If custom schema is used in a replicated DC environment, these are created as soon as
an attribute is modified on more than one DC. We have to remove these.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11443
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
self.move_to_lost_and_found = False
self.fix_instancetype = False
self.fix_replmetadata_zero_invocationid = False
+ self.fix_replmetadata_duplicate_attid = False
+ self.fix_replmetadata_wrong_attid = False
self.fix_replmetadata_unsorted_attid = False
self.fix_deleted_deleted_objects = False
self.fix_dn = False
return 0
- def process_metadata(self, val):
+ def process_metadata(self, dn, val):
'''Read metadata properties and list attributes in it.
raises KeyError if the attid is unknown.'''
set_att = set()
+ wrong_attids = set()
list_attid = []
+ in_schema_nc = dn.is_child_of(self.schema_dn)
repl = ndr_unpack(drsblobs.replPropertyMetaDataBlob, str(val))
obj = repl.ctr
att = self.samdb_schema.get_lDAPDisplayName_by_attid(o.attid)
set_att.add(att.lower())
list_attid.append(o.attid)
+ correct_attid = self.samdb_schema.get_attid_from_lDAPDisplayName(att,
+ is_schema_nc=in_schema_nc)
+ if correct_attid != o.attid:
+ wrong_attids.add(o.attid)
- return (set_att, list_attid)
+ return (set_att, list_attid, wrong_attids)
def fix_metadata(self, dn, attr):
if not self.confirm_all('Fix %s on %s by setting originating_invocation_id on some elements to our invocationID %s?'
% (attr, dn, self.samdb.get_invocation_id()), 'fix_replmetadata_zero_invocationid'):
- self.report('Not fixing %s on %s\n' % (attr, dn))
+ self.report('Not fixing zero originating_invocation_id in %s on %s\n' % (attr, dn))
return
nmsg = ldb.Message()
return
- def err_replmetadata_unsorted_attid(self, dn, attr, repl_meta_data):
+ def err_replmetadata_incorrect_attid(self, dn, attr, repl_meta_data, wrong_attids):
repl = ndr_unpack(drsblobs.replPropertyMetaDataBlob,
str(repl_meta_data))
+ fix = False
+
+ set_att = set()
+ remove_attid = set()
+ hash_att = {}
+
+ in_schema_nc = dn.is_child_of(self.schema_dn)
+
ctr = repl.ctr
- found = False
+ # Sort the array, except for the last element. This strange
+ # construction, creating a new list, due to bugs in samba's
+ # array handling in IDL generated objects.
+ ctr.array = sorted(ctr.array[:-1], key=lambda o: o.attid) + [ctr.array[-1]]
+ # Now walk it in reverse, so we see the low (and so incorrect,
+ # the correct values are above 0x80000000) values first and
+ # remove the 'second' value we see.
+ for o in reversed(ctr.array):
+ print "%s: 0x%08x" % (dn, o.attid)
+ att = self.samdb_schema.get_lDAPDisplayName_by_attid(o.attid)
+ if att.lower() in set_att:
+ self.report('ERROR: duplicate attributeID values for %s in %s on %s\n' % (att, attr, dn))
+ if not self.confirm_all('Fix %s on %s by removing the duplicate value 0x%08x for %s (keeping 0x%08x)?'
+ % (attr, dn, o.attid, att, hash_att[att].attid),
+ 'fix_replmetadata_duplicate_attid'):
+ self.report('Not fixing duplicate value 0x%08x for %s in %s on %s\n'
+ % (o.attid, att, attr, dn))
+ return
+ fix = True
+ remove_attid.add(o.attid)
+ # We want to set the metadata for the most recent
+ # update to have been applied locally, that is the metadata
+ # matching the (eg string) value in the attribute
+ if o.local_usn > hash_att[att].local_usn:
+ # This is always what we would have sent over DRS,
+ # because the DRS server will have sent the
+ # msDS-IntID, but with the values from both
+ # attribute entries.
+ hash_att[att].version = o.version
+ hash_att[att].originating_change_time = o.originating_change_time
+ hash_att[att].originating_invocation_id = o.originating_invocation_id
+ hash_att[att].originating_usn = o.originating_usn
+ hash_att[att].local_usn = o.local_usn
+
+ # Do not re-add the value to the set or overwrite the hash value
+ continue
- self.report('ERROR: unsorted attributeID values in %s on %s\n' % (attr, dn))
- if not self.confirm_all('Fix %s on %s by sorting the attribute list?'
- % (attr, dn), 'fix_replmetadata_unsorted_attid'):
- self.report('Not fixing %s on %s\n' % (attr, dn))
- return
+ hash_att[att] = o
+ set_att.add(att.lower())
+
+ # Generate a real list we can sort on properly
+ new_list = [o for o in ctr.array if o.attid not in remove_attid]
+
+ if (len(wrong_attids) > 0):
+ for o in new_list:
+ if o.attid in wrong_attids:
+ att = self.samdb_schema.get_lDAPDisplayName_by_attid(o.attid)
+ correct_attid = self.samdb_schema.get_attid_from_lDAPDisplayName(att, is_schema_nc=in_schema_nc)
+ self.report('ERROR: incorrect attributeID values in %s on %s\n' % (attr, dn))
+ if not self.confirm_all('Fix %s on %s by replacing incorrect value 0x%08x for %s (new 0x%08x)?'
