samba.git/python/samba/drs_utils.py, branch talloc-2.1.14 Unnamed repository; edit this file 'description' to name the repository. drs_utils: Always set the GET_TGT flag for clone renames 2018-07-05T02:01:25+00:00 Tim Beale timbeale@catalyst.net.nz 2018-06-13T02:09:06+00:00 850bba4d329d062c8a79824c0a9987fa51340e2b The DCCloneAndRenameContext replication was a little inefficient, in that it would essentially replicate the entire DB twice. This was due to resolving the link targets - it finds a target object it doesn't know about, so retries the entire replication again with the GET_TGT flag set this time. Normally, the repl_meta_data code will use the target object's GUID, however, it can't do this for cross-partition links (if it hasn't replicated the target partition yet). The repl_md code can normally detect that the link is a cross-parition link by checking the base-DN, however, this doesn't work in the DCCloneAndRenameContext case because we have renamed the base-DN. This is not a big deal - it just means extra work. However, because the domains being backed up could potentially be quite large, it probably makes sense to just always set the GET_TGT in the rename case and skip this extra work. Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
The DCCloneAndRenameContext replication was a little inefficient, in
that it would essentially replicate the entire DB twice. This was due to
resolving the link targets - it finds a target object it doesn't know
about, so retries the entire replication again with the GET_TGT flag set
this time.

Normally, the repl_meta_data code will use the target object's GUID,
however, it can't do this for cross-partition links (if it hasn't
replicated the target partition yet). The repl_md code can normally
detect that the link is a cross-parition link by checking the base-DN,
however, this doesn't work in the DCCloneAndRenameContext case because
we have renamed the base-DN.

This is not a big deal - it just means extra work. However, because the
domains being backed up could potentially be quite large, it probably
makes sense to just always set the GET_TGT in the rename case and skip
this extra work.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
drs_utils: Add infrastructure to support 'clone with rename' 2018-07-03T08:39:14+00:00 Tim Beale timbeale@catalyst.net.nz 2018-06-05T22:04:29+00:00 417fe47a910f2b8aa3c5e1121a55d8ebace0012b Our end goal is to create a backup clone of a DB, but rename the domain/realm so we can startup the backup DC without interferring with the existing Samba network. The basic strategy to do this is to leverage DRS replication - by renaming the first object in the partition, all subsequent objects will automatically be renamed. This patch adds the infrastructure to do this. I've used object inheritance to handle the special case of renaming the partition objects. This means the domain-rename special case doesn't really pollute the existing DRS replication code. All it needs is a small refactor to create a new 'process_chunk()' function that the new sub-class can then override. Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> 
Our end goal is to create a backup clone of a DB, but rename the
domain/realm so we can startup the backup DC without interferring with
the existing Samba network. The basic strategy to do this is to leverage
DRS replication - by renaming the first object in the partition, all
subsequent objects will automatically be renamed.

This patch adds the infrastructure to do this. I've used object
inheritance to handle the special case of renaming the partition
objects. This means the domain-rename special case doesn't really
pollute the existing DRS replication code. All it needs is a small
refactor to create a new 'process_chunk()' function that the new
sub-class can then override.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
python/samba: Py2|Py3 compat, fix more missed exception tuple issues 2018-06-19T22:18:20+00:00 Noel Power noel.power@suse.com 2018-05-28T15:22:25+00:00 9650deee03501a4b7f49872ff9917a118de6e7c3 






python/drs_utils: fix repeated typo
2018-06-10T19:41:33+00:00

Douglas Bagnall
douglas.bagnall@catalyst.net.nz

2018-06-08T03:36:39+00:00

b9a323a27cff7cca09babdf6dea784e94e25dad7

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Jun 10 21:41:33 CEST 2018 on sn-devel-144





Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Jun 10 21:41:33 CEST 2018 on sn-devel-144







samba python libs: convert 'except X, e' to 'except X as e'
2018-02-14T23:18:30+00:00

