[SCM] Samba Shared Repository - branch master updated

Anatoliy Atanasov anatoliy at samba.org
Wed Sep 15 05:00:06 MDT 2010


The branch, master has been updated
       via  ccb7fdc s4/fsmo: Extended fsmo test with infrastructure, pdc and rid roles
       via  2eeba94 s4/fsmo: Handle infrastructure, pdc and rid extended ops
       via  4608721 s4/fsmo: Remove empty new lines
      from  db46b2b s3-winbindd: Use rpc_open_pipe_interface in winbindd.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit ccb7fdc52b7edf6fd6486731c3db6bc673bc48cd
Author: Anatoliy Atanasov <anatoliy.atanasov at postpath.com>
Date:   Tue Sep 14 18:07:09 2010 +0300

    s4/fsmo: Extended fsmo test with infrastructure, pdc and rid roles

commit 2eeba94c9cca41f72d6b95cb8eda585e33e21745
Author: Anatoliy Atanasov <anatoliy.atanasov at postpath.com>
Date:   Wed Sep 15 10:17:55 2010 +0300

    s4/fsmo: Handle infrastructure, pdc and rid extended ops
    
    With this change we can transfer all roles back and forward, except
    for the naming master. Also this commit fixes the naming of
    fsmo_role_dn - used to point to the DN from which we read fSMORoleOwner
    role_owner_dn - used to point to the NTDSDSA who owns the role
    Now we always pass fsmo_role_dn, role_owner_dn to the extended operation
    and to drepl_create_role_owner_source_dsa
    
    Conflicts:
    
    	source4/dsdb/repl/drepl_ridalloc.c

commit 46087219357b13cf7c440ee6f4d536ff537bbd2d
Author: Anatoliy Atanasov <anatoliy.atanasov at postpath.com>
Date:   Tue Sep 14 17:59:32 2010 +0300

    s4/fsmo: Remove empty new lines

-----------------------------------------------------------------------

Summary of changes:
 source4/dsdb/repl/drepl_fsmo.c            |   72 ++++++++++++++++------------
 source4/dsdb/repl/drepl_ridalloc.c        |   26 +++++------
 source4/rpc_server/drsuapi/getncchanges.c |    6 --
 source4/torture/drs/python/fsmo.py        |   65 +++++++++++++++++--------
 4 files changed, 97 insertions(+), 72 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/dsdb/repl/drepl_fsmo.c b/source4/dsdb/repl/drepl_fsmo.c
index e69dc7e..a389c39 100644
--- a/source4/dsdb/repl/drepl_fsmo.c
+++ b/source4/dsdb/repl/drepl_fsmo.c
@@ -48,9 +48,9 @@ static void drepl_role_callback(struct dreplsrv_service *service,
 	service->ncchanges_extended.in_progress = false;
 }
 
-static bool fsmo_master_cmp(struct ldb_dn *ntds_dn, struct ldb_dn *fsmo_role_dn)
+static bool fsmo_master_cmp(struct ldb_dn *ntds_dn, struct ldb_dn *role_owner_dn)
 {
-	if (ldb_dn_compare(ntds_dn, fsmo_role_dn) == 0) {
+	if (ldb_dn_compare(ntds_dn, role_owner_dn) == 0) {
 		DEBUG(0,("\nWe are the FSMO master.\n"));
 		return true;
 	}
@@ -68,6 +68,8 @@ WERROR dreplsrv_fsmo_role_check(struct dreplsrv_service *service,
 	struct ldb_context *ldb = service->samdb;
 	int ret;
 	uint64_t alloc_pool = 0;
+	enum drsuapi_DsExtendedOperation extended_op = DRSUAPI_EXOP_NONE;
+	WERROR werr;
 
