Fwd: [SCM] Samba Shared Repository - branch master updated
Matthieu Patou
mat at samba.org
Sun Nov 27 15:27:10 MST 2011
Hello Mathias,
Thanks for taking care of the cldap related patches !
Matthieu.
-------- Original Message --------
Subject: [SCM] Samba Shared Repository - branch master updated
Date: Sun, 27 Nov 2011 16:24:03 +0100 (CET)
From: metze at samba.org (Stefan Metzmacher)
Reply-To: samba-technical at lists.samba.org
To: samba-cvs at samba.org
The branch, master has been updated
via 0e52606 s4:torture/ldap/cldap.c - remove the "test_cldap_netlogon_flag_ds_dns_forest" test
via 6b63d7e s4:selftest/test_samba_tool.sh - add a basic unit test for the new "domain info" command
via f57f009 samba-tool: domain info - add basic exception handling
via 08ca7d1 samba-tool: add a domain info command to get basic info
via 521c708 s4:netlogon RPC server - DsRGetDcNameEx - set the DNS name flags correctly
via 1770daf s4-netlogon: return WERR_NO_SUCH_DOMAIN instead of WERR_DS_UNAVAILABLE if we are unable to translate the domain to a dn
via b893749 s4:cldap_server/netlogon.c - DS_SERVER_CLOSEST handling
via fc26e29 s4:netcmd/common.py: add a "netcmd" function to do a cldap netlogon request
via 179bf9b s4:libnet/py_net.c: "py_net_finddc" - add an "address" parameter
via dec1435 s4:libnet/py_net.c - initialise optional keyword arguments
via ad19aa6 s4:libcli/finddcs_cldap.c - let "finddcs_cldap" work either with the IP address or the domain name
via 9e6c88b smbtorture: avoid sigsev if the password is not correct
via 83c0393 s4:update_keytab LDB module - no need to filter for the DN
via 2c73eb4 idl:netlogon.idl - add the Active Directory Web Service bit (DS_SERVER_WEBSERV)
from 37f7a2c s3:locking:posix: remove uses of SMB_ASSERT() from get_windows_lock_ref_count()
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 0e526062a4716c01421ec45f2e0d5093c63ea5c5
Author: Matthias Dieter Wallnöfer<mdw at samba.org>
Date: Thu Nov 24 09:31:42 2011 +0100
s4:torture/ldap/cldap.c - remove the "test_cldap_netlogon_flag_ds_dns_forest" test
The test is wrong since the DNS_* (DS_DNS_CONTROLLER, DS_DNS_DOMAIN,
DS_DNS_FOREST_ROOT) flags are never set on the plain CLDAP pipe. They
get added only over the DsRGetDCName* calls over NETLOGON RPC.
Signed-off-by: Stefan Metzmacher<metze at samba.org>
Autobuild-User: Stefan Metzmacher<metze at samba.org>
Autobuild-Date: Sun Nov 27 16:23:27 CET 2011 on sn-devel-104
commit 6b63d7e61830e74a3d878269c3dc84a9ca3f730c
Author: Matthias Dieter Wallnöfer<mdw at samba.org>
Date: Wed Nov 23 21:05:54 2011 +0100
s4:selftest/test_samba_tool.sh - add a basic unit test for the new "domain info" command
Signed-off-by: Stefan Metzmacher<metze at samba.org>
commit f57f009bc600e214cf34de2ef825fe51eb25aeed
Author: Matthias Dieter Wallnöfer<mdw at samba.org>
Date: Wed Nov 23 21:29:18 2011 +0100
samba-tool: domain info - add basic exception handling
It is nicer to get an error message rather than a stacktrace on wrong IP
addresses.
Signed-off-by: Stefan Metzmacher<metze at samba.org>
commit 08ca7d1634a6510655581bce141fb0200dad8c1c
Author: Matthieu Patou<mat at matws.net>
Date: Tue Sep 27 17:46:14 2011 -0700
samba-tool: add a domain info command to get basic info
Signed-off-by: Matthias Dieter Wallnöfer<mdw at samba.org>
Signed-off-by: Stefan Metzmacher<metze at samba.org>
commit 521c708fe45ab0d8b9e31391cc8b8aae59e0c27f
Author: Matthias Dieter Wallnöfer<mdw at samba.org>
Date: Wed Nov 23 20:32:57 2011 +0100
s4:netlogon RPC server - DsRGetDcNameEx - set the DNS name flags correctly
The rules are explained in MS-NRPC 2.2.1.2.1.
