[SCM] Samba Shared Repository - branch master updated
Andrew Tridgell
tridge at samba.org
Thu Sep 9 06:39:24 MDT 2010
The branch, master has been updated
via 3d420ea s4-rodc: cope with missing searchFlags
via b2ea0ca s4-dsdb Change debug levels for startup messages
via 22d5a96 s4-setup Make krb5.conf use DNS by default
via 977db51 s4-test: added a RODC test using rpcecho
via 6bfe8b74 s4-test: added a RODC to our testing
via b9c0b59 s4-rodc: get the domain name from the partitions DN
via c95c386 pyldb: expose PyLdbDn_FromDn()
via c44bdbc s4-provision: fixed error format string
via 54e86d8 s4-pydsdb: expose samdb_partitions_dn() as get_partitions_dn() in python
via 650dcda s4-rodc: s->schema need initialisation
from a4d23ed lib/util: remove some unused_result warnings.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 3d420ea2bb3259525a50964bf70b1956cf62d4c1
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Sep 9 21:38:01 2010 +1000
s4-rodc: cope with missing searchFlags
this can be missing after the schema tests
commit b2ea0ca3d6280902135942f61cd3f28daecf77c1
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Sep 9 15:20:48 2010 +1000
s4-dsdb Change debug levels for startup messages
We should make the 'common' error not show up, but the unusal case fatal.
Andrew Bartlett
commit 22d5a9655042a09a425954d5ec54af55fb6111a4
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Sep 9 14:58:06 2010 +1000
s4-setup Make krb5.conf use DNS by default
We set up our DNS pretty well these days, and I think the previous setting
was only there because Andrew Kroeger copied this out of our selftest code
in bf3f3af92677bce8f03b0dd2be552d6c8c730ca1.
Andrew Bartlett
commit 977db514b3c615393182154b4273beeb4ad911fe
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Sep 9 18:06:33 2010 +1000
s4-test: added a RODC test using rpcecho
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit 6bfe8b74aa751fbd48f1f9c60a5617e81e3b304e
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Sep 9 18:02:31 2010 +1000
s4-test: added a RODC to our testing
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit b9c0b59034726f1114fb8696a3be012b6fd3a622
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Sep 9 18:02:08 2010 +1000
s4-rodc: get the domain name from the partitions DN
don't rely on the netbios domain name being the first part of the
realm
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit c95c3863dfec8e0160ff3bb217c6922666feed05
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Sep 9 17:59:40 2010 +1000
pyldb: expose PyLdbDn_FromDn()
This is needed by the dsdb python interface
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit c44bdbc01d53efcccb725600764b981216b1ff10
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Sep 9 17:35:14 2010 +1000
s4-provision: fixed error format string
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit 54e86d881d2955bae49bd87fe08e74bbfc86fd0e
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Sep 9 17:34:55 2010 +1000
s4-pydsdb: expose samdb_partitions_dn() as get_partitions_dn() in python
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit 650dcda2a2c59657b11052ebef622c351c4db477
Author: Andrew Tridgell <tridge at samba.org>
Date: Tue Sep 7 15:25:45 2010 +1000
s4-rodc: s->schema need initialisation
this fixes a segfault in net rodc preload
-----------------------------------------------------------------------
Summary of changes:
selftest/target/Samba4.pm | 90 +++++++++++++++++++++++++
source4/dsdb/pydsdb.c | 30 ++++++++
source4/dsdb/samdb/ldb_modules/naming_fsmo.c | 10 ++--
source4/dsdb/samdb/ldb_modules/pdc_fsmo.c | 10 ++--
source4/lib/ldb/pyldb.c | 18 -----
source4/lib/ldb/pyldb_util.c | 29 ++++++++
source4/libnet/libnet_vampire.c | 1 +
source4/scripting/python/samba/drs_utils.py | 7 +-
source4/scripting/python/samba/join.py | 14 ++--
source4/scripting/python/samba/netcmd/join.py | 2 +-
source4/scripting/python/samba/provision.py | 2 +-
source4/scripting/python/samba/samdb.py | 3 +
source4/selftest/tests.sh | 3 +
source4/setup/krb5.conf | 4 +-
14 files changed, 182 insertions(+), 41 deletions(-)
Changeset truncated at 500 lines:
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index ad474b8..b581901 100644
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -1065,6 +1065,75 @@ sub provision_fl2008r2dc($$)
return $ret;
}
+
+sub provision_rodc($$$)
+{
+ my ($self, $prefix, $dcvars) = @_;
+ print "PROVISIONING RODC...";
+
+ # We do this so that we don't run the provision. That's the job of 'net join RODC'.
