The Samba-Bugzilla – Attachment 12589 Details for
Bug 12382
Tombstone expunge does not remove old links
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for 4.5
tombstones.patch (text/plain), 190.51 KB, created by
Garming Sam
on 2016-10-18 03:34:17 UTC
(
hide
)
Description:
Patch for 4.5
Filename:
MIME Type:
Creator:
Garming Sam
Created:
2016-10-18 03:34:17 UTC
Size:
190.51 KB
patch
obsolete
>From f8d14e140f55505cecd36c9029d84cadff5d9f6a Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Wed, 31 Aug 2016 11:39:24 +1200 >Subject: [PATCH 01/32] selftest: Correct name of > samba4.blackbox.dbcheck.release-4-5-0-pre1 > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Garming Sam <garming@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12382 >(cherry picked from commit 599d3f7f8358f6107e1d13ab0a92c3143f32435e) >--- > selftest/tests.py | 10 +++++----- > 1 file changed, 5 insertions(+), 5 deletions(-) > >diff --git a/selftest/tests.py b/selftest/tests.py >index e02f049..21f2096 100644 >--- a/selftest/tests.py >+++ b/selftest/tests.py >@@ -90,6 +90,11 @@ plantestsuite( > ["PYTHON=%s" % python, os.path.join(bbdir, "dbcheck-oldrelease.sh"), > '$PREFIX_ABS/provision', 'release-4-1-6-partial-object', configuration]) > plantestsuite( >+ "samba4.blackbox.dbcheck.release-4-5-0-pre1", "none", >+ ["PYTHON=%s" % python, >+ os.path.join(bbdir, "dbcheck-oldrelease.sh"), >+ '$PREFIX_ABS/provision', 'release-4-5-0-pre1', configuration]) >+plantestsuite( > "samba4.blackbox.upgradeprovision.alpha13", "none", > ["PYTHON=%s" % python, > os.path.join(bbdir, "upgradeprovision-oldrelease.sh"), >@@ -99,11 +104,6 @@ plantestsuite( > ["PYTHON=%s" % python, > os.path.join(bbdir, "upgradeprovision-oldrelease.sh"), > '$PREFIX_ABS/provision', 'release-4-0-0', configuration]) >-plantestsuite( >- "samba4.blackbox.upgradeprovision.release-4-5-0-pre1", "none", >- ["PYTHON=%s" % python, >- os.path.join(bbdir, "dbcheck-oldrelease.sh"), >- '$PREFIX_ABS/provision', 'release-4-5-0-pre1', configuration]) > planpythontestsuite("none", "samba.tests.upgradeprovision") > planpythontestsuite("none", "samba.tests.xattr") > planpythontestsuite("none", "samba.tests.ntacls") >-- >1.9.1 > > >From 4186af427889a7e1a0b3e41203ff763e91ab56dc Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Thu, 25 Aug 2016 11:28:32 +1200 >Subject: [PATCH 02/32] pydsdb: Raise TypeError for type errors, rather than > incorrectly raising an LdbError > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Garming Sam <garming@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12382 >(cherry picked from commit 9142a01bb55a09e836c70d15fe420fb2599aec6f) >--- > source4/dsdb/pydsdb.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > >diff --git a/source4/dsdb/pydsdb.c b/source4/dsdb/pydsdb.c >index efaf66b..1fe8c13 100644 >--- a/source4/dsdb/pydsdb.c >+++ b/source4/dsdb/pydsdb.c >@@ -34,14 +34,14 @@ void initdsdb(void); > /* FIXME: These should be in a header file somewhere */ > #define PyErr_LDB_OR_RAISE(py_ldb, ldb) \ > if (!py_check_dcerpc_type(py_ldb, "ldb", "Ldb")) { \ >- PyErr_SetString(py_ldb_get_exception(), "Ldb connection object required"); \ >+ PyErr_SetString(PyExc_TypeError, "Ldb connection object required"); \ > return NULL; \ > } \ > ldb = pyldb_Ldb_AsLdbContext(py_ldb); > > #define PyErr_LDB_DN_OR_RAISE(py_ldb_dn, dn) \ > if (!py_check_dcerpc_type(py_ldb_dn, "ldb", "Dn")) { \ >- PyErr_SetString(py_ldb_get_exception(), "ldb Dn object required"); \ >+ PyErr_SetString(PyExc_TypeError, "ldb Dn object required"); \ > return NULL; \ > } \ > dn = pyldb_Dn_AsDn(py_ldb_dn); >-- >1.9.1 > > >From 146344468aa7c824fd8758c51b2fee25beab69ad Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Mon, 29 Aug 2016 18:20:18 +1200 >Subject: [PATCH 03/32] ldb-samba: Add new extended match rule > DSDB_MATCH_FOR_EXPUNGE > >This allows us to find links that need to be expunged >without passing the whole DB up in the search response. > >While each message still needs to be examined, this code >only has to do memory allocation for entries with links > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Garming Sam <garming@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12382 >(cherry picked from commit eb1cb175980a87b8a7cbd765783af33e4a7d6017) >--- > lib/ldb-samba/ldb_matching_rules.c | 133 ++++++++++++++++++++++++++++++++++++- > lib/ldb-samba/ldb_matching_rules.h | 1 + > source4/setup/schema_samba4.ldif | 1 + > 3 files changed, 134 insertions(+), 1 deletion(-) > >diff --git a/lib/ldb-samba/ldb_matching_rules.c b/lib/ldb-samba/ldb_matching_rules.c >index 637858f..aa86979 100644 >--- a/lib/ldb-samba/ldb_matching_rules.c >+++ b/lib/ldb-samba/ldb_matching_rules.c >@@ -4,6 +4,7 @@ > ldb database library - Extended match rules > > Copyright (C) 2014 Samuel Cabrero <samuelcabrero@kernevil.me> >+ Copyright (C) Andrew Bartlett <abartlet@samba.org> > > This program is free software; you can redistribute it and/or modify > it under the terms of the GNU General Public License as published by >@@ -23,6 +24,8 @@ > #include <ldb_module.h> > #include "dsdb/samdb/samdb.h" > #include "ldb_matching_rules.h" >+#include "libcli/security/security.h" >+#include "dsdb/common/util.h" > > static int ldb_eval_transitive_filter_helper(TALLOC_CTX *mem_ctx, > struct ldb_context *ldb, >@@ -324,9 +327,128 @@ static int ldb_comparator_trans(struct ldb_context *ldb, > } > > >+/* >+ * This rule provides match of a link attribute against a 'should be expunged' criteria >+ * >+ * This allows a search filter such as: >+ * >+ * member:1.3.6.1.4.1.7165.4.5.2:=131139216000000000 >+ * >+ * This searches the member attribute, but also any member attributes >+ * that are deleted and should be expunged after the specified NTTIME >+ * time. >+ * >+ */ >+static int dsdb_match_for_expunge(struct ldb_context *ldb, >+ const char *oid, >+ const struct ldb_message *msg, >+ const char *attribute_to_match, >+ const struct ldb_val *value_to_match, >+ bool *matched) >+{ >+ const struct dsdb_schema *schema; >+ const struct dsdb_attribute *schema_attr; >+ TALLOC_CTX *tmp_ctx; >+ unsigned int i; >+ struct ldb_message_element *el; >+ struct auth_session_info *session_info; >+ uint64_t tombstone_time; >+ *matched = false; >+ >+ el = ldb_msg_find_element(msg, attribute_to_match); >+ if (el == NULL) { >+ return LDB_SUCCESS; >+ } >+ >+ session_info >+ = talloc_get_type(ldb_get_opaque(ldb, "sessionInfo"), >+ struct auth_session_info); >+ if (security_session_user_level(session_info, NULL) != SECURITY_SYSTEM) { >+ return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS; >+ } >+ >+ /* >+ * If the target attribute to match is not a linked attribute, then >+ * the filter evaluates to undefined >+ */ >+ schema = dsdb_get_schema(ldb, NULL); >+ if (schema == NULL) { >+ return LDB_ERR_OPERATIONS_ERROR; >+ } >+ >+ /* TODO this is O(log n) per attribute */ >+ schema_attr = dsdb_attribute_by_lDAPDisplayName(schema, attribute_to_match); >+ if (schema_attr == NULL) { >+ return LDB_ERR_NO_SUCH_ATTRIBUTE; >+ } >+ >+ /* >+ * This extended match filter is only valid for forward linked attributes. >+ */ >+ if (schema_attr->linkID == 0 || (schema_attr->linkID & 1) == 1) { >+ return LDB_ERR_NO_SUCH_ATTRIBUTE; >+ } >+ >+ /* Just check we don't allow the caller to fill our stack */ >+ if (value_to_match->length >=64) { >+ return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; >+ } else { >+ char *p = NULL; >+ char s[value_to_match->length+1]; >+ memcpy(s, value_to_match->data, value_to_match->length); >+ s[value_to_match->length] = 0; >+ if (s[0] == '\0' || s[0] == '-') { >+ return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; >+ } >+ tombstone_time = strtoull(s, &p, 10); >+ if (p == NULL || p == s || *p != '\0' || tombstone_time == ULLONG_MAX) { >+ return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; >+ } >+ } >+ >+ tmp_ctx = talloc_new(ldb); >+ if (tmp_ctx == NULL) { >+ return LDB_ERR_OPERATIONS_ERROR; >+ } >+ >+ for (i = 0; i < el->num_values; i++) { >+ NTSTATUS status; >+ struct dsdb_dn *dn; >+ uint64_t rmd_changetime; >+ if (dsdb_dn_is_deleted_val(&el->values[i]) == false) { >+ continue; >+ } >+ >+ dn = dsdb_dn_parse(tmp_ctx, ldb, &el->values[i], >+ schema_attr->syntax->ldap_oid); >+ if (dn == NULL) { >+ DEBUG(1, ("Error: Failed to parse linked attribute blob of %s.\n", el->name)); >+ continue; >+ } >+ >+ status = dsdb_get_extended_dn_uint64(dn->dn, &rmd_changetime, >+ "RMD_CHANGETIME"); >+ if (!NT_STATUS_IS_OK(status)) { >+ DEBUG(1, ("Error: RMD_CHANGETIME is missing on a forward link.\n")); >+ continue; >+ } >+ >+ if (rmd_changetime > tombstone_time) { >+ continue; >+ } >+ >+ *matched = true; >+ break; >+ } >+ talloc_free(tmp_ctx); >+ return LDB_SUCCESS; >+} >+ >+ > int ldb_register_samba_matching_rules(struct ldb_context *ldb) > { >- struct ldb_extended_match_rule *transitive_eval; >+ struct ldb_extended_match_rule *transitive_eval = NULL, >+ *match_for_expunge = NULL; > int ret; > > transitive_eval = talloc_zero(ldb, struct ldb_extended_match_rule); >@@ -338,5 +460,14 @@ int ldb_register_samba_matching_rules(struct ldb_context *ldb) > return ret; > } > >+ match_for_expunge = talloc_zero(ldb, struct ldb_extended_match_rule); >+ match_for_expunge->oid = DSDB_MATCH_FOR_EXPUNGE; >+ match_for_expunge->callback = dsdb_match_for_expunge; >+ ret = ldb_register_extended_match_rule(ldb, match_for_expunge); >+ if (ret != LDB_SUCCESS) { >+ talloc_free(match_for_expunge); >+ return ret; >+ } >+ > return LDB_SUCCESS; > } >diff --git a/lib/ldb-samba/ldb_matching_rules.h b/lib/ldb-samba/ldb_matching_rules.h >index e969b3d..421e1ce 100644 >--- a/lib/ldb-samba/ldb_matching_rules.h >+++ b/lib/ldb-samba/ldb_matching_rules.h >@@ -24,5 +24,6 @@ > > /* This rule provides recursive search of a link attribute */ > #define SAMBA_LDAP_MATCH_RULE_TRANSITIVE_EVAL "1.2.840.113556.1.4.1941" >+#define DSDB_MATCH_FOR_EXPUNGE "1.3.6.1.4.1.7165.4.5.2" > > #endif /* _LDB_MATCHING_RULES_H_ */ >diff --git a/source4/setup/schema_samba4.ldif b/source4/setup/schema_samba4.ldif >index 9e3ff91..2e4c16d 100644 >--- a/source4/setup/schema_samba4.ldif >+++ b/source4/setup/schema_samba4.ldif >@@ -231,6 +231,7 @@ > ############ > # ldap extended matches > #Allocated: SAMBA_LDAP_MATCH_ALWAYS_FALSE 1.3.6.1.4.1.7165.4.5.1 >+#Allocated: DSDB_MATCH_FOR_EXPUNGE 1.3.6.1.4.1.7165.4.5.2 > > > #Allocated: (middleName) attributeID: 1.3.6.1.4.1.7165.4.255.1 >-- >1.9.1 > > >From 3da002fa4cc411f314d91226e2ca68f9ecef0167 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Mon, 18 Jul 2016 11:53:50 +1200 >Subject: [PATCH 04/32] kcc: Move kcc/kcc_deleted.c into > kcc/garbage_collect_tombstones.c > >This is in preperation for a python binding for this function > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Garming Sam <garming@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12382 >(cherry picked from commit 9221ce3a3237a8ded78e371fef2b8e4f03722b63) >--- > source4/dsdb/kcc/garbage_collect_tombstones.c | 146 ++++++++++++++++++++++++++ > source4/dsdb/kcc/kcc_deleted.c | 146 -------------------------- > source4/dsdb/kcc/kcc_service.h | 2 + > source4/dsdb/wscript_build | 8 +- > 4 files changed, 154 insertions(+), 148 deletions(-) > create mode 100644 source4/dsdb/kcc/garbage_collect_tombstones.c > delete mode 100644 source4/dsdb/kcc/kcc_deleted.c > >diff --git a/source4/dsdb/kcc/garbage_collect_tombstones.c b/source4/dsdb/kcc/garbage_collect_tombstones.c >new file mode 100644 >index 0000000..8b9e921 >--- /dev/null >+++ b/source4/dsdb/kcc/garbage_collect_tombstones.c >@@ -0,0 +1,146 @@ >+/* >+ Unix SMB/CIFS implementation. >+ >+ handle removal of deleted objects >+ >+ Copyright (C) 2009 Andrew Tridgell >+ >+ This program is free software; you can redistribute it and/or modify >+ it under the terms of the GNU General Public License as published by >+ the Free Software Foundation; either version 3 of the License, or >+ (at your option) any later version. >+ >+ This program is distributed in the hope that it will be useful, >+ but WITHOUT ANY WARRANTY; without even the implied warranty of >+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >+ GNU General Public License for more details. >+ >+ You should have received a copy of the GNU General Public License >+ along with this program. If not, see <http://www.gnu.org/licenses/>. >+ >+*/ >+ >+#include "includes.h" >+#include "lib/events/events.h" >+#include "dsdb/samdb/samdb.h" >+#include "auth/auth.h" >+#include "smbd/service.h" >+#include "lib/messaging/irpc.h" >+#include "dsdb/kcc/kcc_connection.h" >+#include "dsdb/kcc/kcc_service.h" >+#include <ldb_errors.h> >+#include "../lib/util/dlinklist.h" >+#include "librpc/gen_ndr/ndr_misc.h" >+#include "librpc/gen_ndr/ndr_drsuapi.h" >+#include "librpc/gen_ndr/ndr_drsblobs.h" >+#include "param/param.h" >+#include "dsdb/common/util.h" >+ >+/* >+ check to see if any deleted objects need scavenging >+ */ >+NTSTATUS kccsrv_check_deleted(struct kccsrv_service *s, TALLOC_CTX *mem_ctx) >+{ >+ struct kccsrv_partition *part; >+ int ret; >+ uint32_t tombstoneLifetime; >+ bool do_fs = false; >+ >+ time_t interval = lpcfg_parm_int(s->task->lp_ctx, NULL, "kccsrv", >+ "check_deleted_full_scan_interval", 86400); >+ time_t t = time(NULL); >+ >+ if (t - s->last_deleted_check < lpcfg_parm_int(s->task->lp_ctx, NULL, "kccsrv", >+ "check_deleted_interval", 600)) { >+ return NT_STATUS_OK; >+ } >+ s->last_deleted_check = t; >+ >+ ret = dsdb_tombstone_lifetime(s->samdb, &tombstoneLifetime); >+ if (ret != LDB_SUCCESS) { >+ DEBUG(1,(__location__ ": Failed to get tombstone lifetime\n")); >+ return NT_STATUS_INTERNAL_DB_CORRUPTION; >+ } >+ if (s->last_full_scan_deleted_check > 0 && ((t - s->last_full_scan_deleted_check) > interval )) { >+ do_fs = true; >+ s->last_full_scan_deleted_check = t; >+ } >+ >+ if (s->last_full_scan_deleted_check == 0) { >+ /* >+ * If we never made a full scan set the last full scan event to be in the past >+ * and that 9/10 of the full scan interval has already passed. >+ * This is done to avoid the full scan to fire just at the begining of samba >+ * or a couple of minutes after the start. >+ * With this "setup" and default values of interval, the full scan will fire >+ * 2.4 hours after the start of samba >+ */ >+ s->last_full_scan_deleted_check = t - ((9 * interval) / 10); >+ } >+ >+ for (part=s->partitions; part; part=part->next) { >+ struct ldb_dn *do_dn; >+ struct ldb_result *res; >+ const char *attrs[] = { "whenChanged", NULL }; >+ unsigned int i; >+ TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); >+ if (!tmp_ctx) { >+ return NT_STATUS_NO_MEMORY; >+ } >+ >+ ret = dsdb_get_deleted_objects_dn(s->samdb, tmp_ctx, part->dn, &do_dn); >+ if (ret != LDB_SUCCESS) { >+ TALLOC_FREE(tmp_ctx); >+ /* some partitions have no Deleted Objects >+ container */ >+ continue; >+ } >+ >+ if (!do_fs && ldb_dn_compare(ldb_get_config_basedn(s->samdb), part->dn)) { >+ ret = dsdb_search(s->samdb, tmp_ctx, &res, do_dn, LDB_SCOPE_ONELEVEL, attrs, >+ DSDB_SEARCH_SHOW_RECYCLED, NULL); >+ } else { >+ if (do_fs) { >+ DEBUG(1, ("Doing a full scan on %s and looking for deleted object\n", >+ ldb_dn_get_linearized(part->dn))); >+ } >+ ret = dsdb_search(s->samdb, tmp_ctx, &res, part->dn, LDB_SCOPE_SUBTREE, attrs, >+ DSDB_SEARCH_SHOW_RECYCLED, "(isDeleted=TRUE)"); >+ } >+ >+ if (ret != LDB_SUCCESS) { >+ DEBUG(1,(__location__ ": Failed to search for deleted objects in %s\n", >+ ldb_dn_get_linearized(do_dn))); >+ TALLOC_FREE(tmp_ctx); >+ continue; >+ } >+ >+ for (i=0; i<res->count; i++) { >+ const char *tstring; >+ time_t whenChanged = 0; >+ >+ if (ldb_dn_compare(do_dn, res->msgs[i]->dn) == 0) { >+ /* Skip the Deleted Object Container */ >+ continue; >+ } >+ tstring = ldb_msg_find_attr_as_string(res->msgs[i], "whenChanged", NULL); >+ if (tstring) { >+ whenChanged = ldb_string_to_time(tstring); >+ } >+ if (t - whenChanged > tombstoneLifetime*60*60*24) { >+ ret = dsdb_delete(s->samdb, res->msgs[i]->dn, DSDB_SEARCH_SHOW_RECYCLED|DSDB_MODIFY_RELAX); >+ if (ret != LDB_SUCCESS) { >+ DEBUG(1,(__location__ ": Failed to remove deleted object %s\n", >+ ldb_dn_get_linearized(res->msgs[i]->dn))); >+ } else { >+ DEBUG(4,("Removed deleted object %s\n", >+ ldb_dn_get_linearized(res->msgs[i]->dn))); >+ } >+ } >+ } >+ >+ TALLOC_FREE(tmp_ctx); >+ } >+ >+ return NT_STATUS_OK; >+} >diff --git a/source4/dsdb/kcc/kcc_deleted.c b/source4/dsdb/kcc/kcc_deleted.c >deleted file mode 100644 >index 93d74ca..0000000 >--- a/source4/dsdb/kcc/kcc_deleted.c >+++ /dev/null >@@ -1,146 +0,0 @@ >-/* >- Unix SMB/CIFS implementation. >- >- handle removal of deleted objects >- >- Copyright (C) 2009 Andrew Tridgell >- >- This program is free software; you can redistribute it and/or modify >- it under the terms of the GNU General Public License as published by >- the Free Software Foundation; either version 3 of the License, or >- (at your option) any later version. >- >- This program is distributed in the hope that it will be useful, >- but WITHOUT ANY WARRANTY; without even the implied warranty of >- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >- GNU General Public License for more details. >- >- You should have received a copy of the GNU General Public License >- along with this program. If not, see <http://www.gnu.org/licenses/>. >- >-*/ >- >-#include "includes.h" >-#include "lib/events/events.h" >-#include "dsdb/samdb/samdb.h" >-#include "auth/auth.h" >-#include "smbd/service.h" >-#include "lib/messaging/irpc.h" >-#include "dsdb/kcc/kcc_connection.h" >-#include "dsdb/kcc/kcc_service.h" >-#include <ldb_errors.h> >-#include "../lib/util/dlinklist.h" >-#include "librpc/gen_ndr/ndr_misc.h" >-#include "librpc/gen_ndr/ndr_drsuapi.h" >-#include "librpc/gen_ndr/ndr_drsblobs.h" >-#include "param/param.h" >-#include "dsdb/common/util.h" >- >-/* >- check to see if any deleted objects need scavenging >- */ >-NTSTATUS kccsrv_check_deleted(struct kccsrv_service *s, TALLOC_CTX *mem_ctx) >-{ >- struct kccsrv_partition *part; >- int ret; >- uint32_t tombstoneLifetime; >- bool do_fs = false; >- >- time_t interval = lpcfg_parm_int(s->task->lp_ctx, NULL, "kccsrv", >- "check_deleted_full_scan_interval", 86400); >- time_t t = time(NULL); >- >- if (t - s->last_deleted_check < lpcfg_parm_int(s->task->lp_ctx, NULL, "kccsrv", >- "check_deleted_interval", 600)) { >- return NT_STATUS_OK; >- } >- s->last_deleted_check = t; >- >- ret = dsdb_tombstone_lifetime(s->samdb, &tombstoneLifetime); >- if (ret != LDB_SUCCESS) { >- DEBUG(1,(__location__ ": Failed to get tombstone lifetime\n")); >- return NT_STATUS_INTERNAL_DB_CORRUPTION; >- } >- if (s->last_full_scan_deleted_check > 0 && ((t - s->last_full_scan_deleted_check) > interval )) { >- do_fs = true; >- s->last_full_scan_deleted_check = t; >- } >- >- if (s->last_full_scan_deleted_check == 0) { >- /* >- * If we never made a full scan set the last full scan event to be in the past >- * and that 9/10 of the full scan interval has already passed. >- * This is done to avoid the full scan to fire just at the begining of samba >- * or a couple of minutes after the start. >- * With this "setup" and default values of interval, the full scan will fire >- * 2.4 hours after the start of samba >- */ >- s->last_full_scan_deleted_check = t - ((9 * interval) / 10); >- } >- >- for (part=s->partitions; part; part=part->next) { >- struct ldb_dn *do_dn; >- struct ldb_result *res; >- const char *attrs[] = { "whenChanged", NULL }; >- unsigned int i; >- TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); >- if (!tmp_ctx) { >- return NT_STATUS_NO_MEMORY; >- } >- >- ret = dsdb_get_deleted_objects_dn(s->samdb, tmp_ctx, part->dn, &do_dn); >- if (ret != LDB_SUCCESS) { >- TALLOC_FREE(tmp_ctx); >- /* some partitions have no Deleted Objects >- container */ >- continue; >- } >- >- if (!do_fs && ldb_dn_compare(ldb_get_config_basedn(s->samdb), part->dn)) { >- ret = dsdb_search(s->samdb, tmp_ctx, &res, do_dn, LDB_SCOPE_ONELEVEL, attrs, >- DSDB_SEARCH_SHOW_RECYCLED, NULL); >- } else { >- if (do_fs) { >- DEBUG(1, ("Doing a full scan on %s and looking for deleted object\n", >- ldb_dn_get_linearized(part->dn))); >- } >- ret = dsdb_search(s->samdb, tmp_ctx, &res, part->dn, LDB_SCOPE_SUBTREE, attrs, >- DSDB_SEARCH_SHOW_RECYCLED, "(isDeleted=TRUE)"); >- } >- >- if (ret != LDB_SUCCESS) { >- DEBUG(1,(__location__ ": Failed to search for deleted objects in %s\n", >- ldb_dn_get_linearized(do_dn))); >- TALLOC_FREE(tmp_ctx); >- continue; >- } >- >- for (i=0; i<res->count; i++) { >- const char *tstring; >- time_t whenChanged = 0; >- >- if (ldb_dn_compare(do_dn, res->msgs[i]->dn) == 0) { >- /* Skip the Deleted Object Container */ >- continue; >- } >- tstring = ldb_msg_find_attr_as_string(res->msgs[i], "whenChanged", NULL); >- if (tstring) { >- whenChanged = ldb_string_to_time(tstring); >- } >- if (t - whenChanged > tombstoneLifetime*60*60*24) { >- ret = dsdb_delete(s->samdb, res->msgs[i]->dn, DSDB_SEARCH_SHOW_RECYCLED|DSDB_MODIFY_RELAX); >- if (ret != LDB_SUCCESS) { >- DEBUG(1,(__location__ ": Failed to remove deleted object %s\n", >- ldb_dn_get_linearized(res->msgs[i]->dn))); >- } else { >- DEBUG(4,("Removed deleted object %s\n", >- ldb_dn_get_linearized(res->msgs[i]->dn))); >- } >- } >- } >- >- TALLOC_FREE(tmp_ctx); >- } >- >- return NT_STATUS_OK; >-} >diff --git a/source4/dsdb/kcc/kcc_service.h b/source4/dsdb/kcc/kcc_service.h >index b3ba226..451347e 100644 >--- a/source4/dsdb/kcc/kcc_service.h >+++ b/source4/dsdb/kcc/kcc_service.h >@@ -98,6 +98,8 @@ struct kccsrv_service { > > struct