[SCM] Samba Shared Repository - branch v4-7-stable updated
Karolin Seeger
kseeger at samba.org
Wed Feb 7 08:49:52 UTC 2018
The branch, v4-7-stable has been updated
via c15b477 VERSION: Disable GIT_SNAPSHOT for the 4.7.5 release.
via bbf315b WHATSNEW: Add release notes for Samba 4.7.5.
via 9f4091b dbcheck: skip find_missing_forward_links_from_backlinks() if the db has the sortedLinks feature
via 692e6b2 dbcheck: add support for restoring missing forward links
via dad609d dbcheck: add find_missing_forward_links_from_backlinks()
via 8fcdf4e dbcheck: make sure we ask for replPropertyMetaData if we need to process any forward link attributes
via 944c05b dbcheck: make sure we always ask for the objectGUID attribute explicitly
via 1c524c1 dbcheck: add a helper function that checks is a value has duplicate links
via 323c8f2 dbcheck: add a dict where we remember attributes with duplicate links
via 8224416 dbcheck: split out check_duplicate_links from check_dn
via 6dd195d dbcheck: store fixed forward link attributes with the correct sorting
via 882befa dbcheck: remove ldb.FLAG_MOD_REPLACE when replacing search results for forward links
via 163c935 dbcheck: rename err_duplicate_links() to err_recover_forward_links() and adjust the output message
via 43d419b dbcheck: add link direction to error message for duplicate links
via 86015a9 dbcheck: rename err_duplicate_links arguments
via b03423b dbcheck: only pass obj_dn to err_orphaned_backlink()
via 1d59b2a dbcheck: add forward_syntax argument to err_orphaned_backlink
via 478f51c dbcheck: rename and reorder err_orphaned_backlink arguments
via b230586 selftest/dbcheck: add a test for corrupt forward links restoration
via 51383bd Revert "dbcheck: disable fixing duplicate linked attributes until we can recover lost forward links"
via 9819e1e python/common: add __cmp__ function to dsdb_Dn similar to parsed_dn_compare()
via ca2605a python:tests: add test_dsdb_Dn_sorted() to "samba.tests.common"
via 12f6cf7 python:tests: remove test_dsdb_Dn() to test_dsdb_Dn_binary()
via fdf182b python:tests: use TestCaseInTempDir for "samba.tests.common"
via a73a751 vfs_fruit: set delete-on-close for empty finderinfo
via f06e251 vfs_fruit: filter out AFP_AfpInfo streams with pending delete-on-close
via f597147 vfs_fruit: factor out delete_invalid_meta_stream() from fruit_streaminfo_meta_stream()
via b4864ac s4/torture/fruit: enhance zero AFP_AfpInfo stream test
via 2a376b7 s4/torture/fruit: ensure AFP_AfpInfo blobs are 0-initialized
via aba3f9b dbcheck: disable fixing duplicate linked attributes until we can recover lost forward links
via 5070224 repl_meta_data: fix linked attribute corruption on databases with unsorted links on expunge
via 376298e testprogs:blackbox: add regression test for unsorted links in tombstones-expunge.sh
via 46a212d samba: Only use async signal-safe functions in signal handler
via fafbd4e waf: Fix NFS quota support with libtirpc
via 7ed0c06 wafsamba: Allow passing 'lib' to CHECK_STRUCTURE_MEMBER
via 25e01d9 build: deal with recent glibc sunrpc header removal
via f3f5d50 include: Create system/nis.h in libreplace
via 3bc0a57 s3:waf: Move HAVE_NETGROUP to wscript
via bde3d64 vfs_default: use VFS statvfs macro in fs_capabilities
via da6ee0c vfs_ceph: add fs_capabilities hook to avoid local statvfs
via d251dcc selftest: allow more time for tests
via 7336f54 s3: smbd: Use identical logic to test for kernel oplocks on a share.
