[PATCH] fix for bug 10882

Rowland Penny repenny241155 at gmail.com
Thu Sep 8 21:02:26 UTC 2016 

On Thu, 8 Sep 2016 13:45:23 -0700
Jeremy Allison <jra at samba.org> wrote:

> On Thu, Sep 08, 2016 at 09:10:32PM +0100, Rowland Penny wrote:
> > > > that added the saltPrincipal, so I think it is wrong to say that
> > > > Garmin's patch isn't right.
> > > 
> > > What commit refspec was that ? Andreas, can you comment here
> > > so we can get this sorted ?
> > > 
> > > Cheers,
> > > 
> > > 	Jeremy.
> > 
> > 
> > I think it is '86652c02083b411ad94217a871a2bcc81f16b369'
> 
> Yep, that added it - the 'fail' checks if it doesn't
> exist came later.
> 
> > What is really annoying me is that I posted my patch on the 17th
> > June and nothing, now on the 8th September it isn't right, I can
> > accept this, but it is anoying to have to wait nearly three months
> > to told this.
> 
> Yes, this shouldn't happen. As a Team member you have the
> right to timely review of patches - well everyone should
> really, but to be honest many Team members prefer writing
> their own stuff to reviewing other people's code. We as a
> Team need to get better at this.
> 
> If you don't get a timely review, don't drop or ignore it -
> make a fuss to the relevent subject matter experts. If you
> still get ignored I am always "reviewer of last resort"
> (which means sometimes I end up pushing stuff that's not
> quite right, but that's the fault of the subject matter
> experts who ignored the initial review requests IMHO :-).
> 
> > Andrew is quite correct if you think about it, 'samba_upgradedns'
> > probably isn't the right tool to re-create a missing 'dns-*' user.
> > Unless it is done via a switch ???
> 
> As I'm sure you can tell, this isn't my area of expertise :-).
> 
> Where do you think this should be done ?

I am now having second thoughts, perhaps this is the right place and I
now think Andrew is wrong!!

I have been re-reading the samba_upgradedns code, the original code
only deleted the 'dns-*' users if you were upgrading to
'SAMBA_INTERNAL', it also only checked for the 'dns-*' user in
secrets.ldb and only then if you were upgrading to 'BIND(_DLZ'.
After checking and not deleting any user (remember most people would be
running this code if they had rather foolishly deleted the 'dns-*' user
in sam.ldb) it then goes on to totally recreate the dns directory, this
must be more disruptive than recreating a keytab that is only used by
the DC.

My changes just make the user deletions happen before anything else and
it checks in both locations and what's more it works.

Rowland

More information about the samba-technical mailing list