 	if (service->ncchanges_extended.in_progress) {
 		talloc_free(tmp_ctx);
@@ -78,11 +80,11 @@ WERROR dreplsrv_fsmo_role_check(struct dreplsrv_service *service,
 	if (!ntds_dn) {
 		return WERR_DS_DRA_INTERNAL_ERROR;
 	}
-	/* work out who is the current owner */
+
 	switch (role) {
 	case DREPL_NAMING_MASTER:
-		role_owner_dn = samdb_partitions_dn(ldb, tmp_ctx),
-		ret = samdb_reference_dn(ldb, tmp_ctx, role_owner_dn, "fSMORoleOwner", &fsmo_role_dn);
+		fsmo_role_dn = samdb_partitions_dn(ldb, tmp_ctx),
+		ret = samdb_reference_dn(ldb, tmp_ctx, fsmo_role_dn, "fSMORoleOwner", &role_owner_dn);
 		if (ret != LDB_SUCCESS) {
 			DEBUG(0,(__location__ ": Failed to find fSMORoleOwner in Naming Master object - %s",
 				 ldb_errstring(ldb)));
@@ -91,70 +93,78 @@ WERROR dreplsrv_fsmo_role_check(struct dreplsrv_service *service,
 		}
 		break;
 	case DREPL_INFRASTRUCTURE_MASTER:
-		role_owner_dn = samdb_infrastructure_dn(ldb, tmp_ctx);
-		ret = samdb_reference_dn(ldb, tmp_ctx, role_owner_dn, "fSMORoleOwner", &fsmo_role_dn);
+		fsmo_role_dn = samdb_infrastructure_dn(ldb, tmp_ctx);
+		ret = samdb_reference_dn(ldb, tmp_ctx, fsmo_role_dn, "fSMORoleOwner", &role_owner_dn);
 		if (ret != LDB_SUCCESS) {
 			DEBUG(0,(__location__ ": Failed to find fSMORoleOwner in Schema Master object - %s",
 				 ldb_errstring(ldb)));
 			talloc_free(tmp_ctx);
 			return WERR_DS_DRA_INTERNAL_ERROR;
 		}
+		extended_op = DRSUAPI_EXOP_FSMO_REQ_ROLE;
 		break;
 	case DREPL_RID_MASTER:
-		ret = samdb_rid_manager_dn(ldb, tmp_ctx, &role_owner_dn);
+		ret = samdb_rid_manager_dn(ldb, tmp_ctx, &fsmo_role_dn);
 		if (ret != LDB_SUCCESS) {
 			DEBUG(0, (__location__ ": Failed to find RID Manager object - %s", ldb_errstring(ldb)));
 			talloc_free(tmp_ctx);
 			return WERR_DS_DRA_INTERNAL_ERROR;
 		}
 