via 671a3c6 smbd: Fix coredump on failing chdir during logoff
via e21538a selftest: Add test for failing chdir call in smbd
via bba8e0f selftest: Make location of log file available in tests
via 02c60f2 selftest: Add share for error injection testing
via 028d129 vfs_error_inject: Add new module
via 47b6eca ctdb-recovery-helper: Deregister message handler in error paths
via d983766 sysacls: change datatypes to 32 bits
via 0752022 pysmbd: fix use of sysacl API
via 424e40f HEIMDAL:kdc: fix dh->q allocation check in get_dh_param()
via d06e849 HEIMDAL: don't bother seeing q if not sent
via c793ac6 HEIMDAL: allow optional q in DH DomainParameters
via efc261d VERSION: Bump version up to 4.7.5...
from 4b1b5b1 VERSION: Disable GIT_SNAPSHOT for the 4.7.4 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 91 +++++-
buildtools/wafsamba/samba_autoconf.py | 4 +-
ctdb/server/ctdb_recovery_helper.c | 16 +-
ctdb/wscript | 2 +-
lib/replace/system/nis.h | 83 ++++++
lib/replace/wscript | 38 ++-
lib/util/access.c | 10 +-
lib/util/wscript_build | 2 +-
python/samba/common.py | 17 ++
python/samba/dbchecker.py | 320 +++++++++++++++++----
python/samba/tests/common.py | 33 ++-
selftest/selftest.pl | 5 +-
selftest/target/Samba3.pm | 4 +
source3/auth/user_util.c | 13 +
source3/auth/wscript_build | 2 +-
source3/include/includes.h | 49 ----
source3/include/smb_acls.h | 10 +-
source3/lib/sysquotas_nfs.c | 11 +-
source3/lib/util.c | 11 +
source3/modules/vfs_ceph.c | 15 +
source3/modules/vfs_default.c | 14 +-
source3/modules/vfs_error_inject.c | 100 +++++++
source3/modules/vfs_fruit.c | 173 ++++++++---
source3/modules/wscript_build | 7 +
source3/script/tests/test_smbd_error.sh | 56 ++++
source3/selftest/tests.py | 3 +
source3/smbd/oplock.c | 25 +-
source3/smbd/pysmbd.c | 43 ++-
source3/smbd/server_exit.c | 4 -
source3/wscript | 34 ++-
source3/wscript_build | 2 +-
source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 18 +-
source4/heimdal/kdc/pkinit.c | 11 +-
source4/heimdal/lib/asn1/rfc2459.asn1 | 2 +-
source4/heimdal/lib/krb5/pkinit.c | 7 +-
.../add-unsorted-links-step1.ldif | 72 +++++
.../add-unsorted-links-step2.ldif | 12 +
...ted-after-dbcheck-forward-link-corruption.ldif} | 8 +-
...dbcheck-link-output-forward-link-corruption.txt | 12 +
...pected-dbcheck-link-output_duplicate_member.txt | 5 +-
.../release-4-5-0-pre1/expected-expunge-output.txt | 2 +-
.../expected-unsorted-links-after-expunge.ldif | 23 ++
source4/smbd/server.c | 4 +-
source4/torture/vfs/fruit.c | 89 +++++-
testprogs/blackbox/dbcheck-links.sh | 78 +++++
testprogs/blackbox/tombstones-expunge.sh | 24 ++
47 files changed, 1335 insertions(+), 231 deletions(-)
create mode 100644 lib/replace/system/nis.h
create mode 100644 source3/modules/vfs_error_inject.c
create mode 100755 source3/script/tests/test_smbd_error.sh
create mode 100644 source4/selftest/provisions/release-4-5-0-pre1/add-unsorted-links-step1.ldif
create mode 100644 source4/selftest/provisions/release-4-5-0-pre1/add-unsorted-links-step2.ldif
copy source4/selftest/provisions/release-4-5-0-pre1/{expected-duplicates-after-link-dbcheck.ldif => expected-after-dbcheck-forward-link-corruption.ldif} (65%)
create mode 100644 source4/selftest/provisions/release-4-5-0-pre1/expected-dbcheck-link-output-forward-link-corruption.txt
create mode 100644 source4/selftest/provisions/release-4-5-0-pre1/expected-unsorted-links-after-expunge.ldif
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index f24f545..05e61bf 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=7
-SAMBA_VERSION_RELEASE=4
+SAMBA_VERSION_RELEASE=5
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 22ad049..2914f57 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,91 @@
=============================
+ Release Notes for Samba 4.7.5
+ February 7, 2018
+ =============================
+
+
+This is the latest stable release of the Samba 4.7 release series.
