The branch, master has been updated
via 2c0d802 s3-selftest Fix test_smbclient_auth.sh
via 29fabfd s3-selftest Allow LM passwords and turn of NTLMv2 for
security=share test
via c8bc708 s3-selftest Add tests for security=server
via 2839391 s3-selftest unconditionaly include subunit.sh
via 53ddac3 wintest New snapshot for my wintest VMs
via ef44794 s4-fsmo: say which role is being transferred
via 3600f2e s4-fsmo: samba-tool fsmo transfer now gets full error code
via b32f155 s4-dsdb: perform FSMO transfers asynchronously
via 358892e s4-fsmo: make rootDSE modify for FSMO transfer async
via f4e3ccf s4-fsmo: nicer error messages on failed FSMO transfers
via 07b6f75 s4-drs: default hostname in samba-tool drs command
via fdd9540 s4-dsdb: only allow administrators to trigger FSMO role
transfers
via f4d5814 s4-fsmo: samba-tool fsmo takes a URL, not a hostname
via 9eb9b11 wintest: added a "ipconfig /flushdns"
via 22cbd04 wintest: fixed syntax highlighting with emacs
via b85bb3e wintest: ensure we startup the w2k3 DC VM
from 67aa53a Be a little clearer about when and when not to set this
option.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 2c0d80259ad695160b5711db9439c68b5f7ce2d9
Author: Andrew Bartlett <[email protected]>
Date: Mon Mar 28 22:06:40 2011 +1100
s3-selftest Fix test_smbclient_auth.sh
The -N in the command line meant that all the logins were as the
guest, not as the user specified.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <[email protected]>
Autobuild-Date: Tue Mar 29 00:47:50 CEST 2011 on sn-devel-104
commit 29fabfd3eabcb2abcebfa4788e734bac4f25b8c8
Author: Andrew Bartlett <[email protected]>
Date: Mon Mar 28 22:20:23 2011 +1100
s3-selftest Allow LM passwords and turn of NTLMv2 for security=share test
commit c8bc7089f589e33a624183ae63c1cb1b3d652c7c
Author: Andrew Bartlett <[email protected]>
Date: Mon Mar 28 20:42:55 2011 +1100
s3-selftest Add tests for security=server
Andrew Bartlett
commit 2839391c7deac3436046807e4238bb9e5802530b
Author: Andrew Bartlett <[email protected]>
Date: Mon Mar 28 22:05:27 2011 +1100
s3-selftest unconditionaly include subunit.sh
we no longer . this file into other shell scripts, so we don't need
this check any more.
Andrew Bartlett
commit 53ddac3f27e85f8a605785145a9c9584a85673b2
Author: Andrew Bartlett <[email protected]>
Date: Mon Mar 28 20:44:10 2011 +1100
wintest New snapshot for my wintest VMs
commit ef44794097ea7e3eaf4e93d6dca0a9706bd2ae97
Author: Andrew Tridgell <[email protected]>
Date: Mon Mar 28 16:48:46 2011 +1100
s4-fsmo: say which role is being transferred
this is particularly useful for "samba-tool fsmo transfer --role=all"
commit 3600f2e250b7e7605155402a4390066ea7b08fdd
Author: Andrew Tridgell <[email protected]>
Date: Mon Mar 28 16:45:22 2011 +1100
s4-fsmo: samba-tool fsmo transfer now gets full error code
We now wait for the transfer to succeed or fail
Pair-Programmed-With: Andrew Bartlett <[email protected]>
commit b32f155bae384bd3ae1d9ba9f246a0eca18a2511
Author: Andrew Tridgell <[email protected]>
Date: Mon Mar 28 16:44:32 2011 +1100
