diff options
author | Garming Sam <garming@catalyst.net.nz> | 2016-07-25 12:51:13 +1200 |
---|---|---|
committer | Garming Sam <garming@samba.org> | 2016-07-26 05:11:57 +0200 |
commit | 8dabd57d1c2908a18c1b9eb70f54215653f73ee6 (patch) | |
tree | d5e9ed7ad6bf0fa0c27e513b0e54c9348bce7701 /python | |
parent | 9427a2424ae4bb3250b35e3a38f3afda14a7bd0f (diff) | |
download | samba-8dabd57d1c2908a18c1b9eb70f54215653f73ee6.tar.gz |
kcc: Clean up repsTo attribute for old DCs
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Tue Jul 26 05:11:57 CEST 2016 on sn-devel-144
Diffstat (limited to 'python')
-rw-r--r-- | python/samba/kcc/__init__.py | 70 | ||||
-rw-r--r-- | python/samba/kcc/kcc_utils.py | 3 |
2 files changed, 73 insertions, 0 deletions
diff --git a/python/samba/kcc/__init__.py b/python/samba/kcc/__init__.py index 5918bf29599..9b29ef00497 100644 --- a/python/samba/kcc/__init__.py +++ b/python/samba/kcc/__init__.py @@ -927,6 +927,8 @@ class KCC(object): for dnstr in delete_reps: del current_rep_table[dnstr] + # HANDLE REPS-FROM + # # Now perform the scan of replicas we'll need # and compare any current repsFrom against the # connections @@ -1039,6 +1041,74 @@ class KCC(object): # Commit any modified repsFrom to the NC replica n_rep.commit_repsFrom(self.samdb) + # HANDLE REPS-TO: + # + # Now perform the scan of replicas we'll need + # and compare any current repsTo against the + # connections + + # RODC should never push to anybody (should we check this?) + if ro: + return + + for n_rep in needed_rep_table.values(): + + # load any repsTo and fsmo roles as we'll + # need them during connection translation + n_rep.load_repsTo(self.samdb) + + # Loop thru the existing repsTo tuples (if any) + # XXX This is a list and could contain duplicates + # (multiple load_repsTo calls) + for t_repsTo in n_rep.rep_repsTo: + + # for each tuple t in n!repsTo, let s be the nTDSDSA + # object such that s!objectGUID = t.uuidDsa + guidstr = str(t_repsTo.source_dsa_obj_guid) + s_dsa = self.get_dsa_by_guidstr(guidstr) + + # Source dsa is gone from config (strange) + # so cleanup stale repsTo for unlisted DSA + if s_dsa is None: + logger.warning("repsTo source DSA guid (%s) not found" % + guidstr) + t_repsTo.to_be_deleted = True + continue + + # Find the connection that this repsTo would use. If + # there isn't a good one (i.e. non-RODC_TOPOLOGY, + # meaning non-FRS), we delete the repsTo. + s_dnstr = s_dsa.dsa_dnstr + if '\\0ADEL' in s_dnstr: + logger.warning("repsTo source DSA guid (%s) appears deleted" % + guidstr) + t_repsTo.to_be_deleted = True + continue + + connections = s_dsa.get_connection_by_from_dnstr(self.my_dsa_dnstr) + if len(connections) > 0: + # Then this repsTo is tentatively valid + continue + else: + # There is no plausible connection for this repsTo + t_repsTo.to_be_deleted = True + + if self.readonly: + # Display any to be deleted or modified repsTo + text = n_rep.dumpstr_reps_to() + if text: + logger.info("REMOVING REPS-TO:\n%s" % text) + + # Peform deletion from our tables but perform + # no database modification + n_rep.commit_repsTo(self.samdb, ro=True) + else: + # Commit any modified repsTo to the NC replica + n_rep.commit_repsTo(self.samdb) + + # TODO Remove any duplicate repsTo values. This should never happen in + # any normal situations. + def merge_failed_links(self, ping=None): """Merge of kCCFailedLinks and kCCFailedLinks from bridgeheads. diff --git a/python/samba/kcc/kcc_utils.py b/python/samba/kcc/kcc_utils.py index 1e5586a2c41..190b93fa35e 100644 --- a/python/samba/kcc/kcc_utils.py +++ b/python/samba/kcc/kcc_utils.py @@ -433,6 +433,9 @@ class NCReplica(NamingContext): def dumpstr_to_be_modified(self): return '\n'.join(str(x) for x in self.rep_repsFrom if x.is_modified()) + def dumpstr_reps_to(self): + return '\n'.join(str(x) for x in self.rep_repsTo if x.to_be_deleted) + def load_fsmo_roles(self, samdb): """Given an NC replica which has been discovered thru the nTDSDSA database object, load the fSMORoleOwner attribute. |