[SCM] Samba Shared Repository - branch master updated
Stefan Metzmacher
metze at samba.org
Thu Sep 14 20:30:02 UTC 2017
The branch, master has been updated
via 3f0938b Install dcerpc/__init__.py for all Python environments
via 9516d42 s4-provision: Ensure the dummy main-domain DB used for DLZ has an @INDEXLIST
via 24600e8 repl_meta_data: Show failing replicated entry in error code
via b0f22f2 selftest: reindex in dbcheck-oldrelease after modifying the backend DB
via 5d9bb80 schema: Rework dsdb_schema_set_indices_and_attributes() db operations
via 51be275 selftest: Check re-opening sam.ldb corrects the @ATTRIBUTES and @INDEXLIST
from a808c02 ctdb-protocol: Drop marshalling for monitor controls
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 3f0938b9389dc9c0ca5e4acf0451f14050a7506f
Author: Alexander Bokovoy <ab at samba.org>
Date: Wed Sep 13 11:37:34 2017 +0300
Install dcerpc/__init__.py for all Python environments
Also fix whitespace. We use tabs, not spaces in Python/waf code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13030
Signed-off-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu Sep 14 22:29:39 CEST 2017 on sn-devel-144
commit 9516d4229f85c7f19e1af49f0cc36ac3656d5477
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Aug 30 15:30:04 2017 +1200
s4-provision: Ensure the dummy main-domain DB used for DLZ has an @INDEXLIST
The other databases are created from copies of the main provision, but this one
is not, so did not previously get a valid @INDEXLIST.
This is important as otherwise we will not correctly notice support for
the GUID index or new DSDB features in @SAMBA_DSDB as this is gated
on seeing @SAMBA_FEATURES_SUPPORTED in @INDEXLIST.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
commit 24600e8e911cd8bec678282a29a7c5a8aefb9879
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Sep 6 16:24:35 2017 +1200
repl_meta_data: Show failing replicated entry in error code
This re-work of our LDIF printing avoids some of the privacy issue from
printing the full LDIF at level 4, while showing the entry that actually fails.
Instead, with e3988f8f74f4a11e8f26a548e0a33d20f4e863f7 we now print the DN
only at level 4, then the full message at 8.
With this patch on failure, we print the redacted failing message at 5.
While all of the DRS replication data is potentially sensitive
the passwords are most sensitive, and are now not printed unencrypted.
This discourages users from sending the full failing trace, as the
last entry is much more likely the issue.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
commit b0f22f2661f5712ac00cf221e734b99e8d5d04fa
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Sep 12 14:17:35 2017 +1200
selftest: reindex in dbcheck-oldrelease after modifying the backend DB
Modifying the backend DB is not a supported operation, but helps us create test
situations.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
commit 5d9bb80a027ba2b03c97d80c10173f946c758f69
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Sep 11 15:22:23 2017 +1200
schema: Rework dsdb_schema_set_indices_and_attributes() db operations
Commit ec9b1e881c3eef503d6b4b311594113acf7d47d8 did not fully fix this.
There is no value in using dsdb_replace(), we are under the read lock
and replace just confuses things further.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13025
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
commit 51be27522caffde8a3806f8c0c877a0f85eaf398
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Sep 13 16:13:06 2017 +1200
selftest: Check re-opening sam.ldb corrects the @ATTRIBUTES and @INDEXLIST
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
-----------------------------------------------------------------------
Summary of changes:
python/samba/provision/sambadns.py | 4 ++
python/samba/tests/dsdb_schema_attributes.py | 53 +++++++++++++++++++++++++
source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 36 ++++++++++++++++-
