2025-08-03 04:22:09 +03:00 · 2018-01-25 21:34:47 +01:00
parent 8c01acd562
commit 52bd0b0980
4 changed files with 116 additions and 0 deletions
--- a/selftest/knownfail.d/samba4.blackbox.dbcheck-links
+++ b/selftest/knownfail.d/samba4.blackbox.dbcheck-links
@ -0,0 +1,2 @@
 samba4.blackbox.dbcheck-links.release-4-5-0-pre1.dbcheck_forward_link_corruption\(none\)
 samba4.blackbox.dbcheck-links.release-4-5-0-pre1.check_expected_after_dbcheck_forward_link_corruption\(none\)
--- a/source4/selftest/provisions/release-4-5-0-pre1/expected-after-dbcheck-forward-link-corruption.ldif
+++ b/source4/selftest/provisions/release-4-5-0-pre1/expected-after-dbcheck-forward-link-corruption.ldif
@ -0,0 +1,24 @@
 # record 1
 dn: CN=dangling,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp
 memberOf: CN=Enterprise Admins,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp
 # record 2
 dn: CN=Enterprise Admins,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp
 member: CN=Administrator,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp
 member: CN=dangling,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp
 memberOf: CN=Administrators,CN=Builtin,DC=release-4-5-0-pre1,DC=samba,DC=corp
 memberOf: CN=Denied RODC Password Replication Group,CN=Users,DC=release-4-5-0-
 pre1,DC=samba,DC=corp
 # Referral
 ref: ldap:///CN=Configuration,DC=release-4-5-0-pre1,DC=samba,DC=corp
 # Referral
 ref: ldap:///DC=DomainDnsZones,DC=release-4-5-0-pre1,DC=samba,DC=corp
 # Referral
 ref: ldap:///DC=ForestDnsZones,DC=release-4-5-0-pre1,DC=samba,DC=corp
 # returned 5 records
 # 2 entries
 # 3 referrals
--- a/source4/selftest/provisions/release-4-5-0-pre1/expected-dbcheck-link-output-forward-link-corruption.txt
+++ b/source4/selftest/provisions/release-4-5-0-pre1/expected-dbcheck-link-output-forward-link-corruption.txt
@ -0,0 +1,12 @@
 Checking 226 objects
 WARNING: Link (back) mismatch for 'memberOf' (1) on 'CN=Administrator,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp' to 'member' (2) on 'CN=Enterprise Admins,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp'
 WARNING: Keep orphaned backlink attribute 'memberOf' in 'CN=dangling,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp' for link 'member' in 'CN=Enterprise Admins,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp'
 ERROR: Missing and duplicate forward link values for attribute 'member' in 'CN=Enterprise Admins,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp'
 Missing   link '<GUID=fd8a04ac-cea0-4921-b1a6-c173e1155c22>;<RMD_ADDTIME=131116484540000000>;<RMD_CHANGETIME=131116484540000000>;<RMD_FLAGS=0>;<RMD_INVOCID=ffffffff-4700-4700-4700-000000b13228>;<RMD_LOCAL_USN=3552>;<RMD_ORIGINATING_USN=1>;<RMD_VERSION=0>;<SID=S-1-5-21-4177067393-1453636373-93818738-1121>;CN=dangling,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp'
 Schedule readding missing forward link for attribute member [YES]
 Duplicate link '<GUID=f4616422-30ec-473b-9d6f-a9a2d7bd1e6a>;<RMD_ADDTIME=131116484540000000>;<RMD_CHANGETIME=131116484540000000>;<RMD_FLAGS=0>;<RMD_INVOCID=4e4496a3-7fb8-4f97-8a33-d238db8b5e2d>;<RMD_LOCAL_USN=0>;<RMD_ORIGINATING_USN=3552>;<RMD_VERSION=0>;<SID=S-1-5-21-4177067393-1453636373-93818738-500>;CN=Administrator,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp'
 Correct   link '<GUID=f4616422-30ec-473b-9d6f-a9a2d7bd1e6a>;<RMD_ADDTIME=131116484540000000>;<RMD_CHANGETIME=131116484540000000>;<RMD_FLAGS=0>;<RMD_INVOCID=4e4496a3-7fb8-4f97-8a33-d238db8b5e2d>;<RMD_LOCAL_USN=3552>;<RMD_ORIGINATING_USN=3552>;<RMD_VERSION=0>;<SID=S-1-5-21-4177067393-1453636373-93818738-500>;CN=Administrator,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp'
 RECHECK: 'Missing/Duplicate/Correct link' lines above for attribute 'member' in 'CN=Enterprise Admins,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp'
 Commit fixes for (missing/duplicate) forward links in attribute 'member' [YES]
 Fixed duplicate links in attribute 'member'
 Checked 226 objects (3 errors)
--- a/testprogs/blackbox/dbcheck-links.sh
+++ b/testprogs/blackbox/dbcheck-links.sh
@ -131,6 +131,80 @@ check_expected_after_duplicate_links() {
    fi
 }
 forward_link_corruption() {
    #
    # Step1: add a duplicate forward link from
    # "CN=Enterprise Admins" to "CN=Administrator"
    #
    LDIF1=$(TZ=UTC $ldbsearch -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb -b 'CN=Enterprise Admins,CN=users,DC=release-4-5-0-pre1,DC=samba,DC=corp' -s base --reveal --extended-dn member)
    DN=$(echo "${LDIF1}" | grep '^dn: ')
    MSG=$(echo "${LDIF1}" | grep -v '^dn: ' | grep -v '^#' | grep -v '^$')
    ldif=$PREFIX_ABS/${RELEASE}/forward_link_corruption1.ldif
    {
 	echo "${DN}"
 	echo "changetype: modify"
 	echo "replace: member"
 	echo "${MSG}"
 	echo "${MSG}" | sed -e 's!RMD_LOCAL_USN=[1-9][0-9]*!RMD_LOCAL_USN=0!'
