libnet_BecomeDC() tests
- Copyright (C) Stefan (metze) Metzmacher 2006
+ Copyright (C) Stefan Metzmacher <metze@samba.org> 2006
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
#include "librpc/gen_ndr/ndr_misc.h"
#include "system/time.h"
#include "auth/auth.h"
-#include "lib/db_wrap.h"
+#include "lib/ldb_wrap.h"
#include "lib/appweb/ejs/ejs.h"
#include "lib/appweb/ejs/ejsInternal.h"
#include "scripting/ejs/smbcalls.h"
return ejs_error;
}
-#define TORTURE_NETBIOS_NAME "smbtorturedc"
-#define TORTURE_SAMDB_LDB "test_samdb.ldb"
-#define TORTURE_SECRETS_LDB "test_secrets.ldb"
-#define TORTURE_SECRETS_KEYTAB "test_secrets.keytab"
-
struct test_become_dc_state {
struct libnet_context *ctx;
+ struct torture_context *tctx;
+ const char *netbios_name;
struct test_join *tj;
struct cli_credentials *machine_account;
struct dsdb_schema *self_made_schema;
struct drsuapi_DsReplicaObjectListItemEx *last_object;
} schema_part;
- const char *computer_dn;
+ struct {
+ const char *samdb_ldb;
+ const char *domaindn_ldb;
+ const char *configdn_ldb;
+ const char *schemadn_ldb;
+ const char *secrets_ldb;
+ const char *secrets_keytab;
+ } path;
};
static NTSTATUS test_become_dc_check_options(void *private_data,
const struct libnet_BecomeDC_CheckOptions *o)
{
- DEBUG(0,("Become DC of Domain[%s]/[%s]\n",
+ struct test_become_dc_state *s = talloc_get_type(private_data, struct test_become_dc_state);
+
+ DEBUG(0,("Become DC [%s] of Domain[%s]/[%s]\n",
+ s->netbios_name,
o->domain->netbios_name, o->domain->dns_name));
DEBUG(0,("Promotion Partner is Server[%s] from Site[%s]\n",
GUID_string(s, &p->dest_dsa->ntds_guid),
GUID_string(s, &p->dest_dsa->invocation_id)));
- DEBUG(0,("Schema Partition[%s]\n",
- p->forest->schema_dn_str));
+ DEBUG(0,("Pathes under PRIVATEDIR[%s]\n"
+ "SAMDB[%s] SECRETS[%s] KEYTAB[%s]\n",
+ lp_private_dir(s->tctx->lp_ctx),
+ s->path.samdb_ldb,
+ s->path.secrets_ldb,
+ s->path.secrets_keytab));
+
+ DEBUG(0,("Schema Partition[%s => %s]\n",
+ p->forest->schema_dn_str, s->path.schemadn_ldb));
- DEBUG(0,("Config Partition[%s]\n",
- p->forest->config_dn_str));
+ DEBUG(0,("Config Partition[%s => %s]\n",
+ p->forest->config_dn_str, s->path.configdn_ldb));
- DEBUG(0,("Domain Partition[%s]\n",
- p->domain->dn_str));
+ DEBUG(0,("Domain Partition[%s => %s]\n",
+ p->domain->dn_str, s->path.domaindn_ldb));
ejs = talloc_asprintf(s,
"libinclude(\"base.js\");\n"
"var subobj = provision_guess();\n"
"subobj.ROOTDN = \"%s\";\n"
"subobj.DOMAINDN = \"%s\";\n"
- "subobj.DOMAINDN_LDB = \"test_domain.ldb\";\n"
+ "subobj.DOMAINDN_LDB = \"%s\";\n"
"subobj.CONFIGDN = \"%s\";\n"
- "subobj.CONFIGDN_LDB = \"test_config.ldb\";\n"
+ "subobj.CONFIGDN_LDB = \"%s\";\n"
"subobj.SCHEMADN = \"%s\";\n"
- "subobj.SCHEMADN_LDB = \"test_schema.ldb\";\n"
+ "subobj.SCHEMADN_LDB = \"%s\";\n"
"subobj.HOSTNAME = \"%s\";\n"
"subobj.DNSNAME = \"%s\";\n"
"subobj.DEFAULTSITE = \"%s\";\n"
" \"operational\",\n"
" \"objectclass\",\n"
" \"rdn_name\",\n"
+ " \"show_deleted\",\n"
" \"partition\");\n"
"subobj.MODULES_LIST = join(\",\", modules_list);\n"
