summaryrefslogtreecommitdiff
path: root/source4/torture/rpc/dssync.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r25554: Convert last instances of BOOL, True and False to the standard types.Jelmer Vernooij1-30/+30
(This used to be commit 566aa14139510788548a874e9213d91317f83ca9)
2007-10-10r25430: Add the loadparm context to all parametric options.Jelmer Vernooij1-14/+14
(This used to be commit fd697d77c9fe67a00939a1f04b35c451316fff58)
2007-10-10r25398: Parse loadparm context to all lp_*() functions.Jelmer Vernooij1-1/+1
(This used to be commit 3fcc960839c6e5ca4de2c3c042f12f369ac5f238)
2007-10-10r25035: Fix some more warnings, use service pointer rather than service ↵Jelmer Vernooij1-16/+16
number in more places. (This used to be commit df9cebcb97e20564359097148665bd519f31bc6f)
2007-10-10r25026: Move param/param.h out of includes.hJelmer Vernooij1-0/+1
(This used to be commit abe8349f9b4387961ff3665d8c589d61cd2edf31)
2007-10-10r24557: rename 'dcerpc_table_' -> 'ndr_table_'Stefan Metzmacher1-1/+1
metze (This used to be commit 84651aee81aaabbebf52ffc3fbcbabb2eec6eed5)
2007-10-10r24146: It is not an error for a Win2k3-only server not to support the NT4Andrew Bartlett1-0/+3
replication call. Andrew Bartlett (This used to be commit 59cba32c09f5b014788e4fb0479ed31f26a3d7e2)
2007-10-10r23792: convert Samba4 to GPLv3Andrew Tridgell1-3/+2
There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-10-10r22396: remove unused varsStefan Metzmacher1-4/+0
metze (This used to be commit ff3ad7e5db64a27ec95475c40be094c7d69ae008)
2007-10-10r22086: Bail out early on some of these failures.Andrew Bartlett1-0/+9
(This used to be commit 8311bdfde92a9efe7730ed4a0f5f70f8e0d25ef6)
2007-10-10r21337: add hack option to use DsGetNCChanges level 5 against w2kStefan Metzmacher1-0/+2
metze (This used to be commit 66c8499e5f2f139995be8cb5770d238f383059d6)
2007-10-10r21335: add dssync:save_pwd_blobs_dir=path/ option to store the password blobsStefan Metzmacher1-2/+22
in files for inspection with ndrdump metze (This used to be commit 54748ef5860ee59b5f84855965c84aa8787fb4b6)
2007-10-10r21272: in the history fields each hash is rid crypted on its ownStefan Metzmacher1-46/+16
metze (This used to be commit 922cfacde4dcf27829040e12c7fae083bd5b44c2)
2007-10-10r21267: the first 4 bytes in each encrypted attribute is the crc32Stefan Metzmacher1-9/+30
checksum over the remaining bytes metze (This used to be commit c9fe6a867c7e23a60e0f9200b04c31e48ccc11a2)
2007-10-10r21261: add support for getting to the plain nthash (and I assume others too)Stefan Metzmacher1-12/+74
I wonder what the first 4 bytes are, but the last 16 bytes of the 20 bytes are the rid crypted hash. The lmhash and the history fields are not verified yet. But I get the administrators nthash in plain. metze (This used to be commit 7726d4a0272b29a4eade26c9ae3d929df50897da)
2007-10-10r21245: combination "c[3] s[1] e[1] d[0]..." was ↵Stefan Metzmacher1-266/+75
successful!!!!!!!!!!!!!!!!!!!!!!!!!! we now support the session depended password attribute encryption used in DsGetNCChanges() the static encryption (something like sam_rid_crypt() is assumed for some attributes and the format of the attribute values isn't known yet, but some contain some unicode strings... metze (This used to be commit daee739ebba38e54fbdbd7e53d16fd30bc0dd54e)
2007-10-10r21244: fix typo...Stefan Metzmacher1-1/+1
I was wondering why I got allways 4 times the same decrypted buffer... metze (This used to be commit ba168479d5c5710de4252d9b8970ab41b7979411)