Douglas Bagnall
douglas.bagnall@catalyst.net.nz

2018-02-13T21:18:36+00:00

4885937bf87e6c37c60cda890dc18d46b5868a91

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>





Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>







drs repl: Only print raw DRS replication traffic at level 9
2017-09-07T04:56:27+00:00

Andrew Bartlett
abartlet@samba.org

2017-09-06T04:40:05+00:00

dc48fa982251292a0d46d701c6e912620caf7c72

This can be sensitive even with the passwords still encrypted.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13017
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>





This can be sensitive even with the passwords still encrypted.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13017
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>







drs_utils: Add GET_TGT support to 'samba-tool drs replicate --local'
2017-08-18T04:07:12+00:00

Tim Beale
timbeale@catalyst.net.nz

2017-06-16T00:54:32+00:00

f812c29d4000ef35fa5d7f6007606ca53c5ed37a

Update drs_Replicate.replicate() so it handles being passed the GET_TGT
flag (more_flags). To do this, we need to always use a v10 GetNCChanges
request (v8 and v10 are essentially the same except for the more_flags).

If the replicate_chunk() call into the C bindings throws an error, check
to see whether the error could be fixed by setting the GET_TGT flag, and
re-send the request if so.

Unfortunately because WERR_DS_DRA_RECYCLED_TARGET isn't documented with
the other AD error codes, I've left it hardcoded for now (Microsoft
should be fixing up their Docs).

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12972





Update drs_Replicate.replicate() so it handles being passed the GET_TGT
flag (more_flags). To do this, we need to always use a v10 GetNCChanges
request (v8 and v10 are essentially the same except for the more_flags).

If the replicate_chunk() call into the C bindings throws an error, check
to see whether the error could be fixed by setting the GET_TGT flag, and
re-send the request if so.

Unfortunately because WERR_DS_DRA_RECYCLED_TARGET isn't documented with
the other AD error codes, I've left it hardcoded for now (Microsoft
should be fixing up their Docs).

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12972







drs_utils: HWM in 'samba-tool drs replicate --local' always zero
2017-07-27T22:25:15+00:00

Tim Beale
timbeale@catalyst.net.nz

2017-06-07T04:56:18+00:00

4bd8467018eee181588c13490edbea26b488ee36

The code to check for the 'repsFrom' highwatermark didn't have any
effect because the hwm variable was overwritten (initialized to all
zeroes) further down.

Using a zero HWM probably wouldn't have impacted functionality because
we were still correctly using the uptodatenessvector, which should
avoid a full replication.

This was introduced in commit e2ba17d26af42974e5d, presumably by
accident.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>





The code to check for the 'repsFrom' highwatermark didn't have any
effect because the hwm variable was overwritten (initialized to all
zeroes) further down.

Using a zero HWM probably wouldn't have impacted functionality because
we were still correctly using the uptodatenessvector, which should
avoid a full replication.

This was introduced in commit e2ba17d26af42974e5d, presumably by
accident.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>







drs: support sync-forced for 'samba-tool drs replicate --local'
2017-07-27T22:25:14+00:00

Tim Beale
timbeale@catalyst.net.nz

2017-05-29T05:06:55+00:00

314b96e18371e92cde8172c3f3739b52970ee2d7

The sync-forced option wasn't being passed into the replication request
when the --local option was used. This meant if outbound replication
were disabled on the target DC, then the replicate --local command would
fail.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>





The sync-forced option wasn't being passed into the replication request
when the --local option was used. This meant if outbound replication
were disabled on the target DC, then the replicate --local command would
fail.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>







python: Move partial replication logic into drs_utils.py
2017-02-23T10:36:21+00:00

Andrew Bartlett
abartlet@samba.org

2017-02-17T05:22:19+00:00

e2ba17d26af42974e5d389a3706a45fd00185875

This allows us to use this easily from join.py soon

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>





This allows us to use this easily from join.py soon

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>