selftest/dbcheck: add a test for corrupt forward links restoration

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
author: Ralph Boehme <slow@samba.org> 2018-01-25 21:34:47 +0100
committer: Stefan Metzmacher <metze@samba.org> 2018-02-05 13:49:12 +0100
commit: 52bd0b09804621e6de9ee0a377a442a42e07ee05 (patch)
tree: 9e052f8a4afd73b3e97a2379c663dee1dc1a979b
parent: 8c01acd56274a5cb5926622cacab997cb62dd5a9 (diff)
download: samba-52bd0b09804621e6de9ee0a377a442a42e07ee05.tar.gz
4 files changed, 116 insertions, 0 deletions
diff --git a/selftest/knownfail.d/samba4.blackbox.dbcheck-links b/selftest/knownfail.d/samba4.blackbox.dbcheck-links
new file mode 100644
index 00000000000..299f8b1bac9
--- /dev/null
+++ b/selftest/knownfail.d/samba4.blackbox.dbcheck-links
@@ -0,0 +1,2 @@
+samba4.blackbox.dbcheck-links.release-4-5-0-pre1.dbcheck_forward_link_corruption\(none\)
+samba4.blackbox.dbcheck-links.release-4-5-0-pre1.check_expected_after_dbcheck_forward_link_corruption\(none\)
diff --git a/source4/selftest/provisions/release-4-5-0-pre1/expected-after-dbcheck-forward-link-corruption.ldif b/source4/selftest/provisions/release-4-5-0-pre1/expected-after-dbcheck-forward-link-corruption.ldif
new file mode 100644
index 00000000000..0258bced7ce
--- /dev/null
+++ b/source4/selftest/provisions/release-4-5-0-pre1/expected-after-dbcheck-forward-link-corruption.ldif
@@ -0,0 +1,24 @@
+# record 1
+dn: CN=dangling,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp
+memberOf: CN=Enterprise Admins,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp
+
+# record 2
+dn: CN=Enterprise Admins,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp
+member: CN=Administrator,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp
+member: CN=dangling,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp
+memberOf: CN=Administrators,CN=Builtin,DC=release-4-5-0-pre1,DC=samba,DC=corp
+memberOf: CN=Denied RODC Password Replication Group,CN=Users,DC=release-4-5-0-
+ pre1,DC=samba,DC=corp
+
+# Referral
+ref: ldap:///CN=Configuration,DC=release-4-5-0-pre1,DC=samba,DC=corp
+
+# Referral
+ref: ldap:///DC=DomainDnsZones,DC=release-4-5-0-pre1,DC=samba,DC=corp
+
+# Referral
+ref: ldap:///DC=ForestDnsZones,DC=release-4-5-0-pre1,DC=samba,DC=corp
+
+# returned 5 records
+# 2 entries
+# 3 referrals
diff --git a/source4/selftest/provisions/release-4-5-0-pre1/expected-dbcheck-link-output-forward-link-corruption.txt b/source4/selftest/provisions/release-4-5-0-pre1/expected-dbcheck-link-output-forward-link-corruption.txt
new file mode 100644
index 00000000000..14ebd6bf82c
--- /dev/null
+++ b/source4/selftest/provisions/release-4-5-0-pre1/expected-dbcheck-link-output-forward-link-corruption.txt
@@ -0,0 +1,12 @@
+Checking 226 objects
+WARNING: Link (back) mismatch for 'memberOf' (1) on 'CN=Administrator,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp' to 'member' (2) on 'CN=Enterprise Admins,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp'
+WARNING: Keep orphaned backlink attribute 'memberOf' in 'CN=dangling,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp' for link 'member' in 'CN=Enterprise Admins,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp'
+ERROR: Missing and duplicate forward link values for attribute 'member' in 'CN=Enterprise Admins,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp'
+Missing   link '<GUID=fd8a04ac-cea0-4921-b1a6-c173e1155c22>;<RMD_ADDTIME=131116484540000000>;<RMD_CHANGETIME=131116484540000000>;<RMD_FLAGS=0>;<RMD_INVOCID=ffffffff-4700-4700-4700-000000b13228>;<RMD_LOCAL_USN=3552>;<RMD_ORIGINATING_USN=1>;<RMD_VERSION=0>;<SID=S-1-5-21-4177067393-1453636373-93818738-1121>;CN=dangling,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp'
+Schedule readding missing forward link for attribute member [YES]
+Duplicate link '<GUID=f4616422-30ec-473b-9d6f-a9a2d7bd1e6a>;<RMD_ADDTIME=131116484540000000>;<RMD_CHANGETIME=131116484540000000>;<RMD_FLAGS=0>;<RMD_INVOCID=4e4496a3-7fb8-4f97-8a33-d238db8b5e2d>;<RMD_LOCAL_USN=0>;<RMD_ORIGINATING_USN=3552>;<RMD_VERSION=0>;<SID=S-1-5-21-4177067393-1453636373-93818738-500>;CN=Administrator,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp'
+Correct   link '<GUID=f4616422-30ec-473b-9d6f-a9a2d7bd1e6a>;<RMD_ADDTIME=131116484540000000>;<RMD_CHANGETIME=131116484540000000>;<RMD_FLAGS=0>;<RMD_INVOCID=4e4496a3-7fb8-4f97-8a33-d238db8b5e2d>;<RMD_LOCAL_USN=3552>;<RMD_ORIGINATING_USN=3552>;<RMD_VERSION=0>;<SID=S-1-5-21-4177067393-1453636373-93818738-500>;CN=Administrator,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp'
+RECHECK: 'Missing/Duplicate/Correct link' lines above for attribute 'member' in 'CN=Enterprise Admins,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp'
+Commit fixes for (missing/duplicate) forward links in attribute 'member' [YES]
+Fixed duplicate links in attribute 'member'
+Checked 226 objects (3 errors)
diff --git a/testprogs/blackbox/dbcheck-links.sh b/testprogs/blackbox/dbcheck-links.sh
index 0aeada037fc..778edf002c9 100755
--- a/testprogs/blackbox/dbcheck-links.sh
+++ b/testprogs/blackbox/dbcheck-links.sh
@@ -131,6 +131,80 @@ check_expected_after_duplicate_links() {
     fi
 }
 