"subobj.DOMAINDN_MOD = \"pdc_fsmo,password_hash,repl_meta_data\";\n"
"subobj.CONFIGDN_MOD = \"naming_fsmo,repl_meta_data\";\n"
"subobj.SCHEMADN_MOD = \"schema_fsmo,repl_meta_data\";\n"
"\n"
- "subobj.KRBTGTPASS = \"test\";\n"
- "subobj.MACHINEPASS = \"test\";\n"
- "subobj.ADMINPASS = \"test\";\n"
+ "subobj.KRBTGTPASS = \"_NOT_USED_\";\n"
+ "subobj.MACHINEPASS = \"%s\";\n"
+ "subobj.ADMINPASS = \"_NOT_USED_\";\n"
"\n"
"var paths = provision_default_paths(subobj);\n"
"paths.samdb = \"%s\";\n"
"\n"
"var system_session = system_session();\n"
"\n"
- "var ok = provision_become_dc(subobj, message, paths, system_session);\n"
+ "var ok = provision_become_dc(subobj, message, true, paths, system_session);\n"
"assert(ok);\n"
"\n"
"return 0;\n",
p->forest->root_dn_str, /* subobj.ROOTDN */
p->domain->dn_str, /* subobj.DOMAINDN */
+ s->path.domaindn_ldb, /* subobj.DOMAINDN_LDB */
p->forest->config_dn_str, /* subobj.CONFIGDN */
+ s->path.configdn_ldb, /* subobj.CONFIGDN_LDB */
p->forest->schema_dn_str, /* subobj.SCHEMADN */
+ s->path.schemadn_ldb, /* subobj.SCHEMADN_LDB */
p->dest_dsa->netbios_name, /* subobj.HOSTNAME */
p->dest_dsa->dns_name, /* subobj.DNSNAME */
p->dest_dsa->site_name, /* subobj.DEFAULTSITE */
- TORTURE_SAMDB_LDB, /* paths.samdb */
- TORTURE_SECRETS_LDB, /* paths.secrets */
- TORTURE_SECRETS_KEYTAB); /* paths.keytab */
+ cli_credentials_get_password(s->machine_account),/* subobj.MACHINEPASS */
+ s->path.samdb_ldb, /* paths.samdb */
+ s->path.secrets_ldb, /* paths.secrets */
+ s->path.secrets_keytab); /* paths.keytab */
NT_STATUS_HAVE_NO_MEMORY(ejs);
ret = test_run_ejs(ejs);
talloc_free(s->ldb);
- DEBUG(0,("Open the SAM LDB with system credentials: %s\n", TORTURE_SAMDB_LDB));
+ DEBUG(0,("Open the SAM LDB with system credentials: %s\n",
+ s->path.samdb_ldb));
- s->ldb = ldb_wrap_connect(s, TORTURE_SAMDB_LDB,
- system_session(s),
+ s->ldb = ldb_wrap_connect(s, s->tctx->lp_ctx, s->path.samdb_ldb,
+ system_session(s, s->tctx->lp_ctx),
NULL, 0, NULL);
if (!s->ldb) {
DEBUG(0,("Failed to open '%s'\n",
- TORTURE_SAMDB_LDB));
+ s->path.samdb_ldb));
return NT_STATUS_INTERNAL_DB_ERROR;
}
tmp_dns_name = GUID_string(s_dsa->other_info, &s_dsa->source_dsa_obj_guid);
NT_STATUS_HAVE_NO_MEMORY(tmp_dns_name);
- tmp_dns_name = talloc_asprintf_append(tmp_dns_name, "._msdcs.%s", c->forest->dns_name);
+ tmp_dns_name = talloc_asprintf_append_buffer(tmp_dns_name, "._msdcs.%s", c->forest->dns_name);
NT_STATUS_HAVE_NO_MEMORY(tmp_dns_name);
s_dsa->other_info->dns_name = tmp_dns_name;
linked_attributes,
s_dsa,
uptodateness_vector,
+ c->gensec_skey,
s, &objs);
if (!W_ERROR_IS_OK(status)) {
DEBUG(0,("Failed to commit objects: %s\n", win_errstr(status)));
return werror_to_ntstatus(status);
}
- if (lp_parm_bool(-1, "become dc", "dump objects", False)) {
+ if (lp_parm_bool(s->tctx->lp_ctx, NULL, "become dc", "dump objects", false)) {
for (i=0; i < objs->num_objects; i++) {
struct ldb_ldif ldif;
fprintf(stdout, "#\n");
talloc_free(s->ldb); /* this also free's the s->schema, because dsdb_set_schema() steals it */
