[SCM] Samba Shared Repository - branch v4-7-stable updated

Karolin Seeger kseeger at samba.org
Wed Feb 7 08:49:52 UTC 2018


The branch, v4-7-stable has been updated
       via  c15b477 VERSION: Disable GIT_SNAPSHOT for the 4.7.5 release.
       via  bbf315b WHATSNEW: Add release notes for Samba 4.7.5.
       via  9f4091b dbcheck: skip find_missing_forward_links_from_backlinks() if the db has the sortedLinks feature
       via  692e6b2 dbcheck: add support for restoring missing forward links
       via  dad609d dbcheck: add find_missing_forward_links_from_backlinks()
       via  8fcdf4e dbcheck: make sure we ask for replPropertyMetaData if we need to process any forward link attributes
       via  944c05b dbcheck: make sure we always ask for the objectGUID attribute explicitly
       via  1c524c1 dbcheck: add a helper function that checks is a value has duplicate links
       via  323c8f2 dbcheck: add a dict where we remember attributes with duplicate links
       via  8224416 dbcheck: split out check_duplicate_links from check_dn
       via  6dd195d dbcheck: store fixed forward link attributes with the correct sorting
       via  882befa dbcheck: remove ldb.FLAG_MOD_REPLACE when replacing search results for forward links
       via  163c935 dbcheck: rename err_duplicate_links() to err_recover_forward_links() and adjust the output message
       via  43d419b dbcheck: add link direction to error message for duplicate links
       via  86015a9 dbcheck: rename err_duplicate_links arguments
       via  b03423b dbcheck: only pass obj_dn to err_orphaned_backlink()
       via  1d59b2a dbcheck: add forward_syntax argument to err_orphaned_backlink
       via  478f51c dbcheck: rename and reorder err_orphaned_backlink arguments
       via  b230586 selftest/dbcheck: add a test for corrupt forward links restoration
       via  51383bd Revert "dbcheck: disable fixing duplicate linked attributes until we can recover lost forward links"
       via  9819e1e python/common: add __cmp__ function to dsdb_Dn similar to parsed_dn_compare()
       via  ca2605a python:tests: add test_dsdb_Dn_sorted() to "samba.tests.common"
       via  12f6cf7 python:tests: remove test_dsdb_Dn() to test_dsdb_Dn_binary()
       via  fdf182b python:tests: use TestCaseInTempDir for "samba.tests.common"
       via  a73a751 vfs_fruit: set delete-on-close for empty finderinfo
       via  f06e251 vfs_fruit: filter out AFP_AfpInfo streams with pending delete-on-close
       via  f597147 vfs_fruit: factor out delete_invalid_meta_stream() from fruit_streaminfo_meta_stream()
       via  b4864ac s4/torture/fruit: enhance zero AFP_AfpInfo stream test
       via  2a376b7 s4/torture/fruit: ensure AFP_AfpInfo blobs are 0-initialized
       via  aba3f9b dbcheck: disable fixing duplicate linked attributes until we can recover lost forward links
       via  5070224 repl_meta_data: fix linked attribute corruption on databases with unsorted links on expunge
       via  376298e testprogs:blackbox: add regression test for unsorted links in tombstones-expunge.sh
       via  46a212d samba: Only use async signal-safe functions in signal handler
       via  fafbd4e waf: Fix NFS quota support with libtirpc
       via  7ed0c06 wafsamba: Allow passing 'lib' to CHECK_STRUCTURE_MEMBER
       via  25e01d9 build: deal with recent glibc sunrpc header removal
       via  f3f5d50 include: Create system/nis.h in libreplace
       via  3bc0a57 s3:waf: Move HAVE_NETGROUP to wscript
       via  bde3d64 vfs_default: use VFS statvfs macro in fs_capabilities
       via  da6ee0c vfs_ceph: add fs_capabilities hook to avoid local statvfs
       via  d251dcc selftest: allow more time for tests
       via  7336f54 s3: smbd: Use identical logic to test for kernel oplocks on a share.
       via  671a3c6 smbd: Fix coredump on failing chdir during logoff
       via  e21538a selftest: Add test for failing chdir call in smbd
       via  bba8e0f selftest: Make location of log file available in tests
       via  02c60f2 selftest: Add share for error injection testing
       via  028d129 vfs_error_inject: Add new module
       via  47b6eca ctdb-recovery-helper: Deregister message handler in error paths
       via  d983766 sysacls: change datatypes to 32 bits
       via  0752022 pysmbd: fix use of sysacl API
       via  424e40f HEIMDAL:kdc: fix dh->q allocation check in get_dh_param()
       via  d06e849 HEIMDAL: don't bother seeing q if not sent
       via  c793ac6 HEIMDAL: allow optional q in DH DomainParameters
       via  efc261d VERSION: Bump version up to 4.7.5...
      from  4b1b5b1 VERSION: Disable GIT_SNAPSHOT for the 4.7.4 release.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-stable


