From 423f68f1107d28263ffcecda09f7d2242387f897 Mon Sep 17 00:00:00 2001 From: Arvid Requate Date: Tue, 20 Jun 2017 20:05:17 +0200 Subject: [PATCH 1/3] s4:torture/ldap: Test netlogon without NtVer BUG: https://bugzilla.samba.org/show_bug.cgi?id=11392 Signed-off-by: Arvid Requate Reviewed-by: Douglas Bagnall Reviewed-by: Andrew Bartlett (cherry picked from commit 22a94b728bd5d513b2002b62c129271d2210ed73) --- selftest/knownfail.d/huawei | 1 + source4/torture/ldap/netlogon.c | 48 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 49 insertions(+) create mode 100644 selftest/knownfail.d/huawei diff --git a/selftest/knownfail.d/huawei b/selftest/knownfail.d/huawei new file mode 100644 index 00000000000..cbeaf68a247 --- /dev/null +++ b/selftest/knownfail.d/huawei @@ -0,0 +1 @@ +samba4.ldap.netlogon-udp.netlogon-udp\(ad_dc_ntvfs\) diff --git a/source4/torture/ldap/netlogon.c b/source4/torture/ldap/netlogon.c index 1b43ea7e595..5ee69033bd4 100644 --- a/source4/torture/ldap/netlogon.c +++ b/source4/torture/ldap/netlogon.c @@ -541,6 +541,53 @@ static bool test_netlogon_extra_attrs(struct torture_context *tctx, return true; } +/* + Bug #11392: Huawei Unified Storage System S5500 V3 sends no NtVer + [MS-ADTS] Section 7.3.3.2 "Domain Controller Response to an LDAP Ping" +*/ +static bool test_netlogon_huawei(struct torture_context *tctx, + request_rootdse_t request_rootdse, + void *conn) +{ + struct cldap_search io; + struct netlogon_samlogon_response n1; + NTSTATUS status; + const char *attrs[] = { + "netlogon", + NULL + }; + struct ldb_message ldbmsg = { NULL, 0, NULL }; + + ZERO_STRUCT(io); + io.in.dest_address = NULL; + io.in.dest_port = 0; + io.in.timeout = 2; + io.in.retries = 2; + + torture_comment(tctx, "Requesting netlogon without NtVer filter\n"); + io.in.filter = talloc_asprintf(tctx, "(&(DnsDomain=%s))", + lpcfg_dnsdomain(tctx->lp_ctx)); + torture_assert(tctx, io.in.filter != NULL, "OOM"); + io.in.attributes = attrs; + status = request_rootdse(conn, tctx, &io); + CHECK_STATUS(status, NT_STATUS_OK); + torture_assert(tctx, io.out.response != NULL, "No Entries found."); + CHECK_VAL(io.out.response->num_attributes, 1); + + ldbmsg.num_elements = io.out.response->num_attributes; + ldbmsg.elements = io.out.response->attributes; + torture_assert(tctx, ldb_msg_find_element(&ldbmsg, "netlogon") != NULL, + "Attribute netlogon not found in Result Entry\n"); + + status = pull_netlogon_samlogon_response( + io.out.response->attributes[0].values, + tctx, + &n1); + CHECK_STATUS(status, NT_STATUS_OK); + CHECK_VAL(n1.ntver, NETLOGON_NT_VERSION_1); + + return true; +} bool torture_netlogon_tcp(struct torture_context *tctx) { @@ -609,6 +656,7 @@ bool torture_netlogon_udp(struct torture_context *tctx) ret &= test_ldap_netlogon(tctx, udp_ldap_netlogon, cldap, host); ret &= test_ldap_netlogon_flags(tctx, udp_ldap_netlogon, cldap, host); ret &= test_netlogon_extra_attrs(tctx, udp_ldap_rootdse, cldap); + ret &= test_netlogon_huawei(tctx, udp_ldap_rootdse, cldap); return ret; } -- 2.11.0 From