s4-dsdb: perform FSMO transfers asynchronously
this gives the administrator a proper error message on the command
line
Pair-Programmed-With: Andrew Bartlett <[email protected]>
commit 358892e8365d052d7b9300737a4c1dc92b26cc0c
Author: Andrew Tridgell <[email protected]>
Date: Mon Mar 28 16:20:47 2011 +1100
s4-fsmo: make rootDSE modify for FSMO transfer async
this gives the ldap client the error code from the transfer
Pair-Programmed-With: Andrew Bartlett <[email protected]>
commit f4e3ccfe9e09904e548fe715dd784ad5d7f68b0d
Author: Andrew Tridgell <[email protected]>
Date: Mon Mar 28 15:32:41 2011 +1100
s4-fsmo: nicer error messages on failed FSMO transfers
Pair-Programmed-With: Andrew Bartlett <[email protected]>
commit 07b6f75bc1eb6d4554b29f41ed1fd623bd4f4bea
Author: Andrew Tridgell <[email protected]>
Date: Mon Mar 28 15:32:15 2011 +1100
s4-drs: default hostname in samba-tool drs command
default to our hostname
Pair-Programmed-With: Andrew Bartlett <[email protected]>
commit fdd9540187f019df0560eefe0805700df7d91138
Author: Andrew Tridgell <[email protected]>
Date: Mon Mar 28 14:41:36 2011 +1100
s4-dsdb: only allow administrators to trigger FSMO role transfers
Pair-Programmed-With: Andrew Bartlett <[email protected]>
commit f4d581468c467135553bba657a40ca1eb6ccc11c
Author: Andrew Tridgell <[email protected]>
Date: Mon Mar 28 14:17:45 2011 +1100
s4-fsmo: samba-tool fsmo takes a URL, not a hostname
better to call the option --url
Pair-Programmed-With: Andrew Bartlett <[email protected]>
commit 9eb9b11bfd108095ceb4c1813b4f7feac12f3401
Author: Andrew Tridgell <[email protected]>
Date: Mon Mar 28 12:50:24 2011 +1100
wintest: added a "ipconfig /flushdns"
w2k3 doesn't flush its DNS cache on a dynamic update
Pair-Programmed-With: Andrew Bartlett <[email protected]>
commit 22cbd04fd7d51cbb1f8617a51759f6cad166985b
Author: Andrew Tridgell <[email protected]>
Date: Mon Mar 28 12:27:33 2011 +1100
wintest: fixed syntax highlighting with emacs
commit b85bb3e3861ec147991880ea7ea08216553f967e
Author: Andrew Tridgell <[email protected]>
Date: Mon Mar 28 12:27:01 2011 +1100
wintest: ensure we startup the w2k3 DC VM
Pair-Programmed-With: Andrew Bartlett <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
selftest/target/Samba3.pm | 39 +++++++++++
source3/script/tests/test_failure.sh | 8 +--
source3/script/tests/test_local_s3.sh | 2 -
source3/script/tests/test_net_misc.sh | 2 -
source3/script/tests/test_net_registry.sh | 2 -
.../script/tests/test_net_registry_roundtrip.sh | 2 -
source3/script/tests/test_ntlm_auth_s3.sh | 2 -
source3/script/tests/test_smbclient_auth.sh | 22 ++----
source3/script/tests/test_smbclient_s3.sh | 2 -
source3/script/tests/test_smbtorture_s3.sh | 2 -
source3/script/tests/test_success.sh | 8 +--
source3/script/tests/test_testparm_s3.sh | 2 -
source3/script/tests/test_wbinfo_s3.sh | 2 -
source3/selftest/tests.py | 7 ++-
source4/dsdb/repl/drepl_fsmo.c | 60 ++++++++++++-----
source4/dsdb/repl/drepl_service.c | 9 ---
source4/dsdb/samdb/ldb_modules/rootdse.c | 70 ++++++++++++++++----