- Log -----------------------------------------------------------------
-----------------------------------------------------------------------

Summary of changes:
 VERSION                                            |   2 +-
 WHATSNEW.txt                                       |  91 +++++-
 buildtools/wafsamba/samba_autoconf.py              |   4 +-
 ctdb/server/ctdb_recovery_helper.c                 |  16 +-
 ctdb/wscript                                       |   2 +-
 lib/replace/system/nis.h                           |  83 ++++++
 lib/replace/wscript                                |  38 ++-
 lib/util/access.c                                  |  10 +-
 lib/util/wscript_build                             |   2 +-
 python/samba/common.py                             |  17 ++
 python/samba/dbchecker.py                          | 320 +++++++++++++++++----
 python/samba/tests/common.py                       |  33 ++-
 selftest/selftest.pl                               |   5 +-
 selftest/target/Samba3.pm                          |   4 +
 source3/auth/user_util.c                           |  13 +
 source3/auth/wscript_build                         |   2 +-
 source3/include/includes.h                         |  49 ----
 source3/include/smb_acls.h                         |  10 +-
 source3/lib/sysquotas_nfs.c                        |  11 +-
 source3/lib/util.c                                 |  11 +
 source3/modules/vfs_ceph.c                         |  15 +
 source3/modules/vfs_default.c                      |  14 +-
 source3/modules/vfs_error_inject.c                 | 100 +++++++
 source3/modules/vfs_fruit.c                        | 173 ++++++++---
 source3/modules/wscript_build                      |   7 +
 source3/script/tests/test_smbd_error.sh            |  56 ++++
 source3/selftest/tests.py                          |   3 +
 source3/smbd/oplock.c                              |  25 +-
 source3/smbd/pysmbd.c                              |  43 ++-
 source3/smbd/server_exit.c                         |   4 -
 source3/wscript                                    |  34 ++-
 source3/wscript_build                              |   2 +-
 source4/dsdb/samdb/ldb_modules/repl_meta_data.c    |  18 +-
 source4/heimdal/kdc/pkinit.c                       |  11 +-
 source4/heimdal/lib/asn1/rfc2459.asn1              |   2 +-
 source4/heimdal/lib/krb5/pkinit.c                  |   7 +-
 .../add-unsorted-links-step1.ldif                  |  72 +++++
 .../add-unsorted-links-step2.ldif                  |  12 +
 ...ted-after-dbcheck-forward-link-corruption.ldif} |   8 +-
 ...dbcheck-link-output-forward-link-corruption.txt |  12 +
 ...pected-dbcheck-link-output_duplicate_member.txt |   5 +-
 .../release-4-5-0-pre1/expected-expunge-output.txt |   2 +-
 .../expected-unsorted-links-after-expunge.ldif     |  23 ++
 source4/smbd/server.c                              |   4 +-
 source4/torture/vfs/fruit.c                        |  89 +++++-
 testprogs/blackbox/dbcheck-links.sh                |  78 +++++
 testprogs/blackbox/tombstones-expunge.sh           |  24 ++
 47 files changed, 1335 insertions(+), 231 deletions(-)
 create mode 100644 lib/replace/system/nis.h
 create mode 100644 source3/modules/vfs_error_inject.c
 create mode 100755 source3/script/tests/test_smbd_error.sh
 create mode 100644 source4/selftest/provisions/release-4-5-0-pre1/add-unsorted-links-step1.ldif
 create mode 100644 source4/selftest/provisions/release-4-5-0-pre1/add-unsorted-links-step2.ldif
 copy source4/selftest/provisions/release-4-5-0-pre1/{expected-duplicates-after-link-dbcheck.ldif => expected-after-dbcheck-forward-link-corruption.ldif} (65%)
 create mode 100644 source4/selftest/provisions/release-4-5-0-pre1/expected-dbcheck-link-output-forward-link-corruption.txt
 create mode 100644 source4/selftest/provisions/release-4-5-0-pre1/expected-unsorted-links-after-expunge.ldif


