[PATCH] make samba-tool aware of all 7 fsmo roles

Rowland Penny repenny241155 at gmail.com
Thu Jun 11 05:14:07 MDT 2015


On 05/06/15 19:56, Jelmer Vernooij wrote:
> Thanks, looks reasonable to me - at least the Python side of things. Can
> somebody else from the team review as well and push?
>
> Cheers,
>
> Jelmer
>
> On Fri, Jun 05, 2015 at 07:36:42PM +0100, Rowland Penny wrote:
>> On 05/06/15 16:37, Jelmer Vernooij wrote:
>>> On Fri, Jun 05, 2015 at 11:10:10AM +0100, Rowland Penny wrote:
>>>> On 04/06/15 17:57, Jelmer Vernooij wrote:
>>>>> On Thu, Jun 04, 2015 at 05:17:11PM +0100, Rowland Penny wrote:
>>>>>> On 04/06/15 16:16, Jelmer Vernooij wrote:
>>>>>>> On Thu, Jun 04, 2015 at 02:00:47PM +0100, Rowland Penny wrote:
>>>>>>>> On 04/06/15 13:23, Jelmer Vernooij wrote:
>>>>>>>>> On Thu, Jun 04, 2015 at 11:36:29AM +0100, Rowland Penny wrote:
>>>>> Jelmer
>>>> OK, lets try again (still not holding my breath :-D )
>>> Almost there :)
>>>
>>>> +def transfer_dns_role(outf, sambaopts, credopts, role, samdb):
>>>> +    """Transfer dns FSMO role. """
>>>> +
>>>> +    if role == "domaindns":
>>>> +        domain_dn = samdb.domain_dn()
>>>> +        role_object = "CN=Infrastructure,DC=DomainDnsZones," + domain_dn
>>>> +    elif role == "forestdns":
>>>> +        forest_dn = samba.dn_from_dns_name(samdb.forest_dns_name())
>>>> +        role_object = "CN=Infrastructure,DC=ForestDnsZones," + forest_dn
>>>> +
>>>> +    try:
>>>> +        res = samdb.search(role_object,
>>>> +                           attrs=["fSMORoleOwner"],
>>>> +                           scope=ldb.SCOPE_BASE,
>>>> +                           controls=["extended_dn:1:1"])
>>>> +
>>>> +        if 'fSMORoleOwner' in res[0]:
>>>> +            try:
>>>> +                master_guid = str(misc.GUID(ldb.Dn(samdb,
>>>> +                                  res[0]['fSMORoleOwner'][0])
>>>> +                                  .get_extended_component('GUID')))
>>>> +                master_owner = str(ldb.Dn(samdb, res[0]['fSMORoleOwner'][0]))
>>>> +            except:
>>> ^^ Please catch LdbError here rather than everything (including e.g. KeyboardInterrupt).
>>>
>>>> +                outf.write("GUID not found in partition naming master DN %s\n" %
>>>> +                           res[0]['fSMORoleOwner'][0])
>>>> +                return
>>> Perhaps return False?