Patch inspired by Matthieu Patou.
Signed-off-by: Stefan Metzmacher<metze at samba.org>
commit 1770dafafd51ee9989005c9214b1b1b9d3ecada7
Author: Matthieu Patou<mat at matws.net>
Date: Tue Sep 27 15:11:36 2011 -0400
s4-netlogon: return WERR_NO_SUCH_DOMAIN instead of WERR_DS_UNAVAILABLE if we are unable to translate the domain to a dn
Signed-off-by: Matthias Dieter Wallnöfer<mdw at samba.org>
Signed-off-by: Stefan Metzmacher<metze at samba.org>
commit b89374934feced586b21152795f40543fe7b007b
Author: Matthias Dieter Wallnöfer<mdw at samba.org>
Date: Thu Nov 24 09:25:35 2011 +0100
s4:cldap_server/netlogon.c - DS_SERVER_CLOSEST handling
DS_SERVER_CLOSEST is only set when the client and server site coincide.
MS-NRPC 2.2.1.2.1
Signed-off-by: Stefan Metzmacher<metze at samba.org>
commit fc26e29f8ed1cad0875801782178696ce5f9d1f1
Author: Matthias Dieter Wallnöfer<mdw at samba.org>
Date: Tue Nov 22 22:26:38 2011 +0100
s4:netcmd/common.py: add a "netcmd" function to do a cldap netlogon request
This is useful for a new "samba-tool domain info" command.
Patch inspired by Matthieu Patou.
Signed-off-by: Stefan Metzmacher<metze at samba.org>
commit 179bf9b51c9de5f9f8e78893bd20b9821e39e7e4
Author: Matthias Dieter Wallnöfer<mdw at samba.org>
Date: Tue Nov 22 22:26:06 2011 +0100
s4:libnet/py_net.c: "py_net_finddc" - add an "address" parameter
This is useful for a new "samba-tool domain info" command.
Patch inspired by Matthieu Patou.
Signed-off-by: Stefan Metzmacher<metze at samba.org>
commit dec1435a42e16269d1e343707e924256ee8a5050
Author: Matthias Dieter Wallnöfer<mdw at samba.org>
Date: Tue Nov 22 22:06:15 2011 +0100
s4:libnet/py_net.c - initialise optional keyword arguments
Signed-off-by: Stefan Metzmacher<metze at samba.org>
commit ad19aa6331ab44516afa82434f125120172b3dda
Author: Matthias Dieter Wallnöfer<mdw at samba.org>
Date: Wed Nov 23 09:45:31 2011 +0100
s4:libcli/finddcs_cldap.c - let "finddcs_cldap" work either with the IP address or the domain name
This will be useful for a new "samba-tool domain info" command.
Signed-off-by: Stefan Metzmacher<metze at samba.org>
commit 9e6c88bda5ad8ea68f2471fbbe959b1282457f52
Author: Matthieu Patou<mat at matws.net>
Date: Tue Sep 27 17:30:16 2011 -0700
smbtorture: avoid sigsev if the password is not correct
Signed-off-by: Matthias Dieter Wallnöfer<mdw at samba.org>
Signed-off-by: Stefan Metzmacher<metze at samba.org>
commit 83c039378bb9622820d8005b196297733fe731f0
Author: Matthias Dieter Wallnöfer<mdw at samba.org>
Date: Tue Oct 25 20:06:45 2011 +0200
s4:update_keytab LDB module - no need to filter for the DN
We launch a search request with base scope on exactly the same DN (see
downwards).
