Attachment 12913 Details for Bug 12573 – patch cherry-picked from master

[patch] patch cherry-picked from master

0001-samba_dsdb-Use-and-maintain-compatibleFeatures-and-r.patch (text/plain), 9.82 KB, created by Andrew Bartlett on 2017-02-09 23:29:23 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Andrew Bartlett

Created: 2017-02-09 23:29:23 UTC

Size: 9.82 KB

patch

obsolete

>From e81a7c6dfe93ab18da35996f98a757a6f3147549 Mon Sep 17 00:00:00 2001
>From: Andrew Bartlett <abartlet@samba.org>
>Date: Thu, 12 Jan 2017 16:51:45 +1300
>Subject: [PATCH] samba_dsdb: Use and maintain compatibleFeatures and
> requiredFeatures in @SAMBA_DSDB
>
>This will allow us to introduce new database features that are
>backward compatible from the point of view of older versions of Samba,
>but which will be damaged by modifying the database with such a
>version.
>
>For example, if linked attributes are stored in sorted order in 4.7,
>and this change, without any values in current_supportedFeatures is
>itself included in 4.6, then our sortedLinks are backward compatible
>to that release.
>
>That is with 4.6 (including this patch) which doesn't care about
>ordering -- but a downgraded 4.7 database used by 4.6 will be broken
>when later used with 4.7.  If we add a 'sortedLinks' feature flag in
>compatibleFeatures, we can detect that.
>
>This will allow us to determine if the database still contains
>unsorted links, as that information allows us to make the code
>handling links much more efficient.
>
>We won't add the actual flag until all the code is in place.
>
>Andrew wrote the actual code and Douglas wrote the tests, and they
>cross-reviewed.
>
>Signed-off-by: Andrew Bartlett <abartlet@samba.org>
>Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
>Piar-programmed-with: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
>Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
>Reviewed-by: Andrew Bartlett <abartlet@samba.org>
>
>selftest: check for database features flags
>(cherry picked from commit 8368e06ff65cc70e1cf13a0eb4349033e068fcc6)
>---
> source4/dsdb/samdb/ldb_modules/samba_dsdb.c        | 78 +++++++++++++++++++-
> source4/dsdb/samdb/samdb.h                         |  2 +
> source4/selftest/tests.py                          |  5 ++
> source4/setup/tests/blackbox_supported_features.sh | 86 ++++++++++++++++++++++
> 4 files changed, 169 insertions(+), 2 deletions(-)
> create mode 100755 source4/setup/tests/blackbox_supported_features.sh
>
>diff --git a/source4/dsdb/samdb/ldb_modules/samba_dsdb.c b/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
>index 21168a9d714..9de62f386c9 100644
>--- a/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
>+++ b/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
>@@ -231,7 +231,7 @@ static int set_ldap_credentials(struct ldb_context *ldb, bool use_external)
> static int samba_dsdb_init(struct ldb_module *module)
> {
> 	struct ldb_context *ldb = ldb_module_get_ctx(module);
>-	int ret, len, i;
>+	int ret, len, i, j;
> 	TALLOC_CTX *tmp_ctx = talloc_new(module);
> 	struct ldb_result *res;
> 	struct ldb_message *rootdse_msg = NULL, *partition_msg;
>@@ -317,11 +317,15 @@ static int samba_dsdb_init(struct ldb_module *module)
> 	static const char *openldap_backend_modules[] = {
> 		"dsdb_flags_ignore", "entryuuid", "simple_dn", NULL };
> 
>-	static const char *samba_dsdb_attrs[] = { "backendType", NULL };
>+	static const char *samba_dsdb_attrs[] = { "backendType",
>+						  SAMBA_COMPATIBLE_FEATURES_ATTR,
>+						  SAMBA_REQUIRED_FEATURES_ATTR, NULL };
> 	static const char *partition_attrs[] = { "ldapBackend", NULL };