+
+Major enhancements include:
+
+o BUG 13228: This is a major issue in Samba's ActiveDirectory domain
+ controller code. It might happen that AD objects have missing or broken
+ linked attributes. This could lead to broken group memberships e.g.
+ All Samba AD domain controllers set up with Samba 4.6 or lower and then
+ upgraded to 4.7 are affected. The corrupt database can be fixed with
+ 'samba-tool dbcheck --cross-ncs --fix'.
+
+
+Changes since 4.7.4:
+--------------------
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 13193: smbd tries to release not leased oplock during oplock II
+ downgrade.
+
+o Ralph Boehme <slow at samba.org>
+ * BUG 13181: Fix copying file with empty FinderInfo from Windows client
+ to Samba share with fruit.
+
+o Günther Deschner <gd at samba.org>
+ * BUG 10976: build: Deal with recent glibc sunrpc header removal.
+ * BUG 13238: Make Samba work with tirpc and libnsl2.
+
+o David Disseldorp <ddiss at samba.org>
+ * BUG 13208: vfs_ceph: Add fs_capabilities hook to avoid local statvfs.
+
+o Love Hornquist Astrand <lha at h5l.org>
+ * BUG 12986: Kerberos: PKINIT: Can't decode algorithm parameters in
+ clientPublicValue.
+
+o Amitay Isaacs <amitay at gmail.com>
+ * BUG 13188: ctdb-recovery-helper: Deregister message handler in error
+ paths.
+
+o Volker Lendecke <vl at samba.org>
+ * BUG 13240: samba: Only use async signal-safe functions in signal handler.
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 12986: Kerberos: PKINIT: Can't decode algorithm parameters in
+ clientPublicValue.
+ * BUG 13228: repl_meta_data: Fix linked attribute corruption on databases
+ with unsorted links on expunge. dbcheck: Add functionality to fix the
+ corrupt database.
+
+o Christof Schmitt <cs at samba.org>
+ * BUG 13189: Fix smbd panic when chdir returns error during exit.
+
+o Andreas Schneider <asn at samba.org>
+ * BUG 13238: Make Samba work with tirpc and libnsl2.
+
+o Uri Simchoni <uri at samba.org>
+ * BUG 13176: Fix POSIX ACL support on HPUX and possibly other big-endian OSs.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+ =============================
Release Notes for Samba 4.7.4
December 22, 2017
=============================
@@ -119,8 +206,8 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
+
=============================
Release Notes for Samba 4.7.3
diff --git a/buildtools/wafsamba/samba_autoconf.py b/buildtools/wafsamba/samba_autoconf.py
index 795d130..5305d9a 100644
--- a/buildtools/wafsamba/samba_autoconf.py
+++ b/buildtools/wafsamba/samba_autoconf.py
@@ -454,7 +454,8 @@ def CHECK_CODE(conf, code, define,
@conf
def CHECK_STRUCTURE_MEMBER(conf, structname, member,
- always=False, define=None, headers=None):
+ always=False, define=None, headers=None,
+ lib=None):
'''check for a structure member'''
if define is None:
define = 'HAVE_%s' % member.upper()
@@ -463,6 +464,7 @@ def CHECK_STRUCTURE_MEMBER(conf, structname, member,
define,
execute=False,
link=False,
+ lib=lib,
always=always,
headers=headers,
local_include=False,