-		/* find the DN of the RID Manager */
-		ret = samdb_reference_dn(ldb, tmp_ctx, role_owner_dn, "fSMORoleOwner", &fsmo_role_dn);
+		ret = samdb_reference_dn(ldb, tmp_ctx, fsmo_role_dn, "fSMORoleOwner", &role_owner_dn);
 		if (ret != LDB_SUCCESS) {
 			DEBUG(0,(__location__ ": Failed to find fSMORoleOwner in RID Manager object - %s",
 				 ldb_errstring(ldb)));
 			talloc_free(tmp_ctx);
 			return WERR_DS_DRA_INTERNAL_ERROR;
 		}
+		extended_op = DRSUAPI_EXOP_FSMO_RID_REQ_ROLE;
 		break;
 	case DREPL_SCHEMA_MASTER:
-		role_owner_dn = ldb_get_schema_basedn(ldb);
-		ret = samdb_reference_dn(ldb, tmp_ctx, role_owner_dn, "fSMORoleOwner", &fsmo_role_dn);
+		fsmo_role_dn = ldb_get_schema_basedn(ldb);
+		ret = samdb_reference_dn(ldb, tmp_ctx, fsmo_role_dn, "fSMORoleOwner", &role_owner_dn);
 		if (ret != LDB_SUCCESS) {
 			DEBUG(0,(__location__ ": Failed to find fSMORoleOwner in Schema Master object - %s",
 				 ldb_errstring(ldb)));
 			talloc_free(tmp_ctx);
 			return WERR_DS_DRA_INTERNAL_ERROR;
 		}
-		if (!fsmo_master_cmp(ntds_dn, fsmo_role_dn)) {
-			WERROR werr;
-			werr = drepl_request_extended_op(service,
-							 role_owner_dn,
-							 fsmo_role_dn,
-							 DRSUAPI_EXOP_FSMO_REQ_ROLE,
-							 alloc_pool,
-							 drepl_role_callback);
-			if (W_ERROR_IS_OK(werr)) {
-				dreplsrv_run_pending_ops(service);
-			} else {
-				DEBUG(0,("%s: drepl_request_extended_op() failed with %s",
-						 __FUNCTION__, win_errstr(werr)));
-			}
-			return werr;
-		}
+		extended_op = DRSUAPI_EXOP_FSMO_REQ_ROLE;
 		break;
 	case DREPL_PDC_MASTER:
-		role_owner_dn = ldb_get_default_basedn(ldb);
-		ret = samdb_reference_dn(ldb, tmp_ctx, role_owner_dn, "fSMORoleOwner", &fsmo_role_dn);
+		fsmo_role_dn = ldb_get_default_basedn(ldb);
+		ret = samdb_reference_dn(ldb, tmp_ctx, fsmo_role_dn, "fSMORoleOwner", &role_owner_dn);
 		if (ret != LDB_SUCCESS) {
 			DEBUG(0,(__location__ ": Failed to find fSMORoleOwner in Pd Master object - %s",
 				 ldb_errstring(ldb)));
 			talloc_free(tmp_ctx);
 			return WERR_DS_DRA_INTERNAL_ERROR;
 		}
+		extended_op = DRSUAPI_EXOP_FSMO_REQ_PDC;
 		break;
 	default:
 		return WERR_DS_DRA_INTERNAL_ERROR;
 	}
-	return WERR_OK;
+
+	if (fsmo_master_cmp(ntds_dn, role_owner_dn) ||
+	    (extended_op == DRSUAPI_EXOP_NONE)) {
+		DEBUG(0,("FSMO role check failed for DN %s and owner %s ",
+			 ldb_dn_get_linearized(fsmo_role_dn),
+			 ldb_dn_get_linearized(role_owner_dn)));
+		return WERR_OK;
+	}
+
+	werr = drepl_request_extended_op(service,
+					 fsmo_role_dn,
+					 role_owner_dn,
+					 extended_op,
+					 alloc_pool,
+					 drepl_role_callback);
+	if (W_ERROR_IS_OK(werr)) {
+		dreplsrv_run_pending_ops(service);
+	} else {
+		DEBUG(0,("%s: drepl_request_extended_op() failed with %s",
+			 __FUNCTION__, win_errstr(werr)));
+	}
+	return werr;
 }
diff --git a/source4/dsdb/repl/drepl_ridalloc.c b/source4/dsdb/repl/drepl_ridalloc.c
index 1869af8..4484316 100644
--- a/source4/dsdb/repl/drepl_ridalloc.c
+++ b/source4/dsdb/repl/drepl_ridalloc.c
@@ -36,7 +36,8 @@
  */
 
 WERROR drepl_create_role_owner_source_dsa(struct dreplsrv_service *service,
-					  struct ldb_dn *role_owner_dn, struct ldb_dn *fsmo_role_dn)
+					  struct ldb_dn *fsmo_role_dn,
+					  struct ldb_dn *role_owner_dn)
 {
 	struct dreplsrv_partition_source_dsa *sdsa;
 	struct ldb_context *ldb = service->samdb;
@@ -52,29 +53,29 @@ WERROR drepl_create_role_owner_source_dsa(struct dreplsrv_service *service,
 		return WERR_NOMEM;
 	}
 