2007-10-10r21243: create the infrastructure to test a lot of crypto combinationsStefan Metzmacher1-1/+248
to solve the drsuapi password encryption automaticly. metze (This used to be commit 7b331b95bf43384e571ecc88ac827f46acd8c20c)
2007-10-10r21242: prepare trying to decrypt the encrypted attributesStefan Metzmacher1-5/+28
metze (This used to be commit 65a55c8fdecbc212ba2fc2a01c580f30dcc7b54a)
2007-10-10r21236: store and orint the dcerpc session key, gensec session key and user ↵Stefan Metzmacher1-1/+25
nthash values for each drsuapi connection in RPC-DSSYNC metze (This used to be commit df74c4a88108bd4387d9be4f64619c46c23493e6)
2007-10-10r21235: fix crash bugStefan Metzmacher1-0/+2
metze (This used to be commit 29c44957a0ea16af3e5e3717d2cb0c9180d394c2)
2007-10-10r20676: Add ref pointer to fix warning.Jelmer Vernooij1-8/+8
(This used to be commit 1afcf850679b6752935455a8f9198679649922b8)
2007-10-10r20514: implement idl for DsGetNT4ChangeLog() which transferres the meta dataStefan Metzmacher1-0/+59
for NT4 DC's in mixed mode domains. This call is triggered by tranferring the PDC FSMO Role to another DC the real meta data is encoded in the user buffer which is just a DATA_BLOB in idl metze (This used to be commit d883815c8d64429e4dac26a93a15e67d31dc263e)
2007-10-10r20504: we handle the attribute values always as DATA_BLOB's andStefan Metzmacher1-3/+3
don't need the union with the attribute id as switch anymore metze (This used to be commit d47c81923d0731edd314215c6f0b2eb3d1ee252d)
2007-10-10r20396: Missed one user of the renamed elements.Andrew Bartlett1-2/+2
Andrew Bartlett (This used to be commit a7c83eb7b8e000c51790a9eae67c59c04a4a877c)
2007-10-10r20251: I found out that the oid-prefix to uint32-id-prefix mapping is ↵Stefan Metzmacher1-2/+2
transferred in replication replies, but I don't know the exact encoding. for example the oids are transferred as: 2.5.4 => uint8_t v[] = { 0x55, 0x04 }; 2.5.5 => uint8_t v[] = { 0x55, 0x05 }; 2.5.6 => uint8_t v[] = { 0x55, 0x06 }; 2.5.18 => uint8_t v[] = { 0x55, 0x12 }; 2.5.20 => uint8_t v[] = { 0x55, 0x14 }; 2.5.21 => uint8_t v[] = { 0x55, 0x15 }; 1.2.840.113556.1.2 => uint8_t v[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x14, 0x01, 0x02 }; 1.2.840.113556.1.3 => uint8_t v[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x14, 0x01, 0x03 }; 1.2.840.113556.1.4 => uint8_t v[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x14, 0x01, 0x04 }; 1.2.840.113556.1.5 => uint8_t v[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x14, 0x01, 0x05 }; 1.2.840.113556.1.5.7000 => uint8_t v[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x14, 0x01, 0x05, 0xb6, 0x58 }; 1.2.840.113549.1.9 => uint8_t v[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09 }; 2.16.840.1.113730.3 => uint8_t v[] = { 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x03 }; 2.16.840.1.113730.3.1 => uint8_t v[] = { 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x03, 0x01 }; 2.16.840.1.113730.3.2 => uint8_t v[] = { 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x03, 0x02 }; 0.9.2342.19200300.100.1 => uint8_t v[] = { 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01 }; 0.9.2342.19200300.100.4 => uint8_t v[] = { 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x04 }; 1.3.6.1.4.1.250.1 => uint8_t v[] = { 0x2b, 0x06, 0x01, 0x04, 0x01, 0x81, 0x7a, 0x01 }; 1.3.6.1.4.1.1466.101.119=> uint8_t v[] = { 0x2b, 0x06, 0x01, 0x04, 0x01, 0x8b, 0x3a, 0x65, 0x77 }; if someone knows how the encoding works, please tell me:-) I assume some ASN.1 encoding... metze (This used to be commit aa720a15319392fee5c532959192d0df5bf4c718)
