summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
Diffstat (limited to 'source4')
-rw-r--r--source4/cldap_server/netlogon.c80
-rw-r--r--source4/dsdb/samdb/ldb_modules/extended_dn.c390
-rw-r--r--source4/dsdb/samdb/ldb_modules/kludge_acl.c20
-rw-r--r--source4/dsdb/samdb/ldb_modules/linked_attributes.c38
-rw-r--r--source4/dsdb/samdb/ldb_modules/partition.c22
-rw-r--r--source4/dsdb/samdb/ldb_modules/rootdse.c2
-rw-r--r--source4/lib/ldb/common/ldb_dn.c4
-rw-r--r--source4/lib/registry/patchfile.c42
-rw-r--r--source4/libnet/libnet_become_dc.c2
-rw-r--r--source4/libnet/libnet_site.c5
-rw-r--r--source4/libnet/libnet_unbecome_dc.c9
-rw-r--r--source4/librpc/idl/drsuapi.idl4
-rw-r--r--source4/nbt_server/dgram/netlogon.c4
-rw-r--r--source4/nbt_server/irpc.c9
-rw-r--r--source4/setup/provision_basedn_modify.ldif8
-rw-r--r--source4/torture/ldap/cldap.c88
-rw-r--r--source4/torture/nbt/dgram.c42
-rw-r--r--source4/torture/rpc/dssync.c6
18 files changed, 577 insertions, 198 deletions
diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c
index b31e89b7a5..1cb0d50d02 100644
--- a/source4/cldap_server/netlogon.c
+++ b/source4/cldap_server/netlogon.c
@@ -331,68 +331,68 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
/* could check if the user exists */
if (user_known) {
- netlogon->nt5_ex.command = LOGON_SAM_LOGON_RESPONSE_EX;
+ netlogon->data.nt5_ex.command = LOGON_SAM_LOGON_RESPONSE_EX;
} else {
- netlogon->nt5_ex.command = LOGON_SAM_LOGON_USER_UNKNOWN_EX;
+ netlogon->data.nt5_ex.command = LOGON_SAM_LOGON_USER_UNKNOWN_EX;
}
- netlogon->nt5_ex.server_type = server_type;
- netlogon->nt5_ex.domain_uuid = domain_uuid;
- netlogon->nt5_ex.forest = realm;
- netlogon->nt5_ex.dns_domain = dns_domain;
- netlogon->nt5_ex.pdc_dns_name = pdc_dns_name;
- netlogon->nt5_ex.domain = flatname;
- netlogon->nt5_ex.pdc_name = lp_netbios_name(lp_ctx);
- netlogon->nt5_ex.user_name = user;
- netlogon->nt5_ex.server_site = server_site;
- netlogon->nt5_ex.client_site = client_site;
+ netlogon->data.nt5_ex.server_type = server_type;
+ netlogon->data.nt5_ex.domain_uuid = domain_uuid;
+ netlogon->data.nt5_ex.forest = realm;
+ netlogon->data.nt5_ex.dns_domain = dns_domain;
+ netlogon->data.nt5_ex.pdc_dns_name = pdc_dns_name;
+ netlogon->data.nt5_ex.domain = flatname;
+ netlogon->data.nt5_ex.pdc_name = lp_netbios_name(lp_ctx);
+ netlogon->data.nt5_ex.user_name = user;
+ netlogon->data.nt5_ex.server_site = server_site;
+ netlogon->data.nt5_ex.client_site = client_site;
if (version & NETLOGON_NT_VERSION_5EX_WITH_IP) {
/* Clearly this needs to be fixed up for IPv6 */
extra_flags = NETLOGON_NT_VERSION_5EX_WITH_IP;
- netlogon->nt5_ex.sockaddr.sa_family = 2;
- netlogon->nt5_ex.sockaddr.pdc_ip = pdc_ip;
- netlogon->nt5_ex.sockaddr.remaining = data_blob_talloc_zero(mem_ctx, 8);
+ netlogon->data.nt5_ex.sockaddr.sa_family = 2;
+ netlogon->data.nt5_ex.sockaddr.pdc_ip = pdc_ip;
+ netlogon->data.nt5_ex.sockaddr.remaining = data_blob_talloc_zero(mem_ctx, 8);
}
- netlogon->nt5_ex.nt_version = NETLOGON_NT_VERSION_1|NETLOGON_NT_VERSION_5EX|extra_flags;
- netlogon->nt5_ex.lmnt_token = 0xFFFF;
- netlogon->nt5_ex.lm20_token = 0xFFFF;
+ netlogon->data.nt5_ex.nt_version = NETLOGON_NT_VERSION_1|NETLOGON_NT_VERSION_5EX|extra_flags;
+ netlogon->data.nt5_ex.lmnt_token = 0xFFFF;
+ netlogon->data.nt5_ex.lm20_token = 0xFFFF;
} else if (version & NETLOGON_NT_VERSION_5) {
netlogon->ntver = NETLOGON_NT_VERSION_5;
/* could check if the user exists */
if (user_known) {
- netlogon->nt5.command = LOGON_SAM_LOGON_RESPONSE;
+ netlogon->data.nt5.command = LOGON_SAM_LOGON_RESPONSE;
} else {
- netlogon->nt5.command = LOGON_SAM_LOGON_USER_UNKNOWN;
+ netlogon->data.nt5.command = LOGON_SAM_LOGON_USER_UNKNOWN;
}
- netlogon->nt5.pdc_name = pdc_name;
- netlogon->nt5.user_name = user;
- netlogon->nt5.domain_name = flatname;
- netlogon->nt5.domain_uuid = domain_uuid;
- netlogon->nt5.forest = realm;
- netlogon->nt5.dns_domain = dns_domain;
- netlogon->nt5.pdc_dns_name = pdc_dns_name;
- netlogon->nt5.pdc_ip = pdc_ip;
- netlogon->nt5.server_type = server_type;
- netlogon->nt5.nt_version = NETLOGON_NT_VERSION_1|NETLOGON_NT_VERSION_5;
- netlogon->nt5.lmnt_token = 0xFFFF;
- netlogon->nt5.lm20_token = 0xFFFF;
+ netlogon->data.nt5.pdc_name = pdc_name;
+ netlogon->data.nt5.user_name = user;
+ netlogon->data.nt5.domain_name = flatname;
+ netlogon->data.nt5.domain_uuid = domain_uuid;
+ netlogon->data.nt5.forest = realm;
+ netlogon->data.nt5.dns_domain = dns_domain;
+ netlogon->data.nt5.pdc_dns_name = pdc_dns_name;
+ netlogon->data.nt5.pdc_ip = pdc_ip;
+ netlogon->data.nt5.server_type = server_type;
+ netlogon->data.nt5.nt_version = NETLOGON_NT_VERSION_1|NETLOGON_NT_VERSION_5;
+ netlogon->data.nt5.lmnt_token = 0xFFFF;
+ netlogon->data.nt5.lm20_token = 0xFFFF;
} else /* (version & NETLOGON_NT_VERSION_1) and all other cases */ {
netlogon->ntver = NETLOGON_NT_VERSION_1;
/* could check if the user exists */
if (user_known) {
- netlogon->nt4.command = LOGON_SAM_LOGON_RESPONSE;
+ netlogon->data.nt4.command = LOGON_SAM_LOGON_RESPONSE;
} else {
- netlogon->nt4.command = LOGON_SAM_LOGON_USER_UNKNOWN;
+ netlogon->data.nt4.command = LOGON_SAM_LOGON_USER_UNKNOWN;
}
- netlogon->nt4.server = pdc_name;
- netlogon->nt4.user_name = user;
- netlogon->nt4.domain = flatname;
- netlogon->nt4.nt_version = NETLOGON_NT_VERSION_1;
- netlogon->nt4.lmnt_token = 0xFFFF;
- netlogon->nt4.lm20_token = 0xFFFF;
+ netlogon->data.nt4.server = pdc_name;
+ netlogon->data.nt4.user_name = user;
+ netlogon->data.nt4.domain = flatname;
+ netlogon->data.nt4.nt_version = NETLOGON_NT_VERSION_1;
+ netlogon->data.nt4.lmnt_token = 0xFFFF;
+ netlogon->data.nt4.lm20_token = 0xFFFF;
}
return NT_STATUS_OK;
diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn.c b/source4/dsdb/samdb/ldb_modules/extended_dn.c