>>>
>>>> +    except LdbError, (num, msg):
>>>> +        raise CommandError("DNS partion %s not found : %s" % (role, msg))
>>>> +
>>>> +    if role == "domaindns":
>>>> +        master_dns_name = '%s._msdcs.%s' % (master_guid,
>>>> +                                            samdb.domain_dns_name())
>>>> +        new_dns_name = '%s._msdcs.%s' % (samdb.get_ntds_GUID(),
>>>> +                                         samdb.domain_dns_name())
>>>> +    elif role == "forestdns":
>>>> +        master_dns_name = '%s._msdcs.%s' % (master_guid,
>>>> +                                            samdb.forest_dns_name())
>>>> +        new_dns_name = '%s._msdcs.%s' % (samdb.get_ntds_GUID(),
>>>> +                                         samdb.forest_dns_name())
>>>> +
>>>> +    new_owner = samdb.get_dsServiceName()
>>>> +
>>>> +    if master_dns_name != new_dns_name:
>>>> +        lp = sambaopts.get_loadparm()
>>>> +        creds = credopts.get_credentials(lp, fallback_machine=True)
>>>> +        samdb = SamDB(url="ldap://%s" % (master_dns_name),
>>>> +                      session_info=system_session(),
>>>> +                      credentials=creds, lp=lp)
>>>> +
>>>> +        m = ldb.Message()
>>>> +        m.dn = ldb.Dn(samdb, role_object)
>>>> +        m["fSMORoleOwner"] = ldb.MessageElement(master_owner,
>>>> +                                                ldb.FLAG_MOD_DELETE,
>>>> +                                                "fSMORoleOwner")
>>>> +
>>>> +        try:
>>>> +            samdb.modify(m)
>>>> +        except LdbError, (num, msg):
>>>> +            raise CommandError("Failed to delete role '%s': %s" %
>>>> +                               (role, msg))
>>>> +
>>>> +        m = ldb.Message()
>>>> +        m.dn = ldb.Dn(samdb, role_object)
>>>> +        m["fSMORoleOwner"]= ldb.MessageElement(new_owner,
>>>> +                                               ldb.FLAG_MOD_ADD,
>>>> +                                               "fSMORoleOwner")
>>>> +        try:
>>>> +            samdb.modify(m)
>>>> +        except LdbError, (num, msg):
>>>> +            raise CommandError("Failed to add role '%s': %s" % (role, msg))
>>>> +
>>>> +        try:
>>>> +            connection = samba.drs_utils.drsuapi_connect(samdb.host_dns_name(),
>>>> +                                                         lp, creds)
>>>> +        except samba.drs_utils.drsException, e:
>>>> +            raise CommandError("Drsuapi Connect failed", e)
>>>> +
>>>> +        try:
>>>> +            drsuapi_connection = connection[0]
>>>> +            drsuapi_handle = connection[1]
>>>> +            req_options = drsuapi.DRSUAPI_DRS_WRIT_REP
>>>> +            NC = role_object[18:]
>>>> +            samba.drs_utils.sendDsReplicaSync(drsuapi_connection,
>>>> +                                              drsuapi_handle,
>>>> +                                              master_guid,
>>>> +                                              NC, req_options)
>>>> +        except samba.drs_utils.drsException, estr:
>>>> +            raise CommandError("Replication failed", estr)
>>>> +
>>>> +        outf.write("FSMO transfer of '%s' role successful\n" % role)
>>>> +        return True
>>>> +    else:
>>>> +        outf.write("This DC already has the '%s' FSMO role\n" % role)
>>> Perhaps return False?
>>>
>>>>   def transfer_role(outf, role, samdb):
>>>> +    """Transfer standard FSMO role. """
>>>> +
>>>> +    domain_dn = samdb.domain_dn()
>>>> +    rid_dn = "CN=RID Manager$,CN=System," + domain_dn
>>>> +    naming_dn = "CN=Partitions,%s" % samdb.get_config_basedn()
>>>> +    infrastructure_dn = "CN=Infrastructure," + domain_dn
>>>> +    schema_dn = str(samdb.get_schema_basedn())
>>>> +    new_owner = samdb.get_dsServiceName()
>>>>       m = ldb.Message()
>>>>       m.dn = ldb.Dn(samdb, "")
>>>>       if role == "rid":
>>>> +        master_owner = get_fsmo_roleowner(samdb, rid_dn)
>>>>           m["becomeRidMaster"]= ldb.MessageElement(
>>>>               "1", ldb.FLAG_MOD_REPLACE,
>>>>               "becomeRidMaster")
>>>>       elif role == "pdc":
>>>> -        domain_dn = samdb.domain_dn()
>>>> +        master_owner = get_fsmo_roleowner(samdb, domain_dn)
>>>> +
>>>>           res = samdb.search(domain_dn,
>>>>                              scope=ldb.SCOPE_BASE, attrs=["objectSid"])
>>>>           assert len(res) == 1
>>>> @@ -119,26 +252,77 @@ all=all of the above"""),
>>>>           else:
>>>>               raise CommandError("Invalid FSMO role.")
>>>>           #first try to transfer to avoid problem if the owner is still active
>>>> -        if force is None:
>>>> -            self.message("Attempting transfer...")