> 	const char *backendType, *backendUrl;
> 	bool use_sasl_external = false;
> 
>+	const char *current_supportedFeatures[] = {};
>+
> 	if (!tmp_ctx) {
> 		return ldb_oom(ldb);
> 	}
>@@ -357,7 +361,77 @@ static int samba_dsdb_init(struct ldb_module *module)
> 	if (ret == LDB_ERR_NO_SUCH_OBJECT) {
> 		backendType = "ldb";
> 	} else if (ret == LDB_SUCCESS) {
>+		struct ldb_message_element *requiredFeatures;
>+		struct ldb_message_element *old_compatibleFeatures;
>+
> 		backendType = ldb_msg_find_attr_as_string(res->msgs[0], "backendType", "ldb");
>+
>+		requiredFeatures = ldb_msg_find_element(res->msgs[0], SAMBA_REQUIRED_FEATURES_ATTR);
>+		if (requiredFeatures != NULL) {
>+			ldb_set_errstring(ldb, "This Samba database was created with "
>+					  "a newer Samba version and is marked with "
>+					  "requiredFeatures in @SAMBA_DSDB.  "
>+					  "This database can not safely be read by this Samba version");
>+			return LDB_ERR_OPERATIONS_ERROR;
>+		}
>+
>+		old_compatibleFeatures = ldb_msg_find_element(res->msgs[0],
>+							      SAMBA_COMPATIBLE_FEATURES_ATTR);
>+
>+		if (old_compatibleFeatures) {
>+			struct ldb_message *features_msg;
>+			struct ldb_message_element *features_el;
>+
>+			features_msg = ldb_msg_new(res);
>+			if (features_msg == NULL) {
>+				return ldb_module_operr(module);
>+			}
>+			features_msg->dn = samba_dsdb_dn;
>+
>+			ldb_msg_add_empty(features_msg, SAMBA_COMPATIBLE_FEATURES_ATTR,
>+					  LDB_FLAG_MOD_DELETE, &features_el);
>+
>+			for (i = 0;
>+			     old_compatibleFeatures && i < old_compatibleFeatures->num_values;
>+			     i++) {
>+				for (j = 0;
>+				     j < ARRAY_SIZE(current_supportedFeatures); j++) {
>+					if (strcmp((char *)old_compatibleFeatures->values[i].data,
>+						   current_supportedFeatures[j]) == 0) {
>+						break;
>+					}
>+				}
>+				if (j == ARRAY_SIZE(current_supportedFeatures)) {
>+					/*
>+					 * Add to list of features to remove
>+					 * (rather than all features)
>+					 */
>+					ret = ldb_msg_add_value(features_msg, SAMBA_COMPATIBLE_FEATURES_ATTR,
>+								&old_compatibleFeatures->values[i],
>+								NULL);
>+					if (ret != LDB_SUCCESS) {
>+						return ret;
>+					}
>+				}
>+			}
>+			if (features_el->num_values > 0) {
>+				/* Delete by list */
>+				ret = ldb_next_start_trans(module);
>+				if (ret != LDB_SUCCESS) {
>+					return ret;
>+				}
>+				ret = dsdb_module_modify(module, features_msg, DSDB_FLAG_NEXT_MODULE, NULL);
>+				if (ret != LDB_SUCCESS) {
>+					ldb_next_del_trans(module);
>+					return ret;
>+				}
>+				ret = ldb_next_end_trans(module);
>+				if (ret != LDB_SUCCESS) {
>+					return ret;
>+				}
>+			}
>+		}
>+
> 	} else {
> 		talloc_free(tmp_ctx);
> 		return ret;
>diff --git a/source4/dsdb/samdb/samdb.h b/source4/dsdb/samdb/samdb.h
>index 176d065ba56..586a3bfaf0e 100644
>--- a/source4/dsdb/samdb/samdb.h
>+++ b/source4/dsdb/samdb/samdb.h
>@@ -314,4 +314,6 @@ struct dsdb_extended_sec_desc_propagation_op {
>  */
> #define DSDB_FLAG_INTERNAL_FORCE_META_DATA 0x10000
> 
>+#define SAMBA_COMPATIBLE_FEATURES_ATTR "compatibleFeatures"
>+#define SAMBA_REQUIRED_FEATURES_ATTR "requiredFeatures"
> #endif /* __SAMDB_H__ */
>diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
>index ec071065bf6..82f0311cb2f 100755
>--- a/source4/selftest/tests.py
>+++ b/source4/selftest/tests.py
>@@ -633,6 +633,11 @@ plantestsuite_loadlist("samba4.deletetest.python(ad_dc_ntvfs)", "ad_dc_ntvfs", [
> plantestsuite("samba4.blackbox.samba3dump", "none", [os.path.join(samba4srcdir, "selftest/test_samba3dump.sh")])