index e40190e86f..88a8887056 100644
--- a/source4/dsdb/samdb/ldb_modules/extended_dn.c
+++ b/source4/dsdb/samdb/ldb_modules/extended_dn.c
@@ -202,10 +202,14 @@ struct extended_context {
struct ldb_module *module;
struct ldb_request *req;
-
+ struct ldb_control *control;
+ struct ldb_dn *basedn;
+ char *wellknown_object;
+ bool inject;
bool remove_guid;
bool remove_sid;
int extended_type;
+ const char * const *cast_attrs;
};
static int extended_callback(struct ldb_request *req, struct ldb_reply *ares)
@@ -226,13 +230,15 @@ static int extended_callback(struct ldb_request *req, struct ldb_reply *ares)
switch (ares->type) {
case LDB_REPLY_ENTRY:
- /* for each record returned post-process to add any derived
- attributes that have been asked for */
- ret = inject_extended_dn(ares->message, ac->module->ldb,
- ac->extended_type, ac->remove_guid,
- ac->remove_sid);
- if (ret != LDB_SUCCESS) {
- return ldb_module_done(ac->req, NULL, NULL, ret);
+ if (ac->inject) {
+ /* for each record returned post-process to add any derived
+ attributes that have been asked for */
+ ret = inject_extended_dn(ares->message, ac->module->ldb,
+ ac->extended_type, ac->remove_guid,
+ ac->remove_sid);
+ if (ret != LDB_SUCCESS) {
+ return ldb_module_done(ac->req, NULL, NULL, ret);
+ }
}
return ldb_module_send_entry(ac->req, ares->message);
@@ -248,6 +254,118 @@ static int extended_callback(struct ldb_request *req, struct ldb_reply *ares)
return LDB_SUCCESS;
}
+static int extended_base_callback(struct ldb_request *req, struct ldb_reply *ares)
+{
+ struct extended_context *ac;
+ struct ldb_request *down_req;
+ struct ldb_control **saved_controls;
+ struct ldb_message_element *el;
+ int ret;
+ size_t i;
+ size_t wkn_len = 0;
+ char *valstr = NULL;
+ const char *found = NULL;
+
+ ac = talloc_get_type(req->context, struct extended_context);
+
+ if (!ares) {
+ return ldb_module_done(ac->req, NULL, NULL,
+ LDB_ERR_OPERATIONS_ERROR);
+ }
+ if (ares->error != LDB_SUCCESS) {
+ return ldb_module_done(ac->req, ares->controls,
+ ares->response, ares->error);
+ }
+
+ switch (ares->type) {
+ case LDB_REPLY_ENTRY:
+ if (!ac->wellknown_object) {
+ ac->basedn = ares->message->dn;
+ break;
+ }
+
+ wkn_len = strlen(ac->wellknown_object);
+
+ el = ldb_msg_find_element(ares->message, "wellKnownObjects");
+ if (!el) {
+ ac->basedn = NULL;
+ break;
+ }
+
+ for (i=0; i < el->num_values; i++) {
+ valstr = talloc_strndup(ac,
+ (const char *)el->values[i].data,
+ el->values[i].length);
+ if (!valstr) {
+ ldb_oom(ac->module->ldb);
+ return ldb_module_done(ac->req, NULL, NULL,
+ LDB_ERR_OPERATIONS_ERROR);
+ }
+
+ if (strncasecmp(valstr, ac->wellknown_object, wkn_len) != 0) {
+ talloc_free(valstr);
+ continue;
+ }
+
+ found = &valstr[wkn_len];
+ break;
+ }
+
+ if (!found) {
+ break;
+ }
+
+ ac->basedn = ldb_dn_new(ac, ac->module->ldb, found);
+ talloc_free(valstr);
+ if (!ac->basedn) {
+ ldb_oom(ac->module->ldb);
+ return ldb_module_done(ac->req, NULL, NULL,
+ LDB_ERR_OPERATIONS_ERROR);
+ }
+
+ break;
+
+ case LDB_REPLY_REFERRAL:
+ break;
+
+ case LDB_REPLY_DONE:
+
+ if (!ac->basedn) {
+ const char *str = talloc_asprintf(req, "Base-DN '%s' not found",
+ ldb_dn_get_linearized(ac->req->op.search.base));
+ ldb_set_errstring(ac->module->ldb, str);
+ return ldb_module_done(ac->req, NULL, NULL,
+ LDB_ERR_NO_SUCH_OBJECT);
+ }
+
+ ret = ldb_build_search_req_ex(&down_req,
+ ac->module->ldb, ac,
+ ac->basedn,
+ ac->req->op.search.scope,
+ ac->req->op.search.tree,
+ ac->cast_attrs,
+ ac->req->controls,
+ ac, extended_callback,
+ ac->req);
+ if (ret != LDB_SUCCESS) {
+ return ldb_module_done(ac->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR);
+ }
+
+ if (ac->control) {
+ /* save it locally and remove it from the list */
+ /* we do not need to replace them later as we
+ * are keeping the original req intact */
+ if (!save_controls(ac->control, down_req, &saved_controls)) {
+ return ldb_module_done(ac->req, NULL, NULL,
+ LDB_ERR_OPERATIONS_ERROR);
+ }
+ }
+
+ /* perform the search */
+ return ldb_next_request(ac->module, down_req);
+ }
+ return LDB_SUCCESS;
+}
static int extended_search(struct ldb_module *module, struct ldb_request *req)
{
@@ -256,25 +374,181 @@ static int extended_search(struct ldb_module *module, struct ldb_request *req)
struct ldb_control **saved_controls;
struct extended_context *ac;
struct ldb_request *down_req;
- const char * const *cast_attrs = NULL;
char **new_attrs;
int ret;
+ struct ldb_dn *base_dn = NULL;
+ enum ldb_scope base_dn_scope = LDB_SCOPE_BASE;
+ const char *base_dn_filter = NULL;
+ const char * const *base_dn_attrs = NULL;
+ char *wellknown_object = NULL;
+ static const char *dnattr[] = {
+ "distinguishedName",
+ NULL
+ };
+ static const char *wkattr[] = {
+ "wellKnownObjects",
+ NULL
+ };
+
+ if (ldb_dn_is_special(req->op.search.base)) {
+ char *dn;
+
+ dn = ldb_dn_alloc_linearized(req, req->op.search.base);
+ if (!dn) {
+ ldb_oom(module->ldb);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ if (strncasecmp(dn, "<SID=", 5) == 0) {
+ char *str;
+ char *valstr;
+ char *p;
+
+ p = strchr(dn, '=');
+ if (!p) {
+ return LDB_ERR_INVALID_DN_SYNTAX;
+ }
+
+ p[0] = '\0';
+ p++;
+
+ str = p;
+
+ p = strchr(str, '>');
+ if (!p) {
+ return LDB_ERR_INVALID_DN_SYNTAX;
+ }
+ p[0] = '\0';
+
+ if (strncasecmp(str, "S-", 2) == 0) {
+ valstr = str;
+ } else {
+ DATA_BLOB binary;
+ binary = strhex_to_data_blob(str);
+ if (!binary.data) {
+ ldb_oom(module->ldb);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+ valstr = ldb_binary_encode(req, binary);
+ data_blob_free(&binary);
+ if (!valstr) {
+ ldb_oom(module->ldb);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+ }
+
+ /* TODO: do a search over all partitions */
+ base_dn = ldb_get_default_basedn(module->ldb);
