[PATCH 2/2] s4:dsdb/rootdse: Support netlogon request

Benjamin Franzke benjaminfranzke at googlemail.com
Tue Nov 5 13:19:20 MST 2013 

Hi Andrew,

I still could not find the cause of the test failure (Reminder: please send
me the pcap file).
But by trying to debug the failure I recognized that AD supports to query
additional rootdse attributes, next to netlogon in one request. (as already
talked about in irc)
This both applies to netlogon-over-ldap and netlogon-over-cldap.

So I had to change the netlogon handing quite a bit.
The netlogon query is still handled before the internal @ROOTDSE request,
but the result is now added to the message in rootdse_add_dynamic.
And cldap does not handle netlogon itself now, but relies on the rootdse
ldb query to give the result.

I've also added a torture to test netlogon with additional attributes.
This is tcp only atm, but should be expanded to test udp too.

The current state can be found at:
https://git.bnfr.net/samba/log/?h=netlogon-8

All samba4.ldap tests succeeded.

Thanks, Ben



2013/10/30 Andrew Bartlett <abartlet at samba.org>

> On Tue, 2013-10-29 at 23:27 +0200, Nadezhda Ivanova wrote:
> > Hi Benjamin and Andrew,
> > The patches look fine to me.
> >
> > Reviewed-by: Nadezhda Ivanova <nivanova at symas.com>
>
> Thanks.  Sadly it still fails autobuild :-(
>
> [776/1584 in 43m24s] samba4.ldap.netlogon-tcp(dc)
> smbtorture 4.2.0pre1-DEVELOPERBUILD
> Using seed 1383081492
> Trying without any attributes
> Scanning for netlogon levels
> Trying netlogon level 0
> Trying netlogon level 1
> Trying netlogon level 2
> Trying netlogon level 3
> Trying netlogon level 4
> Trying netlogon level 5
> Trying netlogon level 6
> Trying netlogon level 7
> ndr_pull_error(9): BAD NBT NAME component
> ndr_pull_error(18): not all bytes consumed ofs[24] size[127]
> Printing out netlogon server type flags: 127.0.0.21
> The word is: 5117
> NBT_SERVER_PDC NBT_SERVER_GC NBT_SERVER_LDAP NBT_SERVER_DS
> NBT_SERVER_KDC NBT_SERVER_TIMESERV NBT_SERVER_CLOSEST
> NBT_SERVER_WRITABLE NBT_SERVER_GOOD_TIMESERV
> NBT_SERVER_FULL_SECRET_DOMAIN_6
> UNEXPECTED(failure): samba4.ldap.netlogon-tcp.netlogon-tcp(dc)
> REASON: _StringException:
> _StringException: ../source4/torture/ldap/netlogon.c:85: status was
> NT_STATUS_PORT_MESSAGE_TOO_LONG, expected NT_STATUS_OK: incorrect status
>
> FAILED (1 failures, 0 errors and 0 unexpected successes in 0 testsuites)
>
>
> > On Tue, Oct 29, 2013 at 10:25 PM, Andrew Bartlett <abartlet at samba.org
> >wrote:
> >
> > > On Tue, 2013-10-29 at 15:29 +0100, Benjamin Franzke wrote:
> > > > Hi Andrew,
> > > >
> > > > I have had that error sometimes while coding the torture test,
> > > > but now I dont get it reproduced..
> > > > Not with running smbtorture manually, and also not with make test
> > > > TESTS=samba4.netlogon-tcp.
> > > >
> > > > So I ran the test with make testenv in a while loop until it would
> fail.
> > > > After some iterations I got an error, but its another one
> > > > (NT_STATUS_NOT_FOUND) than you got.
> > > >
> > > > The server segfaulted because of a mistake in the rootdse/netlogon
> code
> > > > i've written.
> > > > The msg->dn was not part of msg's talloc tree, i've fixed this in:
> > > >
> > >
> https://git.bnfr.net/samba/commit/?h=netlogon-5&id=3d149a460892a7c78c635cc1303ed5eb0c1641ea
> > > >
> > > > With that patch the tests runs fine running it in many iterations.
> > > >
> > > > I dont know whether this might fix the issue you have,
> > > > but could you test whether it runs fine for you now?
> > >
> > > I'll test it today, but this looks very likely.
> > >
> > > I've squashed it into
> > >
> > >
> http://git.samba.org/?p=abartlet/samba.git/.git;a=shortlog;h=refs/heads/bnfr-netlogon-5
> > >
> > > Nadya,
> > >
> > > Can you review these for us, as a second team reviewer?
> > >
> > > Andrew Bartlett
> > >
> > > --
> > > Andrew Bartlett
> > > http://samba.org/~abartlet/
> > > Authentication Developer, Samba Team           http://samba.org
> > > Samba Developer, Catalyst IT                   http://catalyst.net.nz
> > >
> > >
> > >
> >
>
> --
> Andrew Bartlett
> http://samba.org/~abartlet/
> Authentication Developer, Samba Team           http://samba.org
> Samba Developer, Catalyst IT                   http://catalyst.net.nz
>
>
>

More information about the samba-technical mailing list