[SCM] Samba Shared Repository - branch master updated

Stefan Metzmacher metze at samba.org
Thu Jan 17 09:11:03 MST 2013


The branch, master has been updated
       via  e1d50a6 dsdb-operational: Avoid doing the ldb_attr_cmp if bypass flag is not set
       via  a0faf16 torture: Fix fsmo test to use correct -H samba-tool syntax
       via  18d7e5d dsdb: Do not hold the transaction over the IRPC call to perform a role transfer
       via  b40d134 selftest: also skip raw.search as it also spins
       via  316fd08 drs-fsmo: Improve handling of FSMO role takeover.
      from  6a10255 dsdb-acl: calculate sDRightsEffective based on "nTSecurityDescriptor"

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit e1d50a6b24012b42f9987b439a4b94cd8db79999
Author: Matthieu Patou <mat at matws.net>
Date:   Thu Dec 27 00:01:49 2012 -0800

    dsdb-operational: Avoid doing the ldb_attr_cmp if bypass flag is not set
    
    Most of the time this flag is not set and so we can avoid the strcasecmp
    in ldb_attr_cmp()
    
    Reviewed-by: Stefan Metzmacher <metze at samba.org>
    
    Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
    Autobuild-Date(master): Thu Jan 17 17:10:32 CET 2013 on sn-devel-104

commit a0faf16ae9aefc4963b2583970509b1b23e27ce1
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Sat Nov 17 13:49:00 2012 +1100

    torture: Fix fsmo test to use correct -H samba-tool syntax
    
    However, the test still does not pass.
    
    Reviewed-by: Stefan Metzmacher <metze at samba.org>

commit 18d7e5df0eb8fb593e66daf25d142584f44b5b87
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Tue Jan 15 09:56:46 2013 +1100

    dsdb: Do not hold the transaction over the IRPC call to perform a role transfer
    
    This avoids one samba process locking out another from the DB.
    
    Andrew Bartlett
    
    Reviewed-by: Stefan Metzmacher <metze at samba.org>

commit b40d134bc1866dd7e5b5e7dfc5bf01f6d55b1c1f
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Sun Jan 13 13:03:13 2013 +1100

    selftest: also skip raw.search as it also spins
    
    Reviewed-by: Stefan Metzmacher <metze at samba.org>

commit 316fd085ad2b587b82d817358240f84ae054a543
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Tue Nov 20 14:59:17 2012 +1100

    drs-fsmo: Improve handling of FSMO role takeover.
    
    This needs to be more async, and give less scary errors.
    
    Andrew Bartlett
    
    Reviewed-by: Stefan Metzmacher <metze at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 selftest/knownfail                           |    1 -
 selftest/skip                                |    1 +
 source4/dsdb/repl/drepl_fsmo.c               |    5 +--
 source4/dsdb/samdb/ldb_modules/operational.c |    2 +-
 source4/dsdb/samdb/ldb_modules/rootdse.c     |   38 ++++++++++++++++++++++++-
 source4/rpc_server/drsuapi/getncchanges.c    |    3 +-
 source4/torture/drs/python/fsmo.py           |    4 +-
 7 files changed, 44 insertions(+), 10 deletions(-)


Changeset truncated at 500 lines:

