From e089fb665d65f6d44f6c2e93aa5e18ee446516d0 Mon Sep 17 00:00:00 2001
From: Bob Campbell <bobcampbell@catalyst.net.nz>
Date: Mon, 10 Oct 2016 16:58:57 +1300
Subject: tests/getnc_exop: Improve the ridalloc test by performing an alloc
 against a new master

Currently we fail against ourselves due to rIDNextRid and
rIDPreviousAllocationPool normally being unset, despite being mandatory
attributes (being the only attributes in this situation).

Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Pair-programmed-with: Clive Ferreira <cliveferreira@catalyst.net.nz>
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12394
(cherry picked from commit 37aa11ce5b2b91cd0d84f6c7370d64674fcf5479)
---
 selftest/knownfail                       |  1 +
 source4/torture/drs/python/getnc_exop.py | 76 ++++++++++++++++++++++++++++++++
 2 files changed, 77 insertions(+)

diff --git a/selftest/knownfail b/selftest/knownfail
index c1899da9053..c6151202ab3 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -292,3 +292,4 @@
 #ntvfs server blocks copychunk with execute access on read handle
 ^samba4.smb2.ioctl.copy_chunk_bad_access
 ^samba4.drs.getnc_exop.python.*getnc_exop.DrsReplicaPrefixMapTestCase.test_regular_prefix_map_ex_attid.*
+^samba4.drs.getnc_exop.python.*getnc_exop.DrsReplicaSyncTestCase.test_edit_rid_master.*
diff --git a/source4/torture/drs/python/getnc_exop.py b/source4/torture/drs/python/getnc_exop.py
index d058e663121..94d140227a3 100644
--- a/source4/torture/drs/python/getnc_exop.py
+++ b/source4/torture/drs/python/getnc_exop.py
@@ -289,6 +289,82 @@ class DrsReplicaSyncTestCase(drs_base.DrsBaseTestCase, ExopBaseTest):
         # We don't check the linked_attributes_count as if the domain
         # has an RODC, it can gain links on the server account object
 
+    def test_edit_rid_master(self):
+        """Test doing a RID allocation after changing the RID master from the original one.
+           This should set rIDNextRID to 0 on the new RID master."""
+        # 1. a. Transfer role to non-RID master
+        #    b. Check that it succeeds correctly
+        #
+        # 2. a. Call the RID alloc against the former master.
+        #    b. Check that it succeeds.
+        fsmo_dn = ldb.Dn(self.ldb_dc1, "CN=RID Manager$,CN=System," + self.ldb_dc1.domain_dn())
+        (fsmo_owner, fsmo_not_owner) = self._determine_fSMORoleOwner(fsmo_dn)
+
+        # 1. Swap RID master role
+        m = ldb.Message()
+        m.dn = ldb.Dn(self.ldb_dc1, "")
+        m["becomeRidMaster"] = ldb.MessageElement("1", ldb.FLAG_MOD_REPLACE,
+                                                  "becomeRidMaster")
+
+        # Make sure that ldb_dc1 == RID Master
+
+        server_dn = str(ldb.Dn(self.ldb_dc1, self.ldb_dc1.get_dsServiceName()).parent())
+
+        # self.ldb_dc1 == LOCALDC
+        if server_dn == fsmo_owner['server_dn']:
+            # ldb_dc1 == VAMPIREDC
+            ldb_dc1, ldb_dc2 = self.ldb_dc2, self.ldb_dc1
+        else:
+            # Otherwise switch the two
+            ldb_dc1, ldb_dc2 = self.ldb_dc1, self.ldb_dc2
+
+        try:
+            # ldb_dc1 is now RID MASTER (as VAMPIREDC)
+            ldb_dc1.modify(m)
+        except ldb.LdbError, (num, msg):
+            self.fail("Failed to reassign RID Master " +  msg)
+
+        try:
+            # 2. Perform a RID alloc
+            req8 = self._exop_req8(dest_dsa=fsmo_owner["ntds_guid"],
+                    invocation_id=fsmo_not_owner["invocation_id"],
+                    nc_dn_str=fsmo_dn,
+                    exop=drsuapi.DRSUAPI_EXOP_FSMO_RID_ALLOC)
+
+            (drs, drs_handle) = self._ds_bind(fsmo_not_owner["dns_name"])
+            # 3. Make sure the allocation succeeds
+            try:
+                (level, ctr) = drs.DsGetNCChanges(drs_handle, 8, req8)
+            except RuntimeError, e:
+                self.fail("RID allocation failed: " + str(e))
+
+            fsmo_dn = ldb.Dn(self.ldb_dc1, "CN=RID Manager$,CN=System," + self.ldb_dc1.domain_dn())
+
+            self.assertEqual(level, 6, "Expected level 6 response!")
+            self.assertEqual(ctr.source_dsa_guid, misc.GUID(fsmo_not_owner["ntds_guid"]))
+            self.assertEqual(ctr.source_dsa_invocation_id, misc.GUID(fsmo_not_owner["invocation_id"]))
+            ctr6 = ctr
+            self.assertEqual(ctr6.extended_ret, drsuapi.DRSUAPI_EXOP_ERR_SUCCESS)
+            self.assertEqual(ctr6.object_count, 3)
+            self.assertNotEqual(ctr6.first_object, None)
+            self.assertEqual(ldb.Dn(ldb_dc2, ctr6.first_object.object.identifier.dn), fsmo_dn)
+            self.assertNotEqual(ctr6.first_object.next_object, None)
+            self.assertNotEqual(ctr6.first_object.next_object.next_object, None)
+            second_object = ctr6.first_object.next_object.object
+            self.assertEqual(ldb.Dn(self.ldb_dc1, second_object.identifier.dn), fsmo_owner["rid_set_dn"])
+            third_object = ctr6.first_object.next_object.next_object.object
+            self.assertEqual(ldb.Dn(self.ldb_dc1, third_object.identifier.dn), fsmo_owner["server_acct_dn"])
+        finally:
+            # Swap the RID master back for other tests
+            m = ldb.Message()
+            m.dn = ldb.Dn(ldb_dc2, "")
+            m["becomeRidMaster"] = ldb.MessageElement("1", ldb.FLAG_MOD_REPLACE, "becomeRidMaster")
+            try:
+                ldb_dc2.modify(m)
+            except ldb.LdbError, (num, msg):
+                self.fail("Failed to restore RID Master " +  msg)
+
+
 class DrsReplicaPrefixMapTestCase(drs_base.DrsBaseTestCase, ExopBaseTest):
     def setUp(self):
         super(DrsReplicaPrefixMapTestCase, self).setUp()
-- 
cgit v1.2.1