+ my $ctx = $self->provision_raw_prepare($prefix, "domain controller",
+ "rodc",
+ "dc8",
+ "SAMBADOMAIN",
+ "samba.example.com",
+ "2008",
+ 8, $dcvars->{PASSWORD},
+ $dcvars->{SERVER_IP});
+
+ $ctx->{tmpdir} = "$ctx->{prefix_abs}/tmp";
+ push(@{$ctx->{directories}}, "$ctx->{tmpdir}");
+
+ $ctx->{smb_conf_extra_options} = "
+ max xmit = 32K
+ server max protocol = SMB2
+
+[sysvol]
+ path = $ctx->{lockdir}/sysvol
+ read only = yes
+
+[netlogon]
+ path = $ctx->{lockdir}/sysvol/$ctx->{dnsname}/scripts
+ read only = yes
+
+[tmp]
+ path = $ctx->{tmpdir}
+ read only = no
+ posix:sharedelay = 10000
+ posix:oplocktimeout = 3
+ posix:writetimeupdatedelay = 500000
+
+";
+
+ my $ret = $self->provision_raw_step1($ctx);
+
+ $ret or die("Unable to prepare test env");
+
+ my $net = $self->bindir_path("net");
+ my $cmd = "";
+ $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
+ $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
+ $cmd .= "$net join $ret->{CONFIGURATION} $dcvars->{DOMAIN} RODC";
+ $cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}";
+ $cmd .= " --server=$dcvars->{DC_SERVER}";
+
+ system($cmd) == 0 or die("RODC join failed\n$cmd");
+
+ $ret->{RODC_DC_SERVER} = $ret->{SERVER};
+ $ret->{RODC_DC_SERVER_IP} = $ret->{SERVER_IP};
+ $ret->{RODC_DC_NETBIOSNAME} = $ret->{NETBIOSNAME};
+ $ret->{RODC_DC_NETBIOSALIAS} = $ret->{NETBIOSALIAS};
+
+ $ret->{DC_SERVER} = $dcvars->{DC_SERVER};
+ $ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP};
+ $ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME};
+ $ret->{DC_NETBIOSALIAS} = $dcvars->{DC_NETBIOSALIAS};
+ $ret->{DC_USERNAME} = $dcvars->{DC_USERNAME};
+ $ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD};
+
+ return $ret;
+}
+
sub teardown_env($$)
{
my ($self, $envvars) = @_;
@@ -1157,6 +1226,11 @@ sub setup_env($$$)
$self->setup_dc("$path/dc");
}
return $self->setup_member("$path/member", $self->{vars}->{dc});
+ } elsif ($envname eq "rodc") {
+ if (not defined($self->{vars}->{dc})) {
+ $self->setup_dc("$path/dc");
+ }
+ return $self->setup_rodc("$path/rodc", $self->{vars}->{dc});
} elsif ($envname eq "all") {
if (not defined($self->{vars}->{dc})) {
$self->setup_dc("$path/dc");
@@ -1342,4 +1416,20 @@ sub setup_vampire_dc($$$)
return $env;
}
+sub setup_rodc($$$)
+{
+ my ($self, $path, $dc_vars) = @_;
+
+ my $env = $self->provision_rodc($path, $dc_vars);
+
+ $self->check_or_start($env,
+ ($ENV{SMBD_MAXTIME} or 7500));
+
+ $self->wait_for_start($env);
+
+ $self->{vars}->{rodc} = $env;
+
+ return $env;
+}
+
1;
diff --git a/source4/dsdb/pydsdb.c b/source4/dsdb/pydsdb.c
index ecf89b1..5ba69d7 100644
--- a/source4/dsdb/pydsdb.c
+++ b/source4/dsdb/pydsdb.c
