[SCM] Samba Shared Repository - branch master updated
Garming Sam
garming at samba.org
Tue Nov 22 05:00:03 UTC 2016
The branch, master has been updated
via c1a316b samba_dnsupdate: Raise after the error count is incremented
via f4d6e2a samba_dnsupdate: cmd._run doesn't have Exceptions
via 683fcad doc: Add doxygen for functions in srv_keytab.c
via b02da11 s4-auth: Don't check for NULL saltPrincipal if it doesn't need it
via 44d209c selftest: Ensure we catch errors from samba-tool domain tombstones expunge
via 04eb95a dbcheck: Correct message for orphaned backlinks
via f051e5b dbcheck: Be more careful with link checks
via 8315d4d selftest: Add test for link and deleted link behaviour in dbcheck
via 5889f39 upgradeprovision: Remove objectCategory from constructed attrs
from 79bbd81 python/provision: Remove unused parameter schema
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit c1a316bea66541410612156e87ab142472518d4f
Author: Garming Sam <garming at catalyst.net.nz>
Date: Tue Jul 26 11:34:05 2016 +1200
samba_dnsupdate: Raise after the error count is incremented
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Garming Sam <garming at samba.org>
Autobuild-Date(master): Tue Nov 22 05:59:40 CET 2016 on sn-devel-144
commit f4d6e2ab7008c284084e4e804a86bd9090a42d63
Author: Garming Sam <garming at catalyst.net.nz>
Date: Wed Jul 27 09:40:09 2016 +1200
samba_dnsupdate: cmd._run doesn't have Exceptions
It returns a return code of -1 instead.
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 683fcad3ca1617a07e9ade82ec7e44ac512ab415
Author: Garming Sam <garming at catalyst.net.nz>
Date: Thu Sep 15 16:04:12 2016 +1200
doc: Add doxygen for functions in srv_keytab.c
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10882
commit b02da114980d46e9e251a5d3dfbf549ef348548a
Author: Garming Sam <garming at catalyst.net.nz>
Date: Wed Sep 7 12:18:29 2016 +1200
s4-auth: Don't check for NULL saltPrincipal if it doesn't need it
This check causes 4.1 domains to be unable to change their DNS backend
correctly as they do not have the saltPrincipal value stored.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10882
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 44d209c893d28030cb9928b974c8aa31348ac395
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Nov 7 11:58:04 2016 +1300
selftest: Ensure we catch errors from samba-tool domain tombstones expunge
The previous code would overwrite $? before the return, so always returned 0
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12297
commit 04eb95a46b069f0238dbd232528fd1fadb745066
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Nov 7 11:04:03 2016 +1300
dbcheck: Correct message for orphaned backlinks
The backlink name is in attrname, not in link_name
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12297
commit f051e5bf00d6df70048dd0cf901dd7b37be09669
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Oct 25 10:10:34 2016 +1300
dbcheck: Be more careful with link checks
Here we are more careful when checking links, flagging errors only
when a non-deleted forward link appears incorrect. In particular, we
trust the GUID more than we trust the name, as otherwise we can get
caught out if there is a swap of names, (the link should follow the
swap, staying on the same target GUID).
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12297
commit 8315d4d03ac77f1727ff01e87392f6e49ba40def
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Nov 7 11:39:53 2016 +1300
selftest: Add test for link and deleted link behaviour in dbcheck
The other dbcheck tests were getting over-complex, so we start a new test
here based on tombestone-expunge.sh, as we are looking at very similar
problems
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12297
commit 5889f399daad54124e0bb2be1fe81da1df67c84e
Author: Garming Sam <garming at catalyst.net.nz>
Date: Mon Nov 21 15:06:22 2016 +1300
upgradeprovision: Remove objectCategory from constructed attrs
The new dbcheck rules identify an error where the GUID of the
objectCategory does not exist (pointing to a non-existent schema
object). As objectClass was not copied over either, it makes sense not
to copy over the objectCategory.