kcc_connection_list; > >+NTSTATUS kccsrv_check_deleted(struct kccsrv_service *s, TALLOC_CTX *mem_ctx); >+ > #include "dsdb/kcc/kcc_service_proto.h" > > #endif /* _DSDB_REPL_KCC_SERVICE_H_ */ >diff --git a/source4/dsdb/wscript_build b/source4/dsdb/wscript_build >index 991f9d3..aea8fa4 100755 >--- a/source4/dsdb/wscript_build >+++ b/source4/dsdb/wscript_build >@@ -37,13 +37,17 @@ bld.SAMBA_MODULE('service_drepl', > enabled=bld.AD_DC_BUILD_IS_ENABLED() > ) > >+bld.SAMBA_LIBRARY('dsdb_garbage_collect_tombstones', >+ source='kcc/garbage_collect_tombstones.c', >+ deps='samdb param RPC_NDR_DRSUAPI', >+ private_library=True) > > bld.SAMBA_MODULE('service_kcc', >- source='kcc/kcc_service.c kcc/kcc_connection.c kcc/kcc_topology.c kcc/kcc_deleted.c kcc/kcc_periodic.c kcc/kcc_drs_replica_info.c', >+ source='kcc/kcc_service.c kcc/kcc_connection.c kcc/kcc_topology.c kcc/kcc_periodic.c kcc/kcc_drs_replica_info.c', > autoproto='kcc/kcc_service_proto.h', > subsystem='service', > init_function='server_service_kcc_init', >- deps='samdb process_model RPC_NDR_IRPC RPC_NDR_DRSUAPI UTIL_RUNCMD', >+ deps='samdb process_model RPC_NDR_IRPC RPC_NDR_DRSUAPI UTIL_RUNCMD dsdb_garbage_collect_tombstones', > internal_module=False, > enabled=bld.AD_DC_BUILD_IS_ENABLED() > ) >-- >1.9.1 > > >From c67962c685bcd9bb239f8a7e93585ec8f5c9e3ae Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Mon, 18 Jul 2016 13:10:23 +1200 >Subject: [PATCH 05/32] dsdb: Rework kcc_deleted() into > dsdb_garbage_collect_tombstones() > >This is so that in a future commit, we can wrap this in python and allow it to be called >from outside the samba server processs. > >This requires that we rework the callers and internals to avoid reference to >private data structures of the KCC service. > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Garming Sam <garming@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12382 >(cherry picked from commit 4e0ac09ef6c6fadd67718f7b5aca7283fb8086b1) >--- > source4/dsdb/common/util.h | 10 +++++ > source4/dsdb/kcc/garbage_collect_tombstones.c | 59 ++++++++++++--------------- > source4/dsdb/kcc/garbage_collect_tombstones.h | 31 ++++++++++++++ > source4/dsdb/kcc/kcc_periodic.c | 21 +++++++--- > source4/dsdb/kcc/kcc_service.c | 5 +-- > source4/dsdb/kcc/kcc_service.h | 15 ++----- > source4/dsdb/wscript_build | 2 +- > 7 files changed, 90 insertions(+), 53 deletions(-) > create mode 100644 source4/dsdb/kcc/garbage_collect_tombstones.h > >diff --git a/source4/dsdb/common/util.h b/source4/dsdb/common/util.h >index f2867a2..ede6d8b 100644 >--- a/source4/dsdb/common/util.h >+++ b/source4/dsdb/common/util.h >@@ -80,4 +80,14 @@ int dsdb_werror_at(struct ldb_context *ldb, int ldb_ecode, WERROR werr, > dsdb_werror_at(ldb_module_get_ctx(module), ldb_ecode, werr, \ > __location__, __func__, reason) > >+ >+struct dsdb_ldb_dn_list_node { >+ struct dsdb_ldb_dn_list_node *prev, *next; >+ >+ /* the dn of the partition */ >+ struct ldb_dn *dn; >+}; >+ >+ >+ > #endif /* __DSDB_COMMON_UTIL_H__ */ >diff --git a/source4/dsdb/kcc/garbage_collect_tombstones.c b/source4/dsdb/kcc/garbage_collect_tombstones.c >index 8b9e921..825cfe2 100644 >--- a/source4/dsdb/kcc/garbage_collect_tombstones.c >+++ b/source4/dsdb/kcc/garbage_collect_tombstones.c >@@ -21,52 +21,47 @@ > */ > > #include "includes.h" >-#include "lib/events/events.h" >-#include "dsdb/samdb/samdb.h" >-#include "auth/auth.h" >-#include "smbd/service.h" >-#include "lib/messaging/irpc.h" >-#include "dsdb/kcc/kcc_connection.h" >-#include "dsdb/kcc/kcc_service.h" > #include <ldb_errors.h> > #include "../lib/util/dlinklist.h" > #include "librpc/gen_ndr/ndr_misc.h" > #include "librpc/gen_ndr/ndr_drsuapi.h" > #include "librpc/gen_ndr/ndr_drsblobs.h" > #include "param/param.h" >-#include "dsdb/common/util.h" >+#include "lib/util/dlinklist.h" >+#include "ldb.h" >+#include "dsdb/kcc/garbage_collect_tombstones.h" > >-/* >- check to see if any deleted objects need scavenging >- */ >-NTSTATUS kccsrv_check_deleted(struct kccsrv_service *s, TALLOC_CTX *mem_ctx) >+ >+NTSTATUS dsdb_garbage_collect_tombstones(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx, >+ struct ldb_context *samdb, >+ struct dsdb_ldb_dn_list_node *part, >+ time_t current_time, time_t *last_deleted_check, >+ time_t *last_full_scan_deleted_check) > { >- struct kccsrv_partition *part; > int ret; > uint32_t tombstoneLifetime; > bool do_fs = false; > >- time_t interval = lpcfg_parm_int(s->task->lp_ctx, NULL, "kccsrv", >- "check_deleted_full_scan_interval", 86400); >- time_t t = time(NULL); >+ time_t interval = lpcfg_parm_int(lp_ctx, NULL, "kccsrv", >+ "check_deleted_full_scan_interval", 86400); > >- if (t - s->last_deleted_check < lpcfg_parm_int(s->task->lp_ctx, NULL, "kccsrv", >- "check_deleted_interval", 600)) { >+ if (current_time - *last_deleted_check < lpcfg_parm_int(lp_ctx, NULL, "kccsrv", >+ "check_deleted_interval", 600)) { > return NT_STATUS_OK; > } >- s->last_deleted_check = t; >+ *last_deleted_check = current_time; > >- ret = dsdb_tombstone_lifetime(s->samdb, &tombstoneLifetime); >+ ret = dsdb_tombstone_lifetime(samdb, &tombstoneLifetime); > if (ret != LDB_SUCCESS) { > DEBUG(1,(__location__ ": Failed to get tombstone lifetime\n")); > return NT_STATUS_INTERNAL_DB_CORRUPTION; > } >- if (s->last_full_scan_deleted_check > 0 && ((t - s->last_full_scan_deleted_check) > interval )) { >+ if (*last_full_scan_deleted_check > 0 && ((current_time - *last_full_scan_deleted_check) > interval )) { > do_fs = true; >- s->last_full_scan_deleted_check = t; >+ *last_full_scan_deleted_check = current_time; > } > >- if (s->last_full_scan_deleted_check == 0) { >+ if (*last_full_scan_deleted_check == 0) { > /* > * If we never made a full scan set the last full scan event to be in the past > * and that 9/10 of the full scan interval has already passed. >@@ -75,10 +70,10 @@ NTSTATUS kccsrv_check_deleted(struct kccsrv_service *s, TALLOC_CTX *mem_ctx) > * With this "setup" and default values of interval, the full scan will fire > * 2.4 hours after the start of samba > */ >- s->last_full_scan_deleted_check = t - ((9 * interval) / 10); >+ *last_full_scan_deleted_check = current_time - ((9 * interval) / 10); > } > >- for (part=s->partitions; part; part=part->next) { >+ for (; part != NULL; part = part->next) { > struct ldb_dn *do_dn; > struct ldb_result *res; > const char *attrs[] = { "whenChanged", NULL }; >@@ -88,7 +83,7 @@ NTSTATUS kccsrv_check_deleted(struct kccsrv_service *s, TALLOC_CTX *mem_ctx) > return NT_STATUS_NO_MEMORY; > } > >- ret = dsdb_get_deleted_objects_dn(s->samdb, tmp_ctx, part->dn, &do_dn); >+ ret = dsdb_get_deleted_objects_dn(samdb, tmp_ctx, part->dn, &do_dn); > if (ret != LDB_SUCCESS) { > TALLOC_FREE(tmp_ctx); > /* some partitions have no Deleted Objects >@@ -96,16 +91,16 @@ NTSTATUS kccsrv_check_deleted(struct kccsrv_service *s, TALLOC_CTX *mem_ctx) > continue; > } > >- if (!do_fs && ldb_dn_compare(ldb_get_config_basedn(s->samdb), part->dn)) { >- ret = dsdb_search(s->samdb, tmp_ctx, &res, do_dn, LDB_SCOPE_ONELEVEL, attrs, >+ if (!do_fs && ldb_dn_compare(ldb_get_config_basedn(samdb), part->dn)) { >+ ret = dsdb_search(samdb, tmp_ctx, &res, do_dn, LDB_SCOPE_ONELEVEL, attrs, > DSDB_SEARCH_SHOW_RECYCLED, NULL); > } else { > if (do_fs) { > DEBUG(1, ("Doing a full scan on %s and looking for deleted object\n", > ldb_dn_get_linearized(part->dn))); > } >- ret = dsdb_search(s->samdb, tmp_ctx, &res, part->dn, LDB_SCOPE_SUBTREE, attrs, >- DSDB_SEARCH_SHOW_RECYCLED, "(isDeleted=TRUE)"); >+ ret = dsdb_search(samdb, tmp_ctx, &res, part->dn, LDB_SCOPE_SUBTREE, attrs, >+ DSDB_SEARCH_SHOW_RECYCLED, "(|(isDeleted=TRUE))"); > } > > if (ret != LDB_SUCCESS) { >@@ -127,8 +122,8 @@ NTSTATUS kccsrv_check_deleted(struct kccsrv_service *s, TALLOC_CTX *mem_ctx) > if (tstring) { > whenChanged = ldb_string_to_time(tstring); > } >- if (t - whenChanged > tombstoneLifetime*60*60*24) { >- ret = dsdb_delete(s->samdb, res->msgs[i]->dn, DSDB_SEARCH_SHOW_RECYCLED|DSDB_MODIFY_RELAX); >+ if (current_time - whenChanged > tombstoneLifetime*60*60*24) { >+ ret = dsdb_delete(samdb, res->msgs[i]->dn, DSDB_SEARCH_SHOW_RECYCLED|DSDB_MODIFY_RELAX); > if (ret != LDB_SUCCESS) { > DEBUG(1,(__location__ ": Failed to remove deleted object %s\n", > ldb_dn_get_linearized(res->msgs[i]->dn))); >diff --git a/source4/dsdb/kcc/garbage_collect_tombstones.h b/source4/dsdb/kcc/garbage_collect_tombstones.h >new file mode 100644 >index 0000000..b41bc9d >--- /dev/null >+++ b/source4/dsdb/kcc/garbage_collect_tombstones.h >@@ -0,0 +1,31 @@ >+/* >+ Unix SMB/CIFS implementation. >+ >+ handle removal of deleted objects >+ >+ Copyright (C) 2009 Andrew Tridgell >+ >+ This program is free software; you can redistribute it and/or modify >+ it under the terms of the GNU General Public License as published by >+ the Free Software Foundation; either version 3 of the License, or >+ (at your option) any later version. >+ >+ This program is distributed in the hope that it will be useful, >+ but WITHOUT ANY WARRANTY; without even the implied warranty of >+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >+ GNU General Public License for more details. >+ >+ You should have received a copy of the GNU General Public License >+ along with this program. If not, see <http://www.gnu.org/licenses/>. >+ >+*/ >+#include "param/param.h" >+#include "dsdb/samdb/samdb.h" >+#include "dsdb/common/util.h" >+ >+ >+NTSTATUS dsdb_garbage_collect_tombstones(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx, >+ struct ldb_context *samdb, >+ struct dsdb_ldb_dn_list_node *part, >+ time_t current_time, time_t *last_deleted_check, >+ time_t *last_full_scan_deleted_check); >diff --git a/source4/dsdb/kcc/kcc_periodic.c b/source4/dsdb/kcc/kcc_periodic.c >index 7fdbea7..ef114fd 100644 >--- a/source4/dsdb/kcc/kcc_periodic.c >+++ b/source4/dsdb/kcc/kcc_periodic.c >@@ -64,7 +64,7 @@ static bool reps_in_list(struct repsFromToBlob *r, struct repsFromToBlob *reps, > make sure we only add repsFrom entries for DCs who are masters for > the partition > */ >-static bool check_MasterNC(struct kccsrv_partition *p, struct repsFromToBlob *r, >+static bool check_MasterNC(struct kccsrv_service *service, struct dsdb_ldb_dn_list_node *p, struct repsFromToBlob *r, > struct ldb_result *res) > { > struct repsFromTo1 *r1 = &r->ctr.ctr1; >@@ -99,7 +99,7 @@ static bool check_MasterNC(struct kccsrv_partition *p, struct repsFromToBlob *r, > } > } > for (j=0; j<el->num_values; j++) { >- dn = ldb_dn_from_ldb_val(tmp_ctx, p->service->samdb, &el->values[j]); >+ dn = ldb_dn_from_ldb_val(tmp_ctx, service->samdb, &el->values[j]); > if (!ldb_dn_validate(dn)) { > talloc_free(dn); > continue; >@@ -194,7 +194,7 @@ NTSTATUS kccsrv_add_repsFrom(struct kccsrv_service *s, TALLOC_CTX *mem_ctx, > struct repsFromToBlob *reps, uint32_t count, > struct ldb_result *res) > { >- struct kccsrv_partition *p; >+ struct dsdb_ldb_dn_list_node *p; > bool notify_dreplsrv = false; > uint32_t replica_flags = kccsrv_replica_flags(s); > >@@ -233,7 +233,7 @@ NTSTATUS kccsrv_add_repsFrom(struct kccsrv_service *s, TALLOC_CTX *mem_ctx, > /* we don't have the new one - add it > * if it is a master > */ >- if (res && !check_MasterNC(p, &reps[i], res)) { >+ if (res && !check_MasterNC(s, p, &reps[i], res)) { > /* its not a master, we don't > want to pull from it */ > continue; >@@ -253,7 +253,7 @@ NTSTATUS kccsrv_add_repsFrom(struct kccsrv_service *s, TALLOC_CTX *mem_ctx, > /* remove any stale ones */ > for (i=0; i<our_count; i++) { > if (!reps_in_list(&our_reps[i], reps, count) || >- (res && !check_MasterNC(p, &our_reps[i], res))) { >+ (res && !check_MasterNC(s, p, &our_reps[i], res))) { > DEBUG(4,(__location__ ": Removed repsFrom for %s\n", > our_reps[i].ctr.ctr1.other_info->dns_name)); > memmove(&our_reps[i], &our_reps[i+1], (our_count-(i+1))*sizeof(our_reps[0])); >@@ -596,6 +596,17 @@ WERROR kccsrv_periodic_schedule(struct kccsrv_service *service, uint32_t next_in > return WERR_OK; > } > >+/* >+ check to see if any deleted objects need scavenging >+ */ >+static NTSTATUS kccsrv_check_deleted(struct kccsrv_service *s, TALLOC_CTX *mem_ctx) >+{ >+ time_t current = time(NULL); >+ return dsdb_garbage_collect_tombstones(mem_ctx, s->task->lp_ctx, s->samdb, >+ s->partitions, current, &s->last_deleted_check, >+ &s->last_full_scan_deleted_check); >+} >+ > static void kccsrv_periodic_run(struct kccsrv_service *service) > { > TALLOC_CTX *mem_ctx; >diff --git a/source4/dsdb/kcc/kcc_service.c b/source4/dsdb/kcc/kcc_service.c >index ccc252c..090cf1b 100644 >--- a/source4/dsdb/kcc/kcc_service.c >+++ b/source4/dsdb/kcc/kcc_service.c >@@ -110,18 +110,17 @@ static WERROR kccsrv_load_partitions(struct kccsrv_service *s) > for (i=0; i < el->num_values; i++) { > const char *v = (const char *)el->values[i].data; > struct ldb_dn *pdn; >- struct kccsrv_partition *p; >+ struct dsdb_ldb_dn_list_node *p; > > pdn = ldb_dn_new(s, s->samdb, v); > if (!ldb_dn_validate(pdn)) { > return WERR_FOOBAR; > } > >- p = talloc_zero(s, struct kccsrv_partition); >+ p = talloc_zero(s, struct dsdb_ldb_dn_list_node); > W_ERROR_HAVE_NO_MEMORY(p); > > p->dn = talloc_steal(p, pdn); >- p->service = s; > > DLIST_ADD(s->partitions, p); > >diff --git a/source4/dsdb/kcc/kcc_service.h b/source4/dsdb/kcc/kcc_service.h >index 451347e..b62fb12 100644 >--- a/source4/dsdb/kcc/kcc_service.h >+++ b/source4/dsdb/kcc/kcc_service.h >@@ -25,15 +25,7 @@ > #define _DSDB_REPL_KCC_SERVICE_H_ > > #include "librpc/gen_ndr/ndr_drsuapi_c.h" >- >-struct kccsrv_partition { >- struct kccsrv_partition *prev, *next; >- struct kccsrv_service *service; >- >- /* the dn of the partition */ >- struct ldb_dn *dn; >-}; >- >+#include "dsdb/common/util.h" > > struct kccsrv_service { > /* the whole kcc service is in one task */ >@@ -52,7 +44,7 @@ struct kccsrv_service { > struct auth_session_info *system_session_info; > > /* list of local partitions */ >- struct kccsrv_partition *partitions; >+ struct dsdb_ldb_dn_list_node *partitions; > > /* > * a connection to the local samdb >@@ -98,8 +90,7 @@ struct kccsrv_service { > > struct kcc_connection_list; > >-NTSTATUS kccsrv_check_deleted(struct kccsrv_service *s, TALLOC_CTX *mem_ctx); >- >+#include "dsdb/kcc/garbage_collect_tombstones.h" > #include "dsdb/kcc/kcc_service_proto.h" > > #endif /* _DSDB_REPL_KCC_SERVICE_H_ */ >diff --git a/source4/dsdb/wscript_build b/source4/dsdb/wscript_build >index aea8fa4..7ea9e27 100755 >--- a/source4/dsdb/wscript_build >+++ b/source4/dsdb/wscript_build >@@ -67,6 +67,6 @@ bld.SAMBA_PYTHON('python_dsdb', > # the dependency on dcerpc here is because gensec > # depends on dcerpc but the waf circular dependency finder > # removes it so we end up with unresolved symbols. >- deps='samdb pyldb-util dcerpc com_err pyrpc_util', >+ deps='samdb pyldb-util dcerpc com_err pyrpc_util pyparam_util', > realname='samba/dsdb.so' > ) >-- >1.9.1 > > >From 951d83618e834e362018d7fa51da6d9a30ef7487 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Mon, 29 Aug 2016 18:56:10 +1200 >Subject: [PATCH 06/32] dsdb: Rework more KCC service-specific details out of > dsdb_garbage_collect_tombstones() > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Garming Sam <garming@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12382 >(cherry picked from commit d894f08ba95ae994dd1603af28bd74943bfdec9f) >--- > source4/dsdb/kcc/garbage_collect_tombstones.c | 30 ++------------------------- > source4/dsdb/kcc/garbage_collect_tombstones.h | 4 ++-- > source4/dsdb/kcc/kcc_periodic.c | 30 +++++++++++++++++++++++++-- > 3 files changed, 32 insertions(+), 32 deletions(-) > >diff --git a/source4/dsdb/kcc/garbage_collect_tombstones.c b/source4/dsdb/kcc/garbage_collect_tombstones.c >index 825cfe2..80b30eb 100644 >--- a/source4/dsdb/kcc/garbage_collect_tombstones.c >+++ b/source4/dsdb/kcc/garbage_collect_tombstones.c >@@ -35,43 +35,17 @@ > NTSTATUS dsdb_garbage_collect_tombstones(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx, > struct ldb_context *samdb, > struct dsdb_ldb_dn_list_node *part, >- time_t current_time, time_t *last_deleted_check, >- time_t *last_full_scan_deleted_check) >+ time_t current_time, >+ bool do_fs) > { > int ret; > uint32_t tombstoneLifetime; >- bool do_fs = false; >- >- time_t interval = lpcfg_parm_int(lp_ctx, NULL, "kccsrv", >- "check_deleted_full_scan_interval", 86400); >- >- if (current_time - *last_deleted_check < lpcfg_parm_int(lp_ctx, NULL, "kccsrv", >- "check_deleted_interval", 600)) { >- return NT_STATUS_OK; >- } >- *last_deleted_check = current_time; > > ret = dsdb_tombstone_lifetime(samdb, &tombstoneLifetime); > if (ret != LDB_SUCCESS) { > DEBUG(1,(__location__ ": Failed to get tombstone lifetime\n")); > return NT_STATUS_INTERNAL_DB_CORRUPTION; > } >- if (*last_full_scan_deleted_check > 0 && ((current_time - *last_full_scan_deleted_check) > interval )) { >- do_fs = true; >- *last_full_scan_deleted_check = current_time; >- } >- >- if (*last_full_scan_deleted_check == 0) { >- /* >- * If we never made a full scan set the last full scan event to be in the past >- * and that 9/10 of the full scan interval has already passed. >- * This is done to avoid the full scan to fire just at the begining of samba >- * or a couple of minutes after the start. >- * With this "setup" and default values of interval, the full scan will fire >- * 2.4 hours after the start of samba >- */ >- *last_full_scan_deleted_check = current_time - ((9 * interval) / 10); >- } > > for (; part != NULL; part = part->next) { > struct ldb_dn *do_dn; >diff --git a/source4/dsdb/kcc/garbage_collect_tombstones.h b/source4/dsdb/kcc/garbage_collect_tombstones.h >index b41bc9d..445c7b3 100644 >--- a/source4/dsdb/kcc/garbage_collect_tombstones.h >+++ b/source4/dsdb/kcc/garbage_collect_tombstones.h >@@ -27,5 +27,5 @@ > NTSTATUS dsdb_garbage_collect_tombstones(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx, > struct ldb_context *samdb, > struct dsdb_ldb_dn_list_node *part, >- time_t current_time, time_t *last_deleted_check, >- time_t *last_full_scan_deleted_check); >+ time_t current_time, >+ bool do_fs); >diff --git a/source4/dsdb/kcc/kcc_periodic.c b/source4/dsdb/kcc/kcc_periodic.c >index ef114fd..5b5d36e 100644 >--- a/source4/dsdb/kcc/kcc_periodic.c >+++ b/source4/dsdb/kcc/kcc_periodic.c >@@ -601,10 +601,36 @@ WERROR kccsrv_periodic_schedule(struct kccsrv_service *service, uint32_t next_in > */ > static NTSTATUS kccsrv_check_deleted(struct kccsrv_service *s, TALLOC_CTX *mem_ctx) > { >+ bool do_fs = false; > time_t current = time(NULL); >+ time_t interval = lpcfg_parm_int(s->task->lp_ctx, NULL, "kccsrv", >+ "check_deleted_full_scan_interval", 86400); >+ >+ if (current - s->last_deleted_check < lpcfg_parm_int(s->task->lp_ctx, NULL, "kccsrv", >+ "check_deleted_interval", 600)) { >+ return NT_STATUS_OK; >+ } >+ s->last_deleted_check = current; >+ >+ if (s->last_full_scan_deleted_check > 0 && ((current - s->last_full_scan_deleted_check) > interval )) { >+ do_fs = true; >+ s->last_full_scan_deleted_check = current; >+ } >+ >+ if (s->last_full_scan_deleted_check == 0) { >+ /* >+ * If we never made a full scan set the last full scan event to be in the past >+ * and that 9/10 of the full scan interval has already passed. >+ * This is done to avoid the full scan to fire just at the begining of samba >+ * or a couple of minutes after the start. >+ * With this "setup" and default values of interval, the full scan will fire >+ * 2.4 hours after the start of samba >+ */ >+ s->last_full_scan_deleted_check = current - ((9 * interval) / 10); >+ } >+ > return dsdb_garbage_collect_tombstones(mem_ctx, s->task->lp_ctx, s->samdb, >- s->partitions, current, &s->last_deleted_check, >- &s->last_full_scan_deleted_check); >+ s->partitions, current, do_fs); > } > > static void kccsrv_periodic_run(struct kccsrv_service *service) >-- >1.9.1 > > >From 7eb60961fa48c6bcfd857feb4f19ed2e62aa1c31 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Mon, 29 Aug 2016 19:02:39 +1200 >Subject: [PATCH 07/32] dsdb: move tombstone lifetime calculation out of > dsdb_garbage_collect_tombstones() > >This will allow it to be specified by the caller when we add python bindings > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Garming Sam <garming@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12382 >(cherry picked from commit 824220e9bd7ffb9457ffc5a5bf0b5d279146f85c) >--- > source4/dsdb/kcc/garbage_collect_tombstones.c | 10 ++-------- > source4/dsdb/kcc/garbage_collect_tombstones.h | 3 ++- > source4/dsdb/kcc/kcc_periodic.c | 11 ++++++++++- > 3 files changed, 14 insertions(+), 10 deletions(-) > >diff --git a/source4/dsdb/kcc/garbage_collect_tombstones.c b/source4/dsdb/kcc/garbage_collect_tombstones.c >index 80b30eb..99d949e 100644 >--- a/source4/dsdb/kcc/garbage_collect_tombstones.c >+++ b/source4/dsdb/kcc/garbage_collect_tombstones.c >@@ -36,16 +36,10 @@ NTSTATUS dsdb_garbage_collect_tombstones(TALLOC_CTX *mem_ctx, struct loadparm_co > struct ldb_context *samdb, > struct dsdb_ldb_dn_list_node *part, > time_t current_time, >- bool do_fs) >+ bool do_fs, >+ uint32_t tombstoneLifetime) > { > int ret; >- uint32_t tombstoneLifetime; >- >- ret = dsdb_tombstone_lifetime(samdb, &tombstoneLifetime); >- if (ret != LDB_SUCCESS) { >- DEBUG(1,(__location__ ": Failed to get tombstone lifetime\n")); >- return NT_STATUS_INTERNAL_DB_CORRUPTION; >- } > > for (; part != NULL; part = part->next) { > struct ldb_dn *do_dn; >diff --git a/source4/dsdb/kcc/garbage_collect_tombstones.h b/source4/dsdb/kcc/garbage_collect_tombstones.h >index 