dbcheck: don't check expired tombstone objects by default anymore

These will be removed anyway and any change on them risks to be an originating update that causes replication problems. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Mar 14 03:12:27 UTC 2019 on sn-devel-144 (cherry picked from commit a2c5f8cf41c2dfdc4f122e8427d1dfeabb6ba311)
author: Stefan Metzmacher <metze@samba.org> 2019-03-12 11:41:01 +0100
committer: Karolin Seeger <kseeger@samba.org> 2019-03-28 12:19:13 +0000
commit: a41fa4dd1e9b1883397cc9dc1b349cc3657830d5 (patch)
tree: 6892c1b28eb6856235f42cb94850467955864a54 /python
parent: e0f6e6cff3e74c5f8c2f521866f7e4962d988b6f (diff)
download: samba-a41fa4dd1e9b1883397cc9dc1b349cc3657830d5.tar.gz
2 files changed, 48 insertions, 3 deletions
diff --git a/python/samba/dbchecker.py b/python/samba/dbchecker.py
index 98bd5776b20..5d568a73969 100644
--- a/python/samba/dbchecker.py
+++ b/python/samba/dbchecker.py
@@ -40,7 +40,8 @@ class dbcheck(object):
 
     def __init__(self, samdb, samdb_schema=None, verbose=False, fix=False,
                  yes=False, quiet=False, in_transaction=False,
-                 reset_well_known_acls=False):
+                 reset_well_known_acls=False,
+                 check_expired_tombstones=False):
         self.samdb = samdb
         self.dict_oid_name = None
         self.samdb_schema = (samdb_schema or samdb)
@@ -87,6 +88,8 @@ class dbcheck(object):
         self.fix_doubled_userparameters = False
         self.fix_sid_rid_set_conflict = False
         self.reset_well_known_acls = reset_well_known_acls
+        self.check_expired_tombstones = check_expired_tombstones
+        self.expired_tombstones = 0
         self.reset_all_well_known_acls = False
         self.in_transaction = in_transaction
         self.infrastructure_dn = ldb.Dn(samdb, "CN=Infrastructure," + samdb.domain_dn())
@@ -230,6 +233,13 @@ class dbcheck(object):
         if DN is None:
             error_count += self.check_rootdse()
 
+        if self.expired_tombstones > 0:
+            self.report("NOTICE: found %d expired tombstones, "
+                        "'samba' will remove them daily, "
+                        "'samba-tool domain tombstones expunge' "
+                        "would do that immediately." % (
+                        self.expired_tombstones))
+
         if error_count != 0 and not self.fix:
             self.report("Please use --fix to fix these errors")
 
@@ -1733,6 +1743,37 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base)))
             self.report("Fixed attribute '%s' of '%s'\n" % (sd_attr, dn))
         self.samdb.set_session_info(self.system_session_info)
 
+    def is_expired_tombstone(self, dn, repl_val):
+        if self.check_expired_tombstones:
+            # This is not the default, it's just
+            # used to keep dbcheck tests work with
+            # old static provision dumps
+            return False
+
+        repl = ndr_unpack(drsblobs.replPropertyMetaDataBlob, repl_val)
+
+        isDeleted = self.find_repl_attid(repl, drsuapi.DRSUAPI_ATTID_isDeleted)
+
+        delete_time = samba.nttime2unix(isDeleted.originating_change_time)
+        current_time = time.time()
+
+        tombstone_delta = self.tombstoneLifetime * (24 * 60 * 60)
+
+        delta = current_time - delete_time
+        if delta <= tombstone_delta:
+            return False
+
+        self.report("SKIPING: object %s is an expired tombstone" % dn)
+        self.report("isDeleted: attid=0x%08x version=%d invocation=%s usn=%s (local=%s) at %s" % (
+                    isDeleted.attid,
+                    isDeleted.version,
+                    isDeleted.originating_invocation_id,
+                    isDeleted.originating_usn,
+                    isDeleted.local_usn,
+                    time.ctime(samba.nttime2unix(isDeleted.originating_change_time))))
+        self.expired_tombstones += 1
+        return True
+
     def find_changes_after_deletion(self, repl_val):
         repl = ndr_unpack(drsblobs.replPropertyMetaDataBlob, repl_val)
 
@@ -2212,6 +2253,8 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base)))
                 error_count += 1
                 self.err_changes_after_deletion(dn, repl_meta_data_val)
                 return error_count
+            if self.is_expired_tombstone(dn, repl_meta_data_val):
+                return error_count
 
         for attrname in obj:
             if attrname == 'dn' or attrname == "distinguishedName":
diff --git a/python/samba/netcmd/dbcheck.py b/python/samba/netcmd/dbcheck.py
index efc25c2b33a..57030274cad 100644
--- a/python/samba/netcmd/dbcheck.py
+++ b/python/samba/netcmd/dbcheck.py
@@ -136,8 +136,10 @@ class cmd_dbcheck(Command):
             started_transaction = True
         try:
             chk = dbcheck(samdb, samdb_schema=samdb_schema, verbose=verbose,
-                          fix=fix, yes=yes, quiet=quiet, in_transaction=started_transaction,
-                          reset_well_known_acls=reset_well_known_acls)
+                          fix=fix, yes=yes, quiet=quiet,
+                          in_transaction=started_transaction,
+                          reset_well_known_acls=reset_well_known_acls,
+                          check_expired_tombstones=selftest_check_expired_tombstones)
 
             for option in yes_rules:
                 if hasattr(chk, option):
author	Stefan Metzmacher <metze@samba.org>	2019-03-12 11:41:01 +0100
committer	Karolin Seeger <kseeger@samba.org>	2019-03-28 12:19:13 +0000
commit	a41fa4dd1e9b1883397cc9dc1b349cc3657830d5 (patch)
tree	6892c1b28eb6856235f42cb94850467955864a54 /python
parent	e0f6e6cff3e74c5f8c2f521866f7e4962d988b6f (diff)
download	samba-a41fa4dd1e9b1883397cc9dc1b349cc3657830d5.tar.gz