source4/scripting/python/samba/netcmd/drs.py | 4 +-
source4/scripting/python/samba/netcmd/fsmo.py | 23 ++++--
source4/torture/drs/python/fsmo.py | 4 +-
wintest/conf/abartlet.conf | 2 +-
wintest/test-s4-howto.py | 4 +
wintest/wintest.py | 2 +-
23 files changed, 182 insertions(+), 98 deletions(-)
Changeset truncated at 500 lines:
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 6a18f27..38148eb 100644
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -102,6 +102,11 @@ sub setup_env($$$)
return $self->setup_dc("$path/dc");
} elsif ($envname eq "secshare") {
return $self->setup_secshare("$path/secshare");
+ } elsif ($envname eq "secserver") {
+ if (not defined($self->{vars}->{dc})) {
+ $self->setup_dc("$path/dc");
+ }
+ return $self->setup_secserver("$path/secserver",
$self->{vars}->{dc});
} elsif ($envname eq "member") {
if (not defined($self->{vars}->{dc})) {
$self->setup_dc("$path/dc");
@@ -216,6 +221,40 @@ sub setup_secshare($$)
return $vars;
}
+sub setup_secserver($$$)
+{
+ my ($self, $prefix, $dcvars) = @_;
+
+ print "PROVISIONING server with security=server...";
+
+ my $secserver_options = "
+ security = server
+ password server = $dcvars->{SERVER_IP}
+";
+
+ my $ret = $self->provision($prefix,
+ "LOCALSERVER5",
+ 5,
+ "localserver5pass",
+ $secserver_options);
+
+ $ret or die("Unable to provision");
+
+ $self->check_or_start($ret,
+ ($ENV{SMBD_MAXTIME} or 2700),
+ "yes", "no", "yes");
+
+ $self->wait_for_start($ret);
+
+ $ret->{DC_SERVER} = $dcvars->{SERVER};
+ $ret->{DC_SERVER_IP} = $dcvars->{SERVER_IP};
+ $ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME};
+ $ret->{DC_USERNAME} = $dcvars->{USERNAME};
+ $ret->{DC_PASSWORD} = $dcvars->{PASSWORD};
+
+ return $ret;
+}
+
sub stop_sig_term($$) {
my ($self, $pid) = @_;
kill("USR1", $pid) or kill("ALRM", $pid) or warn("Unable to kill $pid:
$!");
diff --git a/source3/script/tests/test_failure.sh
b/source3/script/tests/test_failure.sh
index 8af0f3a..4980fb0 100755
--- a/source3/script/tests/test_failure.sh
+++ b/source3/script/tests/test_failure.sh
@@ -4,12 +4,8 @@
#
# Copyright (C) 2011 Michael Adam <[email protected]>
-# include the blackbox subunit infrastructure
-# if not run from classical s3 test script:
-test x"$TEST_FUNCTIONS_SH" != x"INCLUDED" && {
- incdir=`dirname $0`/../../../testprogs/blackbox
- . $incdir/subunit.sh
-}
+incdir=`dirname $0`/../../../testprogs/blackbox
+. $incdir/subunit.sh
failed=0
diff --git a/source3/script/tests/test_local_s3.sh
b/source3/script/tests/test_local_s3.sh
index de867c9..d5a3d47 100755
--- a/source3/script/tests/test_local_s3.sh
+++ b/source3/script/tests/test_local_s3.sh
@@ -9,10 +9,8 @@ EOF
exit 1;
fi
-test x"$TEST_FUNCTIONS_SH" != x"INCLUDED" && {
incdir=`dirname $0`/../../../testprogs/blackbox
. $incdir/subunit.sh
-}
failed=0
diff --git a/source3/script/tests/test_net_misc.sh
b/source3/script/tests/test_net_misc.sh
index 015b502..82775dc 100755
--- a/source3/script/tests/test_net_misc.sh
+++ b/source3/script/tests/test_net_misc.sh
@@ -18,10 +18,8 @@ NET="$VALGRIND ${NET:-$BINDIR/net} $CONFIGURATION"
NETTIME="${NET} time"