diff --git a/ctdb/server/ctdb_recovery_helper.c b/ctdb/server/ctdb_recovery_helper.c
index 9f7fc07..e966b3a 100644
--- a/ctdb/server/ctdb_recovery_helper.c
+++ b/ctdb/server/ctdb_recovery_helper.c
@@ -397,6 +397,7 @@ struct pull_database_state {
uint32_t pnn;
uint64_t srvid;
int num_records;
+ int result;
};
static void pull_database_handler(uint64_t srvid, TDB_DATA data,
@@ -594,8 +595,8 @@ static void pull_database_new_done(struct tevent_req *subreq)
if (! status) {
D_ERR("control DB_PULL failed for %s on node %u, ret=%d\n",
recdb_name(state->recdb), state->pnn, ret);
- tevent_req_error(req, ret);
- return;
+ state->result = ret;
+ goto unregister;
}
ret = ctdb_reply_control_db_pull(reply, &num_records);
@@ -604,13 +605,15 @@ static void pull_database_new_done(struct tevent_req *subreq)
D_ERR("mismatch (%u != %u) in DB_PULL records for db %s\n",
num_records, state->num_records,
recdb_name(state->recdb));
- tevent_req_error(req, EIO);
- return;
+ state->result = EIO;
+ goto unregister;
}
D_INFO("Pulled %d records for db %s from node %d\n",
state->num_records, recdb_name(state->recdb), state->pnn);
+unregister:
+
subreq = ctdb_client_remove_message_handler_send(
state, state->ev, state->client,
state->srvid, req);
@@ -638,6 +641,11 @@ static void pull_database_unregister_done(struct tevent_req *subreq)
return;
}
+ if (state->result != 0) {
+ tevent_req_error(req, state->result);
+ return;
+ }
+
tevent_req_done(req);
}
diff --git a/ctdb/wscript b/ctdb/wscript
index c678228..ad53bb9 100644
--- a/ctdb/wscript
+++ b/ctdb/wscript
@@ -540,7 +540,7 @@ def build(bld):
bld.SAMBA_BINARY('smnotify',
source=bld.SUBDIR('utils/smnotify',
'smnotify.c gen_smnotify.c gen_xdr.c'),
- deps='ctdb-smnotify-h ctdb-smnotify-c ctdb-smnotify-x popt',
+ deps='ctdb-smnotify-h ctdb-smnotify-c ctdb-smnotify-x popt tirpc',
includes='utils utils/smnotify',
install_path='${CTDB_HELPER_BINDIR}')
diff --git a/lib/replace/system/nis.h b/lib/replace/system/nis.h
new file mode 100644
index 0000000..068595a
--- /dev/null
+++ b/lib/replace/system/nis.h
@@ -0,0 +1,83 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ nis system include wrappers
+
+ Copyright (C) Andrew Tridgell 2004
+
+ ** NOTE! The following LGPL license applies to the replace
+ ** library. This does NOT imply that all of Samba is released
+ ** under the LGPL
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 3 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _nis_passwd_h
+#define _nis_passwd_h
+
+#if defined(HAVE_RPC_RPC_H)
+/*
+ * Check for AUTH_ERROR define conflict with rpc/rpc.h in prot.h.
+ */
+#if defined(HAVE_SYS_SECURITY_H) && defined(HAVE_RPC_AUTH_ERROR_CONFLICT)
+#undef AUTH_ERROR
+#endif /* HAVE_SYS_SECURITY_H && HAVE_RPC_AUTH_ERROR_CONFLICT */
+/*
+ * HP-UX 11.X has TCP_NODELAY and TCP_MAXSEG defined in <netinet/tcp.h> which
+ * was included above. However <rpc/rpc.h> includes <sys/xti.h> which defines
+ * them again without checking if they already exsist. This generates
+ * two "Redefinition of macro" warnings for every single .c file that is
+ * compiled.