2007-10-10r20079: the 2nd guid is the source_dsa invocation_id not the objectGUID,Stefan Metzmacher1-2/+2
this wasn't noticed because on the 1st dc in the forest both have the same value metze (This used to be commit 527bd9a0a361e19606e25e885b92da316e740bf9)
2007-10-10r19967: this unknowns are max_object_count and max_ndr_sizeStefan Metzmacher1-7/+6
metze (This used to be commit 3e6264d872e4fc39a8e0712293492ad413345de9)
2007-10-10r19699: - use better names for the site stringsStefan Metzmacher1-2/+3
- use the client_site when creating the server object metze (This used to be commit b02d0e1be343c7d609715237dc842702b6fbe231)
2007-10-10r19462: This isn't an encrypted attribute.Andrew Bartlett1-3/+0
Andrew Bartlett (This used to be commit 12765db714de9e0fed61e6616b3671d525ee3bef)
2007-10-10r17442: print out credentials on the "secret" objectClass and "trustedDomain"Stefan Metzmacher1-0/+18
objectclass metze (This used to be commit af1efa0c790a86f68bd7f761b22478895bfdaaea)
2007-10-10r14720: Add torture_context argument to all torture testsJelmer Vernooij1-1/+2
(This used to be commit 3c7a5ce29108dd82210dc3e1f00414f545949e1d)
2007-10-10r14470: Remove some unnecessary headers.Jelmer Vernooij1-1/+0
(This used to be commit f7312dab3b9aba2b2b82e8a6e0c483a32a03a63a)
2007-10-10r14402: Generate seperate headers for RPC client functions.Jelmer Vernooij1-0/+1
(This used to be commit 7054ebf0249930843a2baf4d023ae8f62cedb109)
2007-10-10r14379: Build torture/rpc/ as a seperate smbtorture module. Move helperJelmer Vernooij1-0/+1
functions for rpc out of torture/torture.c (This used to be commit 1d2d970f3b8aef3f36c2befb94b5dd72c0086639)
2007-10-10r13346: use private proto header files for the torture testsStefan Metzmacher1-0/+1
metze (This used to be commit 67837dbd2bcff8ec1917ba02884ee2eaa0776b46)
2007-10-10r12608: Remove some unused #include lines.Jelmer Vernooij1-4/+0
(This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981)
2007-10-10r12510: Change the DCE/RPC interfaces to take a pointer to aJelmer Vernooij1-2/+1
dcerpc_interface_table struct rather then a tuple of interface name, UUID and version. This removes the requirement for having a global list of DCE/RPC interfaces, except for these parts of the code that use that list explicitly (ndrdump and the scanner torture test). This should also allow us to remove the hack that put the authservice parameter in the dcerpc_binding struct as it can now be read directly from dcerpc_interface_table. I will now modify some of these functions to take a dcerpc_syntax_id structure rather then a full dcerpc_interface_table. (This used to be commit 8aae0f168e54c01d0866ad6e0da141dbd828574f)
2007-10-10r11968: More warning fixes. We're on track to getting to double digits forTim Potter1-2/+2
the number of warnings generated now. (This used to be commit d479f2d7607adc698d71c5ba26932c72a26dcaab)
2007-10-10r11967: Fix more 64-bit warnings.Tim Potter1-8/+8
(This used to be commit 9c4436a124f874ae240feaf590141d48c33a635f)
2007-10-10r11187: in case the msDS-KeyVersionNumber is replicated (I didn't assume ↵Stefan Metzmacher1-0/+3
this...) show the string in the debug output, and show it with --option="dssync:print_pwd_blobs=yes" metze (This used to be commit 98c1e8e3df90c05691a12bb25357fd75da419c5c)
2007-10-10r11185: - resolve attid for "supplementalCredentials" into a nameStefan Metzmacher1-0/+3
