From b432419f1510c95d4a4560cc3dc02c8229b72409 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Baumbach?= Date: Fri, 24 May 2019 15:46:17 +0200 Subject: [PATCH 1/5] s4:torture:fsmo.py: test role transfers of dns partitions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit BUG: https://bugzilla.samba.org/show_bug.cgi?id=13973 Pair-Programmed-With: Stefan Metzmacher Signed-off-by: Björn Baumbach Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett (cherry picked from commit 5e000a8487d788dd196980b77ec7299c8be74abf) --- selftest/knownfail.d/fsmo | 2 ++ source4/torture/drs/python/fsmo.py | 10 ++++++++++ 2 files changed, 12 insertions(+) create mode 100644 selftest/knownfail.d/fsmo diff --git a/selftest/knownfail.d/fsmo b/selftest/knownfail.d/fsmo new file mode 100644 index 000000000000..da665d2251d7 --- /dev/null +++ b/selftest/knownfail.d/fsmo @@ -0,0 +1,2 @@ +^samba4.drs.fsmo.python.*.fsmo.DrsFsmoTestCase.test_DomainDnsZonesMasterTransfer +^samba4.drs.fsmo.python.*.fsmo.DrsFsmoTestCase.test_ForestDnsZonesMasterTransfer diff --git a/source4/torture/drs/python/fsmo.py b/source4/torture/drs/python/fsmo.py index 6be55f8b70c8..a8d980077f48 100644 --- a/source4/torture/drs/python/fsmo.py +++ b/source4/torture/drs/python/fsmo.py @@ -51,6 +51,10 @@ class DrsFsmoTestCase(drs_base.DrsBaseTestCase): self.infrastructure_dn = "CN=Infrastructure," + self.domain_dn self.naming_dn = "CN=Partitions," + self.config_dn self.rid_dn = "CN=RID Manager$,CN=System," + self.domain_dn + self.domain_dns_dn = ( + "CN=Infrastructure,DC=DomainDnsZones, %s" % self.domain_dn ) + self.forest_dns_dn = ( + "CN=Infrastructure,DC=ForestDnsZones, %s" % self.domain_dn ) def tearDown(self): super(DrsFsmoTestCase, self).tearDown() @@ -143,3 +147,9 @@ class DrsFsmoTestCase(drs_base.DrsBaseTestCase): def test_NamingMasterTransfer(self): self._role_transfer(role="naming", role_dn=self.naming_dn) + + def test_DomainDnsZonesMasterTransfer(self): + self._role_transfer(role="domaindns", role_dn=self.domain_dns_dn) + + def test_ForestDnsZonesMasterTransfer(self): + self._role_transfer(role="forestdns", role_dn=self.forest_dns_dn) -- 2.17.1 From 7f85b5f94b14191e4583db465a7c38c6423c2128 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 28 May 2019 14:53:09 +0200 Subject: [PATCH 2/5] samba-tool: fix replication after dns partition fsmo role transfer The new role owner need to replicate from the old role owner. Before we told the old role owner to replicate from itself. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13973 Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett (cherry picked from commit 4793f8ed584a4e6d8a26b06b691ec636e77d8f2a) --- python/samba/netcmd/fsmo.py | 4 +++- selftest/knownfail.d/fsmo | 2 -- 2 files changed, 3 insertions(+), 3 deletions(-) delete mode 100644 selftest/knownfail.d/fsmo diff --git a/python/samba/netcmd/fsmo.py b/python/samba/netcmd/fsmo.py index 91de5dad563a..c276f5fced7e 100644 --- a/python/samba/netcmd/fsmo.py +++ b/python/samba/netcmd/fsmo.py @@ -64,6 +64,8 @@ def transfer_dns_role(outf, sambaopts, credopts, role, samdb): forest_dn = samba.dn_from_dns_name(samdb.forest_dns_name()) role_object = "CN=Infrastructure,DC=ForestDnsZones," + forest_dn + new_host_dns_name = samdb.host_dns_name() + res = samdb.search(role_object, attrs=["fSMORoleOwner"], scope=ldb.SCOPE_BASE, @@ -128,7 +130,7 @@ def transfer_dns_role(outf, sambaopts, credopts, role, samdb): raise CommandError("Failed to add role '%s': %s" % (role, msg)) try: - connection = samba.drs_utils.drsuapi_connect(samdb.host_dns_name(), + connection = samba.drs_utils.drsuapi_connect(new_host_dns_name, lp, creds) except samba.drs_utils.drsException as e: raise CommandError("Drsuapi Connect failed", e) diff --git a/selftest/knownfail.d/fsmo b/selftest/knownfail.d/fsmo deleted file mode 100644 index da665d2251d7..000000000000 --- a/selftest/knownfail.d/fsmo +++ /dev/null @@ -1,2 +0,0 @@ -^samba4.drs.fsmo.python.*.fsmo.DrsFsmoTestCase.test_DomainDnsZonesMasterTransfer -^samba4.drs.fsmo.python.*.fsmo.DrsFsmoTestCase.test_ForestDnsZonesMasterTransfer -- 2.17.1 From 89af18b23e7c831827689d22c0521f18a1cef7be Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Baumbach?