+ base_dn_filter = talloc_asprintf(req, "(objectSid=%s)", valstr);
+ if (!base_dn_filter) {
+ ldb_oom(module->ldb);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+ base_dn_scope = LDB_SCOPE_SUBTREE;
+ base_dn_attrs = dnattr;
+ } else if (strncasecmp(dn, "<GUID=", 6) == 0) {
+ char *str;
+ char *valstr;
+ char *p;
+
+ p = strchr(dn, '=');
+ if (!p) {
+ return LDB_ERR_INVALID_DN_SYNTAX;
+ }
+
+ p[0] = '\0';
+ p++;
+
+ str = p;
+
+ p = strchr(str, '>');
+ if (!p) {
+ return LDB_ERR_INVALID_DN_SYNTAX;
+ }
+ p[0] = '\0';
+
+ if (strchr(str, '-')) {
+ valstr = str;
+ } else {
+ DATA_BLOB binary;
+ binary = strhex_to_data_blob(str);
+ if (!binary.data) {
+ ldb_oom(module->ldb);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+ valstr = ldb_binary_encode(req, binary);
+ data_blob_free(&binary);
+ if (!valstr) {
+ ldb_oom(module->ldb);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+ }
+
+ /* TODO: do a search over all partitions */
+ base_dn = ldb_get_default_basedn(module->ldb);
+ base_dn_filter = talloc_asprintf(req, "(objectGUID=%s)", valstr);
+ if (!base_dn_filter) {
+ ldb_oom(module->ldb);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+ base_dn_scope = LDB_SCOPE_SUBTREE;
+ base_dn_attrs = dnattr;
+ } else if (strncasecmp(dn, "<WKGUID=", 8) == 0) {
+ char *tail_str;
+ char *p;
+
+ p = strchr(dn, ',');
+ if (!p) {
+ return LDB_ERR_INVALID_DN_SYNTAX;
+ }
+
+ p[0] = '\0';
+ p++;
+
+ wellknown_object = talloc_asprintf(req, "B:32:%s:", &dn[8]);
+ if (!wellknown_object) {
+ ldb_oom(module->ldb);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ tail_str = p;
+ p = strchr(tail_str, '>');
+ if (!p) {
+ return LDB_ERR_INVALID_DN_SYNTAX;
+ }
+ p[0] = '\0';
+
+ base_dn = ldb_dn_new(req, module->ldb, tail_str);
+ if (!base_dn) {
+ ldb_oom(module->ldb);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+ base_dn_filter = talloc_strdup(req, "(objectClass=*)");
+ if (!base_dn_filter) {
+ ldb_oom(module->ldb);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+ base_dn_scope = LDB_SCOPE_BASE;
+ base_dn_attrs = wkattr;
+ }
+ talloc_free(dn);
+ }
/* check if there's an extended dn control */
control = ldb_request_get_control(req, LDB_CONTROL_EXTENDED_DN_OID);
- if (control == NULL) {
+ if (control == NULL && base_dn_filter == NULL) {
/* not found go on */
return ldb_next_request(module, req);
}
- if (control->data) {
+ if (control && control->data) {
extended_ctrl = talloc_get_type(control->data, struct ldb_extended_dn_control);
if (!extended_ctrl) {
return LDB_ERR_PROTOCOL_ERROR;
}
}
- ac = talloc(req, struct extended_context);
+ ac = talloc_zero(req, struct extended_context);
if (ac == NULL) {
ldb_oom(module->ldb);
return LDB_ERR_OPERATIONS_ERROR;
@@ -282,49 +556,75 @@ static int extended_search(struct ldb_module *module, struct ldb_request *req)
ac->module = module;
ac->req = req;
+ ac->control = control;
+ ac->basedn = NULL;
+ ac->wellknown_object = wellknown_object;
+ ac->inject = false;
ac->remove_guid = false;
ac->remove_sid = false;
- if (extended_ctrl) {
- ac->extended_type = extended_ctrl->type;
- } else {
- ac->extended_type = 0;
- }
- /* check if attrs only is specified, in that case check wether we need to modify them */
- if (req->op.search.attrs) {
- if (! is_attr_in_list(req->op.search.attrs, "objectGUID")) {
- ac->remove_guid = true;
- }
- if (! is_attr_in_list(req->op.search.attrs, "objectSID")) {
- ac->remove_sid = true;
+ if (control) {
+ ac->inject = true;
+ if (extended_ctrl) {
+ ac->extended_type = extended_ctrl->type;
+ } else {
+ ac->extended_type = 0;
}
- if (ac->remove_guid || ac->remove_sid) {
- new_attrs = copy_attrs(ac, req->op.search.attrs);
- if (new_attrs == NULL) {
- ldb_oom(module->ldb);
- return LDB_ERR_OPERATIONS_ERROR;
+
+ /* check if attrs only is specified, in that case check wether we need to modify them */
+ if (req->op.search.attrs) {
+ if (! is_attr_in_list(req->op.search.attrs, "objectGUID")) {
+ ac->remove_guid = true;
}
-
- if (ac->remove_guid) {
- if (!add_attrs(ac, &new_attrs, "objectGUID"))
- return LDB_ERR_OPERATIONS_ERROR;
+ if (! is_attr_in_list(req->op.search.attrs, "objectSID")) {
+ ac->remove_sid = true;
}
- if (ac->remove_sid) {
- if (!add_attrs(ac, &new_attrs, "objectSID"))
+ if (ac->remove_guid || ac->remove_sid) {
+ new_attrs = copy_attrs(ac, req->op.search.attrs);
+ if (new_attrs == NULL) {
+ ldb_oom(module->ldb);
return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ if (ac->remove_guid) {
+ if (!add_attrs(ac, &new_attrs, "objectGUID"))
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+ if (ac->remove_sid) {
+ if (!add_attrs(ac, &new_attrs, "objectSID"))
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+ ac->cast_attrs = (const char * const *)new_attrs;
+ } else {
+ ac->cast_attrs = req->op.search.attrs;
}
- cast_attrs = (const char * const *)new_attrs;
- } else {
- cast_attrs = req->op.search.attrs;
}
}
+ if (base_dn) {
+ ret = ldb_build_search_req(&down_req,
+ module->ldb, ac,
+ base_dn,
+ base_dn_scope,
+ base_dn_filter,
+ base_dn_attrs,
+ NULL,
+ ac, extended_base_callback,
+ req);
+ if (ret != LDB_SUCCESS) {
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ /* perform the search */
+ return ldb_next_request(module, down_req);
+ }
+
ret = ldb_build_search_req_ex(&down_req,
module->ldb, ac,
req->op.search.base,
req->op.search.scope,
req->op.search.tree,
- cast_attrs,
+ ac->cast_attrs,
req->controls,
ac, extended_callback,
req);
@@ -332,11 +632,13 @@ static int extended_search(struct ldb_module *module, struct ldb_request *req)
return LDB_ERR_OPERATIONS_ERROR;
}
- /* save it locally and remove it from the list */
- /* we do not need to replace them later as we
- * are keeping the original req intact */
- if (!save_controls(control, down_req, &saved_controls)) {
- return LDB_ERR_OPERATIONS_ERROR;