445c7b3..f5eceeb 100644 >--- a/source4/dsdb/kcc/garbage_collect_tombstones.h >+++ b/source4/dsdb/kcc/garbage_collect_tombstones.h >@@ -28,4 +28,5 @@ NTSTATUS dsdb_garbage_collect_tombstones(TALLOC_CTX *mem_ctx, struct loadparm_co > struct ldb_context *samdb, > struct dsdb_ldb_dn_list_node *part, > time_t current_time, >- bool do_fs); >+ bool do_fs, >+ uint32_t tombstoneLifetime); >diff --git a/source4/dsdb/kcc/kcc_periodic.c b/source4/dsdb/kcc/kcc_periodic.c >index 5b5d36e..eefc83f 100644 >--- a/source4/dsdb/kcc/kcc_periodic.c >+++ b/source4/dsdb/kcc/kcc_periodic.c >@@ -601,7 +601,9 @@ WERROR kccsrv_periodic_schedule(struct kccsrv_service *service, uint32_t next_in > */ > static NTSTATUS kccsrv_check_deleted(struct kccsrv_service *s, TALLOC_CTX *mem_ctx) > { >+ int ret; > bool do_fs = false; >+ uint32_t tombstoneLifetime; > time_t current = time(NULL); > time_t interval = lpcfg_parm_int(s->task->lp_ctx, NULL, "kccsrv", > "check_deleted_full_scan_interval", 86400); >@@ -629,8 +631,15 @@ static NTSTATUS kccsrv_check_deleted(struct kccsrv_service *s, TALLOC_CTX *mem_c > s->last_full_scan_deleted_check = current - ((9 * interval) / 10); > } > >+ ret = dsdb_tombstone_lifetime(s->samdb, &tombstoneLifetime); >+ if (ret != LDB_SUCCESS) { >+ DEBUG(1,(__location__ ": Failed to get tombstone lifetime\n")); >+ return NT_STATUS_INTERNAL_DB_CORRUPTION; >+ } >+ > return dsdb_garbage_collect_tombstones(mem_ctx, s->task->lp_ctx, s->samdb, >- s->partitions, current, do_fs); >+ s->partitions, current, do_fs, >+ tombstoneLifetime); > } > > static void kccsrv_periodic_run(struct kccsrv_service *service) >-- >1.9.1 > > >From 03eba89dba231968c896cf1398ccbfe3c362f90d Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Mon, 18 Jul 2016 13:17:52 +1200 >Subject: [PATCH 08/32] dsdb: Expand garbage_collect_tombstones to expunge > links also > >This requires a significant rework, as we can no longer >do a one-level search and hope to find most of the deleted >objects. Therefore we fall back to a full scan, but less often. > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Garming Sam <garming@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12382 >(cherry picked from commit 1c636532874da6cf998538027f088c1da019f15d) >--- > source4/dsdb/kcc/garbage_collect_tombstones.c | 209 ++++++++++++++++++++++---- > source4/dsdb/kcc/garbage_collect_tombstones.h | 7 +- > source4/dsdb/kcc/kcc_periodic.c | 56 +++---- > 3 files changed, 214 insertions(+), 58 deletions(-) > >diff --git a/source4/dsdb/kcc/garbage_collect_tombstones.c b/source4/dsdb/kcc/garbage_collect_tombstones.c >index 99d949e..7c3d354 100644 >--- a/source4/dsdb/kcc/garbage_collect_tombstones.c >+++ b/source4/dsdb/kcc/garbage_collect_tombstones.c >@@ -30,22 +30,85 @@ > #include "lib/util/dlinklist.h" > #include "ldb.h" > #include "dsdb/kcc/garbage_collect_tombstones.h" >+#include "lib/ldb-samba/ldb_matching_rules.h" >+#include "lib/util/time.h" > > >-NTSTATUS dsdb_garbage_collect_tombstones(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx, >+NTSTATUS dsdb_garbage_collect_tombstones(TALLOC_CTX *mem_ctx, > struct ldb_context *samdb, > struct dsdb_ldb_dn_list_node *part, > time_t current_time, >- bool do_fs, >- uint32_t tombstoneLifetime) >+ uint32_t tombstoneLifetime, >+ unsigned int *num_objects_removed, >+ unsigned int *num_links_removed) > { > int ret; > >+ const char **attrs = NULL; >+ char *filter = NULL; >+ >+ unsigned int i; >+ struct dsdb_attribute *next_attr; >+ unsigned int num_link_attrs; >+ struct dsdb_schema *schema = dsdb_get_schema(samdb, mem_ctx); >+ unsigned long long expunge_time = current_time - tombstoneLifetime*60*60*24; >+ NTTIME expunge_time_nttime; >+ unix_to_nt_time(&expunge_time_nttime, expunge_time); >+ >+ *num_objects_removed = 0; >+ *num_links_removed = 0; >+ >+ num_link_attrs = 0; >+ >+ /* >+ * This filter is a bit strange, but the idea is to filter for >+ * objects that need to have tombstones expunged without >+ * bringing a potentially large databse all into memory. To >+ * do that, we could use callbacks, but instead we use a >+ * custom match rule to triage the objects during the search, >+ * and ideally avoid memory allocation for most of the >+ * un-matched objects. >+ * >+ * The parameter to DSDB_MATCH_FOR_EXPUNGE is the NTTIME, we >+ * return records with deleted links deleted before this time. >+ * >+ * We also return all isDeleted records >+ * >+ * TODO: Add date-comparison to LDB and use < on then >+ * whenChanged for the isDeleted case. >+ */ >+ >+ filter = talloc_asprintf(mem_ctx, "(|"); >+ for (next_attr = schema->attributes; next_attr != NULL; next_attr = next_attr->next) { >+ if (next_attr->linkID != 0 && ((next_attr->linkID & 1) == 0)) { >+ num_link_attrs++; >+ filter = talloc_asprintf_append(filter, >+ "(%s:" DSDB_MATCH_FOR_EXPUNGE ":=%llu)", >+ next_attr->lDAPDisplayName, >+ (unsigned long long)expunge_time_nttime); >+ } >+ } >+ >+ attrs = talloc_array(mem_ctx, const char *, num_link_attrs + 3); >+ i = 0; >+ for (next_attr = schema->attributes; next_attr != NULL; next_attr = next_attr->next) { >+ if (next_attr->linkID != 0 && ((next_attr->linkID & 1) == 0)) { >+ attrs[i++] = next_attr->lDAPDisplayName; >+ } >+ } >+ attrs[i] = "isDeleted"; >+ attrs[i+1] = "whenChanged"; >+ attrs[i+2] = NULL; >+ >+ filter = talloc_asprintf_append(filter, "(isDeleted=TRUE))"); >+ >+ schema = dsdb_get_schema(samdb, mem_ctx); >+ > for (; part != NULL; part = part->next) { > struct ldb_dn *do_dn; > struct ldb_result *res; >- const char *attrs[] = { "whenChanged", NULL }; >- unsigned int i; >+ unsigned int j, k; >+ uint32_t flags; > TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); > if (!tmp_ctx) { > return NT_STATUS_NO_MEMORY; >@@ -59,50 +122,142 @@ NTSTATUS dsdb_garbage_collect_tombstones(TALLOC_CTX *mem_ctx, struct loadparm_co > continue; > } > >- if (!do_fs && ldb_dn_compare(ldb_get_config_basedn(samdb), part->dn)) { >- ret = dsdb_search(samdb, tmp_ctx, &res, do_dn, LDB_SCOPE_ONELEVEL, attrs, >- DSDB_SEARCH_SHOW_RECYCLED, NULL); >- } else { >- if (do_fs) { >- DEBUG(1, ("Doing a full scan on %s and looking for deleted object\n", >- ldb_dn_get_linearized(part->dn))); >- } >- ret = dsdb_search(samdb, tmp_ctx, &res, part->dn, LDB_SCOPE_SUBTREE, attrs, >- DSDB_SEARCH_SHOW_RECYCLED, "(|(isDeleted=TRUE))"); >- } >+ DEBUG(1, ("Doing a full scan on %s and looking for deleted object\n", >+ ldb_dn_get_linearized(part->dn))); >+ >+ flags = DSDB_SEARCH_SHOW_RECYCLED | >+ DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT | >+ DSDB_SEARCH_REVEAL_INTERNALS; >+ ret = dsdb_search(samdb, tmp_ctx, &res, part->dn, LDB_SCOPE_SUBTREE, >+ attrs, flags, filter); > > if (ret != LDB_SUCCESS) { > DEBUG(1,(__location__ ": Failed to search for deleted objects in %s\n", > ldb_dn_get_linearized(do_dn))); > TALLOC_FREE(tmp_ctx); >- continue; >+ return NT_STATUS_INTERNAL_ERROR; > } > > for (i=0; i<res->count; i++) { >- const char *tstring; >- time_t whenChanged = 0; >+ struct ldb_message *cleanup_msg = NULL; >+ unsigned int num_modified = 0; >+ >+ bool isDeleted = ldb_msg_find_attr_as_bool(res->msgs[i], "isDeleted", false); >+ if (isDeleted) { >+ const char *tstring; >+ time_t whenChanged = 0; >+ >+ if (ldb_dn_compare(do_dn, res->msgs[i]->dn) == 0) { >+ /* Skip the Deleted Object Container */ >+ continue; >+ } > >- if (ldb_dn_compare(do_dn, res->msgs[i]->dn) == 0) { >- /* Skip the Deleted Object Container */ >+ tstring = ldb_msg_find_attr_as_string(res->msgs[i], "whenChanged", NULL); >+ whenChanged = ldb_string_to_time(tstring); >+ >+ if (whenChanged != 0 && whenChanged < expunge_time) { >+ ret = dsdb_delete(samdb, res->msgs[i]->dn, DSDB_SEARCH_SHOW_RECYCLED|DSDB_MODIFY_RELAX); >+ if (ret != LDB_SUCCESS) { >+ DEBUG(1,(__location__ ": Failed to remove deleted object %s\n", >+ ldb_dn_get_linearized(res->msgs[i]->dn))); >+ } else { >+ DEBUG(4,("Removed deleted object %s\n", >+ ldb_dn_get_linearized(res->msgs[i]->dn))); >+ (*num_objects_removed)++; >+ } >+ } > continue; > } >- tstring = ldb_msg_find_attr_as_string(res->msgs[i], "whenChanged", NULL); >- if (tstring) { >- whenChanged = ldb_string_to_time(tstring); >+ >+ /* This must have a linked attribute */ >+ for (j=0; j < res->msgs[i]->num_elements; j++) { >+ struct ldb_message_element *element = &res->msgs[i]->elements[j]; >+ /* TODO this is O(log n) per attribute with deleted values */ >+ const struct dsdb_attribute *attrib >+ = dsdb_attribute_by_lDAPDisplayName(schema, element->name); >+ >+ for (k = 0; k < element->num_values; k++) { >+ struct ldb_val *value = &element->values[k]; >+ uint64_t whenChanged = 0; >+ NTSTATUS status; >+ struct dsdb_dn *dn; >+ struct ldb_message_element *cleanup_elem = NULL; >+ char *guid_search_str = NULL, *guid_buf_str = NULL; >+ struct ldb_val cleanup_val; >+ struct GUID_txt_buf buf_guid; >+ struct GUID guid; >+ const struct ldb_val *guid_blob; >+ >+ if (dsdb_dn_is_deleted_val(value) == false) { >+ continue; >+ } >+ >+ dn = dsdb_dn_parse(tmp_ctx, samdb, &element->values[k], >+ attrib->syntax->ldap_oid); >+ if (dn == NULL) { >+ DEBUG(1, ("Failed to parse linked attribute blob of %s on %s while expunging expired links\n", element->name, >+ ldb_dn_get_linearized(res->msgs[i]->dn))); >+ continue; >+ } >+ >+ status = dsdb_get_extended_dn_uint64(dn->dn, &whenChanged, "RMD_CHANGETIME"); >+ if (!NT_STATUS_IS_OK(status)) { >+ DEBUG(1, ("Error: RMD_CHANGETIME is missing on a forward link.\n")); >+ talloc_free(dn); >+ continue; >+ } >+ >+ if (whenChanged >= expunge_time_nttime) { >+ talloc_free(dn); >+ continue; >+ } >+ >+ guid_blob = ldb_dn_get_extended_component(dn->dn, "GUID"); >+ status = GUID_from_ndr_blob(guid_blob, &guid); >+ if (!NT_STATUS_IS_OK(status)) { >+ DEBUG(1, ("Error: Invalid GUID on link target.\n")); >+ talloc_free(dn); >+ continue; >+ } >+ >+ guid_buf_str = GUID_buf_string(&guid, &buf_guid); >+ guid_search_str = talloc_asprintf(mem_ctx, "<GUID=%s>", guid_buf_str); >+ cleanup_val = data_blob_string_const(guid_search_str); >+ >+ talloc_free(dn); >+ >+ if (cleanup_msg == NULL) { >+ cleanup_msg = ldb_msg_new(mem_ctx); >+ if (cleanup_msg == NULL) { >+ return NT_STATUS_NO_MEMORY; >+ } >+ cleanup_msg->dn = res->msgs[i]->dn; >+ } >+ >+ ret = ldb_msg_add_value(cleanup_msg, element->name, &cleanup_val, &cleanup_elem); >+ if (ret != LDB_SUCCESS) { >+ return NT_STATUS_NO_MEMORY; >+ } >+ cleanup_elem->flags = LDB_FLAG_MOD_DELETE; >+ num_modified++; >+ } > } >- if (current_time - whenChanged > tombstoneLifetime*60*60*24) { >- ret = dsdb_delete(samdb, res->msgs[i]->dn, DSDB_SEARCH_SHOW_RECYCLED|DSDB_MODIFY_RELAX); >+ >+ if (num_modified > 0) { >+ ret = dsdb_modify(samdb, cleanup_msg, DSDB_REPLMD_VANISH_LINKS); > if (ret != LDB_SUCCESS) { > DEBUG(1,(__location__ ": Failed to remove deleted object %s\n", > ldb_dn_get_linearized(res->msgs[i]->dn))); > } else { > DEBUG(4,("Removed deleted object %s\n", > ldb_dn_get_linearized(res->msgs[i]->dn))); >+ *num_links_removed = *num_links_removed + num_modified; > } >+ > } > } >- > TALLOC_FREE(tmp_ctx); >+ > } > > return NT_STATUS_OK; >diff --git a/source4/dsdb/kcc/garbage_collect_tombstones.h b/source4/dsdb/kcc/garbage_collect_tombstones.h >index f5eceeb..a921909 100644 >--- a/source4/dsdb/kcc/garbage_collect_tombstones.h >+++ b/source4/dsdb/kcc/garbage_collect_tombstones.h >@@ -24,9 +24,10 @@ > #include "dsdb/common/util.h" > > >-NTSTATUS dsdb_garbage_collect_tombstones(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx, >+NTSTATUS dsdb_garbage_collect_tombstones(TALLOC_CTX *mem_ctx, > struct ldb_context *samdb, > struct dsdb_ldb_dn_list_node *part, > time_t current_time, >- bool do_fs, >- uint32_t tombstoneLifetime); >+ uint32_t tombstoneLifetime, >+ unsigned int *num_objects_removed, >+ unsigned int *num_links_removed); >diff --git a/source4/dsdb/kcc/kcc_periodic.c b/source4/dsdb/kcc/kcc_periodic.c >index eefc83f..fd759f5 100644 >--- a/source4/dsdb/kcc/kcc_periodic.c >+++ b/source4/dsdb/kcc/kcc_periodic.c >@@ -601,35 +601,18 @@ WERROR kccsrv_periodic_schedule(struct kccsrv_service *service, uint32_t next_in > */ > static NTSTATUS kccsrv_check_deleted(struct kccsrv_service *s, TALLOC_CTX *mem_ctx) > { >- int ret; >- bool do_fs = false; >- uint32_t tombstoneLifetime; >- time_t current = time(NULL); >+ time_t current_time = time(NULL); > time_t interval = lpcfg_parm_int(s->task->lp_ctx, NULL, "kccsrv", >- "check_deleted_full_scan_interval", 86400); >+ "check_deleted_interval", 86400); >+ uint32_t tombstoneLifetime; >+ int ret; >+ unsigned int num_objects_removed = 0; >+ unsigned int num_links_removed = 0; >+ NTSTATUS status; > >- if (current - s->last_deleted_check < lpcfg_parm_int(s->task->lp_ctx, NULL, "kccsrv", >- "check_deleted_interval", 600)) { >+ if (current_time - s->last_deleted_check < interval) { > return NT_STATUS_OK; > } >- s->last_deleted_check = current; >- >- if (s->last_full_scan_deleted_check > 0 && ((current - s->last_full_scan_deleted_check) > interval )) { >- do_fs = true; >- s->last_full_scan_deleted_check = current; >- } >- >- if (s->last_full_scan_deleted_check == 0) { >- /* >- * If we never made a full scan set the last full scan event to be in the past >- * and that 9/10 of the full scan interval has already passed. >- * This is done to avoid the full scan to fire just at the begining of samba >- * or a couple of minutes after the start. >- * With this "setup" and default values of interval, the full scan will fire >- * 2.4 hours after the start of samba >- */ >- s->last_full_scan_deleted_check = current - ((9 * interval) / 10); >- } > > ret = dsdb_tombstone_lifetime(s->samdb, &tombstoneLifetime); > if (ret != LDB_SUCCESS) { >@@ -637,9 +620,26 @@ static NTSTATUS kccsrv_check_deleted(struct kccsrv_service *s, TALLOC_CTX *mem_c > return NT_STATUS_INTERNAL_DB_CORRUPTION; > } > >- return dsdb_garbage_collect_tombstones(mem_ctx, s->task->lp_ctx, s->samdb, >- s->partitions, current, do_fs, >- tombstoneLifetime); >+ s->last_deleted_check = current_time; >+ >+ status = dsdb_garbage_collect_tombstones(mem_ctx, s->samdb, >+ s->partitions, >+ current_time, tombstoneLifetime, >+ &num_objects_removed, >+ &num_links_removed); >+ >+ if (NT_STATUS_IS_OK(status)) { >+ DEBUG(5, ("garbage_collect_tombstones: Removed %u tombstone objects " >+ "and %u tombstone links successfully\n", >+ num_objects_removed, num_links_removed)); >+ } else { >+ DEBUG(2, ("garbage_collect_tombstones: Failure removing tombstone " >+ "objects and links after removing %u tombstone objects " >+ "and %u tombstone links successfully: %s\n", >+ num_objects_removed, num_links_removed, >+ nt_errstr(status))); >+ } >+ return status; > } > > static void kccsrv_periodic_run(struct kccsrv_service *service) >-- >1.9.1 > > >From 13e332716551b199a912abef525a6822b4ec70fb Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Mon, 18 Jul 2016 13:11:10 +1200 >Subject: [PATCH 09/32] python: Add binding for > dsdb_garbage_collect_tombstones() > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Garming Sam <garming@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12382 >(cherry picked from commit 02d82af06f3f13bdfd7497d168ba06f1092ede12) >--- > python/samba/samdb.py | 14 +++++++ > source4/dsdb/pydsdb.c | 97 ++++++++++++++++++++++++++++++++++++++++++++++ > source4/dsdb/wscript_build | 2 +- > 3 files changed, 112 insertions(+), 1 deletion(-) > >diff --git a/python/samba/samdb.py b/python/samba/samdb.py >index e12465d..3d7ea3e 100644 >--- a/python/samba/samdb.py >+++ b/python/samba/samdb.py >@@ -949,3 +949,17 @@ accountExpires: %u > is removed, this routine will put a tombstone in the record. > ''' > return dsdb_dns.replace_by_dn(self, dn, new_records) >+ >+ def garbage_collect_tombstones(self, dn, current_time, >+ tombstone_lifetime=None): >+ '''garbage_collect_tombstones(lp, samdb, [dn], current_time, tombstone_lifetime) >+ -> (num_objects_expunged, num_links_expunged)''' >+ >+ >+ if tombstone_lifetime is None: >+ return dsdb._dsdb_garbage_collect_tombstones(self, dn, >+ current_time) >+ else: >+ return dsdb._dsdb_garbage_collect_tombstones(self, dn, >+ current_time, >+ tombstone_lifetime) >diff --git a/source4/dsdb/pydsdb.c b/source4/dsdb/pydsdb.c >index 1fe8c13..0df52ad 100644 >--- a/source4/dsdb/pydsdb.c >+++ b/source4/dsdb/pydsdb.c >@@ -28,6 +28,9 @@ > #include "auth/kerberos/kerberos.h" > #include "librpc/rpc/pyrpc_util.h" > #include "lib/policy/policy.h" >+#include "param/pyparam.h" >+#include "lib/util/dlinklist.h" >+#include "dsdb/kcc/garbage_collect_tombstones.h" > > void initdsdb(void); > >@@ -1075,6 +1078,97 @@ static PyObject *py_dsdb_am_pdc(PyObject *self, PyObject *args) > return PyBool_FromLong(am_pdc); > } > >+static PyObject *py_dsdb_garbage_collect_tombstones(PyObject *self, PyObject *args) >+{ >+ PyObject *py_ldb, *py_list_dn; >+ struct ldb_context *ldb = NULL; >+ Py_ssize_t i; >+ Py_ssize_t length; >+ long long _current_time, _tombstone_lifetime = LLONG_MAX; >+ uint32_t tombstone_lifetime32; >+ struct dsdb_ldb_dn_list_node *part = NULL; >+ time_t current_time, tombstone_lifetime; >+ TALLOC_CTX *mem_ctx = NULL; >+ NTSTATUS status; >+ unsigned int num_objects_removed = 0; >+ unsigned int num_links_removed = 0; >+ >+ if (!PyArg_ParseTuple(args, "OOL|L", &py_ldb, >+ &py_list_dn, &_current_time, &_tombstone_lifetime)) { >+ return NULL; >+ } >+ >+ >+ PyErr_LDB_OR_RAISE(py_ldb, ldb); >+ >+ mem_ctx = talloc_new(ldb); >+ if (mem_ctx == NULL) { >+ return PyErr_NoMemory(); >+ } >+ >+ current_time = _current_time; >+ >+ if (_tombstone_lifetime == LLONG_MAX) { >+ int ret = dsdb_tombstone_lifetime(ldb, &tombstone_lifetime32); >+ if (ret != LDB_SUCCESS) { >+ PyErr_Format(PyExc_RuntimeError, >+ "Failed to get tombstone lifetime: %s", >+ ldb_errstring(ldb)); >+ TALLOC_FREE(mem_ctx); >+ return NULL; >+ } >+ tombstone_lifetime = tombstone_lifetime32; >+ } else { >+ tombstone_lifetime = _tombstone_lifetime; >+ } >+ >+ if (!PyList_Check(py_list_dn)) { >+ PyErr_SetString(PyExc_TypeError, "A list of DNs were expected"); >+ TALLOC_FREE(mem_ctx); >+ return NULL; >+ } >+ >+ length = PyList_GET_SIZE(py_list_dn); >+ >+ for (i = 0; i < length; i++) { >+ char *part_str = PyString_AsString(PyList_GetItem(py_list_dn, i)); >+ struct ldb_dn *p; >+ struct dsdb_ldb_dn_list_node *node; >+ >+ if (part_str == NULL) { >+ TALLOC_FREE(mem_ctx); >+ return PyErr_NoMemory(); >+ } >+ >+ p = ldb_dn_new(mem_ctx, ldb, part_str); >+ if (p == NULL) { >+ PyErr_Format(PyExc_RuntimeError, "Failed to parse DN %s", part_str); >+ TALLOC_FREE(mem_ctx); >+ return NULL; >+ } >+ node = talloc_zero(mem_ctx, struct dsdb_ldb_dn_list_node); >+ node->dn = p; >+ >+ DLIST_ADD_END(part, node); >+ } >+ >+ status = dsdb_garbage_collect_tombstones(mem_ctx, ldb, >+ part, current_time, >+ tombstone_lifetime, >+ &num_objects_removed, >+ &num_links_removed); >+ >+ if (!NT_STATUS_IS_OK(status)) { >+ PyErr_SetNTSTATUS(status); >+ return NULL; >+ } >+ >+ TALLOC_FREE(mem_ctx); >+ >+ return Py_BuildValue("(II)", num_objects_removed, >+ num_links_removed); >+} >+ > > static PyMethodDef py_dsdb_methods[] = { > { "_samdb_server_site_name", (PyCFunction)py_samdb_server_site_name, >@@ -1141,6 +1235,9 @@ static PyMethodDef py_dsdb_methods[] = { > { "_dsdb_get_wellknown_dn", (PyCFunction)py_dsdb_get_wellknown_dn, METH_VARARGS, NULL }, > { "_dsdb_DsReplicaAttribute", (PyCFunction)py_dsdb_DsReplicaAttribute, METH_VARARGS, NULL }, > { "_dsdb_normalise_attributes", (PyCFunction)py_dsdb_normalise_attributes, METH_VARARGS, NULL }, >+ { "_dsdb_garbage_collect_tombstones", (PyCFunction)py_dsdb_garbage_collect_tombstones, METH_VARARGS, >+ "_dsdb_kcc_check_deleted(samdb, [dn], current_time, tombstone_lifetime)" >+ " -> (num_objects_expunged, num_links_expunged)" }, > { NULL } > }; > >diff --git a/source4/dsdb/wscript_build b/source4/dsdb/wscript_build >index 7ea9e27..d569ea6 100755 >--- a/source4/dsdb/wscript_build >+++ b/source4/dsdb/wscript_build >@@ -67,6 +67,6 @@ bld.SAMBA_PYTHON('python_dsdb', > # the dependency on dcerpc here is because gensec > # depends on dcerpc but the waf circular dependency finder > # removes it so we end up with unresolved symbols. >- deps='samdb pyldb-util dcerpc com_err pyrpc_util pyparam_util', >+ deps='samdb pyldb-util dcerpc com_err pyrpc_util pyparam_util dsdb_garbage_collect_tombstones', > realname='samba/dsdb.so' > ) >-- >1.9.1 > > >From 06cfa18c0e4a54594a18d9813542cabe365ad709 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Mon, 29 Aug 2016 18:36:19 +1200 >Subject: [PATCH 10/32] samba-tool: Add command-line tool to trigger tombstone > expunge > >This allows us to carefully test the garbage collection of tombstoned objects >without running the full server and waiting for the timer to expire > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Garming Sam <garming@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12382 >(cherry picked from commit 55b9b9a969b0e7ef6590710fda85265fc3146159) >--- > python/samba/netcmd/domain.py | 74 +++++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 74 insertions(+) > >diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py >index fd26d93..dc1356d 100644 >--- a/python/samba/netcmd/domain.py >+++ b/python/samba/netcmd/domain.py >@@ -32,6 +32,7 @@ import random > import tempfile > import logging > import subprocess >+import time > from getpass import getpass > from samba.net import Net, LIBNET_JOIN_AUTOMATIC > import samba.ntacls >@@ -3747,6 +3748,72 @@ class cmd_domain_trust_namespaces(DomainTrustCommand): > tln=local_tdo_info.domain_name.string) > return > >+class