- print "supplementalCredentials" also when --option="dssync:print_pwd_blobs=yes" is used abartlet: this field may contain the krb5 keys... metze (This used to be commit 26c69348ca3ae10128df9832f8b4d9c1024631e2)
2007-10-10r10991: - create always a valid bind_info28 blocks, so that we don't need to ↵Stefan Metzmacher1-45/+100
work with unions in the main code - loop also in level 1,2 replies metze (This used to be commit c3276bd169961d04f2bd541e6b73ee40df016c3d)
2007-10-10r10988: print out the password blobs, withStefan Metzmacher1-0/+57
--option="dssync:print_pwd_blobs=yes" metze (This used to be commit b06de6d39cd21d5096e4041e218370263d8096b0)
2007-10-10r10986: loop also when we use mszip compressionStefan Metzmacher1-4/+17
metze (This used to be commit e32488667c59c30d66528e8fa31c55037f36cd01)
2007-10-10r10871: make xpress compression choosable, by --option="dssync:xpress=yes",Stefan Metzmacher1-1/+29
default is to not use it, as it's currently not supported metze (This used to be commit 2fb79e24228a47edcb7e1e12fb73def523b0400b)
2007-10-10r10865: merge branches/SOC/SAMBA_4_0 into main the main SAMBA_4_0 treeStefan Metzmacher1-0/+410
metze r8017@SERNOX: metze | 2005-06-30 13:44:23 +0200 create the SAMBA_4_0 branch for the Summer Of Code Project metze r8730@SERNOX: brad | 2005-07-24 03:09:48 +0200 Branching Samba 4 r8731@SERNOX: brad | 2005-07-24 06:39:00 +0200 added 'make installmisc' to howto.txt added existing 'compression' option to level8 drsuapi torture test added new 'neighbour_writeable' option to level8 drsuapi torture test r8732@SERNOX: brad | 2005-07-24 06:42:38 +0200 added metze's dssync patch as source/torture/rpc/dssync.c r8739@SERNOX: brad | 2005-07-25 00:24:46 +0200 added a test called RPC-DSSYNC to config.mk hacking at dssync.c in an attempt to make it compile r8754@SERNOX: brad | 2005-07-25 15:19:21 +0200 Changing dssync.c to use ldb routines for accessing ldap rather than raw ldap calls. r8765@SERNOX: brad | 2005-07-26 03:35:38 +0200 more ldb changes to test_CompleteJoin(), it mostly kind of almost works now! r8766@SERNOX: brad | 2005-07-26 03:56:00 +0200 Trying to fix the crazy nesting in the branch r8769@SERNOX: brad | 2005-07-26 04:48:29 +0200 merging latest changes r8770@SERNOX: brad | 2005-07-26 04:53:43 +0200 removing nested branch r8793@SERNOX: jerry | 2005-07-27 05:04:57 +0200 merging on of Brad missing changes from the nested 4.0 branch debacle r8794@SERNOX: jerry | 2005-07-27 05:14:42 +0200 syncing up with the main 4_0 branch for Brad r8842@SERNOX: brad | 2005-07-29 00:26:30 +0200 merging changes from branches/SAMBA_4_0 r8850@SERNOX: brad | 2005-07-29 21:07:57 +0200 Bringing my tree up to date r8851@SERNOX: brad | 2005-07-30 00:48:04 +0200 making dssync.c more ldb-centric, reverted samlogon.c from rev. 8845 to get my branch to compile again. r8856@SERNOX: brad | 2005-07-30 03:20:33 +0200 I think I have the ldb code down in test_CompleteJoin (not complete yet though) r8860@SERNOX: brad | 2005-07-30 07:08:13 +0200 Changed comments to C style /**/ (thanks Richard), some more changes to test_CompleteJoin(). r8862@SERNOX: brad | 2005-07-31 04:45:32 +0200 Bringing the SOC/SAMBA_4_0 branch up to date. r8863@SERNOX: brad | 2005-07-31 20:00:41 +0200 Updated some missing files from the branch r8864@SERNOX: brad | 2005-07-31 20:25:50 +0200 Removing autogenerated files from branch r8865@SERNOX: brad | 2005-07-31 20:43:58 +0200 last of the unneeded files in SOC/SAMBA_4_0 r9004@SERNOX: brad | 2005-08-03 18:51:23 +0200 r5214@buttercup: j0j0 | 