sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-08-04 08:22:08 +03:00
Code Activity

provision: Ignore duplicate attid and governsID check

Browse Source 
During the provision this causes a huge performance hit as these two
attributes are unindexed.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
This commit is contained in:
Bob Campbell
2016-06-30 15:03:39 +12:00
committed by Andrew Bartlett
parent c76b0090ae
commit 6e378546ce
6 changed files with 43 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
python/samba/dbchecker.py
View File

@ -142,6 +142,8 @@ class dbcheck(object):
error_count += self.check_deleted_objects_containers() error_count += self.check_deleted_objects_containers()
self.attribute_or_class_ids = set()
for object in res: for object in res:
self.dn_set.add(str(object.dn)) self.dn_set.add(str(object.dn))
error_count += self.check_object(object.dn, attrs=attrs) error_count += self.check_object(object.dn, attrs=attrs)
@ -1557,6 +1559,14 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base)))
self.err_doubled_userParameters(obj, attrname, obj[attrname]) self.err_doubled_userParameters(obj, attrname, obj[attrname])
continue continue
if attrname.lower() == 'attributeid' or attrname.lower() == 'governsid':
if obj[attrname][0] in self.attribute_or_class_ids:
error_count += 1
self.report('Error: %s %s on %s already exists as an attributeId or governsId'
% (attrname, obj.dn, obj[attrname][0]))
else:
self.attribute_or_class_ids.add(obj[attrname][0])
# check for empty attributes # check for empty attributes
for val in obj[attrname]: for val in obj[attrname]:
if val == '': if val == '':

16
python/samba/provision/__init__.py
View File

@ -38,6 +38,7 @@ import socket
import urllib import urllib
import string import string
import tempfile import tempfile
import samba.dsdb
import ldb import ldb
@ -1312,13 +1313,17 @@ def fill_samdb(samdb, lp, names, logger, policyguid,
}) })
# The LDIF here was created when the Schema object was constructed # The LDIF here was created when the Schema object was constructed
ignore_checks_oid = "local_oid:%s:0" % samba.dsdb.DSDB_CONTROL_SKIP_DUPLICATES_CHECK_OID
logger.info("Setting up sam.ldb schema") logger.info("Setting up sam.ldb schema")
samdb.add_ldif(schema.schema_dn_add, controls=["relax:0"]) samdb.add_ldif(schema.schema_dn_add,
samdb.modify_ldif(schema.schema_dn_modify) controls=["relax:0", ignore_checks_oid])
samdb.modify_ldif(schema.schema_dn_modify,
controls=[ignore_checks_oid])
samdb.write_prefixes_from_schema() samdb.write_prefixes_from_schema()
samdb.add_ldif(schema.schema_data, controls=["relax:0"]) samdb.add_ldif(schema.schema_data, controls=["relax:0", ignore_checks_oid])
setup_add_ldif(samdb, setup_path("aggregate_schema.ldif"), setup_add_ldif(samdb, setup_path("aggregate_schema.ldif"),
{"SCHEMADN": names.schemadn}) {"SCHEMADN": names.schemadn},
controls=["relax:0", ignore_checks_oid])
# Now register this container in the root of the forest # Now register this container in the root of the forest
msg = ldb.Message(ldb.Dn(samdb, names.domaindn)) msg = ldb.Message(ldb.Dn(samdb, names.domaindn))
@ -1864,6 +1869,9 @@ def provision_fill(samdb, secrets_ldb, logger, names, paths,
'ipsecISAKMPReference', 'ipsecISAKMPReference',
'ipsecNegotiationPolicyReference', 'ipsecNegotiationPolicyReference',
'ipsecNFAReference']) 'ipsecNFAReference'])
if chk.check_database(DN=names.schemadn, scope=ldb.SCOPE_SUBTREE,
attrs=['attributeId', 'governsId']) != 0:
raise ProvisioningError("Duplicate attributeId or governsId in schema. Must be fixed manually!!")
except: except:
samdb.transaction_cancel() samdb.transaction_cancel()
raise raise

1
source4/dsdb/pydsdb.c
View File

@ -1324,6 +1324,7 @@ void initdsdb(void)
ADD_DSDB_STRING(DSDB_CONTROL_DBCHECK); ADD_DSDB_STRING(DSDB_CONTROL_DBCHECK);
ADD_DSDB_STRING(DSDB_CONTROL_DBCHECK_MODIFY_RO_REPLICA); ADD_DSDB_STRING(DSDB_CONTROL_DBCHECK_MODIFY_RO_REPLICA);
ADD_DSDB_STRING(DSDB_CONTROL_PERMIT_INTERDOMAIN_TRUST_UAC_OID); ADD_DSDB_STRING(DSDB_CONTROL_PERMIT_INTERDOMAIN_TRUST_UAC_OID);
ADD_DSDB_STRING(DSDB_CONTROL_SKIP_DUPLICATES_CHECK_OID);
ADD_DSDB_STRING(DS_GUID_COMPUTERS_CONTAINER); ADD_DSDB_STRING(DS_GUID_COMPUTERS_CONTAINER);
ADD_DSDB_STRING(DS_GUID_DELETED_OBJECTS_CONTAINER); ADD_DSDB_STRING(DS_GUID_DELETED_OBJECTS_CONTAINER);