NETLOOKUP="${NET} lookup"
-test x"$TEST_FUNCTIONS_SH" != x"INCLUDED" && {
incdir=`dirname $0`/../../../testprogs/blackbox
. $incdir/subunit.sh
-}
failed=0
diff --git a/source3/script/tests/test_net_registry.sh
b/source3/script/tests/test_net_registry.sh
index 21c452d..b76a988 100755
--- a/source3/script/tests/test_net_registry.sh
+++ b/source3/script/tests/test_net_registry.sh
@@ -27,10 +27,8 @@ else
NETREG="${NET} registry"
fi
-test x"$TEST_FUNCTIONS_SH" != x"INCLUDED" && {
incdir=`dirname $0`/../../../testprogs/blackbox
. $incdir/subunit.sh
-}
failed=0
diff --git a/source3/script/tests/test_net_registry_roundtrip.sh
b/source3/script/tests/test_net_registry_roundtrip.sh
index 5431098..ca56f6d 100755
--- a/source3/script/tests/test_net_registry_roundtrip.sh
+++ b/source3/script/tests/test_net_registry_roundtrip.sh
@@ -25,10 +25,8 @@ else
NETREG="${NET} registry"
fi
-test x"$TEST_FUNCTIONS_SH" != x"INCLUDED" && {
incdir=`dirname $0`/../../../testprogs/blackbox
. $incdir/subunit.sh
-}
failed=0
diff --git a/source3/script/tests/test_ntlm_auth_s3.sh
b/source3/script/tests/test_ntlm_auth_s3.sh
index 4f84982..99b2ab3 100755
--- a/source3/script/tests/test_ntlm_auth_s3.sh
+++ b/source3/script/tests/test_ntlm_auth_s3.sh
@@ -12,10 +12,8 @@ SRC3DIR=$2
shift 2
ADDARGS="$*"
-test x"$TEST_FUNCTIONS_SH" != x"INCLUDED" && {
incdir=`dirname $0`/../../../testprogs/blackbox
. $incdir/subunit.sh
-}
failed=0
diff --git a/source3/script/tests/test_smbclient_auth.sh
b/source3/script/tests/test_smbclient_auth.sh
index 7ee60b0..f2f3ad3 100755
--- a/source3/script/tests/test_smbclient_auth.sh
+++ b/source3/script/tests/test_smbclient_auth.sh
@@ -17,20 +17,14 @@ SMBCLIENT="$VALGRIND ${SMBCLIENT:-$BINDIR/smbclient}"
shift 4
ADDARGS="$*"
-test x"$TEST_FUNCTIONS_SH" != x"INCLUDED" && {
incdir=`dirname $0`/../../../testprogs/blackbox
. $incdir/subunit.sh
-}
-failed=0
-
-testit "smbclient //$SERVER/guestonly" $SMBCLIENT //$SERVER/guestonly
$CONFIGURATION -U$USERNAME%$PASSWORD -I $SERVER_IP -N -p 139 -c quit $ADDARGS||
failed=`expr $failed + 1`
-testit "smbclient //$SERVER/guestonly as anon" $SMBCLIENT //$SERVER/guestonly
$CONFIGURATION -U% -I $SERVER_IP -N -p 139 -c quit $ADDARGS|| failed=`expr
$failed + 1`
-testit "smbclient //$SERVER/tmpguest" $SMBCLIENT //$SERVER/tmpguest
$CONFIGURATION -U$USERNAME%$PASSWORD -I $SERVER_IP -N -p 139 -c quit $ADDARGS||
failed=`expr $failed + 1`
-testit "smbclient //$SERVER/tmpguest as anon" $SMBCLIENT //$SERVER/tmpguest
$CONFIGURATION -U% -I $SERVER_IP -N -p 139 -c quit $ADDARGS|| failed=`expr
$failed + 1`
-testit "smbclient //$SERVER/forceuser" $SMBCLIENT //$SERVER/forceuser
$CONFIGURATION -U$USERNAME%$PASSWORD -I $SERVER_IP -N -p 139 -c quit $ADDARGS||
failed=`expr $failed + 1`
-testit "smbclient //$SERVER/forceuser as anon" $SMBCLIENT //$SERVER/forceuser
$CONFIGURATION -U% -I $SERVER_IP -N -p 139 -c quit $ADDARGS|| failed=`expr
$failed + 1`
-testit "smbclient //$SERVER/forcegroup" $SMBCLIENT //$SERVER/forcegroup
$CONFIGURATION -U$USERNAME%$PASSWORD -I $SERVER_IP -N -p 139 -c quit $ADDARGS||