2005-08-03 10:44:30 -0600 r@buttercup: j0j0 | 2005-08-02 22:54:13 -0600 creating a local branch of branches/SAMBA_4_0 r9013@SERNOX: brad | 2005-08-03 20:57:48 +0200 r5228@buttercup: j0j0 | 2005-08-03 13:00:11 -0600 Fixing differences between this branch and /branches/SAMBA_4_0 r9014@SERNOX: brad | 2005-08-03 21:18:05 +0200 r5231@buttercup: j0j0 | 2005-08-03 13:23:12 -0600 Updating config.mk so that smbtorture builds again r9061@SERNOX: brad | 2005-08-04 18:17:36 +0200 r5249@buttercup: j0j0 | 2005-08-03 21:01:02 -0600 Start using libnet_Join() for DC join. r9062@SERNOX: brad | 2005-08-04 18:17:47 +0200 r5250@buttercup: j0j0 | 2005-08-04 10:21:34 -0600 Some more work towards performing a dc join. r9064@SERNOX: brad | 2005-08-04 18:53:51 +0200 r5253@buttercup: j0j0 | 2005-08-04 10:53:00 -0600 Fixed a bug (passing a TALLOC_CTX to libnet_context_init() ) r9069@SERNOX: brad | 2005-08-04 21:59:55 +0200 r5279@buttercup: j0j0 | 2005-08-04 14:04:55 -0600 Some more work on the domain join r9117@SERNOX: brad | 2005-08-05 16:50:26 +0200 r5281@buttercup: j0j0 | 2005-08-05 08:55:58 -0600 Committing minor changes before merge r9180@SERNOX: brad | 2005-08-07 17:25:25 +0200 r5314@buttercup: j0j0 | 2005-08-07 09:30:12 -0600 Reworked libnet_join to use two join levels, AUTOMATIC and SPECIFIED. r9181@SERNOX: brad | 2005-08-07 17:25:36 +0200 r5315@buttercup: j0j0 | 2005-08-07 09:31:22 -0600 Working with libnet_Join(), code cleanup needed in the near future. r9192@SERNOX: brad | 2005-08-07 21:40:22 +0200 r5373@buttercup: j0j0 | 2005-08-07 13:46:09 -0600 Some code cleanup to make things a little more readable. r9249@SERNOX: brad | 2005-08-12 01:31:48 +0200 r5375@buttercup: j0j0 | 2005-08-11 17:38:44 -0600 Split libnet_JoinDomain() into libnet_JoinDomain() and libnet_JoinADSDomain(). r9256@SERNOX: brad | 2005-08-12 04:55:11 +0200 r5413@buttercup: j0j0 | 2005-08-11 21:02:27 -0600 Clean up libnet_JoinADSDomain() a little, added a comment to the test_join struct. r9314@SERNOX: brad | 2005-08-16 03:53:20 +0200 r5436@buttercup: j0j0 | 2005-08-15 20:01:21 -0600 libnet_JoinDomain() should honour LIBNET_JOIN_TORTURE now. torture_join_domain() should properly use libnet_JoinDomain(). dssync.c uses torture_join_domain() again. r9351@SERNOX: brad | 2005-08-17 07:15:31 +0200 r5438@buttercup: j0j0 | 2005-08-16 23:23:58 -0600 Removed LIBNET_JOIN_TORTURE level, as it became unnecessary once libnet_Join_primary_domain() handled netbios names better. Corrected libnet_JoinDomain() and libnet_JoinADSDomain(). r9352@SERNOX: brad | 2005-08-17 07:24:49 +0200 r5440@buttercup: j0j0 | 2005-08-16 23:33:25 -0600 Fixed a typo. r9354@SERNOX: metze | 2005-08-17 10:28:25 +0200 remove object files from svn metze r9376@SERNOX: brad | 2005-08-18 05:15:48 +0200 r5476@buttercup: j0j0 | 2005-08-17 21:24:33 -0600 Proof that I shouldn't code when i'm tired (silly bugfixes). r9405@SERNOX: brad | 2005-08-19 22:50:10 +0200 r5500@buttercup: j0j0 | 2005-08-19 14:56:25 -0600 Get dssync.c compiling again after merge (ldb_dn changes from rev. 9391). r9407@SERNOX: brad | 2005-08-20 03:22:42 +0200 r5502@buttercup: j0j0 | 2005-08-19 19:28:22 -0600 libnet/libnet_join.c Some more fixes so ldb uses ldb_dn's. torture/rpc/dssync.c Some debugging printf()'s. ldb_dn fixes. torture/rpc/testjoin.c Change torture_join_domain() to use libnet_JoinDomain() rather than libnet_Join(). Some more debugging statements. I'm not sure why, but GUID_all_zero(user_handle.uuid) is returning true in torture_leave_domain() when called it from