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12297
-----------------------------------------------------------------------
Summary of changes:
python/samba/dbchecker.py | 38 +++--
selftest/knownfail | 2 +-
selftest/tests.py | 5 +
source4/auth/kerberos/srv_keytab.c | 59 ++++++-
source4/scripting/bin/samba_dnsupdate | 10 +-
source4/scripting/bin/samba_upgradeprovision | 2 +-
.../expected-dbcheck-link-output.txt | 42 +++++
...expected-deleted-links-after-link-dbcheck.ldif} | 2 +-
...ldif => expected-links-after-link-dbcheck.ldif} | 2 +-
.../expected-objects-after-link-dbcheck.ldif | 5 +
testprogs/blackbox/dbcheck-links.sh | 188 +++++++++++++++++++++
testprogs/blackbox/tombstones-expunge.sh | 2 +-
12 files changed, 333 insertions(+), 24 deletions(-)
create mode 100644 source4/selftest/provisions/release-4-5-0-pre1/expected-dbcheck-link-output.txt
copy source4/selftest/provisions/release-4-5-0-pre1/{expected-deleted-links-after-expunge.ldif => expected-deleted-links-after-link-dbcheck.ldif} (89%)
copy source4/selftest/provisions/release-4-5-0-pre1/{expected-links-after-expunge.ldif => expected-links-after-link-dbcheck.ldif} (88%)
create mode 100644 source4/selftest/provisions/release-4-5-0-pre1/expected-objects-after-link-dbcheck.ldif
create mode 100755 testprogs/blackbox/dbcheck-links.sh
Changeset truncated at 500 lines:
diff --git a/python/samba/dbchecker.py b/python/samba/dbchecker.py
index 294c320..3fcfbc0 100644
--- a/python/samba/dbchecker.py
+++ b/python/samba/dbchecker.py
@@ -516,8 +516,9 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base)))
"Failed to remove deleted DN attribute %s" % attrname):
self.report("Removed deleted DN on attribute %s" % attrname)
- def err_missing_dn_GUID(self, dn, attrname, val, dsdb_dn):
- """handle a missing target DN (both GUID and DN string form are missing)"""
+ def err_missing_target_dn_or_GUID(self, dn, attrname, val, dsdb_dn):
+ """handle a missing target DN (if specified, GUID form can't be found,
+ and otherwise DN string form can't be found)"""
# check if its a backlink
linkID, _ = self.get_attr_linkID_and_reverse_name(attrname)
if (linkID & 1 == 0) and str(dsdb_dn).find('\\0ADEL') == -1:
@@ -525,7 +526,7 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base)))
return
self.err_deleted_dn(dn, attrname, val, dsdb_dn, dsdb_dn, False)
- def err_incorrect_dn_GUID(self, dn, attrname, val, dsdb_dn, errstr):
+ def err_missing_dn_GUID_component(self, dn, attrname, val, dsdb_dn, errstr):
"""handle a missing GUID extended DN component"""
self.report("ERROR: %s component for %s in object %s - %s" % (errstr, attrname, dn, val))
controls=["extended_dn:1:1", "show_recycled:1"]
@@ -534,11 +535,13 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base)))
attrs=[], controls=controls)
except ldb.LdbError, (enum, estr):
self.report("unable to find object for DN %s - (%s)" % (dsdb_dn.dn, estr))
- self.err_missing_dn_GUID(dn, attrname, val, dsdb_dn)
+ if enum != ldb.ERR_NO_SUCH_OBJECT:
+ raise
+ self.err_missing_target_dn_or_GUID(dn, attrname, val, dsdb_dn)
return
if len(res) == 0:
self.report("unable to find object for DN %s" % dsdb_dn.dn)
- self.err_missing_dn_GUID(dn, attrname, val, dsdb_dn)
+ self.err_missing_target_dn_or_GUID(dn, attrname, val, dsdb_dn)
return
dsdb_dn.dn = res[0].dn
@@ -648,15 +651,15 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base)))
def err_orphaned_backlink(self, obj, attrname, val, link_name, target_dn):
'''handle a orphaned backlink value'''
self.report("ERROR: orphaned backlink attribute '%s' in %s for link %s in %s" % (attrname, obj.dn, link_name, target_dn))
- if not self.confirm_all('Remove orphaned backlink %s' % link_name, 'fix_all_orphaned_backlinks'):
- self.report("Not removing orphaned backlink %s" % link_name)
+ if not self.confirm_all('Remove orphaned backlink %s' % attrname, 'fix_all_orphaned_backlinks'):
+ self.report("Not removing orphaned backlink %s" % attrname)
return
m = ldb.Message()
m.dn = obj.dn
m['value'] = ldb.MessageElement(val, ldb.FLAG_MOD_DELETE, attrname)
if self.do_modify(m, ["show_recycled:1", "relax:0"],
- "Failed to fix orphaned backlink %s" % link_name):
- self.report("Fixed orphaned backlink %s" % (link_name))
+ "Failed to fix orphaned backlink %s" % attrname):
+ self.report("Fixed orphaned backlink %s" % (attrname))
def err_no_fsmoRoleOwner(self, obj):
'''handle a missing fSMORoleOwner'''
@@ -821,7 +824,7 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base)))
guid = dsdb_dn.dn.get_extended_component("GUID")
if guid is None:
error_count += 1
- self.err_incorrect_dn_GUID(obj.dn, attrname, val, dsdb_dn,