+ % (attr, dn, o.attid, att, hash_att[att].attid), 'fix_replmetadata_wrong_attid'):
+ self.report('Not fixing incorrect value 0x%08x with 0x%08x for %s in %s on %s\n'
+ % (o.attid, correct_attid, att, attr, dn))
+ return
+ fix = True
+ o.attid = correct_attid
+ if fix:
+ # Sort the array, except for the last element (we changed
+ # the value so must re-sort)
+ new_list[:-1] = sorted(new_list[:-1], key=lambda o: o.attid)
+
+ # If we did not already need to fix it, then ask about sorting
+ if not fix:
+ self.report('ERROR: unsorted attributeID values in %s on %s\n' % (attr, dn))
+ if not self.confirm_all('Fix %s on %s by sorting the attribute list?'
+ % (attr, dn), 'fix_replmetadata_unsorted_attid'):
+ self.report('Not fixing %s on %s\n' % (attr, dn))
+ return
- # Sort the array, except for the last element
- ctr.array[:-1] = sorted(ctr.array[:-1], key=lambda o: o.attid)
+ # The actual sort done is done at the top of the function
+ ctr.count = len(new_list)
+ ctr.array = new_list
replBlob = ndr_pack(repl)
nmsg = ldb.Message()
nmsg.dn = dn
nmsg[attr] = ldb.MessageElement(replBlob, ldb.FLAG_MOD_REPLACE, attr)
if self.do_modify(nmsg, ["local_oid:%s:0" % dsdb.DSDB_CONTROL_DBCHECK_MODIFY_RO_REPLICA,
- "local_oid:1.3.6.1.4.1.7165.4.3.14:0",
- "local_oid:1.3.6.1.4.1.7165.4.3.25:0"],
- "Failed to fix attribute %s" % attr):
+ "local_oid:1.3.6.1.4.1.7165.4.3.14:0",
+ "local_oid:1.3.6.1.4.1.7165.4.3.25:0"],
+ "Failed to fix attribute %s" % attr):
self.report("Fixed attribute '%s' of '%s'\n" % (attr, dn))
# based on what other attributes we see.
try:
- (set_attrs_from_md, list_attid_from_md) = self.process_metadata(obj[attrname])
+ (set_attrs_from_md, list_attid_from_md, wrong_attids) \
+ = self.process_metadata(dn, obj[attrname])
except KeyError:
error_count += 1
self.err_replmetadata_unknown_attid(dn, attrname, obj[attrname])
continue
- if sorted(list_attid_from_md[:-1]) != list_attid_from_md[:-1]:
- error_count += 1
- self.err_replmetadata_unsorted_attid(dn, attrname, obj[attrname])
+ if len(set_attrs_from_md) < len(list_attid_from_md) \
+ or len(wrong_attids) > 0 \
+ or sorted(list_attid_from_md[:-1]) != list_attid_from_md[:-1]:
+ error_count +=1
+ self.err_replmetadata_incorrect_attid(dn, attrname, obj[attrname], wrong_attids)
+
else:
# Here we check that the first attid is 0
# (objectClass) and that the last on is the RDN
# record 1
dn: CN=ops_run_anything,OU=SUDOers,DC=release-4-1-0rc3,DC=samba,DC=corp
-objectClass: top
-objectClass: sudoRole
cn: ops_run_anything
+distinguishedName: CN=ops_run_anything,OU=SUDOers,DC=release-4-1-0rc3,DC=samba,DC=corp
instanceType: 4
-whenCreated: 20150802225130.0Z
-uSNCreated: 3514
name: ops_run_anything
-objectGUID: 0609a23b-81a4-44c0-9220-b89085775441
objectCategory: CN=sudoRole,CN=Schema,CN=Configuration,DC=release-4-1-0rc3,DC=samba,DC=corp
-sudoHost: ALL
-sudoCommand: ALL
-sudoRunAsUser: ALL
-sudoRunAsGroup: ALL
-whenChanged: 20150802225647.0Z
-uSNChanged: 3515
+objectClass: top
+objectClass: sudoRole
+objectGUID: 0609a23b-81a4-44c0-9220-b89085775441
replPropertyMetaData: NDR: struct replPropertyMetaDataBlob
version : 0x00000001 (1)
reserved : 0x00000000 (0)
ctr : union replPropertyMetaDataCtr(case 1)
ctr1: struct replPropertyMetaDataCtr1
- count : 0x0000000d (13)
+ count : 0x0000000c (12)
reserved : 0x00000000 (0)
- array: ARRAY(13)
+ array: ARRAY(12)
array: struct replPropertyMetaData1
attid : DRSUAPI_ATTID_objectClass (0x0)
version : 0x00000001 (1)
originating_usn : 0x0000000000000eb1 (3761)
local_usn : 0x0000000000000dba (3514)
array: struct replPropertyMetaData1
- attid : UNKNOWN_ENUM_VALUE (0x290001)
+ attid : UNKNOWN_ENUM_VALUE (0x9DDA71B0)
version : 0x00000001 (1)
originating_change_time : Sun Aug 2 22:56:47 2015 UTC
originating_invocation_id: b249ef44-b215-4d3b-b5d6-7cec08154b7a
originating_usn : 0x0000000000000dbb (3515)
local_usn : 0x0000000000000dbb (3515)
- array: struct replPropertyMetaData1
- attid : UNKNOWN_ENUM_VALUE (0x9DDA71B0)
