svn commit: samba r9932 - in branches/SOC/SAMBA_4_0: .

brad at samba.org brad at samba.org
Thu Sep 1 23:49:43 GMT 2005 

Author: brad
Date: 2005-09-01 23:49:42 +0000 (Thu, 01 Sep 2005)
New Revision: 9932

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=9932

Log:
Really rushed project notes.

Added:
   branches/SOC/SAMBA_4_0/README


Changeset:
Added: branches/SOC/SAMBA_4_0/README
===================================================================
--- branches/SOC/SAMBA_4_0/README	2005-09-01 23:31:51 UTC (rev 9931)
+++ branches/SOC/SAMBA_4_0/README	2005-09-01 23:49:42 UTC (rev 9932)
@@ -0,0 +1,39 @@
+This project was centered around adding a torture test to Samba 4, which used drsuapi_DsGetNCChanges() to retrieve the contents of an Active Directory in the same manner as an Active Directory DC replication event.
+
+As the project unfolded, I also applied some changes to the functionality of the libnet library related to joining a machine account to a domain.
+
+One of the first things that I implemented in this project was a 'neighbour_writeable' option for the RPC-DRSUAPI torture test. The command line to execute this torture test is as follows:
+
+smbtorture --option=drsuapi:neighbour_writeable=True -W <domain name> -U <admin username>%<password> ncacn_ip_tcp:<domain controller dns name> RPC-DRSUAPI
+
+This option provides us with runtime control over the DRSUAPI_DS_REPLICA_NEIGHBOUR_WRITEABLE flag in the struct drsuapi_DsGetNCChanges.in.req.req<level>.replica_flags, allowing us to easily test for differences in the behaviour of AD replication with the switch on or off.
+
+In the course of the project, I also implemented two more flags for the RPC-DSSYNC test. dssync:last_usn takes an integer representing the USN (Universal Serial Number) of the last recieved replication update for a particular partition (uses the domain DN if drsuapi:parition isn't set).   That value is passed in the DsGetNCChanges() call so that only info which has been updated since that point in time is returned. If this option is not set, 0 is used by default, and all updates for that partition are returned.  dssync:partition takes a string DN and uses that as the name of the AD partition to replicate.
+
+Based initially on a patch provided to me by one of my mentors, Stephan (metze) Metzmacher, the RPC-DSSYNC test was implemented for this project. Initially functionality was included to perform a DC join prior to initiating replication, but the code was removed when it was realized that replication could indeed take place without being a member of the domain in any way. It has been recently suggested that we may need a DC join after all to get all of the information we may want from the AD replication. This is probably best added using a torture_join_domain() call once the libnet code is able to keep the user policy handle and SAMR RPC pipe open.
+
+The DC join code was taken out of the RPC-DSSYNC and implemented for the most part in the libnet libraries. To test this, the RPC-NETLOGON test was modified to perform a domain join, leave and rejoin. Currently, the test has a fault in that it is unable to leave the domain using the same SAMR RPC pipe and user_policy information as was used for the first join. This is because I was unable to get the code working properly in libnet to provide that functionality. Currently missing from the DC join in libnet is the code to create the CN=NTDS Settings,CN=<DC NETBIOS NAME>,CN=<Site-Name>,CN=Sites,CN=Configuration,<domain DN> container using the dcerpc_drsuapi_DsAddEntry() call. I did not want to implement this functionality in libnet while there were still problems with the code.
+
+
+I also provided the ability in libnet and the RPC-DSSYNC test to look up the proper site name using the cldap library.
+
+In my investigations, I was unable to find out any information regarding the UnicodePwd attribute, except that the same password is represented differently for two different users in the same directory.
+
+I was also able to resolve and confirm the meaning of some DRSUAPI_ATTRIBUTE ID's.
+	DRSUAPI_OBJECTCLASS_domain 	(0xA0042)
+	DRSUAPI_OBJECTCLASS_domainDNS 	(0xA0043)
+	wellKnownObjects 		(0x9026A)
+	fSMORoleOwner 			(0x90171)
+	name or dc			(0x90001)
+	whenCreated 			(0x20002)
+	instanceType 			(0x20001)
+	gPLink				(0x9037B)
+These were added to the IDL for drsuapi (source/librpc/idl/drsuapi.idl).
+
+I would like to thank everyone on the Samba team who worked with me and assisted me with this project, specifically all the work done by Stephan Metzmacher, Andrew Bartlett and Jerry Carter. Working on this project with the Samba team really has been a life changing experience, as corny as that sounds. 
+
+I've realized that I was born to be a systems developer, and it has helped confirm in my mind that Open Source (specifically Samba) development is exactly what i've been missing! 
+
+I would also like to take this opportunity to thank Chris Dibona and Google for the amazing opportunity. I don't know if I would have taken the leap in other circumstances.
+
+I know these notes sound a little rushed, but it is 23:55 after all! :)

More information about the samba-cvs mailing list