From 37f2d53528273c355fd646233a8037565b5432fc Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 13 Mar 2007 18:17:31 +0000 Subject: r21827: move comments to the place where the functionality is implemented metze (This used to be commit 5d49d8b9e149d320cb08c5c2a4fc4cb8bfd74129) --- source4/libnet/libnet_unbecome_dc.c | 156 ++++++++++++++++++++++++++++++++++++ source4/torture/rpc/testjoin.c | 121 +--------------------------- 2 files changed, 157 insertions(+), 120 deletions(-) diff --git a/source4/libnet/libnet_unbecome_dc.c b/source4/libnet/libnet_unbecome_dc.c index c0dbfcc68d..0c781b66ec 100644 --- a/source4/libnet/libnet_unbecome_dc.c +++ b/source4/libnet/libnet_unbecome_dc.c @@ -29,6 +29,162 @@ #include "dsdb/common/flags.h" #include "librpc/gen_ndr/ndr_drsuapi_c.h" +/***************************************************************************** + * Windows 2003 (w2k3) does the following steps when changing the server role + * from domain controller back to domain member + * + * We mostly do the same. + *****************************************************************************/ + +/* + * lookup DC: + * - using nbt name<1C> request and a samlogon mailslot request + * or + * - using a DNS SRV _ldap._tcp.dc._msdcs. request and a CLDAP netlogon request + * + * see: unbecomeDC_send_cldap() and unbecomeDC_recv_cldap() + */ + +/* + * Open 1st LDAP connection to the DC using admin credentials + * + * see: unbecomeDC_ldap_connect() + */ + +/* + * LDAP search 1st LDAP connection: + * + * see: unbecomeDC_ldap_rootdse() + * + * Request: + * basedn: "" + * scope: base + * filter: (objectClass=*) + * attrs: defaultNamingContext + * configurationNamingContext + * Result: + * "" + * defaultNamingContext: + * configurationNamingContext:CN=Configuration, + */ + +/* + * LDAP search 1st LDAP connection: + * + * see: unbecomeDC_ldap_computer_object() + * + * Request: + * basedn: + * scope: sub + * filter: (&(|(objectClass=user)(objectClass=computer))(sAMAccountName=)) + * attrs: distinguishedName + * userAccountControl + * Result: + * CN=,CN=Domain Controllers, + * distinguishedName: CN=,CN=Domain Controllers, + * userAccoountControl: 532480 <0x82000> + */ + +/* + * LDAP search 1st LDAP connection: + * + * see: unbecomeDC_ldap_modify_computer() + * + * Request: + * basedn: CN=,CN=Computers, + * scope: base + * filter: (objectClass=*) + * attrs: userAccountControl + * Result: + * CN=,CN=Computers, + * userAccoountControl: 532480 <0x82000> + */ + +/* + * LDAP modify 1st LDAP connection: + * + * see: unbecomeDC_ldap_modify_computer() + * + * Request (replace): + * CN=,CN=Computers, + * userAccoountControl: 4096 <0x1000> + * Result: + * + */ + +/* + * LDAP search 1st LDAP connection: + * + * see: unbecomeDC_ldap_move_computer() + * + * Request: + * basedn: > + * scope: base + * filter: (objectClass=*) + * attrs: 1.1 + * Result: + * CN=Computers, + */ + +/* + * LDAP search 1st LDAP connection: + * + * not implemented because it doesn't give any new information + * + * Request: + * basedn: CN=Computers, + * scope: base + * filter: (objectClass=*) + * attrs: distinguishedName + * Result: + * CN=Computers, + * distinguishedName: CN=Computers, + */ + +/* + * LDAP modifyRDN 1st LDAP connection: + * + * see: unbecomeDC_ldap_move_computer() + * + * Request: + * entry: CN=,CN=Domain Controllers, + * newrdn: CN= + * deleteoldrdn: TRUE + * newparent: CN=Computers, + * Result: + * + */ + +/* + * LDAP unbind on the 1st LDAP connection + * + * not implemented, because it's not needed... + */ + +/* + * Open 1st