diff --git a/selftest/knownfail b/selftest/knownfail
index bdeb92b..39485af 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -135,7 +135,6 @@
 ^samba4.smb2.acls.*.owner
 ^samba4.ldap.dirsync.python.dc..__main__.ExtendedDirsyncTests.test_dirsync_deleted_items
 #^samba4.ldap.dirsync.python.dc..__main__.ExtendedDirsyncTests.*
-^samba4.drs.fsmo.python
 ^samba4.libsmbclient.opendir.opendir # This requires netbios browsing
 ^samba4.rpc.drsuapi.*.drsuapi.DsGetDomainControllerInfo\(.*\)$
 ^samba4.rpc.drsuapi.*.drsuapi.DsCrackNames\(.*\)$
diff --git a/selftest/skip b/selftest/skip
index 43866bb..5c49306 100644
--- a/selftest/skip
+++ b/selftest/skip
@@ -107,3 +107,4 @@ bench # don't run benchmarks in our selftest
 ^samba4.rpc.unixinfo # This contains a server-side getpwuid call which hangs the server when nss_winbindd is in use
 ^samba.tests.dcerpc.unix  # This contains a server-side getpwuid call which hangs the server when nss_winbindd is in use
 base.dir2 # This test spins on modern ext4, so we have to skip it
+raw.search # This test spins on modern ext4, so we have to skip it
diff --git a/source4/dsdb/repl/drepl_fsmo.c b/source4/dsdb/repl/drepl_fsmo.c
index 0e83982..37fb684 100644
--- a/source4/dsdb/repl/drepl_fsmo.c
+++ b/source4/dsdb/repl/drepl_fsmo.c
@@ -108,9 +108,8 @@ NTSTATUS drepl_take_FSMO_role(struct irpc_message *msg,
 		return NT_STATUS_OK;
 	}
 	
-	if (is_us || 
-	    (extended_op == DRSUAPI_EXOP_NONE)) {
-		DEBUG(0,("FSMO role check failed for DN %s and owner %s \n",
+	if (is_us) {
+		DEBUG(5,("FSMO role check failed, we already own DN %s with %s\n",
 			 ldb_dn_get_linearized(fsmo_role_dn),
 			 ldb_dn_get_linearized(role_owner_dn)));
 		r->out.result = WERR_OK;
diff --git a/source4/dsdb/samdb/ldb_modules/operational.c b/source4/dsdb/samdb/ldb_modules/operational.c
index c642ad8..b1122b3 100644
--- a/source4/dsdb/samdb/ldb_modules/operational.c
+++ b/source4/dsdb/samdb/ldb_modules/operational.c
@@ -612,7 +612,7 @@ struct op_controls_flags {
 };
 
 static bool check_keep_control_for_attribute(struct op_controls_flags* controls_flags, const char* attr) {
-	if (ldb_attr_cmp(attr, "msDS-KeyVersionNumber") == 0 && controls_flags->bypassoperational) {
+	if (controls_flags->bypassoperational && ldb_attr_cmp(attr, "msDS-KeyVersionNumber") == 0 ) {
 		return true;
 	}
 	return false;
diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c
index ba71b5f..eaf6451 100644
--- a/source4/dsdb/samdb/ldb_modules/rootdse.c
+++ b/source4/dsdb/samdb/ldb_modules/rootdse.c
@@ -1297,6 +1297,7 @@ static int rootdse_add(struct ldb_module *module, struct ldb_request *req)
 struct fsmo_transfer_state {
 	struct ldb_context *ldb;
 	struct ldb_request *req;
+	struct ldb_module *module;
 };
 
 /*
@@ -1307,6 +1308,7 @@ static void rootdse_fsmo_transfer_callback(struct tevent_req *treq)
 	struct fsmo_transfer_state *fsmo = tevent_req_callback_data(treq, struct fsmo_transfer_state);
 	NTSTATUS status;
 	WERROR werr;
+	int ret;
 	struct ldb_request *req = fsmo->req;
 	struct ldb_context *ldb = fsmo->ldb;
 
@@ -1314,16 +1316,31 @@ static void rootdse_fsmo_transfer_callback(struct tevent_req *treq)
 	talloc_free(fsmo);
 	if (!NT_STATUS_IS_OK(status)) {
 		ldb_asprintf_errstring(ldb, "Failed FSMO transfer: %s", nt_errstr(status));
+		/*
+		 * Now that it is failed, start the transaction up
+		 * again so the wrappers can close it without additional error
+		 */
+		ldb_next_start_trans(fsmo->module);
 		ldb_module_done(req, NULL, NULL, LDB_ERR_UNAVAILABLE);
 		return;
 	}
 	if (!W_ERROR_IS_OK(werr)) {
 		ldb_asprintf_errstring(ldb, "Failed FSMO transfer: %s", win_errstr(werr));
+		/*
+		 * Now that it is failed, start the transaction up
+		 * again so the wrappers can close it without additional error
+		 */
+		ldb_next_start_trans(fsmo->module);
 		ldb_module_done(req, NULL, NULL, LDB_ERR_UNAVAILABLE);
 		return;
 	}
 