Signed-off-by: Stefan Metzmacher<metze at samba.org>
commit 2c73eb4204fd62442bc62c311a016991631b4a18
Author: Matthias Dieter Wallnöfer<mdw at samba.org>
Date: Wed Nov 23 20:19:32 2011 +0100
idl:netlogon.idl - add the Active Directory Web Service bit (DS_SERVER_WEBSERV)
MS-NRPC 2.2.1.2.1
Signed-off-by: Stefan Metzmacher<metze at samba.org>
-----------------------------------------------------------------------
Summary of changes:
librpc/idl/netlogon.idl | 1 +
source4/cldap_server/netlogon.c | 19 +----
source4/dsdb/samdb/ldb_modules/update_keytab.c | 4 +-
source4/libcli/finddcs_cldap.c | 41 +++++++----
source4/libnet/py_net.c | 26 +++++--
source4/rpc_server/netlogon/dcerpc_netlogon.c | 16 ++++-
source4/scripting/bin/samba_spnupdate | 2 +-
source4/scripting/python/samba/join.py | 2 +-
source4/scripting/python/samba/netcmd/common.py | 22 ++++-
source4/scripting/python/samba/netcmd/domain.py | 27 +++++++-
source4/selftest/tests.py | 2 +-
source4/torture/ldap/cldap.c | 91 +----------------------
source4/torture/nbt/dgram.c | 2 +-
source4/utils/tests/test_samba_tool.sh | 13 ++-
14 files changed, 127 insertions(+), 141 deletions(-)
Changeset truncated at 500 lines:
diff --git a/librpc/idl/netlogon.idl b/librpc/idl/netlogon.idl
index 24bab80..504933c 100644
--- a/librpc/idl/netlogon.idl
+++ b/librpc/idl/netlogon.idl
@@ -1149,6 +1149,7 @@ interface netlogon
DS_SERVER_NDNC = 0x00000400,
DS_SERVER_SELECT_SECRET_DOMAIN_6 = 0x00000800,
DS_SERVER_FULL_SECRET_DOMAIN_6 = 0x00001000,
+ DS_SERVER_WEBSERV = 0x00002000,
DS_DNS_CONTROLLER = 0x20000000,
DS_DNS_DOMAIN = 0x40000000,
DS_DNS_FOREST_ROOT = 0x80000000
diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c
index c9c92f6..9d9f45e 100644
--- a/source4/cldap_server/netlogon.c
+++ b/source4/cldap_server/netlogon.c
@@ -224,14 +224,8 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
server_type =
DS_SERVER_DS | DS_SERVER_TIMESERV |
- DS_SERVER_CLOSEST |
DS_SERVER_GOOD_TIMESERV;
-#if 0
- /* w2k8-r2 as a DC does not claim these */
- server_type |= DS_DNS_CONTROLLER | DS_DNS_DOMAIN;
-#endif
-
if (samdb_is_pdc(sam_ctx)) {
server_type |= DS_SERVER_PDC;
}
@@ -256,13 +250,6 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
server_type |= DS_SERVER_WRITABLE;
}
-#if 0
- /* w2k8-r2 as a sole DC does not claim this */
- if (ldb_dn_compare(ldb_get_root_basedn(sam_ctx), ldb_get_default_basedn(sam_ctx)) == 0) {
- server_type |= DS_DNS_FOREST_ROOT;
- }
-#endif
-
pdc_name = talloc_asprintf(mem_ctx, "\\\\%s",
lpcfg_netbios_name(lp_ctx));
NT_STATUS_HAVE_NO_MEMORY(pdc_name);
@@ -276,13 +263,17 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
dns_domain);
NT_STATUS_HAVE_NO_MEMORY(pdc_dns_name);
flatname = lpcfg_workgroup(lp_ctx);
+
server_site = samdb_server_site_name(sam_ctx, mem_ctx);
NT_STATUS_HAVE_NO_MEMORY(server_site);
client_site = samdb_client_site_name(sam_ctx, mem_ctx,
src_address, NULL);
NT_STATUS_HAVE_NO_MEMORY(client_site);
- load_interface_list(mem_ctx, lp_ctx,&ifaces);
+ if (strcasecmp(server_site, client_site) == 0) {
+ server_type |= DS_SERVER_CLOSEST;
+ }
+ load_interface_list(mem_ctx, lp_ctx,&ifaces);
if (src_address) {
pdc_ip = iface_list_best_ip(ifaces, src_address);
} else {
diff --git a/source4/dsdb/samdb/ldb_modules/update_keytab.c b/source4/dsdb/samdb/ldb_modules/update_keytab.c
index 2d4a903..3658c1b 100644
--- a/source4/dsdb/samdb/ldb_modules/update_keytab.c
+++ b/source4/dsdb/samdb/ldb_modules/update_keytab.c
@@ -89,8 +89,8 @@ static int add_modified(struct ldb_module *module, struct ldb_dn *dn, bool do_de