+ self.err_missing_dn_GUID_component(obj.dn, attrname, val, dsdb_dn,
"missing GUID")
continue
@@ -846,7 +849,11 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base)))
])
except ldb.LdbError, (enum, estr):
error_count += 1
- self.err_incorrect_dn_GUID(obj.dn, attrname, val, dsdb_dn, "incorrect GUID")
+ self.report("ERROR: no target object found for GUID component for %s in object %s - %s" % (attrname, obj.dn, val))
+ if enum != ldb.ERR_NO_SUCH_OBJECT:
+ raise
+
+ self.err_missing_target_dn_or_GUID(obj.dn, attrname, val, dsdb_dn)
continue
if fixing_msDS_HasInstantiatedNCs:
@@ -898,6 +905,15 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base)))
self.err_deleted_dn(obj.dn, attrname, val, dsdb_dn, res[0].dn, False)
continue
+ # We should not check for incorrect
+ # components on deleted links, as these are allowed to
+ # go stale (we just need the GUID, not the name)
+ rmd_blob = dsdb_dn.dn.get_extended_component("RMD_FLAGS")
+ if rmd_blob is not None:
+ rmd_flags = int(rmd_blob)
+ if rmd_flags & 1:
+ continue
+
# check the DN matches in string form
if str(res[0].dn) != str(dsdb_dn.dn):
error_count += 1
diff --git a/selftest/knownfail b/selftest/knownfail
index ddfe0ad..da37827 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -309,4 +309,4 @@
^samba4.drs.ridalloc_exop.python.*ridalloc_exop.DrsReplicaSyncTestCase.test_offline_ridalloc
^samba4.drs.ridalloc_exop.python.*ridalloc_exop.DrsReplicaSyncTestCase.test_join_time_ridalloc
^samba4.drs.ridalloc_exop.python.*ridalloc_exop.DrsReplicaSyncTestCase.test_rid_set_dbcheck_after_seize
-^samba4.drs.ridalloc_exop.python.*ridalloc_exop.DrsReplicaSyncTestCase.test_rid_set_dbcheck
\ No newline at end of file
+^samba4.drs.ridalloc_exop.python.*ridalloc_exop.DrsReplicaSyncTestCase.test_rid_set_dbcheck
diff --git a/selftest/tests.py b/selftest/tests.py
index ac4ddd4..04a8df2 100644
--- a/selftest/tests.py
+++ b/selftest/tests.py
@@ -109,6 +109,11 @@ plantestsuite(
["PYTHON=%s" % python,
os.path.join(bbdir, "tombstones-expunge.sh"),
'$PREFIX_ABS/provision', 'release-4-5-0-pre1', configuration])
+plantestsuite(
+ "samba4.blackbox.dbcheck-links.release-4-5-0-pre1", "none",
+ ["PYTHON=%s" % python,
+ os.path.join(bbdir, "dbcheck-links.sh"),
+ '$PREFIX_ABS/provision', 'release-4-5-0-pre1', configuration])
planpythontestsuite("none", "samba.tests.upgradeprovision")
planpythontestsuite("none", "samba.tests.xattr")
planpythontestsuite("none", "samba.tests.ntacls")
diff --git a/source4/auth/kerberos/srv_keytab.c b/source4/auth/kerberos/srv_keytab.c
index 6e02b81..d08721b 100644
--- a/source4/auth/kerberos/srv_keytab.c
+++ b/source4/auth/kerberos/srv_keytab.c
@@ -20,6 +20,12 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
+/**
+ * @file srv_keytab.c
+ *
+ * @brief Kerberos keytab utility functions
+ *
+ */
#include "includes.h"
#include "system/kerberos.h"
@@ -189,6 +195,31 @@ done:
return ret;
}
+/**
+ * @brief Update a Kerberos keytab and removes any obsolete keytab entries.
+ *
+ * If the keytab does not exist, this function will create one.
+ *
+ * @param[in] parent_ctx Talloc memory context
+ * @param[in] context Kerberos context
+ * @param[in] keytab_name Keytab to open
+ * @param[in] samAccountName User account to update
+ * @param[in] realm Kerberos realm
+ * @param[in] SPNs Service principal names to update
+ * @param[in] num_SPNs Length of SPNs
+ * @param[in] saltPrincipal Salt used for AES encryption.
+ * Required, unless delete_all_kvno is set.
+ * @param[in] old_secret Old password
+ * @param[in] new_secret New password
+ * @param[in] kvno Current key version number
+ * @param[in] supp_enctypes msDS-SupportedEncryptionTypes bit-field
+ * @param[in] delete_all_kvno Removes all obsolete entries, without
+ * recreating the keytab.
+ * @param[out] _keytab If supplied, returns the keytab
+ * @param[out] perror_string Error string on failure
+ *
+ * @return 0 on success, errno on failure
+ */
krb5_error_code smb_krb5_update_keytab(TALLOC_CTX *parent_ctx,
krb5_context context,
const char *keytab_name,
@@ -218,12 +249,6 @@ krb5_error_code smb_krb5_update_keytab(TALLOC_CTX *parent_ctx,
return ENOENT;
}
- if (saltPrincipal == NULL) {
- *perror_string = talloc_strdup(parent_ctx,
- "No saltPrincipal provided");
- return EINVAL;
- }
-
ret = krb5_kt_resolve(context, keytab_name, &keytab);
if (ret) {
*perror_string = smb_get_krb5_error_message(context,
@@ -283,6 +308,12 @@ krb5_error_code smb_krb5_update_keytab(TALLOC_CTX *parent_ctx,
/* Create a new keytab. If during the cleanout we found
* entires for kvno -1, then don't try and duplicate them.