+ if (ac->control) {
+ /* save it locally and remove it from the list */
+ /* we do not need to replace them later as we
+ * are keeping the original req intact */
+ if (!save_controls(control, down_req, &saved_controls)) {
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
}
/* perform the search */
diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c
index 24527c36c9..6e6da5581d 100644
--- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c
+++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c
@@ -321,6 +321,8 @@ static int kludge_acl_search(struct ldb_module *module, struct ldb_request *req)
struct kludge_private_data *data;
const char * const *attrs;
int ret, i;
+ struct ldb_control *sd_control;
+ struct ldb_control **sd_saved_controls;
ac = talloc(req, struct kludge_acl_context);
if (ac == NULL) {
@@ -382,6 +384,17 @@ static int kludge_acl_search(struct ldb_module *module, struct ldb_request *req)
return LDB_ERR_OPERATIONS_ERROR;
}
+ /* check if there's an SD_FLAGS control */
+ sd_control = ldb_request_get_control(down_req, LDB_CONTROL_SD_FLAGS_OID);
+ if (sd_control) {
+ /* save it locally and remove it from the list */
+ /* we do not need to replace them later as we
+ * are keeping the original req intact */
+ if (!save_controls(sd_control, down_req, &sd_saved_controls)) {
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+ }
+
/* perform the search */
return ldb_next_request(module, down_req);
}
@@ -462,6 +475,13 @@ static int kludge_acl_init(struct ldb_module *module)
}
data->password_attrs[i] = NULL;
+ ret = ldb_mod_register_control(module, LDB_CONTROL_SD_FLAGS_OID);
+ if (ret != LDB_SUCCESS) {
+ ldb_debug(module->ldb, LDB_DEBUG_ERROR,
+ "partition: Unable to register control with rootdse!\n");
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
done:
talloc_free(mem_ctx);
return ldb_next_init(module);
diff --git a/source4/dsdb/samdb/ldb_modules/linked_attributes.c b/source4/dsdb/samdb/ldb_modules/linked_attributes.c
index 3b389afffb..14fd107d81 100644
--- a/source4/dsdb/samdb/ldb_modules/linked_attributes.c
+++ b/source4/dsdb/samdb/ldb_modules/linked_attributes.c
@@ -217,6 +217,17 @@ static int linked_attributes_add(struct ldb_module *module, struct ldb_request *
/* Even link IDs are for the originating attribute */
target_attr = dsdb_attribute_by_linkID(ac->schema, schema_attr->linkID + 1);
+ if (!target_attr) {
+ /*
+ * windows 2003 has a broken schema where
+ * the definition of msDS-IsDomainFor
+ * is missing (which is supposed to be
+ * the backlink of the msDS-HasDomainNCs
+ * attribute
+ */
+ continue;
+ }
+
attr_name = target_attr->lDAPDisplayName;
attr_val = ldb_dn_get_linearized(ac->req->op.add.message->dn);
@@ -301,6 +312,16 @@ static int la_mod_search_callback(struct ldb_request *req, struct ldb_reply *are
}
target_attr = dsdb_attribute_by_linkID(ac->schema, schema_attr->linkID + 1);
+ if (!target_attr) {
+ /*
+ * windows 2003 has a broken schema where
+ * the definition of msDS-IsDomainFor
+ * is missing (which is supposed to be
+ * the backlink of the msDS-HasDomainNCs
+ * attribute
+ */
+ continue;
+ }
attr_name = target_attr->lDAPDisplayName;
/* make sure we manage each value */
@@ -399,9 +420,14 @@ static int linked_attributes_modify(struct ldb_module *module, struct ldb_reques
/* Now find the target attribute */
target_attr = dsdb_attribute_by_linkID(ac->schema, schema_attr->linkID + 1);
if (!target_attr) {
- ldb_asprintf_errstring(module->ldb,
- "attribute %s does not have valid link target", el->name);
- return LDB_ERR_OBJECT_CLASS_VIOLATION;
+ /*
+ * windows 2003 has a broken schema where
+ * the definition of msDS-IsDomainFor
+ * is missing (which is supposed to be
+ * the backlink of the msDS-HasDomainNCs
+ * attribute
+ */
+ continue;
}
attr_name = target_attr->lDAPDisplayName;
@@ -654,9 +680,15 @@ static int la_op_search_callback(struct ldb_request *req,
if ((schema_attr->linkID & 1) == 0) {
/* Odd is for the target. */
target_attr = dsdb_attribute_by_linkID(ac->schema, schema_attr->linkID + 1);
+ if (!target_attr) {
+ continue;
+ }
attr_name = target_attr->lDAPDisplayName;
} else {
target_attr = dsdb_attribute_by_linkID(ac->schema, schema_attr->linkID - 1);
+ if (!target_attr) {
+ continue;
+ }
attr_name = target_attr->lDAPDisplayName;
}
for (j = 0; j < el->num_values; j++) {
diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c
index 1274061e77..8e4483a78e 100644
--- a/source4/dsdb/samdb/ldb_modules/partition.c
+++ b/source4/dsdb/samdb/ldb_modules/partition.c
@@ -472,6 +472,14 @@ static int partition_search(struct ldb_module *module, struct ldb_request *req)
return LDB_ERR_OPERATIONS_ERROR;
}
+ /*
+ * for now pass down the LDB_CONTROL_SEARCH_OPTIONS_OID control
+ * down as uncritical to make windows 2008 dcpromo happy.
+ */
+ if (search_control) {
+ search_control->critical = 0;
+ }
+
/* TODO:
Generate referrals (look for a partition under this DN) if we don't have the above control specified
*/
@@ -1186,6 +1194,20 @@ static int partition_init(struct ldb_module *module)
}
}
+ ret = ldb_mod_register_control(module, LDB_CONTROL_DOMAIN_SCOPE_OID);
+ if (ret != LDB_SUCCESS) {
+ ldb_debug(module->ldb, LDB_DEBUG_ERROR,
+ "partition: Unable to register control with rootdse!\n");
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ ret = ldb_mod_register_control(module, LDB_CONTROL_SEARCH_OPTIONS_OID);
+ if (ret != LDB_SUCCESS) {
+ ldb_debug(module->ldb, LDB_DEBUG_ERROR,
+ "partition: Unable to register control with rootdse!\n");
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
talloc_free(mem_ctx);
return ldb_next_init(module);
}
diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c
index 0d14a54464..b38e182cf7 100644
--- a/source4/dsdb/samdb/ldb_modules/rootdse.c