struct ldb_result *res;
int ret;
- filter = talloc_asprintf(data, "(&(dn=%s)(&(objectClass=kerberosSecret)(privateKeytab=*)))",
- ldb_dn_get_linearized(dn));
+ filter = talloc_asprintf(data,
+ "(&(objectClass=kerberosSecret)(privateKeytab=*))");
if (!filter) {
return ldb_oom(ldb);
}
diff --git a/source4/libcli/finddcs_cldap.c b/source4/libcli/finddcs_cldap.c
index a0f538d..38e828f 100644
--- a/source4/libcli/finddcs_cldap.c
+++ b/source4/libcli/finddcs_cldap.c
@@ -60,7 +60,6 @@ static bool finddcs_cldap_ipaddress(struct finddcs_cldap_state *state, struct fi
/*
* find a list of DCs via DNS/CLDAP
- *
*/
struct tevent_req *finddcs_cldap_send(TALLOC_CTX *mem_ctx,
struct finddcs *io,
@@ -78,9 +77,14 @@ struct tevent_req *finddcs_cldap_send(TALLOC_CTX *mem_ctx,
state->req = req;
state->ev = event_ctx;
state->minimum_dc_flags = io->in.minimum_dc_flags;
- state->domain_name = talloc_strdup(state, io->in.domain_name);
- if (tevent_req_nomem(state->domain_name, req)) {
- return tevent_req_post(req, event_ctx);
+
+ if (io->in.domain_name) {
+ state->domain_name = talloc_strdup(state, io->in.domain_name);
+ if (tevent_req_nomem(state->domain_name, req)) {
+ return tevent_req_post(req, event_ctx);
+ }
+ } else {
+ state->domain_name = NULL;
}
if (io->in.domain_sid) {
@@ -97,17 +101,26 @@ struct tevent_req *finddcs_cldap_send(TALLOC_CTX *mem_ctx,
if (!finddcs_cldap_ipaddress(state, io)) {
return tevent_req_post(req, event_ctx);
}
- } else if (strchr(state->domain_name, '.')) {
- /* looks like a DNS name */
- DEBUG(4,("finddcs: searching for a DC by DNS domain %s\n", state->domain_name));
- if (!finddcs_cldap_srv_lookup(state, io, resolve_ctx, event_ctx)) {
- return tevent_req_post(req, event_ctx);
+ } else if (io->in.domain_name) {
+ if (strchr(state->domain_name, '.')) {
+ /* looks like a DNS name */
+ DEBUG(4,("finddcs: searching for a DC by DNS domain %s\n", state->domain_name));
+ if (!finddcs_cldap_srv_lookup(state, io, resolve_ctx,
+ event_ctx)) {
+ return tevent_req_post(req, event_ctx);
+ }
+ } else {
+ DEBUG(4,("finddcs: searching for a DC by NBT lookup %s\n", state->domain_name));
+ if (!finddcs_cldap_nbt_lookup(state, io, resolve_ctx,
+ event_ctx)) {
+ return tevent_req_post(req, event_ctx);
+ }
}
} else {
- DEBUG(4,("finddcs: searching for a DC by NBT lookup %s\n", state->domain_name));
- if (!finddcs_cldap_nbt_lookup(state, io, resolve_ctx, event_ctx)) {
- return tevent_req_post(req, event_ctx);
- }
+ /* either we have the domain name or the IP address */
+ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
+ DEBUG(2,("finddcs: Please specify at least the domain name or the IP address! \n"));
+ return tevent_req_post(req, event_ctx);
}
return req;
@@ -233,7 +246,7 @@ static void finddcs_cldap_next_server(struct finddcs_cldap_state *state)
return;
}
- if (strchr(state->domain_name, '.')) {
+ if ((state->domain_name != NULL)&& (strchr(state->domain_name, '.'))) {
state->netlogon->in.realm = state->domain_name;
}
if (state->domain_sid) {
diff --git a/source4/libnet/py_net.c b/source4/libnet/py_net.c
index ebfb2ba..7c90572 100644
--- a/source4/libnet/py_net.c
+++ b/source4/libnet/py_net.c
@@ -353,6 +353,8 @@ static PyObject *py_net_vampire(py_net_Object *self, PyObject *args, PyObject *k
PyObject *ret;
struct libnet_Vampire r;
+ ZERO_STRUCT(r);
+
if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s|z", discard_const_p(char *, kwnames),
&r.in.domain_name,&r.in.targetdir)) {
return NULL;
