From 7261a9b9f76d19e6a2179a48e903e2fee4ee64a1 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 2 May 2011 16:36:48 +1000 Subject: s4-libcli Remove resolve_name() as it conflicts with Samba3. This was just a wrapper around resolve_name_ex(), so just call that instead. Andrew Bartlett --- source4/torture/drs/rpc/dssync.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'source4/torture/drs') diff --git a/source4/torture/drs/rpc/dssync.c b/source4/torture/drs/rpc/dssync.c index 2ec3ded287..733e55ded5 100644 --- a/source4/torture/drs/rpc/dssync.c +++ b/source4/torture/drs/rpc/dssync.c @@ -105,8 +105,9 @@ static struct DsSyncTest *test_create_context(struct torture_context *tctx) make_nbt_name_server(&name, ctx->drsuapi_binding->host); /* do an initial name resolution to find its IP */ - status = resolve_name(lpcfg_resolve_context(tctx->lp_ctx), &name, tctx, - &ctx->dest_address, tctx->ev); + status = resolve_name_ex(lpcfg_resolve_context(tctx->lp_ctx), + 0, 0, &name, tctx, + &ctx->dest_address, tctx->ev); if (!NT_STATUS_IS_OK(status)) { printf("Failed to resolve %s - %s\n", name.name, nt_errstr(status)); -- cgit From d4481be95c0c22ab8dd66edfdd82d1e9312b137d Mon Sep 17 00:00:00 2001 From: Kamen Mazdrashki Date: Wed, 11 May 2011 21:04:54 +0300 Subject: s4/getnc_exop: Initial implementation of a testsuite for GetNCChanges extended opeartion handling --- source4/torture/drs/python/getnc_exop.py | 136 +++++++++++++++++++++++++++++++ 1 file changed, 136 insertions(+) create mode 100644 source4/torture/drs/python/getnc_exop.py (limited to 'source4/torture/drs') diff --git a/source4/torture/drs/python/getnc_exop.py b/source4/torture/drs/python/getnc_exop.py new file mode 100644 index 0000000000..3aeb7e025a --- /dev/null +++ b/source4/torture/drs/python/getnc_exop.py @@ -0,0 +1,136 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- +# +# Tests various schema replication scenarios +# +# Copyright (C) Kamen Mazdrashki 2011 +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +# +# Usage: +# export DC1=dc1_dns_name +# export DC2=dc2_dns_name +# export SUBUNITRUN=$samba4srcdir/scripting/bin/subunitrun +# PYTHONPATH="$PYTHONPATH:$samba4srcdir/torture/drs/python" $SUBUNITRUN getnc_exop -U"$DOMAIN/$DC_USERNAME"%"$DC_PASSWORD" +# + +import drs_base +import samba.tests + +from ldb import SCOPE_BASE + +from samba.dcerpc import drsuapi, misc, drsblobs +from samba.drs_utils import drs_DsBind + + +class DrsReplicaSyncTestCase(drs_base.DrsBaseTestCase): + """Intended as a semi-black box test case for DsGetNCChanges + implementation for extended operations. It should be testing + how DsGetNCChanges handles different input params (mostly invalid). + Final goal is to make DsGetNCChanges as binary compatible to + Windows implementation as possible""" + + def setUp(self): + super(DrsReplicaSyncTestCase, self).setUp() + + def tearDown(self): + super(DrsReplicaSyncTestCase, self).tearDown() + + def _exop_req8(self, dest_dsa, invocation_id, nc_dn_str, exop): + req8 = drsuapi.DsGetNCChangesRequest8() + + req8.destination_dsa_guid = misc.GUID(dest_dsa) + req8.source_dsa_invocation_id = misc.GUID(invocation_id) + req8.naming_context = drsuapi.DsReplicaObjectIdentifier() + req8.naming_context.dn = unicode(nc_dn_str) + req8.highwatermark = drsuapi.DsReplicaHighWaterMark() + req8.highwatermark.tmp_highest_usn = 0 + req8.highwatermark.reserved_usn = 0 + req8.highwatermark.highest_usn = 0 + req8.uptodateness_vector = None + req8.replica_flags = 0 + req8.max_object_count = 0 + req8.max_ndr_size = 402116 + req8.extended_op = exop + req8.fsmo_info = 0 + req8.partial_attribute_set = None + req8.partial_attribute_set_ex = None + req8.mapping_ctr.num_mappings = 0 + req8.mapping_ctr.mappings = None + + return req8 + + def _ds_bind(self, server_name): + binding_str = "ncacn_ip_tcp:%s[print,seal]" % server_name + + drs = drsuapi.drsuapi(binding_str, self.get_loadparm(), self.get_credentials()) + (drs_handle, supported_extensions) = drs_DsBind(drs) + return (drs, drs_handle) + + def _determine_fSMORoleOwner(self, fsmo_obj_dn): + """Returns (owner, not_owner) pair where: + owner: dns name for FSMO owner + not_owner: dns name for DC not owning the FSMO""" + res = self.ldb_dc1.search(fsmo_obj_dn, + scope=SCOPE_BASE, attrs=["fSMORoleOwner"]) + assert len(res) == 1, "Only one fSMORoleOwner value expected for %s!"%fsmo_obj_dn + fsmo_owner = res[0]["fSMORoleOwner"][0] + if fsmo_owner == self.info_dc1["dsServiceName"][0]: + return (self.dnsname_dc1, self.dnsname_dc2) + return (self.dnsname_dc2, self.dnsname_dc1) + + def _check_exop_failed(self, ctr6, expected_failure): + c = drsuapi.DsGetNCChangesCtr6() + self.assertEqual(ctr6.extended_ret, expected_failure) + self.assertEqual(ctr6.object_count, 0) + self.assertEqual(ctr6.first_object, None) + self.aserrtEqual(ctr6.more_data, False) + self.assertEqual(ctr6.nc_object_count, 0) + self.assertEqual(ctr6.nc_linked_attributes_count, 0) + self.assertEqual(ctr6.linked_attributes_count, 0) + self.assertEqual(ctr6.linked_attributes, None) + self.assertEqual(ctr6.drs_error, 0) + + def test_FSMONotOwner(self): + """Test role transfer with against DC not owner of the role""" + fsmo_dn = self.ldb_dc1.get_schema_basedn() + (fsmo_owner_dc, fsmo_not_owner_dc) = self._determine_fSMORoleOwner(fsmo_dn) + + req8 = self._exop_req8(dest_dsa="9c637462-5b8c-4467-aef2-bdb1f57bc4ef", + invocation_id=self.ldb_dc1.get_invocation_id(), + nc_dn_str=fsmo_dn, + exop=drsuapi.DRSUAPI_EXOP_FSMO_REQ_ROLE) + + (drs, drs_handle) = self._ds_bind(fsmo_not_owner_dc) + (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8) + self.assertEqual(level, 6, "Expected level 6 response!") + self._check_exop_failed(ctr, drsuapi.DRSUAPI_EXOP_ERR_FSMO_NOT_OWNER) + + def test_InvalidDestDSA(self): + """Test role transfer with invalid destination DSA guid""" + fsmo_dn = self.ldb_dc1.get_schema_basedn() + (fsmo_owner_dc, fsmo_not_owner_dc) = self._determine_fSMORoleOwner(fsmo_dn) + + req8 = self._exop_req8(dest_dsa="9c637462-5b8c-4467-aef2-bdb1f57bc4ef", + invocation_id=self.ldb_dc1.get_invocation_id(), + nc_dn_str=self.ldb_dc1.get_schema_basedn(), + exop=drsuapi.DRSUAPI_EXOP_FSMO_REQ_ROLE) + + (drs, drs_handle) = self._ds_bind(fsmo_owner_dc) + (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8) + self.assertEqual(level, 6, "Expected level 6 response!") + #ctr = drsuapi.DsGetNCChangesCtr6() + self._check_exop_failed(ctr, drsuapi.DRSUAPI_EXOP_ERR_UNKNOWN_CALLER) -- cgit