From 849c85dd0c2583696c8eb0c8402cf63efbbe5c86 Mon Sep 17 00:00:00 2001 From: Garming Sam Date: Wed, 22 Feb 2017 15:43:34 +1300 Subject: [PATCH 1/3] tests/dbcheck: Add a test for two live objects, with a dangling backlink Adds dbcheck 4.5.0pre1 to the knownfail, to be removed later. Signed-off-by: Garming Sam Reviewed-by: Andrew Bartlett BUG: https://bugzilla.samba.org/show_bug.cgi?id=12600 (cherry picked from commit 86f10eaecd4ed9fd9db83d711cbf1f823528d6e5) --- selftest/knownfail | 1 + .../release-4-5-0-pre1/add-dangling-backlink-user.ldif | 3 +++ .../release-4-5-0-pre1/add-dangling-backlink.ldif | 4 ++++ .../release-4-5-0-pre1/expected-dbcheck-link-output.txt | 7 +++++-- testprogs/blackbox/dbcheck-links.sh | 15 +++++++++++++++ 5 files changed, 28 insertions(+), 2 deletions(-) create mode 100644 source4/selftest/provisions/release-4-5-0-pre1/add-dangling-backlink-user.ldif create mode 100644 source4/selftest/provisions/release-4-5-0-pre1/add-dangling-backlink.ldif diff --git a/selftest/knownfail b/selftest/knownfail index d96e238..38e91dd 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -312,3 +312,4 @@ ^samba.tests.dcerpc.dnsserver.samba.tests.dcerpc.dnsserver.DnsserverTests.test_add_duplicate_different_type.* ^samba.tests.dcerpc.dnsserver.samba.tests.dcerpc.dnsserver.DnsserverTests.test_rank_none.* ^samba.tests.dcerpc.dnsserver.samba.tests.dcerpc.dnsserver.DnsserverTests.test_security_descriptor.* +^samba4.blackbox.dbcheck-links.release-4-5-0-pre1.dbcheck\(none\).* diff --git a/source4/selftest/provisions/release-4-5-0-pre1/add-dangling-backlink-user.ldif b/source4/selftest/provisions/release-4-5-0-pre1/add-dangling-backlink-user.ldif new file mode 100644 index 0000000..c35905d --- /dev/null +++ b/source4/selftest/provisions/release-4-5-0-pre1/add-dangling-backlink-user.ldif @@ -0,0 +1,3 @@ +dn: CN=dangling-back,CN=users,DC=release-4-5-0-pre1,DC=samba,DC=corp +objectclass: user +samaccountname: dangling-back diff --git a/source4/selftest/provisions/release-4-5-0-pre1/add-dangling-backlink.ldif b/source4/selftest/provisions/release-4-5-0-pre1/add-dangling-backlink.ldif new file mode 100644 index 0000000..6d8468e --- /dev/null +++ b/source4/selftest/provisions/release-4-5-0-pre1/add-dangling-backlink.ldif @@ -0,0 +1,4 @@ +dn: CN=dangling-back,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp +changetype: modify +add: memberOf +memberOf: ;;CN=Allowed RODC Password Replication Group,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp diff --git a/source4/selftest/provisions/release-4-5-0-pre1/expected-dbcheck-link-output.txt b/source4/selftest/provisions/release-4-5-0-pre1/expected-dbcheck-link-output.txt index ccbe0e2..e6370a4 100644 --- a/source4/selftest/provisions/release-4-5-0-pre1/expected-dbcheck-link-output.txt +++ b/source4/selftest/provisions/release-4-5-0-pre1/expected-dbcheck-link-output.txt @@ -1,4 +1,4 @@ -Checking 221 objects +Checking 222 objects ERROR: linked attribute 'member' to ';;;;;;;;;CN=User UT. Tester,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp' is present on deleted object CN=gsg\0ADEL:91aa85cc-fc19-4b8c-9fc7-aaba425439c7,CN=Deleted Objects,DC=release-4-5-0-pre1,DC=samba,DC=corp Remove linked attribute member [YES] Fixed undead forward link member @@ -27,6 +27,9 @@ Fixed undead forward link member ERROR: linked attribute 'member' to ';;;;;;;;;CN=User1 UT. Tester,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp' is present on deleted object CN=dsg\0ADEL:6d66d0ef-cad7-4e5d-b1b6-4a233a21c269,CN=Deleted Objects,DC=release-4-5-0-pre1,DC=samba,DC=corp Remove linked attribute member [YES] Fixed undead forward link member +ERROR: orphaned backlink attribute 'memberOf' in CN=dangling-back,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp for link member in CN=Allowed