@@ -469,7 +471,7 @@ static PyObject *py_net_replicate_chunk(py_net_Object *self, PyObject *args, PyO
const char *kwnames[] = { "state", "level", "ctr",
"schema", "req_level", "req",
NULL };
- PyObject *py_state, *py_ctr, *py_schema, *py_req;
+ PyObject *py_state, *py_ctr, *py_schema = Py_None, *py_req = Py_None;
struct replicate_state *s;
unsigned level;
unsigned req_level = 0;
@@ -578,23 +580,31 @@ static PyObject *py_net_replicate_chunk(py_net_Object *self, PyObject *args, PyO
/*
find a DC given a domain name and server type
*/
-static PyObject *py_net_finddc(py_net_Object *self, PyObject *args)
+static PyObject *py_net_finddc(py_net_Object *self, PyObject *args, PyObject *kwargs)
{
- const char *domain_name;
+ const char *domain = NULL, *address = NULL;
unsigned server_type;
NTSTATUS status;
struct finddcs *io;
TALLOC_CTX *mem_ctx;
PyObject *ret;
+ const char * const kwnames[] = { "flags", "domain", "address", NULL };
- if (!PyArg_ParseTuple(args, "sI",&domain_name,&server_type)) {
+ if (!PyArg_ParseTupleAndKeywords(args, kwargs, "I|ss",
+ discard_const_p(char *, kwnames),
+ &server_type,&domain,&address)) {
return NULL;
}
mem_ctx = talloc_new(self->mem_ctx);
io = talloc_zero(mem_ctx, struct finddcs);
- io->in.domain_name = domain_name;
+ if (domain != NULL) {
+ io->in.domain_name = domain;
+ }
+ if (address != NULL) {
+ io->in.server_address = address;
+ }
io->in.minimum_dc_flags = server_type;
status = finddcs_cldap(io, io,
@@ -622,8 +632,8 @@ static const char py_net_replicate_init_doc[] = "replicate_init(samdb, lp, drspi
static const char py_net_replicate_chunk_doc[] = "replicate_chunk(state, level, ctr, schema)\n"
"Process replication for one chunk";
-static const char py_net_finddc_doc[] = "finddc(domain, server_type)\n"
- "find a DC with the specified server_type bits. Return the DNS name";
+static const char py_net_finddc_doc[] = "finddc(flags=server_type, domain=None, address=None)\n"
+ "Find a DC with the specified 'server_type' bits. The 'domain' and/or 'address' have to be used as additional search criteria. Returns the whole netlogon struct";
static PyMethodDef net_obj_methods[] = {
{"join_member", (PyCFunction)py_net_join_member, METH_VARARGS|METH_KEYWORDS, py_net_join_member_doc},
@@ -636,7 +646,7 @@ static PyMethodDef net_obj_methods[] = {
{"vampire", (PyCFunction)py_net_vampire, METH_VARARGS|METH_KEYWORDS, py_net_vampire_doc},
{"replicate_init", (PyCFunction)py_net_replicate_init, METH_VARARGS|METH_KEYWORDS, py_net_replicate_init_doc},
{"replicate_chunk", (PyCFunction)py_net_replicate_chunk, METH_VARARGS|METH_KEYWORDS, py_net_replicate_chunk_doc},
- {"finddc", (PyCFunction)py_net_finddc, METH_VARARGS, py_net_finddc_doc},
+ {"finddc", (PyCFunction)py_net_finddc, METH_KEYWORDS, py_net_finddc_doc},
{ NULL }
};
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index cbf223b..125fb38 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -1056,7 +1056,7 @@ static WERROR dcesrv_netr_GetDcName(struct dcesrv_call_state *dce_call, TALLOC_C
domain_dn = samdb_domain_to_dn(sam_ctx, mem_ctx,
r->in.domainname);
if (domain_dn == NULL) {
- return WERR_DS_UNAVAILABLE;
+ return WERR_NO_SUCH_DOMAIN;
}
ret = gendb_search_dn(sam_ctx, mem_ctx,
@@ -1791,9 +1791,23 @@ static WERROR dcesrv_netr_DsRGetDCNameEx2(struct dcesrv_call_state *dce_call,
return ntstatus_to_werror(status);
}
+ /*
+ * According to MS-NRPC 2.2.1.2.1 we should set the "DS_DNS_FOREST_ROOT"
+ * (O) flag when the returned forest name is in DNS format. This is here
+ * always the case (see below).