* Otherwise, add kvno, and kvno -1 */
+ if (saltPrincipal == NULL) {
+ *perror_string = talloc_strdup(parent_ctx,
+ "No saltPrincipal provided");
+ ret = EINVAL;
+ goto done;
+ }
ret = create_keytab(tmp_ctx,
samAccountName, upper_realm, saltPrincipal,
@@ -312,6 +343,22 @@ done:
return ret;
}
+/**
+ * @brief Wrapper around smb_krb5_update_keytab() for creating an in-memory keytab
+ *
+ * @param[in] parent_ctx Talloc memory context
+ * @param[in] context Kerberos context
+ * @param[in] new_secret New password
+ * @param[in] samAccountName User account to update
+ * @param[in] realm Kerberos realm
+ * @param[in] salt_principal Salt used for AES encryption.
+ * Required, unless delete_all_kvno is set.
+ * @param[in] kvno Current key version number
+ * @param[out] keytab If supplied, returns the keytab
+ * @param[out] keytab_name Returns the created keytab name
+ *
+ * @return 0 on success, errno on failure
+ */
krb5_error_code smb_krb5_create_memory_keytab(TALLOC_CTX *parent_ctx,
krb5_context context,
const char *new_secret,
diff --git a/source4/scripting/bin/samba_dnsupdate b/source4/scripting/bin/samba_dnsupdate
index 16265f6..1633561 100755
--- a/source4/scripting/bin/samba_dnsupdate
+++ b/source4/scripting/bin/samba_dnsupdate
@@ -554,14 +554,20 @@ def call_samba_tool(d, op="add", zone=None):
cmd = cmd_dns()
if opts.verbose:
print "Calling samba-tool dns %s -k no -P %s" % (op, args)
- cmd._run("dns", op, "-k", "no", "-P", *args)
+ ret = cmd._run("dns", op, "-k", "no", "-P", *args)
+ if ret == -1:
+ if opts.fail_immediately:
+ sys.exit(1)
+ error_count = error_count + 1
+ if opts.verbose:
+ print("Failed 'samba-tool dns' based update: %s : %s" % (str(d), estr))
except Exception, estr:
- raise
if opts.fail_immediately:
sys.exit(1)
error_count = error_count + 1
if opts.verbose:
print("Failed 'samba-tool dns' based update: %s : %s" % (str(d), estr))
+ raise
def rodc_dns_update(d, t, op):
'''a single DNS update via the RODC netlogon call'''
diff --git a/source4/scripting/bin/samba_upgradeprovision b/source4/scripting/bin/samba_upgradeprovision
index bc6e36a..ccfc578 100755
--- a/source4/scripting/bin/samba_upgradeprovision
+++ b/source4/scripting/bin/samba_upgradeprovision
@@ -94,7 +94,7 @@ __docformat__ = "restructuredText"
# created
# This also apply to imported object from reference provision
replAttrNotCopied = [ "dn", "whenCreated", "whenChanged", "objectGUID",
- "parentGUID", "objectCategory", "distinguishedName",
+ "parentGUID", "distinguishedName",
"instanceType", "cn",
"lmPwdHistory", "pwdLastSet", "ntPwdHistory",
"unicodePwd", "dBCSPwd", "supplementalCredentials",
diff --git a/source4/selftest/provisions/release-4-5-0-pre1/expected-dbcheck-link-output.txt b/source4/selftest/provisions/release-4-5-0-pre1/expected-dbcheck-link-output.txt
new file mode 100644
index 0000000..ccbe0e2
--- /dev/null
+++ b/source4/selftest/provisions/release-4-5-0-pre1/expected-dbcheck-link-output.txt
@@ -0,0 +1,42 @@
+Checking 221 objects
+ERROR: linked attribute 'member' to '<GUID=118943ce-41c2-48cb-a511-b68c6feaa8aa>;<RMD_ADDTIME=131116484670000000>;<RMD_CHANGETIME=131116484700000000>;<RMD_FLAGS=1>;<RMD_INVOCID=4e4496a3-7fb8-4f97-8a33-d238db8b5e2d>;<RMD_LOCAL_USN=3729>;<RMD_ORIGINATING_USN=3729>;<RMD_VERSION=1>;<SID=S-1-5-21-4177067393-1453636373-93818738-1103>;CN=User UT. Tester,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp' is present on deleted object CN=gsg\0ADEL:91aa85cc-fc19-4b8c-9fc7-aaba425439c7,CN=Deleted Objects,DC=release-4-5-0-pre1,DC=samba,DC=corp
+Remove linked attribute member [YES]