failed=`expr $failed + 1`
-testit "smbclient //$SERVER/forcegroup as anon" $SMBCLIENT
//$SERVER/forcegroup $CONFIGURATION -U% -I $SERVER_IP -N -p 139 -c quit
$ADDARGS|| failed=`expr $failed + 1`
-
-testok $0 $failed
+testit "smbclient //$SERVER/guestonly" $SMBCLIENT //$SERVER/guestonly
$CONFIGURATION -U$USERNAME%$PASSWORD -I $SERVER_IP -p 139 -c quit $ADDARGS
+testit "smbclient //$SERVER/guestonly as anon" $SMBCLIENT //$SERVER/guestonly
$CONFIGURATION -U% -I $SERVER_IP -p 139 -c quit $ADDARGS
+testit "smbclient //$SERVER/tmpguest" $SMBCLIENT //$SERVER/tmpguest
$CONFIGURATION -U$USERNAME%$PASSWORD -I $SERVER_IP -p 139 -c quit $ADDARGS
+testit "smbclient //$SERVER/tmpguest as anon" $SMBCLIENT //$SERVER/tmpguest
$CONFIGURATION -U% -I $SERVER_IP -p 139 -c quit $ADDARGS
+testit "smbclient //$SERVER/forceuser" $SMBCLIENT //$SERVER/forceuser
$CONFIGURATION -U$USERNAME%$PASSWORD -I $SERVER_IP -p 139 -c quit $ADDARGS
+testit "smbclient //$SERVER/forceuser as anon" $SMBCLIENT //$SERVER/forceuser
$CONFIGURATION -U% -I $SERVER_IP -p 139 -c quit $ADDARGS
+testit "smbclient //$SERVER/forcegroup" $SMBCLIENT //$SERVER/forcegroup
$CONFIGURATION -U$USERNAME%$PASSWORD -I $SERVER_IP -p 139 -c quit $ADDARGS
+testit "smbclient //$SERVER/forcegroup as anon" $SMBCLIENT
//$SERVER/forcegroup $CONFIGURATION -U% -I $SERVER_IP -p 139 -c quit $ADDARGS
diff --git a/source3/script/tests/test_smbclient_s3.sh
b/source3/script/tests/test_smbclient_s3.sh
index 857400e..30b26a4 100755
--- a/source3/script/tests/test_smbclient_s3.sh
+++ b/source3/script/tests/test_smbclient_s3.sh
@@ -21,10 +21,8 @@ WBINFO="$VALGRIND ${WBINFO:-$BINDIR/wbinfo}"
shift 7
ADDARGS="$*"
-test x"$TEST_FUNCTIONS_SH" != x"INCLUDED" && {
incdir=`dirname $0`/../../../testprogs/blackbox
. $incdir/subunit.sh
-}
failed=0
diff --git a/source3/script/tests/test_smbtorture_s3.sh
b/source3/script/tests/test_smbtorture_s3.sh
index ca64fa2..65c98a5 100755
--- a/source3/script/tests/test_smbtorture_s3.sh
+++ b/source3/script/tests/test_smbtorture_s3.sh
@@ -16,10 +16,8 @@ password="$4"
shift 4
ADDARGS="$*"
-test x"$TEST_FUNCTIONS_SH" != x"INCLUDED" && {
incdir=`dirname $0`/../../../testprogs/blackbox
. $incdir/subunit.sh
-}
diff --git a/source3/script/tests/test_success.sh
b/source3/script/tests/test_success.sh
index 09e7264..fe63fb5 100755
--- a/source3/script/tests/test_success.sh
+++ b/source3/script/tests/test_success.sh
@@ -4,12 +4,8 @@
#
# Copyright (C) 2011 Michael Adam <[email protected]>
-# include the blackbox subunit infrastructure
-# if not run from classical s3 test script:
-test x"$TEST_FUNCTIONS_SH" != x"INCLUDED" && {
- incdir=`dirname $0`/../../../testprogs/blackbox
- . $incdir/subunit.sh
-}
+incdir=`dirname $0`/../../../testprogs/blackbox
+. $incdir/subunit.sh
failed=0
diff --git a/source3/script/tests/test_testparm_s3.sh
b/source3/script/tests/test_testparm_s3.sh
index bced6e7..c9682f0 100755
--- a/source3/script/tests/test_testparm_s3.sh
+++ b/source3/script/tests/test_testparm_s3.sh
@@ -17,10 +17,8 @@ LOCAL_PATH="$1"
TEMP_CONFFILE=${LOCAL_PATH}/smb.conf.tmp