-	sdsa->partition->dn = ldb_dn_copy(sdsa->partition, role_owner_dn);
+	sdsa->partition->dn = ldb_dn_copy(sdsa->partition, fsmo_role_dn);
 	if (!sdsa->partition->dn) {
 		talloc_free(sdsa);
 		return WERR_NOMEM;
 	}
-	sdsa->partition->nc.dn = ldb_dn_alloc_linearized(sdsa->partition, role_owner_dn);
+	sdsa->partition->nc.dn = ldb_dn_alloc_linearized(sdsa->partition, fsmo_role_dn);
 	if (!sdsa->partition->nc.dn) {
 		talloc_free(sdsa);
 		return WERR_NOMEM;
 	}
-	ret = dsdb_find_guid_by_dn(ldb, role_owner_dn, &sdsa->partition->nc.guid);
+	ret = dsdb_find_guid_by_dn(ldb, fsmo_role_dn, &sdsa->partition->nc.guid);
 	if (ret != LDB_SUCCESS) {
 		DEBUG(0,(__location__ ": Failed to find GUID for %s\n",
-			 ldb_dn_get_linearized(role_owner_dn)));
+			 ldb_dn_get_linearized(fsmo_role_dn)));
 		talloc_free(sdsa);
 		return WERR_DS_DRA_INTERNAL_ERROR;
 	}
 
 	sdsa->repsFrom1 = &sdsa->_repsFromBlob.ctr.ctr1;
-	ret = dsdb_find_guid_by_dn(ldb, fsmo_role_dn, &sdsa->repsFrom1->source_dsa_obj_guid);
+	ret = dsdb_find_guid_by_dn(ldb, role_owner_dn, &sdsa->repsFrom1->source_dsa_obj_guid);
 	if (ret != LDB_SUCCESS) {
 		DEBUG(0,(__location__ ": Failed to find objectGUID for %s\n",
-			 ldb_dn_get_linearized(fsmo_role_dn)));
+			 ldb_dn_get_linearized(role_owner_dn)));
 		talloc_free(sdsa);
 		return WERR_DS_DRA_INTERNAL_ERROR;
 	}
@@ -98,7 +99,7 @@ WERROR drepl_create_role_owner_source_dsa(struct dreplsrv_service *service,
 	werr = dreplsrv_out_connection_attach(service, sdsa->repsFrom1, &sdsa->conn);
 	if (!W_ERROR_IS_OK(werr)) {
 		DEBUG(0,(__location__ ": Failed to attach connection to %s\n",
-			 ldb_dn_get_linearized(role_owner_dn)));
+			 ldb_dn_get_linearized(fsmo_role_dn)));
 		talloc_free(sdsa);
 		return werr;
 	}
@@ -111,23 +112,20 @@ WERROR drepl_create_role_owner_source_dsa(struct dreplsrv_service *service,
   schedule a getncchanges request to the role owner for an extended operation
  */
 WERROR drepl_request_extended_op(struct dreplsrv_service *service,
-				 struct ldb_dn *role_owner_dn,
 				 struct ldb_dn *fsmo_role_dn,
+				 struct ldb_dn *role_owner_dn,
 				 enum drsuapi_DsExtendedOperation extended_op,
 				 uint64_t alloc_pool,
 				 dreplsrv_fsmo_callback_t callback)
 {
 	WERROR werr;
-
 	if (service->ncchanges_extended.role_owner_source_dsa == NULL) {
-		/* we need to establish a connection to the RID
-		   Manager */
-		werr = drepl_create_role_owner_source_dsa(service, role_owner_dn, fsmo_role_dn);
+		/* we need to establish a connection to the role owner */
+		werr = drepl_create_role_owner_source_dsa(service, fsmo_role_dn, role_owner_dn);
 		W_ERROR_NOT_OK_RETURN(werr);
 	}
 
