[cifs-protocol] Question about [MS-DRSR] section 5.12.2 - prefixMap implementation
Bill Wesse
billwe at microsoft.com
Fri Oct 23 06:37:42 MDT 2009
Thank you very much!
Regards,
Bill Wesse
MCSE, MCTS / Senior Escalation Engineer, US-CSS DSC PROTOCOL TEAM
8055 Microsoft Way
Charlotte, NC 28273
TEL: +1(980) 776-8200
CELL: +1(704) 661-5438
FAX: +1(704) 665-9606
From: Kamen Mazdrashki [mailto:kamen.mazdrashki at postpath.com]
Sent: Friday, October 23, 2009 8:32 AM
To: Bill Wesse
Cc: pfif at tridgell.net; cifs-protocol at samba.org
Subject: RE: [cifs-protocol] Question about [MS-DRSR] section 5.12.2 - prefixMap implementation
Hi Bill,
Sorry, I must have missed the LDIF. Here it is.
I have also gathered some data for you - the log file is bloated with other information, so here is just the most important observations from the log.
Win2k8
-----------------------------------------------------------
attid: 0x8933929C
id_prefix: 0x00004823
bin_oid: 0x2A817A + 01 ('1.2.250.1')
attid_loword: 0x0001
attid: 0x87159F45
id_prefix: 0x00004823
bid_oid: 0x2A817A + 8102 ('1.2.250.130')
attid_loword: 0x0082
attid: 0x85C6D3B9
id_prefix: 0x00000DC7
bin_oid: 0x2A817A81 + 8002 ('1.2.250.16386')
attid_loword: 0x8002
attid: 0x9E0386A9
id_prefix: 0x00003C60
bin_oid: 0x2A817A8180 + 8002 ('1.2.250.2097154')
attid_loword: 0x8002
I have 4 attributes received – all grouped above.
For the first one I got ATTID: 0x8933929C
If we follow the logic in OidFromAttid(), then first we are to find a prefixMap entry with id_prefix: 0x0000008933
Well, there is no such entry (please look in log file for Win2k8).
prefixMap entry we should find for this ATTID is id_prefix: 0x00004823. So let’s pretend, that 0x8933 is somehow mapped to 0x4823 and try to make full binary-oid of the Attribute.
According to docs, I should add the lo-word for ATTID, e.g. 0x929C, to the partial binary-oid in the prefixMap - 0x2A817A.
When I do this, I got OID='1.2.250.4764' instead of '1.2.250.1'.
Btw, in order to not making all those calculations by hand every time, I’ve created a little Python script to do the job.
So, if you have a Python installed, you can just ‘import prefixmap’ in Python console and then execute prefixmap.oid_from_attid('0x2A817A', '0x8933929C') – it will return '1.2.250.4764'. Prefix map module implements algorithms described in MS-DRSR.
I am attaching the Python script also if you want to play with it.
Regards,
Kamen Mazdrashki
kamen.mazdrashki at postpath.com
http://repo.or.cz/w/Samba/kamenim.git
-------------------------------------
CISCO SYSTEMS BULGARIA EOOD
http://www.cisco.com/global/BG/
> -----Original Message-----
> From: Bill Wesse [mailto:billwe at microsoft.com]
> Sent: Friday, October 23, 2009 2:44 PM
> To: Kamen Mazdrashki
> Cc: pfif at tridgell.net; cifs-protocol at samba.org
> Subject: RE: [cifs-protocol] Question about [MS-DRSR] section 5.12.2 -
> prefixMap implementation
>
> Good morning again Kamen. I have completed my investigation of our
> prefixMap, MakeAttid() and OidFromAttid() on Windows 2003 & 2008 R2:
> they are indeed functionally identical.
>
> So, something else is going on here, and we will need to duplicate your
> results under debug. To do that, I need to ask you to forward a copy of
> the LDIF file to me (I received the docs & conf file, but not the
> LDIF).
>
> Regards,
> Bill Wesse
> MCSE, MCTS / Senior Escalation Engineer, US-CSS DSC PROTOCOL TEAM
> 8055 Microsoft Way
> Charlotte, NC 28273
> TEL: +1(980) 776-8200
> CELL: +1(704) 661-5438
> FAX: +1(704) 665-9606
>
> -----Original Message-----
> From: Bill Wesse
> Sent: Thursday, October 22, 2009 11:15 AM
> To: 'Kamen Mazdrashki'
> Cc: pfif at tridgell.net; cifs-protocol at samba.org
> Subject: RE: [cifs-protocol] Question about [MS-DRSR] section 5.12.2 -
> prefixMap implementation
>
> Thanks for the advisory - I will follow up with you on the attid - I
> will be expanding my code study on this.