+ */
+#if defined(HPUX) && defined(TCP_NODELAY)
+#undef TCP_NODELAY
+#endif /* HPUX && TCP_NODELAY */
+
+#if defined(HPUX) && defined(TCP_MAXSEG)
+#undef TCP_MAXSEG
+#endif /* HPUX && TCP_MAXSEG */
+
+#include <rpc/rpc.h>
+#endif /* HAVE_RPC_RPC_H */
+
+
+#if defined (HAVE_NETGROUP)
+
+#if defined(HAVE_RPCSVC_YP_PROT_H)
+/*
+ * HP-UX 11.X has TCP_NODELAY and TCP_MAXSEG defined in <netinet/tcp.h> which
+ * was included above. However <rpc/rpc.h> includes <sys/xti.h> which defines
+ * them again without checking if they already exsist. This generates
+ * two "Redefinition of macro" warnings for every single .c file that is
+ * compiled.
+ */
+#if defined(HPUX) && defined(TCP_NODELAY)
+#undef TCP_NODELAY
+#endif /* HPUX && TCP_MAXSEG */
+
+#if defined(HPUX) && defined(TCP_MAXSEG)
+#undef TCP_MAXSEG
+#endif /* HPUX && TCP_MAXSEG */
+
+#include <rpcsvc/yp_prot.h>
+
+#endif /* HAVE_RPCSVC_YP_PROT_H */
+
+#if defined(HAVE_RPCSVC_YPCLNT_H)
+#include <rpcsvc/ypclnt.h>
+#endif /* HAVE_RPCSVC_YPCLNT_H */
+
+#endif /* HAVE_NETGROUP */
+
+#endif /* _nis_passwd_h */
diff --git a/lib/replace/wscript b/lib/replace/wscript
index 7357eea..edd7484 100644
--- a/lib/replace/wscript
+++ b/lib/replace/wscript
@@ -5,7 +5,7 @@ VERSION = '1.2.1'
blddir = 'bin'
-import sys, os
+import Logs, sys, os
# find the buildtools directory
srcdir = '.'
@@ -65,14 +65,42 @@ def configure(conf):
headers='sys/inotify.h')
conf.CHECK_HEADERS('security/pam_appl.h zlib.h asm/unistd.h')
- conf.CHECK_HEADERS('aio.h sys/unistd.h rpc/rpc.h rpc/nettype.h alloca.h float.h')
+ conf.CHECK_HEADERS('aio.h sys/unistd.h alloca.h float.h')
+
+ conf.SET_TARGET_TYPE('tirpc', 'EMPTY')
+ conf.CHECK_HEADERS('rpc/rpc.h rpc/nettype.h')
+ if not conf.CONFIG_SET('HAVE_RPC_RPC_H'):
+ if conf.CHECK_CFG(package='libtirpc', args='--cflags --libs',
+ msg='Checking for libtirpc headers',
+ uselib_store='TIRPC'):
+ conf.CHECK_HEADERS('rpc/rpc.h rpc/nettype.h', lib='tirpc', together=True)
+ conf.SET_TARGET_TYPE('tirpc', 'SYSLIB')
+ if not conf.CONFIG_SET('HAVE_RPC_RPC_H'):
+ if conf.CHECK_CFG(package='libntirpc', args='--cflags',
+ msg='Checking for libntirpc headers',
+ uselib_store='TIRPC'):
+ conf.CHECK_HEADERS('rpc/rpc.h rpc/nettype.h', lib='tirpc', together=True)
+ conf.SET_TARGET_TYPE('tirpc', 'SYSLIB')
+ if not conf.CONFIG_SET('HAVE_RPC_RPC_H'):
+ Logs.error('ERROR: No rpc/rpc.h header found, tirpc or libntirpc missing?')
