diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2015-10-13 15:26:20 +1300 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2015-10-26 05:11:22 +0100 |
| commit | e432c1b6826ecafeb355bd1d06e33f2eb67e58b8 (patch) | |
| tree | 4ff41fa783b3d402da40fbb5a227552e2f284ef5 /python | |
| parent | 097435cfd9ba1bc3778e1637b55e78e5ba182061 (diff) | |
| download | samba-e432c1b6826ecafeb355bd1d06e33f2eb67e58b8.tar.gz samba-e432c1b6826ecafeb355bd1d06e33f2eb67e58b8.tar.bz2 samba-e432c1b6826ecafeb355bd1d06e33f2eb67e58b8.zip | |
samba-tool domain demote: Refuse to remove ourself
This ensures that a different server is the one being demoted from the local database
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Diffstat (limited to 'python')
| -rw-r--r-- | python/samba/remove_dc.py | 8 | ||||
| -rw-r--r-- | python/samba/tests/blackbox/samba_tool_drs.py | 7 |
2 files changed, 13 insertions, 2 deletions
diff --git a/python/samba/remove_dc.py b/python/samba/remove_dc.py index ded7f00f6bf..89502121ad8 100644 --- a/python/samba/remove_dc.py +++ b/python/samba/remove_dc.py @@ -127,9 +127,12 @@ def offline_remove_ntds_dc(samdb, ntds_dn, res = samdb.search("", scope=ldb.SCOPE_BASE, attrs=["dsServiceName"]) assert len(res) == 1 - my_serviceName = res[0]["dsServiceName"][0] + my_serviceName = ldb.Dn(samdb, res[0]["dsServiceName"][0]) server_dn = ntds_dn.parent() + if my_serviceName == ntds_dn: + raise DemoteException("Refusing to demote our own DSA: %s " % my_serviceName) + try: msgs = samdb.search(base=ntds_dn, expression="objectClass=ntdsDSA", attrs=["objectGUID"], scope=ldb.SCOPE_BASE) @@ -191,7 +194,8 @@ def offline_remove_ntds_dc(samdb, ntds_dn, def remove_dc(samdb, dc_name): - # TODO: Check if this is the last server + # TODO: Check if this is the last server (covered mostly by + # refusing to remove our own name) samdb.transaction_start() diff --git a/python/samba/tests/blackbox/samba_tool_drs.py b/python/samba/tests/blackbox/samba_tool_drs.py index b65f5af0f08..13678f5a077 100644 --- a/python/samba/tests/blackbox/samba_tool_drs.py +++ b/python/samba/tests/blackbox/samba_tool_drs.py @@ -163,6 +163,13 @@ class SambaToolDrsTests(samba.tests.BlackboxTestCase): self.assertEqual(ds_name, server_ds_name) self.assertEqual(ldap_service_name, server_ldap_service_name) + def demote_self(): + # While we have this cloned, try demoting the other server on the clone + out = self.check_output("samba-tool domain demote --remove-other-dead-server=%s -H %s/private/sam.ldb" + % (self.dc1, + self.tempdir)) + self.assertRaises(samba.tests.BlackboxProcessError, demote_self) + # While we have this cloned, try demoting the other server on the clone out = self.check_output("samba-tool domain demote --remove-other-dead-server=%s -H %s/private/sam.ldb" % (self.dc2, |