+Fixed undead forward link member
+ERROR: linked attribute 'member' to '<GUID=50d78122-17c8-4352-acf0-8f549b5b5b3c>;<RMD_ADDTIME=131116484670000000>;<RMD_CHANGETIME=131116484700000000>;<RMD_FLAGS=1>;<RMD_INVOCID=4e4496a3-7fb8-4f97-8a33-d238db8b5e2d>;<RMD_LOCAL_USN=3729>;<RMD_ORIGINATING_USN=3729>;<RMD_VERSION=1>;<SID=S-1-5-21-4177067393-1453636373-93818738-1104>;CN=User1 UT. Tester,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp' is present on deleted object CN=gsg\0ADEL:91aa85cc-fc19-4b8c-9fc7-aaba425439c7,CN=Deleted Objects,DC=release-4-5-0-pre1,DC=samba,DC=corp
+Remove linked attribute member [YES]
+Fixed undead forward link member
+ERROR: linked attribute 'member' to '<GUID=118943ce-41c2-48cb-a511-b68c6feaa8aa>;<RMD_ADDTIME=131116484690000000>;<RMD_CHANGETIME=131116484720000000>;<RMD_FLAGS=1>;<RMD_INVOCID=4e4496a3-7fb8-4f97-8a33-d238db8b5e2d>;<RMD_LOCAL_USN=3733>;<RMD_ORIGINATING_USN=3733>;<RMD_VERSION=1>;<SID=S-1-5-21-4177067393-1453636373-93818738-1103>;CN=User UT. Tester,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp' is present on deleted object CN=udg\0ADEL:7cff5537-51b1-4d26-a295-0225dbea8525,CN=Deleted Objects,DC=release-4-5-0-pre1,DC=samba,DC=corp
+Remove linked attribute member [YES]
+Fixed undead forward link member
+ERROR: linked attribute 'member' to '<GUID=50d78122-17c8-4352-acf0-8f549b5b5b3c>;<RMD_ADDTIME=131116484690000000>;<RMD_CHANGETIME=131116484720000000>;<RMD_FLAGS=1>;<RMD_INVOCID=4e4496a3-7fb8-4f97-8a33-d238db8b5e2d>;<RMD_LOCAL_USN=3733>;<RMD_ORIGINATING_USN=3733>;<RMD_VERSION=1>;<SID=S-1-5-21-4177067393-1453636373-93818738-1104>;CN=User1 UT. Tester,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp' is present on deleted object CN=udg\0ADEL:7cff5537-51b1-4d26-a295-0225dbea8525,CN=Deleted Objects,DC=release-4-5-0-pre1,DC=samba,DC=corp
+Remove linked attribute member [YES]
+Fixed undead forward link member
+ERROR: target DN is deleted for member in object CN=swimmers,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp - <GUID=2301a64c-5b42-4ca8-851e-12d4a711cfb4>;<RMD_ADDTIME=131116485990000000>;<RMD_CHANGETIME=131116485990000000>;<RMD_FLAGS=1>;<RMD_INVOCID=4e4496a3-7fb8-4f97-8a33-d238db8b5e2d>;<RMD_LOCAL_USN=3745>;<RMD_ORIGINATING_USN=3745>;<RMD_VERSION=1>;<SID=S-1-5-21-4177067393-1453636373-93818738-1111>;CN=fred,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp
+Target GUID points at deleted DN 'CN=fred\\0ADEL:2301a64c-5b42-4ca8-851e-12d4a711cfb4,CN=Deleted Objects,DC=release-4-5-0-pre1,DC=samba,DC=corp'
+Remove stale DN link? [YES]
+Removed deleted DN on attribute member
+ERROR: linked attribute 'member' to '<GUID=118943ce-41c2-48cb-a511-b68c6feaa8aa>;<RMD_ADDTIME=131116484690000000>;<RMD_CHANGETIME=131116484710000000>;<RMD_FLAGS=1>;<RMD_INVOCID=4e4496a3-7fb8-4f97-8a33-d238db8b5e2d>;<RMD_LOCAL_USN=3732>;<RMD_ORIGINATING_USN=3732>;<RMD_VERSION=1>;<SID=S-1-5-21-4177067393-1453636373-93818738-1103>;CN=User UT. Tester,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp' is present on deleted object CN=gdg\0ADEL:e0f581e7-14ee-4fc2-839c-8f46f581c72a,CN=Deleted Objects,DC=release-4-5-0-pre1,DC=samba,DC=corp
+Remove linked attribute member [YES]
+Fixed undead forward link member
+ERROR: linked attribute 'member' to '<GUID=50d78122-17c8-4352-acf0-8f549b5b5b3c>;<RMD_ADDTIME=131116484690000000>;<RMD_CHANGETIME=131116484710000000>;<RMD_FLAGS=1>;<RMD_INVOCID=4e4496a3-7fb8-4f97-8a33-d238db8b5e2d>;<RMD_LOCAL_USN=3732>;<RMD_ORIGINATING_USN=3732>;<RMD_VERSION=1>;<SID=S-1-5-21-4177067393-1453636373-93818738-1104>;CN=User1 UT. Tester,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp' is present on deleted object CN=gdg\0ADEL:e0f581e7-14ee-4fc2-839c-8f46f581c72a,CN=Deleted Objects,DC=release-4-5-0-pre1,DC=samba,DC=corp
