[PATCH] samba-tool dbcheck: handle missing objectClass

Andrew Bartlett abartlet at samba.org
Fri Feb 28 02:19:58 MST 2014


On Fri, 2014-02-28 at 10:00 +0100, Felix Botner wrote:
> > Do you have a test domain that demonstrates this issue, without
> > confidential data in it?  It would be great to upload such a domain into
> > our test framework, to ensure we correctly fix it.  (We have some
> > similar domains already, for example with the zero-guid issue).
> 
> Not at the moment, but i try to reproduce this in a test domain.
> What exactly do you need (an archiv of /var/lib/samba/)?
> 
> > If you are OK with the changed patch, please indicate so (I object to
> > silently changing a patch under someone else's authorship), and I'll get
> > a second team reviewer on this and so help it into master!
> 
> Sure, it's OK
> 
> > Can you get me the replPropertyMetaData for this and for
> > CN=2c4fcffe-f0c2-4e0f-b852-c9fe2805732f\0ADEL:60f25113-97be-4070-
> > b8e1-61289f8469df,CN=Deleted Objects,CN=Configuration,DC=sec,DC=lan
> 
> dn: CN=2c4fcffe-f0c2-4e0f-b852-c9fe2805732f\0ADEL:60f25113-97be-4070-
> b8e1-61289f8469df,CN=Deleted Objects,CN=Configuration,DC=sec,DC=lan
> replPropertyMetaData:: 
> AQAAAAAAAAALAAAAAAAAAAEAAgABAAAArkRiBwMAAADpCBli2rsTSp+iDBFXq3VvvkIAAAAAAADA3BEAAAAAADAAAgABAAAAKoVrBwMAAADpCBli2rsTSp+iDBFXq3VvJEUAAAAAAADA3BEAAAAAAKkAAgACAAAAKoVrBwMAAADpCBli2rsTSp+iDBFXq3VvJEUAAAAAAADA3BEAAAAAAAEACQACAAAAKoVrBwMAAADpCBli2rsTSp+iDBFXq3VvJEUAAAAAAADA3BEAAAAAACQACQACAAAAKoVrBwMAAADpCBli2rsTSp+iDBFXq3VvJEUAAAAAAADA3BEAAAAAACgACQACAAAAKoVrBwMAAADpCBli2rsTSp+iDBFXq3VvJEUAAAAAAADA3BEAAAAAADMBCQACAAAAKoVrBwMAAADpCBli2rsTSp+iDBFXq3VvJEUAAAAAAADA3BEAAAAAAA0DCQABAAAAKoVrBwMAAADpCBli2rsTSp+iDBFXq3VvJEUAAAAAAADA3BEAAAAAAA4DCQACAAAAKoVrBwMAAADpCBli2rsTSp+iDBFXq3VvJEUAAAAAAADA3BEAAAAAAAoICQABAAAAKoVrBwMAAADpCBli2rsTSp+iDBFXq3VvJEUAAAAAAADA3BEAAAAAAAMAAAACAAAAKoVrBwMAAADpCBli2rsTSp+iDBFXq3VvJEUAAAAAAADA3BEAAAAAAA==

