The Samba-Bugzilla – Bug 12858
Read corruption in the AD DC: Objects renamed can vanish from LDAP and the replication state due to lack of read locks
Last modified: 2017-08-28 07:06:52 UTC
The symptoms of this issue include:
Replication failures with this error showing in the client side logs:
error during DRS repl ADD: No objectClass found in replPropertyMetaData for
Failed to commit objects:
A crash of the server, in particular the rpc_server process with
INTERNAL ERROR: Signal 11
The most common situation for this bug to manifest is that an object needs to be created, then deleted or renamed at any time during the server-side search where is would be replicated out for the first time.
However, any delete or rename may trigger the issue, but the consequences would be less obvious, instead of a clear failure some change to the object would just not be replicated.
Finally, a client reading LDAP at the time a rename or delete is being processed may not be returned the object subject to rename or delete, but would be returned the object if asked again.
The root cause is a lack of read locking in ldb_tdb due to a missing decrement of a reference counter in ldb_tdb. This caused an fcntl() lock not to be held and so the connection between the index and the main DB record not to be enforced.
Additionally, it was noticed that a read lock is required over the entire ldb_search() operation, including the subsequent searches in the module stack. This has required that new lock and unlock operations be added to ldb.
This issue will be fixed in ldb 1.2.0 and Samba 4.7.
*** Bug 12754 has been marked as a duplicate of this bug. ***
There appears to be a regression in failure cases, see https://bugzilla.samba.org/show_bug.cgi?id=12904
Andrew, can this be closed?
Fixed in master with 9063669a05a261657d5b9a60254bd1b9065e6423 for Samba 4.7