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index f24f545..05e61bf 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
 ########################################################
 SAMBA_VERSION_MAJOR=4
 SAMBA_VERSION_MINOR=7
-SAMBA_VERSION_RELEASE=4
+SAMBA_VERSION_RELEASE=5
 
 ########################################################
 # If a official release has a serious bug              #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 22ad049..2914f57 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,91 @@
                    =============================
+                   Release Notes for Samba 4.7.5
+                          February 7, 2018
+                   =============================
+
+
+This is the latest stable release of the Samba 4.7 release series.
+
+Major enhancements include:
+
+o  BUG 13228: This is a major issue in Samba's ActiveDirectory domain
+   controller code. It might happen that AD objects have missing or broken
+   linked attributes. This could lead to broken group memberships e.g.
+   All Samba AD domain controllers set up with Samba 4.6 or lower and then
+   upgraded to 4.7 are affected. The corrupt database can be fixed with
+   'samba-tool dbcheck --cross-ncs --fix'.
+
+
+Changes since 4.7.4:
+--------------------
+
+o  Jeremy Allison <jra at samba.org>
+   * BUG 13193: smbd tries to release not leased oplock during oplock II
+     downgrade.
+
+o  Ralph Boehme <slow at samba.org>
+   * BUG 13181: Fix copying file with empty FinderInfo from Windows client
+     to Samba share with fruit.
+
+o  G√ľnther Deschner <gd at samba.org>
+   * BUG 10976: build: Deal with recent glibc sunrpc header removal.
+   * BUG 13238: Make Samba work with tirpc and libnsl2.
+
+o  David Disseldorp <ddiss at samba.org>
+   * BUG 13208: vfs_ceph: Add fs_capabilities hook to avoid local statvfs.
+
+o  Love Hornquist Astrand <lha at h5l.org>
+   * BUG 12986: Kerberos: PKINIT: Can't decode algorithm parameters in
+     clientPublicValue.
+
+o  Amitay Isaacs <amitay at gmail.com>
+   * BUG 13188: ctdb-recovery-helper: Deregister message handler in error
+     paths.
+
+o  Volker Lendecke <vl at samba.org>
+   * BUG 13240: samba: Only use async signal-safe functions in signal handler.
+
+o  Stefan Metzmacher <metze at samba.org>
+   * BUG 12986: Kerberos: PKINIT: Can't decode algorithm parameters in
+     clientPublicValue.
+   * BUG 13228: repl_meta_data: Fix linked attribute corruption on databases
+     with unsorted links on expunge. dbcheck: Add functionality to fix the
+     corrupt database.
+
+o  Christof Schmitt <cs at samba.org>
+   * BUG 13189: Fix smbd panic when chdir returns error during exit.
+
+o  Andreas Schneider <asn at samba.org>
+   * BUG 13238: Make Samba work with tirpc and libnsl2.
+
+o  Uri Simchoni <uri at samba.org>
+   * BUG 13176: Fix POSIX ACL support on HPUX and possibly other big-endian OSs.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored.  All bug reports should
+be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+                   =============================
                    Release Notes for Samba 4.7.4
                           December 22, 2017
                    =============================
@@ -119,8 +206,8 @@ database (https://bugzilla.samba.org/).
 ======================================================================
 
 
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
+
 
                    =============================
                    Release Notes for Samba 4.7.3
diff --git a/buildtools/wafsamba/samba_autoconf.py b/buildtools/wafsamba/samba_autoconf.py
index 795d130..5305d9a 100644
--- a/buildtools/wafsamba/samba_autoconf.py
+++ b/buildtools/wafsamba/samba_autoconf.py
@@ -454,7 +454,8 @@ def CHECK_CODE(conf, code, define,
 