+Remove linked attribute member [YES]
+Fixed undead forward link member
+ERROR: linked attribute 'member' to '<GUID=118943ce-41c2-48cb-a511-b68c6feaa8aa>;<RMD_ADDTIME=131116484670000000>;<RMD_CHANGETIME=131116484700000000>;<RMD_FLAGS=1>;<RMD_INVOCID=4e4496a3-7fb8-4f97-8a33-d238db8b5e2d>;<RMD_LOCAL_USN=3728>;<RMD_ORIGINATING_USN=3728>;<RMD_VERSION=1>;<SID=S-1-5-21-4177067393-1453636373-93818738-1103>;CN=User UT. Tester,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp' is present on deleted object CN=dsg\0ADEL:6d66d0ef-cad7-4e5d-b1b6-4a233a21c269,CN=Deleted Objects,DC=release-4-5-0-pre1,DC=samba,DC=corp
+Remove linked attribute member [YES]
+Fixed undead forward link member
+ERROR: linked attribute 'member' to '<GUID=50d78122-17c8-4352-acf0-8f549b5b5b3c>;<RMD_ADDTIME=131116484670000000>;<RMD_CHANGETIME=131116484700000000>;<RMD_FLAGS=1>;<RMD_INVOCID=4e4496a3-7fb8-4f97-8a33-d238db8b5e2d>;<RMD_LOCAL_USN=3728>;<RMD_ORIGINATING_USN=3728>;<RMD_VERSION=1>;<SID=S-1-5-21-4177067393-1453636373-93818738-1104>;CN=User1 UT. Tester,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp' is present on deleted object CN=dsg\0ADEL:6d66d0ef-cad7-4e5d-b1b6-4a233a21c269,CN=Deleted Objects,DC=release-4-5-0-pre1,DC=samba,DC=corp
+Remove linked attribute member [YES]
+Fixed undead forward link member
+ERROR: linked attribute 'member' to '<GUID=118943ce-41c2-48cb-a511-b68c6feaa8aa>;<RMD_ADDTIME=131116484680000000>;<RMD_CHANGETIME=131116484700000000>;<RMD_FLAGS=1>;<RMD_INVOCID=4e4496a3-7fb8-4f97-8a33-d238db8b5e2d>;<RMD_LOCAL_USN=3730>;<RMD_ORIGINATING_USN=3730>;<RMD_VERSION=1>;<SID=S-1-5-21-4177067393-1453636373-93818738-1103>;CN=User UT. Tester,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp' is present on deleted object CN=usg\0ADEL:d012e8f5-a4bd-40ea-a2a1-68ff2508847d,CN=Deleted Objects,DC=release-4-5-0-pre1,DC=samba,DC=corp
+Remove linked attribute member [YES]
+Fixed undead forward link member
+ERROR: linked attribute 'member' to '<GUID=50d78122-17c8-4352-acf0-8f549b5b5b3c>;<RMD_ADDTIME=131116484680000000>;<RMD_CHANGETIME=131116484700000000>;<RMD_FLAGS=1>;<RMD_INVOCID=4e4496a3-7fb8-4f97-8a33-d238db8b5e2d>;<RMD_LOCAL_USN=3730>;<RMD_ORIGINATING_USN=3730>;<RMD_VERSION=1>;<SID=S-1-5-21-4177067393-1453636373-93818738-1104>;CN=User1 UT. Tester,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp' is present on deleted object CN=usg\0ADEL:d012e8f5-a4bd-40ea-a2a1-68ff2508847d,CN=Deleted Objects,DC=release-4-5-0-pre1,DC=samba,DC=corp
+Remove linked attribute member [YES]
+Fixed undead forward link member
+ERROR: linked attribute 'member' to '<GUID=118943ce-41c2-48cb-a511-b68c6feaa8aa>;<RMD_ADDTIME=131116484680000000>;<RMD_CHANGETIME=131116484710000000>;<RMD_FLAGS=1>;<RMD_INVOCID=4e4496a3-7fb8-4f97-8a33-d238db8b5e2d>;<RMD_LOCAL_USN=3731>;<RMD_ORIGINATING_USN=3731>;<RMD_VERSION=1>;<SID=S-1-5-21-4177067393-1453636373-93818738-1103>;CN=User UT. Tester,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp' is present on deleted object CN=ddg\0ADEL:fb8c2fe3-5448-43de-99f9-e1d3b9357cfc,CN=Deleted Objects,DC=release-4-5-0-pre1,DC=samba,DC=corp
+Remove linked attribute member [YES]
+Fixed undead forward link member
