From 58c5ae47b8a81b384f1ae0e386be46a836f4c21e Mon Sep 17 00:00:00 2001 From: Garming Sam Date: Fri, 21 Oct 2016 11:40:51 +1300 Subject: [PATCH 1/2] tombstones-expunge: Add a test for deleting links to recycled objects Currently this fails because we rely on a GUID DN, which fails to resolve in the case that the GUID no longer exists in the database (i.e. when that object has been purged after 6 months). The tests use a made up extended DN built from fred where the GUID has been tweaked. Signed-off-by: Garming Sam BUG: https://bugzilla.samba.org/show_bug.cgi?id=12385 --- selftest/knownfail | 1 + .../release-4-5-0-pre1/add-dangling-link.ldif | 5 +++++ .../release-4-5-0-pre1/expected-expunge-output.txt | 2 +- .../release-4-5-0-pre1/expected-match-rule-links.ldif | 18 +++++++++++------- testprogs/blackbox/tombstones-expunge.sh | 9 +++++++++ 5 files changed, 27 insertions(+), 8 deletions(-) create mode 100644 source4/selftest/provisions/release-4-5-0-pre1/add-dangling-link.ldif diff --git a/selftest/knownfail b/selftest/knownfail index 976761b..efc69b7 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -294,3 +294,4 @@ #ntvfs server blocks copychunk with execute access on read handle ^samba4.smb2.ioctl.copy_chunk_bad_access ^samba4.drs.getnc_exop.python.*getnc_exop.DrsReplicaPrefixMapTestCase.test_regular_prefix_map_ex_attid.* +^samba4.blackbox.tombstones-expunge.release-4-5-0-pre1.tombstones_expunge diff --git a/source4/selftest/provisions/release-4-5-0-pre1/add-dangling-link.ldif b/source4/selftest/provisions/release-4-5-0-pre1/add-dangling-link.ldif new file mode 100644 index 0000000..67a294d --- /dev/null +++ b/source4/selftest/provisions/release-4-5-0-pre1/add-dangling-link.ldif @@ -0,0 +1,5 @@ +# fred-clone is a duplication of CN=fred,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp with the GUID slightly modified and a different DN +dn: CN=Domain Users,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp +changetype: modify +add: member +member: ;;;;;;;;;CN=fred-clone,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp diff --git a/source4/selftest/provisions/release-4-5-0-pre1/expected-expunge-output.txt b/source4/selftest/provisions/release-4-5-0-pre1/expected-expunge-output.txt index bcc5955..6826257 100644 --- a/source4/selftest/provisions/release-4-5-0-pre1/expected-expunge-output.txt +++ b/source4/selftest/provisions/release-4-5-0-pre1/expected-expunge-output.txt @@ -1 +1 @@ -Removed 7 objects and 1 links successfully +Removed 7 objects and 2 links successfully diff --git a/source4/selftest/provisions/release-4-5-0-pre1/expected-match-rule-links.ldif b/source4/selftest/provisions/release-4-5-0-pre1/expected-match-rule-links.ldif index 2b2f021..1553c1b 100644 --- a/source4/selftest/provisions/release-4-5-0-pre1/expected-match-rule-links.ldif +++ b/source4/selftest/provisions/release-4-5-0-pre1/expected-match-rule-links.ldif @@ -4,31 +4,35 @@ member: CN=fred,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp member: CN=user1,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp # record 2 +dn: CN=Domain Users,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp +member: CN=fred-clone,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp + +# record 3 dn: CN=ddg\0ADEL:fb8c2fe3-5448-43de-99f9-e1d3b9357cfc,CN=Deleted Objects,DC=release-4-5-0-pre1,DC=samba,DC=corp member: CN=User UT. Tester,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp member: CN=User1 UT. Tester,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp -# record 3 +# record 4 dn: CN=dsg\0ADEL:6d66d0ef-cad7-4e5d-b1b6-4a233a21c269,CN=Deleted Objects,DC=release-4-5-0-pre1,DC=samba,DC=corp member: CN=User UT. Tester,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp member: CN=User1 UT. Tester,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp -# record 4 +# record 5 dn: CN=gdg\0ADEL:e0f581e7-14ee-4fc2-839c-8f46f581c72a,CN=Deleted Objects,DC=release-4-5-0-pre1,DC=samba,DC=corp member: CN=User UT. Tester,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp member: CN=User1 UT. Tester,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp -# record 5 +# record 6 dn: CN=gsg\0ADEL:91aa85cc-fc19-4b8c-9fc7-aaba425439c7,CN=Deleted Objects,DC=release-4-5-0-pre1,DC=samba,DC=corp member: CN=User UT. Tester,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp member: CN=User1 UT. Tester,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp -# record 6 +# record 7 dn: CN=udg\0ADEL:7cff5537-51b1-4d26-a295-0225dbea8525,CN=Deleted Objects,DC=release-4-5-0-pre1,DC=samba,DC=corp member: CN=User UT. Tester,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp member: CN=User1 UT. Tester,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp -# record 7 +# record 8 dn: CN=usg\0ADEL:d012e8f5-a4bd-40ea-a2a1-68ff2508847d,CN=Deleted Objects,DC=release-4-5-0-pre1,DC=samba,DC=corp member: CN=User UT. Tester,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp member: CN=User1 UT. Tester,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp @@ -42,6 +46,6 @@ ref: ldap:///DC=DomainDnsZones,DC=release-4-5-0-pre1,DC=samba,DC=corp # Referral ref: ldap:///DC=ForestDnsZones,DC=release-4-5-0-pre1,DC=samba,DC=corp -# returned 10 records -# 7 entries +# returned 11 records +# 8 entries # 3 referrals diff --git a/testprogs/blackbox/tombstones-expunge.sh b/testprogs/blackbox/tombstones-expunge.sh index 49a5073..33cb0b1 100755 --- a/testprogs/blackbox/tombstones-expunge.sh +++ b/testprogs/blackbox/tombstones-expunge.sh @@ -68,6 +68,14 @@ tombstones_expunge() { fi } +add_dangling_link() { + ldif=$release_dir/add-dangling-link.ldif + TZ=UTC $ldbmodify -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb.d/DC%3DRELEASE-4-5-0-PRE1,DC%3DSAMBA,DC%3DCORP.ldb $ldif + if [ "$?" != "0" ]; then + return 1 + fi +} + add_two_more_users() { ldif=$release_dir/add-two-more-users.ldif TZ=UTC $ldbadd -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb $ldif @@ -172,6 +180,7 @@ if [ -d $release_dir ]; then testit $RELEASE undump testit "add_two_more_users" add_two_more_users testit "add_four_more_links" add_four_more_links + testit "add_dangling_link" add_dangling_link testit "remove_one_link" remove_one_link testit "remove_one_user" remove_one_user testit "check_match_rule_links" check_match_rule_links -- 1.9.1 From a2fda6b21aa269070dd14737ad0e4f84347d4e2f Mon Sep 17 00:00:00 2001 From: Garming Sam Date: Fri, 21 Oct 2016 15:50:09 +1300 Subject: [PATCH 2/2] collect_tombstones: Allow links to recycled objects to be deleted The reason we choose to provide the string DN is because extended_dn_in will try to correct the by searching on it (despite the fact it does not exist and then failing on a ldb_dn_validate in objectclass_attrs). We can now also remove the dangling link test from the knownfail. Signed-off-by: Garming Sam BUG: https://bugzilla.samba.org/show_bug.cgi?id=12385 --- selftest/knownfail | 1 - source4/dsdb/kcc/garbage_collect_tombstones.c | 5 +++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/selftest/knownfail b/selftest/knownfail index efc69b7..976761b 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -294,4 +294,3 @@ #ntvfs server blocks copychunk with execute access on read handle ^samba4.smb2.ioctl.copy_chunk_bad_access ^samba4.drs.getnc_exop.python.*getnc_exop.DrsReplicaPrefixMapTestCase.test_regular_prefix_map_ex_attid.* -^samba4.blackbox.tombstones-expunge.release-4-5-0-pre1.tombstones_expunge diff --git a/source4/dsdb/kcc/garbage_collect_tombstones.c b/source4/dsdb/kcc/garbage_collect_tombstones.c index ad14d5e..1909cfe 100644 --- a/source4/dsdb/kcc/garbage_collect_tombstones.c +++ b/source4/dsdb/kcc/garbage_collect_tombstones.c @@ -193,8 +193,9 @@ static NTSTATUS garbage_collect_tombstones_part(TALLOC_CTX *mem_ctx, guid_buf_str = GUID_buf_string(&guid, &buf_guid); guid_search_str = talloc_asprintf(mem_ctx, - "", - guid_buf_str); + ";%s", + guid_buf_str, + dsdb_dn_get_linearized(mem_ctx, dn)); cleanup_val = data_blob_string_const(guid_search_str); talloc_free(dn); -- 1.9.1