 @conf
 def CHECK_STRUCTURE_MEMBER(conf, structname, member,
-                           always=False, define=None, headers=None):
+                           always=False, define=None, headers=None,
+                           lib=None):
     '''check for a structure member'''
     if define is None:
         define = 'HAVE_%s' % member.upper()
@@ -463,6 +464,7 @@ def CHECK_STRUCTURE_MEMBER(conf, structname, member,
                       define,
                       execute=False,
                       link=False,
+                      lib=lib,
                       always=always,
                       headers=headers,
                       local_include=False,
diff --git a/ctdb/server/ctdb_recovery_helper.c b/ctdb/server/ctdb_recovery_helper.c
index 9f7fc07..e966b3a 100644
--- a/ctdb/server/ctdb_recovery_helper.c
+++ b/ctdb/server/ctdb_recovery_helper.c
@@ -397,6 +397,7 @@ struct pull_database_state {
 	uint32_t pnn;
 	uint64_t srvid;
 	int num_records;
+	int result;
 };
 
 static void pull_database_handler(uint64_t srvid, TDB_DATA data,
@@ -594,8 +595,8 @@ static void pull_database_new_done(struct tevent_req *subreq)
 	if (! status) {
 		D_ERR("control DB_PULL failed for %s on node %u, ret=%d\n",
 		      recdb_name(state->recdb), state->pnn, ret);
-		tevent_req_error(req, ret);
-		return;
+		state->result = ret;
+		goto unregister;
 	}
 
 	ret = ctdb_reply_control_db_pull(reply, &num_records);
@@ -604,13 +605,15 @@ static void pull_database_new_done(struct tevent_req *subreq)
 		D_ERR("mismatch (%u != %u) in DB_PULL records for db %s\n",
 		      num_records, state->num_records,
 		      recdb_name(state->recdb));
-		tevent_req_error(req, EIO);
-		return;
+		state->result = EIO;
+		goto unregister;
 	}
 
 	D_INFO("Pulled %d records for db %s from node %d\n",
 	       state->num_records, recdb_name(state->recdb), state->pnn);
 
+unregister:
+
 	subreq = ctdb_client_remove_message_handler_send(
 					state, state->ev, state->client,
 					state->srvid, req);
@@ -638,6 +641,11 @@ static void pull_database_unregister_done(struct tevent_req *subreq)
 		return;
 	}
 
+	if (state->result != 0) {
+		tevent_req_error(req, state->result);
+		return;
+	}
+
 	tevent_req_done(req);
 }
 
diff --git a/ctdb/wscript b/ctdb/wscript
index c678228..ad53bb9 100644
--- a/ctdb/wscript
+++ b/ctdb/wscript
@@ -540,7 +540,7 @@ def build(bld):
     bld.SAMBA_BINARY('smnotify',
                      source=bld.SUBDIR('utils/smnotify',
                                        'smnotify.c gen_smnotify.c gen_xdr.c'),
-                     deps='ctdb-smnotify-h ctdb-smnotify-c ctdb-smnotify-x popt',
+                     deps='ctdb-smnotify-h ctdb-smnotify-c ctdb-smnotify-x popt tirpc',
                      includes='utils utils/smnotify',
                      install_path='${CTDB_HELPER_BINDIR}')
 