+ sys.exit(1)
+
+ conf.SET_TARGET_TYPE('nsl', 'EMPTY')
+ conf.CHECK_HEADERS('rpc/rpc.h rpcsvc/yp_prot.h', lib='tirpc')
+ if not conf.CONFIG_SET('HAVE_RPCSVC_YP_PROT_H'):
+ if conf.CHECK_CFG(package='libnsl', args='--cflags --libs',
+ msg='Checking for libnsl',
+ uselib_store='NSL'):
+ conf.SET_TARGET_TYPE('nsl', 'SYSLIB')
+ conf.CHECK_HEADERS('rpc/rpc.h rpcsvc/yp_prot.h', lib='tirpc nsl')
+ else:
+ conf.SET_TARGET_TYPE('nsl', 'SYSLIB')
+ conf.CHECK_HEADERS('rpcsvc/nis.h rpcsvc/ypclnt.h', lib='tirpc nsl')
- conf.CHECK_HEADERS('rpcsvc/nis.h rpcsvc/ypclnt.h sys/sysctl.h')
+ conf.CHECK_HEADERS('sys/sysctl.h')
conf.CHECK_HEADERS('sys/fileio.h sys/filesys.h sys/dustat.h sys/sysmacros.h')
conf.CHECK_HEADERS('xfs/libxfs.h netgroup.h')
- conf.CHECK_CODE('', headers='rpc/rpc.h rpcsvc/yp_prot.h', define='HAVE_RPCSVC_YP_PROT_H')
-
conf.CHECK_HEADERS('valgrind.h valgrind/valgrind.h valgrind/memcheck.h')
conf.CHECK_HEADERS('nss_common.h nsswitch.h ns_api.h')
conf.CHECK_HEADERS('sys/extattr.h sys/ea.h sys/proplist.h sys/cdefs.h')
diff --git a/lib/util/access.c b/lib/util/access.c
index 6d04a5f..7da0573 100644
--- a/lib/util/access.c
+++ b/lib/util/access.c
@@ -22,6 +22,10 @@
#include "lib/util/access.h"
#include "lib/util/unix_match.h"
+#if defined(HAVE_NETGROUP)
+#include "system/nis.h"
+#endif
+
#define NAME_INDEX 0
#define ADDR_INDEX 1
@@ -143,11 +147,11 @@ static bool string_match(const char *tok,const char *s)
netgroup_ok = innetgr(tok + 1, hostname, (char *) 0, mydomain);
- DEBUG(5,("looking for %s of domain %s in netgroup %s gave %s\n",
+ DBG_INFO("%s %s of domain %s in netgroup %s\n",
+ netgroup_ok ? "Found" : "Could not find",
hostname,
mydomain?mydomain:"(ANY)",
- tok+1,
- BOOLSTR(netgroup_ok)));
+ tok+1);
SAFE_FREE(hostname);
diff --git a/lib/util/wscript_build b/lib/util/wscript_build
index 1d2f2ba..bfa5839 100644
--- a/lib/util/wscript_build
+++ b/lib/util/wscript_build
@@ -203,7 +203,7 @@ else:
bld.SAMBA_SUBSYSTEM('access',
source='access.c',
- deps='interfaces samba-util',
+ deps='interfaces samba-util tirpc nsl',
local_include=False)
bld.SAMBA_SUBSYSTEM('util_str_escape',
diff --git a/python/samba/common.py b/python/samba/common.py
index 20f170c..a915934 100644
--- a/python/samba/common.py
+++ b/python/samba/common.py
@@ -19,6 +19,8 @@
import ldb
import dsdb
+from samba.ndr import ndr_pack
+from samba.dcerpc import misc
import binascii
@@ -93,6 +95,21 @@ class dsdb_Dn(object):
def __str__(self):
return self.prefix + str(self.dn.extended_str(mode=1))
+ def __cmp__(self, other):
+ ''' compare dsdb_Dn values similar to parsed_dn_compare()'''
+ dn1 = self
+ dn2 = other
+ guid1 = dn1.dn.get_extended_component("GUID")
+ guid1b = ndr_pack(misc.GUID(guid1))
+ guid2 = dn2.dn.get_extended_component("GUID")
+ guid2b = ndr_pack(misc.GUID(guid2))
+
+ v = cmp(guid1, guid2)
+ if v != 0:
+ return v
+ v = cmp(dn1.binary, dn2.binary)
+ return v
+
def get_binary_integer(self):
'''return binary part of a dsdb_Dn as an integer, or None'''