s->schema = NULL;
- DEBUG(0,("Reopen the SAM LDB with system credentials and a already stored schema: %s\n", TORTURE_SAMDB_LDB));
- s->ldb = ldb_wrap_connect(s, TORTURE_SAMDB_LDB,
- system_session(s),
+ DEBUG(0,("Reopen the SAM LDB with system credentials and a already stored schema: %s\n", s->path.samdb_ldb));
+ s->ldb = ldb_wrap_connect(s, s->tctx->lp_ctx, s->path.samdb_ldb,
+ system_session(s, s->tctx->lp_ctx),
NULL, 0, NULL);
if (!s->ldb) {
DEBUG(0,("Failed to open '%s'\n",
- TORTURE_SAMDB_LDB));
+ s->path.samdb_ldb));
return NT_STATUS_INTERNAL_DB_ERROR;
}
tmp_dns_name = GUID_string(s_dsa->other_info, &s_dsa->source_dsa_obj_guid);
NT_STATUS_HAVE_NO_MEMORY(tmp_dns_name);
- tmp_dns_name = talloc_asprintf_append(tmp_dns_name, "._msdcs.%s", c->forest->dns_name);
+ tmp_dns_name = talloc_asprintf_append_buffer(tmp_dns_name, "._msdcs.%s", c->forest->dns_name);
NT_STATUS_HAVE_NO_MEMORY(tmp_dns_name);
s_dsa->other_info->dns_name = tmp_dns_name;
linked_attributes,
s_dsa,
uptodateness_vector,
+ c->gensec_skey,
s, &objs);
if (!W_ERROR_IS_OK(status)) {
DEBUG(0,("Failed to commit objects: %s\n", win_errstr(status)));
return werror_to_ntstatus(status);
}
- if (lp_parm_bool(-1, "become dc", "dump objects", False)) {
+ if (lp_parm_bool(s->tctx->lp_ctx, NULL, "become dc", "dump objects", false)) {
for (i=0; i < objs->num_objects; i++) {
struct ldb_ldif ldif;
fprintf(stdout, "#\n");
return NT_STATUS_FOOBAR;
}
- if (lp_parm_bool(-1, "become dc", "dump objects", False)) {
+ if (lp_parm_bool(s->tctx->lp_ctx, NULL, "become dc", "dump objects", false)) {
DEBUG(0,("# %s\n", sa->lDAPDisplayName));
NDR_PRINT_DEBUG(drsuapi_DsReplicaLinkedAttribute, &linked_attributes[i]);
dump_data(0,
return NT_STATUS_OK;
}
-static NTSTATUS test_become_dc_domain_chunk(void *private_data,
- const struct libnet_BecomeDC_StoreChunk *c)
-{
- struct test_become_dc_state *s = talloc_get_type(private_data, struct test_become_dc_state);
-
- s->computer_dn = talloc_strdup(s, c->dest_dsa->computer_dn_str);
- NT_STATUS_HAVE_NO_MEMORY(s->computer_dn);
-
- return test_become_dc_store_chunk(private_data, c);
-}
-
-static BOOL test_become_dc_set_test_passwords(struct test_become_dc_state *s)
+bool torture_net_become_dc(struct torture_context *torture)
{
- struct ldb_message *msg;
- int ret;
-
- printf("Set up \"test\" as password for the krbtgt, machine and administrator accounts\n");
-
- /*
- * first krbtgt password
- */
- msg = ldb_msg_new(s);
- if (!msg) return False;
-
- msg->dn = ldb_dn_new_fmt(msg, s->ldb, "CN=krbtgt,CN=Users,%s",
- ldb_dn_get_linearized(samdb_base_dn(s->ldb)));
- if (!msg) return False;
-
- ret = ldb_msg_add_string(msg, "sambaPassword", "test");
- if (ret != LDB_SUCCESS) return False;
-
- ret = samdb_replace(s->ldb, s, msg);
- if (ret != LDB_SUCCESS) {
- printf("failed to replace sambaPassword for '%s': %s\n",
- ldb_dn_get_linearized(msg->dn),
- ldb_strerror(ret));
- return False;
- }
- talloc_free(msg);
-
- /*
- * our machine account password
- */