diff --git a/lib/replace/system/nis.h b/lib/replace/system/nis.h
new file mode 100644
index 0000000..068595a
--- /dev/null
+++ b/lib/replace/system/nis.h
@@ -0,0 +1,83 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   nis system include wrappers
+
+   Copyright (C) Andrew Tridgell 2004
+
+     ** NOTE! The following LGPL license applies to the replace
+     ** library. This does NOT imply that all of Samba is released
+     ** under the LGPL
+
+   This library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 3 of the License, or (at your option) any later version.
+
+   This library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with this library; if not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _nis_passwd_h
+#define _nis_passwd_h
+
+#if defined(HAVE_RPC_RPC_H)
+/*
+ * Check for AUTH_ERROR define conflict with rpc/rpc.h in prot.h.
+ */
+#if defined(HAVE_SYS_SECURITY_H) && defined(HAVE_RPC_AUTH_ERROR_CONFLICT)
+#undef AUTH_ERROR
+#endif /* HAVE_SYS_SECURITY_H && HAVE_RPC_AUTH_ERROR_CONFLICT */
+/*
+ * HP-UX 11.X has TCP_NODELAY and TCP_MAXSEG defined in <netinet/tcp.h> which
+ * was included above.  However <rpc/rpc.h> includes <sys/xti.h> which defines
+ * them again without checking if they already exsist.  This generates
+ * two "Redefinition of macro" warnings for every single .c file that is
+ * compiled.
+ */
+#if defined(HPUX) && defined(TCP_NODELAY)
+#undef TCP_NODELAY
+#endif /* HPUX && TCP_NODELAY */
+
+#if defined(HPUX) && defined(TCP_MAXSEG)
+#undef TCP_MAXSEG
+#endif /* HPUX && TCP_MAXSEG */
+
+#include <rpc/rpc.h>
+#endif /* HAVE_RPC_RPC_H */
+
+
+#if defined (HAVE_NETGROUP)
+
+#if defined(HAVE_RPCSVC_YP_PROT_H)
+/*
+ * HP-UX 11.X has TCP_NODELAY and TCP_MAXSEG defined in <netinet/tcp.h> which
+ * was included above.  However <rpc/rpc.h> includes <sys/xti.h> which defines
+ * them again without checking if they already exsist.  This generates
+ * two "Redefinition of macro" warnings for every single .c file that is
+ * compiled.
+ */
+#if defined(HPUX) && defined(TCP_NODELAY)
+#undef TCP_NODELAY
+#endif /* HPUX && TCP_MAXSEG */
+
+#if defined(HPUX) && defined(TCP_MAXSEG)
+#undef TCP_MAXSEG
+#endif /* HPUX && TCP_MAXSEG */
+
+#include <rpcsvc/yp_prot.h>
+
+#endif /* HAVE_RPCSVC_YP_PROT_H */
+
+#if defined(HAVE_RPCSVC_YPCLNT_H)
+#include <rpcsvc/ypclnt.h>
+#endif /* HAVE_RPCSVC_YPCLNT_H */
+
+#endif /* HAVE_NETGROUP */
+
+#endif /* _nis_passwd_h */
diff --git a/lib/replace/wscript b/lib/replace/wscript
index 7357eea..edd7484 100644
--- a/lib/replace/wscript
+++ b/lib/replace/wscript
@@ -5,7 +5,7 @@ VERSION = '1.2.1'
 
 blddir = 'bin'
 
-import sys, os
+import Logs, sys, os
 
 # find the buildtools directory
 srcdir = '.'
@@ -65,14 +65,42 @@ def configure(conf):
                         headers='sys/inotify.h')
 
     conf.CHECK_HEADERS('security/pam_appl.h zlib.h asm/unistd.h')
-    conf.CHECK_HEADERS('aio.h sys/unistd.h rpc/rpc.h rpc/nettype.h alloca.h float.h')
+    conf.CHECK_HEADERS('aio.h sys/unistd.h alloca.h float.h')
+
+    conf.SET_TARGET_TYPE('tirpc', 'EMPTY')
+    conf.CHECK_HEADERS('rpc/rpc.h rpc/nettype.h')
+    if not conf.CONFIG_SET('HAVE_RPC_RPC_H'):
+        if conf.CHECK_CFG(package='libtirpc', args='--cflags --libs',
+                       msg='Checking for libtirpc headers',
+                       uselib_store='TIRPC'):
+            conf.CHECK_HEADERS('rpc/rpc.h rpc/nettype.h', lib='tirpc', together=True)
+            conf.SET_TARGET_TYPE('tirpc', 'SYSLIB')
+    if not conf.CONFIG_SET('HAVE_RPC_RPC_H'):
+        if conf.CHECK_CFG(package='libntirpc', args='--cflags',
+                       msg='Checking for libntirpc headers',
+                       uselib_store='TIRPC'):
+            conf.CHECK_HEADERS('rpc/rpc.h rpc/nettype.h', lib='tirpc', together=True)
+            conf.SET_TARGET_TYPE('tirpc', 'SYSLIB')
+    if not conf.CONFIG_SET('HAVE_RPC_RPC_H'):
+            Logs.error('ERROR: No rpc/rpc.h header found, tirpc or libntirpc missing?')
+            sys.exit(1)
+
+    conf.SET_TARGET_TYPE('nsl', 'EMPTY')
+    conf.CHECK_HEADERS('rpc/rpc.h rpcsvc/yp_prot.h', lib='tirpc')
+    if not conf.CONFIG_SET('HAVE_RPCSVC_YP_PROT_H'):
+        if conf.CHECK_CFG(package='libnsl', args='--cflags --libs',
+                          msg='Checking for libnsl',
+                          uselib_store='NSL'):
+            conf.SET_TARGET_TYPE('nsl', 'SYSLIB')
+            conf.CHECK_HEADERS('rpc/rpc.h rpcsvc/yp_prot.h', lib='tirpc nsl')
+        else:
+            conf.SET_TARGET_TYPE('nsl', 'SYSLIB')
+    conf.CHECK_HEADERS('rpcsvc/nis.h rpcsvc/ypclnt.h', lib='tirpc nsl')
 