@@ -505,6 +505,35 @@ static PyObject *py_dsdb_write_prefixes_from_schema_to_ldb(PyObject *self, PyObj
}
+static PyObject *py_dsdb_get_partitions_dn(PyObject *self, PyObject *args)
+{
+ struct ldb_context *ldb;
+ struct ldb_dn *dn;
+ PyObject *py_ldb, *ret;
+ TALLOC_CTX *tmp_ctx;
+ PyObject *mod;
+
+ mod = PyImport_ImportModule("ldb");
+
+ if (!PyArg_ParseTuple(args, "O", &py_ldb))
+ return NULL;
+
+ PyErr_LDB_OR_RAISE(py_ldb, ldb);
+
+ tmp_ctx = talloc_new(NULL);
+
+ dn = samdb_partitions_dn(ldb, tmp_ctx);
+
+ if (dn == NULL) {
+ talloc_free(tmp_ctx);
+ Py_RETURN_NONE;
+ }
+ ret = PyLdbDn_FromDn(dn);
+ talloc_free(tmp_ctx);
+ return ret;
+}
+
+
static PyMethodDef py_dsdb_methods[] = {
{ "_samdb_server_site_name", (PyCFunction)py_samdb_server_site_name,
@@ -550,6 +579,7 @@ static PyMethodDef py_dsdb_methods[] = {
NULL },
{ "_dsdb_write_prefixes_from_schema_to_ldb", (PyCFunction)py_dsdb_write_prefixes_from_schema_to_ldb, METH_VARARGS,
NULL },
+ { "_dsdb_get_partitions_dn", (PyCFunction)py_dsdb_get_partitions_dn, METH_VARARGS, NULL },
{ NULL }
};
diff --git a/source4/dsdb/samdb/ldb_modules/naming_fsmo.c b/source4/dsdb/samdb/ldb_modules/naming_fsmo.c
index 3f4c892..3e45c2e 100644
--- a/source4/dsdb/samdb/ldb_modules/naming_fsmo.c
+++ b/source4/dsdb/samdb/ldb_modules/naming_fsmo.c
@@ -52,10 +52,10 @@ static int naming_fsmo_init(struct ldb_module *module)
naming_dn = samdb_partitions_dn(ldb, mem_ctx);
if (!naming_dn) {
- ldb_debug(ldb, LDB_DEBUG_WARNING,
- "naming_fsmo_init: no partitions dn present: (skip loading of naming contexts details)\n");
+ ldb_debug_set(ldb, LDB_DEBUG_FATAL,
+ "naming_fsmo_init: unable to determine partitions dn");
talloc_free(mem_ctx);
- return ldb_next_init(module);
+ return LDB_ERR_OPERATIONS_ERROR;
}
naming_fsmo = talloc_zero(mem_ctx, struct dsdb_naming_fsmo);
@@ -69,8 +69,8 @@ static int naming_fsmo_init(struct ldb_module *module)
naming_attrs,
DSDB_FLAG_NEXT_MODULE);
if (ret == LDB_ERR_NO_SUCH_OBJECT) {
- ldb_debug(ldb, LDB_DEBUG_WARNING,
- "naming_fsmo_init: no partitions dn present: (skip loading of naming contexts details)\n");
+ ldb_debug(ldb, LDB_DEBUG_TRACE,
+ "naming_fsmo_init: no partitions dn present: (skip loading of naming contexts details)");
talloc_free(mem_ctx);
return ldb_next_init(module);
}
diff --git a/source4/dsdb/samdb/ldb_modules/pdc_fsmo.c b/source4/dsdb/samdb/ldb_modules/pdc_fsmo.c
index 9bf49da..d5ff1dc 100644
--- a/source4/dsdb/samdb/ldb_modules/pdc_fsmo.c
+++ b/source4/dsdb/samdb/ldb_modules/pdc_fsmo.c
@@ -51,10 +51,10 @@ static int pdc_fsmo_init(struct ldb_module *module)
pdc_dn = ldb_get_default_basedn(ldb);
if (!pdc_dn) {