>>>> -            try:
>>>> -                transfer_role(self.outf, role, samdb)
>>>> -                self.outf.write("FSMO seize was not required, as transfer of '%s' role was successful\n" % role)
>>>> -                return
>>>> -            except CommandError:
>>>> -            #transfer failed, use the big axe...
>>>> -                self.message("Transfer unsuccessful, seizing...")
>>>> +        seize = "no"
>>> ^^ please use 'seize = False' / 'seize = True' rather than a string.
>>>
>>> Overall, looks much better. Thanks!
>>>
>>> Jelmer
>> Once more
>>
>> Rowland
>>
>>  From d2f0a8e5a4c9644e3dd6435f203fea358fdf024e Mon Sep 17 00:00:00 2001
>> From: Rowland Penny <repenny241155 at gmail.com>
>> Date: Fri, 5 Jun 2015 19:31:38 +0100
>> Subject: [PATCH] samba-tool: make 'samba-tool fsmo *' aware of all 7 fsmo
>>   roles
>>
>> BUG: https://bugzilla.samba.org/show_bug.cgi?id=10734
>>
>> Signed-off-by: Rowland Penny <repenny241155 at gmail.com>
>> ---
>>   python/samba/netcmd/fsmo.py |  346 +++++++++++++++++++++++++++++++++----------
>>   1 file changed, 268 insertions(+), 78 deletions(-)
>>
>> diff --git a/python/samba/netcmd/fsmo.py b/python/samba/netcmd/fsmo.py
>> index 1bc4a96..3a7c347 100644
>> --- a/python/samba/netcmd/fsmo.py
>> +++ b/python/samba/netcmd/fsmo.py
>> @@ -17,10 +17,11 @@
>>   # along with this program.  If not, see <http://www.gnu.org/licenses/>.
>>   #
>>   
>> +import samba
>>   import samba.getopt as options
>>   import ldb
>>   from ldb import LdbError
>> -
>> +from samba.dcerpc import drsuapi, misc
>>   from samba.auth import system_session
>>   from samba.netcmd import (
>>       Command,
>> @@ -30,15 +31,131 @@ from samba.netcmd import (
>>       )
>>   from samba.samdb import SamDB
>>   
>> +def get_fsmo_roleowner(samdb, roledn):
>> +    """Gets the owner of an FSMO role
>> +
>> +    :param roledn: The DN of the FSMO role
>> +    """
>> +    res = samdb.search(roledn,
>> +                       scope=ldb.SCOPE_BASE, attrs=["fSMORoleOwner"])
>> +    assert len(res) == 1
>> +    master_owner = res[0]["fSMORoleOwner"][0]
>> +    return master_owner
>> +
>> +
>> +def transfer_dns_role(outf, sambaopts, credopts, role, samdb):
>> +    """Transfer dns FSMO role. """
>> +
>> +    if role == "domaindns":
>> +        domain_dn = samdb.domain_dn()
>> +        role_object = "CN=Infrastructure,DC=DomainDnsZones," + domain_dn
>> +    elif role == "forestdns":
>> +        forest_dn = samba.dn_from_dns_name(samdb.forest_dns_name())
>> +        role_object = "CN=Infrastructure,DC=ForestDnsZones," + forest_dn
>> +
>> +    try:
>> +        res = samdb.search(role_object,
>> +                           attrs=["fSMORoleOwner"],
>> +                           scope=ldb.SCOPE_BASE,
>> +                           controls=["extended_dn:1:1"])
>> +
>> +        if 'fSMORoleOwner' in res[0]:
>> +            try:
>> +                master_guid = str(misc.GUID(ldb.Dn(samdb,
>> +                                  res[0]['fSMORoleOwner'][0])
>> +                                  .get_extended_component('GUID')))
>> +                master_owner = str(ldb.Dn(samdb, res[0]['fSMORoleOwner'][0]))
>> +            except LdbError, (num, msg):
>> +                raise CommandError("GUID not found in partition naming master DN %s : %s \n" %
>> +                                   (res[0]['fSMORoleOwner'][0], msg))
>> +    except LdbError, (num, msg):
>> +        raise CommandError("DNS partion %s not found : %s" % (role, msg))
>> +
>> +    if role == "domaindns":
>> +        master_dns_name = '%s._msdcs.%s' % (master_guid,
>> +                                            samdb.domain_dns_name())
>> +        new_dns_name = '%s._msdcs.%s' % (samdb.get_ntds_GUID(),
>> +                                         samdb.domain_dns_name())
>> +    elif role == "forestdns":
>> +        master_dns_name = '%s._msdcs.%s' % (master_guid,
>> +                                            samdb.forest_dns_name())
>> +        new_dns_name = '%s._msdcs.%s' % (samdb.get_ntds_GUID(),
>> +                                         samdb.forest_dns_name())
>> +
>> +    new_owner = samdb.get_dsServiceName()
>> +
>> +    if master_dns_name != new_dns_name:
>> +        lp = sambaopts.get_loadparm()