+++ b/source4/dsdb/samdb/ldb_modules/rootdse.c
@@ -318,7 +318,7 @@ static int rootdse_search(struct ldb_module *module, struct ldb_request *req)
LDB_SCOPE_BASE,
NULL,
req->op.search.attrs,
- req->controls,
+ NULL,/* for now skip the controls from the client */
ac, rootdse_callback,
req);
if (ret != LDB_SUCCESS) {
diff --git a/source4/lib/ldb/common/ldb_dn.c b/source4/lib/ldb/common/ldb_dn.c
index c0d36cfbf3..e36aea4e69 100644
--- a/source4/lib/ldb/common/ldb_dn.c
+++ b/source4/lib/ldb/common/ldb_dn.c
@@ -91,7 +91,7 @@ struct ldb_dn *ldb_dn_from_ldb_val(void *mem_ctx, struct ldb_context *ldb, const
* exploded_dn control is used */
dn->special = true;
/* FIXME: add a GUID string to ldb_dn structure */
- } else if (strdn->length >= 8 && strncasecmp((const char *)strdn->data, "<SID=", 8) == 0) {
+ } else if (strdn->length >= 5 && strncasecmp((const char *)strdn->data, "<SID=", 5) == 0) {
/* this is special DN returned when the
* exploded_dn control is used */
dn->special = true;
@@ -150,7 +150,7 @@ struct ldb_dn *ldb_dn_new_fmt(void *mem_ctx, struct ldb_context *ldb, const char
* exploded_dn control is used */
dn->special = true;
/* FIXME: add a GUID string to ldb_dn structure */
- } else if (strncasecmp(strdn, "<SID=", 8) == 0) {
+ } else if (strncasecmp(strdn, "<SID=", 5) == 0) {
/* this is special DN returned when the
* exploded_dn control is used */
dn->special = true;
diff --git a/source4/lib/registry/patchfile.c b/source4/lib/registry/patchfile.c
index d49d46250d..a6f947ee78 100644
--- a/source4/lib/registry/patchfile.c
+++ b/source4/lib/registry/patchfile.c
@@ -69,7 +69,7 @@ WERROR reg_generate_diff_key(struct registry_key *oldkey,
old_num_values = 0;
}
- /* Subkeys that were deleted */
+ /* Subkeys that were changed or deleted */
for (i = 0; i < old_num_subkeys; i++) {
error1 = reg_key_get_subkey_by_index(mem_ctx, oldkey, i,
&keyname1, NULL, NULL);
@@ -81,24 +81,23 @@ WERROR reg_generate_diff_key(struct registry_key *oldkey,
if (newkey != NULL) {
error2 = reg_open_key(mem_ctx, newkey, keyname1, &t2);
-
- if (W_ERROR_IS_OK(error2))
- continue;
} else {
error2 = WERR_BADFILE;
t2 = NULL;
}
- if (!W_ERROR_EQUAL(error2, WERR_BADFILE)) {
+ if (!W_ERROR_IS_OK(error2) && !W_ERROR_EQUAL(error2, WERR_BADFILE)) {
DEBUG(0, ("Error occured while getting subkey by name: %s\n",
win_errstr(error2)));
talloc_free(mem_ctx);
return error2;
}
- /* newkey didn't have such a subkey, add del diff */
+ /* if "error2" is going to be "WERR_BADFILE", then newkey */
+ /* didn't have such a subkey and therefore add a del diff */
tmppath = talloc_asprintf(mem_ctx, "%s\\%s", path, keyname1);
- callbacks->del_key(callback_data, tmppath);
+ if (!W_ERROR_IS_OK(error2))
+ callbacks->del_key(callback_data, tmppath);
/* perform here also the recursive invocation */
error1 = reg_open_key(mem_ctx, oldkey, keyname1, &t1);
@@ -385,14 +384,13 @@ static WERROR reg_diff_apply_add_key(void *_ctx, const char *key_name)
static WERROR reg_diff_apply_del_key(void *_ctx, const char *key_name)
{
struct registry_context *ctx = (struct registry_context *)_ctx;
- WERROR error;
- error = reg_key_del_abs(ctx, key_name);
+ /* We can't proof here for success, because a common superkey could */
+ /* have been deleted before the subkey's (diff order). This removed */
+ /* therefore all childs recursively and the "WERR_BADFILE" result is */
+ /* expected. */
- if(!W_ERROR_IS_OK(error)) {
- DEBUG(0, ("Unable to delete key '%s'\n", key_name));
- return error;
- }
+ reg_key_del_abs(ctx, key_name);
return WERR_OK;
}
@@ -454,8 +452,7 @@ static WERROR reg_diff_apply_del_all_values(void *_ctx, const char *key_name)
struct registry_context *ctx = (struct registry_context *)_ctx;
struct registry_key *key;
WERROR error;
- int i;
- uint32_t num_values;
+ const char* value_name;
error = reg_open_key_abs(ctx, ctx, key_name, &key);
@@ -465,14 +462,15 @@ static WERROR reg_diff_apply_del_all_values(void *_ctx, const char *key_name)
}
W_ERROR_NOT_OK_RETURN(reg_key_get_info(ctx, key, NULL,
- NULL, &num_values, NULL, NULL, NULL, NULL));
+ NULL, NULL, NULL, NULL, NULL, NULL));
- for (i = 0; i < num_values; i++) {
- const char *name;
- W_ERROR_NOT_OK_RETURN(reg_key_get_value_by_index(ctx, key, i,
- &name,
- NULL, NULL));
- W_ERROR_NOT_OK_RETURN(reg_del_value(key, name));
+ while (W_ERROR_IS_OK(reg_key_get_value_by_index(
+ ctx, key, 0, &value_name, NULL, NULL))) {
+ error = reg_del_value(key, value_name);
+ if (!W_ERROR_IS_OK(error)) {
+ DEBUG(0, ("Error deleting value '%s'\n", value_name));
+ return error;
+ }
}
return WERR_OK;
diff --git a/source4/libnet/libnet_become_dc.c b/source4/libnet/libnet_become_dc.c
index b9071d5eb1..4cbebbf6d0 100644
--- a/source4/libnet/libnet_become_dc.c
+++ b/source4/libnet/libnet_become_dc.c
@@ -770,7 +770,7 @@ static void becomeDC_recv_cldap(struct cldap_request *req)
c->status = cldap_netlogon_recv(req, s, &s->cldap.io);
if (!composite_is_ok(c)) return;
- s->cldap.netlogon = s->cldap.io.out.netlogon.nt5_ex;
+ s->cldap.netlogon = s->cldap.io.out.netlogon.data.nt5_ex;
s->domain.dns_name = s->cldap.netlogon.dns_domain;
s->domain.netbios_name = s->cldap.netlogon.domain;
diff --git a/source4/libnet/libnet_site.c b/source4/libnet/libnet_site.c
index 5647a93b8d..4a32ab92ed 100644
--- a/source4/libnet/libnet_site.c
+++ b/source4/libnet/libnet_site.c
@@ -58,7 +58,8 @@ NTSTATUS libnet_FindSite(TALLOC_CTX *ctx, struct libnet_context *lctx, struct li
cldap = cldap_socket_init(tmp_ctx, lctx->event_ctx, lp_iconv_convenience(lctx->lp_ctx));
status = cldap_netlogon(cldap, tmp_ctx, &search);
- if (!NT_STATUS_IS_OK(status) || !search.out.netlogon.nt5_ex.client_site) {
+ if (!NT_STATUS_IS_OK(status)
+ || !search.out.netlogon.data.nt5_ex.client_site) {
/*
If cldap_netlogon() returns in error,
default to using Default-First-Site-Name.
