The Samba-Bugzilla – Attachment 12594 Details for
Bug 12385
Tombstone expunge does not remove links to recycled objects
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch to detect recycled objects
tombstones (text/plain), 8.40 KB, created by
Garming Sam
on 2016-10-21 03:40:24 UTC
(
hide
)
Description:
Patch to detect recycled objects
Filename:
MIME Type:
Creator:
Garming Sam
Created:
2016-10-21 03:40:24 UTC
Size:
8.40 KB
patch
obsolete
>From 58c5ae47b8a81b384f1ae0e386be46a836f4c21e Mon Sep 17 00:00:00 2001 >From: Garming Sam <garming@catalyst.net.nz> >Date: Fri, 21 Oct 2016 11:40:51 +1300 >Subject: [PATCH 1/2] tombstones-expunge: Add a test for deleting links to > recycled objects > >Currently this fails because we rely on a GUID DN, which fails to >resolve in the case that the GUID no longer exists in the database (i.e. >when that object has been purged after 6 months). > >The tests use a made up extended DN built from fred where the GUID has >been tweaked. > >Signed-off-by: Garming Sam <garming@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12385 >--- > selftest/knownfail | 1 + > .../release-4-5-0-pre1/add-dangling-link.ldif | 5 +++++ > .../release-4-5-0-pre1/expected-expunge-output.txt | 2 +- > .../release-4-5-0-pre1/expected-match-rule-links.ldif | 18 +++++++++++------- > testprogs/blackbox/tombstones-expunge.sh | 9 +++++++++ > 5 files changed, 27 insertions(+), 8 deletions(-) > create mode 100644 source4/selftest/provisions/release-4-5-0-pre1/add-dangling-link.ldif > >diff --git a/selftest/knownfail b/selftest/knownfail >index 976761b..efc69b7 100644 >--- a/selftest/knownfail >+++ b/selftest/knownfail >@@ -294,3 +294,4 @@ > #ntvfs server blocks copychunk with execute access on read handle > ^samba4.smb2.ioctl.copy_chunk_bad_access > ^samba4.drs.getnc_exop.python.*getnc_exop.DrsReplicaPrefixMapTestCase.test_regular_prefix_map_ex_attid.* >+^samba4.blackbox.tombstones-expunge.release-4-5-0-pre1.tombstones_expunge >diff --git a/source4/selftest/provisions/release-4-5-0-pre1/add-dangling-link.ldif b/source4/selftest/provisions/release-4-5-0-pre1/add-dangling-link.ldif >new file mode 100644 >index 0000000..67a294d >--- /dev/null >+++ b/source4/selftest/provisions/release-4-5-0-pre1/add-dangling-link.ldif >@@ -0,0 +1,5 @@ >+# fred-clone is a duplication of CN=fred,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp with the GUID slightly modified and a different DN >+dn: CN=Domain Users,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp >+changetype: modify >+add: member >+member: <GUID=2302a65c-5b43-4ca9-850e-12d4a712cfb5>;<RMD_ADDTIME=131116485990000000>;<RMD_CHANGETIME=131116485990000000>;<RMD_FLAGS=1>;<RMD_INVOCID=4e4496a3-7fb8-4f97-8a33-d238db8b5e2d>;<RMD_LOCAL_USN=3745>;<RMD_ORIGINATING_USN=3745>;<RMD_VERSION=1>;<SID=S-1-5-21-4177067393-1453636373-93818738-1111>;CN=fred-clone,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp >diff --git a/source4/selftest/provisions/release-4-5-0-pre1/expected-expunge-output.txt b/source4/selftest/provisions/release-4-5-0-pre1/expected-expunge-output.txt >index bcc5955..6826257 100644 >--- a/source4/selftest/provisions/release-4-5-0-pre1/expected-expunge-output.txt >+++ b/source4/selftest/provisions/release-4-5-0-pre1/expected-expunge-output.txt >@@ -1 +1 @@ >-Removed 7 objects and 1 links successfully >+Removed 7 objects and 2 links successfully >diff --git a/source4/selftest/provisions/release-4-5-0-pre1/expected-match-rule-links.ldif b/source4/selftest/provisions/release-4-5-0-pre1/expected-match-rule-links.ldif >index 2b2f021..1553c1b 100644 >--- a/source4/selftest/provisions/release-4-5-0-pre1/expected-match-rule-links.ldif >+++ b/source4/selftest/provisions/release-4-5-0-pre1/expected-match-rule-links.ldif >@@ -4,31 +4,35 @@ member: CN=fred,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp > member: CN=user1,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp > > # record 2 >+dn: CN=Domain Users,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp >+member: CN=fred-clone,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp >+ >+# record 3 > dn: CN=ddg\0ADEL:fb8c2fe3-5448-43de-99f9-e1d3b9357cfc,CN=Deleted Objects,DC=release-4-5-0-pre1,DC=samba,DC=corp > member: CN=User UT. Tester,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp > member: CN=User1 UT. Tester,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp > >-# record 3 >+# record 4 > dn: CN=dsg\0ADEL:6d66d0ef-cad7-4e5d-b1b6-4a233a21c269,CN=Deleted Objects,DC=release-4-5-0-pre1,DC=samba,DC=corp > member: CN=User UT. Tester,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp > member: CN=User1 UT. Tester,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp > >-# record 4 >+# record 5 > dn: CN=gdg\0ADEL:e0f581e7-14ee-4fc2-839c-8f46f581c72a,CN=Deleted Objects,DC=release-4-5-0-pre1,DC=samba,DC=corp > member: CN=User UT. Tester,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp > member: CN=User1 UT. Tester,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp > >-# record 5 >+# record 6 > dn: CN=gsg\0ADEL:91aa85cc-fc19-4b8c-9fc7-aaba425439c7,CN=Deleted Objects,DC=release-4-5-0-pre1,DC=samba,DC=corp > member: CN=User UT. Tester,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp > member: CN=User1 UT. Tester,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp > >-# record 6 >+# record 7 > dn: CN=udg\0ADEL:7cff5537-51b1-4d26-a295-0225dbea8525,CN=Deleted Objects,DC=release-4-5-0-pre1,DC=samba,DC=corp > member: CN=User UT. Tester,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp > member: CN=User1 UT. Tester,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp > >-# record 7 >+# record 8 > dn: CN=usg\0ADEL:d012e8f5-a4bd-40ea-a2a1-68ff2508847d,CN=Deleted Objects,DC=release-4-5-0-pre1,DC=samba,DC=corp > member: CN=User UT. Tester,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp > member: CN=User1 UT. Tester,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp >@@ -42,6 +46,6 @@ ref: ldap:///DC=DomainDnsZones,DC=release-4-5-0-pre1,DC=samba,DC=corp > # Referral > ref: ldap:///DC=ForestDnsZones,DC=release-4-5-0-pre1,DC=samba,DC=corp > >-# returned 10 records >-# 7 entries >+# returned 11 records >+# 8 entries > # 3 referrals >diff --git a/testprogs/blackbox/tombstones-expunge.sh b/testprogs/blackbox/tombstones-expunge.sh >index 49a5073..33cb0b1 100755 >--- a/testprogs/blackbox/tombstones-expunge.sh >+++ b/testprogs/blackbox/tombstones-expunge.sh >@@ -68,6 +68,14 @@ tombstones_expunge() { > fi > } > >+add_dangling_link() { >+ ldif=$release_dir/add-dangling-link.ldif >+ TZ=UTC $ldbmodify -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb.d/DC%3DRELEASE-4-5-0-PRE1,DC%3DSAMBA,DC%3DCORP.ldb $ldif >+ if [ "$?" != "0" ]; then >+ return 1 >+ fi >+} >+ > add_two_more_users() { > ldif=$release_dir/add-two-more-users.ldif > TZ=UTC $ldbadd -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb $ldif >@@ -172,6 +180,7 @@ if [ -d $release_dir ]; then > testit $RELEASE undump > testit "add_two_more_users" add_two_more_users > testit "add_four_more_links" add_four_more_links >+ testit "add_dangling_link" add_dangling_link > testit "remove_one_link" remove_one_link > testit "remove_one_user" remove_one_user > testit "check_match_rule_links" check_match_rule_links >-- >1.9.1 > > >From a2fda6b21aa269070dd14737ad0e4f84347d4e2f Mon Sep 17 00:00:00 2001 >From: Garming Sam <garming@catalyst.net.nz> >Date: Fri, 21 Oct 2016 15:50:09 +1300 >Subject: [PATCH 2/2] collect_tombstones: Allow links to recycled objects to be > deleted > >The reason we choose to provide the string DN is because extended_dn_in >will try to correct the <GUID=...> by searching on it (despite the fact >it does not exist and then failing on a ldb_dn_validate in >objectclass_attrs). > >We can now also remove the dangling link test from the knownfail. > >Signed-off-by: Garming Sam <garming@catalyst.net.nz> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12385 >--- > selftest/knownfail | 1 - > source4/dsdb/kcc/garbage_collect_tombstones.c | 5 +++-- > 2 files changed, 3 insertions(+), 3 deletions(-) > >diff --git a/selftest/knownfail b/selftest/knownfail >index efc69b7..976761b 100644 >--- a/selftest/knownfail >+++ b/selftest/knownfail >@@ -294,4 +294,3 @@ > #ntvfs server blocks copychunk with execute access on read handle > ^samba4.smb2.ioctl.copy_chunk_bad_access > ^samba4.drs.getnc_exop.python.*getnc_exop.DrsReplicaPrefixMapTestCase.test_regular_prefix_map_ex_attid.* >-^samba4.blackbox.tombstones-expunge.release-4-5-0-pre1.tombstones_expunge >diff --git a/source4/dsdb/kcc/garbage_collect_tombstones.c b/source4/dsdb/kcc/garbage_collect_tombstones.c >index ad14d5e..1909cfe 100644 >--- a/source4/dsdb/kcc/garbage_collect_tombstones.c >+++ b/source4/dsdb/kcc/garbage_collect_tombstones.c >@@ -193,8 +193,9 @@ static NTSTATUS garbage_collect_tombstones_part(TALLOC_CTX *mem_ctx, > > guid_buf_str = GUID_buf_string(&guid, &buf_guid); > guid_search_str = talloc_asprintf(mem_ctx, >- "<GUID=%s>", >- guid_buf_str); >+ "<GUID=%s>;%s", >+ guid_buf_str, >+ dsdb_dn_get_linearized(mem_ctx, dn)); > cleanup_val = data_blob_string_const(guid_search_str); > > talloc_free(dn); >-- >1.9.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=12594">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
abartlet
:
review+
Actions:
View
Attachments on
bug 12385
:
12593
| 12594