-    conf.CHECK_HEADERS('rpcsvc/nis.h rpcsvc/ypclnt.h sys/sysctl.h')
+    conf.CHECK_HEADERS('sys/sysctl.h')
     conf.CHECK_HEADERS('sys/fileio.h sys/filesys.h sys/dustat.h sys/sysmacros.h')
     conf.CHECK_HEADERS('xfs/libxfs.h netgroup.h')
 
-    conf.CHECK_CODE('', headers='rpc/rpc.h rpcsvc/yp_prot.h', define='HAVE_RPCSVC_YP_PROT_H')
-
     conf.CHECK_HEADERS('valgrind.h valgrind/valgrind.h valgrind/memcheck.h')
     conf.CHECK_HEADERS('nss_common.h nsswitch.h ns_api.h')
     conf.CHECK_HEADERS('sys/extattr.h sys/ea.h sys/proplist.h sys/cdefs.h')
diff --git a/lib/util/access.c b/lib/util/access.c
index 6d04a5f..7da0573 100644
--- a/lib/util/access.c
+++ b/lib/util/access.c
@@ -22,6 +22,10 @@
 #include "lib/util/access.h"
 #include "lib/util/unix_match.h"
 
+#if defined(HAVE_NETGROUP)
+#include "system/nis.h"
+#endif
+
 #define NAME_INDEX 0
 #define ADDR_INDEX 1
 
@@ -143,11 +147,11 @@ static bool string_match(const char *tok,const char *s)
 
 		netgroup_ok = innetgr(tok + 1, hostname, (char *) 0, mydomain);
 
-		DEBUG(5,("looking for %s of domain %s in netgroup %s gave %s\n",
+		DBG_INFO("%s %s of domain %s in netgroup %s\n",
+			 netgroup_ok ? "Found" : "Could not find",
 			 hostname,
 			 mydomain?mydomain:"(ANY)",
-			 tok+1,
-			 BOOLSTR(netgroup_ok)));
+			 tok+1);
 
 		SAFE_FREE(hostname);
 
diff --git a/lib/util/wscript_build b/lib/util/wscript_build
index 1d2f2ba..bfa5839 100644
--- a/lib/util/wscript_build
+++ b/lib/util/wscript_build
@@ -203,7 +203,7 @@ else:
 
     bld.SAMBA_SUBSYSTEM('access',
                         source='access.c',
-                        deps='interfaces samba-util',
+                        deps='interfaces samba-util tirpc nsl',
                         local_include=False)
 
     bld.SAMBA_SUBSYSTEM('util_str_escape',
diff --git a/python/samba/common.py b/python/samba/common.py
index 20f170c..a915934 100644
--- a/python/samba/common.py
+++ b/python/samba/common.py
@@ -19,6 +19,8 @@
 
 import ldb
 import dsdb
+from samba.ndr import ndr_pack
+from samba.dcerpc import misc
 import binascii
 
 
@@ -93,6 +95,21 @@ class dsdb_Dn(object):
     def __str__(self):
         return self.prefix + str(self.dn.extended_str(mode=1))
 
