
+    for ctl in ctrls:
+        cookie = printdirsync(ctl)
+    print "Returned %d entries" % len(msgs)
+
+savedcookie = cookie
+
+print ""
+print "Getting allusers with cookie"
+controls=["dirsync:1:1:50:%s" % base64.b64encode(ndr_pack(cookie))]
+(msgs, ctrls) = remote_ldb.searchex(expression="(samaccountname=*)", base=base, attrs=["objectClass"], controls=controls)
+if (len(ctrls)):
+    for ctl in ctrls:
+        cookie = printdirsync(ctl)
+    print "Returned %d entries" % len(msgs)
+
+cookie = savedcookie
+cookie.blob.guid1 = misc.GUID("128a99bf-e2df-4832-ac0a-1fb625e530db")
+if cookie.blob.extra_length > 0:
+    cookie.blob.extra.ctr.cursors[0].source_dsa_invocation_id = misc.GUID("128a99bf-e2df-4832-ac0a-1fb625e530db")
+
+print ""
+print "Getting all the entries"
+controls=["dirsync:1:1:50:%s" % base64.b64encode(ndr_pack(cookie))]
+(msgs, ctrls) = remote_ldb.searchex(expression="(objectclass=*)", base=base, controls=controls)
+cont = 0
+if (len(ctrls)):
+    for ctl in ctrls:
+        cookie = printdirsync(ctl)
+    if cookie != None:
+        cont = (ctl.split(':'))[1]
+    print "Returned %d entries" % len(msgs)
+
+usn = cookie.blob.highwatermark.tmp_highest_usn
+if cookie.blob.extra_length > 0:
+    bigusn = cookie.blob.extra.ctr.cursors[0].highest_usn
+else:
+    bigusn  = usn + 1000
+while (cont == "1"):
+    print ""
+    controls=["dirsync:1:1:50:%s" % base64.b64encode(ndr_pack(cookie))]
+    (msgs, ctrls) = remote_ldb.searchex(expression="(objectclass=*)", base=base, controls=controls)
+    if (len(ctrls)):
+        for ctl in ctrls:
+            cookie = printdirsync(ctl)
+        if cookie != None:
+            cont = (ctl.split(':'))[1]
+        print "Returned %d entries" % len(msgs)
+
+print ""
+print "Getting with cookie but usn changed to %d we should use the one in extra" % (bigusn - 1)
+cookie.blob.highwatermark.highest_usn = 0
+cookie.blob.highwatermark.tmp_highest_usn = usn - 2
+if cookie.blob.extra_length > 0:
+    print "here"
+    cookie.blob.extra.ctr.cursors[0].highest_usn = bigusn - 1
+controls=["dirsync:1:1:50:%s" % base64.b64encode(ndr_pack(cookie))]
+(msgs, ctrls) = remote_ldb.searchex(expression="(objectclass=*)", base=base, controls=controls)
+if (len(ctrls)):
+    for ctl in ctrls:
+        cookie = printdirsync(ctl)
+    print "Returned %d entries" % len(msgs)
+
+print ""
+print "Getting with cookie but usn %d changed and extra/cursor GUID too" % (usn - 2)
+print " so that it's (tmp)highest_usn that drives the limit"
+cookie.blob.highwatermark.highest_usn = 0
+cookie.blob.highwatermark.tmp_highest_usn = usn - 2
+if cookie.blob.extra_length > 0:
+    cookie.blob.extra.ctr.cursors[0].source_dsa_invocation_id = misc.GUID("128a99bf-e2df-4832-ac0a-1fb625e530db")
+    cookie.blob.extra.ctr.cursors[0].highest_usn = bigusn - 1
+controls=["dirsync:1:1:50:%s" % base64.b64encode(ndr_pack(cookie))]
