The Samba-Bugzilla – Attachment 15079 Details for
Bug 13799
samba-tool domain schemaupgrade uses relax control and skips the schemaInfo update
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patches for v4-10-test
tmp410.diff.txt (text/plain), 14.25 KB, created by
Stefan Metzmacher
on 2019-04-17 21:19:12 UTC
(
hide
)
Description:
Patches for v4-10-test
Filename:
MIME Type:
Creator:
Stefan Metzmacher
Created:
2019-04-17 21:19:12 UTC
Size:
14.25 KB
patch
obsolete
>From da0317ca94ea367815d6d5260dcc15f72fef45a8 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Sat, 23 Feb 2019 00:14:31 +0100 >Subject: [PATCH 1/6] drsuapi.idl: add DRSUAPI_ATTID_schemaInfo > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13799 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Garming Sam <garming@catalyst.net.nz> >(cherry picked from commit 140a6733a458d0afa20237a09ef4ee2546a83a8f) >--- > librpc/idl/drsuapi.idl | 1 + > 1 file changed, 1 insertion(+) > >diff --git a/librpc/idl/drsuapi.idl b/librpc/idl/drsuapi.idl >index cd90500faf57..448a58bcd1f5 100644 >--- a/librpc/idl/drsuapi.idl >+++ b/librpc/idl/drsuapi.idl >@@ -548,6 +548,7 @@ interface drsuapi > DRSUAPI_ATTID_objectCategory = 0x0009030e, > DRSUAPI_ATTID_gPLink = 0x0009037b, > DRSUAPI_ATTID_transportAddressAttribute = 0x0009037f, >+ DRSUAPI_ATTID_schemaInfo = 0x0009054e, > DRSUAPI_ATTID_msDS_Behavior_Version = 0x000905b3, > DRSUAPI_ATTID_msDS_KeyVersionNumber = 0x000906f6, > DRSUAPI_ATTID_msDS_NonMembers = 0x00090701, >-- >2.17.1 > > >From 661f532ba055377c578106ec07970f93b93bfbbe Mon Sep 17 00:00:00 2001 >From: Aaron Haslett <aaronhaslett@catalyst.net.nz> >Date: Thu, 4 Apr 2019 14:39:41 +1300 >Subject: [PATCH 2/6] samdb: test for schemainfo update with relax control > >Currently schema info's revision field isn't incremented if relax >control is present. This is so that no increment is done during >provision, but we need the relax control in other situations where the >increment is desired. This patch adds a failing test to expose the >problem. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13799 > >Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Garming Sam <garming@catalyst.net.nz> >(cherry picked from commit e34abefb77729330cd48bc039c82b03fe545f8a9) >--- > selftest/knownfail.d/samdb | 1 + > source4/dsdb/tests/python/dsdb_schema_info.py | 15 +++++++++++---- > source4/selftest/tests.py | 2 +- > 3 files changed, 13 insertions(+), 5 deletions(-) > create mode 100644 selftest/knownfail.d/samdb > >diff --git a/selftest/knownfail.d/samdb b/selftest/knownfail.d/samdb >new file mode 100644 >index 000000000000..d2b076a039d2 >--- /dev/null >+++ b/selftest/knownfail.d/samdb >@@ -0,0 +1 @@ >+samba4.schemaInfo.python.*SchemaInfoTestCase.test_AddModifyClassLocalRelaxed.* >diff --git a/source4/dsdb/tests/python/dsdb_schema_info.py b/source4/dsdb/tests/python/dsdb_schema_info.py >index 60c97b65829e..8554e6c6082b 100755 >--- a/source4/dsdb/tests/python/dsdb_schema_info.py >+++ b/source4/dsdb/tests/python/dsdb_schema_info.py >@@ -166,16 +166,17 @@ systemOnly: FALSE > """ > return ldif > >- def test_AddModifyClass(self): >+ def test_AddModifyClass(self, controls=[], class_pre="schemaInfo-Class-"): > # get initial schemaInfo > schi_before = self._getSchemaInfo() > > # create names for a Class to add >- (class_name, class_ldap_name, class_dn) = self._make_obj_names("schemaInfo-Class-") >+ (class_name, class_ldap_name, class_dn) =\ >+ self._make_obj_names(class_pre) > ldif = self._make_class_ldif(class_name, class_dn, 1) > > # add the new Class >- self.sam_db.add_ldif(ldif) >+ self.sam_db.add_ldif(ldif, controls=controls) > self._ldap_schemaUpdateNow() > # compare resulting schemaInfo > schi_after = self._getSchemaInfo() >@@ -184,7 +185,7 @@ systemOnly: FALSE > # rename the Class > class_dn_new = class_dn.replace(class_name, class_name + "-NEW") > try: >- self.sam_db.rename(class_dn, class_dn_new) >+ self.sam_db.rename(class_dn, class_dn_new, controls=controls) > except LdbError as e1: > (num, _) = e1.args > self.fail("failed to change CN for %s: %s" % (class_name, _)) >@@ -192,3 +193,9 @@ systemOnly: FALSE > # compare resulting schemaInfo > schi_after = self._getSchemaInfo() > self._checkSchemaInfo(schi_before, schi_after) >+ >+ def test_AddModifyClassLocalRelaxed(self): >+ lp = self.get_loadparm() >+ self.sam_db = samba.tests.connect_samdb(lp.samdb_url()) >+ self.test_AddModifyClass(controls=["relax:0"], >+ class_pre="schemaInfo-Relaxed-") >diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py >index 5205ff441653..d1522cd4c230 100755 >--- a/source4/selftest/tests.py >+++ b/source4/selftest/tests.py >@@ -863,7 +863,7 @@ plantestsuite_loadlist("samba4.tokengroups.ntlm.python(ad_dc_ntvfs)", "ad_dc_ntv > plantestsuite("samba4.sam.python(fl2008r2dc)", "fl2008r2dc", [python, os.path.join(samba4srcdir, "dsdb/tests/python/sam.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN']) > plantestsuite("samba4.sam.python(ad_dc_ntvfs)", "ad_dc_ntvfs", [python, os.path.join(samba4srcdir, "dsdb/tests/python/sam.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN']) > plantestsuite("samba4.user_account_control.python(ad_dc_ntvfs)", "ad_dc_ntvfs", [python, os.path.join(samba4srcdir, "dsdb/tests/python/user_account_control.py"), '$SERVER', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN']) >-planoldpythontestsuite("ad_dc_ntvfs", "dsdb_schema_info", >+planoldpythontestsuite("ad_dc_ntvfs:local", "dsdb_schema_info", > extra_path=[os.path.join(samba4srcdir, 'dsdb/tests/python')], > name="samba4.schemaInfo.python(ad_dc_ntvfs)", > extra_args=['-U"$DOMAIN/$DC_USERNAME%$DC_PASSWORD"'], py3_compatible=True) >-- >2.17.1 > > >From 05d182dd6fb9af3b777c451b9406e7179336f7c3 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Thu, 21 Feb 2019 09:20:48 +0100 >Subject: [PATCH 3/6] ldapcmp: ignore 'schemaInfo' if two domains are compared > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13799 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Garming Sam <garming@catalyst.net.nz> >(cherry picked from commit b5b572d5f71e2b9783ddb25c21ac32904fbfd661) >--- > python/samba/netcmd/ldapcmp.py | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/python/samba/netcmd/ldapcmp.py b/python/samba/netcmd/ldapcmp.py >index 17c62928a55e..6051b55b31a0 100644 >--- a/python/samba/netcmd/ldapcmp.py >+++ b/python/samba/netcmd/ldapcmp.py >@@ -460,7 +460,7 @@ class LDAPObject(object): > "msDs-masteredBy", "lastSetTime", > "ipsecNegotiationPolicyReference", "subRefs", "gPCFileSysPath", > "accountExpires", "invocationId", "operatingSystemVersion", >- "oEMInformation", >+ "oEMInformation", "schemaInfo", > # After Exchange preps > "targetAddress", "msExchMailboxGuid", "siteFolderGUID"] > # >-- >2.17.1 > > >From 2db28831ed7cb9283639a2b3e0272b116eef78aa Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Fri, 8 Mar 2019 11:27:14 +0100 >Subject: [PATCH 4/6] s4:provision: split out > provision_self_join_modify_schema.ldif > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13799 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Garming Sam <garming@catalyst.net.nz> >(cherry picked from commit 5ea84af2d69e0b3a2a801ea0cc3f4ffc66bf1764) >--- > python/samba/provision/__init__.py | 8 ++++++-- > source4/setup/provision_self_join_modify_config.ldif | 5 ----- > source4/setup/provision_self_join_modify_schema.ldif | 4 ++++ > 3 files changed, 10 insertions(+), 7 deletions(-) > create mode 100644 source4/setup/provision_self_join_modify_schema.ldif > >diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py >index aa9ffc168b25..dfb9629333db 100644 >--- a/python/samba/provision/__init__.py >+++ b/python/samba/provision/__init__.py >@@ -1193,11 +1193,15 @@ def setup_self_join(samdb, admin_session_info, names, fill, machinepass, > "DOMAIN_CONTROLLER_FUNCTIONALITY": str( > domainControllerFunctionality)}) > >- # Setup fSMORoleOwner entries to point at the newly created DC entry >+ # Setup fSMORoleOwner entries to point at the newly created DC entry >+ setup_modify_ldif(samdb, >+ setup_path("provision_self_join_modify_schema.ldif"), { >+ "SCHEMADN": names.schemadn, >+ "SERVERDN": names.serverdn, >+ }) > setup_modify_ldif(samdb, > setup_path("provision_self_join_modify_config.ldif"), { > "CONFIGDN": names.configdn, >- "SCHEMADN": names.schemadn, > "DEFAULTSITE": names.sitename, > "NETBIOSNAME": names.netbiosname, > "SERVERDN": names.serverdn, >diff --git a/source4/setup/provision_self_join_modify_config.ldif b/source4/setup/provision_self_join_modify_config.ldif >index 48a70924b89e..2d8e4c929449 100644 >--- a/source4/setup/provision_self_join_modify_config.ldif >+++ b/source4/setup/provision_self_join_modify_config.ldif >@@ -1,8 +1,3 @@ >-dn: ${SCHEMADN} >-changetype: modify >-replace: fSMORoleOwner >-fSMORoleOwner: CN=NTDS Settings,${SERVERDN} >- > dn: CN=Partitions,${CONFIGDN} > changetype: modify > replace: fSMORoleOwner >diff --git a/source4/setup/provision_self_join_modify_schema.ldif b/source4/setup/provision_self_join_modify_schema.ldif >new file mode 100644 >index 000000000000..edb06204e5bd >--- /dev/null >+++ b/source4/setup/provision_self_join_modify_schema.ldif >@@ -0,0 +1,4 @@ >+dn: ${SCHEMADN} >+changetype: modify >+replace: fSMORoleOwner >+fSMORoleOwner: CN=NTDS Settings,${SERVERDN} >-- >2.17.1 > > >From 735b83088811186a37212b27f860de5b4342fb48 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Fri, 8 Mar 2019 11:28:42 +0100 >Subject: [PATCH 5/6] python/provision: use provision and relax controls for > schema provision > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13799 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Garming Sam <garming@catalyst.net.nz> >(cherry picked from commit 7652439fa1aab92945f5540a43fc49568d446917) >--- > python/samba/provision/__init__.py | 19 ++++++++++++------- > 1 file changed, 12 insertions(+), 7 deletions(-) > >diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py >index dfb9629333db..ea1caa377996 100644 >--- a/python/samba/provision/__init__.py >+++ b/python/samba/provision/__init__.py >@@ -1198,7 +1198,8 @@ def