diff options
| author | Garming Sam <garming@catalyst.net.nz> | 2017-03-03 17:31:46 +1300 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2017-03-13 05:10:12 +0100 |
| commit | 6bbcd3bbd813bbabea000f19d4dc655d9db8fc73 (patch) | |
| tree | 716276ab40d91f50c34c5e1c43be366f0f8c741f /python | |
| parent | 6b2425343b42b46634bfa8a4421388205e64bbde (diff) | |
| download | samba-6bbcd3bbd813bbabea000f19d4dc655d9db8fc73.tar.gz | |
dbcheck: Improve dbcheck to find (and may fix) dangling msDS-RevealedUsers
We cannot add missing backlinks because of the duplicate checking. There
seems to be no trivial way to add the bypass.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'python')
| -rw-r--r-- | python/samba/dbchecker.py | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/python/samba/dbchecker.py b/python/samba/dbchecker.py index 032c0e73bbd..1a73fe0e564 100644 --- a/python/samba/dbchecker.py +++ b/python/samba/dbchecker.py @@ -973,6 +973,54 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base))) if v_guid == obj_guid: match_count += 1 if match_count != 1: + reverse_syntax_oid = self.samdb_schema.get_syntax_oid_from_lDAPDisplayName(reverse_link_name) + if syntax_oid == dsdb.DSDB_SYNTAX_BINARY_DN or reverse_syntax_oid == dsdb.DSDB_SYNTAX_BINARY_DN: + if not linkID & 1: + # Forward binary multi-valued linked attribute + forward_count = 0 + for w in obj[attrname]: + w_guid = dsdb_Dn(self.samdb, w).dn.get_extended_component("GUID") + if w_guid == guid: + forward_count += 1 + + if match_count == forward_count: + continue + + error_count += 1 + + # Add or remove the missing number of backlinks + diff_count = forward_count - match_count + + # Loop until the difference between the forward and + # the backward links is resolved. + while diff_count != 0: + if diff_count > 0: + # self.err_missing_backlink(obj, attrname, + # obj.dn.extended_str(), + # reverse_link_name, + # dsdb_dn.dn) + # diff_count -= 1 + # TODO no method to fix these right now + self.report("ERROR: Can't fix missing " + "multi-valued backlinks on %s" % str(dsdb_dn.dn)) + break + else: + self.err_orphaned_backlink(res[0], reverse_link_name, + obj.dn.extended_str(), attrname, + dsdb_dn.dn) + diff_count += 1 + + else: + # If there's a backward link on binary multi-valued linked attribute, + # let the check on the forward link remedy the value. + # UNLESS, there is no forward link detected. + if match_count == 0: + self.err_orphaned_backlink(obj, attrname, + val, reverse_link_name, + dsdb_dn.dn) + + continue + error_count += 1 if linkID & 1: # Backlink exists, but forward link does not |