From 99df3f6cbbdfa1693d805c2696e34f353dfa28ac Mon Sep 17 00:00:00 2001 From: Kamen Mazdrashki Date: Thu, 12 May 2011 19:43:54 +0300 Subject: s4/test/getnc_exop: Tune the the test to work against windows It turns out that sometimes, w2k8-r2 returns objects even when FSMO extended request has failed. Also verify that target DC returns source_dsa_guid and source_dsa_invocation_id correctly Autobuild-User: Kamen Mazdrashki Autobuild-Date: Fri May 13 02:26:04 CEST 2011 on sn-devel-104 --- source4/torture/drs/python/getnc_exop.py | 44 ++++++++++++++++++++------------ 1 file changed, 27 insertions(+), 17 deletions(-) (limited to 'source4/torture/drs') diff --git a/source4/torture/drs/python/getnc_exop.py b/source4/torture/drs/python/getnc_exop.py index 3aeb7e025a..904c013333 100644 --- a/source4/torture/drs/python/getnc_exop.py +++ b/source4/torture/drs/python/getnc_exop.py @@ -84,53 +84,63 @@ class DrsReplicaSyncTestCase(drs_base.DrsBaseTestCase): """Returns (owner, not_owner) pair where: owner: dns name for FSMO owner not_owner: dns name for DC not owning the FSMO""" + # collect info to return later + fsmo_info_1 = {"dns_name": self.dnsname_dc1, + "invocation_id": self.ldb_dc1.get_invocation_id(), + "ntds_guid": self.ldb_dc1.get_ntds_GUID()} + fsmo_info_2 = {"dns_name": self.dnsname_dc2, + "invocation_id": self.ldb_dc2.get_invocation_id(), + "ntds_guid": self.ldb_dc2.get_ntds_GUID()} + # determine the owner dc res = self.ldb_dc1.search(fsmo_obj_dn, scope=SCOPE_BASE, attrs=["fSMORoleOwner"]) assert len(res) == 1, "Only one fSMORoleOwner value expected for %s!"%fsmo_obj_dn fsmo_owner = res[0]["fSMORoleOwner"][0] if fsmo_owner == self.info_dc1["dsServiceName"][0]: - return (self.dnsname_dc1, self.dnsname_dc2) - return (self.dnsname_dc2, self.dnsname_dc1) + return (fsmo_info_1, fsmo_info_2) + return (fsmo_info_2, fsmo_info_1) def _check_exop_failed(self, ctr6, expected_failure): - c = drsuapi.DsGetNCChangesCtr6() self.assertEqual(ctr6.extended_ret, expected_failure) - self.assertEqual(ctr6.object_count, 0) - self.assertEqual(ctr6.first_object, None) - self.aserrtEqual(ctr6.more_data, False) + #self.assertEqual(ctr6.object_count, 0) + #self.assertEqual(ctr6.first_object, None) + self.assertEqual(ctr6.more_data, False) self.assertEqual(ctr6.nc_object_count, 0) self.assertEqual(ctr6.nc_linked_attributes_count, 0) self.assertEqual(ctr6.linked_attributes_count, 0) self.assertEqual(ctr6.linked_attributes, None) - self.assertEqual(ctr6.drs_error, 0) + self.assertEqual(ctr6.drs_error[0], 0) def test_FSMONotOwner(self): """Test role transfer with against DC not owner of the role""" fsmo_dn = self.ldb_dc1.get_schema_basedn() - (fsmo_owner_dc, fsmo_not_owner_dc) = self._determine_fSMORoleOwner(fsmo_dn) - - req8 = self._exop_req8(dest_dsa="9c637462-5b8c-4467-aef2-bdb1f57bc4ef", - invocation_id=self.ldb_dc1.get_invocation_id(), + (fsmo_owner, fsmo_not_owner) = self._determine_fSMORoleOwner(fsmo_dn) + + req8 = self._exop_req8(dest_dsa=fsmo_owner["ntds_guid"], + invocation_id=fsmo_not_owner["invocation_id"], nc_dn_str=fsmo_dn, exop=drsuapi.DRSUAPI_EXOP_FSMO_REQ_ROLE) - (drs, drs_handle) = self._ds_bind(fsmo_not_owner_dc) + (drs, drs_handle) = self._ds_bind(fsmo_not_owner["dns_name"]) (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8) self.assertEqual(level, 