>
> Regards,
> Bill Wesse
> MCSE, MCTS / Senior Escalation Engineer, US-CSS DSC PROTOCOL TEAM
> 8055 Microsoft Way
> Charlotte, NC 28273
> TEL: +1(980) 776-8200
> CELL: +1(704) 661-5438
> FAX: +1(704) 665-9606
>
>
> -----Original Message-----
> From: Kamen Mazdrashki [mailto:kamen.mazdrashki at postpath.com]
> Sent: Thursday, October 22, 2009 10:56 AM
> To: Bill Wesse
> Cc: pfif at tridgell.net; cifs-protocol at samba.org
> Subject: RE: [cifs-protocol] Question about [MS-DRSR] section 5.12.2 -
> prefixMap implementation
>
> Hi Bill,
>
> Currently this issue stops me from implementing MakeAttid() and
> OidFromAttid() to work transparently in all cases - from Win2k3 to
> Win2k8. Also I can't make a reasonable unit test for those functions.
> Nevertheless, it is not a 'show stopper' for me at this stage, as
> current implementation (following MS-DRSR) work well for Win2k3 and
> Win2k8 (without modifying schema).
>
> Attached you may find:
> - LDIF file;
> - 2 logs - from Win2k3 (Functional Level = Win 2000) and Win2k8-R2
> (Functional Level = Win 2008 R2);
> - smb conf file used for testing, in case you want to try it by
> yourself
>
> I am currently on making an resume for Win2k8 result I got from windows
> server.
>
> It seems not to be a corner case to me.
> It seems more like a special case for Win2k8 - ATTIDs for all newly
> created attributes are with 31-th bit set.
>
> Regards,
> Kamen Mazdrashki
> kamen.mazdrashki at postpath.com
> http://repo.or.cz/w/Samba/kamenim.git
> -------------------------------------
> CISCO SYSTEMS BULGARIA EOOD
> http://www.cisco.com/global/BG/
>
>
> > -----Original Message-----
> > From: Bill Wesse [mailto:billwe at microsoft.com]
> > Sent: Thursday, October 22, 2009 5:50 PM
> > To: Kamen Mazdrashki
> > Cc: pfif at tridgell.net; cifs-protocol at samba.org
> > Subject: RE: [cifs-protocol] Question about [MS-DRSR] section 5.12.2
> -
> > prefixMap implementation
> >
> > Hello again, Kamen. Could you forward the LDIF file to me? I want to
> > make sure I haven't missed anything (thanks).
> >
> > Also, I have again reviewed the MakeAttid() and OidFromAttid() pseudo
> > code in [MS-DRSR] 5.16.4 (ATTRTYP-to-OID Conversion) - they do appear
> > to be accurate representations of our implementations; my earlier
> > comment about a 'corner-case' was an error, I got mixed up between
> > string & binary OIDs.
> >
> > There is certainly something else going on here, and I will continue
> > working on it.
> >
> > Regards,
> > Bill Wesse
> > MCSE, MCTS / Senior Escalation Engineer, US-CSS DSC PROTOCOL TEAM
> > 8055 Microsoft Way
> > Charlotte, NC 28273
> > TEL: +1(980) 776-8200
> > CELL: +1(704) 661-5438
> > FAX: +1(704) 665-9606
> >
> >
> > -----Original Message-----
> > From: Bill Wesse
> > Sent: Thursday, October 22, 2009 8:51 AM
> > To: 'Kamen Mazdrashki'
> > Cc: pfif at tridgell.net; cifs-protocol at samba.org
> > Subject: RE: [cifs-protocol] Question about [MS-DRSR] section 5.12.2
> -
> > prefixMap implementation
> >
> > You are very welcome. Could you advise me concerning how much this is
> > affecting your implementation development, so that I can set the TDI
> > priority appropriately?
> >
> > I have cross-compared the Windows 2003 and Windows 2008 R2
> > implementations of the MakeAttid() and OidFromAttid() functions;
> there
> > appear to be no functional changes.
> >
> > I suspect there is some corner-case not fully described in the attid
> > composition in MakeAttid (lastValue ≥ 16384).
> >
> > procedure MakeAttid(var t: PrefixTable, o: OID): ATTRTYP ...
> > /*compose the attid*/
> > lowerWord := lastValue mod 16384
> > if lastValue ≥ 16384 then
> > /*mark it so that it is known to not be the whole lastValue*/
> > lowerWord := lowerWord + 32768
> > endif
> >
> > Regards,
> > Bill Wesse
> > MCSE, MCTS / Senior Escalation Engineer, US-CSS DSC PROTOCOL TEAM
> > 8055 Microsoft Way
> > Charlotte, NC 28273
> > TEL: +1(980) 776-8200
> > CELL: +1(704) 661-5438
> > FAX: +1(704) 665-9606
> >
> > -----Original Message-----
> > From: Kamen Mazdrashki [mailto:kamen.mazdrashki at postpath.com]
> > Sent: Thursday, October 22, 2009 4:16 AM
> > To: Bill Wesse; Interoperability Documentation Help
> > Cc: pfif at tridgell.net; cifs-protocol at samba.org
> > Subject: RE: [cifs-protocol] Question about [MS-DRSR] section 5.12.2
> -
> > prefixMap implementation
> >
> > Hi Bill,
> >
> > Thanks for your support.