cmd_domain_tombstones_expunge(Command): >+ """Expunge tombstones from the database. >+ >+This command expunges tombstones from the database.""" >+ synopsis = "%prog NC [NC [...]] [options]" >+ >+ takes_options = [ >+ Option("-H", "--URL", help="LDB URL for database or target server", type=str, >+ metavar="URL", dest="H"), >+ Option("--current-time", >+ help="The current time to evaluate the tombstone lifetime from, expressed as YYYY-MM-DD", >+ type=str), >+ Option("--tombstone-lifetime", help="Number of days a tombstone should be preserved for", type=int), >+ ] >+ >+ takes_args = ["nc*"] >+ >+ takes_optiongroups = { >+ "sambaopts": options.SambaOptions, >+ "credopts": options.CredentialsOptions, >+ "versionopts": options.VersionOptions, >+ } >+ >+ def run(self, *ncs, **kwargs): >+ sambaopts = kwargs.get("sambaopts") >+ credopts = kwargs.get("credopts") >+ versionpts = kwargs.get("versionopts") >+ H = kwargs.get("H") >+ current_time_string = kwargs.get("current_time") >+ tombstone_lifetime = kwargs.get("tombstone_lifetime") >+ lp = sambaopts.get_loadparm() >+ creds = credopts.get_credentials(lp) >+ samdb = SamDB(url=H, session_info=system_session(), >+ credentials=creds, lp=lp) >+ >+ if current_time_string is not None: >+ current_time_obj = time.strptime(current_time_string, "%Y-%m-%d") >+ current_time = long(time.mktime(current_time_obj)) >+ >+ else: >+ current_time = long(time.time()) >+ >+ if len(ncs) == 0: >+ res = samdb.search(expression="", base="", scope=ldb.SCOPE_BASE, >+ attrs=["namingContexts"]) >+ >+ ncs = [] >+ for nc in res[0]["namingContexts"]: >+ ncs.append(str(nc)) >+ else: >+ ncs = list(ncs) >+ >+ try: >+ (removed_objects, >+ removed_links) = samdb.garbage_collect_tombstones(ncs, >+ current_time=current_time, >+ tombstone_lifetime=tombstone_lifetime) >+ >+ except Exception, err: >+ raise CommandError("Failed to expunge / garbage collect tombstones", err) >+ >+ self.outf.write("Removed %d objects and %d links successfully\n" >+ % (removed_objects, removed_links)) >+ >+ >+ > class cmd_domain_trust(SuperCommand): > """Domain and forest trust management.""" > >@@ -3758,6 +3825,12 @@ class cmd_domain_trust(SuperCommand): > subcommands["validate"] = cmd_domain_trust_validate() > subcommands["namespaces"] = cmd_domain_trust_namespaces() > >+class cmd_domain_tombstones(SuperCommand): >+ """Domain tombstone and recycled object management.""" >+ >+ subcommands = {} >+ subcommands["expunge"] = cmd_domain_tombstones_expunge() >+ > class cmd_domain(SuperCommand): > """Domain management.""" > >@@ -3774,3 +3847,4 @@ class cmd_domain(SuperCommand): > subcommands["classicupgrade"] = cmd_domain_classicupgrade() > subcommands["samba3upgrade"] = cmd_domain_samba3upgrade() > subcommands["trust"] = cmd_domain_trust() >+ subcommands["tombstones"] = cmd_domain_tombstones() >-- >1.9.1 > > >From 97184976f6a61fccdaf7f6f575da73ab92de9021 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Tue, 30 Aug 2016 10:22:47 +1200 >Subject: [PATCH 11/32] dsdb: Expose ldb error string to > dsdb_garbage_collect_tombstones() callers > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Garming Sam <garming@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12382 >(cherry picked from commit 240038979d748b830b788753b38c3cd576eafe30) >--- > source4/dsdb/kcc/garbage_collect_tombstones.c | 10 ++++++---- > source4/dsdb/kcc/garbage_collect_tombstones.h | 3 ++- > source4/dsdb/kcc/kcc_periodic.c | 6 ++++-- > source4/dsdb/pydsdb.c | 11 +++++++++-- > 4 files changed, 21 insertions(+), 9 deletions(-) > >diff --git a/source4/dsdb/kcc/garbage_collect_tombstones.c b/source4/dsdb/kcc/garbage_collect_tombstones.c >index 7c3d354..a04f5f5 100644 >--- a/source4/dsdb/kcc/garbage_collect_tombstones.c >+++ b/source4/dsdb/kcc/garbage_collect_tombstones.c >@@ -40,7 +40,8 @@ NTSTATUS dsdb_garbage_collect_tombstones(TALLOC_CTX *mem_ctx, > time_t current_time, > uint32_t tombstoneLifetime, > unsigned int *num_objects_removed, >- unsigned int *num_links_removed) >+ unsigned int *num_links_removed, >+ char **error_string) > { > int ret; > >@@ -57,7 +58,7 @@ NTSTATUS dsdb_garbage_collect_tombstones(TALLOC_CTX *mem_ctx, > > *num_objects_removed = 0; > *num_links_removed = 0; >- >+ *error_string = NULL; > num_link_attrs = 0; > > /* >@@ -132,8 +133,9 @@ NTSTATUS dsdb_garbage_collect_tombstones(TALLOC_CTX *mem_ctx, > attrs, flags, filter); > > if (ret != LDB_SUCCESS) { >- DEBUG(1,(__location__ ": Failed to search for deleted objects in %s\n", >- ldb_dn_get_linearized(do_dn))); >+ *error_string = talloc_asprintf(mem_ctx, "Failed to search for deleted objects in %s: %s", >+ ldb_dn_get_linearized(do_dn), >+ ldb_errstring(samdb)); > TALLOC_FREE(tmp_ctx); > return NT_STATUS_INTERNAL_ERROR; > } >diff --git a/source4/dsdb/kcc/garbage_collect_tombstones.h b/source4/dsdb/kcc/garbage_collect_tombstones.h >index a921909..ce62f5d 100644 >--- a/source4/dsdb/kcc/garbage_collect_tombstones.h >+++ b/source4/dsdb/kcc/garbage_collect_tombstones.h >@@ -30,4 +30,5 @@ NTSTATUS dsdb_garbage_collect_tombstones(TALLOC_CTX *mem_ctx, > time_t current_time, > uint32_t tombstoneLifetime, > unsigned int *num_objects_removed, >- unsigned int *num_links_removed); >+ unsigned int *num_links_removed, >+ char **error_string); >diff --git a/source4/dsdb/kcc/kcc_periodic.c b/source4/dsdb/kcc/kcc_periodic.c >index fd759f5..8c4b70a 100644 >--- a/source4/dsdb/kcc/kcc_periodic.c >+++ b/source4/dsdb/kcc/kcc_periodic.c >@@ -609,6 +609,7 @@ static NTSTATUS kccsrv_check_deleted(struct kccsrv_service *s, TALLOC_CTX *mem_c > unsigned int num_objects_removed = 0; > unsigned int num_links_removed = 0; > NTSTATUS status; >+ char *error_string = NULL; > > if (current_time - s->last_deleted_check < interval) { > return NT_STATUS_OK; >@@ -626,7 +627,8 @@ static NTSTATUS kccsrv_check_deleted(struct kccsrv_service *s, TALLOC_CTX *mem_c > s->partitions, > current_time, tombstoneLifetime, > &num_objects_removed, >- &num_links_removed); >+ &num_links_removed, >+ &error_string); > > if (NT_STATUS_IS_OK(status)) { > DEBUG(5, ("garbage_collect_tombstones: Removed %u tombstone objects " >@@ -637,7 +639,7 @@ static NTSTATUS kccsrv_check_deleted(struct kccsrv_service *s, TALLOC_CTX *mem_c > "objects and links after removing %u tombstone objects " > "and %u tombstone links successfully: %s\n", > num_objects_removed, num_links_removed, >- nt_errstr(status))); >+ error_string ? error_string : nt_errstr(status))); > } > return status; > } >diff --git a/source4/dsdb/pydsdb.c b/source4/dsdb/pydsdb.c >index 0df52ad..e53a245 100644 >--- a/source4/dsdb/pydsdb.c >+++ b/source4/dsdb/pydsdb.c >@@ -1092,6 +1092,7 @@ static PyObject *py_dsdb_garbage_collect_tombstones(PyObject *self, PyObject *ar > NTSTATUS status; > unsigned int num_objects_removed = 0; > unsigned int num_links_removed = 0; >+ char *error_string = NULL; > > if (!PyArg_ParseTuple(args, "OOL|L", &py_ldb, > &py_list_dn, &_current_time, &_tombstone_lifetime)) { >@@ -1156,10 +1157,16 @@ static PyObject *py_dsdb_garbage_collect_tombstones(PyObject *self, PyObject *ar > part, current_time, > tombstone_lifetime, > &num_objects_removed, >- &num_links_removed); >+ &num_links_removed, >+ &error_string); > > if (!NT_STATUS_IS_OK(status)) { >- PyErr_SetNTSTATUS(status); >+ if (error_string) { >+ PyErr_Format(PyExc_RuntimeError, "%s", error_string); >+ } else { >+ PyErr_SetNTSTATUS(status); >+ } >+ TALLOC_FREE(mem_ctx); > return NULL; > } > >-- >1.9.1 > > >From 6ac7a1c1a2f25fba3f8d54ae1a523842f8ab4796 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Tue, 30 Aug 2016 10:30:51 +1200 >Subject: [PATCH 12/32] dsdb: Use a date comparison in the search to avoid > returning all deleted objects > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Garming Sam <garming@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12382 >(cherry picked from commit d66deaabc6faca769e9e18098eef4729f3dad379) >--- > source4/dsdb/kcc/garbage_collect_tombstones.c | 44 ++++++++++++--------------- > 1 file changed, 20 insertions(+), 24 deletions(-) > >diff --git a/source4/dsdb/kcc/garbage_collect_tombstones.c b/source4/dsdb/kcc/garbage_collect_tombstones.c >index a04f5f5..a1ecbb0 100644 >--- a/source4/dsdb/kcc/garbage_collect_tombstones.c >+++ b/source4/dsdb/kcc/garbage_collect_tombstones.c >@@ -53,6 +53,7 @@ NTSTATUS dsdb_garbage_collect_tombstones(TALLOC_CTX *mem_ctx, > unsigned int num_link_attrs; > struct dsdb_schema *schema = dsdb_get_schema(samdb, mem_ctx); > unsigned long long expunge_time = current_time - tombstoneLifetime*60*60*24; >+ char *expunge_time_string = ldb_timestring_utc(mem_ctx, expunge_time); > NTTIME expunge_time_nttime; > unix_to_nt_time(&expunge_time_nttime, expunge_time); > >@@ -73,10 +74,8 @@ NTSTATUS dsdb_garbage_collect_tombstones(TALLOC_CTX *mem_ctx, > * The parameter to DSDB_MATCH_FOR_EXPUNGE is the NTTIME, we > * return records with deleted links deleted before this time. > * >- * We also return all isDeleted records >- * >- * TODO: Add date-comparison to LDB and use < on then >- * whenChanged for the isDeleted case. >+ * We use a date comparison on whenChanged to avoid returning >+ * all isDeleted records > */ > > filter = talloc_asprintf(mem_ctx, "(|"); >@@ -87,10 +86,13 @@ NTSTATUS dsdb_garbage_collect_tombstones(TALLOC_CTX *mem_ctx, > "(%s:" DSDB_MATCH_FOR_EXPUNGE ":=%llu)", > next_attr->lDAPDisplayName, > (unsigned long long)expunge_time_nttime); >+ if (filter == NULL) { >+ return NT_STATUS_NO_MEMORY; >+ } > } > } > >- attrs = talloc_array(mem_ctx, const char *, num_link_attrs + 3); >+ attrs = talloc_array(mem_ctx, const char *, num_link_attrs + 2); > i = 0; > for (next_attr = schema->attributes; next_attr != NULL; next_attr = next_attr->next) { > if (next_attr->linkID != 0 && ((next_attr->linkID & 1) == 0)) { >@@ -98,10 +100,12 @@ NTSTATUS dsdb_garbage_collect_tombstones(TALLOC_CTX *mem_ctx, > } > } > attrs[i] = "isDeleted"; >- attrs[i+1] = "whenChanged"; >- attrs[i+2] = NULL; >+ attrs[i+1] = NULL; > >- filter = talloc_asprintf_append(filter, "(isDeleted=TRUE))"); >+ filter = talloc_asprintf_append(filter, "(&(isDeleted=TRUE)(whenChanged<=%s)))", expunge_time_string); >+ if (filter == NULL) { >+ return NT_STATUS_NO_MEMORY; >+ } > > schema = dsdb_get_schema(samdb, mem_ctx); > >@@ -146,27 +150,19 @@ NTSTATUS dsdb_garbage_collect_tombstones(TALLOC_CTX *mem_ctx, > > bool isDeleted = ldb_msg_find_attr_as_bool(res->msgs[i], "isDeleted", false); > if (isDeleted) { >- const char *tstring; >- time_t whenChanged = 0; >- > if (ldb_dn_compare(do_dn, res->msgs[i]->dn) == 0) { > /* Skip the Deleted Object Container */ > continue; > } > >- tstring = ldb_msg_find_attr_as_string(res->msgs[i], "whenChanged", NULL); >- whenChanged = ldb_string_to_time(tstring); >- >- if (whenChanged != 0 && whenChanged < expunge_time) { >- ret = dsdb_delete(samdb, res->msgs[i]->dn, DSDB_SEARCH_SHOW_RECYCLED|DSDB_MODIFY_RELAX); >- if (ret != LDB_SUCCESS) { >- DEBUG(1,(__location__ ": Failed to remove deleted object %s\n", >- ldb_dn_get_linearized(res->msgs[i]->dn))); >- } else { >- DEBUG(4,("Removed deleted object %s\n", >- ldb_dn_get_linearized(res->msgs[i]->dn))); >- (*num_objects_removed)++; >- } >+ ret = dsdb_delete(samdb, res->msgs[i]->dn, DSDB_SEARCH_SHOW_RECYCLED|DSDB_MODIFY_RELAX); >+ if (ret != LDB_SUCCESS) { >+ DEBUG(1,(__location__ ": Failed to remove deleted object %s\n", >+ ldb_dn_get_linearized(res->msgs[i]->dn))); >+ } else { >+ DEBUG(4,("Removed deleted object %s\n", >+ ldb_dn_get_linearized(res->msgs[i]->dn))); >+ (*num_objects_removed)++; > } > continue; > } >-- >1.9.1 > > >From c93bc56abeb7c508280e8e6e62a918c6c031cf38 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Wed, 31 Aug 2016 17:07:29 +1200 >Subject: [PATCH 13/32] selftest: Add test for 'samba-tool tombstones expunge' > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Garming Sam <garming@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12382 >(cherry picked from commit a999e8c0cbbfcb59caf4732c952e3e9856ea7577) >--- > selftest/tests.py | 5 + > .../release-4-5-0-pre1/add-four-more-links.ldif | 15 +++ > .../release-4-5-0-pre1/add-two-more-users.ldif | 15 +++ > .../expected-deleted-links-after-expunge.ldif | 23 ++++ > .../release-4-5-0-pre1/expected-expunge-output.txt | 1 + > .../expected-links-after-expunge.ldif | 22 ++++ > .../expected-objects-after-expunge.ldif | 2 + > .../release-4-5-0-pre1/remove-one-more-link.ldif | 5 + > .../release-4-5-0-pre1/remove-one-more-user.ldif | 3 + > testprogs/blackbox/tombstones-expunge.sh | 144 +++++++++++++++++++++ > 10 files changed, 235 insertions(+) > create mode 100644 source4/selftest/provisions/release-4-5-0-pre1/add-four-more-links.ldif > create mode 100644 source4/selftest/provisions/release-4-5-0-pre1/add-two-more-users.ldif > create mode 100644 source4/selftest/provisions/release-4-5-0-pre1/expected-deleted-links-after-expunge.ldif > create mode 100644 source4/selftest/provisions/release-4-5-0-pre1/expected-expunge-output.txt > create mode 100644 source4/selftest/provisions/release-4-5-0-pre1/expected-links-after-expunge.ldif > create mode 100644 source4/selftest/provisions/release-4-5-0-pre1/expected-objects-after-expunge.ldif > create mode 100644 source4/selftest/provisions/release-4-5-0-pre1/remove-one-more-link.ldif > create mode 100644 source4/selftest/provisions/release-4-5-0-pre1/remove-one-more-user.ldif > create mode 100755 testprogs/blackbox/tombstones-expunge.sh > >diff --git a/selftest/tests.py b/selftest/tests.py >index 21f2096..019784c 100644 >--- a/selftest/tests.py >+++ b/selftest/tests.py >@@ -104,6 +104,11 @@ plantestsuite( > ["PYTHON=%s" % python, > os.path.join(bbdir, "upgradeprovision-oldrelease.sh"), > '$PREFIX_ABS/provision', 'release-4-0-0', configuration]) >+plantestsuite( >+ "samba4.blackbox.tombstones-expunge.release-4-5-0-pre1", "none", >+ ["PYTHON=%s" % python, >+ os.path.join(bbdir, "tombstones-expunge.sh"), >+ '$PREFIX_ABS/provision', 'release-4-5-0-pre1', configuration]) > planpythontestsuite("none", "samba.tests.upgradeprovision") > planpythontestsuite("none", "samba.tests.xattr") > planpythontestsuite("none", "samba.tests.ntacls") >diff --git a/source4/selftest/provisions/release-4-5-0-pre1/add-four-more-links.ldif b/source4/selftest/provisions/release-4-5-0-pre1/add-four-more-links.ldif >new file mode 100644 >index 0000000..6039f0d >--- /dev/null >+++ b/source4/selftest/provisions/release-4-5-0-pre1/add-four-more-links.ldif >@@ -0,0 +1,15 @@ >+dn: cn=swimmers,cn=users,DC=release-4-5-0-pre1,DC=samba,DC=corp >+changetype: modify >+add: member >+member: cn=user1,cn=users,DC=release-4-5-0-pre1,DC=samba,DC=corp >+member: cn=user2,cn=users,DC=release-4-5-0-pre1,DC=samba,DC=corp >+ >+dn: cn=helpers,cn=users,DC=release-4-5-0-pre1,DC=samba,DC=corp >+changetype: modify >+add: member >+member: cn=user1,cn=users,DC=release-4-5-0-pre1,DC=samba,DC=corp >+ >+dn: cn=leaders,cn=users,DC=release-4-5-0-pre1,DC=samba,DC=corp >+changetype: modify >+add: member >+member: cn=user2,cn=users,DC=release-4-5-0-pre1,DC=samba,DC=corp >diff --git a/source4/selftest/provisions/release-4-5-0-pre1/add-two-more-users.ldif b/source4/selftest/provisions/release-4-5-0-pre1/add-two-more-users.ldif >new file mode 100644 >index 0000000..ca1c3ca >--- /dev/null >+++ b/source4/selftest/provisions/release-4-5-0-pre1/add-two-more-users.ldif >@@ -0,0 +1,15 @@ >+dn: CN=user1,CN=users,DC=release-4-5-0-pre1,DC=samba,DC=corp >+objectclass: user >+samaccountname: user1 >+ >+dn: CN=user2,CN=users,DC=release-4-5-0-pre1,DC=samba,DC=corp >+objectclass: user >+samaccountname: user2 >+ >+dn: CN=helpers,CN=users,DC=release-4-5-0-pre1,DC=samba,DC=corp >+objectclass: group >+samaccountname: helpers >+ >+dn: CN=leaders,CN=users,DC=release-4-5-0-pre1,DC=samba,DC=corp >+objectclass: group >+samaccountname: leaders >diff --git a/source4/selftest/provisions/release-4-5-0-pre1/expected-deleted-links-after-expunge.ldif b/source4/selftest/provisions/release-4-5-0-pre1/expected-deleted-links-after-expunge.ldif >new file mode 100644 >index 0000000..c8163a6 >--- /dev/null >+++ b/source4/selftest/provisions/release-4-5-0-pre1/expected-deleted-links-after-expunge.ldif >@@ -0,0 +1,23 @@ >+# record 1 >+dn: CN=helpers,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp >+member: CN=user1,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp >+ >+# record 2 >+dn: CN=leaders,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp >+ >+# record 3 >+dn: CN=swimmers,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp >+member: CN=user1,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp >+ >+# Referral >+ref: ldap:///CN=Configuration,DC=release-4-5-0-pre1,DC=samba,DC=corp >+ >+# Referral >+ref: ldap:///DC=DomainDnsZones,DC=release-4-5-0-pre1,DC=samba,DC=corp >+ >+# Referral >+ref: ldap:///DC=ForestDnsZones,DC=release-4-5-0-pre1,DC=samba,DC=corp >+ >+# returned 6 records >+# 3 entries >+# 3 referrals >diff --git a/source4/selftest/provisions/release-4-5-0-pre1/expected-expunge-output.txt b/source4/selftest/provisions/release-4-5-0-pre1/expected-expunge-output.txt >new file mode 100644 >index 0000000..bcc5955 >--- /dev/null >+++ b/source4/selftest/provisions/release-4-5-0-pre1/expected-expunge-output.txt >@@ -0,0 +1 @@ >+Removed 7 objects and 1 links successfully >diff --git a/source4/selftest/provisions/release-4-5-0-pre1/expected-links-after-expunge.ldif b/source4/selftest/provisions/release-4-5-0-pre1/expected-links-after-expunge.ldif >new file mode 100644 >index 0000000..c69501b >--- /dev/null >+++ b/source4/selftest/provisions/release-4-5-0-pre1/expected-links-after-expunge.ldif >@@ -0,0 +1,22 @@ >+# record 1 >+dn: CN=helpers,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp >+ >+# record 2 >+dn: CN=leaders,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp >+ >+# record 3 >+dn: CN=swimmers,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp >+member: CN=user1,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp >+ >+# Referral >+ref: ldap:///CN=Configuration,DC=release-4-5-0-pre1,DC=samba,DC=corp >+ >+# Referral >+ref: ldap:///DC=DomainDnsZones,DC=release-4-5-0-pre1,DC=samba,DC=corp >+ >+# Referral >+ref: ldap:///DC=ForestDnsZones,DC=release-4-5-0-pre1,DC=samba,DC=corp >+ >+# returned 6 records >+# 3 entries >+# 3 referrals >diff --git a/source4/selftest/provisions/release-4-5-0-pre1/expected-objects-after-expunge.ldif b/source4/selftest/provisions/release-4-5-0-pre1/expected-objects-after-expunge.ldif >new file mode 100644 >index 0000000..2668ac4 >--- /dev/null >+++ b/source4/selftest/provisions/release-4-5-0-pre1/expected-objects-after-expunge.ldif >@@ -0,0 +1,2 @@ >+sAMAccountName: user1 >+sAMAccountName: user2 >diff --git a/source4/selftest/provisions/release-4-5-0-pre1/remove-one-more-link.ldif b/source4/selftest/provisions/release-4-5-0-pre1/remove-one-more-link.ldif >new file mode 100644 >index 0000000..9c4edb2 >--- /dev/null >+++ b/source4/selftest/provisions/release-4-5-0-pre1/remove-one-more-link.ldif >@@ -0,0 +1,5 @@ >+dn: cn=helpers,cn=users,DC=release-4-5-0-pre1,DC=samba,DC=corp >+changetype: modify >+delete: member >+member: cn=user1,cn=users,DC=release-4-5-0-pre1,DC=samba,DC=corp >+- >diff --git a/source4/selftest/provisions/release-4-5-0-pre1/remove-one-more-user.ldif b/source4/selftest/provisions/release-4-5-0-pre1/remove-one-more-user.ldif >new file mode 100644 >index 0000000..e44f221 >--- /dev/null >+++ b/source4/selftest/provisions/release-4-5-0-pre1/remove-one-more-user.ldif >@@ -0,0 +1,3 @@ >+dn: cn=user2,cn=users,DC=release-4-5-0-pre1,DC=samba,DC=corp >+changetype: delete >+- >diff --git a/testprogs/blackbox/tombstones-expunge.sh b/testprogs/blackbox/tombstones-expunge.sh >new file mode 100755 >index 0000000..2c88f95 >--- /dev/null >+++ b/testprogs/blackbox/tombstones-expunge.sh >@@ -0,0 +1,144 @@ >+#!