TESTPARM="$VALGRIND ${TESTPARM:-$BINDIR/testparm} --suppress-prompt
--skip-logic-checks"
-test x"$TEST_FUNCTIONS_SH" != x"INCLUDED" && {
incdir=`dirname $0`/../../../testprogs/blackbox
. $incdir/subunit.sh
-}
failed=0
diff --git a/source3/script/tests/test_wbinfo_s3.sh
b/source3/script/tests/test_wbinfo_s3.sh
index 860e7c5..91a9f45 100755
--- a/source3/script/tests/test_wbinfo_s3.sh
+++ b/source3/script/tests/test_wbinfo_s3.sh
@@ -9,10 +9,8 @@ fi
ADDARGS="$*"
-test x"$TEST_FUNCTIONS_SH" != x"INCLUDED" && {
incdir=`dirname $0`/../../../testprogs/blackbox
. $incdir/subunit.sh
-}
testit "wbinfo" $VALGRIND $BINDIR/wbinfo $ADDARGS || failed=`expr $failed + 1`
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 4094a57..19ea34a 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -96,11 +96,14 @@ plantestsuite("samba3.ntlm_auth.(dc:local)", "dc:local",
[os.path.join(samba3src
for env in ["dc", "member"]:
plantestsuite("samba3.blackbox.smbclient_auth.plain (%s)" % env, env,
[os.path.join(samba3srcdir, "script/tests/test_smbclient_auth.sh"), '$SERVER',
'$SERVER_IP', '$DC_USERNAME', '$DC_PASSWORD', configuration])
+for env in ["secserver"]:
+ plantestsuite("samba3.blackbox.smbclient_auth.plain (%s) domain creds" %
env, env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_auth.sh"),
'$SERVER', '$SERVER_IP', '$DOMAIN\\\\$DC_USERNAME', '$DC_PASSWORD',
configuration + " --option=clientntlmv2auth=no"])
+
for env in ["member"]:
plantestsuite("samba3.blackbox.smbclient_auth.plain (%s) member creds" %
env, env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_auth.sh"),
'$SERVER', '$SERVER_IP', '$SERVER\\\\$USERNAME', '$PASSWORD', configuration])
-for env in ["secshare"]:
- plantestsuite("samba3.blackbox.smbclient_auth.plain (%s)" % env, env,
[os.path.join(samba3srcdir, "script/tests/test_smbclient_auth.sh"), '$SERVER',
'$SERVER_IP', '$USERNAME', '$PASSWORD', configuration])
+for env in ["secshare", "secserver"]:
+ plantestsuite("samba3.blackbox.smbclient_auth.plain (%s) local creds" %
env, env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_auth.sh"),
'$SERVER', '$SERVER_IP', '$USERNAME', '$PASSWORD', configuration + "
--option=clientntlmv2auth=no --option=clientlanmanauth=yes"])
# plain
for env in ["dc"]:
diff --git a/source4/dsdb/repl/drepl_fsmo.c b/source4/dsdb/repl/drepl_fsmo.c
index 0355459..f8f4769 100644
--- a/source4/dsdb/repl/drepl_fsmo.c
+++ b/source4/dsdb/repl/drepl_fsmo.c
@@ -31,20 +31,28 @@
#include "dsdb/repl/drepl_service.h"
#include "param/param.h"
+struct fsmo_role_state {
+ struct irpc_message *msg;
+ struct drepl_takeFSMORole *r;
+};
+
static void drepl_role_callback(struct dreplsrv_service *service,
WERROR werr,
enum drsuapi_DsExtendedError ext_err,
void *cb_data)
{
+ struct fsmo_role_state *fsmo = talloc_get_type_abort(cb_data, struct
fsmo_role_state);
if (!W_ERROR_IS_OK(werr)) {
- DEBUG(0,(__location__ ": Failed role transfer - %s -
extended_ret[0x%X]\n",
+ DEBUG(2,(__location__ ": Failed role transfer - %s -
extended_ret[0x%X]\n",
win_errstr(werr), ext_err));
} else {