= Date: Tue, 28 May 2019 14:57:15 +0200 Subject: [PATCH 3/5] s4:torture:fsmo.py: remove unused 'net_cmd' variable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit BUG: https://bugzilla.samba.org/show_bug.cgi?id=13973 Signed-off-by: Björn Baumbach Reviewed-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett (cherry picked from commit 0fbb013bef886e425602fdbbef14a4029719818f) --- source4/torture/drs/python/fsmo.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/source4/torture/drs/python/fsmo.py b/source4/torture/drs/python/fsmo.py index a8d980077f48..a8acb5af89de 100644 --- a/source4/torture/drs/python/fsmo.py +++ b/source4/torture/drs/python/fsmo.py @@ -60,8 +60,6 @@ class DrsFsmoTestCase(drs_base.DrsBaseTestCase): super(DrsFsmoTestCase, self).tearDown() def _net_fsmo_role_transfer(self, DC, role, noop=False): - # find out where is samba-tool command - net_cmd = os.path.abspath("./bin/samba-tool") # make command line credentials string ccache_name = self.get_creds_ccache_name() cmd_line_auth = "--krb5-ccache=%s" % ccache_name -- 2.17.1 From e3acec0a9095be1e512adb12b043fe548bd3349b Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 28 May 2019 14:54:19 +0200 Subject: [PATCH 4/5] samba-tool: use only one LDAP modify for dns partition fsmo role transfer We should not risk that we end with no role owner. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13973 Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett (similar to commit 6a2e3a15585086bcceb18283216978a2fcb30da3) --- python/samba/netcmd/fsmo.py | 22 ++++++---------------- 1 file changed, 6 insertions(+), 16 deletions(-) diff --git a/python/samba/netcmd/fsmo.py b/python/samba/netcmd/fsmo.py index c276f5fced7e..2190578f7f68 100644 --- a/python/samba/netcmd/fsmo.py +++ b/python/samba/netcmd/fsmo.py @@ -107,22 +107,12 @@ def transfer_dns_role(outf, sambaopts, credopts, role, samdb): m = ldb.Message() m.dn = ldb.Dn(samdb, role_object) - m["fSMORoleOwner"] = ldb.MessageElement(master_owner, - ldb.FLAG_MOD_DELETE, - "fSMORoleOwner") - - try: - samdb.modify(m) - except LdbError as e4: - (num, msg) = e4.args - raise CommandError("Failed to delete role '%s': %s" % - (role, msg)) - - m = ldb.Message() - m.dn = ldb.Dn(samdb, role_object) - m["fSMORoleOwner"]= ldb.MessageElement(new_owner, - ldb.FLAG_MOD_ADD, - "fSMORoleOwner") + m["fSMORoleOwner_Del"] = ldb.MessageElement(master_owner, + ldb.FLAG_MOD_DELETE, + "fSMORoleOwner") + m["fSMORoleOwner_Add"] = ldb.MessageElement(new_owner, + ldb.FLAG_MOD_ADD, + "fSMORoleOwner") try: samdb.modify(m) except LdbError as e5: -- 2.17.1 From 6dda60cc5aaf26a812c6c71830424adc75003acd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Baumbach?= Date: Tue, 28 May 2019 14:52:36 +0200 Subject: [PATCH 5/5] samba-tool: add 'import samba.drs_utils' to fsmo.py MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit On some systems we're seeing this: ERROR(): uncaught exception - 'module' object has no attribute 'drs_utils' File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 185, in _run return self.run(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line 533, in run transfer_dns_role(self.outf, sambaopts, credopts, role, samdb) File "/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line 136, in transfer_dns_role except samba.drs_utils.drsException as e: E.g. it happens on debian stretch (9.9) with python 2.7.13 (on 4.10.4) While it doesn't happen on ubuntu 18.04 with python 2.7.15rc1 or with python 3.6.7. There were also some reports on the mailing lists, see: https://lists.samba.org/archive/samba-technical/2019-May/133624.html BUG: https://bugzilla.samba.org/show_bug.cgi?id=13973 Pair-Programmed-With: Stefan Metzmacher Signed-off-by: Björn Baumbach Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Thu May 30 08:27:24 UTC 2019 on sn-devel-184 (cherry picked from commit 320a5c5425e6ced18b1a9bf19b4f361ee16821ed) --- python/samba/netcmd/fsmo.py | 1 + 1 file changed, 1 insertion(+) diff --git a/python/samba/netcmd/fsmo.py b/python/samba/netcmd/fsmo.py index 2190578f7f68..c5ed04be1bbf 100644 --- a/python/samba/netcmd/fsmo.py +++ b/python/samba/netcmd/fsmo.py @@ -23,6 +23,7 @@ import ldb from ldb import LdbError from samba.dcerpc import drsuapi, misc from samba.auth import system_session +import samba.drs_utils from samba.netcmd import ( Command, CommandError, -- 2.17.1