@@ -72,7 +73,7 @@ NTSTATUS libnet_FindSite(TALLOC_CTX *ctx, struct libnet_context *lctx, struct li
}
} else {
site_name_str = talloc_asprintf(tmp_ctx, "%s",
- search.out.netlogon.nt5_ex.client_site);
+ search.out.netlogon.data.nt5_ex.client_site);
if (!site_name_str) {
r->out.error_string = NULL;
talloc_free(tmp_ctx);
diff --git a/source4/libnet/libnet_unbecome_dc.c b/source4/libnet/libnet_unbecome_dc.c
index 4eeaf1b80c..2ee3c641b2 100644
--- a/source4/libnet/libnet_unbecome_dc.c
+++ b/source4/libnet/libnet_unbecome_dc.c
@@ -289,7 +289,7 @@ static void unbecomeDC_recv_cldap(struct cldap_request *req)
c->status = cldap_netlogon_recv(req, s, &s->cldap.io);
if (!composite_is_ok(c)) return;
- s->cldap.netlogon = s->cldap.io.out.netlogon.nt5_ex;
+ s->cldap.netlogon = s->cldap.io.out.netlogon.data.nt5_ex;
s->domain.dns_name = s->cldap.netlogon.dns_domain;
s->domain.netbios_name = s->cldap.netlogon.domain;
@@ -641,7 +641,7 @@ static void unbecomeDC_drsuapi_remove_ds_server_send(struct libnet_UnbecomeDC_st
r->in.level = 1;
r->in.req.req1.server_dn= s->dest_dsa.server_dn_str;
r->in.req.req1.domain_dn= s->domain.dn_str;
- r->in.req.req1.unknown = 0x00000001;
+ r->in.req.req1.commit = true;
req = dcerpc_drsuapi_DsRemoveDSServer_send(s->drsuapi.pipe, s, r);
composite_continue_rpc(c, req, unbecomeDC_drsuapi_remove_ds_server_recv, s);
@@ -666,11 +666,6 @@ static void unbecomeDC_drsuapi_remove_ds_server_recv(struct rpc_request *req)
composite_error(c, NT_STATUS_INVALID_NETWORK_RESPONSE);
return;
}
-
- if (!W_ERROR_IS_OK(r->out.res.res1.status)) {
- composite_error(c, werror_to_ntstatus(r->out.res.res1.status));
- return;
- }
composite_done(c);
}
diff --git a/source4/librpc/idl/drsuapi.idl b/source4/librpc/idl/drsuapi.idl
index 0a5a081dd7..76858b2d5c 100644
--- a/source4/librpc/idl/drsuapi.idl
+++ b/source4/librpc/idl/drsuapi.idl
@@ -970,7 +970,7 @@ interface drsuapi
typedef struct {
[charset(UTF16),string] uint16 *server_dn;
[charset(UTF16),string] uint16 *domain_dn;
- uint32 unknown; /* 0x000000001 */
+ boolean32 commit;
} drsuapi_DsRemoveDSServerRequest1;
typedef [switch_type(int32)] union {
@@ -978,7 +978,7 @@ interface drsuapi
} drsuapi_DsRemoveDSServerRequest;
typedef struct {
- WERROR status;
+ boolean32 last_dc_in_domain;
} drsuapi_DsRemoveDSServerResult1;
typedef [switch_type(int32)] union {
diff --git a/source4/nbt_server/dgram/netlogon.c b/source4/nbt_server/dgram/netlogon.c
index 5e95270b7d..1bc3e2b62f 100644
--- a/source4/nbt_server/dgram/netlogon.c
+++ b/source4/nbt_server/dgram/netlogon.c
@@ -77,7 +77,7 @@ static void nbtd_netlogon_getdc(struct dgram_mailslot_handler *dgmslot,
/* setup a GETDC reply */
ZERO_STRUCT(netlogon_response);
netlogon_response.response_type = NETLOGON_GET_PDC;
- pdc = &netlogon_response.get_pdc;
+ pdc = &netlogon_response.data.get_pdc;
pdc->command = NETLOGON_RESPONSE_FROM_PDC;
pdc->pdc_name = lp_netbios_name(iface->nbtsrv->task->lp_ctx);
@@ -132,7 +132,7 @@ static void nbtd_netlogon_samlogon(struct dgram_mailslot_handler *dgmslot,
status = fill_netlogon_samlogon_response(samctx, packet, NULL, name->name, sid, NULL,
netlogon->req.logon.user_name, netlogon->req.logon.acct_control, src->addr,
- netlogon->req.logon.nt_version, iface->nbtsrv->task->lp_ctx, &netlogon_response.samlogon);
+ netlogon->req.logon.nt_version, iface->nbtsrv->task->lp_ctx, &netlogon_response.data.samlogon);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(2,("NBT netlogon query failed domain=%s sid=%s version=%d - %s\n",
name->name, dom_sid_string(packet, sid), netlogon->req.logon.nt_version, nt_errstr(status)));
diff --git a/source4/nbt_server/irpc.c b/source4/nbt_server/irpc.c
index 8f1f74afcf..fc61372ead 100644
--- a/source4/nbt_server/irpc.c
+++ b/source4/nbt_server/irpc.c
@@ -79,16 +79,17 @@ static void getdc_recv_netlogon_reply(struct dgram_mailslot_handler *dgmslot,
/* We asked for version 1 only */
if (netlogon.response_type == NETLOGON_SAMLOGON
- && netlogon.samlogon.ntver != NETLOGON_NT_VERSION_1) {
+ && netlogon.data.samlogon.ntver != NETLOGON_NT_VERSION_1) {
status = NT_STATUS_INVALID_NETWORK_RESPONSE;
goto done;
}
- p = netlogon.samlogon.nt4.server;
+ p = netlogon.data.samlogon.data.nt4.server;
DEBUG(10, ("NTLOGON_SAM_LOGON_REPLY: server: %s, user: %s, "
- "domain: %s\n", p, netlogon.samlogon.nt4.user_name,
- netlogon.samlogon.nt4.domain));
+ "domain: %s\n", p,
+ netlogon.data.samlogon.data.nt4.user_name,
+ netlogon.data.samlogon.data.nt4.domain));
if (*p == '\\') p += 1;
if (*p == '\\') p += 1;
diff --git a/source4/setup/provision_basedn_modify.ldif b/source4/setup/provision_basedn_modify.ldif
index 63332e937b..a7b501e8a8 100644
--- a/source4/setup/provision_basedn_modify.ldif
+++ b/source4/setup/provision_basedn_modify.ldif
@@ -77,4 +77,12 @@ subRefs: ${SCHEMADN}
replace: gPLink
gPLink: [LDAP://CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN};0]
-
+replace: wellKnownObjects
+wellKnownObjects: B:32:22b70c67d56e4efb91e9300fca3dc1aa:CN=ForeignSecurityPrincipals,${DOMAINDN}
+wellKnownObjects: B:32:2fbac1870ade11d297c400c04fd8d5cd:CN=Infrastructure,${DOMAINDN}
+wellKnownObjects: B:32:ab1d30f3768811d1aded00c04fd8d5cd:CN=System,${DOMAINDN}
+wellKnownObjects: B:32:a361b2ffffd211d1aa4b00c04fd7d83a:OU=Domain Controllers,${DOMAINDN}
+wellKnownObjects: B:32:aa312825768811d1aded00c04fd8d5cd:CN=Computers,${DOMAINDN}
+wellKnownObjects: B:32:a9d1ca15768811d1aded00c04fd8d5cd:CN=Users,${DOMAINDN}
+-
${DOMAINGUID_MOD}
diff --git a/source4/torture/ldap/cldap.c b/source4/torture/ldap/cldap.c
index 3730193c86..23b0554c4f 100644
--- a/source4/torture/ldap/cldap.c
+++ b/source4/torture/ldap/cldap.c
@@ -64,7 +64,7 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest)
n1 = search.out.netlogon;
search.in.user = "Administrator";
- search.in.realm = n1.nt5_ex.dns_domain;
+ search.in.realm = n1.data.nt5_ex.dns_domain;
search.in.host = "__cldap_torture__";
printf("Scanning for netlogon levels\n");
@@ -93,8 +93,8 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest)
search.in.user = NULL;
status = cldap_netlogon(cldap, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
- CHECK_STRING(search.out.netlogon.nt5_ex.user_name, "");
- CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
+ CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
+ CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
printf("Trying with User=Administrator\n");
@@ -102,8 +102,8 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest)
status = cldap_netlogon(cldap, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
- CHECK_STRING(search.out.netlogon.nt5_ex.user_name, search.in.user);
- CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX);
+ CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user);
+ CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX);
search.in.version = NETLOGON_NT_VERSION_5;
status = cldap_netlogon(cldap, tctx, &search);
@@ -114,8 +114,8 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest)
search.in.user = NULL;
status = cldap_netlogon(cldap, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
- CHECK_STRING(search.out.netlogon.nt5_ex.user_name, "");
- CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE);
+ CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
+ CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE);
printf("Trying with User=Administrator\n");
@@ -123,18 +123,18 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest)
status = cldap_netlogon(cldap, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
- CHECK_STRING(search.out.netlogon.nt5_ex.user_name, search.in.user);
- CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN);
+ CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user);
+ CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN);
search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
printf("Trying with a GUID\n");
search.in.realm = NULL;
- search.in.domain_guid = GUID_string(tctx, &n1.nt5_ex.domain_uuid);
+ search.in.domain_guid = GUID_string(tctx, &n1.data.nt5_ex.domain_uuid);