- DEBUG(0,(__location__ ": Successful role transfer\n"));
+ DEBUG(2,(__location__ ": Successful role transfer\n"));
}
+ fsmo->r->out.result = werr;
+ irpc_send_reply(fsmo->msg, NT_STATUS_OK);
}
-static bool fsmo_master_cmp(struct ldb_dn *ntds_dn, struct ldb_dn
*role_owner_dn)
+static bool fsmo_master_equal(struct ldb_dn *ntds_dn, struct ldb_dn
*role_owner_dn)
{
if (ldb_dn_compare(ntds_dn, role_owner_dn) == 0) {
DEBUG(0,("\nWe are the FSMO master.\n"));
@@ -56,24 +64,30 @@ static bool fsmo_master_cmp(struct ldb_dn *ntds_dn, struct
ldb_dn *role_owner_dn
/*
see which role is we are asked to assume, initialize data and send request
*/
-WERROR dreplsrv_fsmo_role_check(struct dreplsrv_service *service,
- enum drepl_role_master role)
+NTSTATUS drepl_take_FSMO_role(struct irpc_message *msg,
+ struct drepl_takeFSMORole *r)
{
+ struct dreplsrv_service *service = talloc_get_type(msg->private_data,
+ struct
dreplsrv_service);
struct ldb_dn *role_owner_dn, *fsmo_role_dn, *ntds_dn;
TALLOC_CTX *tmp_ctx = talloc_new(service);
uint64_t fsmo_info = 0;
enum drsuapi_DsExtendedOperation extended_op = DRSUAPI_EXOP_NONE;
WERROR werr;
+ enum drepl_role_master role = r->in.role;
+ struct fsmo_role_state *fsmo;
ntds_dn = samdb_ntds_settings_dn(service->samdb);
if (!ntds_dn) {
- return WERR_DS_DRA_INTERNAL_ERROR;
+ r->out.result = WERR_DS_DRA_INTERNAL_ERROR;
+ return NT_STATUS_OK;
}
werr = dsdb_get_fsmo_role_info(tmp_ctx, service->samdb, role,
&fsmo_role_dn, &role_owner_dn);
if (!W_ERROR_IS_OK(werr)) {
- return werr;
+ r->out.result = werr;
+ return NT_STATUS_OK;
}
switch (role) {
@@ -89,17 +103,27 @@ WERROR dreplsrv_fsmo_role_check(struct dreplsrv_service
*service,
extended_op = DRSUAPI_EXOP_FSMO_REQ_PDC;
break;
default:
- return WERR_DS_DRA_INTERNAL_ERROR;
+ DEBUG(2,("Unknown role %u in role transfer\n",
+ (unsigned)role));
+ r->out.result = WERR_DS_DRA_INTERNAL_ERROR;
+ return NT_STATUS_OK;
}
- if (fsmo_master_cmp(ntds_dn, role_owner_dn) ||
+ if (fsmo_master_equal(ntds_dn, role_owner_dn) ||
(extended_op == DRSUAPI_EXOP_NONE)) {
DEBUG(0,("FSMO role check failed for DN %s and owner %s ",
ldb_dn_get_linearized(fsmo_role_dn),
ldb_dn_get_linearized(role_owner_dn)));
- return WERR_OK;
+ r->out.result = WERR_OK;
+ return NT_STATUS_OK;
}
+ fsmo = talloc(msg, struct fsmo_role_state);
+ NT_STATUS_HAVE_NO_MEMORY(fsmo);
+
+ fsmo->msg = msg;
+ fsmo->r = r;
+
werr = drepl_request_extended_op(service,
fsmo_role_dn,
role_owner_dn,
@@ -107,12 +131,14 @@ WERROR dreplsrv_fsmo_role_check(struct dreplsrv_service
*service,
fsmo_info,
0,
drepl_role_callback,
- NULL);
- if (W_ERROR_IS_OK(werr)) {
- dreplsrv_run_pending_ops(service);
- } else {
- DEBUG(0,("%s: drepl_request_extended_op() failed with %s",
- __FUNCTION__, win_errstr(werr)));
+ fsmo);
+ if (!W_ERROR_IS_OK(werr)) {
+ r->out.result = werr;
+ return NT_STATUS_OK;
}
- return werr;
+
+ /* mark this message to be answered later */
+ msg->defer_reply = true;
+ dreplsrv_run_pending_ops(service);
+ return NT_STATUS_OK;
}
diff --git a/source4/dsdb/repl/drepl_service.c
b/source4/dsdb/repl/drepl_service.c