RODC Password Replication Group,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp +Remove orphaned backlink memberOf [YES] +Fixed orphaned backlink memberOf ERROR: linked attribute 'member' to ';;;;;;;;;CN=User UT. Tester,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp' is present on deleted object CN=usg\0ADEL:d012e8f5-a4bd-40ea-a2a1-68ff2508847d,CN=Deleted Objects,DC=release-4-5-0-pre1,DC=samba,DC=corp Remove linked attribute member [YES] Fixed undead forward link member @@ -39,4 +42,4 @@ Fixed undead forward link member ERROR: linked attribute 'member' to ';;;;;;;;;CN=User1 UT. Tester,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp' is present on deleted object CN=ddg\0ADEL:fb8c2fe3-5448-43de-99f9-e1d3b9357cfc,CN=Deleted Objects,DC=release-4-5-0-pre1,DC=samba,DC=corp Remove linked attribute member [YES] Fixed undead forward link member -Checked 221 objects (13 errors) +Checked 222 objects (14 errors) diff --git a/testprogs/blackbox/dbcheck-links.sh b/testprogs/blackbox/dbcheck-links.sh index 0799a50..f6c6a76 100755 --- a/testprogs/blackbox/dbcheck-links.sh +++ b/testprogs/blackbox/dbcheck-links.sh @@ -91,6 +91,20 @@ dbcheck_clean() { fi } +add_dangling_backlink() { + ldif=$release_dir/add-dangling-backlink-user.ldif + TZ=UTC $ldbadd -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb $ldif + if [ "$?" != "0" ]; then + return 1 + fi + + ldif=$release_dir/add-dangling-backlink.ldif + TZ=UTC $ldbmodify -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb.d/DC%3DRELEASE-4-5-0-PRE1,DC%3DSAMBA,DC%3DCORP.ldb $ldif + if [ "$?" != "0" ]; then + return 1 + fi +} + add_two_more_users() { ldif=$release_dir/add-two-more-users.ldif TZ=UTC $ldbadd -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb $ldif @@ -172,6 +186,7 @@ if [ -d $release_dir ]; then testit "remove_one_link" remove_one_link testit "remove_one_user" remove_one_user testit "move_one_user" move_one_user + testit "add_dangling_backlink" add_dangling_backlink testit "dbcheck" dbcheck testit "dbcheck_clean" dbcheck_clean testit "check_expected_after_deleted_links" check_expected_after_deleted_links -- 1.9.1 From d1cb5140c8e539b44aa29dc60c33e26a8050bb69 Mon Sep 17 00:00:00 2001 From: Garming Sam Date: Wed, 22 Feb 2017 17:43:21 +1300 Subject: [PATCH 2/3] tests/dbcheck: Add a test for two live objects, with a dangling forward link Handling backlinks appears to be rather non-deterministic, so the forward link hangs off of the RODC replication group (which has no other valid forward links). In other situations, it either won't delete the memberOf, or the expected output order will vary. Signed-off-by: Garming Sam Reviewed-by: Andrew Bartlett BUG: https://bugzilla.samba.org/show_bug.cgi?id=12600 (cherry picked from commit 6f2deb01fa1c6e81f101df49990dadcbc9c31226) --- .../add-dangling-forwardlink-user.ldif | 3 +++ .../add-initially-normal-link.ldif | 4 ++++ .../release-4-5-0-pre1/delete-only-backlink.ldif | 4 ++++ .../expected-dbcheck-link-output.txt | 7 +++++-- testprogs/blackbox/dbcheck-links.sh | 22 ++++++++++++++++++++++ 5 files changed, 38 insertions(+), 2 deletions(-) create mode 100644 source4/selftest/provisions/release-4-5-0-pre1/add-dangling-forwardlink-user.ldif create mode 100644 source4/selftest/provisions/release-4-5-0-pre1/add-initially-normal-link.ldif create mode 100644 source4/selftest/provisions/release-4-5-0-pre1/delete-only-backlink.ldif diff --git a/source4/selftest/provisions/release-4-5-0-pre1/add-dangling-forwardlink-user.ldif b/source4/selftest/provisions/release-4-5-0-pre1/add-dangling-forwardlink-user.ldif new file mode 100644 index 0000000..db4a68c --- /dev/null +++ b/source4/selftest/provisions/release-4-5-0-pre1/add-dangling-forwardlink-user.ldif @@ -0,0 +1,3 @@ +dn: CN=dangling-forward,CN=users,DC=release-4-5-0-pre1,DC=samba,DC=corp +objectclass: user +samaccountname: dangling-forward diff --git a/source4/selftest/provisions/release-4-5-0-pre1/add-initially-normal-link.ldif b/source4/selftest/provisions/release-4-5-0-pre1/add-initially-normal-link.ldif new file mode 100644 index 0000000..35b282b --- /dev/null +++ b/source4/selftest/provisions/release-4-5-0-pre1/add-initially-normal-link.ldif @@ -0,0 +1,4 @@ +dn: CN=Allowed RODC Password Replication Group,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp +changetype: modify +add: member +member: cn=dangling-forward,cn=users,DC=release-4-5-0-pre1,DC=samba,DC=corp diff --git a/source4/selftest/provisions/release-4-5-0-pre1/delete-only-backlink.ldif b/source4/selftest/provisions/release-4-5-0-pre1/delete-only-backlink.ldif new file mode 100644 index 0000000..d97550c --- /dev/null +++ b/source4/selftest/provisions/release-4-5-0-pre1/delete-only-backlink.ldif @@ -0,0 +1,4 @@ +dn: CN=dangling-forward,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp +changetype: modify +delete: memberOf +memberOf: ;;CN=Allowed RODC Password Replication Group,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp diff --git a/source4/selftest/provisions/release-4-5-0-pre1/expected-dbcheck-link-output.txt b/source4/selftest/provisions/release-4-5-0-pre1/expected-dbcheck-link-output.txt index e6370a4..ea2ef23 100644 --- a/source4/selftest/provisions/release-4-5-0-pre1/expected-dbcheck-link-output.txt +++ b/source4/selftest/provisions/release-4-5-0-pre1/expected-dbcheck-link-output.txt @@ -1,4 +1,4 @@ -Checking 222 objects +Checking 223 objects ERROR: linked attribute 'member' to ';;;;;;;;;CN=User UT. Tester,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp' is present on deleted object CN=gsg\0ADEL:91aa85cc-fc19-4b8c-9fc7-aaba425439c7,CN=Deleted Objects,DC=release-4-5-0-pre1,DC=samba,DC=corp Remove linked attribute member [YES] Fixed undead forward link member @@ -11,6 +11,9 @@ Fixed undead forward link member ERROR: linked attribute 'member' to ';;;;;;;;;CN=User1 UT. Tester,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp' is present on deleted object CN=udg\0ADEL:7cff5537-51b1-4d26-a295-0225dbea8525,CN=Deleted Objects,DC=release-4-5-0-pre1,DC=samba,DC=corp Remove linked attribute member [YES] Fixed undead forward link member +ERROR: missing backlink attribute 'memberOf' in CN=dangling-forward,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp for link member in CN=Allowed RODC Password Replication Group,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp +Fix missing backlink memberOf [YES] +Fixed missing backlink memberOf ERROR: target DN is deleted for member in object CN=swimmers,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp - ;;;;;;;;;CN=fred,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp Target GUID points at deleted DN 'CN=fred\\0ADEL:2301a64c-5b42-4ca8-851e-12d4a711cfb4,CN=Deleted Objects,DC=release-4-5-0-pre1,DC=samba,DC=corp' Remove stale DN link? [YES] @@ -42,4 +45,4 @@ Fixed undead forward link member ERROR: linked attribute 'member' to ';;;;;;;;;CN=User1 UT. Tester,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp' is present on deleted object CN=ddg\0ADEL:fb8c2fe3-5448-43de-99f9-e1d3b9357cfc,CN=Deleted Objects,DC=release-4-5-0-pre1,DC=samba,DC=corp Remove linked attribute member [YES] Fixed undead forward link member -Checked 222 objects (14 errors) +Checked 223 objects (15 errors) diff --git a/testprogs/blackbox/dbcheck-links.sh b/testprogs/blackbox/dbcheck-links.sh index f6c6a76..2a1bfba 100755 --- a/testprogs/blackbox/dbcheck-links.sh +++ b/testprogs/blackbox/dbcheck-links.sh @@ -91,6 +91,27 @@ dbcheck_clean() { fi } +add_dangling_link() { + ldif=$release_dir/add-dangling-forwardlink-user.ldif + TZ=UTC $ldbadd -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb $ldif + if [ "$?" != "0" ]; then + return 1 + fi + + ldif=$release_dir/add-initially-normal-link.ldif + TZ=UTC $ldbmodify -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb $ldif + if [ "$?" != "0" ]; then + return 1 + fi + sleep 6 + + ldif=$release_dir/delete-only-backlink.ldif + TZ=UTC $ldbmodify -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb.d/DC%3DRELEASE-4-5-0-PRE1,DC%3DSAMBA,DC%3DCORP.ldb $ldif + if [ "$?" != "0" ]; then + return 1 + fi +} + add_dangling_backlink() { ldif=$release_dir/add-dangling-backlink-user.ldif TZ=UTC $ldbadd -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb $ldif @@ -186,6 +207,7 @@ if [ -d $release_dir ]; then testit "remove_one_link" remove_one_link testit "remove_one_user" remove_one_user testit "move_one_user" move_one_user + testit "add_dangling_link" add_dangling_link testit "add_dangling_backlink" add_dangling_backlink testit "dbcheck" dbcheck testit "dbcheck_clean" dbcheck_clean -- 1.9.1 From 8166f2d4132ecca6f0af64b143be61092eaede29 Mon Sep 17 00:00:00 2001 From: Garming Sam Date: Wed, 22 Feb 2017 15:42:46 +1300 Subject: [PATCH 3/3] dbchecker: Stop ignoring linked cases where both objects are alive Previously, this did nothing and the code was both untested and unused. Removes the knownfail entry for dbcheck. Signed-off-by: Garming Sam Reviewed-by: Andrew Bartlett BUG: https://bugzilla.samba.org/show_bug.cgi?id=12600 (cherry picked from commit 0a7c6b56563faeafd61a620cb330349671bc9f3b) --- python/samba/dbchecker.py | 23 +++++++++++++---------- selftest/knownfail | 1 - 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/python/samba/dbchecker.py b/python/samba/dbchecker.py index 22819de..032c0e7 100644 --- a/python/samba/dbchecker.py +++ b/python/samba/dbchecker.py @@ -645,10 +645,9 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base))) self.report("Not fixing missing backlink %s" % backlink_name) return m = ldb.Message() - m.dn = obj.dn - m['old_value'] = ldb.MessageElement(val, ldb.FLAG_MOD_DELETE, attrname) - m['new_value'] = ldb.MessageElement(val, ldb.FLAG_MOD_ADD, attrname) - if self.do_modify(m, ["show_recycled:1"], + m.dn = target_dn + m['new_value'] = ldb.MessageElement(val, ldb.FLAG_MOD_ADD, backlink_name) + if self.do_modify(m, ["show_recycled:1", "relax:0"], "Failed to fix missing backlink %s" % backlink_name): self.report("Fixed missing backlink %s" % (backlink_name)) @@ -974,12 +973,16 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base))) if v_guid == obj_guid: match_count += 1 if match_count != 1: - if target_is_deleted: - error_count += 1 - if linkID & 1: - self.err_missing_backlink(obj, attrname, val, reverse_link_name, dsdb_dn.dn) - else: - self.err_orphaned_backlink(obj, attrname, val, reverse_link_name, dsdb_dn.dn) + error_count += 1 + if linkID & 1: + # Backlink exists, but forward link does not + # Delete the hanging backlink + self.err_orphaned_backlink(obj, attrname, val, reverse_link_name, dsdb_dn.dn) + else: + # Forward link exists, but backlink does not + # Add the missing backlink (if the target object is not Deleted Objects?) + if not target_is_deleted: + self.err_missing_backlink(obj, attrname, obj.dn.extended_str(), reverse_link_name, dsdb_dn.dn) continue diff --git a/selftest/knownfail b/selftest/knownfail index 38e91dd..d96e238 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -312,4 +312,3 @@ ^samba.tests.dcerpc.dnsserver.samba.tests.dcerpc.dnsserver.DnsserverTests.test_add_duplicate_different_type.* ^samba.tests.dcerpc.dnsserver.samba.tests.dcerpc.dnsserver.DnsserverTests.test_rank_none.* ^samba.tests.dcerpc.dnsserver.samba.tests.dcerpc.dnsserver.DnsserverTests.test_security_descriptor.* -^samba4.blackbox.dbcheck-links.release-4-5-0-pre1.dbcheck\(none\).* -- 1.9.1