> plantestsuite("samba4.blackbox.upgrade", "none", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/blackbox_s3upgrade.sh"), '$PREFIX/provision'])
> plantestsuite("samba4.blackbox.provision.py", "none", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/blackbox_provision.sh"), '$PREFIX/provision'])
>+plantestsuite("samba4.blackbox.supported_features", "none",
>+              ["PYTHON=%s" % python,
>+               os.path.join(samba4srcdir,
>+                            "setup/tests/blackbox_supported_features.sh"),
>+               '$PREFIX/provision'])
> plantestsuite("samba4.blackbox.upgradeprovision.current", "none", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/blackbox_upgradeprovision.sh"), '$PREFIX/provision'])
> plantestsuite("samba4.blackbox.setpassword.py", "none", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/blackbox_setpassword.sh"), '$PREFIX/provision'])
> plantestsuite("samba4.blackbox.newuser.py", "none", ["PYTHON=%s" % python, os.path.join(samba4srcdir, "setup/tests/blackbox_newuser.sh"), '$PREFIX/provision'])
>diff --git a/source4/setup/tests/blackbox_supported_features.sh b/source4/setup/tests/blackbox_supported_features.sh
>new file mode 100755
>index 00000000000..640338ebf84
>--- /dev/null
>+++ b/source4/setup/tests/blackbox_supported_features.sh
>@@ -0,0 +1,86 @@
>+#!/bin/sh
>+
>+if [ $# -lt 1 ]; then
>+cat <<EOF
>+Usage: blackbox_supported_features.sh PREFIX
>+EOF
>+exit 1;
>+fi
>+
>+PREFIX="$1"
>+shift 1
>+
>+DBPATH=$PREFIX/supported-features
>+
>+. `dirname $0`/../../../testprogs/blackbox/subunit.sh
>+
>+ldbmodify="ldbmodify"
>+if [ -x "$BINDIR/ldbmodify" ]; then
>+    ldbmodify="$BINDIR/ldbmodify"
>+fi
>+
>+ldbdel="ldbdel"
>+if [ -x "$BINDIR/ldbdel" ]; then
>+    ldbdel="$BINDIR/ldbdel"
>+fi
>+
>+ldbsearch="ldbsearch"
>+if [ -x "$BINDIR/ldbsearch" ]; then
>+    ldbsearch="$BINDIR/ldbsearch"
>+fi
>+
>+testit "provision" $PYTHON $BINDIR/samba-tool domain provision \
>+       --domain=FOO --realm=foo.example.com \
>+       --targetdir=$DBPATH --use-ntvfs
>+
>+testit "add-compatible-feature" $ldbmodify \
>+       -H tdb://$DBPATH/private/sam.ldb <<EOF
>+dn: @SAMBA_DSDB
>+changetype: modify
>+add: compatibleFeatures
>+compatibleFeatures: non-existent-feature
>+-
>+
>+EOF
>+
>+# The non-existent feature is not compatible with this version, so it
>+# should not be listed in compatibleFeatures even though we tried to
>+# put it there.
>+
>+ldb_search_fail() {
>+    $ldbsearch -H tdb://$DBPATH/private/sam.ldb \
>+               -s base -b "$1" "$2" \
>+        |   grep -q "$3"
>+}
>+
>+
>+testit_expect_failure "find-compatible-feature" \
>+                      ldb_search_fail '@SAMBA_DSDB' 'compatibleFeatures' non-existent-feature
>+
>+
>+# just make sure the thing we're using is normally findable
>+testit "find-test-feature" \
>+       $ldbsearch -H tdb://$DBPATH/private/sam.ldb \
>+       -b 'CN=LostAndFound,DC=foo,DC=example,DC=com'
>+
>+
>+testit "add-required-feature" $ldbmodify \
>+       -H tdb://$DBPATH/private/sam.ldb <<EOF
>+dn: @SAMBA_DSDB
>+changetype: modify
>+add: requiredFeatures
>+requiredFeatures: futuristic-feature
>+-
>+
>+EOF
>+
>+# The futuristic-feature is not implemented in this version, but it is
>+# required by this database. A search for anything should fail.
>+
>+testit_expect_failure "find-required-feature" \
>+                      $ldbsearch -H tdb://$DBPATH/private/sam.ldb \
>+                      -b 'CN=LostAndFound,DC=foo,DC=example,DC=com'
>+
>+rm -rf $DBPATH
>+
>+exit $failed
>-- 
>2.11.0
>

Flags:

dbagnall: review+

Actions: View

Attachments on bug 12573: 12913