    } > $ldif
    out=$(TZ=UTC $ldbmodify -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb.d/DC%3DRELEASE-4-5-0-PRE1,DC%3DSAMBA,DC%3DCORP.ldb $ldif)
    if [ "$?" != "0" ]; then
 	echo "ldbmodify returned:\n$out"
 	return 1
    fi
    #
    # Step2: add user "dangling"
    #
    ldif=$PREFIX_ABS/${RELEASE}/forward_link_corruption2.ldif
    cat > $ldif <<EOF
 dn: CN=dangling,CN=users,DC=release-4-5-0-pre1,DC=samba,DC=corp
 changetype: add
 objectclass: user
 samaccountname: dangling
 objectGUID: fd8a04ac-cea0-4921-b1a6-c173e1155c22
 EOF
    out=$(TZ=UTC $ldbmodify -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb --relax $ldif)
    if [ "$?" != "0" ]; then
 	echo "ldbmodify returned:\n$out"
 	return 1
    fi
    #
    # Step3: add a dangling backlink from
    # "CN=dangling" to "CN=Enterprise Admins"
    #
    ldif=$PREFIX_ABS/${RELEASE}/forward_link_corruption3.ldif
    {
 	echo "dn: CN=dangling,CN=users,DC=release-4-5-0-pre1,DC=samba,DC=corp"
 	echo "changetype: modify"
 	echo "add: memberOf"
 	echo "memberOf: <GUID=304ad703-468b-465e-9787-470b3dfd7d75>;<SID=S-1-5-21-4177067393-1453636373-93818738-519>;CN=Enterprise Admins,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp"
    } > $ldif
    out=$(TZ=UTC $ldbmodify -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb.d/DC%3DRELEASE-4-5-0-PRE1,DC%3DSAMBA,DC%3DCORP.ldb $ldif)
    if [ "$?" != "0" ]; then
 	echo "ldbmodify returned:\n$out"
 	return 1
    fi
 }
 dbcheck_forward_link_corruption() {
    dbcheck "-forward-link-corruption" "1" ""
    return $?
 }
 check_expected_after_dbcheck_forward_link_corruption() {
    tmpldif=$PREFIX_ABS/$RELEASE/expected-after-dbcheck-forward-link-corruption.ldif.tmp
    TZ=UTC $ldbsearch -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb '(|(cn=dangling)(cn=enterprise admins))' -s sub -b DC=release-4-5-0-pre1,DC=samba,DC=corp --show-deleted --sorted memberOf member > $tmpldif
    diff $tmpldif $release_dir/expected-after-dbcheck-forward-link-corruption.ldif
    if [ "$?" != "0" ]; then
 	return 1
    fi
 }
 dbcheck_dangling_multi_valued() {
    $PYTHON $BINDIR/samba-tool dbcheck -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb --fix --yes
@ -198,6 +272,10 @@ if [ -d $release_dir ]; then
    testit "dbcheck_duplicate_member" dbcheck_duplicate_member
    testit "check_expected_after_duplicate_links" check_expected_after_duplicate_links
    testit "duplicate_clean" dbcheck_clean
    testit "forward_link_corruption" forward_link_corruption
    testit "dbcheck_forward_link_corruption" dbcheck_forward_link_corruption
    testit "check_expected_after_dbcheck_forward_link_corruption" check_expected_after_dbcheck_forward_link_corruption
    testit "forward_link_corruption_clean" dbcheck_clean
    testit "dangling_one_way_link" dangling_one_way_link
    testit "dbcheck_one_way" dbcheck_one_way
    testit "dbcheck_clean2" dbcheck_clean
		`@ -0,0 +1,2 @@`
							`samba4.blackbox.dbcheck-links.release-4-5-0-pre1.dbcheck_forward_link_corruption\(none\)`
							`samba4.blackbox.dbcheck-links.release-4-5-0-pre1.check_expected_after_dbcheck_forward_link_corruption\(none\)`