pseudobacklink / one_way_link: corruption ahead

Matthieu Patou mat at samba.org
Wed Oct 5 12:25:42 MDT 2011 

Hello Andrew and Tridge,

I made a couple of tests with the site handling today and discovered 
some nasty things.

In order to reproduce them: just create a site and put it in the 
DEFAULTIPSITELINK, then remove the site.
In theory the site should be removed from the siteList attribute, but 
it's not !

I found first a bug, attribute that have only forward link were not 
covered correctly by your patches, I made this fix: http://bit.ly/oJnYo0.
That was an easy one.

But if you look at the attribute, you will see an attribute that is 
pointing to a deleted object, in most cases you expect in fact the 
object not to be here, your implementation of backlink handle well the 
renaming but not so well the deleting.
I think it should be quite easy to mask the attribute if the pointed dn 
is the DN of a deleted object.

But then what would happen when replicating, I think a search with the 
--reveal show it quite clearly:

sudo ./bin/ldbsearch -H ~/workspace/samba/home.matws.net/private/sam.ldb 
-k 1 --cross-ncs '(sitelist=*)' sitelist  --reveal --extended-dn
# record 1
dn: 
<GUID=f872b9fc-cedc-4949-bd51-fc8ecfb9d211>;CN=DEFAULTIPSITELINK,CN=IP,CN=Inter-Site 
Transports,CN=Sites,CN=Configuration,DC=home,DC=matws,DC=net
siteList: 
<GUID=c9b85202-4f5a-43cb-ac7b-a6f6cd9a8e30>;<RMD_ADDTIME=12962226990
  0000000>;<RMD_CHANGETIME=129622269900000000>;<RMD_FLAGS=0>;<RMD_INVOCID=00b57
  015-57c4-4baf-828a-c93c12ac7e3a>;<RMD_LOCAL_USN=1983>;<RMD_ORIGINATING_USN=19
  83>;<RMD_VERSION=0>;CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=h
  ome,DC=matws,DC=net
siteList: 
<GUID=c75d75fc-2521-475f-ade4-5c233a286338>;<RMD_ADDTIME=12962304242
  0000000>;<RMD_CHANGETIME=129623042420000000>;<RMD_FLAGS=0>;<RMD_INVOCID=00b57
  015-57c4-4baf-828a-c93c12ac7e3a>;<RMD_LOCAL_USN=8531>;<RMD_ORIGINATING_USN=85
  31>;<RMD_VERSION=0>;CN=test\0ADEL:c75d75fc-2521-475f-ade4-5c233a286338,CN=Sit
  es,CN=Configuration,DC=home,DC=matws,DC=net

The attribute is not removed, if we are running a samba only domain it's 
mostly ok but in mixed domain it must be fun !
I'm also fearing some weird effect if a DC is promoted after the site 
has been removed and deleted as we will return a link on a non existing 
object.

Please tell me how you think this could be solved, the best I can see is 
a kind of garbage collector.

Thanks.

Matthieu.

-- 
Matthieu Patou
Samba Team
http://samba.org

More information about the samba-technical mailing list