- version : 0x00000001 (1)
- originating_change_time : Sun Aug 2 22:51:30 2015 UTC
- originating_invocation_id: 7b2e1a86-f4d6-4e7f-a49f-d40f3596aa63
- originating_usn : 0x0000000000000eb1 (3761)
- local_usn : 0x0000000000000dba (3514)
array: struct replPropertyMetaData1
attid : UNKNOWN_ENUM_VALUE (0x9DDA71B1)
version : 0x00000001 (1)
originating_usn : 0x0000000000000eb1 (3761)
local_usn : 0x0000000000000dba (3514)
-distinguishedName: CN=ops_run_anything,OU=SUDOers,DC=release-4-1-0rc3,DC=samba,DC=corp
+sudoCommand: ALL
+sudoHost: ALL
+sudoRunAsGroup: ALL
+sudoRunAsUser: ALL
+uSNChanged: 3515
+uSNCreated: 3514
+whenChanged: 20150802225647.0Z
+whenCreated: 20150802225130.0Z
# returned 1 records
# 1 entries
--- /dev/null
+# record 1
+dn: CN=ops_run_anything2,OU=SUDOers,DC=release-4-1-0rc3,DC=samba,DC=corp
+cn: ops_run_anything2
+distinguishedName: CN=ops_run_anything2,OU=SUDOers,DC=release-4-1-0rc3,DC=samba,DC=corp
+instanceType: 4
+name: ops_run_anything2
+objectCategory: CN=sudoRole,CN=Schema,CN=Configuration,DC=release-4-1-0rc3,DC=samba,DC=corp
+objectClass: top
+objectClass: sudoRole
+objectGUID: 19a524c5-c2cc-4a6e-ac18-9ecd0b212598
+replPropertyMetaData: NDR: struct replPropertyMetaDataBlob
+ version : 0x00000001 (1)
+ reserved : 0x00000000 (0)
+ ctr : union replPropertyMetaDataCtr(case 1)
+ ctr1: struct replPropertyMetaDataCtr1
+ count : 0x0000000c (12)
+ reserved : 0x00000000 (0)
+ array: ARRAY(12)
+ array: struct replPropertyMetaData1
+ attid : DRSUAPI_ATTID_objectClass (0x0)
+ version : 0x00000001 (1)
+ originating_invocation_id: b249ef44-b215-4d3b-b5d6-7cec08154b7a
+ originating_usn : 0x0000000000000dbc (3516)
+ local_usn : 0x0000000000000dbc (3516)
+ array: struct replPropertyMetaData1
+ attid : DRSUAPI_ATTID_instanceType (0x20001)
+ version : 0x00000001 (1)
+ originating_invocation_id: b249ef44-b215-4d3b-b5d6-7cec08154b7a
+ originating_usn : 0x0000000000000dbc (3516)
+ local_usn : 0x0000000000000dbc (3516)
+ array: struct replPropertyMetaData1
+ attid : DRSUAPI_ATTID_whenCreated (0x20002)
+ version : 0x00000001 (1)
+ originating_invocation_id: b249ef44-b215-4d3b-b5d6-7cec08154b7a
+ originating_usn : 0x0000000000000dbc (3516)
+ local_usn : 0x0000000000000dbc (3516)
+ array: struct replPropertyMetaData1
+ attid : DRSUAPI_ATTID_ntSecurityDescriptor (0x20119)
+ version : 0x00000001 (1)
+ originating_invocation_id: b249ef44-b215-4d3b-b5d6-7cec08154b7a
+ originating_usn : 0x0000000000000dbc (3516)
+ local_usn : 0x0000000000000dbc (3516)
+ array: struct replPropertyMetaData1
+ attid : DRSUAPI_ATTID_name (0x90001)
+ version : 0x00000001 (1)
+ originating_invocation_id: b249ef44-b215-4d3b-b5d6-7cec08154b7a
+ originating_usn : 0x0000000000000dbc (3516)
+ local_usn : 0x0000000000000dbc (3516)
+ array: struct replPropertyMetaData1
+ attid : DRSUAPI_ATTID_objectCategory (0x9030E)
+ version : 0x00000001 (1)
+ originating_invocation_id: b249ef44-b215-4d3b-b5d6-7cec08154b7a
+ originating_usn : 0x0000000000000dbc (3516)
+ local_usn : 0x0000000000000dbc (3516)
+ array: struct replPropertyMetaData1
+ attid : UNKNOWN_ENUM_VALUE (0x9DDA71B0)
+ version : 0x00000002 (2)
+ originating_invocation_id: b249ef44-b215-4d3b-b5d6-7cec08154b7a
+ originating_usn : 0x0000000000000dbe (3518)
+ local_usn : 0x0000000000000dbe (3518)
+ array: struct replPropertyMetaData1
+ attid : UNKNOWN_ENUM_VALUE (0x9DDA71B1)
+ version : 0x00000001 (1)
+ originating_invocation_id: b249ef44-b215-4d3b-b5d6-7cec08154b7a
+ originating_usn : 0x0000000000000dbc (3516)
+ local_usn : 0x0000000000000dbc (3516)
+ array: struct replPropertyMetaData1
+ attid : UNKNOWN_ENUM_VALUE (0x9DDA71B2)
+ version : 0x00000001 (1)
+ originating_invocation_id: b249ef44-b215-4d3b-b5d6-7cec08154b7a
+ originating_usn : 0x0000000000000dbc (3516)
+ local_usn : 0x0000000000000dbc (3516)
+ array: struct replPropertyMetaData1
+ attid : UNKNOWN_ENUM_VALUE (0x9DDA71B5)
+ version : 0x00000001 (1)
+ originating_invocation_id: b249ef44-b215-4d3b-b5d6-7cec08154b7a