>> +        creds = credopts.get_credentials(lp, fallback_machine=True)
>> +        samdb = SamDB(url="ldap://%s" % (master_dns_name),
>> +                      session_info=system_session(),
>> +                      credentials=creds, lp=lp)
>> +
>> +        m = ldb.Message()
>> +        m.dn = ldb.Dn(samdb, role_object)
>> +        m["fSMORoleOwner"] = ldb.MessageElement(master_owner,
>> +                                                ldb.FLAG_MOD_DELETE,
>> +                                                "fSMORoleOwner")
>> +
>> +        try:
>> +            samdb.modify(m)
>> +        except LdbError, (num, msg):
>> +            raise CommandError("Failed to delete role '%s': %s" %
>> +                               (role, msg))
>> +
>> +        m = ldb.Message()
>> +        m.dn = ldb.Dn(samdb, role_object)
>> +        m["fSMORoleOwner"]= ldb.MessageElement(new_owner,
>> +                                               ldb.FLAG_MOD_ADD,
>> +                                               "fSMORoleOwner")
>> +        try:
>> +            samdb.modify(m)
>> +        except LdbError, (num, msg):
>> +            raise CommandError("Failed to add role '%s': %s" % (role, msg))
>> +
>> +        try:
>> +            connection = samba.drs_utils.drsuapi_connect(samdb.host_dns_name(),
>> +                                                         lp, creds)
>> +        except samba.drs_utils.drsException, e:
>> +            raise CommandError("Drsuapi Connect failed", e)
>> +
>> +        try:
>> +            drsuapi_connection = connection[0]
>> +            drsuapi_handle = connection[1]
>> +            req_options = drsuapi.DRSUAPI_DRS_WRIT_REP
>> +            NC = role_object[18:]
>> +            samba.drs_utils.sendDsReplicaSync(drsuapi_connection,
>> +                                              drsuapi_handle,
>> +                                              master_guid,
>> +                                              NC, req_options)
>> +        except samba.drs_utils.drsException, estr:
>> +            raise CommandError("Replication failed", estr)
>> +
>> +        outf.write("FSMO transfer of '%s' role successful\n" % role)
>> +        return True
>> +    else:
>> +        outf.write("This DC already has the '%s' FSMO role\n" % role)
>> +        return False
>> +
>>   def transfer_role(outf, role, samdb):
>> +    """Transfer standard FSMO role. """
>> +
>> +    domain_dn = samdb.domain_dn()
>> +    rid_dn = "CN=RID Manager$,CN=System," + domain_dn
>> +    naming_dn = "CN=Partitions,%s" % samdb.get_config_basedn()
>> +    infrastructure_dn = "CN=Infrastructure," + domain_dn
>> +    schema_dn = str(samdb.get_schema_basedn())
>> +    new_owner = samdb.get_dsServiceName()
>>       m = ldb.Message()
>>       m.dn = ldb.Dn(samdb, "")
>>       if role == "rid":
>> +        master_owner = get_fsmo_roleowner(samdb, rid_dn)
>>           m["becomeRidMaster"]= ldb.MessageElement(
>>               "1", ldb.FLAG_MOD_REPLACE,
>>               "becomeRidMaster")
>>       elif role == "pdc":
>> -        domain_dn = samdb.domain_dn()
>> +        master_owner = get_fsmo_roleowner(samdb, domain_dn)
>> +
>>           res = samdb.search(domain_dn,
>>                              scope=ldb.SCOPE_BASE, attrs=["objectSid"])
>>           assert len(res) == 1
>> @@ -47,25 +164,35 @@ def transfer_role(outf, role, samdb):
>>               sid, ldb.FLAG_MOD_REPLACE,
>>               "becomePdc")
>>       elif role == "naming":
>> +        master_owner = get_fsmo_roleowner(samdb, naming_dn)
>>           m["becomeDomainMaster"]= ldb.MessageElement(
>>               "1", ldb.FLAG_MOD_REPLACE,
>>               "becomeDomainMaster")
>>       elif role == "infrastructure":
>> +        master_owner = get_fsmo_roleowner(samdb, infrastructure_dn)
>>           m["becomeInfrastructureMaster"]= ldb.MessageElement(
>>               "1", ldb.FLAG_MOD_REPLACE,
>>               "becomeInfrastructureMaster")
>>       elif role == "schema":
>> +        master_owner = get_fsmo_roleowner(samdb, schema_dn)
>>           m["becomeSchemaMaster"]= ldb.MessageElement(
>>               "1", ldb.FLAG_MOD_REPLACE,
>>               "becomeSchemaMaster")
>>       else:
>>           raise CommandError("Invalid FSMO role.")