/bin/sh >+ >+if [ $# -lt 1 ]; then >+cat <<EOF >+Usage: tombstones-expunge.sh PREFIX RELEASE >+EOF >+exit 1; >+fi >+ >+PREFIX_ABS="$1" >+RELEASE="$2" >+shift 2 >+ >+. `dirname $0`/subunit.sh >+ >+release_dir=`dirname $0`/../../source4/selftest/provisions/$RELEASE >+ >+ldbadd="ldbadd" >+if [ -x "$BINDIR/ldbadd" ]; then >+ ldbadd="$BINDIR/ldbadd" >+fi >+ >+ldbmodify="ldbmodify" >+if [ -x "$BINDIR/ldbmodify" ]; then >+ ldbmodify="$BINDIR/ldbmodify" >+fi >+ >+ldbdel="ldbdel" >+if [ -x "$BINDIR/ldbdel" ]; then >+ ldbdel="$BINDIR/ldbdel" >+fi >+ >+ldbsearch="ldbsearch" >+if [ -x "$BINDIR/ldbsearch" ]; then >+ ldbsearch="$BINDIR/ldbsearch" >+fi >+ >+undump() { >+ if test -x $BINDIR/tdbrestore; >+ then >+ `dirname $0`/../../source4/selftest/provisions/undump.sh $release_dir $PREFIX_ABS/$RELEASE $BINDIR/tdbrestore >+ else >+ `dirname $0`/../../source4/selftest/provisions/undump.sh $release_dir $PREFIX_ABS/$RELEASE >+ fi >+} >+ >+tombstones_expunge() { >+ tmpfile=$PREFIX_ABS/$RELEASE/expected-expunge-output.txt >+ $PYTHON $BINDIR/samba-tool domain tombstones expunge -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb --current-time=2016-07-30 --tombstone-lifetime=4 > $tmpfile >+ if [ "$?" != "0" ]; then >+ return $? >+ fi >+ diff $tmpfile $release_dir/expected-expunge-output.txt >+ if [ "$?" != "0" ]; then >+ return 1 >+ fi >+} >+ >+add_two_more_users() { >+ ldif=$release_dir/add-two-more-users.ldif >+ TZ=UTC $ldbadd -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb $ldif >+ if [ "$?" != "0" ]; then >+ return 1 >+ fi >+} >+ >+add_four_more_links() { >+ ldif=$release_dir/add-four-more-links.ldif >+ TZ=UTC $ldbmodify -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb $ldif >+ if [ "$?" != "0" ]; then >+ return 1 >+ fi >+} >+ >+remove_one_link() { >+ ldif=$release_dir/remove-one-more-link.ldif >+ TZ=UTC $ldbmodify -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb $ldif >+ if [ "$?" != "0" ]; then >+ return 1 >+ fi >+} >+ >+remove_one_user() { >+ ldif=$release_dir/remove-one-more-user.ldif >+ TZ=UTC $ldbmodify -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb $ldif >+ if [ "$?" != "0" ]; then >+ return 1 >+ fi >+} >+ >+check_expected_after_links() { >+ tmpldif=$PREFIX_ABS/$RELEASE/expected-links-after-expunge.ldif.tmp >+ TZ=UTC $ldbsearch -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb '(|(cn=swimmers)(cn=leaders)(cn=helpers))' -s sub -b DC=release-4-5-0-pre1,DC=samba,DC=corp --show-deleted --sorted member > $tmpldif >+ diff $tmpldif $release_dir/expected-links-after-expunge.ldif >+ if [ "$?" != "0" ]; then >+ return 1 >+ fi >+} >+ >+check_expected_after_deleted_links() { >+ tmpldif=$PREFIX_ABS/$RELEASE/expected-deleted-links-after-expunge.ldif.tmp >+ TZ=UTC $ldbsearch -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb '(|(cn=swimmers)(cn=leaders)(cn=helpers))' -s sub -b DC=release-4-5-0-pre1,DC=samba,DC=corp --show-deleted --reveal --sorted member > $tmpldif >+ diff $tmpldif $release_dir/expected-deleted-links-after-expunge.ldif >+ if [ "$?" != "0" ]; then >+ return 1 >+ fi >+} >+ >+check_expected_after_objects() { >+ tmpldif=$PREFIX_ABS/$RELEASE/expected-objects-after-expunge.ldif.tmp >+ TZ=UTC $ldbsearch -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb '(|(samaccountname=fred)(samaccountname=ddg)(samaccountname=usg)(samaccountname=user1)(samaccountname=user2))' -s sub -b DC=release-4-5-0-pre1,DC=samba,DC=corp --show-deleted --reveal --sorted samAccountName | grep sAMAccountName > $tmpldif >+ diff $tmpldif $release_dir/expected-objects-after-expunge.ldif >+ if [ "$?" != "0" ]; then >+ return 1 >+ fi >+} >+ >+if [ -d $release_dir ]; then >+ testit $RELEASE undump >+ testit "add_two_more_users" add_two_more_users >+ testit "add_four_more_links" add_four_more_links >+ testit "remove_one_link" remove_one_link >+ testit "remove_one_user" remove_one_user >+ testit "tombstones_expunge" tombstones_expunge >+ testit "check_expected_after_deleted_links" check_expected_after_deleted_links >+ testit "check_expected_after_links" check_expected_after_links >+ testit "check_expected_after_objects" check_expected_after_objects >+else >+ subunit_start_test $RELEASE >+ subunit_skip_test $RELEASE <<EOF >+no test provision >+EOF >+ >+ subunit_start_test "tombstones_expunge" >+ subunit_skip_test "tombstones_expunge" <<EOF >+no test provision >+EOF >+fi >+ >+if [ -d $PREFIX_ABS/${RELEASE} ]; then >+ rm -fr $PREFIX_ABS/${RELEASE} >+fi >+ >+exit $failed >-- >1.9.1 > > >From 550a0910e55d3e0d13d2cafcead2ea420589c680 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Thu, 1 Sep 2016 12:13:40 +1200 >Subject: [PATCH 14/32] samba-tool: Run samba-tool domain tombstones expunge in > a transaction > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Garming Sam <garming@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12382 >(cherry picked from commit 5620616968bd68b80d872079ad3bbb97ac1e7a8a) >--- > python/samba/netcmd/domain.py | 7 +++++++ > 1 file changed, 7 insertions(+) > >diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py >index dc1356d..cfdd9a4 100644 >--- a/python/samba/netcmd/domain.py >+++ b/python/samba/netcmd/domain.py >@@ -3800,15 +3800,22 @@ This command expunges tombstones from the database.""" > else: > ncs = list(ncs) > >+ started_transaction = False > try: >+ samdb.transaction_start() >+ started_transaction = True > (removed_objects, > removed_links) = samdb.garbage_collect_tombstones(ncs, > current_time=current_time, > tombstone_lifetime=tombstone_lifetime) > > except Exception, err: >+ if started_transaction: >+ samdb.transaction_cancel() > raise CommandError("Failed to expunge / garbage collect tombstones", err) > >+ samdb.transaction_commit() >+ > self.outf.write("Removed %d objects and %d links successfully\n" > % (removed_objects, removed_links)) > >-- >1.9.1 > > >From 1db1a62654b28e1924705f75e6483fb7b397a79f Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Thu, 1 Sep 2016 13:23:11 +1200 >Subject: [PATCH 15/32] dsdb: Add comments to dsdb_garbage_collect_tombstones() > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Garming Sam <garming@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12382 >(cherry picked from commit d27673587707f2dc59bd5161cd70ca96118d5ceb) >--- > source4/dsdb/kcc/garbage_collect_tombstones.c | 30 ++++++++++++++++++++++++++- > 1 file changed, 29 insertions(+), 1 deletion(-) > >diff --git a/source4/dsdb/kcc/garbage_collect_tombstones.c b/source4/dsdb/kcc/garbage_collect_tombstones.c >index a1ecbb0..49d3325 100644 >--- a/source4/dsdb/kcc/garbage_collect_tombstones.c >+++ b/source4/dsdb/kcc/garbage_collect_tombstones.c >@@ -33,7 +33,22 @@ > #include "lib/ldb-samba/ldb_matching_rules.h" > #include "lib/util/time.h" > >- >+/* >+ * Per MS-ADTS 3.1.1.5.5 Delete Operation >+ * >+ * "Tombstones are a type of deleted object distinguished from >+ * existing-objects by the presence of the isDeleted attribute with the >+ * value true." >+ * >+ * "After a time period at least as large as a tombstone lifetime, the >+ * tombstone is removed from the directory." >+ * >+ * The purpose of this routine is to remove such objects. It is >+ * called from a timed event in the KCC, and from samba-tool domain >+ * expunge tombstones. >+ * >+ * Additionally, linked attributes have similar properties. >+ */ > NTSTATUS dsdb_garbage_collect_tombstones(TALLOC_CTX *mem_ctx, > struct ldb_context *samdb, > struct dsdb_ldb_dn_list_node *part, >@@ -168,6 +183,19 @@ NTSTATUS dsdb_garbage_collect_tombstones(TALLOC_CTX *mem_ctx, > } > > /* This must have a linked attribute */ >+ >+ /* >+ * From MS-ADTS 3.1.1.1.9 DCs, usn Counters, and the Originating Update Stamp >+ * >+ * "A link value r is deleted, but exists as a >+ * tombstone, if r.stamp.timeDeleted â 0. When >+ * the current time minus r.stamp.timeDeleted >+ * exceeds the tombstone lifetime, the link >+ * value r is garbage-collected; that is, >+ * removed from its containing forward link >+ * attribute. " >+ */ >+ > for (j=0; j < res->msgs[i]->num_elements; j++) { > struct ldb_message_element *element = &res->msgs[i]->elements[j]; > /* TODO this is O(log n) per attribute with deleted values */ >-- >1.9.1 > > >From 0647633159fef78fdfecfe17bff09f9d46ab18f5 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Thu, 1 Sep 2016 13:34:12 +1200 >Subject: [PATCH 16/32] lib/ldb-samba: Add test for DSDB_MATCH_FOR_EXPUNGE > match rule > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Garming Sam <garming@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12382 >(cherry picked from commit 737756b060364c09b62a500ef26eef044230ecac) >--- > .../expected-match-rule-links.ldif | 47 ++++++++++++++++++++ > testprogs/blackbox/tombstones-expunge.sh | 50 ++++++++++++++++++++++ > 2 files changed, 97 insertions(+) > create mode 100644 source4/selftest/provisions/release-4-5-0-pre1/expected-match-rule-links.ldif > >diff --git a/source4/selftest/provisions/release-4-5-0-pre1/expected-match-rule-links.ldif b/source4/selftest/provisions/release-4-5-0-pre1/expected-match-rule-links.ldif >new file mode 100644 >index 0000000..2b2f021 >--- /dev/null >+++ b/source4/selftest/provisions/release-4-5-0-pre1/expected-match-rule-links.ldif >@@ -0,0 +1,47 @@ >+# record 1 >+dn: CN=swimmers,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp >+member: CN=fred,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp >+member: CN=user1,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp >+ >+# record 2 >+dn: CN=ddg\0ADEL:fb8c2fe3-5448-43de-99f9-e1d3b9357cfc,CN=Deleted Objects,DC=release-4-5-0-pre1,DC=samba,DC=corp >+member: CN=User UT. Tester,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp >+member: CN=User1 UT. Tester,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp >+ >+# record 3 >+dn: CN=dsg\0ADEL:6d66d0ef-cad7-4e5d-b1b6-4a233a21c269,CN=Deleted Objects,DC=release-4-5-0-pre1,DC=samba,DC=corp >+member: CN=User UT. Tester,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp >+member: CN=User1 UT. Tester,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp >+ >+# record 4 >+dn: CN=gdg\0ADEL:e0f581e7-14ee-4fc2-839c-8f46f581c72a,CN=Deleted Objects,DC=release-4-5-0-pre1,DC=samba,DC=corp >+member: CN=User UT. Tester,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp >+member: CN=User1 UT. Tester,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp >+ >+# record 5 >+dn: CN=gsg\0ADEL:91aa85cc-fc19-4b8c-9fc7-aaba425439c7,CN=Deleted Objects,DC=release-4-5-0-pre1,DC=samba,DC=corp >+member: CN=User UT. Tester,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp >+member: CN=User1 UT. Tester,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp >+ >+# record 6 >+dn: CN=udg\0ADEL:7cff5537-51b1-4d26-a295-0225dbea8525,CN=Deleted Objects,DC=release-4-5-0-pre1,DC=samba,DC=corp >+member: CN=User UT. Tester,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp >+member: CN=User1 UT. Tester,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp >+ >+# record 7 >+dn: CN=usg\0ADEL:d012e8f5-a4bd-40ea-a2a1-68ff2508847d,CN=Deleted Objects,DC=release-4-5-0-pre1,DC=samba,DC=corp >+member: CN=User UT. Tester,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp >+member: CN=User1 UT. Tester,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp >+ >+# Referral >+ref: ldap:///CN=Configuration,DC=release-4-5-0-pre1,DC=samba,DC=corp >+ >+# Referral >+ref: ldap:///DC=DomainDnsZones,DC=release-4-5-0-pre1,DC=samba,DC=corp >+ >+# Referral >+ref: ldap:///DC=ForestDnsZones,DC=release-4-5-0-pre1,DC=samba,DC=corp >+ >+# returned 10 records >+# 7 entries >+# 3 referrals >diff --git a/testprogs/blackbox/tombstones-expunge.sh b/testprogs/blackbox/tombstones-expunge.sh >index 2c88f95..f2826c4 100755 >--- a/testprogs/blackbox/tombstones-expunge.sh >+++ b/testprogs/blackbox/tombstones-expunge.sh >@@ -88,6 +88,47 @@ remove_one_user() { > fi > } > >+check_match_rule_links() { >+ tmpldif=$PREFIX_ABS/$RELEASE/expected-match-rule-links.ldif.tmp >+ TZ=UTC $ldbsearch -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb '(member:1.3.6.1.4.1.7165.4.5.2:=131139216000000000)' -s sub -b DC=release-4-5-0-pre1,DC=samba,DC=corp --show-deleted --reveal --sorted member > $tmpldif >+ diff $tmpldif $release_dir/expected-match-rule-links.ldif >+ if [ "$?" != "0" ]; then >+ return 1 >+ fi >+} >+ >+check_match_rule_links_negative() { >+ $ldbsearch -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb '(member:1.3.6.1.4.1.7165.4.5.2:=-131139216000000000)' -s sub -b DC=release-4-5-0-pre1,DC=samba,DC=corp --show-deleted --reveal --sorted member >+} >+ >+check_match_rule_links_overflow() { >+ $ldbsearch -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb '(member:1.3.6.1.4.1.7165.4.5.2:=18446744073709551617)' -s sub -b DC=release-4-5-0-pre1,DC=samba,DC=corp --show-deleted --reveal --sorted member >+} >+ >+check_match_rule_links_null() { >+ $ldbsearch -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb '(member:1.3.6.1.4.1.7165.4.5.2:=18446744\073709551617)' -s sub -b DC=release-4-5-0-pre1,DC=samba,DC=corp --show-deleted --reveal --sorted member >+} >+ >+check_match_rule_links_hex() { >+ $ldbsearch -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb '(member:1.3.6.1.4.1.7165.4.5.2:=abcd)' -s sub -b DC=release-4-5-0-pre1,DC=samba,DC=corp --show-deleted --reveal --sorted member >+} >+ >+check_match_rule_links_hex2() { >+ $ldbsearch -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb '(member:1.3.6.1.4.1.7165.4.5.2:=0xabcd)' -s sub -b DC=release-4-5-0-pre1,DC=samba,DC=corp --show-deleted --reveal --sorted member >+} >+ >+check_match_rule_links_decimal() { >+ $ldbsearch -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb '(member:1.3.6.1.4.1.7165.4.5.2:=131139216000000000.00)' -s sub -b DC=release-4-5-0-pre1,DC=samba,DC=corp --show-deleted --reveal --sorted member >+} >+ >+check_match_rule_links_backlink() { >+ $ldbsearch -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb '(memberOf:1.3.6.1.4.1.7165.4.5.2:=131139216000000000)' -s sub -b DC=release-4-5-0-pre1,DC=samba,DC=corp --show-deleted --reveal --sorted memberOf >+} >+ >+check_match_rule_links_notlink() { >+ $ldbsearch -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb '(samAccountName:1.3.6.1.4.1.7165.4.5.2:=131139216000000000)' -s sub -b DC=release-4-5-0-pre1,DC=samba,DC=corp --show-deleted --reveal --sorted samAccountName >+} >+ > check_expected_after_links() { > tmpldif=$PREFIX_ABS/$RELEASE/expected-links-after-expunge.ldif.tmp > TZ=UTC $ldbsearch -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb '(|(cn=swimmers)(cn=leaders)(cn=helpers))' -s sub -b DC=release-4-5-0-pre1,DC=samba,DC=corp --show-deleted --sorted member > $tmpldif >@@ -121,6 +162,15 @@ if [ -d $release_dir ]; then > testit "add_four_more_links" add_four_more_links > testit "remove_one_link" remove_one_link > testit "remove_one_user" remove_one_user >+ testit "check_match_rule_links" check_match_rule_links >+ testit_expect_failure "check_match_rule_links_negative" check_match_rule_links_negative >+ testit_expect_failure "check_match_rule_links_overflow" check_match_rule_links_overflow >+ testit_expect_failure "check_match_rule_links_null" check_match_rule_links_null >+ testit_expect_failure "check_match_rule_links_hex" check_match_rule_links_hex >+ testit_expect_failure "check_match_rule_links_hex2" check_match_rule_links_hex2 >+ testit_expect_failure "check_match_rule_links_decimal" check_match_rule_links_decimal >+ testit_expect_failure "check_match_rule_links_backlink" check_match_rule_links_backlink >+ testit_expect_failure "check_match_rule_links_notlink" check_match_rule_links_notlink > testit "tombstones_expunge" tombstones_expunge > testit "check_expected_after_deleted_links" check_expected_after_deleted_links > testit "check_expected_after_links" check_expected_after_links >-- >1.9.1 > > >From c0cea8d7e2c0729886fd1bf021ed35f404b53d07 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Thu, 1 Sep 2016 14:17:27 +1200 >Subject: [PATCH 17/32] dsdb: Do not check isDeleted as a possible link > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Garming Sam <garming@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12382 >(cherry picked from commit b1ed0f4597e5ebd059d33b0a33de4ded96c9386f) >--- > source4/dsdb/kcc/garbage_collect_tombstones.c | 5 +++++ > 1 file changed, 5 insertions(+) > >diff --git a/source4/dsdb/kcc/garbage_collect_tombstones.c b/source4/dsdb/kcc/garbage_collect_tombstones.c >index 49d3325..fee56d9 100644 >--- a/source4/dsdb/kcc/garbage_collect_tombstones.c >+++ b/source4/dsdb/kcc/garbage_collect_tombstones.c >@@ -202,6 +202,11 @@ NTSTATUS dsdb_garbage_collect_tombstones(TALLOC_CTX *mem_ctx, > const struct dsdb_attribute *attrib > = dsdb_attribute_by_lDAPDisplayName(schema, element->name); > >+ /* This avoids parsing isDeleted as a link */ >+ if (attrib->linkID == 0 || ((attrib->linkID & 1) == 1)) { >+ continue; >+ } >+ > for (k = 0; k < element->num_values; k++) { > struct ldb_val *value = &element->values[k]; > uint64_t whenChanged = 0; >-- >1.9.1 > > >From cee1b7366302aee072a7a14b7eee8e29dce49b0e Mon Sep 17 00:00:00 2001 >From: Garming Sam <garming@catalyst.net.nz> >Date: Thu, 1 Sep 2016 14:26:53 +1200 >Subject: [PATCH 18/32] gc_tombstones: Typo fix > >Signed-off-by: Garming Sam <garming@catalyst.net.nz> >Reviewed-by: Douglas Bagnall <douglasbagnall@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12382 > >Autobuild-User(master): Garming Sam <garming@samba.org> >Autobuild-Date(master): Thu Sep 1 09:38:47 CEST 2016 on sn-devel-144 > >(cherry picked from commit f479b1b3fd787fd2cbedc6161a4e0eb0af1059e3) >--- > source4/dsdb/kcc/garbage_collect_tombstones.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/source4/dsdb/kcc/garbage_collect_tombstones.c b/source4/dsdb/kcc/garbage_collect_tombstones.c >index fee56d9..8d8a51f 100644 >--- a/source4/dsdb/kcc/garbage_collect_tombstones.c >+++ b/source4/dsdb/kcc/garbage_collect_tombstones.c >@@ -142,7 +142,7 @@ NTSTATUS dsdb_garbage_collect_tombstones(TALLOC_CTX *mem_ctx, > continue; > } > >- DEBUG(1, ("Doing a full scan on %s and looking for deleted object\n", >+ DEBUG(1, ("Doing a full scan on %s and looking for deleted objects\n", > ldb_dn_get_linearized(part->dn))); > > flags = DSDB_SEARCH_SHOW_RECYCLED | >-- >1.9.1 > > >From 585f5534b02dc6be1034540a4a977cb0a30a870e Mon Sep 17 00:00:00 2001 >From: Volker Lendecke <vl@samba.org> >Date: Fri, 2 Sep 2016 09:17:33 +0200 >Subject: [PATCH 19/32] kcc: Fix a -Werror,-Wformat-security error > >Signed-off-by: Volker Lendecke <vl@samba.org> >Reviewed-by: Michael Adam <obnox@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12382 > >Autobuild-User(master): Michael Adam <obnox@samba.org> >Autobuild-Date(master): Fri Sep 2 13:54:45 CEST 2016 on sn-devel-144 > >(cherry picked from commit a7735bedd5b2111fa036625738e5831651eb2007) >--- > source4/dsdb/kcc/garbage_collect_tombstones.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/source4/dsdb/kcc/garbage_collect_tombstones.c b/source4/dsdb/kcc/garbage_collect_tombstones.c >index 8d8a51f..8d2ea8b 100644 >--- a/source4/dsdb/kcc/garbage_collect_tombstones.c >+++ b/source4/dsdb/kcc/garbage_collect_tombstones.c >@@ -149,7 +149,7 @@ NTSTATUS dsdb_garbage_collect_tombstones(TALLOC_CTX *mem_ctx, > DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT | > DSDB_SEARCH_REVEAL_INTERNALS; > ret = dsdb_search(samdb, tmp_ctx, &res, part->dn, LDB_SCOPE_SUBTREE, >- attrs, flags, filter); >+ attrs, flags, "%s", filter); > > if (ret != LDB_SUCCESS) { > *error_string = talloc_asprintf(mem_ctx, "Failed to search for deleted objects in %s: %s", >-- >1.9.1 > > >From e7c4d98a6e0baf72e3fc4492790e79fd8e5b09d5 Mon Sep 17 00:00:00 2001 >From: Bob Campbell <bobcampbell@catalyst.net.nz> >Date: Mon, 5 Sep 2016 10:48:13 +1200 >Subject: [PATCH 20/32] dsdb: refactor part of garbage_collect_tombstones into > new function > >Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> > >Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz> >Signed-off-by: Garming Sam <garming@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12382 > >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit 2dfedffb740ecfe898945a9fc47b24e3c8328d7e) >--- > source4/dsdb/kcc/garbage_collect_tombstones.c | 385 +++++++++++++++----------- > 1 file changed, 216 insertions(+), 169 deletions(-) > >diff --git a/source4/dsdb/kcc/garbage_collect_tombstones.c b/source4/dsdb/kcc/garbage_collect_tombstones.c >index 8d2ea8b..62e9813 100644 >--- a/source4/dsdb/kcc/garbage_collect_tombstones.c >+++ b/source4/dsdb/kcc/garbage_collect_tombstones.c >@@ -33,6 +33,209 @@ > #include "lib/ldb-samba/ldb_matching_rules.h" > #include "lib/util/time.h" > >+static NTSTATUS garbage_collect_tombstones_part(TALLOC_CTX *mem_ctx, >+ struct ldb_context *samdb, >+ struct dsdb_ldb_dn_list_node *part, >+ char *filter, >+ unsigned int *num_links_removed, >+ unsigned int *num_objects_removed, >+ struct dsdb_schema *schema, >+ const char **attrs, >+ char **error_string, >+ NTTIME expunge_time_nttime) >+{ >+ int ret; >+ struct ldb_dn *do_dn; >+ struct ldb_result *res; >+ unsigned int i, j, k; >+ uint32_t flags; >+ TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); >+ if (!tmp_ctx) { >+ return NT_STATUS_NO_MEMORY; >+ } >+ >+ ret = dsdb_get_deleted_objects_dn(samdb, tmp_ctx, part->dn, &do_dn); >+ if (ret != LDB_SUCCESS) { >+ TALLOC_FREE(tmp_ctx); >+ /* some partitions have no Deleted Objects >+ container */ >+ return NT_STATUS_OK; >+ } >+ >+ DEBUG(1, ("Doing a full scan on %s and looking for deleted objects\n", >+ ldb_dn_get_linearized(part->dn))); >+ >+ flags = DSDB_SEARCH_SHOW_RECYCLED | >+ DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT | >+ DSDB_SEARCH_REVEAL_INTERNALS; >+ ret = dsdb_search(samdb, tmp_ctx, &res, part->dn, LDB_SCOPE_SUBTREE, >+ attrs, flags, "%s", filter); >+ >+ if (ret != LDB_SUCCESS) { >+ *error_string = talloc_asprintf(mem_ctx, >+ "Failed to search for deleted " >+ "objects in %s: %s", >+ ldb_dn_get_linearized(do_dn), >+ ldb_errstring(samdb)); >+ TALLOC_FREE(tmp_ctx); >+ return NT_STATUS_INTERNAL_ERROR; >+ } >+ >+ for (i=0; i<res->count; i++) { >+ struct ldb_message *cleanup_msg = NULL; >+ unsigned int num_modified = 0; >+ >+ bool isDeleted = ldb_msg_find_attr_as_bool(res->msgs[i], >+ "isDeleted", false); >+ if (isDeleted) { >+ if (ldb_dn_compare(do_dn, res->msgs[i]->dn) == 0) { >+ /* Skip the Deleted Object Container */ >+ continue; >+ } >+ >+ ret = dsdb_delete(samdb, res->msgs[i]->dn, >+ DSDB_SEARCH_SHOW_RECYCLED >+ |DSDB_MODIFY_RELAX); >+ if (ret != LDB_SUCCESS) { >+ DEBUG(1,(__location__ ": Failed to remove " >+ "deleted object %s\n", >+ ldb_dn_get_linearized(res-> >+ msgs[i]->dn))); >+ } else { >+ DEBUG(4,("Removed deleted object %s\n", >+ ldb_dn_get_linearized(res-> >+ msgs[i]->dn))); >+ (*num_objects_removed)++; >+ } >+ continue; >+ } >+ >+ /* This must have a linked attribute */ >+ >+ /* >+ * From MS-ADTS 3.1.1.1.9 DCs, usn Counters, and >+ * the Originating Update Stamp >+ * >+ * "A link value r is deleted, but exists as a >+ * tombstone, if r.stamp.timeDeleted â 0. When >+ * the current time minus r.stamp.timeDeleted >+ * exceeds the tombstone lifetime, the link >+ * value r is garbage-collected; that is, >+ * removed from its containing forward link >+ * attribute. " >+ */ >+ >+ for (j=0; j < res->msgs[i]->num_elements; j++) { >+ struct ldb_message_element *element = NULL; >+ /* TODO this is O(log n) per attribute with deleted values */ >+ const struct dsdb_attribute *attrib = NULL; >+ >+ element = &res->msgs[i]->elements[j]; >+ attrib = dsdb_attribute_by_lDAPDisplayName(schema, >+ element->name); >+ >+ /* This avoids parsing isDeleted as a link */ >+ if (attrib->linkID == 0 || ((attrib->linkID & 1) == 1)) { >+ continue; >+ } >+ >+ for (k = 0; k < element->num_values; k++) { >+ struct ldb_val *value = &element->values[k]; >+ uint64_t whenChanged = 0; >+ NTSTATUS status; >+ struct dsdb_dn *dn; >+ struct ldb_message_element *cleanup_elem = NULL; >+ char *guid_search_str = NULL; >+ char *guid_buf_str = NULL; >+ struct ldb_val cleanup_val; >+ struct GUID_txt_buf buf_guid; >+ struct GUID guid; >+ const struct ldb_val *guid_blob; >+ >+ if (dsdb_dn_is_deleted_val(value) == false) { >+ continue; >+ } >+ >+ dn = dsdb_dn_parse(tmp_ctx, samdb, >+ &element->values[k], >+ attrib->syntax->ldap_oid); >+ if (dn == NULL) { >+ DEBUG(1, ("Failed to parse linked attribute blob of " >+ "%s on %s while expunging expired links\n", >+ element->name, >+ ldb_dn_get_linearized(res->msgs[i]->dn))); >+ continue; >+ } >+ >+ status = dsdb_get_extended_dn_uint64(dn->dn, >+ &whenChanged, >+ "RMD_CHANGETIME"); >+ if (!NT_STATUS_IS_OK(status)) { >+ DEBUG(1, ("Error: RMD_CHANGETIME is missing on a forward link.