dbcheck: Allow a dangling forward link outside our known NCs

If we do not have the NC of the target object we can not be really sure
that the object is redundent and so we want to keep it for now
and not (as happened until now) break the dbcheck run made during the
replication stage of a "samba-tool domain backup rename".

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14450

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

diff --git a/python/samba/dbchecker.py b/python/samba/dbchecker.py
index 45dda945d2126326b85cb77c1040b3fea69335a4..5b4645ebb45460fa6173801ac9234aeff26218d7 100644 (file)
--- a/python/samba/dbchecker.py
+++ b/python/samba/dbchecker.py
@@ -621,7 +621,29 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base)))
                 return 0
 
             nc_root = self.samdb.get_nc_root(dn)
-            target_nc_root = self.samdb.get_nc_root(dsdb_dn.dn)
+            try:
+                target_nc_root = self.samdb.get_nc_root(dsdb_dn.dn)
+            except ldb.LdbError as e:
+                (enum, estr) = e.args
+                if enum != ldb.ERR_NO_SUCH_OBJECT:
+                    raise
+                target_nc_root = None
+
+            if target_nc_root is None:
+                # We don't bump the error count as Samba produces
+                # these in normal operation creating a lab domain (due
+                # to the way the rename is handled, links to
+                # now-expunged objects will never be fixed to stay
+                # inside the NC
+                self.report("WARNING: no target object found for GUID "
+                            "component for link "
+                            "%s in object to %s outside our NCs"
+                            "%s - %s" % (attrname, dsdb_dn.dn, dn, val))
+                self.report("Not removing dangling one-way "
+                            "left-over link outside our NCs "
+                            "(we might be building a renamed/lab domain)")
+                return 0
+
             if nc_root != target_nc_root:
                 # We don't bump the error count as Samba produces these
                 # in normal operation

diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index 1466cbd8d48ab7840b0ddd6446ac87bdb465eb3e..88c95c3a078289831d7651215e857e6d9fd190ca 100755 (executable)
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -2942,6 +2942,45 @@ sub setup_backupfromdc
 
        $self->setup_namespaces($env, $upn_array, $spn_array);
 
+       # Set up a dangling forward link to an expunged object
+       #
+       # We need this to ensure that the "samba-tool domain backup rename"
+       # that is part of the creation of the labdc environment can
+       # cope with this situation on the source DC.
+
+       if (not $self->write_ldb_file("$env->{PRIVATEDIR}/sam.ldb", "
+dn: ou=linktest,dc=backupdom,dc=samba,dc=example,dc=com
+objectclass: organizationalUnit
+-
+
+dn: cn=linkto,ou=linktest,dc=backupdom,dc=samba,dc=example,dc=com
+objectclass: msExchConfigurationContainer
+-
+
+dn: cn=linkfrom,ou=linktest,dc=backupdom,dc=samba,dc=example,dc=com
+objectclass: msExchConfigurationContainer
+addressBookRoots: cn=linkto,ou=linktest,dc=backupdom,dc=samba,dc=example,dc=com
+-
+
+")) {
+           return undef;
+       }
+       my $ldbdel = Samba::bindir_path($self, "ldbdel");
+       my $cmd = "$ldbdel -H $env->{PRIVATEDIR}/sam.ldb cn=linkto,ou=linktest,dc=backupdom,dc=samba,dc=example,dc=com";
+
+       unless(system($cmd) == 0) {
+               warn("Failed to delete link target: \n$cmd");
+               return undef;
+       }
+
+       # Expunge will ensure that linkto is totally wiped from the DB
+       my $samba_tool = Samba::bindir_path($self, "samba-tool");
+       $cmd = "$samba_tool  domain tombstones expunge --tombstone-lifetime=0 $env->{CONFIGURATION}";
+
+       unless(system($cmd) == 0) {
+               warn("Failed to expunge link target: \n$cmd");
+               return undef;
+       }
        return $env;
 }