>> -    try:
>> -        samdb.modify(m)
>> -    except LdbError, (num, msg):
>> -        raise CommandError("Failed to initiate transfer of '%s' role: %s" % (role, msg))
>> -    outf.write("FSMO transfer of '%s' role successful\n" % role)
>>   
>> +    if master_owner != new_owner:
>> +        try:
>> +            samdb.modify(m)
>> +        except LdbError, (num, msg):
>> +            raise CommandError("Transfer of '%s' role failed: %s" %
>> +                               (role, msg))
>> +
>> +        outf.write("FSMO transfer of '%s' role successful\n" % role)
>> +        return True
>> +    else:
>> +        outf.write("This DC already has the '%s' FSMO role\n" % role)
>> +        return False
>>   
>>   class cmd_fsmo_seize(Command):
>>       """Seize the role."""
>> @@ -79,26 +206,31 @@ class cmd_fsmo_seize(Command):
>>           }
>>   
>>       takes_options = [
>> -        Option("-H", "--URL", help="LDB URL for database or target server", type=str,
>> -               metavar="URL", dest="H"),
>> -        Option("--force", help="Force seizing of the role without attempting to transfer first.", action="store_true"),
>> -        Option("--role", type="choice", choices=["rid", "pdc", "infrastructure","schema","naming","all"],
>> +        Option("-H", "--URL", help="LDB URL for database or target server",
>> +               type=str, metavar="URL", dest="H"),
>> +        Option("--force",
>> +               help="Force seizing of the role without attempting to transfer first.",
>> +               action="store_true"),
>> +        Option("--role", type="choice", choices=["rid", "pdc", "infrastructure",
>> +               "schema", "naming", "domaindns", "forestdns", "all"],
>>                  help="""The FSMO role to seize or transfer.\n
>>   rid=RidAllocationMasterRole\n
>>   schema=SchemaMasterRole\n
>>   pdc=PdcEmulationMasterRole\n
>>   naming=DomainNamingMasterRole\n
>>   infrastructure=InfrastructureMasterRole\n
>> -all=all of the above"""),
>> +domaindns=DomainDnsZonesMasterRole\n
>> +forestdns=ForestDnsZonesMasterRole\n
>> +all=all of the above\n
>> +You must provide an Admin user and password."""),
>>           ]
>>   
>>       takes_args = []
>>   
>>       def seize_role(self, role, samdb, force):
>> -        res = samdb.search("",
>> -                           scope=ldb.SCOPE_BASE, attrs=["dsServiceName"])
>> -        assert len(res) == 1
>> -        serviceName = res[0]["dsServiceName"][0]
>> +        """Seize standard fsmo role. """
>> +
>> +        serviceName = samdb.get_dsServiceName()
>>           domain_dn = samdb.domain_dn()
>>           self.infrastructure_dn = "CN=Infrastructure," + domain_dn
>>           self.naming_dn = "CN=Partitions,%s" % samdb.get_config_basedn()
>> @@ -119,26 +251,80 @@ all=all of the above"""),
>>           else:
>>               raise CommandError("Invalid FSMO role.")