if self.prefix == '':
diff --git a/python/samba/dbchecker.py b/python/samba/dbchecker.py
index 1933740..b2b8b0c 100644
--- a/python/samba/dbchecker.py
+++ b/python/samba/dbchecker.py
@@ -65,7 +65,9 @@ class dbcheck(object):
self.fix_undead_linked_attributes = False
self.fix_all_missing_backlinks = False
self.fix_all_orphaned_backlinks = False
- self.fix_all_duplicate_links = False
+ self.fix_all_missing_forward_links = False
+ self.duplicate_link_cache = dict()
+ self.recover_all_forward_links = False
self.fix_rmd_flags = False
self.fix_ntsecuritydescriptor = False
self.fix_ntsecuritydescriptor_owner_group = False
@@ -184,6 +186,23 @@ class dbcheck(object):
else:
self.rid_set_dn = None
+ self.compatibleFeatures = []
+ self.requiredFeatures = []
+
+ try:
+ res = self.samdb.search(scope=ldb.SCOPE_BASE,
+ base="@SAMBA_DSDB",
+ attrs=["compatibleFeatures",
+ "requiredFeatures"])
+ if "compatibleFeatures" in res[0]:
+ self.compatibleFeatures = res[0]["compatibleFeatures"]
+ if "requiredFeatures" in res[0]:
+ self.requiredFeatures = res[0]["requiredFeatures"]
+ except ldb.LdbError as (enum, estr):
+ if enum != ldb.ERR_NO_SUCH_OBJECT:
+ raise
+ pass
+
def check_database(self, DN=None, scope=ldb.SCOPE_SUBTREE, controls=[], attrs=['*']):
'''perform a database check, returning the number of errors found'''
res = self.samdb.search(base=DN, scope=scope, attrs=['dn'], controls=controls)
@@ -708,31 +727,44 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base)))
"Failed to fix incorrect RMD_FLAGS %u" % rmd_flags):
self.report("Fixed incorrect RMD_FLAGS %u" % (rmd_flags))
- def err_orphaned_backlink(self, obj, attrname, val, link_name, target_dn):
+ def err_orphaned_backlink(self, obj_dn, backlink_attr, backlink_val,
+ target_dn, forward_attr, forward_syntax,
+ check_duplicates=True):
'''handle a orphaned backlink value'''
- self.report("ERROR: orphaned backlink attribute '%s' in %s for link %s in %s" % (attrname, obj.dn, link_name, target_dn))
- if not self.confirm_all('Remove orphaned backlink %s' % attrname, 'fix_all_orphaned_backlinks'):
- self.report("Not removing orphaned backlink %s" % attrname)
+ if check_duplicates is True and self.has_duplicate_links(target_dn, forward_attr, forward_syntax):
+ self.report("WARNING: Keep orphaned backlink attribute " + \
+ "'%s' in '%s' for link '%s' in '%s'" % (
+ backlink_attr, obj_dn, forward_attr, target_dn))
+ return
+ self.report("ERROR: orphaned backlink attribute '%s' in %s for link %s in %s" % (backlink_attr, obj_dn, forward_attr, target_dn))
+ if not self.confirm_all('Remove orphaned backlink %s' % backlink_attr, 'fix_all_orphaned_backlinks'):
+ self.report("Not removing orphaned backlink %s" % backlink_attr)
return
m = ldb.Message()
- m.dn = obj.dn
- m['value'] = ldb.MessageElement(val, ldb.FLAG_MOD_DELETE, attrname)
+ m.dn = obj_dn
+ m['value'] = ldb.MessageElement(backlink_val, ldb.FLAG_MOD_DELETE, backlink_attr)
--
Samba Shared Repository
More information about the samba-cvs
mailing list