+ originating_usn : 0x0000000000000dbc (3516)
+ local_usn : 0x0000000000000dbc (3516)
+ array: struct replPropertyMetaData1
+ attid : UNKNOWN_ENUM_VALUE (0x9DDA71B6)
+ version : 0x00000001 (1)
+ originating_invocation_id: b249ef44-b215-4d3b-b5d6-7cec08154b7a
+ originating_usn : 0x0000000000000dbc (3516)
+ local_usn : 0x0000000000000dbc (3516)
+ array: struct replPropertyMetaData1
+ attid : DRSUAPI_ATTID_cn (0x3)
+ version : 0x00000001 (1)
+ originating_invocation_id: b249ef44-b215-4d3b-b5d6-7cec08154b7a
+ originating_usn : 0x0000000000000dbc (3516)
+ local_usn : 0x0000000000000dbc (3516)
+
+sudoCommand: ALL
+sudoHost: ALL
+sudoRunAsGroup: ALL
+sudoRunAsUser: ALL
+uSNChanged: 3518
+uSNCreated: 3516
+whenCreated: 20151223001603.0Z
+
+# returned 1 records
+# 1 entries
+# 0 referrals
--- /dev/null
+# record 1
+dn: CN=ops_run_anything3,OU=SUDOers,DC=release-4-1-0rc3,DC=samba,DC=corp
+cn: ops_run_anything3
+distinguishedName: CN=ops_run_anything3,OU=SUDOers,DC=release-4-1-0rc3,DC=samba,DC=corp
+instanceType: 4
+name: ops_run_anything3
+objectCategory: CN=sudoRole,CN=Schema,CN=Configuration,DC=release-4-1-0rc3,DC=samba,DC=corp
+objectClass: top
+objectClass: sudoRole
+objectGUID: e955c5d5-66a2-4f5e-bb48-27232cafc92d
+replPropertyMetaData: NDR: struct replPropertyMetaDataBlob
+ version : 0x00000001 (1)
+ reserved : 0x00000000 (0)
+ ctr : union replPropertyMetaDataCtr(case 1)
+ ctr1: struct replPropertyMetaDataCtr1
+ count : 0x0000000c (12)
+ reserved : 0x00000000 (0)
+ array: ARRAY(12)
+ array: struct replPropertyMetaData1
+ attid : DRSUAPI_ATTID_objectClass (0x0)
+ version : 0x00000001 (1)
+ originating_change_time : Wed Dec 23 00:16:03 2015 UTC
+ originating_invocation_id: b249ef44-b215-4d3b-b5d6-7cec08154b7a
+ originating_usn : 0x0000000000000dbd (3517)
+ local_usn : 0x0000000000000dbd (3517)
+ array: struct replPropertyMetaData1
+ attid : DRSUAPI_ATTID_instanceType (0x20001)
+ version : 0x00000001 (1)
+ originating_change_time : Wed Dec 23 00:16:03 2015 UTC
+ originating_invocation_id: b249ef44-b215-4d3b-b5d6-7cec08154b7a
+ originating_usn : 0x0000000000000dbd (3517)
+ local_usn : 0x0000000000000dbd (3517)
+ array: struct replPropertyMetaData1
+ attid : DRSUAPI_ATTID_whenCreated (0x20002)
+ version : 0x00000001 (1)
+ originating_change_time : Wed Dec 23 00:16:03 2015 UTC
+ originating_invocation_id: b249ef44-b215-4d3b-b5d6-7cec08154b7a
+ originating_usn : 0x0000000000000dbd (3517)
+ local_usn : 0x0000000000000dbd (3517)
+ array: struct replPropertyMetaData1
+ attid : DRSUAPI_ATTID_ntSecurityDescriptor (0x20119)
+ version : 0x00000001 (1)
+ originating_change_time : Wed Dec 23 00:16:03 2015 UTC
+ originating_invocation_id: b249ef44-b215-4d3b-b5d6-7cec08154b7a
+ originating_usn : 0x0000000000000dbd (3517)
+ local_usn : 0x0000000000000dbd (3517)
+ array: struct replPropertyMetaData1
+ attid : DRSUAPI_ATTID_name (0x90001)
+ version : 0x00000001 (1)
+ originating_change_time : Wed Dec 23 00:16:03 2015 UTC
+ originating_invocation_id: b249ef44-b215-4d3b-b5d6-7cec08154b7a
+ originating_usn : 0x0000000000000dbd (3517)
+ local_usn : 0x0000000000000dbd (3517)
+ array: struct replPropertyMetaData1
+ attid : DRSUAPI_ATTID_objectCategory (0x9030E)
+ version : 0x00000001 (1)
+ originating_change_time : Wed Dec 23 00:16:03 2015 UTC
+ originating_invocation_id: b249ef44-b215-4d3b-b5d6-7cec08154b7a
+ originating_usn : 0x0000000000000dbd (3517)
+ local_usn : 0x0000000000000dbd (3517)
+ array: struct replPropertyMetaData1
+ attid : UNKNOWN_ENUM_VALUE (0x9DDA71B0)
+ version : 0x00000001 (1)
+ originating_change_time : Wed Dec 23 00:16:03 2015 UTC
+ originating_invocation_id: b249ef44-b215-4d3b-b5d6-7cec08154b7a
+ originating_usn : 0x0000000000000dbd (3517)
+ local_usn : 0x0000000000000dbd (3517)
+ array: struct replPropertyMetaData1
+ attid : UNKNOWN_ENUM_VALUE (0x9DDA71B1)
+ version : 0x00000001 (1)
+ originating_change_time : Wed Dec 23 00:16:03 2015 UTC
+ originating_invocation_id: b249ef44-b215-4d3b-b5d6-7cec08154b7a