d05b5907c03e1277c1853cad6c73f82ac36fb43c Mon Sep 17 00:00:00 2001 From: Arvid Requate Date: Thu, 22 Jun 2017 13:37:13 +0200 Subject: [PATCH 2/3] s4-dsdb/netlogon: allow missing ntver in cldap ping BUG: https://bugzilla.samba.org/show_bug.cgi?id=11392 Signed-off-by: Arvid Requate Reviewed-by: Douglas Bagnall Reviewed-by: Andrew Bartlett (cherry picked from commit 88db634ed84647e5105c4b4fdf37d5892bebfd8d) --- selftest/knownfail.d/huawei | 1 - source4/dsdb/samdb/ldb_modules/netlogon.c | 6 +----- 2 files changed, 1 insertion(+), 6 deletions(-) delete mode 100644 selftest/knownfail.d/huawei diff --git a/selftest/knownfail.d/huawei b/selftest/knownfail.d/huawei deleted file mode 100644 index cbeaf68a247..00000000000 --- a/selftest/knownfail.d/huawei +++ /dev/null @@ -1 +0,0 @@ -samba4.ldap.netlogon-udp.netlogon-udp\(ad_dc_ntvfs\) diff --git a/source4/dsdb/samdb/ldb_modules/netlogon.c b/source4/dsdb/samdb/ldb_modules/netlogon.c index c5f194dc4dc..f7ba2ac041c 100644 --- a/source4/dsdb/samdb/ldb_modules/netlogon.c +++ b/source4/dsdb/samdb/ldb_modules/netlogon.c @@ -425,7 +425,7 @@ NTSTATUS parse_netlogon_request(struct ldb_parse_tree *tree, *domain_guid = NULL; *domain_sid = NULL; *acct_control = -1; - *version = -1; + *version = 0; if (tree->operation != LDB_OP_AND) goto failed; @@ -486,10 +486,6 @@ NTSTATUS parse_netlogon_request(struct ldb_parse_tree *tree, *domain = lpcfg_dnsdomain(lp_ctx); } - if (*version == -1) { - goto failed; - } - return NT_STATUS_OK; failed: -- 2.11.0 From 854891faeaf33e177252c7832c6923192aaec954 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 25 Jul 2017 14:26:45 +1200 Subject: [PATCH 3/3] s4-cldap/netlogon: Match Windows 2012R2 and return NETLOGON_NT_VERSION_5 when version unspecified The previous patch set this incorrectly to NETLOGON_NT_VERSION_1 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11392 Signed-off-by: Andrew Bartlett Reviewed-by: Douglas Bagnall (cherry picked from commit 0554bc237f1b84d672d36781bead8b2c33f2e5a4) --- source4/dsdb/samdb/ldb_modules/netlogon.c | 2 +- source4/torture/ldap/netlogon.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/source4/dsdb/samdb/ldb_modules/netlogon.c b/source4/dsdb/samdb/ldb_modules/netlogon.c index f7ba2ac041c..80599b8a2a0 100644 --- a/source4/dsdb/samdb/ldb_modules/netlogon.c +++ b/source4/dsdb/samdb/ldb_modules/netlogon.c @@ -425,7 +425,7 @@ NTSTATUS parse_netlogon_request(struct ldb_parse_tree *tree, *domain_guid = NULL; *domain_sid = NULL; *acct_control = -1; - *version = 0; + *version = NETLOGON_NT_VERSION_5; if (tree->operation != LDB_OP_AND) goto failed; diff --git a/source4/torture/ldap/netlogon.c b/source4/torture/ldap/netlogon.c index 5ee69033bd4..d61d373d64f 100644 --- a/source4/torture/ldap/netlogon.c +++ b/source4/torture/ldap/netlogon.c @@ -584,7 +584,7 @@ static bool test_netlogon_huawei(struct torture_context *tctx, tctx, &n1); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_VAL(n1.ntver, NETLOGON_NT_VERSION_1); + CHECK_VAL(n1.ntver, NETLOGON_NT_VERSION_5); return true; } -- 2.11.0