\n")); >+ talloc_free(dn); >+ continue; >+ } >+ >+ if (whenChanged >= expunge_time_nttime) { >+ talloc_free(dn); >+ continue; >+ } >+ >+ guid_blob = ldb_dn_get_extended_component(dn->dn, "GUID"); >+ status = GUID_from_ndr_blob(guid_blob, &guid); >+ if (!NT_STATUS_IS_OK(status)) { >+ DEBUG(1, ("Error: Invalid GUID on link target.\n")); >+ talloc_free(dn); >+ continue; >+ } >+ >+ guid_buf_str = GUID_buf_string(&guid, &buf_guid); >+ guid_search_str = talloc_asprintf(mem_ctx, >+ "<GUID=%s>", >+ guid_buf_str); >+ cleanup_val = data_blob_string_const(guid_search_str); >+ >+ talloc_free(dn); >+ >+ if (cleanup_msg == NULL) { >+ cleanup_msg = ldb_msg_new(mem_ctx); >+ if (cleanup_msg == NULL) { >+ return NT_STATUS_NO_MEMORY; >+ } >+ cleanup_msg->dn = res->msgs[i]->dn; >+ } >+ >+ ret = ldb_msg_add_value(cleanup_msg, >+ element->name, >+ &cleanup_val, >+ &cleanup_elem); >+ if (ret != LDB_SUCCESS) { >+ return NT_STATUS_NO_MEMORY; >+ } >+ cleanup_elem->flags = LDB_FLAG_MOD_DELETE; >+ num_modified++; >+ } >+ } >+ >+ if (num_modified > 0) { >+ ret = dsdb_modify(samdb, cleanup_msg, >+ DSDB_REPLMD_VANISH_LINKS); >+ if (ret != LDB_SUCCESS) { >+ DEBUG(1,(__location__ ": Failed to remove deleted object %s\n", >+ ldb_dn_get_linearized(res->msgs[i]->dn))); >+ } else { >+ DEBUG(4,("Removed deleted object %s\n", >+ ldb_dn_get_linearized(res->msgs[i]->dn))); >+ *num_links_removed = *num_links_removed + num_modified; >+ } >+ >+ } >+ } >+ >+ TALLOC_FREE(tmp_ctx); >+ return NT_STATUS_OK; >+} >+ > /* > * Per MS-ADTS 3.1.1.5.5 Delete Operation > * >@@ -58,11 +261,9 @@ NTSTATUS dsdb_garbage_collect_tombstones(TALLOC_CTX *mem_ctx, > unsigned int *num_links_removed, > char **error_string) > { >- int ret; >- > const char **attrs = NULL; > char *filter = NULL; >- >+ NTSTATUS status; > unsigned int i; > struct dsdb_attribute *next_attr; > unsigned int num_link_attrs; >@@ -117,178 +318,24 @@ NTSTATUS dsdb_garbage_collect_tombstones(TALLOC_CTX *mem_ctx, > attrs[i] = "isDeleted"; > attrs[i+1] = NULL; > >- filter = talloc_asprintf_append(filter, "(&(isDeleted=TRUE)(whenChanged<=%s)))", expunge_time_string); >+ filter = talloc_asprintf_append(filter, >+ "(&(isDeleted=TRUE)(whenChanged<=%s)))", >+ expunge_time_string); > if (filter == NULL) { > return NT_STATUS_NO_MEMORY; > } > >- schema = dsdb_get_schema(samdb, mem_ctx); >- > for (; part != NULL; part = part->next) { >- struct ldb_dn *do_dn; >- struct ldb_result *res; >- unsigned int j, k; >- uint32_t flags; >- TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); >- if (!tmp_ctx) { >- return NT_STATUS_NO_MEMORY; >- } >- >- ret = dsdb_get_deleted_objects_dn(samdb, tmp_ctx, part->dn, &do_dn); >- if (ret != LDB_SUCCESS) { >- TALLOC_FREE(tmp_ctx); >- /* some partitions have no Deleted Objects >- container */ >- continue; >- } >- >- DEBUG(1, ("Doing a full scan on %s and looking for deleted objects\n", >- ldb_dn_get_linearized(part->dn))); >- >- flags = DSDB_SEARCH_SHOW_RECYCLED | >- DSDB_SEARCH_SHOW_DN_IN_STORAGE_FORMAT | >- DSDB_SEARCH_REVEAL_INTERNALS; >- ret = dsdb_search(samdb, tmp_ctx, &res, part->dn, LDB_SCOPE_SUBTREE, >- attrs, flags, "%s", filter); >- >- if (ret != LDB_SUCCESS) { >- *error_string = talloc_asprintf(mem_ctx, "Failed to search for deleted objects in %s: %s", >- ldb_dn_get_linearized(do_dn), >- ldb_errstring(samdb)); >- TALLOC_FREE(tmp_ctx); >- return NT_STATUS_INTERNAL_ERROR; >+ status = garbage_collect_tombstones_part(mem_ctx, samdb, part, >+ filter, >+ num_links_removed, >+ num_objects_removed, >+ schema, attrs, >+ error_string, >+ expunge_time_nttime); >+ if (!NT_STATUS_IS_OK(status)) { >+ return status; > } >- >- for (i=0; i<res->count; i++) { >- struct ldb_message *cleanup_msg = NULL; >- unsigned int num_modified = 0; >- >- bool isDeleted = ldb_msg_find_attr_as_bool(res->msgs[i], "isDeleted", false); >- if (isDeleted) { >- if (ldb_dn_compare(do_dn, res->msgs[i]->dn) == 0) { >- /* Skip the Deleted Object Container */ >- continue; >- } >- >- ret = dsdb_delete(samdb, res->msgs[i]->dn, DSDB_SEARCH_SHOW_RECYCLED|DSDB_MODIFY_RELAX); >- if (ret != LDB_SUCCESS) { >- DEBUG(1,(__location__ ": Failed to remove deleted object %s\n", >- ldb_dn_get_linearized(res->msgs[i]->dn))); >- } else { >- DEBUG(4,("Removed deleted object %s\n", >- ldb_dn_get_linearized(res->msgs[i]->dn))); >- (*num_objects_removed)++; >- } >- continue; >- } >- >- /* This must have a linked attribute */ >- >- /* >- * From MS-ADTS 3.1.1.1.9 DCs, usn Counters, and the Originating Update Stamp >- * >- * "A link value r is deleted, but exists as a >- * tombstone, if r.stamp.timeDeleted â 0. When >- * the current time minus r.stamp.timeDeleted >- * exceeds the tombstone lifetime, the link >- * value r is garbage-collected; that is, >- * removed from its containing forward link >- * attribute. " >- */ >- >- for (j=0; j < res->msgs[i]->num_elements; j++) { >- struct ldb_message_element *element = &res->msgs[i]->elements[j]; >- /* TODO this is O(log n) per attribute with deleted values */ >- const struct dsdb_attribute *attrib >- = dsdb_attribute_by_lDAPDisplayName(schema, element->name); >- >- /* This avoids parsing isDeleted as a link */ >- if (attrib->linkID == 0 || ((attrib->linkID & 1) == 1)) { >- continue; >- } >- >- for (k = 0; k < element->num_values; k++) { >- struct ldb_val *value = &element->values[k]; >- uint64_t whenChanged = 0; >- NTSTATUS status; >- struct dsdb_dn *dn; >- struct ldb_message_element *cleanup_elem = NULL; >- char *guid_search_str = NULL, *guid_buf_str = NULL; >- struct ldb_val cleanup_val; >- struct GUID_txt_buf buf_guid; >- struct GUID guid; >- const struct ldb_val *guid_blob; >- >- if (dsdb_dn_is_deleted_val(value) == false) { >- continue; >- } >- >- dn = dsdb_dn_parse(tmp_ctx, samdb, &element->values[k], >- attrib->syntax->ldap_oid); >- if (dn == NULL) { >- DEBUG(1, ("Failed to parse linked attribute blob of %s on %s while expunging expired links\n", element->name, >- ldb_dn_get_linearized(res->msgs[i]->dn))); >- continue; >- } >- >- status = dsdb_get_extended_dn_uint64(dn->dn, &whenChanged, "RMD_CHANGETIME"); >- if (!NT_STATUS_IS_OK(status)) { >- DEBUG(1, ("Error: RMD_CHANGETIME is missing on a forward link.\n")); >- talloc_free(dn); >- continue; >- } >- >- if (whenChanged >= expunge_time_nttime) { >- talloc_free(dn); >- continue; >- } >- >- guid_blob = ldb_dn_get_extended_component(dn->dn, "GUID"); >- status = GUID_from_ndr_blob(guid_blob, &guid); >- if (!NT_STATUS_IS_OK(status)) { >- DEBUG(1, ("Error: Invalid GUID on link target.\n")); >- talloc_free(dn); >- continue; >- } >- >- guid_buf_str = GUID_buf_string(&guid, &buf_guid); >- guid_search_str = talloc_asprintf(mem_ctx, "<GUID=%s>", guid_buf_str); >- cleanup_val = data_blob_string_const(guid_search_str); >- >- talloc_free(dn); >- >- if (cleanup_msg == NULL) { >- cleanup_msg = ldb_msg_new(mem_ctx); >- if (cleanup_msg == NULL) { >- return NT_STATUS_NO_MEMORY; >- } >- cleanup_msg->dn = res->msgs[i]->dn; >- } >- >- ret = ldb_msg_add_value(cleanup_msg, element->name, &cleanup_val, &cleanup_elem); >- if (ret != LDB_SUCCESS) { >- return NT_STATUS_NO_MEMORY; >- } >- cleanup_elem->flags = LDB_FLAG_MOD_DELETE; >- num_modified++; >- } >- } >- >- if (num_modified > 0) { >- ret = dsdb_modify(samdb, cleanup_msg, DSDB_REPLMD_VANISH_LINKS); >- if (ret != LDB_SUCCESS) { >- DEBUG(1,(__location__ ": Failed to remove deleted object %s\n", >- ldb_dn_get_linearized(res->msgs[i]->dn))); >- } else { >- DEBUG(4,("Removed deleted object %s\n", >- ldb_dn_get_linearized(res->msgs[i]->dn))); >- *num_links_removed = *num_links_removed + num_modified; >- } >- >- } >- } >- TALLOC_FREE(tmp_ctx); >- > } > > return NT_STATUS_OK; >-- >1.9.1 > > >From add3c0bd440122c9d262d594743412c1c5eed0c2 Mon Sep 17 00:00:00 2001 >From: Bob Campbell <bobcampbell@catalyst.net.nz> >Date: Mon, 5 Sep 2016 11:24:19 +1200 >Subject: [PATCH 21/32] copyright: Add the missing notices for garbage collect > tombstones > >Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz> >Signed-off-by: Garming Sam <garming@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12382 > >Reviewed-by: Andrew Bartlett <abartlet@samba.org> > >Autobuild-User(master): Garming Sam <garming@samba.org> >Autobuild-Date(master): Mon Sep 5 08:14:26 CEST 2016 on sn-devel-144 > >(cherry picked from commit e69715138fe14d8dc51f65cf5986b178c98f40a2) >--- > source4/dsdb/kcc/garbage_collect_tombstones.c | 2 ++ > 1 file changed, 2 insertions(+) > >diff --git a/source4/dsdb/kcc/garbage_collect_tombstones.c b/source4/dsdb/kcc/garbage_collect_tombstones.c >index 62e9813..ad14d5e 100644 >--- a/source4/dsdb/kcc/garbage_collect_tombstones.c >+++ b/source4/dsdb/kcc/garbage_collect_tombstones.c >@@ -4,6 +4,8 @@ > handle removal of deleted objects > > Copyright (C) 2009 Andrew Tridgell >+ Copyright (C) 2016 Andrew Bartlett >+ Copyright (C) 2016 Catalyst.NET Ltd > > This program is free software; you can redistribute it and/or modify > it under the terms of the GNU General Public License as published by >-- >1.9.1 > > >From 86326d612712671fc1ffb4971ccc1eea2cc8e30f Mon Sep 17 00:00:00 2001 >From: Garming Sam <garming@catalyst.net.nz> >Date: Thu, 8 Sep 2016 13:33:11 +1200 >Subject: [PATCH 22/32] torture: Remove unnecessary whitespace > >Signed-off-by: Garming Sam <garming@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12382 >(cherry picked from commit c0239a9bf6f803e9f932b1a4fd267c614c33a4e8) >--- > source4/torture/drs/python/linked_attributes_drs.py | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/source4/torture/drs/python/linked_attributes_drs.py b/source4/torture/drs/python/linked_attributes_drs.py >index 04d31c2..a529f3c 100644 >--- a/source4/torture/drs/python/linked_attributes_drs.py >+++ b/source4/torture/drs/python/linked_attributes_drs.py >@@ -140,7 +140,7 @@ class LATests(drs_base.DrsBaseTestCase, ExopBaseTest): > if link.attid == expected_attid: > unpacked = ndr_unpack(drsuapi.DsReplicaObjectIdentifier3, > link.value.blob) >- active = link.flags & drsuapi.DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE >+ active = link.flags & drsuapi.DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE > links.append((str(unpacked.dn), bool(active))) > > return links >-- >1.9.1 > > >From 16fcc4e570dcb5e6bf96e8dd243579931e7b8049 Mon Sep 17 00:00:00 2001 >From: Garming Sam <garming@catalyst.net.nz> >Date: Thu, 8 Sep 2016 14:46:38 +1200 >Subject: [PATCH 23/32] rpmd: Add the ldb error string to a debug > >Signed-off-by: Garming Sam <garming@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12382 >(cherry picked from commit b7f363c64f0238daa36d7a79f08d34785c7444f2) >--- > source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > >diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c >index f3573f6..cc749ce 100644 >--- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c >+++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c >@@ -3621,9 +3621,10 @@ static int replmd_delete_internals(struct ldb_module *module, struct ldb_request > ldb_asprintf_errstring(ldb, > __location__ > ": Failed to remove backlink of " >- "%s when deleting %s", >+ "%s when deleting %s: %s", > el->name, >- old_dn_str); >+ old_dn_str, >+ ldb_errstring(ldb)); > talloc_free(tmp_ctx); > return LDB_ERR_OPERATIONS_ERROR; > } >-- >1.9.1 > > >From 881ad24b2a3a127978cc2645a428436ab648576c Mon Sep 17 00:00:00 2001 >From: Garming Sam <garming@catalyst.net.nz> >Date: Thu, 8 Sep 2016 14:42:01 +1200 >Subject: [PATCH 24/32] rpmd: Remove the seq_num check for skipping additional > work > >We will need this in a later patch. > >Signed-off-by: Garming Sam <garming@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12382 >(cherry picked from commit d6a16b4d7f069d8a916c778bc26e6b645722c89b) >--- > source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 7 ------- > 1 file changed, 7 deletions(-) > >diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c >index cc749ce..2aae797 100644 >--- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c >+++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c >@@ -2586,13 +2586,6 @@ static int replmd_modify_handle_linked_attribs(struct ldb_module *module, > const struct dsdb_schema *schema; > struct GUID old_guid; > >- if (seq_num == 0) { >- /* there the replmd_update_rpmd code has already >- * checked and saw that there are no linked >- * attributes */ >- return LDB_SUCCESS; >- } >- > if (dsdb_functional_level(ldb) == DS_DOMAIN_FUNCTION_2000) { > /* > * Nothing special is required for modifying or vanishing links >-- >1.9.1 > > >From 48ae5cb629b1aa8b29f9ca19a8db845e37b7a257 Mon Sep 17 00:00:00 2001 >From: Garming Sam <garming@catalyst.net.nz> >Date: Thu, 8 Sep 2016 14:46:06 +1200 >Subject: [PATCH 25/32] rpmd: Add a TODO regarding the additional work > performed > >Signed-off-by: Garming Sam <garming@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12382 >(cherry picked from commit 434bf4a5b5899c3390730bbd1f8ffad899a3ff73) >--- > source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 10 ++++++++++ > 1 file changed, 10 insertions(+) > >diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c >index 2aae797..44fbbf4 100644 >--- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c >+++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c >@@ -2600,6 +2600,16 @@ static int replmd_modify_handle_linked_attribs(struct ldb_module *module, > return LDB_SUCCESS; > } > >+ /* >+ * TODO: >+ * >+ * We should restrict this to the intersection of the list of >+ * linked attributes in the schema and the list of attributes >+ * being modified. >+ * >+ * This will help performance a little, as otherwise we have >+ * to allocate the entire object value-by-value. >+ */ > ret = dsdb_module_search_dn(module, msg, &res, msg->dn, NULL, > DSDB_FLAG_NEXT_MODULE | > DSDB_SEARCH_SHOW_RECYCLED | >-- >1.9.1 > > >From aef45312c52f40f3910e4c2024697f1e95846fb8 Mon Sep 17 00:00:00 2001 >From: Garming Sam <garming@catalyst.net.nz> >Date: Thu, 8 Sep 2016 14:40:40 +1200 >Subject: [PATCH 26/32] rpmd: Skip bump of USN when vanishing forward links > >Signed-off-by: Garming Sam <garming@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12382 >(cherry picked from commit ecf237cc3872674d2fbe489b8a1e8449f4063d8b) >--- > source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 12 ++++++++++++ > 1 file changed, 12 insertions(+) > >diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c >index 44fbbf4..7a5906e 100644 >--- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c >+++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c >@@ -1312,6 +1312,18 @@ static int replmd_update_rpmd_element(struct ldb_context *ldb, > } else if (LDB_FLAG_MOD_TYPE(el->flags) == LDB_FLAG_MOD_DELETE) { > may_skip = true; > } >+ } else if (a->linkID != 0 && LDB_FLAG_MOD_TYPE(el->flags) == LDB_FLAG_MOD_DELETE && >+ ldb_request_get_control(req, DSDB_CONTROL_REPLMD_VANISH_LINKS) != NULL) { >+ /* >+ * We intentionally skip the version bump when attempting to >+ * vanish links. >+ * >+ * The control is set by dbcheck and expunge-tombstones which >+ * both attempt to be non-replicating. Otherwise, making an >+ * alteration to the replication state would trigger a >+ * broadcast of all expunged objects. >+ */ >+ may_skip = true; > } > > if (el->flags & DSDB_FLAG_INTERNAL_FORCE_META_DATA) { >-- >1.9.1 > > >From 16b6475a1b667a2b1c207920e663e53da412f240 Mon Sep 17 00:00:00 2001 >From: Garming Sam <garming@catalyst.net.nz> >Date: Thu, 8 Sep 2016 14:40:08 +1200 >Subject: [PATCH 27/32] tests: Assert vanishing links doesn't bump USN > >Signed-off-by: Garming Sam <garming@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12382 >(cherry picked from commit a9c6879bb52b7dcfbfd6c329635aa235199e7145) >--- > source4/dsdb/tests/python/linked_attributes.py | 20 ++++++++++++++++++++ > 1 file changed, 20 insertions(+) > >diff --git a/source4/dsdb/tests/python/linked_attributes.py b/source4/dsdb/tests/python/linked_attributes.py >index cea3a01..0c46523 100644 >--- a/source4/dsdb/tests/python/linked_attributes.py >+++ b/source4/dsdb/tests/python/linked_attributes.py >@@ -306,11 +306,31 @@ class LATests(samba.tests.TestCase): > self.add_linked_attribute(g2, u1) > self.add_linked_attribute(g2, u2) > >+ res = self.samdb.search(g1, scope=ldb.SCOPE_BASE, >+ attrs=['uSNChanged']) >+ old_usn1 = int(res[0]['uSNChanged'][0]) >+ >+ res = self.samdb.search(g2, scope=ldb.SCOPE_BASE, >+ attrs=['uSNChanged']) >+ old_usn2 = int(res[0]['uSNChanged'][0]) >+ > self.samdb.delete(u1) > > self.assert_forward_links(g1, []) > self.assert_forward_links(g2, [u2]) > >+ res = self.samdb.search(g1, scope=ldb.SCOPE_BASE, >+ attrs=['uSNChanged']) >+ new_usn1 = int(res[0]['uSNChanged'][0]) >+ >+ res = self.samdb.search(g2, scope=ldb.SCOPE_BASE, >+ attrs=['uSNChanged']) >+ new_usn2 = int(res[0]['uSNChanged'][0]) >+ >+ # Assert the USN on the alternate object is unchanged >+ self.assertEqual(old_usn1, new_usn1) >+ self.assertEqual(old_usn2, new_usn2) >+ > def test_la_links_delete_user_reveal(self): > u1, u2 = self.add_objects(2, 'user', 'u_del_user_reveal') > g1, g2 = self.add_objects(2, 'group', 'g_del_user_reveal') >-- >1.9.1 > > >From b5f52ec1bc97e97f05108b91ec80ceb0c142c08d Mon Sep 17 00:00:00 2001 >From: Garming Sam <garming@catalyst.net.nz> >Date: Thu, 8 Sep 2016 15:27:42 +1200 >Subject: [PATCH 28/32] tombstone-expunge: Assert than an expunge does not bump > the USN > >Signed-off-by: Garming Sam <garming@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12382 >(cherry picked from commit cf587f9aff2638a31463ee6b28430ff7a3efb505) >--- > testprogs/blackbox/tombstones-expunge.sh | 12 ++++++++++++ > 1 file changed, 12 insertions(+) > >diff --git a/testprogs/blackbox/tombstones-expunge.sh b/testprogs/blackbox/tombstones-expunge.sh >index f2826c4..2075d1c 100755 >--- a/testprogs/blackbox/tombstones-expunge.sh >+++ b/testprogs/blackbox/tombstones-expunge.sh >@@ -46,6 +46,10 @@ undump() { > > tombstones_expunge() { > tmpfile=$PREFIX_ABS/$RELEASE/expected-expunge-output.txt >+ tmpldif1=$PREFIX_ABS/$RELEASE/expected-expunge-output2.txt.tmp1 >+ >+ TZ=UTC $ldbsearch -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb -s base -b '' | grep highestCommittedUSN > $tmpldif1 >+ > $PYTHON $BINDIR/samba-tool domain tombstones expunge -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb --current-time=2016-07-30 --tombstone-lifetime=4 > $tmpfile > if [ "$?" != "0" ]; then > return $? >@@ -54,6 +58,14 @@ tombstones_expunge() { > if [ "$?" != "0" ]; then > return 1 > fi >+ >+ tmpldif2=$PREFIX_ABS/$RELEASE/expected-expunge-output2.txt.tmp2 >+ TZ=UTC $ldbsearch -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb -s base -b '' | grep highestCommittedUSN > $tmpldif2 >+ >+ diff $tmpldif1 $tmpldif2 >+ if [ "$?" != "0" ]; then >+ return 1 >+ fi > } > > add_two_more_users() { >-- >1.9.1 > > >From e034f1095a417d9355aaa2d2b478cd279b3f391e Mon Sep 17 00:00:00 2001 >From: Garming Sam <garming@catalyst.net.nz> >Date: Thu, 8 Sep 2016 15:29:35 +1200 >Subject: [PATCH 29/32] dbcheck: Make it clearer about temporary output > >Signed-off-by: Garming Sam <garming@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12382 >(cherry picked from commit 974a8da0d996f1396ef5b8e7759f31ee7b92b254) >--- > testprogs/blackbox/tombstones-expunge.sh | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/testprogs/blackbox/tombstones-expunge.sh b/testprogs/blackbox/tombstones-expunge.sh >index 2075d1c..49a5073 100755 >--- a/testprogs/blackbox/tombstones-expunge.sh >+++ b/testprogs/blackbox/tombstones-expunge.sh >@@ -45,7 +45,7 @@ undump() { > } > > tombstones_expunge() { >- tmpfile=$PREFIX_ABS/$RELEASE/expected-expunge-output.txt >+ tmpfile=$PREFIX_ABS/$RELEASE/expected-expunge-output.txt.tmp > tmpldif1=$PREFIX_ABS/$RELEASE/expected-expunge-output2.txt.tmp1 > > TZ=UTC $ldbsearch -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb -s base -b '' | grep highestCommittedUSN > $tmpldif1 >-- >1.9.1 > > >From bb02a8e0d41c52c5784c4f1999db08da23f8e7f4 Mon Sep 17 00:00:00 2001 >From: Garming Sam <garming@catalyst.net.nz> >Date: Thu, 8 Sep 