- ldb_debug(ldb, LDB_DEBUG_WARNING,
- "pdc_fsmo_init: no domain dn present: (skip loading of domain details)\n");
+ ldb_debug_set(ldb, LDB_DEBUG_FATAL,
+ "pdc_fsmo_init: could not determine default basedn");
talloc_free(mem_ctx);
- return ldb_next_init(module);
+ return LDB_ERR_OPERATIONS_ERROR;
}
pdc_fsmo = talloc_zero(mem_ctx, struct dsdb_pdc_fsmo);
@@ -68,8 +68,8 @@ static int pdc_fsmo_init(struct ldb_module *module)
pdc_attrs,
DSDB_FLAG_NEXT_MODULE);
if (ret == LDB_ERR_NO_SUCH_OBJECT) {
- ldb_debug(ldb, LDB_DEBUG_WARNING,
- "pdc_fsmo_init: no domain object present: (skip loading of domain details)\n");
+ ldb_debug(ldb, LDB_DEBUG_TRACE,
+ "pdc_fsmo_init: no domain object present: (skip loading of domain details)");
talloc_free(mem_ctx);
return ldb_next_init(module);
} else if (ret != LDB_SUCCESS) {
diff --git a/source4/lib/ldb/pyldb.c b/source4/lib/ldb/pyldb.c
index b60f4fc..57407ba 100644
--- a/source4/lib/ldb/pyldb.c
+++ b/source4/lib/ldb/pyldb.c
@@ -357,24 +357,6 @@ static PyObject *py_ldb_dn_new(PyTypeObject *type, PyObject *args, PyObject *kwa
return (PyObject *)py_ret;
}
-PyObject *PyLdbDn_FromDn(struct ldb_dn *dn)
-{
- PyLdbDnObject *py_ret;
-
- if (dn == NULL) {
- Py_RETURN_NONE;
- }
-
- py_ret = (PyLdbDnObject *)PyLdbDn.tp_alloc(&PyLdbDn, 0);
- if (py_ret == NULL) {
- PyErr_NoMemory();
- return NULL;
- }
- py_ret->mem_ctx = talloc_new(NULL);
- py_ret->dn = talloc_reference(py_ret->mem_ctx, dn);
- return (PyObject *)py_ret;
-}
-
static void py_ldb_dn_dealloc(PyLdbDnObject *self)
{
talloc_free(self->mem_ctx);
diff --git a/source4/lib/ldb/pyldb_util.c b/source4/lib/ldb/pyldb_util.c
index 41bcb55..170c291 100644
--- a/source4/lib/ldb/pyldb_util.c
+++ b/source4/lib/ldb/pyldb_util.c
@@ -79,3 +79,32 @@ bool PyObject_AsDn(TALLOC_CTX *mem_ctx, PyObject *object,
PyErr_SetString(PyExc_TypeError, "Expected DN");
return false;
}
+
+PyObject *PyLdbDn_FromDn(struct ldb_dn *dn)
+{
+ PyLdbDnObject *py_ret;
+ PyTypeObject *PyLdb_Dn_Type;
+
+ if (dn == NULL) {
+ Py_RETURN_NONE;
+ }
+
+ if (ldb_module == NULL) {
+ ldb_module = PyImport_ImportModule("ldb");
+ if (ldb_module == NULL)
+ return NULL;
+ }
+
+ PyLdb_Dn_Type = (PyTypeObject *)PyObject_GetAttrString(ldb_module, "Dn");
+ if (PyLdb_Dn_Type == NULL)
+ return NULL;
+
+ py_ret = (PyLdbDnObject *)PyLdb_Dn_Type->tp_alloc(PyLdb_Dn_Type, 0);
+ if (py_ret == NULL) {
+ PyErr_NoMemory();
+ return NULL;
+ }
+ py_ret->mem_ctx = talloc_new(NULL);
+ py_ret->dn = talloc_reference(py_ret->mem_ctx, dn);
+ return (PyObject *)py_ret;
+}
diff --git a/source4/libnet/libnet_vampire.c b/source4/libnet/libnet_vampire.c
index 955aa32..950698d 100644
--- a/source4/libnet/libnet_vampire.c