+ */
+ response.data.nt5_ex.server_type |= DS_DNS_FOREST_ROOT;
+
if (r->in.flags& DS_RETURN_DNS_NAME) {
dc_name = response.data.nt5_ex.pdc_dns_name;
domain_name = response.data.nt5_ex.dns_domain;
+ /*
+ * According to MS-NRPC 2.2.1.2.1 we should set the
+ * "DS_DNS_CONTROLLER" (M) and "DS_DNS_DOMAIN" (N) flags when
+ * the returned information is in DNS form.
+ */
+ response.data.nt5_ex.server_type |=
+ DS_DNS_CONTROLLER | DS_DNS_DOMAIN;
} else if (r->in.flags& DS_RETURN_FLAT_NAME) {
dc_name = response.data.nt5_ex.pdc_name;
domain_name = response.data.nt5_ex.domain_name;
diff --git a/source4/scripting/bin/samba_spnupdate b/source4/scripting/bin/samba_spnupdate
index 10da1d9..52a51d8 100755
--- a/source4/scripting/bin/samba_spnupdate
+++ b/source4/scripting/bin/samba_spnupdate
@@ -190,7 +190,7 @@ def call_rodc_update(d):
net = Net(creds=creds, lp=lp)
try:
- cldap_ret = net.finddc(domain, nbt.NBT_SERVER_DS | nbt.NBT_SERVER_WRITABLE)
+ cldap_ret = net.finddc(domain=domain, flags=nbt.NBT_SERVER_DS | nbt.NBT_SERVER_WRITABLE)
except Exception, reason:
print("Unable to find writeable DC for domain '%s' to send DRS writeSPN to : %s" % (domain, reason))
sys.exit(1)
diff --git a/source4/scripting/python/samba/join.py b/source4/scripting/python/samba/join.py
index 4252a2d..3ae1a2c 100644
--- a/source4/scripting/python/samba/join.py
+++ b/source4/scripting/python/samba/join.py
@@ -195,7 +195,7 @@ class dc_join(object):
def find_dc(ctx, domain):
'''find a writeable DC for the given domain'''
try:
- ctx.cldap_ret = ctx.net.finddc(domain, nbt.NBT_SERVER_LDAP | nbt.NBT_SERVER_DS | nbt.NBT_SERVER_WRITABLE)
+ ctx.cldap_ret = ctx.net.finddc(domain=domain, flags=nbt.NBT_SERVER_LDAP | nbt.NBT_SERVER_DS | nbt.NBT_SERVER_WRITABLE)
except Exception:
raise Exception("Failed to find a writeable DC for domain '%s'" % domain)
if ctx.cldap_ret.client_site is not None and ctx.cldap_ret.client_site != "":
diff --git a/source4/scripting/python/samba/netcmd/common.py b/source4/scripting/python/samba/netcmd/common.py
index 234fad3..9291f87 100644
--- a/source4/scripting/python/samba/netcmd/common.py
+++ b/source4/scripting/python/samba/netcmd/common.py
@@ -52,10 +52,22 @@ def netcmd_dnsname(lp):
return lp.get('netbios name').lower() + "." + lp.get('realm').lower()
-def netcmd_finddc(lp, creds):
- '''return domain-name of a writable/ldap-capable DC for the domain.'''
