search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
samba-tool: Changed fsmo implementation
[Samba.git] / source4 / scripting / python / samba / netcmd / fsmo.py
blob58b920d0a370d39fcb7bce9838000204a7c3de39
1 #!/usr/bin/env python
2 #
3 # Changes a FSMO role owner
4 #
5 # Copyright Nadezhda Ivanova 2009
6 # Copyright Jelmer Vernooij 2009
7 # Copyright Giampaolo Lauria 2011 <lauria2@yahoo.com>
8 #
9 # This program is free software; you can redistribute it and/or modify
10 # it under the terms of the GNU General Public License as published by
11 # the Free Software Foundation; either version 3 of the License, or
12 # (at your option) any later version.
13 #
14 # This program is distributed in the hope that it will be useful,
15 # but WITHOUT ANY WARRANTY; without even the implied warranty of
16 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 # GNU General Public License for more details.
18 #
19 # You should have received a copy of the GNU General Public License
20 # along with this program. If not, see <http://www.gnu.org/licenses/>.
21 #
22
23 import samba.getopt as options
24 import ldb
25 from ldb import LdbError
26
27 from samba.auth import system_session
28 from samba.netcmd import (
29 Command,
30 CommandError,
31 SuperCommand,
32 Option,
33 )
34 from samba.samdb import SamDB
35
36
37
38 class cmd_fsmo_seize(Command):
39 """Seize the role"""
40
41 synopsis = "%prog fsmo seize [options]"
42
43 takes_options = [
44 Option("-H", "--URL", help="LDB URL for database or target server", type=str,
45 metavar="URL", dest="H"),
46 Option("--force", help="Force seizing of the role without attempting to transfer first.", action="store_true"),
47 Option("--role", type="choice", choices=["rid", "pdc", "infrastructure","schema","naming","all"],
48 help="""The FSMO role to seize or transfer.\n
49 rid=RidAllocationMasterRole\n
50 schema=SchemaMasterRole\n
51 pdc=PdcEmulationMasterRole\n
52 naming=DomainNamingMasterRole\n
53 infrastructure=InfrastructureMasterRole\n
54 all=all of the above"""),
55 ]
56
57 takes_args = []
58
59 def seize_role(self, role, samdb, force):
60 res = samdb.search("",
61 scope=ldb.SCOPE_BASE, attrs=["dsServiceName"])
62 assert len(res) == 1
63 serviceName = res[0]["dsServiceName"][0]
64 domain_dn = samdb.domain_dn()
65 m = ldb.Message()
66 if role == "rid":
67 m.dn = ldb.Dn(samdb, self.rid_dn)
68 elif role == "pdc":
69 m.dn = ldb.Dn(samdb, domain_dn)
70 elif role == "naming":
71 m.dn = ldb.Dn(samdb, self.naming_dn)
72 elif role == "infrastructure":
73 m.dn = ldb.Dn(samdb, self.infrastructure_dn)
74 elif role == "schema":
75 m.dn = ldb.Dn(samdb, self.schema_dn)
76 else:
77 raise CommandError("Invalid FSMO role.")
78 #first try to transfer to avoid problem if the owner is still active
79 if force is None:
80 self.message("Attempting transfer...")
81 try:
82 self.transfer_role(role, samdb)
83 except LdbError, (num, _):
84 #transfer failed, use the big axe...
85 self.message("Transfer unsuccessful, seizing...")
86 m["fSMORoleOwner"]= ldb.MessageElement(
87 serviceName, ldb.FLAG_MOD_REPLACE,
88 "fSMORoleOwner")
89 else:
90 self.message("Will not attempt transfer, seizing...")
91 m["fSMORoleOwner"]= ldb.MessageElement(
92 serviceName, ldb.FLAG_MOD_REPLACE,
93 "fSMORoleOwner")
94 try:
95 samdb.modify(m)
96 except LdbError, (num, msg):
97 raise CommandError("Failed to initiate role seize of '%s' role: %s" % (role, msg))
98 print("FSMO transfer of '%s' role successful" % role)
99
100 def run(self, force=None, H=None, role=None,
101 credopts=None, sambaopts=None, versionopts=None):
102
103 lp = sambaopts.get_loadparm()
104 creds = credopts.get_credentials(lp, fallback_machine=True)
105
106 samdb = SamDB(url=H, session_info=system_session(),
107 credentials=creds, lp=lp)
108
109 if role == "all":
110 self.seize_role("rid", samdb, force)
111 self.seize_role("pdc", samdb, force)
112 self.seize_role("naming", samdb, force)
113 self.seize_role("infrastructure", samdb, force)
114 self.seize_role("schema", samdb, force)
115 else:
116 self.seize_role(role, samdb, force)
117
118
119
120 class cmd_fsmo_show(Command):
121 """Show the roles"""
122
123 synopsis = "%prog fsmo show [options]"
124
125 takes_options = [
126 Option("-H", "--URL", help="LDB URL for database or target server", type=str,
127 metavar="URL", dest="H"),
128 ]
129
130 takes_args = []
131
132 def run(self, H=None,
133 credopts=None, sambaopts=None, versionopts=None):