+++ b/source4/libnet/libnet_vampire.c
@@ -105,6 +105,7 @@ void *libnet_vampire_replicate_init(TALLOC_CTX *mem_ctx,
s->ldb = samdb;
s->lp_ctx = lp_ctx;
s->provision_schema = dsdb_get_schema(s->ldb, s);
+ s->schema = s->provision_schema;
return s;
}
diff --git a/source4/scripting/python/samba/drs_utils.py b/source4/scripting/python/samba/drs_utils.py
index 7b22a84..854608a 100644
--- a/source4/scripting/python/samba/drs_utils.py
+++ b/source4/scripting/python/samba/drs_utils.py
@@ -94,9 +94,10 @@ class drs_Replicate():
if (int(system_flags) & (samba.dsdb.DS_FLAG_ATTR_NOT_REPLICATED |
samba.dsdb.DS_FLAG_ATTR_IS_CONSTRUCTED)):
continue
- search_flags = r["searchFlags"][0]
- if (int(search_flags) & samba.dsdb.SEARCH_FLAG_RODC_ATTRIBUTE):
- continue
+ if "searchFlags" in r:
+ search_flags = r["searchFlags"][0]
+ if (int(search_flags) & samba.dsdb.SEARCH_FLAG_RODC_ATTRIBUTE):
+ continue
attid = self.samdb.get_attid_from_lDAPDisplayName(ldap_display_name)
attids.append(int(attid))
diff --git a/source4/scripting/python/samba/join.py b/source4/scripting/python/samba/join.py
index b0feee3..ecc225a 100644
--- a/source4/scripting/python/samba/join.py
+++ b/source4/scripting/python/samba/join.py
@@ -40,7 +40,7 @@ class join_ctx:
pass
def join_rodc(server=None, creds=None, lp=None, site=None, netbios_name=None,
- targetdir=None):
+ targetdir=None, domain=None):
"""join as a RODC"""
if server is None:
@@ -77,16 +77,18 @@ def join_rodc(server=None, creds=None, lp=None, site=None, netbios_name=None,
res = samdb.search(base="", scope=ldb.SCOPE_BASE, attrs=["dnsHostName"])
return res[0]["dnsHostName"][0]
+ def get_domain_name(samdb):
+ '''get netbios name of the domain from the partitions record'''
+ partitions_dn = samdb.get_partitions_dn()
+ res = samdb.search(base=partitions_dn, scope=ldb.SCOPE_ONELEVEL, attrs=["nETBIOSName"],
+ expression='ncName=%s' % samdb.get_default_basedn())
+ return res[0]["nETBIOSName"][0]
+
def get_mysid(samdb):
res = samdb.search(base="", scope=ldb.SCOPE_BASE, attrs=["tokenGroups"])
binsid = res[0]["tokenGroups"][0]
return samdb.schema_format_value("objectSID", binsid)
- def get_domain_name(samdb):
- # this should be done via CLDAP
- res = samdb.search(base=samdb.get_default_basedn(), scope=ldb.SCOPE_BASE, attrs=["name"])
- return res[0]["name"][0]
-
def join_add_objects(ctx):
'''add the various objects needed for the join'''
print "Adding %s" % ctx.acct_dn
diff --git a/source4/scripting/python/samba/netcmd/join.py b/source4/scripting/python/samba/netcmd/join.py
index 34fd5de..ec8cd11 100644
--- a/source4/scripting/python/samba/netcmd/join.py
+++ b/source4/scripting/python/samba/netcmd/join.py