- msg = ldb_msg_new(s);
- if (!msg) return False;
-
- msg->dn = ldb_dn_new(msg, s->ldb, s->computer_dn);
- if (!msg) return False;
-
- ret = ldb_msg_add_string(msg, "sambaPassword", "test");
- if (ret != LDB_SUCCESS) return False;
-
- ret = samdb_replace(s->ldb, s, msg);
- if (ret != LDB_SUCCESS) {
- printf("failed to replace sambaPassword for '%s': %s\n",
- ldb_dn_get_linearized(msg->dn),
- ldb_strerror(ret));
- return False;
- }
- talloc_free(msg);
-
- /*
- * the Administrator account password
- */
- msg = ldb_msg_new(s);
- if (!msg) return False;
-
- msg->dn = ldb_dn_new_fmt(msg, s->ldb, "CN=Administrator,CN=Users,%s",
- ldb_dn_get_linearized(samdb_base_dn(s->ldb)));
- if (!msg) return False;
-
- ret = ldb_msg_add_string(msg, "sambaPassword", "test");
- if (ret != LDB_SUCCESS) return False;
-
- ret = samdb_replace(s->ldb, s, msg);
- if (ret != LDB_SUCCESS) {
- printf("failed to replace sambaPassword for '%s': %s\n",
- ldb_dn_get_linearized(msg->dn),
- ldb_strerror(ret));
- return False;
- }
- talloc_free(msg);
-
- return True;
-}
-
-BOOL torture_net_become_dc(struct torture_context *torture)
-{
- BOOL ret = True;
+ bool ret = true;
NTSTATUS status;
struct libnet_BecomeDC b;
struct libnet_UnbecomeDC u;
uint32_t i;
s = talloc_zero(torture, struct test_become_dc_state);
- if (!s) return False;
+ if (!s) return false;
+
+ s->tctx = torture;
+
+ s->netbios_name = lp_parm_string(torture->lp_ctx, NULL, "become dc", "smbtorture dc");
+ if (!s->netbios_name || !s->netbios_name[0]) {
+ s->netbios_name = "smbtorturedc";
+ }
+
+ s->path.samdb_ldb = talloc_asprintf(s, "%s_samdb.ldb", s->netbios_name);
+ if (!s->path.samdb_ldb) return false;
+ s->path.domaindn_ldb = talloc_asprintf(s, "%s_domain.ldb", s->netbios_name);
+ if (!s->path.domaindn_ldb) return false;
+ s->path.configdn_ldb = talloc_asprintf(s, "%s_config.ldb", s->netbios_name);
+ if (!s->path.configdn_ldb) return false;
+ s->path.schemadn_ldb = talloc_asprintf(s, "%s_schema.ldb", s->netbios_name);
+ if (!s->path.schemadn_ldb) return false;
+ s->path.secrets_ldb = talloc_asprintf(s, "%s_secrets.ldb", s->netbios_name);
+ if (!s->path.secrets_ldb) return false;
+ s->path.secrets_keytab = talloc_asprintf(s, "%s_secrets.keytab", s->netbios_name);
+ if (!s->path.secrets_keytab) return false;
/* Join domain as a member server. */
- s->tj = torture_join_domain(TORTURE_NETBIOS_NAME,
+ s->tj = torture_join_domain(torture, s->netbios_name,
ACB_WSTRUST,
&s->machine_account);
if (!s->tj) {
DEBUG(0, ("%s failed to join domain as workstation\n",
- TORTURE_NETBIOS_NAME));
- return False;
+ s->netbios_name));
+ return false;
}
- s->ctx = libnet_context_init(event_context_init(s));
+ s->ctx = libnet_context_init(torture->ev, torture->lp_ctx);
s->ctx->cred = cmdline_credentials;
s->ldb = ldb_init(s);
b.in.domain_dns_name = torture_join_dom_dns_name(s->tj);
b.in.domain_netbios_name = torture_join_dom_netbios_name(s->tj);
b.in.domain_sid = torture_join_sid(s->tj);
- b.in.source_dsa_address = lp_parm_string(-1, "torture", "host");
