sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-10 01:18:15 +03:00
Code
a25c99c9f1
samba-mirror/selftest/knownfail.d
History
Stefan Metzmacher a25c99c9f1 repl_meta_data: fix linked attribute corruption on databases with unsorted links on expunge 
This is really critical bug, it removes valid linked attributes.

When a DC was provisioned/joined with a Samba version older than 4.7
is upgraded to 4.7 (or later), it can happen that the garbage collection
(dsdb_garbage_collect_tombstones()), triggered periodically by the 'kcc' task
of 'samba' or my 'samba-tool domain tombstones expunge' corrupt the linked attributes.

This is similar to Bug #13095 - Broken linked attribute handling,
but it's not triggered by an originating change.

The bug happens in replmd_modify_la_delete()
were get_parsed_dns_trusted() generates a sorted array of
struct parsed_dn based on the values in old_el->values.

If the database doesn't support the sortedLinks compatibleFeatures
in the @SAMBA_DSDB record, it's very likely that
the array of old_dns is sorted differently than the values
in old_el->values.

The problem is that struct parsed_dn has just a pointer
'struct ldb_val *v' that points to the corresponding
value in old_el->values.

Now if vanish_links is true the damage happens here:

        if (vanish_links) {
                unsigned j = 0;
                for (i = 0; i < old_el->num_values; i++) {
                        if (old_dns[i].v != NULL) {
                                old_el->values[j] = *old_dns[i].v;
                                j++;
                        }
                }
                old_el->num_values = j;
        }

old_el->values[0] = *old_dns[0].v;
can change the value old_dns[1].v is pointing at!
That means that some values can get lost while others
are stored twice, because the LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK
allows it to be stored.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-01-22 12:26:19 +01:00
..
dns join.py Add DNS records at domain join time 2017-06-11 02:04:51 +02:00
encrypted_secrets selftest fl2000dc provision with --plaintext-secrets 2017-12-18 00:10:17 +01:00
getncchanges getncchanges.py: Add a multi-valued linked attribute test 2017-09-18 05:51:25 +02:00
netlogon smbtorture: Add more tests around NETLOGON challenge reuse 2017-06-27 16:57:42 +02:00
ntlmv1-restrictions selftest: Use new ntlmv2-only and mschapv2-and-ntlmv2-only options 2017-07-04 06:57:20 +02:00
ntlmv2-restrictions s4:selftest: replace --option=usespnego= with --option=clientusespnego= 2018-01-10 01:01:24 +01:00
README selftest: use an additional directory of knownfail/flapping files 2017-06-03 13:55:41 +02:00
replica_sync selftest: Add test for a re-animated object conflict 2017-09-26 05:33:17 +02:00
samba3.vfs.fruit vfs_fruit: set delete-on-close for empty finderinfo 2018-01-09 17:09:12 +01:00
smbclient-smb3 s3:selftest: run samba3.blackbox.inherit_owner tests with NT1 and SMB3 2017-06-27 16:57:48 +02:00

README 

# Files in this directory contain lists of regular expressions
# matching the names of tests that are temporarily expected to fail.
#
# "make test" will not report failures for tests listed here and will consider
# a successful run for any of these tests an error.
#
# Empty lines and lines begining with '#' are ignored.
# Please don't add tests to this README!