Thanks.  This is:
[abartlet at jesse samba]$ bin/ndrdump drsblobs decode_replPropertyMetaData in /tmp/replpropertymetadata.bin 
pull returned NT_STATUS_OK
    decode_replPropertyMetaData: struct decode_replPropertyMetaData
        in: struct decode_replPropertyMetaData
            blob: struct replPropertyMetaDataBlob
                version                  : 0x00000001 (1)
                reserved                 : 0x00000000 (0)
                ctr                      : union replPropertyMetaDataCtr(case 1)
                ctr1: struct replPropertyMetaDataCtr1
                    count                    : 0x0000000b (11)
                    reserved                 : 0x00000000 (0)
                    array: ARRAY(11)
                        array: struct replPropertyMetaData1
                            attid                    : DRSUAPI_ATTID_instanceType (0x20001)
                            version                  : 0x00000001 (1)
                            originating_change_time  : Wed Mar 27 03:41:50 2013 NZDT
                            originating_invocation_id: 621908e9-bbda-4a13-9fa2-0c1157ab756f
                            originating_usn          : 0x00000000000042be (17086)
                            local_usn                : 0x000000000011dcc0 (1170624)
                        array: struct replPropertyMetaData1
                            attid                    : DRSUAPI_ATTID_isDeleted (0x20030)
                            version                  : 0x00000001 (1)
                            originating_change_time  : Wed Apr  3 04:07:22 2013 NZDT
                            originating_invocation_id: 621908e9-bbda-4a13-9fa2-0c1157ab756f
                            originating_usn          : 0x0000000000004524 (17700)
                            local_usn                : 0x000000000011dcc0 (1170624)
                        array: struct replPropertyMetaData1
                            attid                    : DRSUAPI_ATTID_showInAdvancedViewOnly (0x200A9)
                            version                  : 0x00000002 (2)
                            originating_change_time  : Wed Apr  3 04:07:22 2013 NZDT
                            originating_invocation_id: 621908e9-bbda-4a13-9fa2-0c1157ab756f
                            originating_usn          : 0x0000000000004524 (17700)
                            local_usn                : 0x000000000011dcc0 (1170624)
                        array: struct replPropertyMetaData1
                            attid                    : DRSUAPI_ATTID_name (0x90001)
                            version                  : 0x00000002 (2)
                            originating_change_time  : Wed Apr  3 04:07:22 2013 NZDT
                            originating_invocation_id: 621908e9-bbda-4a13-9fa2-0c1157ab756f
                            originating_usn          : 0x0000000000004524 (17700)
                            local_usn                : 0x000000000011dcc0 (1170624)
                        array: struct replPropertyMetaData1
                            attid                    : UNKNOWN_ENUM_VALUE (0x90024)
                            version                  : 0x00000002 (2)
                            originating_change_time  : Wed Apr  3 04:07:22 2013 NZDT
                            originating_invocation_id: 621908e9-bbda-4a13-9fa2-0c1157ab756f
                            originating_usn          : 0x0000000000004524 (17700)
                            local_usn                : 0x000000000011dcc0 (1170624)
                        array: struct replPropertyMetaData1
                            attid                    : UNKNOWN_ENUM_VALUE (0x90028)
                            version                  : 0x00000002 (2)
                            originating_change_time  : Wed Apr  3 04:07:22 2013 NZDT
                            originating_invocation_id: 621908e9-bbda-4a13-9fa2-0c1157ab756f
                            originating_usn          : 0x0000000000004524 (17700)
                            local_usn                : 0x000000000011dcc0 (1170624)
                        array: struct replPropertyMetaData1
                            attid                    : DRSUAPI_ATTID_options (0x90133)
                            version                  : 0x00000002 (2)
                            originating_change_time  : Wed Apr  3 04:07:22 2013 NZDT
                            originating_invocation_id: 621908e9-bbda-4a13-9fa2-0c1157ab756f
                            originating_usn          : 0x0000000000004524 (17700)
                            local_usn                : 0x000000000011dcc0 (1170624)
                        array: struct replPropertyMetaData1
                            attid                    : DRSUAPI_ATTID_lastKnownParent (0x9030D)
                            version                  : 0x00000001 (1)
                            originating_change_time  : Wed Apr  3 04:07:22 2013 NZDT
                            originating_invocation_id: 621908e9-bbda-4a13-9fa2-0c1157ab756f
                            originating_usn          : 0x0000000000004524 (17700)
                            local_usn                : 0x000000000011dcc0 (1170624)
                        array: struct replPropertyMetaData1
                            attid                    : DRSUAPI_ATTID_objectCategory (0x9030E)
                            version                  : 0x00000002 (2)
                            originating_change_time  : Wed Apr  3 04:07:22 2013 NZDT
                            originating_invocation_id: 621908e9-bbda-4a13-9fa2-0c1157ab756f
                            originating_usn          : 0x0000000000004524 (17700)
                            local_usn                : 0x000000000011dcc0 (1170624)
                        array: struct replPropertyMetaData1
                            attid                    : DRSUAPI_ATTID_isRecycled (0x9080A)
                            version                  : 0x00000001 (1)
                            originating_change_time  : Wed Apr  3 04:07:22 2013 NZDT
                            originating_invocation_id: 621908e9-bbda-4a13-9fa2-0c1157ab756f
                            originating_usn          : 0x0000000000004524 (17700)
                            local_usn                : 0x000000000011dcc0 (1170624)
                        array: struct replPropertyMetaData1
                            attid                    : DRSUAPI_ATTID_cn (0x3)
                            version                  : 0x00000002 (2)
                            originating_change_time  : Wed Apr  3 04:07:22 2013 NZDT
                            originating_invocation_id: 621908e9-bbda-4a13-9fa2-0c1157ab756f
                            originating_usn          : 0x0000000000004524 (17700)
                            local_usn                : 0x000000000011dcc0 (1170624)
dump OK

Note how there isn't an objectClass at the top. 

Looking at the bug:
https://bugzilla.samba.org/show_bug.cgi?id=10398
and the code, I think I've found a possible cause.

get_nc_changes_build_object() has this code in it:

		/* if the attribute has not changed, and it is not the
		   instanceType then don't include it */
		if (md.ctr.ctr1.array[i].local_usn < highest_usn &&
		    extended_op != DRSUAPI_EXOP_REPL_SECRET &&
		    md.ctr.ctr1.array[i].attid != DRSUAPI_ATTID_instanceType)
continue;

The purpose of this chunk is to avoid re-sending changes that the client
already has.  This would be particularly important for jpegPhoto, for
example.

However, if the highest USN the client thought it had seen was actually
higher than the one for which it had seen all objects, then a 'new'
object could be downloaded without all it's attributes.

I think that is how this corruption happens.  While disturbing, this
also suggests that the fix is to force re-replication, not to delete the
object, as on at least one DC, the whole correct object exists. 

I worked up a patch, but it fails make test.  This is either a good or a
bad sign, it may mean I have a way to pinpoint the original corruption,
or the restrictions are too harsh.

I'll post it before I finish up for tonight. 

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba




More information about the samba-technical mailing list