+def netcmd_finddc(lp, creds, realm=None):
+ '''Return domain-name of a writable/ldap-capable DC for the default
+ domain (parameter "realm" in smb.conf) unless another realm has been
+ specified as argument'''
net = Net(creds=creds, lp=lp)
- realm = lp.get('realm')
- cldap_ret = net.finddc(realm,
- nbt.NBT_SERVER_LDAP | nbt.NBT_SERVER_DS | nbt.NBT_SERVER_WRITABLE)
+ if realm is None:
+ realm = lp.get('realm')
+ cldap_ret = net.finddc(domain=realm,
+ flags=nbt.NBT_SERVER_LDAP | nbt.NBT_SERVER_DS | nbt.NBT_SERVER_WRITABLE)
return cldap_ret.pdc_dns_name
+
+
+def netcmd_get_domain_infos_via_cldap(lp, creds, address=None):
+ '''Return domain informations (CLDAP record) of the ldap-capable
+ DC with the specified address'''
+ net = Net(creds=creds, lp=lp)
+ cldap_ret = net.finddc(address=address,
+ flags=nbt.NBT_SERVER_LDAP | nbt.NBT_SERVER_DS)
+ return cldap_ret
diff --git a/source4/scripting/python/samba/netcmd/domain.py b/source4/scripting/python/samba/netcmd/domain.py
index 0e6083a..a41a9d6 100644
--- a/source4/scripting/python/samba/netcmd/domain.py
+++ b/source4/scripting/python/samba/netcmd/domain.py
@@ -41,6 +41,7 @@ from samba.netcmd import (
SuperCommand,
Option
)
+from samba.netcmd.common import netcmd_get_domain_infos_via_cldap
from samba.samba3 import Samba3
from samba.samba3 import param as s3param
from samba.upgrade import upgrade_from_samba3
@@ -74,6 +75,30 @@ class cmd_domain_export_keytab(Command):
net = Net(None, lp, server=credopts.ipaddress)
net.export_keytab(keytab=keytab)
+class cmd_domain_info(Command):
+ """Print basic info about a domain and the DC passed as parameter"""
+
+ synopsis = "%prog domain info<ip_address> [options]"
+
+ takes_options = [
+ ]
+
+ takes_args = ["address"]
+
+ def run(self, address, credopts=None, sambaopts=None, versionopts=None):
+ lp = sambaopts.get_loadparm()
+ try:
+ res = netcmd_get_domain_infos_via_cldap(lp, None, address)
+ print "Forest : %s" % res.forest
+ print "Domain : %s" % res.dns_domain
+ print "Netbios domain : %s" % res.domain_name
+ print "DC name : %s" % res.pdc_dns_name
+ print "DC netbios name : %s" % res.pdc_name
+ print "Server site : %s" % res.server_site
+ print "Client site : %s" % res.client_site
+ except RuntimeError:
+ raise CommandError("Invalid IP address '" + address + "'!")
+
class cmd_domain_join(Command):
@@ -614,12 +639,12 @@ class cmd_domain_samba3upgrade(Command):
upgrade_from_samba3(samba3, logger, targetdir, session_info=system_session(),
useeadb=eadb)
-
class cmd_domain(SuperCommand):
"""Domain management"""
subcommands = {}
subcommands["exportkeytab"] = cmd_domain_export_keytab()
+ subcommands["info"] = cmd_domain_info()
subcommands["join"] = cmd_domain_join()
subcommands["level"] = cmd_domain_level()
subcommands["passwordsettings"] = cmd_domain_passwordsettings()
diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index f465396..b2779d3 100755
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -303,7 +303,7 @@ planpythontestsuite("dc", "samba.tests.dns")
planpythontestsuite("none", "samba.tests.blackbox.ndrdump")
planpythontestsuite("none", "samba.tests.source")
-plantestsuite("samba4.blackbox.samba_tool(dc:local)", "dc:local", [os.path.join(samba4srcdir, "utils/tests/test_samba_tool.sh"), '$SERVER', "$USERNAME", "$PASSWORD", "$DOMAIN"])
+plantestsuite("samba4.blackbox.samba_tool(dc:local)", "dc:local", [os.path.join(samba4srcdir, "utils/tests/test_samba_tool.sh"), '$SERVER', '$SERVER_IP', '$USERNAME', '$PASSWORD', '$DOMAIN'])
plantestsuite("samba4.blackbox.pkinit(dc:local)", "dc:local", [os.path.join(bbdir, "test_pkinit.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$PREFIX', "aes256-cts-hmac-sha1-96", configuration])
