The branch, v4-0-test has been updated
via a7bfa1fb1bc6fb8e412990b7ff4c3ce9bc55099d (commit)
via af85aad8147b85a0b9ea2ccc66b8f04efdfe5cf3 (commit)
from 1f5704e2dee5900e8d1d87699b76f67c0e12854e (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test
- Log -----------------------------------------------------------------
commit a7bfa1fb1bc6fb8e412990b7ff4c3ce9bc55099d
Author: Michael Adam <[EMAIL PROTECTED]>
Date: Wed Jul 23 16:23:31 2008 +0200
libnet_become_dc: send msDS_Behavior_Version == 3 (win2k8) in DsAddEntry
instead of version 2 (win2k3).
This makes the NET-API-BECOME-DC test work against windows 2003 and 2008.
Michael
commit af85aad8147b85a0b9ea2ccc66b8f04efdfe5cf3
Author: Michael Adam <[EMAIL PROTECTED]>
Date: Wed Jul 23 17:54:25 2008 +0200
libnet_become_cd: add boolean option "become_dc:force krb5" to control krb5
auth.
This allows controlling whether krb5 auth is forced for the rpc bind in
libnet_become_dc. It defaults to "yes". For Windows 2000, DsGetNCChanges
only krb5 auth works due to a bug in Windows (it returns garbage - a
positive object count is returned along with first object == NULL).
For Windows 2008, on the other hand, krb5 auth does not work currently
due to the lack of support for AES keys. (Metze is working on that.)
Michael
-----------------------------------------------------------------------
Summary of changes:
source/dsdb/common/flags.h | 1 +
source/libnet/libnet_become_dc.c | 30 +++++++++++++++++++-----------
2 files changed, 20 insertions(+), 11 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/dsdb/common/flags.h b/source/dsdb/common/flags.h
index 3611141..e8802fd 100644
--- a/source/dsdb/common/flags.h
+++ b/source/dsdb/common/flags.h
@@ -122,3 +122,4 @@
#define DS_BEHAVIOR_WIN2000 0
#define DS_BEHAVIOR_WIN2003_INTERIM 1
#define DS_BEHAVIOR_WIN2003 2
+#define DS_BEHAVIOR_WIN2008 3
diff --git a/source/libnet/libnet_become_dc.c b/source/libnet/libnet_become_dc.c
index 6a13974..1ce067c 100644
--- a/source/libnet/libnet_become_dc.c
+++ b/source/libnet/libnet_become_dc.c
@@ -1516,22 +1516,30 @@ static void becomeDC_drsuapi_connect_send(struct
libnet_BecomeDC_state *s,
drsuapi->s = s;
if (!drsuapi->binding) {
+ char *krb5_str = "";
+ char *print_str = "";
/*
- * Note: It's important to pass 'krb5' as auth_type here
- * otherwise the replication will not work with
- * Windows 2000. If NTLMSSP is used Windows 2000
- * returns garbage in the DsGetNCChanges() response
+ * Note: Replication only works with Windows 2000 when 'krb5' is
+ * passed as auth_type here. If NTLMSSP is used, Windows
+ * 2000 returns garbage in the DsGetNCChanges() response
* if encrypted password attributes would be in the
response.
* That means the replication of the schema and
configuration
* partition works fine, but it fails for the domain
partition.
*/
- if (lp_parm_bool(s->libnet->lp_ctx, NULL, "become_dc", "print",
false)) {
- binding_str = talloc_asprintf(s,
"ncacn_ip_tcp:%s[krb5,print,seal]", s->source_dsa.dns_name);
- if (composite_nomem(binding_str, c)) return;
- } else {
- binding_str = talloc_asprintf(s,
"ncacn_ip_tcp:%s[krb5,seal]", s->source_dsa.dns_name);
- if (composite_nomem(binding_str, c)) return;
+ if (lp_parm_bool(s->libnet->lp_ctx, NULL, "become_dc",
+ "force krb5", true))
+ {
+ krb5_str = "krb5,";
}
+ if (lp_parm_bool(s->libnet->lp_ctx, NULL, "become_dc",
+ "print", false))
+ {
+ print_str = "print,";
+ }
+ binding_str = talloc_asprintf(s, "ncacn_ip_tcp:%s[%s%sseal]",
+ s->source_dsa.dns_name,
+ krb5_str, print_str);
+ if (composite_nomem(binding_str, c)) return;
c->status = dcerpc_parse_binding(s, binding_str,
&drsuapi->binding);
talloc_free(binding_str);
if (!composite_is_ok(c)) return;
@@ -2096,7 +2104,7 @@ static void becomeDC_drsuapi1_add_entry_send(struct
libnet_BecomeDC_state *s)
vd[0] = data_blob_talloc(vd, NULL, 4);
if (composite_nomem(vd[0].data, c)) return;
- SIVAL(vd[0].data, 0, DS_BEHAVIOR_WIN2003);
+ SIVAL(vd[0].data, 0, DS_BEHAVIOR_WIN2008);
vs[0].blob = &vd[0];
--
Samba Shared Repository