DRSUAPI connection to the DC using admin credentials + * DsBind with DRSUAPI_DS_BIND_GUID ("e24d201a-4fd6-11d1-a3da-0000f875ae0d") + * + * see: unbecomeDC_drsuapi_connect_send(), unbecomeDC_drsuapi_connect_recv(), + * unbecomeDC_drsuapi_bind_send() and unbecomeDC_drsuapi_bind_recv() + */ + +/* + * DsRemoveDsServer to remove the + * CN=,CN=Servers,CN=,CN=Configuration, + * and CN=NTDS Settings,CN=,CN=Servers,CN=,CN=Configuration, + * on the 1st DRSUAPI connection + * + * see: unbecomeDC_drsuapi_remove_ds_server_send() and unbecomeDC_drsuapi_remove_ds_server_recv() + */ + +/* + * DsUnbind on the 1st DRSUAPI connection + * + * not implemented, because it's not needed... + */ + + struct libnet_UnbecomeDC_state { struct composite_context *creq; diff --git a/source4/torture/rpc/testjoin.c b/source4/torture/rpc/testjoin.c index 0d89cd479d..c52ef6e853 100644 --- a/source4/torture/rpc/testjoin.c +++ b/source4/torture/rpc/testjoin.c @@ -672,126 +672,7 @@ struct test_join_ads_dc *torture_join_domain_ads_dc(const char *machine_name, void torture_leave_domain_ads_dc(struct test_join_ads_dc *join) { -/* W2K3: */ - /* - * lookup DC: - * - using nbt name<1C> request and a samlogon mailslot request - * or - * - using a DNS SRV _ldap._tcp.dc._msdcs. request and a CLDAP netlogon request - */ - /* - * Open 1st LDAP connection to the DC using admin credentials - */ - - /* - * LDAP search 1st LDAP connection: - * - * Request: - * basedn: "" - * scope: base - * filter: (objectClass=*) - * attrs: defaultNamingContext - * configurationNamingContext - * Result: - * "" - * defaultNamingContext: - * configurationNamingContext:CN=Configuration, - */ - - /* - * LDAP search 1st LDAP connection: - * - * Request: - * basedn: - * scope: sub - * filter: (&(|(objectClass=user)(objectClass=computer))(sAMAccountName=)) - * attrs: distinguishedName - * userAccountControl - * Result: - * CN=,CN=Domain Controllers, - * distinguishedName: CN=,CN=Domain Controllers, - * userAccoountControl: 532480 <0x82000> - */ - - /* - * LDAP search 1st LDAP connection: - * - * Request: - * basedn: CN=,CN=Computers, - * scope: base - * filter: (objectClass=*) - * attrs: userAccountControl - * Result: - * CN=,CN=Computers, - * userAccoountControl: 532480 <0x82000> - */ - - /* - * LDAP modify 1st LDAP connection: - * - * Request (replace): - * CN=,CN=Computers, - * userAccoountControl: 4096 <0x1000> - * Result: - * - */ - - /* - * LDAP search 1st LDAP connection: - * - * Request: - * basedn: > - * scope: base - * filter: (objectClass=*) - * attrs: 1.1 - * Result: - * CN=Computers, - */ - - /* - * LDAP search 1st LDAP connection: - * - * Request: - * basedn: CN=Computers, - * scope: base - * filter: (objectClass=*) - * attrs: distinguishedName - * Result: - * CN=Computers, - * distinguishedName: CN=Computers, - */ - - /* - * LDAP modifyRDN 1st LDAP connection: - * - * Request: - * entry: CN=,CN=Domain Controllers, - * newrdn: CN= - * deleteoldrdn: TRUE - * newparent: CN=Computers, - * Result: - * - */ - - /* - * LDAP unbind on the 1st LDAP connection - */ - - /* - * Open 1st DRSUAPI connection to the DC using admin credentials - * DsBind with DRSUAPI_DS_BIND_GUID ("e24d201a-4fd6-11d1-a3da-0000f875ae0d") - */ - - /* - * DsRemoveDsServer to remove the - * CN=,CN=Servers,CN=,CN=Configuration, - * and CN=NTDS Settings,CN=,CN=Servers,CN=,CN=Configuration, - * on the 1st DRSUAPI connection - */ - - /* - * DsUnbind on the 1st DRSUAPI connection - */ +/* W2K3: see libnet/libnet_unbecome_dc.c */ if (join->join) { torture_leave_domain(join->join); -- cgit