status = cldap_netlogon(cldap, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
- CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX);
- CHECK_STRING(GUID_string(tctx, &search.out.netlogon.nt5_ex.domain_uuid), search.in.domain_guid);
+ CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX);
+ CHECK_STRING(GUID_string(tctx, &search.out.netlogon.data.nt5_ex.domain_uuid), search.in.domain_guid);
printf("Trying with a incorrect GUID\n");
guid = GUID_random();
@@ -145,53 +145,53 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest)
printf("Trying with a AAC\n");
search.in.acct_control = ACB_WSTRUST|ACB_SVRTRUST;
- search.in.realm = n1.nt5_ex.dns_domain;
+ search.in.realm = n1.data.nt5_ex.dns_domain;
status = cldap_netlogon(cldap, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
- CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
- CHECK_STRING(search.out.netlogon.nt5_ex.user_name, "");
+ CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
+ CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
printf("Trying with a zero AAC\n");
search.in.acct_control = 0x0;
- search.in.realm = n1.nt5_ex.dns_domain;
+ search.in.realm = n1.data.nt5_ex.dns_domain;
status = cldap_netlogon(cldap, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
- CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
- CHECK_STRING(search.out.netlogon.nt5_ex.user_name, "");
+ CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
+ CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
printf("Trying with a zero AAC and user=Administrator\n");
search.in.acct_control = 0x0;
search.in.user = "Administrator";
- search.in.realm = n1.nt5_ex.dns_domain;
+ search.in.realm = n1.data.nt5_ex.dns_domain;
status = cldap_netlogon(cldap, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
- CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX);
- CHECK_STRING(search.out.netlogon.nt5_ex.user_name, "Administrator");
+ CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX);
+ CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "Administrator");
printf("Trying with a bad AAC\n");
search.in.user = NULL;
search.in.acct_control = 0xFF00FF00;
- search.in.realm = n1.nt5_ex.dns_domain;
+ search.in.realm = n1.data.nt5_ex.dns_domain;
status = cldap_netlogon(cldap, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
- CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
- CHECK_STRING(search.out.netlogon.nt5_ex.user_name, "");
+ CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
+ CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
printf("Trying with a user only\n");
search = empty_search;
search.in.user = "Administrator";
status = cldap_netlogon(cldap, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
- CHECK_STRING(search.out.netlogon.nt5_ex.dns_domain, n1.nt5_ex.dns_domain);
- CHECK_STRING(search.out.netlogon.nt5_ex.user_name, search.in.user);
+ CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
+ CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user);
printf("Trying with just a bad username\n");
search.in.user = "___no_such_user___";
status = cldap_netlogon(cldap, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
- CHECK_STRING(search.out.netlogon.nt5_ex.user_name, search.in.user);
- CHECK_STRING(search.out.netlogon.nt5_ex.dns_domain, n1.nt5_ex.dns_domain);
- CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX);
+ CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user);
+ CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
+ CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX);
printf("Trying with just a bad domain\n");
search = empty_search;
@@ -200,29 +200,29 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest)
CHECK_STATUS(status, NT_STATUS_NOT_FOUND);
printf("Trying with a incorrect domain and correct guid\n");
- search.in.domain_guid = GUID_string(tctx, &n1.nt5_ex.domain_uuid);
+ search.in.domain_guid = GUID_string(tctx, &n1.data.nt5_ex.domain_uuid);
status = cldap_netlogon(cldap, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
- CHECK_STRING(search.out.netlogon.nt5_ex.dns_domain, n1.nt5_ex.dns_domain);
- CHECK_STRING(search.out.netlogon.nt5_ex.user_name, "");
- CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
+ CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
+ CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
+ CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
printf("Trying with a incorrect domain and incorrect guid\n");
search.in.domain_guid = GUID_string(tctx, &guid);
status = cldap_netlogon(cldap, tctx, &search);
CHECK_STATUS(status, NT_STATUS_NOT_FOUND);
- CHECK_STRING(search.out.netlogon.nt5_ex.dns_domain, n1.nt5_ex.dns_domain);
- CHECK_STRING(search.out.netlogon.nt5_ex.user_name, "");
- CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
+ CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
+ CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
+ CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
printf("Trying with a incorrect GUID and correct domain\n");
search.in.domain_guid = GUID_string(tctx, &guid);
- search.in.realm = n1.nt5_ex.dns_domain;
+ search.in.realm = n1.data.nt5_ex.dns_domain;
status = cldap_netlogon(cldap, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
- CHECK_STRING(search.out.netlogon.nt5_ex.dns_domain, n1.nt5_ex.dns_domain);
- CHECK_STRING(search.out.netlogon.nt5_ex.user_name, "");
- CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
+ CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
+ CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
+ CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
return true;
}
@@ -255,9 +255,9 @@ static bool test_cldap_netlogon_flags(struct torture_context *tctx,
n1 = search.out.netlogon;
if (n1.ntver == NETLOGON_NT_VERSION_5)
- server_type = n1.nt5.server_type;
+ server_type = n1.data.nt5.server_type;
else if (n1.ntver == NETLOGON_NT_VERSION_5EX)
- server_type = n1.nt5_ex.server_type;
+ server_type = n1.data.nt5_ex.server_type;
printf("The word is: %i\n", server_type);
if (server_type & NBT_SERVER_PDC)
@@ -366,9 +366,9 @@ static bool test_cldap_netlogon_flag_ds_dns_forest(struct torture_context *tctx,
n1 = search.out.netlogon;
if (n1.ntver == NETLOGON_NT_VERSION_5)
- server_type = n1.nt5.server_type;
+ server_type = n1.data.nt5.server_type;
else if (n1.ntver == NETLOGON_NT_VERSION_5EX)
- server_type = n1.nt5_ex.server_type;
+ server_type = n1.data.nt5_ex.server_type;
if (server_type & NBT_SERVER_DS_DNS_FOREST) {
struct cldap_search search2;
diff --git a/source4/torture/nbt/dgram.c b/source4/torture/nbt/dgram.c
index eac2b1fe30..5d26d65e0c 100644
--- a/source4/torture/nbt/dgram.c
+++ b/source4/torture/nbt/dgram.c
@@ -148,7 +148,7 @@ static bool nbt_test_netlogon(struct torture_context *tctx)
torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet");
torture_assert(tctx, response->response_type == NETLOGON_GET_PDC, "Got incorrect type of netlogon response");
- torture_assert(tctx, response->get_pdc.command == NETLOGON_RESPONSE_FROM_PDC, "Got incorrect netlogon response command");
+ torture_assert(tctx, response->data.get_pdc.command == NETLOGON_RESPONSE_FROM_PDC, "Got incorrect netlogon response command");
return true;
}
@@ -243,10 +243,10 @@ static bool nbt_test_netlogon2(struct torture_context *tctx)
torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet");
torture_assert_int_equal(tctx, response->response_type, NETLOGON_SAMLOGON, "Got incorrect type of netlogon response");
- map_netlogon_samlogon_response(&response->samlogon);
+ map_netlogon_samlogon_response(&response->data.samlogon);
- torture_assert_int_equal(tctx, response->samlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX, "Got incorrect netlogon response command");
- torture_assert_int_equal(tctx, response->samlogon.nt5_ex.nt_version, NETLOGON_NT_VERSION_5EX_WITH_IP|NETLOGON_NT_VERSION_5EX|NETLOGON_NT_VERSION_1, "Got incorrect netlogon response command");
+ torture_assert_int_equal(tctx, response->data.samlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX, "Got incorrect netlogon response command");
