The branch, master has been updated via 0619a83 tests/rodc: Check that preload will skip broken users via 6d08b41 rodc: Allow RODC preload to continue with invalid users from 5042802 ctdb-tools: Remove simple uses of strcpy(3)
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 0619a83ccfd1db256dcda836b45c81b25b16b56a Author: Garming Sam <garm...@catalyst.net.nz> Date: Fri Apr 15 10:45:05 2016 +1200 tests/rodc: Check that preload will skip broken users Signed-off-by: Garming Sam <garm...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> Autobuild-User(master): Garming Sam <garm...@samba.org> Autobuild-Date(master): Mon Apr 18 07:40:07 CEST 2016 on sn-devel-144 commit 6d08b4167601c1759838d46d92a534754fd44a2c Author: Garming Sam <garm...@catalyst.net.nz> Date: Fri Apr 15 09:59:11 2016 +1200 rodc: Allow RODC preload to continue with invalid users Either the user may be missing from the database, or the user is not included in the RODC password replication group. Signed-off-by: Garming Sam <garm...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> ----------------------------------------------------------------------- Summary of changes: python/samba/netcmd/rodc.py | 38 ++++++++++++++++++++++++++++++++--- python/samba/tests/samba_tool/rodc.py | 36 ++++++++++++++++++++++++++++++++- 2 files changed, 70 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/python/samba/netcmd/rodc.py b/python/samba/netcmd/rodc.py index ba29c74..e7fbcdc 100644 --- a/python/samba/netcmd/rodc.py +++ b/python/samba/netcmd/rodc.py @@ -25,6 +25,19 @@ from samba.dcerpc import misc, drsuapi from samba.drs_utils import drs_Replicate import sys +class RODCException(Exception): + def __init__(self, value): + self.value = value + + def __str__(self): + return "%s: %s" % (self.__class__.__name__, self.value) + +class NamingError(RODCException): + pass + +class ReplicationError(RODCException): + pass + class cmd_rodc_preload(Command): """Preload accounts for an RODC. Multiple accounts may be requested.""" @@ -39,6 +52,7 @@ class cmd_rodc_preload(Command): takes_options = [ Option("--server", help="DC to use", type=str), Option("--file", help="Read account list from a file, or - for stdin (one per line)", type=str), + Option("--ignore-errors", help="When preloading multiple accounts, skip any failing accounts", action="store_true"), ] takes_args = ["account*"] @@ -59,7 +73,7 @@ class cmd_rodc_preload(Command): res = samdb.search(expression="(&(samAccountName=%s)(objectclass=user))" % ldb.binary_encode(account), scope=ldb.SCOPE_SUBTREE, attrs=[]) if len(res) != 1: - raise Exception("Failed to find account '%s'" % account) + raise NamingError("Failed to find account '%s'" % account) return str(res[0]["dn"]) @@ -69,6 +83,7 @@ class cmd_rodc_preload(Command): versionpts = kwargs.get("versionopts") server = kwargs.get("server") accounts_file = kwargs.get("file") + ignore_errors = kwargs.get("ignore_errors") if server is None: raise Exception("You must supply a server") @@ -98,13 +113,22 @@ class cmd_rodc_preload(Command): repl = drs_Replicate("ncacn_ip_tcp:%s[seal,print]" % server, lp, creds, local_samdb, destination_dsa_guid) + + errors = [] for account in accounts: # work out the source and destination GUIDs dc_ntds_dn = samdb.get_dsServiceName() res = samdb.search(base=dc_ntds_dn, scope=ldb.SCOPE_BASE, attrs=["invocationId"]) source_dsa_invocation_id = misc.GUID(local_samdb.schema_format_value("objectGUID", res[0]["invocationId"][0])) - dn = self.get_dn(samdb, account) + try: + dn = self.get_dn(samdb, account) + except RODCException, e: + if not ignore_errors: + raise CommandError(str(e)) + errors.append(e) + continue + self.outf.write("Replicating DN %s\n" % dn) local_samdb.transaction_start() @@ -113,9 +137,17 @@ class cmd_rodc_preload(Command): exop=drsuapi.DRSUAPI_EXOP_REPL_SECRET, rodc=True) except Exception, e: local_samdb.transaction_cancel() - raise CommandError("Error replicating DN %s" % dn, e) + if not ignore_errors: + raise CommandError("Error replicating DN %s" % dn) + errors.append(ReplicationError("Error replicating DN %s" % dn)) + continue + local_samdb.transaction_commit() + if len(errors) > 0: + print "\nPreload encountered problematic users:" + for error in errors: + print " %s" % error class cmd_rodc(SuperCommand): diff --git a/python/samba/tests/samba_tool/rodc.py b/python/samba/tests/samba_tool/rodc.py index 9ae5dd1..798bc17 100644 --- a/python/samba/tests/samba_tool/rodc.py +++ b/python/samba/tests/samba_tool/rodc.py @@ -43,10 +43,12 @@ class RodcCmdTestCase(SambaToolCmdTest): self.ldb.newuser("sambatool2", "2wsxCDE#") self.ldb.newuser("sambatool3", "3edcVFR$") self.ldb.newuser("sambatool4", "4rfvBGT%") + self.ldb.newuser("sambatool5", "5tjbNHY*") + self.ldb.newuser("sambatool6", "6yknMJU*") self.ldb.add_remove_group_members("Allowed RODC Password Replication Group", ["sambatool1", "sambatool2", "sambatool3", - "sambatool4"], + "sambatool4", "sambatool5"], add_members_operation=True) def tearDown(self): @@ -55,6 +57,8 @@ class RodcCmdTestCase(SambaToolCmdTest): self.ldb.deleteuser("sambatool2") self.ldb.deleteuser("sambatool3") self.ldb.deleteuser("sambatool4") + self.ldb.deleteuser("sambatool5") + self.ldb.deleteuser("sambatool6") (result, out, err) = self.runsubcmd("drs", "replicate", "--local", "unused", os.environ["DC_SERVER"], self.base_dn) @@ -92,3 +96,33 @@ class RodcCmdTestCase(SambaToolCmdTest): self.assertCmdSuccess(result, "ensuring rodc prefetch ran successfully") self.assertEqual(out, "Replicating DN CN=sambatool1,CN=Users,%s\nReplicating DN CN=sambatool2,CN=Users,%s\n" % (self.base_dn, self.base_dn)) os.unlink(tempf) + + def test_multi_with_missing_name_success(self): + (result, out, err) = self.runsubcmd("rodc", "preload", + "nonexistentuser1", "sambatool5", + "nonexistentuser2", + "--server", os.environ["DC_SERVER"], + "--ignore-errors") + self.assertCmdSuccess(result, "ensuring rodc prefetch ran successfully") + self.assertEqual(out, "Replicating DN CN=sambatool5,CN=Users,%s\n" % self.base_dn) + + def test_multi_with_missing_name_failure(self): + (result, out, err) = self.runsubcmd("rodc", "preload", + "nonexistentuser1", "sambatool5", + "nonexistentuser2", + "--server", os.environ["DC_SERVER"]) + self.assertCmdFail(result, "ensuring rodc prefetch quit on missing user") + + def test_multi_without_group_success(self): + (result, out, err) = self.runsubcmd("rodc", "preload", + "sambatool6", "sambatool5", + "--server", os.environ["DC_SERVER"], + "--ignore-errors") + self.assertCmdSuccess(result, "ensuring rodc prefetch ran successfully") + self.assertEqual(out, "Replicating DN CN=sambatool6,CN=Users,%s\nReplicating DN CN=sambatool5,CN=Users,%s\n" % (self.base_dn, self.base_dn)) + + def test_multi_without_group_failure(self): + (result, out, err) = self.runsubcmd("rodc", "preload", + "sambatool6", "sambatool5", + "--server", os.environ["DC_SERVER"]) + self.assertCmdFail(result, "ensuring rodc prefetch quit on non-replicated user") -- Samba Shared Repository