-	ldb_module_done(req, NULL, NULL, LDB_SUCCESS);
+	/*
+	 * Now that it is done, start the transaction up again so the
+	 * wrappers can close it without error
+	 */
+	ret = ldb_next_start_trans(fsmo->module);
+	ldb_module_done(req, NULL, NULL, ret);
 }
 
 static int rootdse_become_master(struct ldb_module *module,
@@ -1358,6 +1375,13 @@ static int rootdse_become_master(struct ldb_module *module,
 				 "RODC cannot become a role master.");
 	}
 
+	/*
+	 * We always delete the transaction, not commit it, because
+	 * this gives the least supprise to this supprising action (as
+	 * we will never record anything done to this point
+	 */
+	ldb_next_del_trans(module);
+
 	msg = imessaging_client_init(tmp_ctx, lp_ctx,
 				    ldb_get_event_context(ldb));
 	if (!msg) {
@@ -1376,10 +1400,20 @@ static int rootdse_become_master(struct ldb_module *module,
 	}
 	fsmo->ldb = ldb;
 	fsmo->req = req;
+	fsmo->module = module;
 
-	/* we send the call asynchronously, as the ldap client is
+	/*
+	 * we send the call asynchronously, as the ldap client is
 	 * expecting to get an error back if the role transfer fails
+	 *
+	 * We need more than the default 10 seconds IRPC allows, so
+	 * set a longer timeout (default ldb timeout is 300 seconds).
+	 * We send an async reply when we are done.
+	 *
+	 * We are the first module, so don't bother working out how
+	 * long we have spent so far.
 	 */
+	dcerpc_binding_handle_set_timeout(irpc_handle, req->timeout);
 
 	treq = dcerpc_drepl_takeFSMORole_send(req, ldb_get_event_context(ldb), irpc_handle, role);
 	if (treq == NULL) {
diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c
index c3fd000..575d037 100644
--- a/source4/rpc_server/drsuapi/getncchanges.c
+++ b/source4/rpc_server/drsuapi/getncchanges.c
@@ -2022,7 +2022,8 @@ allowed:
 
 		werr = drsuapi_UpdateRefs(b_state, mem_ctx, &ureq);
 		if (!W_ERROR_IS_OK(werr)) {
-			DEBUG(0,(__location__ ": Failed UpdateRefs in DsGetNCChanges - %s\n",
+			DEBUG(0,(__location__ ": Failed UpdateRefs on %s for %s in DsGetNCChanges - %s\n",
+				 drs_ObjectIdentifier_to_string(mem_ctx, ncRoot), ureq.dest_dsa_dns_name,
 				 win_errstr(werr)));
 		}
 	}
diff --git a/source4/torture/drs/python/fsmo.py b/source4/torture/drs/python/fsmo.py
index f1fa6ef..8a1e9ff 100644
--- a/source4/torture/drs/python/fsmo.py
+++ b/source4/torture/drs/python/fsmo.py
@@ -61,8 +61,8 @@ class DrsFsmoTestCase(drs_base.DrsBaseTestCase):
         creds = self.get_credentials()
         cmd_line_auth = "-U%s/%s%%%s" % (creds.get_domain(),
                                          creds.get_username(), creds.get_password())
-        # bin/samba-tool fsmo transfer --role=role --url=ldap://DC:389
-        cmd_line = "%s fsmo transfer --role=%s --url=ldap://%s:389 %s" % (net_cmd, role, DC,
+        # bin/samba-tool fsmo transfer --role=role -H ldap://DC:389
+        cmd_line = "%s fsmo transfer --role=%s -H ldap://%s:389 %s" % (net_cmd, role, DC,
                                                                            cmd_line_auth)
         ret = os.system(cmd_line)
         self.assertEquals(ret, 0, "Transferring role %s to %s has failed!" % (role, DC))


-- 
Samba Shared Repository


More information about the samba-cvs mailing list