 	service->ncchanges_extended.in_progress = true;
-
 	werr = dreplsrv_schedule_partition_pull_source(service, service->ncchanges_extended.role_owner_source_dsa,
 						       extended_op, alloc_pool,
 						       callback, NULL);
diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c
index fca87e7..312e3bd 100644
--- a/source4/rpc_server/drsuapi/getncchanges.c
+++ b/source4/rpc_server/drsuapi/getncchanges.c
@@ -1181,35 +1181,29 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_
 		switch (req8->extended_op) {
 		case DRSUAPI_EXOP_NONE:
 			break;
-
 		case DRSUAPI_EXOP_FSMO_RID_ALLOC:
 			werr = getncchanges_rid_alloc(b_state, mem_ctx, req8, &r->out.ctr->ctr6);
 			W_ERROR_NOT_OK_RETURN(werr);
 			search_dn = ldb_get_default_basedn(sam_ctx);
 			break;
-
 		case DRSUAPI_EXOP_REPL_SECRET:
 			werr = getncchanges_repl_secret(b_state, mem_ctx, req8, user_sid, &r->out.ctr->ctr6);
 			r->out.result = werr;
 			NDR_PRINT_FUNCTION_DEBUG(drsuapi_DsGetNCChanges, NDR_BOTH, r);
 			W_ERROR_NOT_OK_RETURN(werr);
 			break;
-
 		case DRSUAPI_EXOP_FSMO_REQ_ROLE:
 			werr = getncchanges_change_master(b_state, mem_ctx, req8, &r->out.ctr->ctr6);
 			W_ERROR_NOT_OK_RETURN(werr);
 			break;
-
 		case DRSUAPI_EXOP_FSMO_RID_REQ_ROLE:
 			werr = getncchanges_change_master(b_state, mem_ctx, req8, &r->out.ctr->ctr6);
 			W_ERROR_NOT_OK_RETURN(werr);
 			break;
-
 		case DRSUAPI_EXOP_FSMO_REQ_PDC:
 			werr = getncchanges_change_master(b_state, mem_ctx, req8, &r->out.ctr->ctr6);
 			W_ERROR_NOT_OK_RETURN(werr);
 			break;
-
 		case DRSUAPI_EXOP_FSMO_ABANDON_ROLE:
 		case DRSUAPI_EXOP_REPL_OBJ:
 			DEBUG(0,(__location__ ": Request for DsGetNCChanges unsupported extended op 0x%x\n",
diff --git a/source4/torture/drs/python/fsmo.py b/source4/torture/drs/python/fsmo.py
index bc60171..c64a0b2 100644
--- a/source4/torture/drs/python/fsmo.py
+++ b/source4/torture/drs/python/fsmo.py
@@ -49,6 +49,8 @@ class DrsFsmoTestCase(samba.tests.TestCase):
     def setUp(self):
         super(DrsFsmoTestCase, self).setUp()
 
+        # we have to wait for the replication before we make the check
+        self.sleep_time = 5
         # connect to DCs singleton
         if self.ldb_dc1 is None:
             DrsFsmoTestCase.dc1 = get_env_var("DC1")
@@ -71,8 +73,13 @@ class DrsFsmoTestCase(samba.tests.TestCase):
 
         # cache some of RootDSE props
         self.schema_dn = self.info_dc1["schemaNamingContext"][0]
+        self.domain_dn = self.info_dc1["defaultNamingContext"][0]
+        self.config_dn = self.info_dc1["configurationNamingContext"][0]
         self.dsServiceName_dc1 = self.info_dc1["dsServiceName"][0]
         self.dsServiceName_dc2 = self.info_dc2["dsServiceName"][0]
+        self.infrastructure_dn = "CN=Infrastructure," + self.domain_dn
+        self.naming_dn = "CN=Partitions," + self.config_dn
+        self.rid_dn = "CN=RID Manager$,CN=System," + self.domain_dn
 
         # we will need DCs DNS names for 'net fsmo' command
         self.dnsname_dc1 = self.info_dc1["dnsHostName"][0]
@@ -82,50 +89,66 @@ class DrsFsmoTestCase(samba.tests.TestCase):
     def tearDown(self):
         super(DrsFsmoTestCase, self).tearDown()
 
-    def _net_fsmo_schema_transfer(self, DC):
+    def _net_fsmo_role_transfer(self, DC, role):
         # find out where is net command
         net_cmd = os.path.abspath("./bin/net")
         # make command line credentials string
         creds = samba.tests.cmdline_credentials
         cmd_line_auth = "-U%s/%s%%%s" % (creds.get_domain(),
                                          creds.get_username(), creds.get_password())
-        # bin/net fsmo transfer --role=schema --host=ldap://<Dest_DC_NAME>:389
-        cmd_line = "%s fsmo transfer --role=schema --host=ldap://%s:389 %s" % (net_cmd, DC,
-                                                                               cmd_line_auth)
+        # bin/net fsmo transfer --role=role --host=ldap://DC:389
+        cmd_line = "%s fsmo transfer --role=%s --host=ldap://%s:389 %s" % (net_cmd, role, DC,
+                                                                           cmd_line_auth)
         ret = os.system(cmd_line)
         self.assertEquals(ret, 0, "Transfering schema to %s has failed!" % (DC))
         pass
 