+ERROR: linked attribute 'member' to '<GUID=50d78122-17c8-4352-acf0-8f549b5b5b3c>;<RMD_ADDTIME=131116484680000000>;<RMD_CHANGETIME=131116484710000000>;<RMD_FLAGS=1>;<RMD_INVOCID=4e4496a3-7fb8-4f97-8a33-d238db8b5e2d>;<RMD_LOCAL_USN=3731>;<RMD_ORIGINATING_USN=3731>;<RMD_VERSION=1>;<SID=S-1-5-21-4177067393-1453636373-93818738-1104>;CN=User1 UT. Tester,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp' is present on deleted object CN=ddg\0ADEL:fb8c2fe3-5448-43de-99f9-e1d3b9357cfc,CN=Deleted Objects,DC=release-4-5-0-pre1,DC=samba,DC=corp
+Remove linked attribute member [YES]
+Fixed undead forward link member
+Checked 221 objects (13 errors)
diff --git a/source4/selftest/provisions/release-4-5-0-pre1/expected-deleted-links-after-expunge.ldif b/source4/selftest/provisions/release-4-5-0-pre1/expected-deleted-links-after-link-dbcheck.ldif
similarity index 89%
copy from source4/selftest/provisions/release-4-5-0-pre1/expected-deleted-links-after-expunge.ldif
copy to source4/selftest/provisions/release-4-5-0-pre1/expected-deleted-links-after-link-dbcheck.ldif
index c8163a6..af09a4f 100644
--- a/source4/selftest/provisions/release-4-5-0-pre1/expected-deleted-links-after-expunge.ldif
+++ b/source4/selftest/provisions/release-4-5-0-pre1/expected-deleted-links-after-link-dbcheck.ldif
@@ -7,7 +7,7 @@ dn: CN=leaders,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp
# record 3
dn: CN=swimmers,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp
-member: CN=user1,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp
+member: CN=user1x,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp
# Referral
ref: ldap:///CN=Configuration,DC=release-4-5-0-pre1,DC=samba,DC=corp
diff --git a/source4/selftest/provisions/release-4-5-0-pre1/expected-links-after-expunge.ldif b/source4/selftest/provisions/release-4-5-0-pre1/expected-links-after-link-dbcheck.ldif
similarity index 88%
copy from source4/selftest/provisions/release-4-5-0-pre1/expected-links-after-expunge.ldif
copy to source4/selftest/provisions/release-4-5-0-pre1/expected-links-after-link-dbcheck.ldif
index c69501b..0151acf 100644
--- a/source4/selftest/provisions/release-4-5-0-pre1/expected-links-after-expunge.ldif
+++ b/source4/selftest/provisions/release-4-5-0-pre1/expected-links-after-link-dbcheck.ldif
@@ -6,7 +6,7 @@ dn: CN=leaders,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp
# record 3
dn: CN=swimmers,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp
-member: CN=user1,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp
+member: CN=user1x,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp
# Referral
ref: ldap:///CN=Configuration,DC=release-4-5-0-pre1,DC=samba,DC=corp
diff --git a/source4/selftest/provisions/release-4-5-0-pre1/expected-objects-after-link-dbcheck.ldif b/source4/selftest/provisions/release-4-5-0-pre1/expected-objects-after-link-dbcheck.ldif
new file mode 100644
index 0000000..18ba914
--- /dev/null
+++ b/source4/selftest/provisions/release-4-5-0-pre1/expected-objects-after-link-dbcheck.ldif
@@ -0,0 +1,5 @@
+sAMAccountName: user1
+sAMAccountName: ddg
+sAMAccountName: usg
+sAMAccountName: fred
+sAMAccountName: user2
diff --git a/testprogs/blackbox/dbcheck-links.sh b/testprogs/blackbox/dbcheck-links.sh
new file mode 100755
index 0000000..11592f0
--- /dev/null
+++ b/testprogs/blackbox/dbcheck-links.sh
@@ -0,0 +1,188 @@
+#!/bin/sh
+
+if [ $# -lt 1 ]; then
+cat <<EOF
+Usage: dbcheck-links.sh PREFIX RELEASE
+EOF
+exit 1;
+fi
+
+PREFIX_ABS="$1"
+RELEASE="$2"
+shift 2
+
+. `dirname $0`/subunit.sh
+
+release_dir=`dirname $0`/../../source4/selftest/provisions/$RELEASE
+
+ldbadd="ldbadd"
+if [ -x "$BINDIR/ldbadd" ]; then
+ ldbadd="$BINDIR/ldbadd"
+fi
+
+ldbmodify="ldbmodify"
+if [ -x "$BINDIR/ldbmodify" ]; then
+ ldbmodify="$BINDIR/ldbmodify"
+fi