index 9248c83..0931a34 100644
--- a/source4/dsdb/repl/drepl_service.c
+++ b/source4/dsdb/repl/drepl_service.c
@@ -352,15 +352,6 @@ static NTSTATUS dreplsrv_refresh(struct irpc_message *msg,
return NT_STATUS_OK;
}
-static NTSTATUS drepl_take_FSMO_role(struct irpc_message *msg,
- struct drepl_takeFSMORole *r)
-{
- struct dreplsrv_service *service = talloc_get_type(msg->private_data,
- struct
dreplsrv_service);
- r->out.result = dreplsrv_fsmo_role_check(service, r->in.role);
- return NT_STATUS_OK;
-}
-
/**
* Called when the auth code wants us to try and replicate
* a users secrets
diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c
b/source4/dsdb/samdb/ldb_modules/rootdse.c
index 516194d..0fd65f4 100644
--- a/source4/dsdb/samdb/ldb_modules/rootdse.c
+++ b/source4/dsdb/samdb/ldb_modules/rootdse.c
@@ -1159,20 +1159,59 @@ static int rootdse_add(struct ldb_module *module,
struct ldb_request *req)
return LDB_ERR_NAMING_VIOLATION;
}
+struct fsmo_transfer_state {
+ struct ldb_context *ldb;
+ struct ldb_request *req;
+};
+
+/*
+ called when a FSMO transfer operation has completed
+ */
+static void rootdse_fsmo_transfer_callback(struct tevent_req *treq)
+{
+ struct fsmo_transfer_state *fsmo = tevent_req_callback_data(treq,
struct fsmo_transfer_state);
+ NTSTATUS status;
+ WERROR werr;
+ struct ldb_request *req = fsmo->req;
+ struct ldb_context *ldb = fsmo->ldb;
+
+ status = dcerpc_drepl_takeFSMORole_recv(treq, fsmo, &werr);
+ talloc_free(fsmo);
+ if (!NT_STATUS_IS_OK(status)) {
+ ldb_asprintf_errstring(ldb, "Failed FSMO transfer: %s",
nt_errstr(status));
+ ldb_module_done(req, NULL, NULL, LDB_ERR_UNAVAILABLE);
+ return;
+ }
+ if (!W_ERROR_IS_OK(werr)) {
+ ldb_asprintf_errstring(ldb, "Failed FSMO transfer: %s",
win_errstr(werr));
+ ldb_module_done(req, NULL, NULL, LDB_ERR_UNAVAILABLE);
+ return;
+ }
+
+ ldb_module_done(req, NULL, NULL, LDB_SUCCESS);
+}
+
static int rootdse_become_master(struct ldb_module *module,
struct ldb_request *req,
enum drepl_role_master role)
{
- struct drepl_takeFSMORole r;
struct messaging_context *msg;
struct ldb_context *ldb = ldb_module_get_ctx(module);
TALLOC_CTX *tmp_ctx = talloc_new(req);
struct loadparm_context *lp_ctx = ldb_get_opaque(ldb, "loadparm");
- NTSTATUS status_call;
- WERROR status_fn;
bool am_rodc;
struct dcerpc_binding_handle *irpc_handle;
int ret;
+ struct auth_session_info *session_info;
+ enum security_user_level level;
+ struct fsmo_transfer_state *fsmo;
+ struct tevent_req *treq;
+
+ session_info = (struct auth_session_info
*)ldb_get_opaque(ldb_module_get_ctx(module), "sessionInfo");
+ level = security_session_user_level(session_info, NULL);
+ if (level < SECURITY_ADMINISTRATOR) {
+ return ldb_error(ldb, LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS,
"Denied rootDSE modify for non-administrator");
+ }
ret = samdb_rodc(ldb, &am_rodc);
if (ret != LDB_SUCCESS) {
@@ -1196,17 +1235,24 @@ static int rootdse_become_master(struct ldb_module
*module,
if (irpc_handle == NULL) {
return ldb_oom(ldb);
}
- r.in.role = role;
--
Samba Shared Repository
