diff options
| author | Garming Sam <garming@catalyst.net.nz> | 2017-03-03 17:31:46 +1300 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2017-03-13 05:10:12 +0100 |
| commit | 6bbcd3bbd813bbabea000f19d4dc655d9db8fc73 (patch) | |
| tree | 716276ab40d91f50c34c5e1c43be366f0f8c741f /testprogs | |
| parent | 6b2425343b42b46634bfa8a4421388205e64bbde (diff) | |
| download | samba-6bbcd3bbd813bbabea000f19d4dc655d9db8fc73.tar.gz | |
dbcheck: Improve dbcheck to find (and may fix) dangling msDS-RevealedUsers
We cannot add missing backlinks because of the duplicate checking. There
seems to be no trivial way to add the bypass.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'testprogs')
| -rwxr-xr-x | testprogs/blackbox/dbcheck-links.sh | 77 |
1 files changed, 77 insertions, 0 deletions
diff --git a/testprogs/blackbox/dbcheck-links.sh b/testprogs/blackbox/dbcheck-links.sh index 2a1bfbace02..9376e2a59bf 100755 --- a/testprogs/blackbox/dbcheck-links.sh +++ b/testprogs/blackbox/dbcheck-links.sh @@ -200,6 +200,78 @@ dangling_one_way() { fi } +dangling_multi_valued() { + # multi1 - All 4 backlinks + # multi2 - Missing all 4 backlinks + # multi3 - Missing 2 backlinks + # Administrator - Has 2 too many backlinks + # multi5 - Has 2 backlinks but no forward links + ldif=$release_dir/add-dangling-multilink-users.ldif + TZ=UTC $ldbadd -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb $ldif + if [ "$?" != "0" ]; then + return 1 + fi + + ldif=$release_dir/add-initially-normal-multilink.ldif + TZ=UTC $ldbmodify -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb $ldif + if [ "$?" != "0" ]; then + return 1 + fi + + ldif=$release_dir/delete-only-multi-backlink.ldif + TZ=UTC $ldbmodify -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb.d/DC%3DRELEASE-4-5-0-PRE1,DC%3DSAMBA,DC%3DCORP.ldb $ldif + if [ "$?" != "0" ]; then + return 1 + fi + + ldif=$release_dir/add-dangling-multi-backlink.ldif + TZ=UTC $ldbmodify -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb.d/DC%3DRELEASE-4-5-0-PRE1,DC%3DSAMBA,DC%3DCORP.ldb $ldif + if [ "$?" != "0" ]; then + return 1 + fi + + $PYTHON $BINDIR/samba-tool dbcheck -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb --fix --yes + if [ "$?" != "1" ]; then + return 1 + fi +} + +dangling_multi_valued_check_missing() { + WORDS=`TZ=UTC $ldbsearch -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb '(samaccountname=dangling-multi2)' -s sub -b DC=release-4-5-0-pre1,DC=samba,DC=corp --show-deleted --reveal --sorted msDS-RevealedDSAs | grep msDS-RevealedDSAs | wc -l` + if [ $WORDS -ne 4 ]; then + echo Got only $WORDS links for dangling-multi2 + return 1 + fi + WORDS=`TZ=UTC $ldbsearch -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb '(samaccountname=dangling-multi3)' -s sub -b DC=release-4-5-0-pre1,DC=samba,DC=corp --show-deleted --reveal --sorted msDS-RevealedDSAs | grep msDS-RevealedDSAs | wc -l` + if [ $WORDS -ne 4 ]; then + echo Got only $WORDS links for dangling-multi3 + return 1 + fi +} + +dangling_multi_valued_check_equal_or_too_many() { + WORDS=`TZ=UTC $ldbsearch -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb '(samaccountname=dangling-multi1)' -s sub -b DC=release-4-5-0-pre1,DC=samba,DC=corp --show-deleted --reveal --sorted msDS-RevealedDSAs | grep msDS-RevealedDSAs | wc -l` + if [ $WORDS -ne 4 ]; then + echo Got $WORDS links for dangling-multi1 + return 1 + fi + + WORDS=`TZ=UTC $ldbsearch -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb '(samaccountname=dangling-multi5)' -s sub -b DC=release-4-5-0-pre1,DC=samba,DC=corp --show-deleted --reveal --sorted msDS-RevealedDSAs | grep msDS-RevealedDSAs | wc -l` + + if [ $WORDS -ne 0 ]; then + echo Got $WORDS links for dangling-multi5 + return 1 + fi + + WORDS=`TZ=UTC $ldbsearch -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb '(samaccountname=Administrator)' -s sub -b DC=release-4-5-0-pre1,DC=samba,DC=corp --show-deleted --reveal --sorted msDS-RevealedDSAs | grep msDS-RevealedDSAs | wc -l` + + if [ $WORDS -ne 2 ]; then + echo Got $WORDS links for Administrator + return 1 + fi +} + + if [ -d $release_dir ]; then testit $RELEASE undump testit "add_two_more_users" add_two_more_users @@ -216,6 +288,11 @@ if [ -d $release_dir ]; then testit "check_expected_after_objects" check_expected_after_objects testit "dangling_one_way" dangling_one_way testit "dbcheck_clean" dbcheck_clean + testit "dangling_multi_valued" dangling_multi_valued + testit "dangling_multi_valued_check_missing" dangling_multi_valued_check_missing + testit "dangling_multi_valued_check_equal_or_too_many" dangling_multi_valued_check_equal_or_too_many + # Currently this cannot pass + testit "dangling_multi_valued_dbcheck" dbcheck_clean else subunit_start_test $RELEASE subunit_skip_test $RELEASE <<EOF |