[PATCH] samba-tool dbcheck: handle name conflict objects

Tue Mar 4 03:36:53 MST 2014

> This looks reasonable, but wouldn't be a better that this be put in
> dbcheck, a bit like the reset-well-known-acls?  That would avoid
> reimplemting the all/none checks.

OK, here is a new version of the patch for dbcheck

Signed-off-by: Felix Botner <botner at univention.de>
---
 python/samba/dbchecker.py      |   31 ++++++++++++++++++++++++++++++-
 python/samba/netcmd/dbcheck.py |    6 ++++--
 2 files changed, 34 insertions(+), 3 deletions(-)

diff --git a/python/samba/dbchecker.py b/python/samba/dbchecker.py
index 4281e6b..829aab2 100644
--- a/python/samba/dbchecker.py
+++ b/python/samba/dbchecker.py
@@ -36,7 +36,7 @@ class dbcheck(object):
 
     def __init__(self, samdb, samdb_schema=None, verbose=False, fix=False,
                  yes=False, quiet=False, in_transaction=False,
-                 reset_well_known_acls=False):
+                 reset_well_known_acls=False, check_for_conflicts=False):
         self.samdb = samdb
         self.dict_oid_name = None
         self.samdb_schema = (samdb_schema or samdb)
@@ -65,6 +65,8 @@ class dbcheck(object):
         self.fix_deleted_deleted_objects = False
         self.reset_well_known_acls = reset_well_known_acls
         self.reset_all_well_known_acls = False
+        self.check_for_conflicts = check_for_conflicts
+        self.delete_all_conflicts = False
         self.in_transaction = in_transaction
         self.infrastructure_dn = ldb.Dn(samdb, "CN=Infrastructure," + samdb.domain_dn())
         self.naming_dn = ldb.Dn(samdb, "CN=Partitions,%s" % samdb.get_config_basedn())
@@ -174,6 +176,18 @@ class dbcheck(object):
             return False
         return c
 
+    def do_delete(self, dn, controls, msg):
+        '''delete dn with optional verbose output'''
+        if self.verbose:
+            self.report("delete DN %s" % dn)
+        try:
+            controls = controls + ["local_oid:%s:0" % dsdb.DSDB_CONTROL_DBCHECK] + ["relax:0"]
+            self.samdb.delete(dn, controls=controls)
+        except Exception, err:
+            self.report("%s : %s" % (msg, err))
+            return False
+        return True
+
     def do_modify(self, m, controls, msg, validate=True):
         '''perform a modify with optional verbose output'''
         if self.verbose:
@@ -782,6 +796,16 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base)))
                           "Failed to fix attribute %s" % sd_attr):
             self.report("Fixed attribute '%s' of '%s'\n" % (sd_attr, dn))
 
+    def err_conflicts(self, dn):
+        '''handle name conflict objects'''
+        self.report("ERROR: name conflict object %s" % (dn))
+        if not self.confirm_all("Delete object '%s'?" % dn, 'delete_all_conflicts'):
+            self.report("Not deleting name conflict object '%s'" % dn)
+            return
+        if self.do_delete(dn, ["local_oid:%s:0" % dsdb.DSDB_CONTROL_DBCHECK],
+                          "Failed to delete DN %s" % dn):
+            self.report("Removed DN %s" % dn)
+
     def err_wrong_default_sd(self, dn, sd, sd_old, diff):
         '''re-write the SD due to not matching the default (optional mode for fixing an incorrect provision)'''
         sd_attr = "nTSecurityDescriptor"
@@ -1019,6 +1043,11 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base)))
         list_attrs_seen = []
         got_repl_property_meta_data = False
 
+        if self.check_for_conflicts:
+            if "\\0ACNF" in str(dn):
+                error_count += 1
+                self.err_conflicts(dn)
+
         for attrname in obj:
             if attrname == 'dn':
                 continue
diff --git a/python/samba/netcmd/dbcheck.py b/python/samba/netcmd/dbcheck.py
index 4cc0631..0d6d4dd 100644
--- a/python/samba/netcmd/dbcheck.py
+++ b/python/samba/netcmd/dbcheck.py
@@ -57,6 +57,7 @@ class cmd_dbcheck(Command):
         Option("--reindex", dest="reindex", default=False, action="store_true", help="force database re-index"),
         Option("--force-modules", dest="force_modules", default=False, action="store_true", help="force loading of Samba modules and ignore the @MODULES record (for very old databases)"),
         Option("--reset-well-known-acls", dest="reset_well_known_acls", default=False, action="store_true", help="reset ACLs on objects with well known default ACL values to the default"),
+        Option("--check-for-conflicts", dest="check_for_conflicts", default=False, action="store_true", help="check for name conflict objects (\\0ACNF)"),
         Option("-H", "--URL", help="LDB URL for database or target server (defaults to local SAM database)",
                type=str, metavar="URL", dest="H"),
         ]
@@ -65,7 +66,7 @@ class cmd_dbcheck(Command):
             cross_ncs=False, quiet=False,
             scope="SUB", credopts=None, sambaopts=None, versionopts=None,
             attrs=None, reindex=False, force_modules=False,
-            reset_well_known_acls=False):
+            reset_well_known_acls=False, check_for_conflicts=False):
 
         lp = sambaopts.get_loadparm()
 
@@ -117,7 +118,8 @@ class cmd_dbcheck(Command):
         try:
             chk = dbcheck(samdb, samdb_schema=samdb_schema, verbose=verbose,
                           fix=fix, yes=yes, quiet=quiet, in_transaction=started_transaction,
-                          reset_well_known_acls=reset_well_known_acls)
+                          reset_well_known_acls=reset_well_known_acls,
+                          check_for_conflicts=check_for_conflicts)
 
             if reindex:
                 self.outf.write("Re-indexing...\n")
-- 
1.7.9.5