18
source4/dsdb/samdb/ldb_modules/samldb.c
View File

@ -3219,9 +3219,12 @@ static int samldb_add(struct ldb_module *module, struct ldb_request *req)
"objectclass", "classSchema") != NULL) { "objectclass", "classSchema") != NULL) {
ac->type = SAMLDB_TYPE_CLASS; ac->type = SAMLDB_TYPE_CLASS;
ret = samldb_schema_governsid_valid_check(ac); /* If in provision, these checks are too slow to do */
if (ret != LDB_SUCCESS) { if (!ldb_request_get_control(req, DSDB_CONTROL_SKIP_DUPLICATES_CHECK_OID)) {
return ret; ret = samldb_schema_governsid_valid_check(ac);
if (ret != LDB_SUCCESS) {
return ret;
}
} }
ret = samldb_schema_ldapdisplayname_valid_check(ac); ret = samldb_schema_ldapdisplayname_valid_check(ac);
@ -3242,9 +3245,12 @@ static int samldb_add(struct ldb_module *module, struct ldb_request *req)
"objectclass", "attributeSchema") != NULL) { "objectclass", "attributeSchema") != NULL) {
ac->type = SAMLDB_TYPE_ATTRIBUTE; ac->type = SAMLDB_TYPE_ATTRIBUTE;
ret = samldb_schema_attributeid_valid_check(ac); /* If in provision, these checks are too slow to do */
if (ret != LDB_SUCCESS) { if (!ldb_request_get_control(req, DSDB_CONTROL_SKIP_DUPLICATES_CHECK_OID)) {
return ret; ret = samldb_schema_attributeid_valid_check(ac);
if (ret != LDB_SUCCESS) {
return ret;
}
} }
ret = samldb_schema_ldapdisplayname_valid_check(ac); ret = samldb_schema_ldapdisplayname_valid_check(ac);

7
source4/dsdb/samdb/samdb.h
View File

@ -175,6 +175,13 @@ struct dsdb_control_password_user_account_control {
uint32_t new_flags; /* the new flags stored */ uint32_t new_flags; /* the new flags stored */
}; };
/*
* Ignores strict checking when adding objects to samldb.
* This is used when provisioning, as checking all objects when added
* was slow due to an unindexed search.
*/
#define DSDB_CONTROL_SKIP_DUPLICATES_CHECK_OID "1.3.6.1.4.1.7165.4.3.28"
#define DSDB_EXTENDED_REPLICATED_OBJECTS_OID "1.3.6.1.4.1.7165.4.4.1" #define DSDB_EXTENDED_REPLICATED_OBJECTS_OID "1.3.6.1.4.1.7165.4.4.1"
struct dsdb_extended_replicated_object { struct dsdb_extended_replicated_object {
struct ldb_message *msg; struct ldb_message *msg;

1
source4/setup/schema_samba4.ldif
View File

@ -213,6 +213,7 @@
#Allocated: DSDB_CONTROL_CHANGEREPLMETADATA_RESORT_OID 1.3.6.1.4.1.7165.4.3.25 #Allocated: DSDB_CONTROL_CHANGEREPLMETADATA_RESORT_OID 1.3.6.1.4.1.7165.4.3.25
#Allocated: DSDB_CONTROL_PASSWORD_DEFAULT_LAST_SET_OID 1.3.6.1.4.1.7165.4.3.26 #Allocated: DSDB_CONTROL_PASSWORD_DEFAULT_LAST_SET_OID 1.3.6.1.4.1.7165.4.3.26
#Allocated: DSDB_CONTROL_PASSWORD_USER_ACCOUNT_CONTROL_OID 1.3.6.1.4.1.7165.4.3.27 #Allocated: DSDB_CONTROL_PASSWORD_USER_ACCOUNT_CONTROL_OID 1.3.6.1.4.1.7165.4.3.27
#Allocated: DSDB_CONTROL_SKIP_DUPLICATES_CHECK_OID 1.3.6.1.4.1.7165.4.3.28
# Extended 1.3.6.1.4.1.7165.4.4.x # Extended 1.3.6.1.4.1.7165.4.4.x
#Allocated: DSDB_EXTENDED_REPLICATED_OBJECTS_OID 1.3.6.1.4.1.7165.4.4.1 #Allocated: DSDB_EXTENDED_REPLICATED_OBJECTS_OID 1.3.6.1.4.1.7165.4.4.1