[PATCH] Do not deleted the deleted objects container, and never write out a 0000-0000... GUID

Matthieu Patou mat at samba.org
Thu Sep 19 19:35:19 CEST 2013 

Hi Andrew,

Few remarks :

There is a couple of white space here and there:


Applying: python/drs: Ensure to pass in the local invocationID during 
the domain join
/usr/local/src/samba/.git/rebase-apply/patch:148: trailing whitespace.

warning: 1 line applied after fixing whitespace errors.
Applying: dsdb-repl_meta_data: Check for a NULL invocationID and do not 
proceed
/usr/local/src/samba/.git/rebase-apply/patch:15: trailing whitespace.
         return replmd_replicated_request_werror(ar, 
WERR_DS_DRA_INTERNAL_ERROR);
warning: 1 line applied after fixing whitespace errors.
Applying: dsdb: Refuse to return an all-zero invocationID
/usr/local/src/samba/.git/rebase-apply/patch:15: trailing whitespace.
             DEBUG(0, ("Failed to find our own NTDS Settings 
invocationId in the ldb!\n"));
warning: 1 line applied after fixing whitespace errors.
Applying: dsdb-repl_meta_data: Do not re-delete the Deleted Objects DN 
during replication
Applying: dsdb-repl_meta_data: Make handling of Deleted Objects DN 
clearer in delete
Applying: lib/messaging: Check the GUID type correctly

--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -1302,6 +1302,7 @@ const struct GUID *samdb_ntds_invocation_id(struct ldb_context *ldb)
  	/* see if we have a cached copy */
  	invocation_id = (struct GUID *)ldb_get_opaque(ldb, "cache.invocation_id");
  	if (invocation_id) {
+		SMB_ASSERT(!GUID_all_zero(invocation_id));
  		return invocation_id;
  	}


Do we really want to have an assert here ?
If you have systems in the wild with this, samba will suddenly stop work 
for them.


Also in Patch 4 you moved some code that was in replmd_delete_internals, 
which is fine but can you also move the comments explaining why.
I attached a small variation on your patch to this email.

Apart from this minor remarks, it's ok.
Also I think we should check that when we replicate that we don't have a 
replication coming with NULL invocation id (0000-000...) for every 
single attribute.

Matthieu.


On 09/19/2013 09:30 AM, Andrew Bartlett wrote:
> This patch fixes a significant issue in our AD DC.  Without this patch,
> on initial replication (ie, the join) we would 'delete' the Deleted
> Objects containers, and we would write in an invalid invocationID into
> the replPropertyMetaData.  This broke replication with Windows 2008R2
> domains.
>
> We still need to do two things:
>
> We need to get wintest back as a regular part of our testing.  It would
> have found this bug, if correctly configured and running.
>
> We need to write a unit test for this, at the very least write a
> dbchecker that can find and fix these (so flagging if we ever find such
> an entry in our database), but preferably also confirm the invocationID
> in replPropertyMetaData at 'runtime' somehow.
>
> This (bug #10157) will shortly be marked a blocker on all our 4.x
> releases, it is a serious regression :-(
>
> The primary regression is in the below, but much of the issue goes all
> the way back to the rewrite of the domain join code to use join.py,
> which did not pass in the invocationID.
>
> commit d3aad891c5759f66bd891cb47866d908a0562a8a
> Author: Andrew Bartlett <abartlet at samba.org>
> Date:   Fri May 31 20:01:17 2013 +1000
>
>      dsdb: Prune deleted objects of links and extra attributes of replicated deletes
>      
>      When an object is deleted, the links to be removed are not propogated,
>      you have to watch out for them manually!
>      
>      We do this by calling back into the originating update delete code(ie
>      what is called if you ldb_delete() locally) so that any extra
>      attribute found locally and not on the remote server becomes removed
>      remotely too.
>      
>      We currently do the same with links, but that isn't strictly correct,
>      but for now our getNCChanges server code filters these out, so only
>      the usn is bumped.
>      
>      Andrew Bartlett
>      
>      Signed-off-by: Andrew Bartlett <abartlet at samba.org>
>      Reviewed-by: Stefan Metzmacher <metze at samba.org>
>
> Andrew Bartlett


-- 
Matthieu Patou
Samba Team
http://samba.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-dsdb-repl_meta_data-Do-not-re-delete-the-Deleted-Obj.patch
Type: text/x-diff
Size: 2173 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20130919/9b40e40b/attachment.patch>

More information about the samba-technical mailing list