From 02df291932eff88afc0eff1ca13154422274e2fe Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 27 Jul 2020 11:37:29 +1200 Subject: [PATCH] dbcheck: Allow a dangling forward link outside our known NCs If we do not have the NC of the target object we can not be really sure that the object is redundent and so we want to keep it for now and not (as happened until now) break the dbcheck run made during the replication stage of a "samba-tool domain backup rename". BUG: https://bugzilla.samba.org/show_bug.cgi?id=14450 Signed-off-by: Andrew Bartlett Reviewed-by: Douglas Bagnall (cherry picked from commit 05228c4e07013c0e6f78f1330b3b787271282ca8) --- python/samba/dbchecker.py | 24 +++++++++++++++++++++++- selftest/target/Samba4.pm | 39 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 62 insertions(+), 1 deletion(-) diff --git a/python/samba/dbchecker.py b/python/samba/dbchecker.py index 7496a463930..593aa8cf6d2 100644 --- a/python/samba/dbchecker.py +++ b/python/samba/dbchecker.py @@ -621,7 +621,29 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base))) return 0 nc_root = self.samdb.get_nc_root(dn) - target_nc_root = self.samdb.get_nc_root(dsdb_dn.dn) + try: + target_nc_root = self.samdb.get_nc_root(dsdb_dn.dn) + except ldb.LdbError as e: + (enum, estr) = e.args + if enum != ldb.ERR_NO_SUCH_OBJECT: + raise + target_nc_root = None + + if target_nc_root is None: + # We don't bump the error count as Samba produces + # these in normal operation creating a lab domain (due + # to the way the rename is handled, links to + # now-expunged objects will never be fixed to stay + # inside the NC + self.report("WARNING: no target object found for GUID " + "component for link " + "%s in object to %s outside our NCs" + "%s - %s" % (attrname, dsdb_dn.dn, dn, val)) + self.report("Not removing dangling one-way " + "left-over link outside our NCs " + "(we might be building a renamed/lab domain)") + return 0 + if nc_root != target_nc_root: # We don't bump the error count as Samba produces these # in normal operation diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm index 3e6692ce529..6cf6901a3e4 100755 --- a/selftest/target/Samba4.pm +++ b/selftest/target/Samba4.pm @@ -2696,6 +2696,45 @@ sub setup_backupfromdc $self->setup_namespaces($env, $upn_array, $spn_array); + # Set up a dangling forward link to an expunged object + # + # We need this to ensure that the "samba-tool domain backup rename" + # that is part of the creation of the labdc environment can + # cope with this situation on the source DC. + + if (not $self->write_ldb_file("$env->{PRIVATEDIR}/sam.ldb", " +dn: ou=linktest,dc=backupdom,dc=samba,dc=example,dc=com +objectclass: organizationalUnit +- + +dn: cn=linkto,ou=linktest,dc=backupdom,dc=samba,dc=example,dc=com +objectclass: msExchConfigurationContainer +- + +dn: cn=linkfrom,ou=linktest,dc=backupdom,dc=samba,dc=example,dc=com +objectclass: msExchConfigurationContainer +addressBookRoots: cn=linkto,ou=linktest,dc=backupdom,dc=samba,dc=example,dc=com +- + +")) { + return undef; + } + my $ldbdel = Samba::bindir_path($self, "ldbdel"); + my $cmd = "$ldbdel -H $env->{PRIVATEDIR}/sam.ldb cn=linkto,ou=linktest,dc=backupdom,dc=samba,dc=example,dc=com"; + + unless(system($cmd) == 0) { + warn("Failed to delete link target: \n$cmd"); + return undef; + } + + # Expunge will ensure that linkto is totally wiped from the DB + my $samba_tool = Samba::bindir_path($self, "samba-tool"); + $cmd = "$samba_tool domain tombstones expunge --tombstone-lifetime=0 $env->{CONFIGURATION}"; + + unless(system($cmd) == 0) { + warn("Failed to expunge link target: \n$cmd"); + return undef; + } return $env; } -- 2.17.1