The Samba-Bugzilla – Attachment 14498 Details for
Bug 13632
dbcheck: check correct RID set attributes when looking for SID conflicts
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for dbcheck module
0001-dbcheck-check-correct-RID-set-attributes-when-lookin.patch (text/plain), 3.96 KB, created by
Daniel Jordan
on 2018-09-27 11:24:32 UTC
(
hide
)
Description:
Patch for dbcheck module
Filename:
MIME Type:
Creator:
Daniel Jordan
Created:
2018-09-27 11:24:32 UTC
Size:
3.96 KB
patch
obsolete
>From 114cbfbee7daef1bd1f66d05fe6eed35e6dc67ff Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Thu, 27 Sep 2018 20:28:26 +1200 >Subject: [PATCH] dbcheck: check correct RID set attributes when looking for > SID conflicts > >The previous code would only work for the first rid set ever given to a DC >because the names are so misleading. > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >--- > python/samba/dbchecker.py | 42 ++++++++++++++++++++++++++++++++++-------- > 1 file changed, 34 insertions(+), 8 deletions(-) > >diff --git a/python/samba/dbchecker.py b/python/samba/dbchecker.py >index d1251a2..937d5fd 100644 >--- a/python/samba/dbchecker.py >+++ b/python/samba/dbchecker.py >@@ -2378,34 +2378,60 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base))) > self.report("No RID Set found for this server: %s, and we are not the RID Master (so can not self-allocate)" % dn) > > # Check some details of our own RID Set >+ # >+ # Note that the attributes have very bad names. From ridalloc.c: >+ # >+ # Note: the RID allocation attributes in AD are very badly named. Here >+ # is what we think they really do: >+ # >+ # in RID Set object: >+ # - rIDPreviousAllocationPool: the pool which a DC is currently >+ # pulling RIDs from. Managed by client DC >+ # >+ # - rIDAllocationPool: the pool that the DC will switch to next, >+ # when rIDPreviousAllocationPool is exhausted. Managed by RID Manager. >+ # >+ # - rIDNextRID: the last RID allocated by this DC. Managed by client DC >+ # >+ # in RID Manager object: >+ # - rIDAvailablePool: the pool where the RID Manager gets new rID >+ # pools from when it gets a EXOP_RID_ALLOC getncchanges call (or >+ # locally when the DC is the RID Manager) >+ > if dn == self.rid_set_dn: > res = self.samdb.search(base=self.rid_set_dn, scope=ldb.SCOPE_BASE, > attrs=["rIDAllocationPool", > "rIDPreviousAllocationPool", > "rIDUsedPool", > "rIDNextRID"]) >+ pool_attr = "rIDPreviousAllocationPool" >+ if (pool_attr not in res[0] >+ or int(res[0][pool_attr][0]) == 0): >+ # We have not used it yet, check the next pool instead >+ pool_attr = "rIDAllocationPool" >+ > if "rIDAllocationPool" not in res[0]: > self.report("No rIDAllocationPool found in %s" % dn) > error_count += 1 > else: >- next_pool = int(res[0]["rIDAllocationPool"][0]) >+ current_pool = int(res[0][pool_attr][0]) > >- high = (0xFFFFFFFF00000000 & next_pool) >> 32 >- low = 0x00000000FFFFFFFF & next_pool >+ high = (0xFFFFFFFF00000000 & current_pool) >> 32 >+ low = 0x00000000FFFFFFFF & current_pool > > if high <= low: >- self.report("Invalid RID set %d-%s, %d > %d!" % (low, high, low, high)) >+ self.report("Invalid RID set %d-%s, %d >= %d!" % (low, high, low, high)) > error_count += 1 > > if "rIDNextRID" in res[0]: >- next_free_rid = int(res[0]["rIDNextRID"][0]) >+ last_used_rid = int(res[0]["rIDNextRID"][0]) > else: >- next_free_rid = 0 >+ last_used_rid = 0 > >- if next_free_rid == 0: >+ if last_used_rid == 0: > next_free_rid = low > else: >- next_free_rid += 1 >+ next_free_rid = last_used_rid + 1 > > # Check the remainder of this pool for conflicts. If > # ridalloc_allocate_rid() moves to a new pool, this >-- >2.7.4 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 13632
: 14498