plantestsuite("samba4.blackbox.kinit(dc:local)", "dc:local", [os.path.join(bbdir, "test_kinit.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$PREFIX', "aes256-cts-hmac-sha1-96", configuration])
plantestsuite("samba4.blackbox.kinit(fl2000dc:local)", "fl2000dc:local", [os.path.join(bbdir, "test_kinit.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$PREFIX', "arcfour-hmac-md5", configuration])
diff --git a/source4/torture/ldap/cldap.c b/source4/torture/ldap/cldap.c
index 69ed302..6de33b8 100644
--- a/source4/torture/ldap/cldap.c
+++ b/source4/torture/ldap/cldap.c
@@ -23,12 +23,14 @@
#include "includes.h"
#include "libcli/cldap/cldap.h"
-#include "libcli/ldap/libcli_ldap.h"
+#include "libcli/ldap/ldap_client.h"
#include "librpc/gen_ndr/netlogon.h"
-#include "torture/torture.h"
#include "param/param.h"
#include "../lib/tsocket/tsocket.h"
+#include "torture/torture.h"
+#include "torture/ldap/proto.h"
+
#define CHECK_STATUS(status, correct) torture_assert_ntstatus_equal(tctx, status, correct, "incorrect status")
#define CHECK_VAL(v, correct) torture_assert_int_equal(tctx, (v), (correct), "incorrect value");
@@ -385,90 +387,6 @@ static void cldap_dump_results(struct cldap_search *search)
talloc_free(ldb);
}
-
-/*
- test cldap netlogon server type flag "NBT_SERVER_FOREST_ROOT"
-*/
-static bool test_cldap_netlogon_flag_ds_dns_forest(struct torture_context *tctx,
- const char *dest)
-{
- struct cldap_socket *cldap;
- NTSTATUS status;
- struct cldap_netlogon search;
- uint32_t server_type;
- struct netlogon_samlogon_response n1;
- bool result = true;
- struct tsocket_address *dest_addr;
- int ret;
-
- ret = tsocket_address_inet_from_strings(tctx, "ip",
- dest,
- lpcfg_cldap_port(tctx->lp_ctx),
- &dest_addr);
- CHECK_VAL(ret, 0);
-
- /* cldap_socket_init should now know about the dest. address */
- status = cldap_socket_init(tctx, NULL, dest_addr,&cldap);
- CHECK_STATUS(status, NT_STATUS_OK);
-
- printf("Testing netlogon server type flag NBT_SERVER_FOREST_ROOT: ");
-
- ZERO_STRUCT(search);
- search.in.dest_address = NULL;
- search.in.dest_port = 0;
- search.in.acct_control = -1;
- search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
- search.in.map_response = true;
-
- status = cldap_netlogon(cldap, tctx,&search);
- CHECK_STATUS(status, NT_STATUS_OK);
-
- n1 = search.out.netlogon;
- if (n1.ntver == NETLOGON_NT_VERSION_5)
- server_type = n1.data.nt5.server_type;
- else if (n1.ntver == NETLOGON_NT_VERSION_5EX)
- server_type = n1.data.nt5_ex.server_type;
-
- if (server_type& DS_DNS_FOREST_ROOT) {
- struct cldap_search search2;
- const char *attrs[] = { "defaultNamingContext", "rootDomainNamingContext",
- NULL };
- struct ldb_context *ldb;
- struct ldb_message *msg;
-
- /* Trying to fetch the attributes "defaultNamingContext" and
- "rootDomainNamingContext" */
- ZERO_STRUCT(search2);
- search2.in.dest_address = dest;
- search2.in.dest_port = lpcfg_cldap_port(tctx->lp_ctx);
- search2.in.timeout = 10;
- search2.in.retries = 3;
- search2.in.filter = "(objectclass=*)";
- search2.in.attributes = attrs;
-
- status = cldap_search(cldap, tctx,&search2);
- CHECK_STATUS(status, NT_STATUS_OK);
-
- ldb = ldb_init(NULL, NULL);
-
- msg = ldap_msg_to_ldb(ldb, ldb, search2.out.response);
-
- /* Try to compare the two attributes */
- if (ldb_msg_element_compare(ldb_msg_find_element(msg, attrs[0]),
- ldb_msg_find_element(msg, attrs[1])))
- result = false;
-
- talloc_free(ldb);
- }
-
- if (result)
- printf("passed\n");
--
Samba Shared Repository
More information about the samba-technical
mailing list