-
-    def test_SchemaMasterTransfer(self):
-        """Triggers schema master transfer role from DC1 to DC2
+    def _role_transfer(self, role, role_dn):
+        """Triggers transfer of role from DC1 to DC2
            and vice versa so the role goes back to the original dc"""
         # dc2 gets the schema master role from dc1
-        print "Testing for role transfer from %s to %s" % (self.dnsname_dc1, self.dnsname_dc2)
+        print "Testing for %s role transfer from %s to %s" % (role, self.dnsname_dc1, self.dnsname_dc2)
 
-        self._net_fsmo_schema_transfer(DC=self.dnsname_dc2)
+        self._net_fsmo_role_transfer(DC=self.dnsname_dc2, role=role)
         # check if the role is transfered, but wait a little first so the getncchanges can pass
-        time.sleep(20)
-        res = self.ldb_dc2.search(self.schema_dn,
+        time.sleep(self.sleep_time)
+        res = self.ldb_dc2.search(role_dn,
                                   scope=SCOPE_BASE, attrs=["fSMORoleOwner"])
         assert len(res) == 1
-        self.schemaMaster = res[0]["fSMORoleOwner"][0]
-        self.assertEquals(self.schemaMaster, self.dsServiceName_dc2,
-                          "Transfering schema to %s has failed, schema master is: %s!"%(self.dsServiceName_dc2,self.schemaMaster))
+        self.master = res[0]["fSMORoleOwner"][0]
+        self.assertEquals(self.master, self.dsServiceName_dc2,
+                          "Transfering %s role to %s has failed, master is: %s!"%(role, self.dsServiceName_dc2,self.master))
 
         # dc1 gets back the schema master role from dc2
-        print "Testing for role transfer from %s to %s" % (self.dnsname_dc2, self.dnsname_dc1)
-        self._net_fsmo_schema_transfer(DC=self.dnsname_dc1)
+        print "Testing for %s role transfer from %s to %s" % (role, self.dnsname_dc2, self.dnsname_dc1)
+        self._net_fsmo_role_transfer(DC=self.dnsname_dc1, role=role);
         # check if the role is transfered
-        time.sleep(20)
-        res = self.ldb_dc1.search(self.schema_dn,
+        time.sleep(self.sleep_time)
+        res = self.ldb_dc1.search(role_dn,
                                   scope=SCOPE_BASE, attrs=["fSMORoleOwner"])
         assert len(res) == 1
-        self.schemaMaster = res[0]["fSMORoleOwner"][0]
-        self.assertEquals(self.schemaMaster, self.dsServiceName_dc1,
-                          "Transfering schema to %s has failed, schema master is %s"%(self.dsServiceName_dc1, self.schemaMaster))
+        self.master = res[0]["fSMORoleOwner"][0]
+        self.assertEquals(self.master, self.dsServiceName_dc1,
+                          "Transfering %s role to %s has failed, master is %s"%(role, self.dsServiceName_dc1, self.master))
+        pass
+
+    def test_SchemaMasterTransfer(self):
+        self._role_transfer(role="schema", role_dn=self.schema_dn)
+        pass
+
+    def test_InfrastructureMasterTransfer(self):
+        self._role_transfer(role="infrastructure", role_dn=self.infrastructure_dn)
+        pass
+
+    def test_PDCMasterTransfer(self):
+        self._role_transfer(role="pdc", role_dn=self.domain_dn)
         pass
 
+    def test_RIDMasterTransfer(self):
+        self._role_transfer(role="rid", role_dn=self.rid_dn)
+        pass
+
+
 ########################################################################################
 def get_env_var(var_name):
     if not var_name in os.environ.keys():


-- 
Samba Shared Repository


More information about the samba-cvs mailing list