+(msgs, ctrls) = remote_ldb.searchex(expression="(objectclass=*)", base=base, controls=controls)
+if (len(ctrls)):
+    for ctl in ctrls:
+        cookie = printdirsync(ctl)
+    print "Returned %d entries" % len(msgs)
+
+print ""
+print "Getting with cookie but usn changed to %d" % (usn - 2)
+cookie.blob.highwatermark.highest_usn = 0
+cookie.blob.highwatermark.tmp_highest_usn = (usn - 2)
+if cookie.blob.extra_length > 0:
+    cookie.blob.extra.ctr.cursors[0].highest_usn = (usn - 2)
+controls=["dirsync:1:1:50:%s" % base64.b64encode(ndr_pack(cookie))]
+(msgs, ctrls) = remote_ldb.searchex(expression="(objectclass=*)", base=base, controls=controls)
+if (len(ctrls)):
+    for ctl in ctrls:
+        cookie = printdirsync(ctl)
+    print "Returned %d entries" % len(msgs)
diff --git a/source4/scripting/devel/selftest-vars.sh b/source4/scripting/devel/selftest-vars.sh
index bc73c05407..a8f323dbda 100644
--- a/source4/scripting/devel/selftest-vars.sh
+++ b/source4/scripting/devel/selftest-vars.sh
@@ -2,38 +2,42 @@
 # outside the test environment
 
 export UID_WRAPPER=1
-export NSS_WRAPPER_PASSWD=st/dc/passwd
-export NSS_WRAPPER_GROUP=st/dc/group
+export NSS_WRAPPER_PASSWD=$PWD/st/dc/passwd
+export NSS_WRAPPER_GROUP=$PWD/st/dc/group
 export CONFIGURATION="--configfile=$PWD/st/dc/etc/smb.conf"
+export VAMPIRE_DC_SERVER=localvampiredc
+export VAMPIRE_DC_SERVER_IP=127.0.0.22
+export VAMPIRE_DC_NETBIOSNAME=localvampiredc1
+export VAMPIRE_DC_NETBIOSALIAS=localvampiredc
 export MEMBER_SERVER=localmember3
-export MEMBER_SERVER_IP=127.0.0.3
+export MEMBER_SERVER_IP=127.0.0.23
 export MEMBER_NETBIOSNAME=localmember3
 export MEMBER_NETBIOSALIAS=localmember
 export RPC_PROXY_SERVER=localrpcproxy4
-export RPC_PROXY_SERVER_IP=127.0.0.4
+export RPC_PROXY_SERVER_IP=127.0.0.24
 export RPC_PROXY_NETBIOSNAME=localrpcproxy4
 export RPC_PROXY_NETBIOSALIAS=localrpcproxy
 export SELFTEST_MAXTIME=1200
 export NETBIOSNAME=localdc1
 export REALM=SAMBA.EXAMPLE.COM
-export SOCKET_WRAPPER_DEFAULT_IFACE=1
+export SOCKET_WRAPPER_DEFAULT_IFACE=21
 export SERVER=localdc1
 export WINBINDD_SOCKET_DIR=$PWD/st/dc/winbindd_socket
 export SELFTEST_PREFIX=$PWD/st
 export DOMAIN=SAMBADOMAIN
 export BINDIR=./bin
-export DC_SERVER_IP=127.0.0.1
+export DC_SERVER_IP=127.0.0.21
 export SELFTEST_INTERFACES=127.0.0.6/8,127.0.0.7/8,127.0.0.8/8,127.0.0.9/8,127.0.0.10/8,127.0.0.11/8
 export SOCKET_WRAPPER_DIR=$PWD/st/w
 export DC_USERNAME=Administrator
 export USERNAME=Administrator
-export SERVER_IP=127.0.0.1
+export SERVER_IP=127.0.0.21
 export KRB5_CONFIG=$PWD/st/dc/etc/krb5.conf
 export PREFIX_ABS=$PWD/st
 export SRCDIR_ABS=$PWD
-export PREFIX=./st
-export KRB5CCNAME=./st/krb5ticket
-export SRCDIR=.
+export PREFIX=$PWD/st
+export KRB5CCNAME=$PWD/st/krb5ticket
+export SRCDIR=$PWD/
 export TLS_ENABLED=yes
 export DC_NETBIOSALIAS=localdc
 export DC_NETBIOSNAME=localdc1