source4/dsdb/schema/schema_set.c | 17 ++++----
source4/librpc/wscript_build | 11 ++---
testprogs/blackbox/dbcheck-oldrelease.sh | 3 ++
6 files changed, 109 insertions(+), 15 deletions(-)
Changeset truncated at 500 lines:
diff --git a/python/samba/provision/sambadns.py b/python/samba/provision/sambadns.py
index d4cb93a..fce72ad 100644
--- a/python/samba/provision/sambadns.py
+++ b/python/samba/provision/sambadns.py
@@ -809,6 +809,10 @@ def create_samdb_copy(samdb, logger, paths, names, domainsid, domainguid):
"DESCRIPTOR" : descr})
setup_add_ldif(dom_ldb,
setup_path("provision_basedn_options.ldif"), None)
+
+ # We need the dummy main-domain DB to have the correct @INDEXLIST
+ index_res = samdb.search(base="@INDEXLIST", scope=ldb.SCOPE_BASE)
+ dom_ldb.add(index_res[0])
except:
logger.error(
"Failed to setup database for BIND, AD based DNS cannot be used")
diff --git a/python/samba/tests/dsdb_schema_attributes.py b/python/samba/tests/dsdb_schema_attributes.py
index df6c8bb..2bebbb5 100644
--- a/python/samba/tests/dsdb_schema_attributes.py
+++ b/python/samba/tests/dsdb_schema_attributes.py
@@ -173,3 +173,56 @@ systemOnly: FALSE
self.assertIn(attr_ldap_name, [str(x) for x in idx_res[0]["@IDXATTR"]])
self.assertIn(attr_ldap_name2, [str(x) for x in idx_res[0]["@IDXATTR"]])
+
+ def test_modify_at_attributes(self):
+ m = {"dn": "@ATTRIBUTES",
+ "@TEST_EXTRA": ["HIDDEN"]
+ }
+
+ msg = ldb.Message.from_dict(self.samdb, m, ldb.FLAG_MOD_ADD)
+ self.samdb.modify(msg)
+
+ res = self.samdb.search(base="@ATTRIBUTES", scope=ldb.SCOPE_BASE,
+ attrs=["@TEST_EXTRA"])
+ self.assertEquals(len(res), 1)
+ self.assertEquals(str(res[0].dn), "@ATTRIBUTES")
+ self.assertEquals(len(res[0]), 1)
+ self.assertTrue("@TEST_EXTRA" in res[0])
+ self.assertEquals(len(res[0]["@TEST_EXTRA"]), 1)
+ self.assertEquals(res[0]["@TEST_EXTRA"][0], "HIDDEN")
+
+ samdb2 = samba.tests.connect_samdb(self.lp.samdb_url())
+
+ res = self.samdb.search(base="@ATTRIBUTES", scope=ldb.SCOPE_BASE,
+ attrs=["@TEST_EXTRA"])
+ self.assertEquals(len(res), 1)
+ self.assertEquals(str(res[0].dn), "@ATTRIBUTES")
+ self.assertEquals(len(res[0]), 0)
+ self.assertFalse("@TEST_EXTRA" in res[0])
+
+
+ def test_modify_at_indexlist(self):
+ m = {"dn": "@INDEXLIST",
+ "@TEST_EXTRA": ["1"]
+ }
+
+ msg = ldb.Message.from_dict(self.samdb, m, ldb.FLAG_MOD_ADD)
+ self.samdb.modify(msg)
+
+ res = self.samdb.search(base="@INDEXLIST", scope=ldb.SCOPE_BASE,
+ attrs=["@TEST_EXTRA"])
+ self.assertEquals(len(res), 1)
+ self.assertEquals(str(res[0].dn), "@INDEXLIST")
+ self.assertEquals(len(res[0]), 1)
+ self.assertTrue("@TEST_EXTRA" in res[0])
+ self.assertEquals(len(res[0]["@TEST_EXTRA"]), 1)
+ self.assertEquals(res[0]["@TEST_EXTRA"][0], "1")
+
+ samdb2 = samba.tests.connect_samdb(self.lp.samdb_url())
+
+ res = self.samdb.search(base="@INDEXLIST", scope=ldb.SCOPE_BASE,
+ attrs=["@TEST_EXTRA"])
+ self.assertEquals(len(res), 1)
+ self.assertEquals(str(res[0].dn), "@INDEXLIST")
+ self.assertEquals(len(res[0]), 0)
+ self.assertFalse("@TEST_EXTRA" in res[0])
diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
index 8f123de..d2c2084 100644
--- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
+++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
@@ -563,9 +563,41 @@ static int replmd_op_callback(struct ldb_request *req, struct ldb_reply *ares)
}
if (ares->error != LDB_SUCCESS) {
- DEBUG(5,("%s failure. Error is: %s\n", __FUNCTION__, ldb_strerror(ares->error)));
+ struct GUID_txt_buf guid_txt;
+ struct ldb_message *msg = NULL;
+ char *s = NULL;
+
+ if (ac->apply_mode == false) {
+ DBG_NOTICE("Originating update failure. Error is: %s\n",
+ ldb_strerror(ares->error));
+ return ldb_module_done(ac->req, controls,
+ ares->response, ares->error);
+ }
+
+ msg = ac->objs->objects[ac->index_current].msg;
+ /*
+ * Set at DBG_NOTICE as once these start to happe, they
+ * will happen a lot until resolved, due to repeated
+ * replication. The caller will probably print the
+ * ldb error string anyway.