134 lp = sambaopts.get_loadparm()
135 creds = credopts.get_credentials(lp, fallback_machine=True)
136
137 samdb = SamDB(url=H, session_info=system_session(),
138 credentials=creds, lp=lp)
139
140 domain_dn = samdb.domain_dn()
141 self.infrastructure_dn = "CN=Infrastructure," + domain_dn
142 self.naming_dn = "CN=Partitions,CN=Configuration," + domain_dn
143 self.schema_dn = "CN=Schema,CN=Configuration," + domain_dn
144 self.rid_dn = "CN=RID Manager$,CN=System," + domain_dn
145
146 res = samdb.search(self.infrastructure_dn,
147 scope=ldb.SCOPE_BASE, attrs=["fSMORoleOwner"])
148 assert len(res) == 1
149 self.infrastructureMaster = res[0]["fSMORoleOwner"][0]
150
151 res = samdb.search(domain_dn,
152 scope=ldb.SCOPE_BASE, attrs=["fSMORoleOwner"])
153 assert len(res) == 1
154 self.pdcEmulator = res[0]["fSMORoleOwner"][0]
155
156 res = samdb.search(self.naming_dn,
157 scope=ldb.SCOPE_BASE, attrs=["fSMORoleOwner"])
158 assert len(res) == 1
159 self.namingMaster = res[0]["fSMORoleOwner"][0]
160
161 res = samdb.search(self.schema_dn,
162 scope=ldb.SCOPE_BASE, attrs=["fSMORoleOwner"])
163 assert len(res) == 1
164 self.schemaMaster = res[0]["fSMORoleOwner"][0]
165
166 res = samdb.search(self.rid_dn,
167 scope=ldb.SCOPE_BASE, attrs=["fSMORoleOwner"])
168 assert len(res) == 1
169 self.ridMaster = res[0]["fSMORoleOwner"][0]
170
171 self.message("InfrastructureMasterRole owner: " + self.infrastructureMaster)
172 self.message("RidAllocationMasterRole owner: " + self.ridMaster)
173 self.message("PdcEmulationMasterRole owner: " + self.pdcEmulator)
174 self.message("DomainNamingMasterRole owner: " + self.namingMaster)
175 self.message("SchemaMasterRole owner: " + self.schemaMaster)
176
177
178
179 class cmd_fsmo_transfer(Command):
180 """Transfer the role"""
181
182 synopsis = "%prog fsmo transfer [options]"
183
184 takes_options = [
185 Option("-H", "--URL", help="LDB URL for database or target server", type=str,
186 metavar="URL", dest="H"),
187 Option("--role", type="choice", choices=["rid", "pdc", "infrastructure","schema","naming","all"],
188 help="""The FSMO role to seize or transfer.\n
189 rid=RidAllocationMasterRole\n
190 schema=SchemaMasterRole\n
191 pdc=PdcEmulationMasterRole\n
192 naming=DomainNamingMasterRole\n
193 infrastructure=InfrastructureMasterRole\n
194 all=all of the above"""),
195 ]
196
197 takes_args = []
198
199 def transfer_role(self, role, samdb):
200 m = ldb.Message()
201 m.dn = ldb.Dn(samdb, "")
202 if role == "rid":
203 m["becomeRidMaster"]= ldb.MessageElement(
204 "1", ldb.FLAG_MOD_REPLACE,
205 "becomeRidMaster")
206 elif role == "pdc":
207 domain_dn = samdb.domain_dn()
208 res = samdb.search(domain_dn,
209 scope=ldb.SCOPE_BASE, attrs=["objectSid"])
210 assert len(res) == 1
211 sid = res[0]["objectSid"][0]
212 m["becomePdc"]= ldb.MessageElement(
213 sid, ldb.FLAG_MOD_REPLACE,
214 "becomePdc")
215 elif role == "naming":
216 m["becomeDomainMaster"]= ldb.MessageElement(
217 "1", ldb.FLAG_MOD_REPLACE,
218 "becomeDomainMaster")
219 samdb.modify(m)
220 elif role == "infrastructure":
221 m["becomeInfrastructureMaster"]= ldb.MessageElement(
222 "1", ldb.FLAG_MOD_REPLACE,
223 "becomeInfrastructureMaster")
224 elif role == "schema":
225 m["becomeSchemaMaster"]= ldb.MessageElement(
226 "1", ldb.FLAG_MOD_REPLACE,
227 "becomeSchemaMaster")
228 else:
229 raise CommandError("Invalid FSMO role.")
230 try:
231 samdb.modify(m)
232 except LdbError, (num, msg):
233 raise CommandError("Failed to initiate transfer of '%s' role: %s" % (role, msg))
234 print("FSMO transfer of '%s' role successful" % role)
235
236 def run(self, force=None, H=None, role=None,
237 credopts=None, sambaopts=None, versionopts=None):
238
239 lp = sambaopts.get_loadparm()
240 creds = credopts.get_credentials(lp, fallback_machine=True)
241
242 samdb = SamDB(url=H, session_info=system_session(),
243 credentials=creds, lp=lp)
244
245 if role == "all":
246 self.transfer_role("rid", samdb)
247 self.transfer_role("pdc", samdb)
248 self.transfer_role("naming", samdb)
249 self.transfer_role("infrastructure", samdb)
250 self.transfer_role("schema", samdb)
251 else:
252 self.transfer_role(role, samdb)
253
254
255
256 class cmd_fsmo(SuperCommand):
257 """Flexible Single Master Operations (FSMO) roles management *"""
258
259 subcommands = {}
260 subcommands["seize"] = cmd_fsmo_seize()
261 subcommands["show"] = cmd_fsmo_show()
262 subcommands["transfer"] = cmd_fsmo_transfer()
Samba GIT mirror