> > I am looking forward to hearing from you soon.
> >
> > Regards,
> > Kamen Mazdrashki
> > kamen.mazdrashki at postpath.com
> > http://repo.or.cz/w/Samba/kamenim.git
> > -------------------------------------
> > CISCO SYSTEMS BULGARIA EOOD
> > http://www.cisco.com/global/BG/
> >
> >
> > > -----Original Message-----
> > > From: Bill Wesse [mailto:billwe at microsoft.com]
> > > Sent: Wednesday, October 21, 2009 7:37 PM
> > > To: Kamen Mazdrashki; Interoperability Documentation Help
> > > Cc: pfif at tridgell.net; cifs-protocol at samba.org
> > > Subject: RE: [cifs-protocol] Question about [MS-DRSR] section
> 5.12.2
> > -
> > > prefixMap implementation
> > >
> > > Good afternoon Kamen. This is Bill Wesse from the Protocol Support
> > > team. I will be your contact for the case noted below, where you
> > asked
> > > about prefixMap implementation differences for Windows 2003 and
> > Windows
> > > 2008 R2.
> > >
> > > SRX091020600112 [MS-DRSR] section 5.12.2 - prefixMap implementation
> > >
> > > I will keep you updated with the results of my investigation as
> > details
> > > develop.
> > >
> > > Regards,
> > > Bill Wesse
> > > MCSE, MCTS / Senior Escalation Engineer, US-CSS DSC PROTOCOL TEAM
> > > 8055 Microsoft Way
> > > Charlotte, NC 28273
> > > TEL: +1(980) 776-8200
> > > CELL: +1(704) 661-5438
> > > FAX: +1(704) 665-9606
> > >
> > > -----Original Message-----
> > > From: Kamen Mazdrashki [mailto:kamen.mazdrashki at postpath.com]
> > > Sent: Tuesday, October 20, 2009 9:36 AM
> > > To: Interoperability Documentation Help
> > > Cc: pfif at tridgell.net; cifs-protocol at samba.org
> > > Subject: [cifs-protocol] Question about [MS-DRSR] section 5.12.2 -
> > > prefixMap implementation
> > >
> > > Hi,
> > >
> > > I need a clarification about what are the differences between
> > prefixMap
> > > implementation for Win2K3 and Win2K8(R2).
> > >
> > > Attached you may find:
> > > 1. LDIF file to provision AD Schema with some test Attributes -
> OIDs
> > of
> > > those attributes are crafted so that different scenarios could be
> > > tested.
> > > 2. Log files gathered during execution of Samba's RPC-DSSYNC test
> > > against Win2K3 and Win2K8. I am sending the log files as Word
> > documents
> > > so it is easy for me to highlight interesting parts from the log
> > files.
> > > -- prefixMap received is highlighted with 'gray'; newly added
> > entries
> > > are highlighted with 'yellow'
> > > -- newly added object attributes received are also highlighted
> > > with 'yellow'
> > > 3. For testing I was using:
> > > -- Win2k3 R2 - Domain functional level = Win 2000 installation
> > > -- Win2K8 R2 - Domain functional lever = Win 2008 R2
> > > -- Samba 4 - latest build. Test run is RPC-DSSYNC.
> > > Command line for testing:
> > > $> bin/smbtorture -Uadministrator%333 --
> > > configfile=/usr/local/samba/etc/drsuapi.conf
> > > ncacn_ip_tcp:Win_machine_ip[print,seal] RPC-DSSYNC -d1
> > >
> > > As you may see, for Win2K3 everything works correctly as described
> > > in MS-DRSR, section 5.12.2.
> > > I.e. attribute with attid=0x1B860001 matches prefixMap entry with
> > > id=0x00001b86 and thus Attribute OID is correctly decoded as being
> > > '1.2.250.1'
> > >
> > > In Win2k8 log file however, for attid=0x85C6D3B9 matching prefixMap
> > > entry should be id=0x00004823 and it is not quite obvious how
> > > 0x85C6D3B9 is matched to 0x00004823?
> > >
> > > Please, clarify what is the algorithm used under Win2k8 for
> > MakeAttid()
> > > and OidFromAttid() functions?
> > >
> > > Many thanks in advance.
> > >
> > > Regards,
> > > Kamen Mazdrashki
> > > kamen.mazdrashki at postpath.com
> > > http://repo.or.cz/w/Samba/kamenim.git
> > > -------------------------------------
> > > CISCO SYSTEMS BULGARIA EOOD
> > > http://www.cisco.com/global/BG/
> > >
> >
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20091023/72adf820/attachment-0001.html>
More information about the cifs-protocol
mailing list