2016 17:04:29 +1200 >Subject: [PATCH 30/32] tests: Check that USN bumps when modifying a linked > attr > >Signed-off-by: Garming Sam <garming@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12382 >(cherry picked from commit d5127b75d3582f6dbae203f26284a36ec6e1549d) >--- > source4/dsdb/tests/python/linked_attributes.py | 21 +++++++++++++++++++++ > 1 file changed, 21 insertions(+) > >diff --git a/source4/dsdb/tests/python/linked_attributes.py b/source4/dsdb/tests/python/linked_attributes.py >index 0c46523..225ee47 100644 >--- a/source4/dsdb/tests/python/linked_attributes.py >+++ b/source4/dsdb/tests/python/linked_attributes.py >@@ -266,12 +266,33 @@ class LATests(samba.tests.TestCase): > u1, u2 = self.add_objects(2, 'user', 'u_del_link') > g1, g2 = self.add_objects(2, 'group', 'g_del_link') > >+ res = self.samdb.search(g1, scope=ldb.SCOPE_BASE, >+ attrs=['uSNChanged']) >+ old_usn1 = int(res[0]['uSNChanged'][0]) >+ > self.add_linked_attribute(g1, u1) >+ >+ res = self.samdb.search(g1, scope=ldb.SCOPE_BASE, >+ attrs=['uSNChanged']) >+ new_usn1 = int(res[0]['uSNChanged'][0]) >+ >+ self.assertNotEqual(old_usn1, new_usn1, "USN should have incremented") >+ > self.add_linked_attribute(g2, u1) > self.add_linked_attribute(g2, u2) > >+ res = self.samdb.search(g2, scope=ldb.SCOPE_BASE, >+ attrs=['uSNChanged']) >+ old_usn2 = int(res[0]['uSNChanged'][0]) >+ > self.remove_linked_attribute(g2, u1) > >+ res = self.samdb.search(g2, scope=ldb.SCOPE_BASE, >+ attrs=['uSNChanged']) >+ new_usn2 = int(res[0]['uSNChanged'][0]) >+ >+ self.assertNotEqual(old_usn2, new_usn2, "USN should have incremented") >+ > self.assert_forward_links(g1, [u1]) > self.assert_forward_links(g2, [u2]) > >-- >1.9.1 > > >From 5cbcdc871be8d56fe737ccb9d5844f03a6cd9557 Mon Sep 17 00:00:00 2001 >From: Garming Sam <garming@catalyst.net.nz> >Date: Thu, 8 Sep 2016 15:45:56 +1200 >Subject: [PATCH 31/32] tests: Skip a test for reveal internals for passing > Windows > >Signed-off-by: Garming Sam <garming@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12382 >(cherry picked from commit 4a264f6460941e6cc741c3dfd1bba72a076a8267) >--- > source4/dsdb/tests/python/linked_attributes.py | 7 ++++++- > 1 file changed, 6 insertions(+), 1 deletion(-) > >diff --git a/source4/dsdb/tests/python/linked_attributes.py b/source4/dsdb/tests/python/linked_attributes.py >index 225ee47..9813ea0 100644 >--- a/source4/dsdb/tests/python/linked_attributes.py >+++ b/source4/dsdb/tests/python/linked_attributes.py >@@ -303,7 +303,7 @@ class LATests(samba.tests.TestCase): > self.remove_linked_attribute(g2, u1) > self.assert_forward_links(g2, []) > >- def test_la_links_delete_link_reveal(self): >+ def _test_la_links_delete_link_reveal(self): > u1, u2 = self.add_objects(2, 'user', 'u_del_link_reveal') > g1, g2 = self.add_objects(2, 'group', 'g_del_link_reveal') > >@@ -318,6 +318,11 @@ class LATests(samba.tests.TestCase): > show_deactivated_link=0, > reveal_internals=0 > ) >+ def test_la_links_delete_link_reveal(self): >+ if opts.no_reveal_internals: >+ print 'skipping because --no-reveal-internals' >+ return >+ self._test_la_links_delete_link_reveal() > > def test_la_links_delete_user(self): > u1, u2 = self.add_objects(2, 'user', 'u_del_user') >-- >1.9.1 > > >From 531789122406deba34d41c34f48bcee08013ccdb Mon Sep 17 00:00:00 2001 >From: Garming Sam <garming@catalyst.net.nz> >Date: Thu, 8 Sep 2016 16:34:51 +1200 >Subject: [PATCH 32/32] dbcheck: assert uSNChanged values in release-4-5-0-pre1 > >This shows that dbcheck doesn't change the replPropertyMetadata when >fixing the links on these objects. > >Signed-off-by: Garming Sam <garming@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12382 > >Autobuild-User(master): Garming Sam <garming@samba.org> >Autobuild-Date(master): Thu Sep 8 14:39:19 CEST 2016 on sn-devel-144 > >(cherry picked from commit 0ab32637249fb88917d240e78c0f213b83236027) >--- > .../expected-links-after-dbcheck.ldif | 217 +++++++++++++++++++++ > .../release-4-5-0-pre1/rootdse-version.final.txt | 1 + > .../release-4-5-0-pre1/rootdse-version.initial.txt | 1 + > testprogs/blackbox/dbcheck-oldrelease.sh | 18 +- > 4 files changed, 236 insertions(+), 1 deletion(-) > create mode 100644 source4/selftest/provisions/release-4-5-0-pre1/rootdse-version.final.txt > create mode 100644 source4/selftest/provisions/release-4-5-0-pre1/rootdse-version.initial.txt > >diff --git a/source4/selftest/provisions/release-4-5-0-pre1/expected-links-after-dbcheck.ldif b/source4/selftest/provisions/release-4-5-0-pre1/expected-links-after-dbcheck.ldif >index 5054c74..9ac86fc 100644 >--- a/source4/selftest/provisions/release-4-5-0-pre1/expected-links-after-dbcheck.ldif >+++ b/source4/selftest/provisions/release-4-5-0-pre1/expected-links-after-dbcheck.ldif >@@ -2,646 +2,775 @@ > dn: CN=User,CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3586 > > # record 2 > dn: CN=User,CN={6AC1786C-016F-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3589 > > # record 3 > dn: CN=Content,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=ms-DFSR-Content,CN=Schema,CN=Configuration,DC=release-4-5-0 > -pre1,DC=samba,DC=corp >+uSNChanged: 3394 > > # record 4 > dn: CN=Machine,CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3587 > > # record 5 > dn: CN=Machine,CN={6AC1786C-016F-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3590 > > # record 6 > dn: CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=ms-DFSR-Topology,CN=Schema,CN=Configuration,DC=release-4-5- > 0-pre1,DC=samba,DC=corp >+uSNChanged: 3395 > > # record 7 > dn: CN=0b7fb422-3609-4587-8c2e-94b10f67d1bf,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3453 > > # record 8 > dn: CN=0e660ea3-8a5e-4495-9ad7-ca1bd4638f9e,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3405 > > # record 9 > dn: CN=10b3ad2a-6883-4fa7-90fc-6377cbdc1b26,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3409 > > # record 10 > dn: CN=13d15cf0-e6c8-11d6-9793-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3450 > > # record 11 > dn: CN=231fb90b-c92a-40c9-9379-bacfc313a3e3,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3454 > > # record 12 > dn: CN=2416c60a-fe15-4d7a-a61e-dffd5df864d3,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3402 > > # record 13 > dn: CN=293f0798-ea5c-4455-9f5d-45f33a30703b,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3416 > > # record 14 > dn: CN=2951353e-d102-4ea5-906c-54247eeec741,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3455 > > # record 15 > dn: CN=3051c66f-b332-4a73-9a20-2d6a7d6e6a1c,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3447 > > # record 16 > dn: CN=3c784009-1f57-4e2a-9b04-6915c9e71961,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3424 > > # record 17 > dn: CN=3e4f4182-ac5d-4378-b760-0eab2de593e2,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3448 > > # record 18 > dn: CN=446f24ea-cfd5-4c52-8346-96e170bcb912,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3414 > > # record 19 > dn: CN=4aaabc3a-c416-4b9c-a6bb-4b453ab1c1f0,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3456 > > # record 20 > dn: CN=4c93ad42-178a-4275-8600-16811d28f3aa,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3457 > > # record 21 > dn: CN=4dfbb973-8a62-4310-a90c-776e00f83222,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3419 > > # record 22 > dn: CN=51cba88b-99cf-4e16-bef2-c427b38d0767,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3415 > > # record 23 > dn: CN=57428d75-bef7-43e1-938b-2e749f5a8d56,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3458 > > # record 24 > dn: CN=5c82b233-75fc-41b3-ac71-c69592e6bf15,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3417 > > # record 25 > dn: CN=61b34cb0-55ee-4be9-b595-97810b92b017,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3459 > > # record 26 > dn: CN=6ada9ff7-c9df-45c1-908e-9fef2fab008a,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3408 > > # record 27 > dn: CN=6bcd5678-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3425 > > # record 28 > dn: CN=6bcd5679-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3426 > > # record 29 > dn: CN=6bcd567a-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3427 > > # record 30 > dn: CN=6bcd567b-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3428 > > # record 31 > dn: CN=6bcd567c-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3429 > > # record 32 > dn: CN=6bcd567d-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3430 > > # record 33 > dn: CN=6bcd567e-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3431 > > # record 34 > dn: CN=6bcd567f-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3432 > > # record 35 > dn: CN=6bcd5680-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3433 > > # record 36 > dn: CN=6bcd5681-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3434 > > # record 37 > dn: CN=6bcd5682-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3435 > > # record 38 > dn: CN=6bcd5683-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3436 > > # record 39 > dn: CN=6bcd5684-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3437 > > # record 40 > dn: CN=6bcd5685-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3438 > > # record 41 > dn: CN=6bcd5686-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3439 > > # record 42 > dn: CN=6bcd5687-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3440 > > # record 43 > dn: CN=6bcd5688-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3441 > > # record 44 > dn: CN=6bcd5689-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3442 > > # record 45 > dn: CN=6bcd568a-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3443 > > # record 46 > dn: CN=6bcd568b-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3444 > > # record 47 > dn: CN=6bcd568c-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3445 > > # record 48 > dn: CN=6bcd568d-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3446 > > # record 49 > dn: CN=6E157EDF-4E72-4052-A82A-EC3F91021A22,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3452 > > # record 50 > dn: CN=6ff880d6-11e7-4ed1-a20f-aac45da48650,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3413 > > # record 51 > dn: CN=71482d49-8870-4cb3-a438-b6fc9ec35d70,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3460 > > # record 52 > dn: CN=7868d4c8-ac41-4e05-b401-776280e8e9f1,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3403 > > # record 53 > dn: CN=7cfb016c-4f87-4406-8166-bd9df943947f,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3421 > > # record 54 > dn: CN=7ffef925-405b-440a-8d58-35e8cd6e98c3,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3418 > > # record 55 > dn: CN=8437C3D8-7689-4200-BF38-79E4AC33DFA0,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3420 > > # record 56 > dn: CN=860c36ed-5241-4c62-a18b-cf6ff9994173,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3404 > > # record 57 > dn: CN=8ca38317-13a4-4bd4-806f-ebed6acb5d0c,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3423 > > # record 58 > dn: CN=8ddf6913-1c7b-4c59-a5af-b9ca3b3d2c4c,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3451 > > # record 59 > dn: CN=9738c400-7795-4d6e-b19d-c16cd6486166,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3461 > > # record 60 > dn: CN=98de1d3e-6611-443b-8b4e-f4337f1ded0b,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3410 > > # record 61 > dn: CN=9cac1f66-2167-47ad-a472-2a13251310e4,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3412 > > # record 62 > dn: CN=a1789bfb-e0a2-4739-8cc0-e77d892d080a,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3462 > > # record 63 > dn: CN=a3dac986-80e7-4e59-a059-54cb1ab43cb9,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3463 > > # record 64 > dn: CN=a86fe12a-0f62-4e2a-b271-d27f601f8182,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3406 > > # record 65 > dn: CN=ab402345-d3c3-455d-9ff7-40268a1099b6,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3399 > > # record 66 > dn: CN=aed72870-bf16-4788-8ac7-22299c8207f1,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3464 > > # record 67 > dn: CN=b96ed344-545a-4172-aa0c-68118202f125,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3465 > > # record 68 > dn: CN=bab5f54d-06c8-48de-9b87-d78b796564e4,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3400 > > # record 69 > dn: CN=c4f17608-e611-11d6-9793-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3449 > > # record 70 > dn: CN=c88227bc-fcca-4b58-8d8a-cd3d64528a02,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3466 > > # record 71 > dn: CN=d85c0bfd-094f-4cad-a2b5-82ac9268475d,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3407 > > # record 72 > dn: CN=dda1d01d-4bd7-4c49-a184-46f9241b560e,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3467 > > # record 73 > dn: CN=de10d491-909f-4fb0-9abb-4b7865c0fe80,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3468 > > # record 74 > dn: CN=ebad865a-d649-416f-9922-456b53bbb5b8,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3469 > > # record 75 > dn: CN=f3dd09dd-25e8-4f9c-85df-12d6d2f2f2f5,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3401 > > # record 76 > dn: CN=f58300d1-b71a-4DB6-88a1-a8b9538beaca,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3470 > > # record 77 > dn: CN=f607fd87-80cf-45e2-890b-6cf97ec0e284,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3411 > > # record 78 > dn: CN=f7ed4553-d82b-49ef-a839-2f38a36bb069,CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3422 > > # record 79 > dn: DC=@,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,D > C=samba,DC=corp >+uSNChanged: 3606 > > # record 80 > dn: DC=a.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,D > C=samba,DC=corp >+uSNChanged: 3616 > > # record 81 > dn: DC=b.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,D > C=samba,DC=corp >+uSNChanged: 3609 > > # record 82 > dn: DC=c.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,D > C=samba,DC=corp >+uSNChanged: 3618 > > # record 83 > dn: DC=d.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,D > C=samba,DC=corp >+uSNChanged: 3614 > > # record 84 > dn: DC=e.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,D > C=samba,DC=corp >+uSNChanged: 3613 > > # record 85 > dn: DC=f.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,D > C=samba,DC=corp >+uSNChanged: 3608 > > # record 86 > dn: DC=g.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,D > C=samba,DC=corp >+uSNChanged: 3617 > > # record 87 > dn: DC=h.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,D > C=samba,DC=corp >+uSNChanged: 3607 > > # record 88 > dn: DC=i.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,D > C=samba,DC=corp >+uSNChanged: 3612 > > # record 89 > dn: DC=j.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,D > C=samba,DC=corp >+uSNChanged: 3619 > > # record 90 > dn: DC=k.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,D > C=samba,DC=corp >+uSNChanged: 3615 > > # record 91 > dn: DC=l.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,D > C=samba,DC=corp >+uSNChanged: 3611 > > # record 92 > dn: DC=m.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,D > C=samba,DC=corp >+uSNChanged: 3610 > > # record 93 > dn: CN=SOM,CN=WMIPolicy,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3510 > > # record 94 > dn: CN=WMIGPO,CN=WMIPolicy,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3511 > > # record 95 > dn: CN=RID Set,CN=DOUGLASB-DESKTO,OU=Domain Controllers,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=RID-Set,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,DC > =samba,DC=corp >+uSNChanged: 3584 > > # record 96 > dn: CN=Operations,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3398 > > # record 97 > dn: CN=PolicyType,CN=WMIPolicy,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3509 > > # record 98 > dn: CN=VolumeTable,CN=FileLinks,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Link-Track-Volume-Table,CN=Schema,CN=Configuration,DC=relea > se-4-5-0-pre1,DC=samba,DC=corp >+uSNChanged: 3475 > > # record 99 > dn: CN=AppCategories,CN=Default Domain Policy,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Class-Store,CN=Schema,CN=Configuration,DC=release-4-5-0-pre > 1,DC=samba,DC=corp >+uSNChanged: 3390 > > # record 100 > dn: CN=PolicyTemplate,CN=WMIPolicy,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3508 > > # record 101 > dn: CN=ObjectMoveTable,CN=FileLinks,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Link-Track-Object-Move-Table,CN=Schema,CN=Configuration,DC= > release-4-5-0-pre1,DC=samba,DC=corp >+uSNChanged: 3474 > > # record 102 > dn: CN=Windows2003Update,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3471 > > # record 103 > dn: CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=ms-DFSR-ReplicationGroup,CN=Schema,CN=Configuration,DC=rele > ase-4-5-0-pre1,DC=samba,DC=corp >+uSNChanged: 3393 > > # record 104 > dn: CN=ActiveDirectoryUpdate,CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3397 > > # record 105 > dn: CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Group-Policy-Container,CN=Schema,CN=Configuration,DC=releas > e-4-5-0-pre1,DC=samba,DC=corp >+uSNChanged: 3585 > > # record 106 > dn: CN={6AC1786C-016F-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Group-Policy-Container,CN=Schema,CN=Configuration,DC=releas > e-4-5-0-pre1,DC=samba,DC=corp >+uSNChanged: 3588 > > # record 107 > dn: CN=ipsecNFA{59319BE2-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Ipsec-NFA,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3692 > > # record 108 > dn: CN=ipsecNFA{59319BF3-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Ipsec-NFA,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3709 > > # record 109 > dn: CN=ipsecNFA{59319C04-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Ipsec-NFA,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3703 > > # record 110 > dn: CN=ipsecNFA{594272E2-071D-11D3-AD22-0060B0ECCA17},CN=IP Security,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Ipsec-NFA,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3694 > > # record 111 > dn: CN=ipsecNFA{594272FD-071D-11D3-AD22-0060B0ECCA17},CN=IP Security,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Ipsec-NFA,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3495 > > # record 112 > dn: CN=ipsecNFA{6A1F5C6F-72B7-11D2-ACF0-0060B0ECCA17},CN=IP Security,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Ipsec-NFA,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3498 > > # record 113 > dn: CN=ipsecNFA{72385232-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Ipsec-NFA,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3691 > > # record 114 > dn: CN=ipsecNFA{7238523E-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Ipsec-NFA,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3708 > > # record 115 > dn: CN=ipsecFilter{72385235-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Ipsec-Filter,CN=Schema,CN=Configuration,DC=release-4-5-0-pr > e1,DC=samba,DC=corp >+uSNChanged: 3700 > > # record 116 > dn: CN=ipsecFilter{7238523A-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Ipsec-Filter,CN=Schema,CN=Configuration,DC=release-4-5-0-pr > e1,DC=samba,DC=corp >+uSNChanged: 3696 > > # record 117 > dn: CN=ipsecPolicy{72385230-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Ipsec-Policy,CN=Schema,CN=Configuration,DC=release-4-5-0-pr > e1,DC=samba,DC=corp >+uSNChanged: 3689 > > # record 118 > dn: CN=ipsecPolicy{72385236-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Ipsec-Policy,CN=Schema,CN=Configuration,DC=release-4-5-0-pr > e1,DC=samba,DC=corp >+uSNChanged: 3702 > > # record 119 > dn: CN=ipsecPolicy{7238523C-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Ipsec-Policy,CN=Schema,CN=Configuration,DC=release-4-5-0-pr > e1,DC=samba,DC=corp >+uSNChanged: 3707 > > # record 120 > dn: CN=ipsecISAKMPPolicy{72385231-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Ipsec-ISAKMP-Policy,CN=Schema,CN=Configuration,DC=release-4 > -5-0-pre1,DC=samba,DC=corp >+uSNChanged: 3478 > > # record 121 > dn: CN=ipsecISAKMPPolicy{72385237-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Ipsec-ISAKMP-Policy,CN=Schema,CN=Configuration,DC=release-4 > -5-0-pre1,DC=samba,DC=corp >+uSNChanged: 3488 > > # record 122 > dn: CN=ipsecISAKMPPolicy{7238523D-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Ipsec-ISAKMP-Policy,CN=Schema,CN=Configuration,DC=release-4 > -5-0-pre1,DC=samba,DC=corp >+uSNChanged: 3492 > > # record 123 > dn: CN=ipsecNegotiationPolicy{59319BDF-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Ipsec-Negotiation-Policy,CN=Schema,CN=Configuration,DC=rele > ase-4-5-0-pre1,DC=samba,DC=corp >+uSNChanged: 3484 > > # record 124 > dn: CN=ipsecNegotiationPolicy{59319BF0-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Ipsec-Negotiation-Policy,CN=Schema,CN=Configuration,DC=rele > ase-4-5-0-pre1,DC=samba,DC=corp >+uSNChanged: 3497 > > # record 125 > dn: CN=ipsecNegotiationPolicy{59319C01-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Ipsec-Negotiation-Policy,CN=Schema,CN=Configuration,DC=rele > ase-4-5-0-pre1,DC=samba,DC=corp >+uSNChanged: 3490 > > # record 126 > dn: CN=ipsecNegotiationPolicy{72385233-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Ipsec-Negotiation-Policy,CN=Schema,CN=Configuration,DC=rele > ase-4-5-0-pre1,DC=samba,DC=corp >+uSNChanged: 3482 > > # record 127 > dn: CN=ipsecNegotiationPolicy{7238523B-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Ipsec-Negotiation-Policy,CN=Schema,CN=Configuration,DC=rele > ase-4-5-0-pre1,DC=samba,DC=corp >+uSNChanged: 3698 > > # record 128 > dn: CN=ipsecNegotiationPolicy{7238523F-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Ipsec-Negotiation-Policy,CN=Schema,CN=Configuration,DC=rele > ase-4-5-0-pre1,DC=samba,DC=corp >+uSNChanged: 3496 > > # record 129 > dn: DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Dns-Zone,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,D > C=samba,DC=corp >+uSNChanged: 3605 > > # record 130 > dn: CN=Guest,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp >@@ -649,6 +778,7 @@ memberOf: CN=Guests,CN=Builtin,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,DC= > samba,DC=corp > sAMAccountType: 805306368 >+uSNChanged: 3546 > > # record 131 > dn: CN=Users,CN=Builtin,DC=release-4-5-0-pre1,DC=samba,DC=corp >@@ -660,6 +790,7 @@ member: CN=S-1-5-11,CN=ForeignSecurityPrincipals,DC=release-4-5-0-pre1,DC=samb > objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,DC=s > amba,DC=corp > sAMAccountType: 536870912 >+uSNChanged: 3563 > > # record 132 > dn: CN=Guests,CN=Builtin,DC=release-4-5-0-pre1,DC=samba,DC=corp >@@ -668,6 +799,7 @@ member: CN=Guest,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,DC=s > amba,DC=corp > sAMAccountType: 536870912 >+uSNChanged: 3564 > > # record 133 > dn: CN=krbtgt,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp >@@ -676,17 +808,20 @@ memberOf: CN=Denied RODC Password Replication Group,CN=Users,DC=release-4-5-0- > objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,DC= > samba,DC=corp > sAMAccountType: 805306368 >+uSNChanged: 3547 > > # record 134 > dn: CN=Server,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Sam-Server,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1 > ,DC=samba,DC=corp >+uSNChanged: 3505 > > # record 135 > dn: CN=S-1-5-4,CN=ForeignSecurityPrincipals,DC=release-4-5-0-pre1,DC=samba,DC=corp > memberOf: CN=Users,CN=Builtin,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,DC=re > lease-4-5-0-pre1,DC=samba,DC=corp >+uSNChanged: 3558 > > # record 136 > dn: CN=S-1-5-9,CN=ForeignSecurityPrincipals,DC=release-4-5-0-pre1,DC=samba,DC=corp >@@ -694,16 +829,19 @@ memberOf: CN=Windows Authorization Access Group,CN=Builtin,DC=release-4-5-0-pr > e1,DC=samba,DC=corp > objectCategory: CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,DC=re > lease-4-5-0-pre1,DC=samba,DC=corp >+uSNChanged: 3559 > > # record 137 > dn: CN=Meetings,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3499 > > # record 138 > dn: CN=Policies,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3501 > > # record 139 > dn: CN=S-1-5-11,CN=ForeignSecurityPrincipals,DC=release-4-5-0-pre1,DC=samba,DC=corp >@@ -712,29 +850,34 @@ memberOf: CN=Pre-Windows 2000 Compatible Access,CN=Builtin,DC=release-4-5-0-pr > memberOf: CN=Users,CN=Builtin,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,DC=re > lease-4-5-0-pre1,DC=samba,DC=corp >+uSNChanged: 3560 > > # record 140 > dn: CN=S-1-5-17,CN=ForeignSecurityPrincipals,DC=release-4-5-0-pre1,DC=samba,DC=corp > memberOf: CN=IIS_IUSRS,CN=Builtin,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,DC=re > lease-4-5-0-pre1,DC=samba,DC=corp >+uSNChanged: 3561 > > # record 141 > dn: CN=swimmers,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,DC=s > amba,DC=corp > sAMAccountType: 268435456 >+uSNChanged: 3745 > > # record 142 > dn: CN=DnsAdmins,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,DC=s > amba,DC=corp > sAMAccountType: 536870912 >+uSNChanged: 3602 > > # record 143 > dn: CN=FileLinks,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=File-Link-Tracking,CN=Schema,CN=Configuration,DC=release-4- > 5-0-pre1,DC=samba,DC=corp >+uSNChanged: 3473 > > # record 144 > dn: CN=IIS_IUSRS,CN=Builtin,DC=release-4-5-0-pre1,DC=samba,DC=corp >@@ -743,32 +886,38 @@ member: CN=S-1-5-17,CN=ForeignSecurityPrincipals,DC=release-4-5-0-pre1,DC=samb > objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,DC=s > amba,DC=corp > sAMAccountType: 536870912 >+uSNChanged: 3579 > > # record 145 > dn: CN=Microsoft,CN=Program Data,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3384 > > # record 146 > dn: CN=WMIPolicy,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3507 > > # record 147 > dn: CN=Replicator,CN=Builtin,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,DC=s > amba,DC=corp > sAMAccountType: 536870912 >+uSNChanged: 3569 > > # record 148 > dn: CN=IP Security,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3476 > > # record 149 > dn: CN=RpcServices,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Rpc-Container,CN=Schema,CN=Configuration,DC=release-4-5-0-p > re1,DC=samba,DC=corp >+uSNChanged: 3504 > > # record 150 > dn: CN=Domain Users,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp >@@ -776,16 +925,19 @@ memberOf: CN=Users,CN=Builtin,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,DC=s > amba,DC=corp > sAMAccountType: 268435456 >+uSNChanged: 3541 > > # record 151 > dn: CN=MicrosoftDNS,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3604 > > # record 152 > dn: CN=RID Manager$,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=RID-Manager,CN=Schema,CN=Configuration,DC=release-4-5-0-pre > 1,DC=samba,DC=corp >+uSNChanged: 3598 > > # record 153 > dn: CN=Administrator,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp >@@ -798,16 +950,19 @@ memberOf: CN=Domain Admins,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,DC= > samba,DC=corp > sAMAccountType: 805306368 >+uSNChanged: 3545 > > # record 154 > dn: CN=AdminSDHolder,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3386 > > # record 155 > dn: CN=ComPartitions,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3387 > > # record 156 > dn: CN=Domain Admins,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp >@@ -818,6 +973,7 @@ memberOf: CN=Denied RODC Password Replication Group,CN=Users,DC=release-4-5-0- > objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,DC=s > amba,DC=corp > sAMAccountType: 268435456 >+uSNChanged: 3549 > > # record 157 > dn: CN=Domain Guests,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp >@@ -825,11 +981,13 @@ memberOf: CN=Guests,CN=Builtin,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,DC=s > amba,DC=corp > sAMAccountType: 268435456 >+uSNChanged: 3542 > > # record 158 > dn: CN=DomainUpdates,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3396 > > # record 159 > dn: CN=Schema Admins,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp >@@ -839,6 +997,7 @@ memberOf: CN=Denied RODC Password Replication Group,CN=Users,DC=release-4-5-0- > objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,DC=s > amba,DC=corp > sAMAccountType: 268435456 >+uSNChanged: 3551 > > # record 160 > dn: CN=Administrators,CN=Builtin,DC=release-4-5-0-pre1,DC=samba,DC=corp >@@ -848,12 +1007,14 @@ member: CN=Administrator,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,DC=s > amba,DC=corp > sAMAccountType: 536870912 >+uSNChanged: 3562 > > # record 161 > dn: CN=DnsUpdateProxy,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,DC=s > amba,DC=corp > sAMAccountType: 268435456 >+uSNChanged: 3603 > > # record 162 > dn: CN=Cert Publishers,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp >@@ -862,69 +1023,81 @@ memberOf: CN=Denied RODC Password Replication Group,CN=Users,DC=release-4-5-0- > objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,DC=s > amba,DC=corp > sAMAccountType: 536870912 >+uSNChanged: 3550 > > # record 163 > dn: CN=DOUGLASB-DESKTO,OU=Domain Controllers,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Computer,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,D > C=samba,DC=corp > sAMAccountType: 805306369 >+uSNChanged: 3601 > > # record 164 > dn: CN=Print Operators,CN=Builtin,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,DC=s > amba,DC=corp > sAMAccountType: 536870912 >+uSNChanged: 3567 > > # record 165 > dn: CN=User UT. Tester,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,DC= > samba,DC=corp > sAMAccountType: 805306368 >+uSNChanged: 3712 > > # record 166 > dn: CN=WinsockServices,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3506 > > # record 167 > dn: CN=Backup Operators,CN=Builtin,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,DC=s > amba,DC=corp > sAMAccountType: 536870912 >+uSNChanged: 3568 > > # record 168 > dn: CN=ComPartitionSets,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3388 > > # record 169 > dn: CN=Domain Computers,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,DC=s > amba,DC=corp > sAMAccountType: 268435456 >+uSNChanged: 3543 > > # record 170 > dn: CN=Server Operators,CN=Builtin,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,DC=s > amba,DC=corp > sAMAccountType: 536870912 >+uSNChanged: 3566 > > # record 171 > dn: CN=User1 UT. Tester,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,DC= > samba,DC=corp > sAMAccountType: 805306368 >+uSNChanged: 3715 > > # record 172 > dn: CN=Account Operators,CN=Builtin,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,DC=s > amba,DC=corp > sAMAccountType: 536870912 >+uSNChanged: 3565 > > # record 173 > dn: CN=Dfs-Configuration,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Dfs-Configuration,CN=Schema,CN=Configuration,DC=release-4-5 > -0-pre1,DC=samba,DC=corp >+uSNChanged: 3391 > > # record 174 > dn: CN=Enterprise Admins,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp >@@ -935,12 +1108,14 @@ memberOf: CN=Denied RODC Password Replication Group,CN=Users,DC=release-4-5-0- > objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,DC=s > amba,DC=corp > sAMAccountType: 268435456 >+uSNChanged: 3552 > > # record 175 > dn: CN=Event Log Readers,CN=Builtin,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,DC=s > amba,DC=corp > sAMAccountType: 536870912 >+uSNChanged: 3581 > > # record 176 > dn: CN=Domain Controllers,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp >@@ -949,57 +1124,67 @@ memberOf: CN=Denied RODC Password Replication Group,CN=Users,DC=release-4-5-0- > objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,DC=s > amba,DC=corp > sAMAccountType: 268435456 >+uSNChanged: 3544 > > # record 177 > dn: CN=DFSR-GlobalSettings,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=ms-DFSR-GlobalSettings,CN=Schema,CN=Configuration,DC=releas > e-4-5-0-pre1,DC=samba,DC=corp >+uSNChanged: 3392 > > # record 178 > dn: CN=RAS and IAS Servers,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,DC=s > amba,DC=corp > sAMAccountType: 536870912 >+uSNChanged: 3555 > > # record 179 > dn: CN=Remote Desktop Users,CN=Builtin,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,DC=s > amba,DC=corp > sAMAccountType: 536870912 >+uSNChanged: 3571 > > # record 180 > dn: CN=Default Domain Policy,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Domain-Policy,CN=Schema,CN=Configuration,DC=release-4-5-0-p > re1,DC=samba,DC=corp >+uSNChanged: 3389 > > # record 181 > dn: CN=Distributed COM Users,CN=Builtin,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,DC=s > amba,DC=corp > sAMAccountType: 536870912 >+uSNChanged: 3578 > > # record 182 > dn: CN=Performance Log Users,CN=Builtin,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,DC=s > amba,DC=corp > sAMAccountType: 536870912 >+uSNChanged: 3575 > > # record 183 > dn: CN=Cryptographic Operators,CN=Builtin,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,DC=s > amba,DC=corp > sAMAccountType: 536870912 >+uSNChanged: 3580 > > # record 184 > dn: CN=File Replication Service,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=NTFRS-Settings,CN=Schema,CN=Configuration,DC=release-4-5-0- > pre1,DC=samba,DC=corp >+uSNChanged: 3472 > > # record 185 > dn: CN=Performance Monitor Users,CN=Builtin,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,DC=s > amba,DC=corp > sAMAccountType: 536870912 >+uSNChanged: 3574 > > # record 186 > dn: CN=Group Policy Creator Owners,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp >@@ -1009,11 +1194,13 @@ memberOf: CN=Denied RODC Password Replication Group,CN=Users,DC=release-4-5-0- > objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,DC=s > amba,DC=corp > sAMAccountType: 268435456 >+uSNChanged: 3553 > > # record 187 > dn: CN=Password Settings Container,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=ms-DS-Password-Settings-Container,CN=Schema,CN=Configuratio > n,DC=release-4-5-0-pre1,DC=samba,DC=corp >+uSNChanged: 3500 > > # record 188 > dn: CN=Read-only Domain Controllers,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp >@@ -1022,35 +1209,41 @@ memberOf: CN=Denied RODC Password Replication Group,CN=Users,DC=release-4-5-0- > objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,DC=s > amba,DC=corp > sAMAccountType: 268435456 >+uSNChanged: 3554 > > # record 189 > dn: CN=Incoming Forest Trust Builders,CN=Builtin,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,DC=s > amba,DC=corp > sAMAccountType: 536870912 >+uSNChanged: 3573 > > # record 190 > dn: CN=Certificate Service DCOM Access,CN=Builtin,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,DC=s > amba,DC=corp > sAMAccountType: 536870912 >+uSNChanged: 3582 > > # record 191 > dn: CN=Network Configuration Operators,CN=Builtin,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,DC=s > amba,DC=corp > sAMAccountType: 536870912 >+uSNChanged: 3572 > > # record 192 > dn: CN=Terminal Server License Servers,CN=Builtin,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,DC=s > amba,DC=corp > sAMAccountType: 536870912 >+uSNChanged: 3577 > > # record 193 > dn: CN=RAS and IAS Servers Access Check,CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3502 > > # record 194 > dn: CN=Pre-Windows 2000 Compatible Access,CN=Builtin,DC=release-4-5-0-pre1,DC=samba,DC=corp >@@ -1059,6 +1252,7 @@ member: CN=S-1-5-11,CN=ForeignSecurityPrincipals,DC=release-4-5-0-pre1,DC=samb > objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,DC=s > amba,DC=corp > sAMAccountType: 536870912 >+uSNChanged: 3570 > > # record 195 > dn: CN=Windows Authorization Access Group,CN=Builtin,DC=release-4-5-0-pre1,DC=samba,DC=corp >@@ -1067,6 +1261,7 @@ member: CN=S-1-5-9,CN=ForeignSecurityPrincipals,DC=release-4-5-0-pre1,DC=samba > objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,DC=s > amba,DC=corp > sAMAccountType: 536870912 >+uSNChanged: 3576 > > # record 196 > dn: CN=Denied RODC Password Replication Group,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp >@@ -1083,106 +1278,128 @@ member: CN=krbtgt,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,DC=s > amba,DC=corp > sAMAccountType: 536870912 >+uSNChanged: 3557 > > # record 197 > dn: CN=Allowed RODC Password Replication Group,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,DC=s > amba,DC=corp > sAMAccountType: 536870912 >+uSNChanged: 3556 > > # record 198 > dn: CN=Enterprise Read-only Domain Controllers,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1,DC=s > amba,DC=corp > sAMAccountType: 268435456 >+uSNChanged: 3548 > > # record 199 > dn: CN=ddg\0ADEL:fb8c2fe3-5448-43de-99f9-e1d3b9357cfc,CN=Deleted Objects,DC=release-4-5-0-pre1,DC=samba,DC=corp > lastKnownParent: CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp >+uSNChanged: 3737 > > # record 200 > dn: CN=dsg\0ADEL:6d66d0ef-cad7-4e5d-b1b6-4a233a21c269,CN=Deleted Objects,DC=release-4-5-0-pre1,DC=samba,DC=corp > lastKnownParent: CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp >+uSNChanged: 3734 > > # record 201 > dn: CN=gdg\0ADEL:e0f581e7-14ee-4fc2-839c-8f46f581c72a,CN=Deleted Objects,DC=release-4-5-0-pre1,DC=samba,DC=corp > lastKnownParent: CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp >+uSNChanged: 3738 > > # record 202 > dn: CN=gsg\0ADEL:91aa85cc-fc19-4b8c-9fc7-aaba425439c7,CN=Deleted Objects,DC=release-4-5-0-pre1,DC=samba,DC=corp > lastKnownParent: CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp >+uSNChanged: 3735 > > # record 203 > dn: CN=udg\0ADEL:7cff5537-51b1-4d26-a295-0225dbea8525,CN=Deleted Objects,DC=release-4-5-0-pre1,DC=samba,DC=corp > lastKnownParent: CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp >+uSNChanged: 3739 > > # record 204 > dn: CN=usg\0ADEL:d012e8f5-a4bd-40ea-a2a1-68ff2508847d,CN=Deleted Objects,DC=release-4-5-0-pre1,DC=samba,DC=corp > lastKnownParent: CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp >+uSNChanged: 3736 > > # record 205 > dn: CN=fred\0ADEL:2301a64c-5b42-4ca8-851e-12d4a711cfb4,CN=Deleted Objects,DC=release-4-5-0-pre1,DC=samba,DC=corp > lastKnownParent: CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp >+uSNChanged: 3746 > > # record 206 > dn: CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3373 > > # record 207 > dn: CN=System,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3385 > > # record 208 > dn: CN=Builtin,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Builtin-Domain,CN=Schema,CN=Configuration,DC=release-4-5-0- > pre1,DC=samba,DC=corp >+uSNChanged: 3376 > > # record 209 > dn: CN=Computers,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3375 > > # record 210 > dn: CN=NTDS Quotas,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=ms-DS-Quota-Container,CN=Schema,CN=Configuration,DC=release > -4-5-0-pre1,DC=samba,DC=corp >+uSNChanged: 3382 > > # record 211 > dn: CN=LostAndFound,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Lost-And-Found,CN=Schema,CN=Configuration,DC=release-4-5-0- > pre1,DC=samba,DC=corp >+uSNChanged: 3381 > > # record 212 > dn: CN=Program Data,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3383 > > # record 213 > dn: CN=Infrastructure,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Infrastructure-Update,CN=Schema,CN=Configuration,DC=release > -4-5-0-pre1,DC=samba,DC=corp >+uSNChanged: 3597 > > # record 214 > dn: CN=Deleted Objects,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3377 > > # record 215 > dn: CN=ForeignSecurityPrincipals,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1, > DC=samba,DC=corp >+uSNChanged: 3379 > > # record 216 > dn: OU=Domain Controllers,DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=release-4 > -5-0-pre1,DC=samba,DC=corp >+uSNChanged: 3378 > > # record 217 > dn: DC=release-4-5-0-pre1,DC=samba,DC=corp > objectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,DC=release-4-5-0-pre1 > ,DC=samba,DC=corp >+uSNChanged: 3596 > wellKnownObjects: B:32:6227F0AF1FC2410D8E3BB10615BB5B0F:CN=NTDS Quotas,DC=rele > ase-4-5-0-pre1,DC=samba,DC=corp > wellKnownObjects: B:32:F4BE92A4C777485E878E9421D53087DB:CN=Microsoft,CN=Progra >diff --git a/source4/selftest/provisions/release-4-5-0-pre1/rootdse-version.final.txt b/source4/selftest/provisions/release-4-5-0-pre1/rootdse-version.final.txt >new file mode 100644 >index 0000000..0028f9b >--- /dev/null >+++ b/source4/selftest/provisions/release-4-5-0-pre1/rootdse-version.final.txt >@@ -0,0 +1 @@ >+highestCommittedUSN: 3746 >diff --git a/source4/selftest/provisions/release-4-5-0-pre1/rootdse-version.initial.txt b/source4/selftest/provisions/release-4-5-0-pre1/rootdse-version.initial.txt >new file mode 100644 >index 0000000..0028f9b >--- /dev/null >+++ b/source4/selftest/provisions/release-4-5-0-pre1/rootdse-version.initial.txt >@@ -0,0 +1 @@ >+highestCommittedUSN: 3746 >diff --git a/testprogs/blackbox/dbcheck-oldrelease.sh b/testprogs/blackbox/dbcheck-oldrelease.sh >index dd176cf..ecab003 100755 >--- a/testprogs/blackbox/dbcheck-oldrelease.sh >+++ b/testprogs/blackbox/dbcheck-oldrelease.sh >@@ -181,6 +181,13 @@ check_expected_before_values() { > if [ "$?" != "0" ]; then > return 1 > fi >+ elif [ x$RELEASE = x"release-4-5-0-pre1" ]; then >+ tmpldif=$PREFIX_ABS/$RELEASE/rootdse-version.initial.txt.tmp >+ TZ=UTC $ldbsearch -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb -s base -b '' | grep highestCommittedUSN > $tmpldif >+ diff $tmpldif $release_dir/rootdse-version.initial.txt >+ if [ "$?" != "0" ]; then >+ return 1 >+ fi > fi > return 0 > } >@@ -233,11 +240,20 @@ check_expected_after_values() { > elif [ x$RELEASE = x"release-4-5-0-pre1" ]; then > echo $RELEASE checking after values > tmpldif=$PREFIX_ABS/$RELEASE/expected-links-after-dbcheck.ldif.tmp >- $BINDIR/ldbsearch -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb --show-recycled --show-deleted --show-deactivated-link --reveal member memberOf lastKnownParent objectCategory lastKnownParent wellKnownObjects legacyExchangeDN sAMAccountType --sorted > $tmpldif >+ $BINDIR/ldbsearch -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb --show-recycled --show-deleted --show-deactivated-link --reveal member memberOf lastKnownParent objectCategory lastKnownParent wellKnownObjects legacyExchangeDN sAMAccountType uSNChanged --sorted > $tmpldif > diff $tmpldif $release_dir/expected-links-after-dbcheck.ldif > if [ "$?" != "0" ]; then > return 1 > fi >+ >+ # If in the future dbcheck has to make a change recorded in replPropertyMetadata, >+ # this test will fail and can be removed. >+ tmpversion=$PREFIX_ABS/$RELEASE/rootdse-version.final.txt.tmp >+ TZ=UTC $ldbsearch -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb -s base -b '' | grep highestCommittedUSN > $tmpversion >+ diff $tmpversion $release_dir/rootdse-version.final.txt >+ if [ "$?" != "0" ]; then >+ return 1 >+ fi > fi > return 0 > } >-- >1.9.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
abartlet
:
review+
Actions:
View
Attachments on
bug 12382
:
12587
|
12588
| 12589