@@ -64,7 +64,7 @@ class cmd_join(Command):
elif role == "MEMBER":
secure_channel_type = SEC_CHAN_WKSTA
elif role == "RODC":
- join_rodc(server=server, creds=creds, lp=lp,
+ join_rodc(server=server, creds=creds, lp=lp, domain=domain,
site=site, netbios_name=netbios_name)
return
else:
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index 92cb6f4..59787da 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -466,7 +466,7 @@ def guess_names(lp=None, hostname=None, domain=None, dnsdomain=None,
domain = domain.upper()
if lp.get("workgroup").upper() != domain:
- raise ProvisioningError("guess_names: Workgroup '%s' in %s must match chosen domain '%s'! Please remove the %s file and let provision generate it" % (lp.get("workgroup").upper(), domain, lp.configfile))
+ raise ProvisioningError("guess_names: Workgroup '%s' in smb.conf must match chosen domain '%s'! Please remove the %s file and let provision generate it" % (lp.get("workgroup").upper(), domain, lp.configfile))
if domaindn is None:
domaindn = "DC=" + dnsdomain.replace(".", ",DC=")
diff --git a/source4/scripting/python/samba/samdb.py b/source4/scripting/python/samba/samdb.py
index cc82e53..e2ac37a 100644
--- a/source4/scripting/python/samba/samdb.py
+++ b/source4/scripting/python/samba/samdb.py
@@ -595,3 +595,6 @@ accountExpires: %u
def write_prefixes_from_schema(self):
dsdb._dsdb_write_prefixes_from_schema_to_ldb(self)
+
+ def get_partitions_dn(self):
+ return dsdb._dsdb_get_partitions_dn(self)
diff --git a/source4/selftest/tests.sh b/source4/selftest/tests.sh
index 6ed631b..10a083b 100755
--- a/source4/selftest/tests.sh
+++ b/source4/selftest/tests.sh
@@ -535,3 +535,6 @@ plantestsuite "drs_delete_object.python" vampire_dc PYTHONPATH="$PYTHONPATH:$sam
t="RPC-SAMR-LARGE-DC"
plantestsuite "`normalize_testname $t.one`" vampire_dc $VALGRIND $smb4torture "\$SERVER[$bindoptions]" -U"\$USERNAME"%"\$PASSWORD" -W \$DOMAIN $t "$*"
plantestsuite "`normalize_testname $t.two`" vampire_dc $VALGRIND $smb4torture "\$SERVER[$bindoptions]" -U"\$USERNAME"%"\$PASSWORD" -W \$DOMAIN $t "$*"
+
+# some RODC testing
+plantestsuite "rpc.echo to RODC" "rodc" $smb4torture ncacn_np:"\$SERVER" -k yes -U"\$USERNAME"%"\$PASSWORD" -W "\$DOMAIN" RPC-ECHO "$*"
diff --git a/source4/setup/krb5.conf b/source4/setup/krb5.conf
index 7dad63d..bb8df03 100644
--- a/source4/setup/krb5.conf
+++ b/source4/setup/krb5.conf
@@ -1,7 +1,7 @@
[libdefaults]
default_realm = ${REALM}
- dns_lookup_realm = false
- dns_lookup_kdc = false
+ dns_lookup_realm = true
+ dns_lookup_kdc = true
ticket_lifetime = 24h
forwardable = yes
--
Samba Shared Repository
More information about the samba-cvs
mailing list