>>           #first try to transfer to avoid problem if the owner is still active
>> -        if force is None:
>> -            self.message("Attempting transfer...")
>> -            try:
>> -                transfer_role(self.outf, role, samdb)
>> -                self.outf.write("FSMO seize was not required, as transfer of '%s' role was successful\n" % role)
>> -                return
>> -            except CommandError:
>> -            #transfer failed, use the big axe...
>> -                self.message("Transfer unsuccessful, seizing...")
>> +        seize = False
>> +        master_owner = get_fsmo_roleowner(samdb, m.dn)
>> +        if master_owner != serviceName:
>> +            if force is None:
>> +                self.message("Attempting transfer...")
>> +                if not transfer_role(self.outf, role, samdb):
>> +                    #transfer failed, use the big axe...
>> +                    seize = True
>> +                    self.message("Transfer unsuccessful, seizing...")
>> +                else:
>> +                    self.message("Not seizing role as transfer was successful")
>> +
>> +            if force is not None or seize == True:
>> +                self.message("Seizing %s FSMO role..." % role)
>> +                m["fSMORoleOwner"]= ldb.MessageElement(
>> +                    serviceName, ldb.FLAG_MOD_REPLACE,
>> +                    "fSMORoleOwner")
>> +                try:
>> +                    samdb.modify(m)
>> +                except LdbError, (num, msg):
>> +                    raise CommandError("Failed to seize '%s' role: %s" %
>> +                                       (role, msg))
>> +                self.outf.write("FSMO seize of '%s' role successful\n" % role)
>> +                return True
>>           else:
>> -            self.message("Will not attempt transfer, seizing...")
>> +            self.outf.write("This DC already has the '%s' FSMO role\n" % role)
>> +            return False
>>   
>> -        m["fSMORoleOwner"]= ldb.MessageElement(
>> -            serviceName, ldb.FLAG_MOD_REPLACE,
>> -            "fSMORoleOwner")
>> -        try:
>> -            samdb.modify(m)
>> -        except LdbError, (num, msg):
>> -            raise CommandError("Failed to initiate role seize of '%s' role: %s" % (role, msg))
>> -        self.outf.write("FSMO seize of '%s' role successful\n" % role)
>> +    def seize_dns_role(self, role, samdb, credopts, sambaopts,
>> +                       versionopts, force):
>> +        """Seize DNS FSMO role. """
>> +
>> +        serviceName = samdb.get_dsServiceName()
>> +        domain_dn = samdb.domain_dn()
>> +        forest_dn = samba.dn_from_dns_name(samdb.forest_dns_name())
>> +        self.domaindns_dn = "CN=Infrastructure,DC=DomainDnsZones," + domain_dn
>> +        self.forestdns_dn = "CN=Infrastructure,DC=ForestDnsZones," + forest_dn
>> +
>> +        m = ldb.Message()
>> +        if role == "domaindns":
>> +            m.dn = ldb.Dn(samdb, self.domaindns_dn)
>> +        elif role == "forestdns":
>> +            m.dn = ldb.Dn(samdb, self.forestdns_dn)
>> +        else:
>> +            raise CommandError("Invalid FSMO role.")
>> +        #first try to transfer to avoid problem if the owner is still active
>> +        seize = False
>> +        master_owner = get_fsmo_roleowner(samdb, m.dn)
>> +        if master_owner != serviceName:
>> +            if force is None:
>> +                self.message("Attempting transfer...")
>> +                if not transfer_dns_role(self.outf, sambaopts, credopts, role,
>> +                                      samdb):
>> +                    #transfer failed, use the big axe...
>> +                    seize = True
>> +                    self.message("Transfer unsuccessful, seizing...")