+forward_link_corruption() {
+    #
+    # Step1: add a duplicate forward link from
+    # "CN=Enterprise Admins" to "CN=Administrator"
+    #
+    LDIF1=$(TZ=UTC $ldbsearch -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb -b 'CN=Enterprise Admins,CN=users,DC=release-4-5-0-pre1,DC=samba,DC=corp' -s base --reveal --extended-dn member)
+    DN=$(echo "${LDIF1}" | grep '^dn: ')
+    MSG=$(echo "${LDIF1}" | grep -v '^dn: ' | grep -v '^#' | grep -v '^$')
+    ldif=$PREFIX_ABS/${RELEASE}/forward_link_corruption1.ldif
+    {
+	echo "${DN}"
+	echo "changetype: modify"
+	echo "replace: member"
+	echo "${MSG}"
+	echo "${MSG}" | sed -e 's!RMD_LOCAL_USN=[1-9][0-9]*!RMD_LOCAL_USN=0!'
+    } > $ldif
+
+    out=$(TZ=UTC $ldbmodify -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb.d/DC%3DRELEASE-4-5-0-PRE1,DC%3DSAMBA,DC%3DCORP.ldb $ldif)
+    if [ "$?" != "0" ]; then
+	echo "ldbmodify returned:\n$out"
+	return 1
+    fi
+
+    #
+    # Step2: add user "dangling"
+    #
+    ldif=$PREFIX_ABS/${RELEASE}/forward_link_corruption2.ldif
+    cat > $ldif <<EOF
+dn: CN=dangling,CN=users,DC=release-4-5-0-pre1,DC=samba,DC=corp
+changetype: add
+objectclass: user
+samaccountname: dangling
+objectGUID: fd8a04ac-cea0-4921-b1a6-c173e1155c22
+EOF
+
+    out=$(TZ=UTC $ldbmodify -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb --relax $ldif)
+    if [ "$?" != "0" ]; then
+	echo "ldbmodify returned:\n$out"
+	return 1
+    fi
+
+    #
+    # Step3: add a dangling backlink from
+    # "CN=dangling" to "CN=Enterprise Admins"
+    #
+    ldif=$PREFIX_ABS/${RELEASE}/forward_link_corruption3.ldif
+    {
+	echo "dn: CN=dangling,CN=users,DC=release-4-5-0-pre1,DC=samba,DC=corp"
+	echo "changetype: modify"
+	echo "add: memberOf"
+	echo "memberOf: <GUID=304ad703-468b-465e-9787-470b3dfd7d75>;<SID=S-1-5-21-4177067393-1453636373-93818738-519>;CN=Enterprise Admins,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp"
+    } > $ldif
+
+    out=$(TZ=UTC $ldbmodify -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb.d/DC%3DRELEASE-4-5-0-PRE1,DC%3DSAMBA,DC%3DCORP.ldb $ldif)
+    if [ "$?" != "0" ]; then
+	echo "ldbmodify returned:\n$out"
+	return 1
+    fi
+}
+
+dbcheck_forward_link_corruption() {
+    dbcheck "-forward-link-corruption" "1" ""
+    return $?
+}
+
+check_expected_after_dbcheck_forward_link_corruption() {
+    tmpldif=$PREFIX_ABS/$RELEASE/expected-after-dbcheck-forward-link-corruption.ldif.tmp
+    TZ=UTC $ldbsearch -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb '(|(cn=dangling)(cn=enterprise admins))' -s sub -b DC=release-4-5-0-pre1,DC=samba,DC=corp --show-deleted --sorted memberOf member > $tmpldif
+    diff $tmpldif $release_dir/expected-after-dbcheck-forward-link-corruption.ldif
+    if [ "$?" != "0" ]; then
+	return 1
+    fi
+}
+
 dbcheck_dangling_multi_valued() {
 
     $PYTHON $BINDIR/samba-tool dbcheck -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb --fix --yes
@@ -198,6 +272,10 @@ if [ -d $release_dir ]; then
     testit "dbcheck_duplicate_member" dbcheck_duplicate_member
     testit "check_expected_after_duplicate_links" check_expected_after_duplicate_links
     testit "duplicate_clean" dbcheck_clean
+    testit "forward_link_corruption" forward_link_corruption
+    testit "dbcheck_forward_link_corruption" dbcheck_forward_link_corruption
+    testit "check_expected_after_dbcheck_forward_link_corruption" check_expected_after_dbcheck_forward_link_corruption
+    testit "forward_link_corruption_clean" dbcheck_clean
     testit "dangling_one_way_link" dangling_one_way_link
     testit "dbcheck_one_way" dbcheck_one_way
     testit "dbcheck_clean2" dbcheck_clean
author	Ralph Boehme <slow@samba.org>	2018-01-25 21:34:47 +0100
committer	Stefan Metzmacher <metze@samba.org>	2018-02-05 13:49:12 +0100
commit	52bd0b09804621e6de9ee0a377a442a42e07ee05 (patch)
tree	9e052f8a4afd73b3e97a2379c663dee1dc1a979b
parent	8c01acd56274a5cb5926622cacab997cb62dd5a9 (diff)
download	samba-52bd0b09804621e6de9ee0a377a442a42e07ee05.tar.gz