From 9e35d733fa4e4c438d3328da78ace4292e295319 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Baumbach?= <bb@sernet.de>
Date: Fri, 24 May 2019 15:46:17 +0200
Subject: [PATCH 1/5] s4:torture:fsmo.py: test role transfers of dns partitions
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13973

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Björn Baumbach <bbaumbach@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 5e000a8487d788dd196980b77ec7299c8be74abf)
---
 selftest/knownfail.d/fsmo          |  2 ++
 source4/torture/drs/python/fsmo.py | 10 ++++++++++
 2 files changed, 12 insertions(+)
 create mode 100644 selftest/knownfail.d/fsmo

diff --git a/selftest/knownfail.d/fsmo b/selftest/knownfail.d/fsmo
new file mode 100644
index 00000000000..da665d2251d
--- /dev/null
+++ b/selftest/knownfail.d/fsmo
@@ -0,0 +1,2 @@
+^samba4.drs.fsmo.python.*.fsmo.DrsFsmoTestCase.test_DomainDnsZonesMasterTransfer
+^samba4.drs.fsmo.python.*.fsmo.DrsFsmoTestCase.test_ForestDnsZonesMasterTransfer
diff --git a/source4/torture/drs/python/fsmo.py b/source4/torture/drs/python/fsmo.py
index 744299cc610..32817dae24b 100644
--- a/source4/torture/drs/python/fsmo.py
+++ b/source4/torture/drs/python/fsmo.py
@@ -52,6 +52,10 @@ class DrsFsmoTestCase(drs_base.DrsBaseTestCase):
         self.infrastructure_dn = "CN=Infrastructure," + self.domain_dn
         self.naming_dn = "CN=Partitions," + self.config_dn
         self.rid_dn = "CN=RID Manager$,CN=System," + self.domain_dn
+        self.domain_dns_dn = (
+            "CN=Infrastructure,DC=DomainDnsZones, %s" % self.domain_dn )
+        self.forest_dns_dn = (
+            "CN=Infrastructure,DC=ForestDnsZones, %s" % self.domain_dn )
 
     def tearDown(self):
         super(DrsFsmoTestCase, self).tearDown()
@@ -143,3 +147,9 @@ class DrsFsmoTestCase(drs_base.DrsBaseTestCase):
 
     def test_NamingMasterTransfer(self):
         self._role_transfer(role="naming", role_dn=self.naming_dn)
+
+    def test_DomainDnsZonesMasterTransfer(self):
+        self._role_transfer(role="domaindns", role_dn=self.domain_dns_dn)
+
+    def test_ForestDnsZonesMasterTransfer(self):
+        self._role_transfer(role="forestdns", role_dn=self.forest_dns_dn)
-- 
2.17.1


From e951441eefc5558c7cfaae007520196ba163648e Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Tue, 28 May 2019 14:53:09 +0200
Subject: [PATCH 2/5] samba-tool: fix replication after dns partition fsmo role
 transfer

The new role owner need to replicate from the old role owner.

Before we told the old role owner to replicate from itself.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13973

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 4793f8ed584a4e6d8a26b06b691ec636e77d8f2a)
---
 python/samba/netcmd/fsmo.py | 4 +++-
 selftest/knownfail.d/fsmo   | 2 --
 2 files changed, 3 insertions(+), 3 deletions(-)
 delete mode 100644 selftest/knownfail.d/fsmo

diff --git a/python/samba/netcmd/fsmo.py b/python/samba/netcmd/fsmo.py
index b916f9c97b8..c5c69794409 100644
--- a/python/samba/netcmd/fsmo.py
+++ b/python/samba/netcmd/fsmo.py
@@ -65,6 +65,8 @@ def transfer_dns_role(outf, sambaopts, credopts, role, samdb):
         forest_dn = samba.dn_from_dns_name(samdb.forest_dns_name())
         role_object = "CN=Infrastructure,DC=ForestDnsZones," + forest_dn
 
+    new_host_dns_name = samdb.host_dns_name()
+
     res = samdb.search(role_object,
                        attrs=["fSMORoleOwner"],
                        scope=ldb.SCOPE_BASE,
@@ -129,7 +131,7 @@ def transfer_dns_role(outf, sambaopts, credopts, role, samdb):
             raise CommandError("Failed to add role '%s': %s" % (role, msg))
 
         try:
-            connection = samba.drs_utils.drsuapi_connect(samdb.host_dns_name(),
+            connection = samba.drs_utils.drsuapi_connect(new_host_dns_name,
                                                          lp, creds)
         except samba.drs_utils.drsException as e:
             raise CommandError("Drsuapi Connect failed", e)
diff --git a/selftest/knownfail.d/fsmo b/selftest/knownfail.d/fsmo
deleted file mode 100644
index da665d2251d..00000000000
--- a/selftest/knownfail.d/fsmo
+++ /dev/null
@@ -1,2 +0,0 @@
-^samba4.drs.fsmo.python.*.fsmo.DrsFsmoTestCase.test_DomainDnsZonesMasterTransfer
-^samba4.drs.fsmo.python.*.fsmo.DrsFsmoTestCase.test_ForestDnsZonesMasterTransfer
-- 
2.17.1