+ */
+ DBG_NOTICE("DRS replication apply failure for %s. Error is: %s\n",
+ ldb_dn_get_linearized(msg->dn),
+ ldb_strerror(ares->error));
+
+ s = ldb_ldif_message_redacted_string(ldb_module_get_ctx(ac->module),
+ ac,
+ LDB_CHANGETYPE_ADD,
+ msg);
+
+ DBG_INFO("Failing DRS %s replication message was %s:\n%s\n",
+ ac->search_msg == NULL ? "ADD" : "MODIFY",
+ GUID_buf_string(&ac->objs->objects[ac->index_current].object_guid,
+ &guid_txt),
+ s);
+ talloc_free(s);
return ldb_module_done(ac->req, controls,
- ares->response, ares->error);
+ ares->response, ares->error);
}
if (ares->type != LDB_REPLY_DONE) {
diff --git a/source4/dsdb/schema/schema_set.c b/source4/dsdb/schema/schema_set.c
index cfd320b..8141e32 100644
--- a/source4/dsdb/schema/schema_set.c
+++ b/source4/dsdb/schema/schema_set.c
@@ -175,11 +175,11 @@ int dsdb_schema_set_indices_and_attributes(struct ldb_context *ldb,
}
if (mod_msg->num_elements > 0) {
/*
- * Do the replace with the constructed message,
- * to avoid needing a lock between this search
- * and the replace
+ * Do the replace with the difference, as we
+ * are under the read lock and we wish to do a
+ * delete of any removed/renamed attributes
*/
- ret = dsdb_replace(ldb, msg, 0);
+ ret = dsdb_modify(ldb, mod_msg, 0);
}
talloc_free(mod_msg);
}
@@ -235,12 +235,13 @@ int dsdb_schema_set_indices_and_attributes(struct ldb_context *ldb,
* @SAMBA_FEATURES_SUPPORTED
*/
} else if (mod_msg->num_elements > 0) {
+
/*
- * Do the replace with the constructed message,
- * to avoid needing a lock between this search
- * and the replace
+ * Do the replace with the difference, as we
+ * are under the read lock and we wish to do a
+ * delete of any removed/renamed attributes
*/
- ret = dsdb_replace(ldb, msg_idx, 0);
+ ret = dsdb_modify(ldb, mod_msg, 0);
}
talloc_free(mod_msg);
}
diff --git a/source4/librpc/wscript_build b/source4/librpc/wscript_build
index e341432..a381a65 100644
--- a/source4/librpc/wscript_build
+++ b/source4/librpc/wscript_build
@@ -407,9 +407,10 @@ for env in bld.gen_python_environments():
)
if bld.PYTHON_BUILD_IS_ENABLED():
- bld.SAMBA_SCRIPT('python_dcerpc_init',
- pattern='rpc/dcerpc.py',
- installdir='python/samba/dcerpc',
- installname='__init__.py')
+ for env in bld.gen_python_environments():
+ bld.SAMBA_SCRIPT('python_dcerpc_init',
+ pattern='rpc/dcerpc.py',
+ installdir='python/samba/dcerpc',
+ installname='__init__.py')
- bld.INSTALL_FILES('${PYTHONARCHDIR}/samba/dcerpc', 'rpc/dcerpc.py', destname='__init__.py')
+ bld.INSTALL_FILES('${PYTHONARCHDIR}/samba/dcerpc', 'rpc/dcerpc.py', destname='__init__.py')
diff --git a/testprogs/blackbox/dbcheck-oldrelease.sh b/testprogs/blackbox/dbcheck-oldrelease.sh
index ecab003..a525f54 100755
--- a/testprogs/blackbox/dbcheck-oldrelease.sh
+++ b/testprogs/blackbox/dbcheck-oldrelease.sh
@@ -404,6 +404,9 @@ if [ -d $release_dir ]; then
testit_expect_failure "dbcheck2" dbcheck2
testit "dbcheck_clean2" dbcheck_clean2
testit "rm_deleted_objects" rm_deleted_objects
+ # We must re-index again because rm_deleted_objects went behind
+ # the back of the main sam.ldb.
+ testit "reindex2" reindex
testit_expect_failure "dbcheck3" dbcheck3
testit "dbcheck_clean3" dbcheck_clean3
testit "check_expected_after_deleted_objects" check_expected_after_deleted_objects
--
Samba Shared Repository
More information about the samba-cvs
mailing list