- b.in.dest_dsa_netbios_name = TORTURE_NETBIOS_NAME;
+ b.in.source_dsa_address = torture_setting_string(torture, "host", NULL);
+ b.in.dest_dsa_netbios_name = s->netbios_name;
b.in.callbacks.private_data = s;
b.in.callbacks.check_options = test_become_dc_check_options;
b.in.callbacks.prepare_db = test_become_dc_prepare_db;
b.in.callbacks.schema_chunk = test_become_dc_schema_chunk;
b.in.callbacks.config_chunk = test_become_dc_store_chunk;
- b.in.callbacks.domain_chunk = test_become_dc_domain_chunk;
+ b.in.callbacks.domain_chunk = test_become_dc_store_chunk;
status = libnet_BecomeDC(s->ctx, s, &b);
if (!NT_STATUS_IS_OK(status)) {
printf("libnet_BecomeDC() failed - %s\n", nt_errstr(status));
- ret = False;
+ ret = false;
goto cleanup;
}
msg = ldb_msg_new(s);
if (!msg) {
printf("ldb_msg_new() failed\n");
- ret = False;
+ ret = false;
goto cleanup;
}
- msg->dn = ldb_dn_new(msg, s->ldb, "cn=ROOTDSE");
+ msg->dn = ldb_dn_new(msg, s->ldb, "@ROOTDSE");
if (!msg->dn) {
- printf("ldb_msg_new(cn=ROOTDSE) failed\n");
- ret = False;
+ printf("ldb_msg_new(@ROOTDSE) failed\n");
+ ret = false;
goto cleanup;
}
ldb_ret = ldb_msg_add_string(msg, "isSynchronized", "TRUE");
if (ldb_ret != LDB_SUCCESS) {
printf("ldb_msg_add_string(msg, isSynchronized, TRUE) failed: %d\n", ldb_ret);
- ret = False;
+ ret = false;
goto cleanup;
}
ldb_ret = ldb_modify(s->ldb, msg);
if (ldb_ret != LDB_SUCCESS) {
printf("ldb_modify() failed: %d\n", ldb_ret);
- ret = False;
+ ret = false;
goto cleanup;
}
talloc_free(s->ldb); /* this also free's the s->schema, because dsdb_set_schema() steals it */
s->schema = NULL;
- DEBUG(0,("Reopen the SAM LDB with system credentials and all replicated data: %s\n", TORTURE_SAMDB_LDB));
- s->ldb = ldb_wrap_connect(s, TORTURE_SAMDB_LDB,
- system_session(s),
+ DEBUG(0,("Reopen the SAM LDB with system credentials and all replicated data: %s\n", s->path.samdb_ldb));
+ s->ldb = ldb_wrap_connect(s, torture->lp_ctx, s->path.samdb_ldb,
+ system_session(s, torture->lp_ctx),
NULL, 0, NULL);
if (!s->ldb) {
DEBUG(0,("Failed to open '%s'\n",
- TORTURE_SAMDB_LDB));
- ret = False;
+ s->path.samdb_ldb));
+ ret = false;
goto cleanup;
}
s->schema = dsdb_get_schema(s->ldb);
if (!s->schema) {
DEBUG(0,("Failed to get loaded dsdb_schema\n"));
- ret = False;
+ ret = false;
goto cleanup;
}
- ret &= test_become_dc_set_test_passwords(s);
+ if (lp_parm_bool(torture->lp_ctx, NULL, "become dc", "do not unjoin", false)) {
+ talloc_free(s);
+ return ret;
+ }
cleanup:
ZERO_STRUCT(u);
u.in.domain_dns_name = torture_join_dom_dns_name(s->tj);
u.in.domain_netbios_name = torture_join_dom_netbios_name(s->tj);
- u.in.source_dsa_address = lp_parm_string(-1, "torture", "host");
- u.in.dest_dsa_netbios_name = TORTURE_NETBIOS_NAME;
+ u.in.source_dsa_address = torture_setting_string(torture, "host", NULL);
+ u.in.dest_dsa_netbios_name = s->netbios_name;
status = libnet_UnbecomeDC(s->ctx, s, &u);
if (!NT_STATUS_IS_OK(status)) {
printf("libnet_UnbecomeDC() failed - %s\n", nt_errstr(status));
- ret = False;
+ ret = false;
}
/* Leave domain. */