>> +                else:
>> +                    self.message("Not seizing role as transfer was successful\n")
>> +
>> +            if force is not None or seize == True:
>> +                self.message("Seizing %s FSMO role..." % role)
>> +                m["fSMORoleOwner"]= ldb.MessageElement(
>> +                    serviceName, ldb.FLAG_MOD_REPLACE,
>> +                    "fSMORoleOwner")
>> +                try:
>> +                    samdb.modify(m)
>> +                except LdbError, (num, msg):
>> +                    raise CommandError("Failed to seize '%s' role: %s" %
>> +                                       (role, msg))
>> +                self.outf.write("FSMO seize of '%s' role successful\n" % role)
>> +                return True
>> +        else:
>> +            self.outf.write("This DC already has the '%s' FSMO role\n" % role)
>> +            return False
>>   
>>       def run(self, force=None, H=None, role=None,
>>               credopts=None, sambaopts=None, versionopts=None):
>> @@ -155,8 +341,16 @@ all=all of the above"""),
>>               self.seize_role("naming", samdb, force)
>>               self.seize_role("infrastructure", samdb, force)
>>               self.seize_role("schema", samdb, force)
>> +            self.seize_dns_role("domaindns", samdb, credopts, sambaopts,
>> +                                versionopts, force)
>> +            self.seize_dns_role("forestdns", samdb, credopts, sambaopts,
>> +                                versionopts, force)
>>           else:
>> -            self.seize_role(role, samdb, force)
>> +            if role == "domaindns" or role == "forestdns":
>> +                self.seize_dns_role(role, samdb, credopts, sambaopts,
>> +                                    versionopts, force)
>> +            else:
>> +                self.seize_role(role, samdb, force)
>>   
>>   
>>   class cmd_fsmo_show(Command):
>> @@ -171,8 +365,8 @@ class cmd_fsmo_show(Command):
>>           }
>>   
>>       takes_options = [
>> -        Option("-H", "--URL", help="LDB URL for database or target server", type=str,
>> -               metavar="URL", dest="H"),
>> +        Option("-H", "--URL", help="LDB URL for database or target server",
>> +               type=str, metavar="URL", dest="H"),
>>           ]
>>   
>>       takes_args = []
>> @@ -185,42 +379,29 @@ class cmd_fsmo_show(Command):
>>               credentials=creds, lp=lp)
>>   
>>           domain_dn = samdb.domain_dn()
>> -        self.infrastructure_dn = "CN=Infrastructure," + domain_dn
>> -        self.naming_dn = "CN=Partitions,%s" % samdb.get_config_basedn()
>> -        self.schema_dn = samdb.get_schema_basedn()
>> -        self.rid_dn = "CN=RID Manager$,CN=System," + domain_dn
>> -
>> -        res = samdb.search(self.infrastructure_dn,
>> -                           scope=ldb.SCOPE_BASE, attrs=["fSMORoleOwner"])
>> -        assert len(res) == 1
>> -        self.infrastructureMaster = res[0]["fSMORoleOwner"][0]
>> -
>> -        res = samdb.search(domain_dn,
>> -                           scope=ldb.SCOPE_BASE, attrs=["fSMORoleOwner"])
>> -        assert len(res) == 1
>> -        self.pdcEmulator = res[0]["fSMORoleOwner"][0]
>> -
>> -        res = samdb.search(self.naming_dn,
>> -                           scope=ldb.SCOPE_BASE, attrs=["fSMORoleOwner"])
>> -        assert len(res) == 1
>> -        self.namingMaster = res[0]["fSMORoleOwner"][0]
>> -
>> -        res = samdb.search(self.schema_dn,
>> -                           scope=ldb.SCOPE_BASE, attrs=["fSMORoleOwner"])
>> -        assert len(res) == 1
>> -        self.schemaMaster = res[0]["fSMORoleOwner"][0]
>> -
>> -        res = samdb.search(self.rid_dn,
>> -                           scope=ldb.SCOPE_BASE, attrs=["fSMORoleOwner"])
>> -        assert len(res) == 1
>> -        self.ridMaster = res[0]["fSMORoleOwner"][0]
>> -
>> -        self.message("InfrastructureMasterRole owner: " + self.infrastructureMaster)
>> -        self.message("RidAllocationMasterRole owner: " + self.ridMaster)