+ originating_usn : 0x0000000000000dbd (3517)
+ local_usn : 0x0000000000000dbd (3517)
+ array: struct replPropertyMetaData1
+ attid : UNKNOWN_ENUM_VALUE (0x9DDA71B2)
+ version : 0x00000001 (1)
+ originating_change_time : Wed Dec 23 00:16:03 2015 UTC
+ originating_invocation_id: b249ef44-b215-4d3b-b5d6-7cec08154b7a
+ originating_usn : 0x0000000000000dbd (3517)
+ local_usn : 0x0000000000000dbd (3517)
+ array: struct replPropertyMetaData1
+ attid : UNKNOWN_ENUM_VALUE (0x9DDA71B5)
+ version : 0x00000001 (1)
+ originating_change_time : Wed Dec 23 00:16:03 2015 UTC
+ originating_invocation_id: b249ef44-b215-4d3b-b5d6-7cec08154b7a
+ originating_usn : 0x0000000000000dbd (3517)
+ local_usn : 0x0000000000000dbd (3517)
+ array: struct replPropertyMetaData1
+ attid : UNKNOWN_ENUM_VALUE (0x9DDA71B6)
+ version : 0x00000001 (1)
+ originating_change_time : Wed Dec 23 00:16:03 2015 UTC
+ originating_invocation_id: b249ef44-b215-4d3b-b5d6-7cec08154b7a
+ originating_usn : 0x0000000000000dbd (3517)
+ local_usn : 0x0000000000000dbd (3517)
+ array: struct replPropertyMetaData1
+ attid : DRSUAPI_ATTID_cn (0x3)
+ version : 0x00000001 (1)
+ originating_change_time : Wed Dec 23 00:16:03 2015 UTC
+ originating_invocation_id: b249ef44-b215-4d3b-b5d6-7cec08154b7a
+ originating_usn : 0x0000000000000dbd (3517)
+ local_usn : 0x0000000000000dbd (3517)
+
+sudoCommand: ALL
+sudoHost: ALL
+sudoRunAsGroup: ALL
+sudoRunAsUser: ALL
+sudoUser: %ops
+uSNChanged: 3517
+uSNCreated: 3517
+whenChanged: 20151223001603.0Z
+whenCreated: 20151223001603.0Z
+
+# returned 1 records
+# 1 entries
+# 0 referrals
# record 1
dn: CN=ops_run_anything,OU=SUDOers,DC=release-4-1-0rc3,DC=samba,DC=corp
-objectClass: top
-objectClass: sudoRole
cn: ops_run_anything
+distinguishedName: CN=ops_run_anything,OU=SUDOers,DC=release-4-1-0rc3,DC=samba,DC=corp
instanceType: 4
-whenCreated: 20150802225130.0Z
-uSNCreated: 3514
name: ops_run_anything
-objectGUID: 0609a23b-81a4-44c0-9220-b89085775441
objectCategory: CN=sudoRole,CN=Schema,CN=Configuration,DC=release-4-1-0rc3,DC=samba,DC=corp
-sudoHost: ALL
-sudoCommand: ALL
-sudoRunAsUser: ALL
-sudoRunAsGroup: ALL
+objectClass: top
+objectClass: sudoRole
+objectGUID: 0609a23b-81a4-44c0-9220-b89085775441
replPropertyMetaData: NDR: struct replPropertyMetaDataBlob
version : 0x00000001 (1)
reserved : 0x00000000 (0)
originating_usn : 0x0000000000000eb1 (3761)
local_usn : 0x0000000000000dba (3514)
-whenChanged: 20150802225647.0Z
+sudoCommand: ALL
+sudoHost: ALL
+sudoRunAsGroup: ALL
+sudoRunAsUser: ALL
uSNChanged: 3515
-distinguishedName: CN=ops_run_anything,OU=SUDOers,DC=release-4-1-0rc3,DC=samba,DC=corp
+uSNCreated: 3514
+whenChanged: 20150802225647.0Z
+whenCreated: 20150802225130.0Z
# returned 1 records
# 1 entries
--- /dev/null
+# record 1
+dn: CN=ops_run_anything2,OU=SUDOers,DC=release-4-1-0rc3,DC=samba,DC=corp
+cn: ops_run_anything2
+distinguishedName: CN=ops_run_anything2,OU=SUDOers,DC=release-4-1-0rc3,DC=samba,DC=corp
+instanceType: 4
+name: ops_run_anything2
+objectCategory: CN=sudoRole,CN=Schema,CN=Configuration,DC=release-4-1-0rc3,DC=samba,DC=corp
+objectClass: top
+objectClass: sudoRole
+objectGUID: 19a524c5-c2cc-4a6e-ac18-9ecd0b212598
+replPropertyMetaData: NDR: struct replPropertyMetaDataBlob
+ version : 0x00000001 (1)
+ reserved : 0x00000000 (0)
+ ctr : union replPropertyMetaDataCtr(case 1)
+ ctr1: struct replPropertyMetaDataCtr1
+ count : 0x0000000c (12)
+ reserved : 0x00000000 (0)
+ array: ARRAY(12)
+ array: struct replPropertyMetaData1
+ attid : DRSUAPI_ATTID_objectClass (0x0)
+ version : 0x00000001 (1)
+ originating_invocation_id: b249ef44-b215-4d3b-b5d6-7cec08154b7a
+ originating_usn : 0x0000000000000dbc (3516)
+ local_usn : 0x0000000000000dbc (3516)
+ array: struct replPropertyMetaData1
+ attid : DRSUAPI_ATTID_instanceType (0x20001)
+ version : 0x00000001 (1)
+ originating_invocation_id: b249ef44-b215-4d3b-b5d6-7cec08154b7a
+ originating_usn : 0x0000000000000dbc (3516)
+ local_usn : 0x0000000000000dbc (3516)
