[Samba] Active Directory Domain Corruption.

Zombie Ryushu zombie_ryushu at yahoo.com
Wed Jun 1 10:17:07 UTC 2022


On 6/1/22 06:08, Andrew Bartlett via samba wrote:
> On Wed, 2022-06-01 at 09:51 +0200, Markus Dellermann via samba wrote:
>>> Yes, but this is a Database corruption issue, I need DNS worked on,
>>> but
>>> lets hold off on that until things like this:
>>> #samba-tool dbcheck
>>> Checking 321 objects
>>> ERROR(<class 'ValueError'>): uncaught exception - unable to parse
>>> dn string
>>>     File "/usr/lib64/python3.6/site-
>>> packages/samba/netcmd/__init__.py",
>>> line 186, in _run
>>>       return self.run(*args, **kwargs)
>>>     File "/usr/lib64/python3.6/site-
>>> packages/samba/netcmd/dbcheck.py",
>>> line 170, in run
>>>       controls=controls, attrs=attrs)
>>>     File "/usr/lib64/python3.6/site-packages/samba/dbchecker.py",
>>> line
>>> 255, in check_database
>>>       error_count += self.check_object(object.dn,
>>> requested_attrs=attrs)
>>>     File "/usr/lib64/python3.6/site-packages/samba/dbchecker.py",
>>> line
>>> 2601, in check_object
>>>       expected_dn = ldb.Dn(self.samdb, "RDN=RDN,%s" % (parent_dn))
> So what is happening here is that the parent_dn, which is a string at
> this point, doesn't parse when written as (eg in another syntax)
> RDN=RDN,$parent_dn.
>
> That isn't typical, but we have had some changes in DN escaping stuff
> and perhaps the linearlised DN is tripping that up.  Or perhaps it
> really is corrupt, but I doubt it.
>
> Ideally that would have been written differently, to create a new Dn()
> of "RDN=RDN", then done a dn.add_base()
>
> eg (only slightly tested):
>
> diff --git a/python/samba/dbchecker.py b/python/samba/dbchecker.py
> index 449b0a7d985..077e81b2dcb 100644
> --- a/python/samba/dbchecker.py
> +++ b/python/samba/dbchecker.py
> @@ -2596,7 +2596,8 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn),
> str(to_base)))
>                   controls += ["local_oid:%s:1" %
> dsdb.DSDB_CONTROL_DBCHECK_FIX_LINK_DN_NAME]
>               if parent_dn is None:
>                   parent_dn = obj.dn.parent()
> -            expected_dn = ldb.Dn(self.samdb, "RDN=RDN,%s" %
> (parent_dn))
> +            expected_dn = ldb.Dn(self.samdb, "RDN=RDN")
> +            expected_dn.add_base(parent_dn)
>               expected_dn.set_component(0, obj.dn.get_rdn_name(),
> name_val)
>   
>               if obj.dn == deleted_objects_dn:
>
>
> At least then we wouldn't be dealing with DN escaping stuff
>
So, now I feel like we are getting somewhere. I have a file called 
/usr/lib64/python3.6/site-packages/samba/dbchecker.py I can apply this 
raw patch too, and recompile. Do you want me to do that?Or wipe the DC 
files in the Private folder and start fresh?


More information about the samba mailing list