+ torture_assert_int_equal(tctx, response->data.samlogon.data.nt5_ex.nt_version, NETLOGON_NT_VERSION_5EX_WITH_IP|NETLOGON_NT_VERSION_5EX|NETLOGON_NT_VERSION_1, "Got incorrect netlogon response command");
/* setup (another) temporary mailslot listener for replies */
dgmslot = dgram_mailslot_temp(dgmsock, NBT_MAILSLOT_GETDC,
@@ -282,11 +282,11 @@ static bool nbt_test_netlogon2(struct torture_context *tctx)
torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet");
torture_assert_int_equal(tctx, response->response_type, NETLOGON_SAMLOGON, "Got incorrect type of netlogon response");
- map_netlogon_samlogon_response(&response->samlogon);
+ map_netlogon_samlogon_response(&response->data.samlogon);
- torture_assert_int_equal(tctx, response->samlogon.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN, "Got incorrect netlogon response command");
+ torture_assert_int_equal(tctx, response->data.samlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN, "Got incorrect netlogon response command");
- torture_assert_str_equal(tctx, response->samlogon.nt5_ex.user_name, TEST_NAME"$", "Got incorrect user in netlogon response");
+ torture_assert_str_equal(tctx, response->data.samlogon.data.nt5_ex.user_name, TEST_NAME"$", "Got incorrect user in netlogon response");
join_ctx = torture_join_domain(tctx, TEST_NAME,
ACB_WSTRUST, &machine_credentials);
@@ -333,9 +333,9 @@ static bool nbt_test_netlogon2(struct torture_context *tctx)
torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet");
torture_assert_int_equal(tctx, response->response_type, NETLOGON_SAMLOGON, "Got incorrect type of netlogon response");
- map_netlogon_samlogon_response(&response->samlogon);
+ map_netlogon_samlogon_response(&response->data.samlogon);
- torture_assert_int_equal(tctx, response->samlogon.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN, "Got incorrect netlogon response command");
+ torture_assert_int_equal(tctx, response->data.samlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN, "Got incorrect netlogon response command");
/* setup (another) temporary mailslot listener for replies */
dgmslot = dgram_mailslot_temp(dgmsock, NBT_MAILSLOT_GETDC,
@@ -374,9 +374,9 @@ static bool nbt_test_netlogon2(struct torture_context *tctx)
torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet");
torture_assert_int_equal(tctx, response->response_type, NETLOGON_SAMLOGON, "Got incorrect type of netlogon response");
- map_netlogon_samlogon_response(&response->samlogon);
+ map_netlogon_samlogon_response(&response->data.samlogon);
- torture_assert_int_equal(tctx, response->samlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE, "Got incorrect netlogon response command");
+ torture_assert_int_equal(tctx, response->data.samlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE, "Got incorrect netlogon response command");
dgmslot->private = NULL;
@@ -413,9 +413,9 @@ static bool nbt_test_netlogon2(struct torture_context *tctx)
torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet");
torture_assert_int_equal(tctx, response->response_type, NETLOGON_SAMLOGON, "Got incorrect type of netlogon response");
- map_netlogon_samlogon_response(&response->samlogon);
+ map_netlogon_samlogon_response(&response->data.samlogon);
- torture_assert_int_equal(tctx, response->samlogon.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN, "Got incorrect netlogon response command");
+ torture_assert_int_equal(tctx, response->data.samlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN, "Got incorrect netlogon response command");
torture_leave_domain(tctx, join_ctx);
return true;
@@ -522,11 +522,11 @@ static bool nbt_test_ntlogon(struct torture_context *tctx)
torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet");
torture_assert_int_equal(tctx, response->response_type, NETLOGON_SAMLOGON, "Got incorrect type of netlogon response");
- map_netlogon_samlogon_response(&response->samlogon);
+ map_netlogon_samlogon_response(&response->data.samlogon);
- torture_assert_int_equal(tctx, response->samlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE, "Got incorrect netlogon response command");
+ torture_assert_int_equal(tctx, response->data.samlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE, "Got incorrect netlogon response command");
- torture_assert_str_equal(tctx, response->samlogon.nt5_ex.user_name, TEST_NAME"$", "Got incorrect user in netlogon response");
+ torture_assert_str_equal(tctx, response->data.samlogon.data.nt5_ex.user_name, TEST_NAME"$", "Got incorrect user in netlogon response");
/* setup a temporary mailslot listener for replies */
@@ -566,11 +566,11 @@ static bool nbt_test_ntlogon(struct torture_context *tctx)
torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet");
torture_assert_int_equal(tctx, response->response_type, NETLOGON_SAMLOGON, "Got incorrect type of netlogon response");
- map_netlogon_samlogon_response(&response->samlogon);
+ map_netlogon_samlogon_response(&response->data.samlogon);
- torture_assert_int_equal(tctx, response->samlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE, "Got incorrect netlogon response command");
+ torture_assert_int_equal(tctx, response->data.samlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE, "Got incorrect netlogon response command");
- torture_assert_str_equal(tctx, response->samlogon.nt5_ex.user_name, TEST_NAME"$", "Got incorrect user in netlogon response");
+ torture_assert_str_equal(tctx, response->data.samlogon.data.nt5_ex.user_name, TEST_NAME"$", "Got incorrect user in netlogon response");
/* setup (another) temporary mailslot listener for replies */
@@ -606,7 +606,7 @@ static bool nbt_test_ntlogon(struct torture_context *tctx)
torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet");
torture_assert_int_equal(tctx, response->response_type, NETLOGON_GET_PDC, "Got incorrect type of ntlogon response");
- torture_assert_int_equal(tctx, response->get_pdc.command, NETLOGON_RESPONSE_FROM_PDC, "Got incorrect ntlogon response command");
+ torture_assert_int_equal(tctx, response->data.get_pdc.command, NETLOGON_RESPONSE_FROM_PDC, "Got incorrect ntlogon response command");
torture_leave_domain(tctx, join_ctx);
@@ -643,7 +643,7 @@ static bool nbt_test_ntlogon(struct torture_context *tctx)
torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet");
torture_assert_int_equal(tctx, response->response_type, NETLOGON_GET_PDC, "Got incorrect type of ntlogon response");
- torture_assert_int_equal(tctx, response->get_pdc.command, NETLOGON_RESPONSE_FROM_PDC, "Got incorrect ntlogon response command");
+ torture_assert_int_equal(tctx, response->data.get_pdc.command, NETLOGON_RESPONSE_FROM_PDC, "Got incorrect ntlogon response command");
return true;
diff --git a/source4/torture/rpc/dssync.c b/source4/torture/rpc/dssync.c
index df16c860cb..41bb168619 100644
--- a/source4/torture/rpc/dssync.c
+++ b/source4/torture/rpc/dssync.c
@@ -310,14 +310,14 @@ static bool test_GetInfo(struct torture_context *tctx, struct DsSyncTest *ctx)
ctx->site_name = talloc_asprintf(ctx, "%s", "Default-First-Site-Name");
printf("cldap_netlogon() returned %s. Defaulting to Site-Name: %s\n", errstr, ctx->site_name);
} else {
- ctx->site_name = talloc_steal(ctx, search.out.netlogon.nt5_ex.client_site);
+ ctx->site_name = talloc_steal(ctx, search.out.netlogon.data.nt5_ex.client_site);
printf("cldap_netlogon() returned Client Site-Name: %s.\n",ctx->site_name);
- printf("cldap_netlogon() returned Server Site-Name: %s.\n",search.out.netlogon.nt5_ex.server_site);
+ printf("cldap_netlogon() returned Server Site-Name: %s.\n",search.out.netlogon.data.nt5_ex.server_site);
}
if (!ctx->domain_dn) {
struct ldb_context *ldb = ldb_init(ctx, tctx->ev);
- struct ldb_dn *dn = samdb_dns_domain_to_dn(ldb, ctx, search.out.netlogon.nt5_ex.dns_domain);
+ struct ldb_dn *dn = samdb_dns_domain_to_dn(ldb, ctx, search.out.netlogon.data.nt5_ex.dns_domain);
ctx->domain_dn = ldb_dn_alloc_linearized(ctx, dn);
talloc_free(dn);
talloc_free(ldb);