+ array: struct replPropertyMetaData1
+ attid : DRSUAPI_ATTID_whenCreated (0x20002)
+ version : 0x00000001 (1)
+ originating_invocation_id: b249ef44-b215-4d3b-b5d6-7cec08154b7a
+ originating_usn : 0x0000000000000dbc (3516)
+ local_usn : 0x0000000000000dbc (3516)
+ array: struct replPropertyMetaData1
+ attid : DRSUAPI_ATTID_ntSecurityDescriptor (0x20119)
+ version : 0x00000001 (1)
+ originating_invocation_id: b249ef44-b215-4d3b-b5d6-7cec08154b7a
+ originating_usn : 0x0000000000000dbc (3516)
+ local_usn : 0x0000000000000dbc (3516)
+ array: struct replPropertyMetaData1
+ attid : DRSUAPI_ATTID_name (0x90001)
+ version : 0x00000001 (1)
+ originating_invocation_id: b249ef44-b215-4d3b-b5d6-7cec08154b7a
+ originating_usn : 0x0000000000000dbc (3516)
+ local_usn : 0x0000000000000dbc (3516)
+ array: struct replPropertyMetaData1
+ attid : DRSUAPI_ATTID_objectCategory (0x9030E)
+ version : 0x00000001 (1)
+ originating_invocation_id: b249ef44-b215-4d3b-b5d6-7cec08154b7a
+ originating_usn : 0x0000000000000dbc (3516)
+ local_usn : 0x0000000000000dbc (3516)
+ array: struct replPropertyMetaData1
+ attid : UNKNOWN_ENUM_VALUE (0x290002)
+ version : 0x00000001 (1)
+ originating_invocation_id: b249ef44-b215-4d3b-b5d6-7cec08154b7a
+ originating_usn : 0x0000000000000dbc (3516)
+ local_usn : 0x0000000000000dbc (3516)
+ array: struct replPropertyMetaData1
+ attid : UNKNOWN_ENUM_VALUE (0x290003)
+ version : 0x00000001 (1)
+ originating_invocation_id: b249ef44-b215-4d3b-b5d6-7cec08154b7a
+ originating_usn : 0x0000000000000dbc (3516)
+ local_usn : 0x0000000000000dbc (3516)
+ array: struct replPropertyMetaData1
+ attid : UNKNOWN_ENUM_VALUE (0x290006)
+ version : 0x00000001 (1)
+ originating_invocation_id: b249ef44-b215-4d3b-b5d6-7cec08154b7a
+ originating_usn : 0x0000000000000dbc (3516)
+ local_usn : 0x0000000000000dbc (3516)
+ array: struct replPropertyMetaData1
+ attid : UNKNOWN_ENUM_VALUE (0x290007)
+ version : 0x00000001 (1)
+ originating_invocation_id: b249ef44-b215-4d3b-b5d6-7cec08154b7a
+ originating_usn : 0x0000000000000dbc (3516)
+ local_usn : 0x0000000000000dbc (3516)
+ array: struct replPropertyMetaData1
+ attid : UNKNOWN_ENUM_VALUE (0x9DDA71B0)
+ version : 0x00000002 (2)
+ originating_invocation_id: b249ef44-b215-4d3b-b5d6-7cec08154b7a
+ originating_usn : 0x0000000000000dbe (3518)
+ local_usn : 0x0000000000000dbe (3518)
+ array: struct replPropertyMetaData1
+ attid : DRSUAPI_ATTID_cn (0x3)
+ version : 0x00000001 (1)
+ originating_invocation_id: b249ef44-b215-4d3b-b5d6-7cec08154b7a
+ originating_usn : 0x0000000000000dbc (3516)
+ local_usn : 0x0000000000000dbc (3516)
+
+sudoCommand: ALL
+sudoHost: ALL
+sudoRunAsGroup: ALL
+sudoRunAsUser: ALL
+uSNChanged: 3518
+uSNCreated: 3516
+whenCreated: 20151223001603.0Z
+
+# returned 1 records
+# 1 entries
+# 0 referrals
--- /dev/null
+# record 1
+dn: CN=ops_run_anything3,OU=SUDOers,DC=release-4-1-0rc3,DC=samba,DC=corp
+cn: ops_run_anything3
+distinguishedName: CN=ops_run_anything3,OU=SUDOers,DC=release-4-1-0rc3,DC=samba,DC=corp
+instanceType: 4
+name: ops_run_anything3
+objectCategory: CN=sudoRole,CN=Schema,CN=Configuration,DC=release-4-1-0rc3,DC=samba,DC=corp
+objectClass: top
+objectClass: sudoRole
+objectGUID: e955c5d5-66a2-4f5e-bb48-27232cafc92d
+replPropertyMetaData: NDR: struct replPropertyMetaDataBlob
+ version : 0x00000001 (1)
+ reserved : 0x00000000 (0)
+ ctr : union replPropertyMetaDataCtr(case 1)
+ ctr1: struct replPropertyMetaDataCtr1
+ count : 0x0000000c (12)
+ reserved : 0x00000000 (0)
+ array: ARRAY(12)
+ array: struct replPropertyMetaData1
+ attid : DRSUAPI_ATTID_objectClass (0x0)
+ version : 0x00000001 (1)
+ originating_change_time : Wed Dec 23 00:16:03 2015 UTC
+ originating_invocation_id: b249ef44-b215-4d3b-b5d6-7cec08154b7a
+ originating_usn : 0x0000000000000dbd (3517)
+ local_usn : 0x0000000000000dbd (3517)
+ array: struct replPropertyMetaData1
+ attid : DRSUAPI_ATTID_instanceType (0x20001)
+ version : 0x00000001 (1)
+ originating_change_time : Wed Dec 23 00:16:03 2015 UTC