torture_destroy_context() in torture/rpc/dssync.c. That's what i'm working out now. r9427@SERNOX: brad | 2005-08-20 18:38:29 +0200 r5504@buttercup: j0j0 | 2005-08-20 10:44:52 -0600 Some bugfixes. Removed a bunch of debugging code. torture_leave_domain() works again! not 100% perfect yet though... r9428@SERNOX: brad | 2005-08-20 19:09:26 +0200 r5506@buttercup: j0j0 | 2005-08-20 11:15:54 -0600 Restructure torture_join_domain() so that it joins itself, removes itself, and joins itself to the domain again to ensure that its account information is all current and as expected. r9452@SERNOX: brad | 2005-08-21 19:33:51 +0200 r5508@buttercup: j0j0 | 2005-08-21 11:40:36 -0600 Bugfixes, trying to get things straight between contexts. r9467@SERNOX: brad | 2005-08-22 04:00:48 +0200 r5510@buttercup: j0j0 | 2005-08-21 20:06:55 -0600 Another round of bugfixing. r9521@SERNOX: brad | 2005-08-23 15:26:44 +0200 r5596@buttercup: j0j0 | 2005-08-23 07:33:06 -0600 Merging changes r9524@SERNOX: metze | 2005-08-23 16:09:42 +0200 - fix the build caused by changes in the main samba4 tree, - add an option "dssync:german=yes" to allow me to run against my german w2k3 server this should be replaces by CLDAP calls to get the Default-First-Site-Name dynamicly - remove some temporary comments, as DsAddEntry works now metze r9528@SERNOX: metze | 2005-08-23 18:22:22 +0200 the RPC-DSSYNC test is now able to fetch the whole tree, including the unicodePwd, ntPwdHistory fields metze r9559@SERNOX: brad | 2005-08-24 04:11:47 +0200 r5612@buttercup: j0j0 | 2005-08-23 20:19:12 -0600 Some fixes around using talloc in a hierarchical fashion. Still not right, but better. r9564@SERNOX: brad | 2005-08-24 05:43:11 +0200 r5614@buttercup: j0j0 | 2005-08-23 21:50:38 -0600 Gave libnet_JoinADSDomain() its own tmp_ctx rather than passing it from libnet_JoinDomain() as a parameter (yuk). As a side effect, it proves that my bug lies in libnet_JoinDomain(), not libnet_JoinADSDomain(). r9565@SERNOX: brad | 2005-08-24 06:09:46 +0200 r5616@buttercup: j0j0 | 2005-08-23 22:17:12 -0600 Small fix, if r->out.error_string and r2->samr_handle.out.error_string weren't set to NULL, torture_join_domain() would segfault on the second join. r9630@SERNOX: brad | 2005-08-26 06:42:50 +0200 Commented out the parts of the dssync test which perform the dc join and create/remove associated ldap entries. Commented out the test for the 'german' dssync option, because now we detect the Site-Name using CLDAP. If cldap_netlogon() does not return ok, the code defaults to 'Default-First-Site-Name'. r9670@SERNOX: brad | 2005-08-27 02:30:11 +0200 Added a patch from metze. To showcase what i've learned today, i've created two new parameters which can be set at runtime, drsuapi:last_usn and drsuapi:partition. drsuapi:last_usn takes an integer representing the USN of the last recieved replication update for a particular partition (uses the domain dn if drsuapi:parition isn't set). That value is passed in the DsGetNCChanges() call so that only info which has been updated since that point in time is returned. If this option is not set, 0 is used by default, and all updates for that partition are returned. drsuapi:partition takes a string dn and uses that as the name of the AD partition to replicate. Some debugging output was also added. r9723@SERNOX: brad | 2005-08-29 01:07:51 +0200 Added some copyright notices. Changed some things in net_join.c to try and figure out why 'net join <domain> bdc' segfaults. It occurs when the last talloc_free() happens, so