+    def __cmp__(self, other):
+        ''' compare dsdb_Dn values similar to parsed_dn_compare()'''
+        dn1 = self
+        dn2 = other
+        guid1 = dn1.dn.get_extended_component("GUID")
+        guid1b = ndr_pack(misc.GUID(guid1))
+        guid2 = dn2.dn.get_extended_component("GUID")
+        guid2b = ndr_pack(misc.GUID(guid2))
+
+        v = cmp(guid1, guid2)
+        if v != 0:
+            return v
+        v = cmp(dn1.binary, dn2.binary)
+        return v
+
     def get_binary_integer(self):
         '''return binary part of a dsdb_Dn as an integer, or None'''
         if self.prefix == '':
diff --git a/python/samba/dbchecker.py b/python/samba/dbchecker.py
index 1933740..b2b8b0c 100644
--- a/python/samba/dbchecker.py
+++ b/python/samba/dbchecker.py
@@ -65,7 +65,9 @@ class dbcheck(object):
         self.fix_undead_linked_attributes = False
         self.fix_all_missing_backlinks = False
         self.fix_all_orphaned_backlinks = False
-        self.fix_all_duplicate_links = False
+        self.fix_all_missing_forward_links = False
+        self.duplicate_link_cache = dict()
+        self.recover_all_forward_links = False
         self.fix_rmd_flags = False
         self.fix_ntsecuritydescriptor = False
         self.fix_ntsecuritydescriptor_owner_group = False
@@ -184,6 +186,23 @@ class dbcheck(object):
         else:
             self.rid_set_dn = None
 
+        self.compatibleFeatures = []
+        self.requiredFeatures = []
+
+        try:
+            res = self.samdb.search(scope=ldb.SCOPE_BASE,
+                                    base="@SAMBA_DSDB",
+                                    attrs=["compatibleFeatures",
+                                    "requiredFeatures"])
+            if "compatibleFeatures" in res[0]:
+                self.compatibleFeatures = res[0]["compatibleFeatures"]
+            if "requiredFeatures" in res[0]:
+                self.requiredFeatures = res[0]["requiredFeatures"]
+        except ldb.LdbError as (enum, estr):
+            if enum != ldb.ERR_NO_SUCH_OBJECT:
+                raise
+            pass
+
     def check_database(self, DN=None, scope=ldb.SCOPE_SUBTREE, controls=[], attrs=['*']):
         '''perform a database check, returning the number of errors found'''
         res = self.samdb.search(base=DN, scope=scope, attrs=['dn'], controls=controls)
@@ -708,31 +727,44 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base)))
                           "Failed to fix incorrect RMD_FLAGS %u" % rmd_flags):
             self.report("Fixed incorrect RMD_FLAGS %u" % (rmd_flags))
 
-    def err_orphaned_backlink(self, obj, attrname, val, link_name, target_dn):
+    def err_orphaned_backlink(self, obj_dn, backlink_attr, backlink_val,
+                              target_dn, forward_attr, forward_syntax,
+                              check_duplicates=True):
         '''handle a orphaned backlink value'''
-        self.report("ERROR: orphaned backlink attribute '%s' in %s for link %s in %s" % (attrname, obj.dn, link_name, target_dn))
-        if not self.confirm_all('Remove orphaned backlink %s' % attrname, 'fix_all_orphaned_backlinks'):
-            self.report("Not removing orphaned backlink %s" % attrname)
+        if check_duplicates is True and self.has_duplicate_links(target_dn, forward_attr, forward_syntax):
+            self.report("WARNING: Keep orphaned backlink attribute " + \
+                        "'%s' in '%s' for link '%s' in '%s'" % (
+                        backlink_attr, obj_dn, forward_attr, target_dn))
+            return
+        self.report("ERROR: orphaned backlink attribute '%s' in %s for link %s in %s" % (backlink_attr, obj_dn, forward_attr, target_dn))
+        if not self.confirm_all('Remove orphaned backlink %s' % backlink_attr, 'fix_all_orphaned_backlinks'):
+            self.report("Not removing orphaned backlink %s" % backlink_attr)
             return
         m = ldb.Message()
-        m.dn = obj.dn
-        m['value'] = ldb.MessageElement(val, ldb.FLAG_MOD_DELETE, attrname)
+        m.dn = obj_dn
+        m['value'] = ldb.MessageElement(backlink_val, ldb.FLAG_MOD_DELETE, backlink_attr)


-- 
Samba Shared Repository



More information about the samba-cvs mailing list