6, "Expected level 6 response!") self._check_exop_failed(ctr, drsuapi.DRSUAPI_EXOP_ERR_FSMO_NOT_OWNER) + self.assertEqual(ctr.source_dsa_guid, misc.GUID(fsmo_not_owner["ntds_guid"])) + self.assertEqual(ctr.source_dsa_invocation_id, misc.GUID(fsmo_not_owner["invocation_id"])) def test_InvalidDestDSA(self): """Test role transfer with invalid destination DSA guid""" fsmo_dn = self.ldb_dc1.get_schema_basedn() - (fsmo_owner_dc, fsmo_not_owner_dc) = self._determine_fSMORoleOwner(fsmo_dn) + (fsmo_owner, fsmo_not_owner) = self._determine_fSMORoleOwner(fsmo_dn) req8 = self._exop_req8(dest_dsa="9c637462-5b8c-4467-aef2-bdb1f57bc4ef", - invocation_id=self.ldb_dc1.get_invocation_id(), - nc_dn_str=self.ldb_dc1.get_schema_basedn(), + invocation_id=fsmo_owner["invocation_id"], + nc_dn_str=fsmo_dn, exop=drsuapi.DRSUAPI_EXOP_FSMO_REQ_ROLE) - (drs, drs_handle) = self._ds_bind(fsmo_owner_dc) + (drs, drs_handle) = self._ds_bind(fsmo_owner["dns_name"]) (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8) self.assertEqual(level, 6, "Expected level 6 response!") - #ctr = drsuapi.DsGetNCChangesCtr6() self._check_exop_failed(ctr, drsuapi.DRSUAPI_EXOP_ERR_UNKNOWN_CALLER) + self.assertEqual(ctr.source_dsa_guid, misc.GUID(fsmo_owner["ntds_guid"])) + self.assertEqual(ctr.source_dsa_invocation_id, misc.GUID(fsmo_owner["invocation_id"])) -- cgit From de46ad9084aff4384f33660acf91da3b81554a88 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 6 Jun 2011 14:37:06 +1000 Subject: lib/util use modules_path(), data_path() and shlib_ext() from source3 This brings these helpful utility functions in common, as they are not based on either loadparm system. (The 'modules dir' parameter from Samba4 will shortly be removed, so there is no loss in functionality) Andrew Bartlett --- source4/torture/drs/rpc/dssync.c | 5 +---- source4/torture/drs/rpc/msds_intid.c | 5 +---- 2 files changed, 2 insertions(+), 8 deletions(-) (limited to 'source4/torture/drs') diff --git a/source4/torture/drs/rpc/dssync.c b/source4/torture/drs/rpc/dssync.c index 733e55ded5..8279e736b1 100644 --- a/source4/torture/drs/rpc/dssync.c +++ b/source4/torture/drs/rpc/dssync.c @@ -271,10 +271,7 @@ static bool test_LDAPBind(struct torture_context *tctx, struct DsSyncTest *ctx, return NULL; } - ldb_set_modules_dir(ldb, - talloc_asprintf(ldb, - "%s/ldb", - lpcfg_modulesdir(tctx->lp_ctx))); + ldb_set_modules_dir(ldb, modules_path(ldb, "ldb")); if (ldb_set_opaque(ldb, "credentials", credentials)) { talloc_free(ldb); diff --git a/source4/torture/drs/rpc/msds_intid.c b/source4/torture/drs/rpc/msds_intid.c index 53f4992ba2..14c6454abe 100644 --- a/source4/torture/drs/rpc/msds_intid.c +++ b/source4/torture/drs/rpc/msds_intid.c @@ -283,10 +283,7 @@ static bool _test_LDAPBind(struct torture_context *tctx, return NULL; } - ldb_set_modules_dir(ldb, - talloc_asprintf(ldb, - "%s/ldb", - lpcfg_modulesdir(tctx->lp_ctx))); + ldb_set_modules_dir(ldb, modules_path(ldb, "ldb")); if (ldb_set_opaque(ldb, "credentials", credentials) != LDB_SUCCESS) { talloc_free(ldb); -- cgit