i'm sure it's something to do with the memory fiddling i'm doing in libnet_join. Added some drsuapi attribute ids that I figured out today. I put some (many, dry) notes together while doing that, so i'll try to put them up on a blog at samba.org a little later tonight. r9740@SERNOX: metze | 2005-08-29 16:58:03 +0200 fix up the DsGetNCchanges loop, and remove misleading comments metze r9743@SERNOX: metze | 2005-08-29 17:26:45 +0200 make the logic a bit clearer metze r9815@SERNOX: brad | 2005-08-31 02:36:21 +0200 Added cldap_netlogon() AD Site-Name lookup into libnet/libnet_join.c. Bugfixing rampage in libnet_join.c to resolve misunderstanding of talloc_steal(). libnet_join now creates the CN=<netbios name>,CN=Servers,CN=<site name>,CN=Sites,CN=Configuration,<domain dn> container on a dc join. r9858@SERNOX: brad | 2005-09-01 03:17:17 +0200 Removed extraneous NDR_ALL subsystem requirement from torture/config.mk. Added lots of error checking as per metze's advice. Removed commented out code. More bug chasing. r9863@SERNOX: brad | 2005-09-01 05:53:19 +0200 Cleaned up dssync.c, removed the unneeded DsCrackNames() call, removed DC join/leave related stuff. It no longer looks like my house does! r9887@SERNOX: metze | 2005-09-01 11:34:03 +0200 - fix dssync:highest_usn parameter handling - ask for LINKED_ATTRIBUTE replication metze r9891@SERNOX: metze | 2005-09-01 14:13:18 +0200 make the code more readable, and fix a few bugs metze r9911@SERNOX: brad | 2005-09-01 20:36:27 +0200 Bugfixes in libnet_join.c. Cleaned up comments. Added domain_dn_str and account_dn_str to struct libnet_JoinDomain. Removed struct dcerpc_pipe *samr_pipe and struct policy_handle user_handle from struct libnet_Join. r9920@SERNOX: brad | 2005-09-01 23:34:13 +0200 Added disclaimer (I can't seem to get libnet_JoinDomain() to keep the samr_pipe and u_handle open past the function call, grrrr....). r9921@SERNOX: brad | 2005-09-01 23:37:54 +0200 Added copyright statement. Cleaned up unneeded variables from torture_join_domain(). r9932@SERNOX: brad | 2005-09-02 01:49:42 +0200 Really rushed project notes. r10841@SERNOX: metze | 2005-10-08 20:01:45 +0200 remove diff to main SAMBA_4_0 branch metze r10862@SERNOX: metze | 2005-10-10 10:31:52 +0200 remove the differences between SAMBA_4_0 and SOC/SAMBA_4_0 metze r10863@SERNOX: metze | 2005-10-10 10:34:26 +0200 fix the build metze r10864@SERNOX: metze | 2005-10-10 11:10:08 +0200 remove README file to reduce, diffs to main SAMBA_4_0 branch: metze README: This project was centered around adding a torture test to Samba 4, which used drsuapi_DsGetNCChanges() to retrieve the contents of an Active Directory in the same manner as an Active Directory DC replication event. As the project unfolded, I also applied some changes to the functionality of the libnet library related to joining a machine account to a domain. One of the first things that I implemented in this project was a 'neighbour_writeable' option for the RPC-DRSUAPI torture test. The command line to execute this torture test is as follows: smbtorture --option=drsuapi:neighbour_writeable=True -W <domain name> -U <admin username>%<password> ncacn_ip_tcp:<domain controller dns name> RPC-DRSUAPI This option provides us with runtime control over the DRSUAPI_DS_REPLICA_NEIGHBOUR_WRITEABLE flag in the struct drsuapi_DsGetNCChanges.in.req.req<level>.replica_flags, allowing us to easily test for differences in the behaviour of AD replication with the switch on or off. In the course of the