[PATCH 2/2] s4:dsdb/rootdse: Support netlogon request

Benjamin Franzke benjaminfranzke at googlemail.com
Mon Oct 28 07:51:09 MDT 2013

Hi Andrew,

Thank you very much for your help! I've now passed the remote_address as
and tried to do a proper torture integration without duplicating the
existing testcode.

Therefore I decided to pass the netlogon function as function pointer to
the tests..
And added a tcp replacement/alternative for cldap_netlogon.
(It is located directly in the test c-file.)
Adding tcp support to libcli looked wrong and like a lot of resulting
ugliness to me.
I hope you're ok with that?

Adding the patches as attachment.
(used format-patch -C, which hopefully makes it a bit easier to review)

The Branch is also available at:

Regards, Ben

2013/10/27 Andrew Bartlett <abartlet at samba.org>

> First,
> Thank you so much for coming back with a patch.
> For the IP address issue, we have to patch ldapsrv_backend_Init() in
> source4/ldap_server/ldap_backend.c to pass
> conn->connection->remote_address in to ldb as an opaque, using
> ldb_set_opaque() like we do with the "supportedSASLMechanisms" later in
> that function.
> Then you can get that again with ldb_get_opaque() in the rootdse code,
> and it should all 'just work' :-)
> On Sun, 2013-10-27 at 19:44 +0100, Benjamin Franzke wrote:
> > This patch adds support for a netlogon ldap style request
> > over the tcp socket.  This is available since win2k3+ [1].
> >
> > The automatic client join & configuration daemon "realmd" makes
> > use of this ability.
> > Realmd can now be used to join a computer to a samba 4 domain.
> > (See also:
> > https://lists.samba.org/archive/samba-technical/2013-October/095606.html
> )
> >
> > Tested with:
> > ldapsearch -h samba-srv -x -b '' -s base
> "(&(NtVer=\06\00\00\00)(AAC=\00\00\00\00))" NetLogon
> >
> > And compared the result in wireshark with cldap request issued by
> > examples/misc/cldap.pl.
> Finally, can you add a test to our testsuite?  The existing tests are in
> source4/torture/ldap/cldap.c, but these use UDP.  Tests for TCP LDAP are
> in the other files in source4/torture/ldap, and hopefully you could
> combine the two to test this over TCP.
> I really, really appreciate you doing this, and for investigating the
> history of the issue!
> Thanks,
> Andrew Bartlett
> --
> Andrew Bartlett                                http://samba.org/~abartlet/
> Authentication Developer, Samba Team           http://samba.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-rootdse-netlogon-Pass-client-ip-address.patch
Type: text/x-patch
Size: 2530 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20131028/aff6fa75/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-libcli-cldap-Add-utility-to-create-netlogon-filter.patch
Type: text/x-patch
Size: 4898 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20131028/aff6fa75/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0003-s4-torture-ldap-Add-test-for-netlogon-over-tcp.patch
Type: text/x-patch
Size: 37302 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20131028/aff6fa75/attachment-0002.bin>

More information about the samba-technical mailing list