+
+ldbdel="ldbdel"
+if [ -x "$BINDIR/ldbdel" ]; then
+ ldbdel="$BINDIR/ldbdel"
+fi
+
+ldbsearch="ldbsearch"
+if [ -x "$BINDIR/ldbsearch" ]; then
+ ldbsearch="$BINDIR/ldbsearch"
+fi
+
+ldbrename="ldbrename"
+if [ -x "$BINDIR/ldbrename" ]; then
+ ldbrename="$BINDIR/ldbrename"
+fi
+
+undump() {
+ if test -x $BINDIR/tdbrestore;
+ then
+ `dirname $0`/../../source4/selftest/provisions/undump.sh $release_dir $PREFIX_ABS/$RELEASE $BINDIR/tdbrestore
+ else
+ `dirname $0`/../../source4/selftest/provisions/undump.sh $release_dir $PREFIX_ABS/$RELEASE
+ fi
+}
+
+dbcheck() {
+ tmpfile=$PREFIX_ABS/$RELEASE/expected-dbcheck-link-output.txt.tmp
+ tmpldif1=$PREFIX_ABS/$RELEASE/expected-dbcheck-output2.txt.tmp1
+
+ TZ=UTC $ldbsearch -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb -s base -b '' | grep highestCommittedUSN > $tmpldif1
+
+ $PYTHON $BINDIR/samba-tool dbcheck -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb --fix --yes > $tmpfile
+ if [ "$?" != "1" ]; then
+ return 1
+ fi
+ diff $tmpfile $release_dir/expected-dbcheck-link-output.txt
+ if [ "$?" != "0" ]; then
+ return 1
+ fi
+
+ tmpldif2=$PREFIX_ABS/$RELEASE/expected-dbcheck-output2.txt.tmp2
+ TZ=UTC $ldbsearch -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb -s base -b '' | grep highestCommittedUSN > $tmpldif2
+
+ diff $tmpldif1 $tmpldif2
+ if [ "$?" != "0" ]; then
+ return 1
+ fi
+}
+
+dbcheck_clean() {
+ tmpldif1=$PREFIX_ABS/$RELEASE/expected-dbcheck-output2.txt.tmp1
+
+ TZ=UTC $ldbsearch -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb -s base -b '' | grep highestCommittedUSN > $tmpldif1
+
+ $PYTHON $BINDIR/samba-tool dbcheck -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb
+ if [ "$?" != "0" ]; then
+ return 1
+ fi
+ tmpldif2=$PREFIX_ABS/$RELEASE/expected-dbcheck-output2.txt.tmp2
+ TZ=UTC $ldbsearch -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb -s base -b '' | grep highestCommittedUSN > $tmpldif2
+
+ diff $tmpldif1 $tmpldif2
+ if [ "$?" != "0" ]; then
+ return 1
+ fi
+}
+
+add_two_more_users() {
+ ldif=$release_dir/add-two-more-users.ldif
+ TZ=UTC $ldbadd -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb $ldif
+ if [ "$?" != "0" ]; then
+ return 1
+ fi
+}
+
+add_four_more_links() {
+ ldif=$release_dir/add-four-more-links.ldif
+ TZ=UTC $ldbmodify -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb $ldif
+ if [ "$?" != "0" ]; then
+ return 1
+ fi
+}
+
+remove_one_link() {
+ ldif=$release_dir/remove-one-more-link.ldif
+ TZ=UTC $ldbmodify -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb $ldif
+ if [ "$?" != "0" ]; then
+ return 1
+ fi
+}
+
+remove_one_user() {
+ ldif=$release_dir/remove-one-more-user.ldif
+ TZ=UTC $ldbmodify -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb $ldif
+ if [ "$?" != "0" ]; then
+ return 1
+ fi
+}
+
+move_one_user() {
+ TZ=UTC $ldbrename -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb 'cn=user1,cn=users,DC=release-4-5-0-pre1,DC=samba,DC=corp' 'cn=user1x,cn=users,DC=release-4-5-0-pre1,DC=samba,DC=corp'
+ if [ "$?" != "0" ]; then
+ return 1
+ fi
+}
+
+check_expected_after_links() {
+ tmpldif=$PREFIX_ABS/$RELEASE/expected-links-after-link-dbcheck.ldif.tmp
+ TZ=UTC $ldbsearch -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb '(|(cn=swimmers)(cn=leaders)(cn=helpers))' -s sub -b DC=release-4-5-0-pre1,DC=samba,DC=corp --show-deleted --sorted member > $tmpldif
+ diff $tmpldif $release_dir/expected-links-after-link-dbcheck.ldif
+ if [ "$?" != "0" ]; then
+ return 1
+ fi
--
Samba Shared Repository
More information about the samba-cvs
mailing list