project, I also implemented two more flags for the RPC-DSSYNC test. dssync:last_usn takes an integer representing the USN (Universal Serial Number) of the last recieved replication update for a particular partition (uses the domain DN if drsuapi:parition isn't set). That value is passed in the DsGetNCChanges() call so that only info which has been updated since that point in time is returned. If this option is not set, 0 is used by default, and all updates for that partition are returned. dssync:partition takes a string DN and uses that as the name of the AD partition to replicate. Based initially on a patch provided to me by one of my mentors, Stephan (metze) Metzmacher, the RPC-DSSYNC test was implemented for this project. Initially functionality was included to perform a DC join prior to initiating replication, but the code was removed when it was realized that replication could indeed take place without being a member of the domain in any way. It has been recently suggested that we may need a DC join after all to get all of the information we may want from the AD replication. This is probably best added using a torture_join_domain() call once the libnet code is able to keep the user policy handle and SAMR RPC pipe open. The DC join code was taken out of the RPC-DSSYNC and implemented for the most part in the libnet libraries. To test this, the RPC-NETLOGON test was modified to perform a domain join, leave and rejoin. Currently, the test has a fault in that it is unable to leave the domain using the same SAMR RPC pipe and user_policy information as was used for the first join. This is because I was unable to get the code working properly in libnet to provide that functionality. Currently missing from the DC join in libnet is the code to create the CN=NTDS Settings,CN=<DC NETBIOS NAME>,CN=<Site-Name>,CN=Sites,CN=Configuration,<domain DN> container using the dcerpc_drsuapi_DsAddEntry() call. I did not want to implement this functionality in libnet while there were still problems with the code. I also provided the ability in libnet and the RPC-DSSYNC test to look up the proper site name using the cldap library. In my investigations, I was unable to find out any information regarding the UnicodePwd attribute, except that the same password is represented differently for two different users in the same directory. I was also able to resolve and confirm the meaning of some DRSUAPI_ATTRIBUTE ID's. DRSUAPI_OBJECTCLASS_domain (0xA0042) DRSUAPI_OBJECTCLASS_domainDNS (0xA0043) wellKnownObjects (0x9026A) fSMORoleOwner (0x90171) name or dc (0x90001) whenCreated (0x20002) instanceType (0x20001) gPLink (0x9037B) These were added to the IDL for drsuapi (source/librpc/idl/drsuapi.idl). I would like to thank everyone on the Samba team who worked with me and assisted me with this project, specifically all the work done by Stephan Metzmacher, Andrew Bartlett and Jerry Carter. Working on this project with the Samba team really has been a life changing experience, as corny as that sounds. I've realized that I was born to be a systems developer, and it has helped confirm in my mind that Open Source (specifically Samba) development is exactly what i've been missing! I would also like to take this opportunity to thank Chris Dibona and Google for the amazing opportunity. I don't know if I would have taken the leap in other circumstances. I know these notes sound a little rushed, but it is 23:55 after all! :) (This used to be commit 55552b41cbaa8c57a30373a53176e7f3ae945290)