setup_self_join(samdb, admin_session_info, names, fill, machinepass, > setup_path("provision_self_join_modify_schema.ldif"), { > "SCHEMADN": names.schemadn, > "SERVERDN": names.serverdn, >- }) >+ }, >+ controls=["provision:0", "relax:0"]) > setup_modify_ldif(samdb, > setup_path("provision_self_join_modify_config.ldif"), { > "CONFIGDN": names.configdn, >@@ -1416,16 +1417,20 @@ def fill_samdb(samdb, lp, names, logger, policyguid, > > # The LDIF here was created when the Schema object was constructed > ignore_checks_oid = "local_oid:%s:0" % samba.dsdb.DSDB_CONTROL_SKIP_DUPLICATES_CHECK_OID >+ schema_controls = [ >+ "provision:0", >+ "relax:0", >+ ignore_checks_oid >+ ] >+ > logger.info("Setting up sam.ldb schema") >- samdb.add_ldif(schema.schema_dn_add, >- controls=["relax:0", ignore_checks_oid]) >- samdb.modify_ldif(schema.schema_dn_modify, >- controls=[ignore_checks_oid]) >+ samdb.add_ldif(schema.schema_dn_add, controls=schema_controls) >+ samdb.modify_ldif(schema.schema_dn_modify, controls=schema_controls) > samdb.write_prefixes_from_schema() >- samdb.add_ldif(schema.schema_data, controls=["relax:0", ignore_checks_oid]) >+ samdb.add_ldif(schema.schema_data, controls=schema_controls) > setup_add_ldif(samdb, setup_path("aggregate_schema.ldif"), > {"SCHEMADN": names.schemadn}, >- controls=["relax:0", ignore_checks_oid]) >+ controls=schema_controls) > > # Now register this container in the root of the forest > msg = ldb.Message(ldb.Dn(samdb, names.domaindn)) >-- >2.17.1 > > >From e2f332346f0f8c1d5610c68e60d0f2aa2958a4a4 Mon Sep 17 00:00:00 2001 >From: Aaron Haslett <aaronhaslett@catalyst.net.nz> >Date: Wed, 3 Apr 2019 16:34:42 +1300 >Subject: [PATCH 6/6] dsdb:samdb: schemainfo update with relax control > >Currently schema info's revision field isn't incremented if relax >control is present. This is so that no increment is done during >provision, but we need the relax control in other situations where >the increment is desired, so we should use the provision control instead >to disable schema info update. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13799 > >Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Garming Sam <garming@catalyst.net.nz> >(cherry picked from commit b7c1752754da1e8a83a53670cf4a410ec6e9d7b7) >--- > selftest/knownfail.d/samdb | 1 - > source4/dsdb/samdb/ldb_modules/samldb.c | 2 +- > 2 files changed, 1 insertion(+), 2 deletions(-) > delete mode 100644 selftest/knownfail.d/samdb > >diff --git a/selftest/knownfail.d/samdb b/selftest/knownfail.d/samdb >deleted file mode 100644 >index d2b076a039d2..000000000000 >--- a/selftest/knownfail.d/samdb >+++ /dev/null >@@ -1 +0,0 @@ >-samba4.schemaInfo.python.*SchemaInfoTestCase.test_AddModifyClassLocalRelaxed.* >diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c >index e69228c32c75..02eb2fa90494 100644 >--- a/source4/dsdb/samdb/ldb_modules/samldb.c >+++ b/source4/dsdb/samdb/ldb_modules/samldb.c >@@ -1333,7 +1333,7 @@ static int samldb_schema_info_update(struct samldb_ctx *ac) > } > > /* do not update schemaInfo during provisioning */ >- if (ldb_request_get_control(ac->req, LDB_CONTROL_RELAX_OID)) { >+ if (ldb_request_get_control(ac->req, LDB_CONTROL_PROVISION_OID)) { > return LDB_SUCCESS; > } > >-- >2.17.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
metze
:
review?
(
abartlet
)
garming
:
review+
Actions:
View
Attachments on
bug 13799
: 15079 |
15080