+ originating_invocation_id: b249ef44-b215-4d3b-b5d6-7cec08154b7a
+ originating_usn : 0x0000000000000dbd (3517)
+ local_usn : 0x0000000000000dbd (3517)
+ array: struct replPropertyMetaData1
+ attid : DRSUAPI_ATTID_whenCreated (0x20002)
+ version : 0x00000001 (1)
+ originating_change_time : Wed Dec 23 00:16:03 2015 UTC
+ originating_invocation_id: b249ef44-b215-4d3b-b5d6-7cec08154b7a
+ originating_usn : 0x0000000000000dbd (3517)
+ local_usn : 0x0000000000000dbd (3517)
+ array: struct replPropertyMetaData1
+ attid : DRSUAPI_ATTID_ntSecurityDescriptor (0x20119)
+ version : 0x00000001 (1)
+ originating_change_time : Wed Dec 23 00:16:03 2015 UTC
+ originating_invocation_id: b249ef44-b215-4d3b-b5d6-7cec08154b7a
+ originating_usn : 0x0000000000000dbd (3517)
+ local_usn : 0x0000000000000dbd (3517)
+ array: struct replPropertyMetaData1
+ attid : DRSUAPI_ATTID_name (0x90001)
+ version : 0x00000001 (1)
+ originating_change_time : Wed Dec 23 00:16:03 2015 UTC
+ originating_invocation_id: b249ef44-b215-4d3b-b5d6-7cec08154b7a
+ originating_usn : 0x0000000000000dbd (3517)
+ local_usn : 0x0000000000000dbd (3517)
+ array: struct replPropertyMetaData1
+ attid : DRSUAPI_ATTID_objectCategory (0x9030E)
+ version : 0x00000001 (1)
+ originating_change_time : Wed Dec 23 00:16:03 2015 UTC
+ originating_invocation_id: b249ef44-b215-4d3b-b5d6-7cec08154b7a
+ originating_usn : 0x0000000000000dbd (3517)
+ local_usn : 0x0000000000000dbd (3517)
+ array: struct replPropertyMetaData1
+ attid : UNKNOWN_ENUM_VALUE (0x290001)
+ version : 0x00000001 (1)
+ originating_change_time : Wed Dec 23 00:16:03 2015 UTC
+ originating_invocation_id: b249ef44-b215-4d3b-b5d6-7cec08154b7a
+ originating_usn : 0x0000000000000dbd (3517)
+ local_usn : 0x0000000000000dbd (3517)
+ array: struct replPropertyMetaData1
+ attid : UNKNOWN_ENUM_VALUE (0x290002)
+ version : 0x00000001 (1)
+ originating_change_time : Wed Dec 23 00:16:03 2015 UTC
+ originating_invocation_id: b249ef44-b215-4d3b-b5d6-7cec08154b7a
+ originating_usn : 0x0000000000000dbd (3517)
+ local_usn : 0x0000000000000dbd (3517)
+ array: struct replPropertyMetaData1
+ attid : UNKNOWN_ENUM_VALUE (0x290003)
+ version : 0x00000001 (1)
+ originating_change_time : Wed Dec 23 00:16:03 2015 UTC
+ originating_invocation_id: b249ef44-b215-4d3b-b5d6-7cec08154b7a
+ originating_usn : 0x0000000000000dbd (3517)
+ local_usn : 0x0000000000000dbd (3517)
+ array: struct replPropertyMetaData1
+ attid : UNKNOWN_ENUM_VALUE (0x290006)
+ version : 0x00000001 (1)
+ originating_change_time : Wed Dec 23 00:16:03 2015 UTC
+ originating_invocation_id: b249ef44-b215-4d3b-b5d6-7cec08154b7a
+ originating_usn : 0x0000000000000dbd (3517)
+ local_usn : 0x0000000000000dbd (3517)
+ array: struct replPropertyMetaData1
+ attid : UNKNOWN_ENUM_VALUE (0x290007)
+ version : 0x00000001 (1)
+ originating_change_time : Wed Dec 23 00:16:03 2015 UTC
+ originating_invocation_id: b249ef44-b215-4d3b-b5d6-7cec08154b7a
+ originating_usn : 0x0000000000000dbd (3517)
+ local_usn : 0x0000000000000dbd (3517)
+ array: struct replPropertyMetaData1
+ attid : DRSUAPI_ATTID_cn (0x3)
+ version : 0x00000001 (1)
+ originating_change_time : Wed Dec 23 00:16:03 2015 UTC
+ originating_invocation_id: b249ef44-b215-4d3b-b5d6-7cec08154b7a
+ originating_usn : 0x0000000000000dbd (3517)
+ local_usn : 0x0000000000000dbd (3517)
+
+sudoCommand: ALL
+sudoHost: ALL
+sudoRunAsGroup: ALL
+sudoRunAsUser: ALL
+sudoUser: %ops
+uSNChanged: 3517
+uSNCreated: 3517
+whenChanged: 20151223001603.0Z
+whenCreated: 20151223001603.0Z
+
+# returned 1 records
+# 1 entries
+# 0 referrals
bin/ldbsearch -H st/promoted_dc/private/sam.ldb cn=ops_run_anything \* replpropertymetadata --show-binary > source4/selftest/provisions/release-4-1-0rc3/expected-replpropertymetadata-before-dbcheck.ldif
+bin/ldbadd -H st/promoted_dc/private/sam.ldb --configfile st/dc/private/sam.ldb $MASTER_SRC/source4/selftest/provisions/release-4-1-0rc3/sudoers2.ldif