From 274a1bc7ded364f894137aa3ac09ae2c5d90d597 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Baumbach?= <bb@sernet.de>
Date: Tue, 28 May 2019 14:57:15 +0200
Subject: [PATCH 3/5] s4:torture:fsmo.py: remove unused 'net_cmd' variable
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13973

Signed-off-by: Björn Baumbach <bbaumbach@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 0fbb013bef886e425602fdbbef14a4029719818f)
---
 source4/torture/drs/python/fsmo.py | 2 --
 1 file changed, 2 deletions(-)

diff --git a/source4/torture/drs/python/fsmo.py b/source4/torture/drs/python/fsmo.py
index 32817dae24b..f846ca71611 100644
--- a/source4/torture/drs/python/fsmo.py
+++ b/source4/torture/drs/python/fsmo.py
@@ -61,8 +61,6 @@ class DrsFsmoTestCase(drs_base.DrsBaseTestCase):
         super(DrsFsmoTestCase, self).tearDown()
 
     def _net_fsmo_role_transfer(self, DC, role, noop=False):
-        # find out where is samba-tool command
-        net_cmd = os.path.abspath("./bin/samba-tool")
         # make command line credentials string
         ccache_name = self.get_creds_ccache_name()
         cmd_line_auth = "--krb5-ccache=%s" % ccache_name
-- 
2.17.1


From dfecc3f6c5034420f7f831c4e09db7c8bb832bf9 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Tue, 28 May 2019 14:54:19 +0200
Subject: [PATCH 4/5] samba-tool: use only one LDAP modify for dns partition
 fsmo role transfer

We should not risk that we end with no role owner.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13973

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 6a2e3a15585086bcceb18283216978a2fcb30da3)
---
 python/samba/netcmd/fsmo.py | 22 ++++++----------------
 1 file changed, 6 insertions(+), 16 deletions(-)

diff --git a/python/samba/netcmd/fsmo.py b/python/samba/netcmd/fsmo.py
index c5c69794409..4061bad4322 100644
--- a/python/samba/netcmd/fsmo.py
+++ b/python/samba/netcmd/fsmo.py
@@ -108,22 +108,12 @@ def transfer_dns_role(outf, sambaopts, credopts, role, samdb):
 
         m = ldb.Message()
         m.dn = ldb.Dn(samdb, role_object)
-        m["fSMORoleOwner"] = ldb.MessageElement(master_owner,
-                                                ldb.FLAG_MOD_DELETE,
-                                                "fSMORoleOwner")
-
-        try:
-            samdb.modify(m)
-        except LdbError as e4:
-            (num, msg) = e4.args
-            raise CommandError("Failed to delete role '%s': %s" %
-                               (role, msg))
-
-        m = ldb.Message()
-        m.dn = ldb.Dn(samdb, role_object)
-        m["fSMORoleOwner"] = ldb.MessageElement(new_owner,
-                                                ldb.FLAG_MOD_ADD,
-                                                "fSMORoleOwner")
+        m["fSMORoleOwner_Del"] = ldb.MessageElement(master_owner,
+                                                    ldb.FLAG_MOD_DELETE,
+                                                    "fSMORoleOwner")
+        m["fSMORoleOwner_Add"] = ldb.MessageElement(new_owner,
+                                                    ldb.FLAG_MOD_ADD,
+                                                    "fSMORoleOwner")
         try:
             samdb.modify(m)
         except LdbError as e5:
-- 
2.17.1


From 6023cfc8d34a392947ff9cd85c0d8c55ea626768 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Baumbach?= <bb@sernet.de>
Date: Tue, 28 May 2019 14:52:36 +0200
Subject: [PATCH 5/5] samba-tool: add 'import samba.drs_utils' to fsmo.py
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

On some systems we're seeing this:

 ERROR(<type 'exceptions.AttributeError'>): uncaught exception - 'module' object has no attribute 'drs_utils'
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 185, in _run
     return self.run(*args, **kwargs)
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line 533, in run
     transfer_dns_role(self.outf, sambaopts, credopts, role, samdb)
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line 136, in transfer_dns_role
     except samba.drs_utils.drsException as e:

E.g. it happens on debian stretch (9.9) with python 2.7.13 (on 4.10.4)

While it doesn't happen on ubuntu 18.04 with python 2.7.15rc1 or
with python 3.6.7.

There were also some reports on the mailing lists, see:
https://lists.samba.org/archive/samba-technical/2019-May/133624.html

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13973

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Björn Baumbach <bbaumbach@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu May 30 08:27:24 UTC 2019 on sn-devel-184

(cherry picked from commit 320a5c5425e6ced18b1a9bf19b4f361ee16821ed)
---
 python/samba/netcmd/fsmo.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/python/samba/netcmd/fsmo.py b/python/samba/netcmd/fsmo.py
index 4061bad4322..643d0aec1b6 100644
--- a/python/samba/netcmd/fsmo.py
+++ b/python/samba/netcmd/fsmo.py
@@ -23,6 +23,7 @@ import ldb
 from ldb import LdbError
 from samba.dcerpc import drsuapi, misc
 from samba.auth import system_session
+import samba.drs_utils
 from samba.netcmd import (
     Command,
     CommandError,
-- 
2.17.1