>> -        self.message("PdcEmulationMasterRole owner: " + self.pdcEmulator)
>> -        self.message("DomainNamingMasterRole owner: " + self.namingMaster)
>> -        self.message("SchemaMasterRole owner: " + self.schemaMaster)
>> -
>> +        forest_dn = samba.dn_from_dns_name(samdb.forest_dns_name())
>> +        infrastructure_dn = "CN=Infrastructure," + domain_dn
>> +        naming_dn = "CN=Partitions,%s" % samdb.get_config_basedn()
>> +        schema_dn = samdb.get_schema_basedn()
>> +        rid_dn = "CN=RID Manager$,CN=System," + domain_dn
>> +        domaindns_dn = "CN=Infrastructure,DC=DomainDnsZones," + domain_dn
>> +        forestdns_dn = "CN=Infrastructure,DC=ForestDnsZones," + forest_dn
>> +
>> +        infrastructureMaster = get_fsmo_roleowner(samdb, infrastructure_dn)
>> +        pdcEmulator = get_fsmo_roleowner(samdb, domain_dn)
>> +        namingMaster = get_fsmo_roleowner(samdb, naming_dn)
>> +        schemaMaster = get_fsmo_roleowner(samdb, schema_dn)
>> +        ridMaster = get_fsmo_roleowner(samdb, rid_dn)
>> +        domaindnszonesMaster = get_fsmo_roleowner(samdb, domaindns_dn)
>> +        forestdnszonesMaster = get_fsmo_roleowner(samdb, forestdns_dn)
>> +
>> +        self.message("SchemaMasterRole owner: " + schemaMaster)
>> +        self.message("InfrastructureMasterRole owner: " + infrastructureMaster)
>> +        self.message("RidAllocationMasterRole owner: " + ridMaster)
>> +        self.message("PdcEmulationMasterRole owner: " + pdcEmulator)
>> +        self.message("DomainNamingMasterRole owner: " + namingMaster)
>> +        self.message("DomainDnsZonesMasterRole owner: " + domaindnszonesMaster)
>> +        self.message("ForestDnsZonesMasterRole owner: " + forestdnszonesMaster)
>>   
>>   class cmd_fsmo_transfer(Command):
>>       """Transfer the role."""
>> @@ -234,16 +415,20 @@ class cmd_fsmo_transfer(Command):
>>           }
>>   
>>       takes_options = [
>> -        Option("-H", "--URL", help="LDB URL for database or target server", type=str,
>> -               metavar="URL", dest="H"),
>> -        Option("--role", type="choice", choices=["rid", "pdc", "infrastructure","schema","naming","all"],
>> +        Option("-H", "--URL", help="LDB URL for database or target server",
>> +               type=str, metavar="URL", dest="H"),
>> +        Option("--role", type="choice", choices=["rid", "pdc", "infrastructure",
>> +               "schema", "naming", "domaindns", "forestdns", "all"],
>>                  help="""The FSMO role to seize or transfer.\n
>>   rid=RidAllocationMasterRole\n
>>   schema=SchemaMasterRole\n
>>   pdc=PdcEmulationMasterRole\n
>>   naming=DomainNamingMasterRole\n
>>   infrastructure=InfrastructureMasterRole\n
>> -all=all of the above"""),
>> +domaindns=DomainDnsZonesMasterRole\n
>> +forestdns=ForestDnsZonesMasterRole\n
>> +all=all of the above\n
>> +You must provide an Admin user and password."""),
>>           ]
>>   
>>       takes_args = []
>> @@ -263,8 +448,13 @@ all=all of the above"""),
>>               transfer_role(self.outf, "naming", samdb)
>>               transfer_role(self.outf, "infrastructure", samdb)
>>               transfer_role(self.outf, "schema", samdb)
>> +            transfer_dns_role(self.outf, sambaopts, credopts, "domaindns", samdb)
>> +            transfer_dns_role(self.outf, sambaopts, credopts, "forestdns", samdb)
>>           else:
>> -            transfer_role(self.outf, role, samdb)
>> +            if role == "domaindns" or role == "forestdns":
>> +                transfer_dns_role(self.outf, sambaopts, credopts, role, samdb)
>> +            else:
>> +                transfer_role(self.outf, role, samdb)
>>   
>>   
>>   class cmd_fsmo(SuperCommand):
>> -- 
>> 1.7.10.4
>>

Hi, could someone possibly have a look at my latest patch and agree with 
Jelmer that it is usable and push it.
If there is still a problem with it, please let me know and I will try 
to fix it.

Rowland


More information about the samba-technical mailing list