+# Note that sudoers2-mod.ldif is used with the git build, not the 4.1 build
+
# Then these modified files can be pushed back into master by running
$MASTER_SRC/source4/selftest/provisions/dump.sh st/promoted_dc $MASTER_SRC/source4/selftest/provisions/release-4-1-0rc3
--- /dev/null
+dn: CN=ops_run_anything2,OU=SUDOers,DC=release-4-1-0rc3,DC=samba,DC=corp
+changetype: modify
+delete: sudoUser
+-
--- /dev/null
+dn: CN=ops_run_anything2,OU=SUDOers,DC=release-4-1-0rc3,DC=samba,DC=corp
+changetype: add
+sudoUser: %ops
+sudoHost: ALL
+sudoCommand: ALL
+sudoRunAsUser: ALL
+sudoRunAsGroup: ALL
+objectClass: top
+objectClass: sudoRole
+-
+
+dn: CN=ops_run_anything3,OU=SUDOers,DC=release-4-1-0rc3,DC=samba,DC=corp
+changetype: add
+sudoUser: %ops
+sudoHost: ALL
+sudoCommand: ALL
+sudoRunAsUser: ALL
+sudoRunAsGroup: ALL
+objectClass: top
+objectClass: sudoRole
+-
$PYTHON $BINDIR/samba-tool dbcheck --reindex -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb $@
}
+do_current_version_mod() {
+ if [ x$RELEASE = x"release-4-1-0rc3" ]; then
+ # Confirm (in combination with the ldbsearch below) that
+ # changing the attribute with current Samba fixes it, and that
+ # a fixed attriute isn't unfixed by dbcheck.
+ tmpldif=$release_dir/sudoers2-mod.ldif
+ $ldbmodify -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb $tmpldif
+ fi
+ return 0
+}
+
check_expected_before_values() {
if [ x$RELEASE = x"release-4-1-0rc3" ]; then
tmpldif=$PREFIX_ABS/$RELEASE/expected-replpropertymetadata-before-dbcheck.ldif.tmp
- TZ=UTC $ldbsearch -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb -s base -b CN=ops_run_anything,OU=SUDOers,DC=release-4-1-0rc3,DC=samba,DC=corp \* replpropertymetadata --show-binary > $tmpldif
+ TZ=UTC $ldbsearch -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb cn=ops_run_anything -s one -b OU=SUDOers,DC=release-4-1-0rc3,DC=samba,DC=corp \* replpropertymetadata --sorted --show-binary > $tmpldif
diff $tmpldif $release_dir/expected-replpropertymetadata-before-dbcheck.ldif
if [ "$?" != "0" ]; then
return 1
fi
+
+ TZ=UTC $ldbsearch -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb cn=ops_run_anything2 -s one -b OU=SUDOers,DC=release-4-1-0rc3,DC=samba,DC=corp \* replpropertymetadata --sorted --show-binary | grep -v originating_change_time| grep -v whenChanged > $tmpldif
+
+ # Here we remove originating_change_time and whenChanged as
+ # these are time-dependent, caused by the ldbmodify above.
+
+ diff $tmpldif $release_dir/expected-replpropertymetadata-before-dbcheck2.ldif
+ if [ "$?" != "0" ]; then
+ return 1
+ fi
+
+ TZ=UTC $ldbsearch -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb cn=ops_run_anything3 -s one -b OU=SUDOers,DC=release-4-1-0rc3,DC=samba,DC=corp \* replpropertymetadata --sorted --show-binary > $tmpldif
+ diff $tmpldif $release_dir/expected-replpropertymetadata-before-dbcheck3.ldif
+ if [ "$?" != "0" ]; then
+ return 1
+ fi
fi
return 0
}
check_expected_after_values() {
if [ x$RELEASE = x"release-4-1-0rc3" ]; then
- tmpldif=$PREFIX_ABS/$RELEASE/expected-replpropertymetadata-after-dbcheck.ldif.tmp
- TZ=UTC $ldbsearch -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb -s base -b CN=ops_run_anything,OU=SUDOers,DC=release-4-1-0rc3,DC=samba,DC=corp \* replpropertymetadata --show-binary > $tmpldif
- diff -u $tmpldif $release_dir/expected-replpropertymetadata-after-dbcheck.ldif
+ tmpldif=$PREFIX_ABS/$RELEASE/expected-replpropertymetadata-before-dbcheck.ldif.tmp
+ TZ=UTC $ldbsearch -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb cn=ops_run_anything -s one -b OU=SUDOers,DC=release-4-1-0rc3,DC=samba,DC=corp \* replpropertymetadata --sorted --show-binary > $tmpldif
+ diff $tmpldif $release_dir/expected-replpropertymetadata-after-dbcheck.ldif
+ if [ "$?" != "0" ]; then
+ return 1
+ fi
+ TZ=UTC $ldbsearch -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb cn=ops_run_anything2 -s one -b OU=SUDOers,DC=release-4-1-0rc3,DC=samba,DC=corp \* replpropertymetadata --sorted --show-binary | grep -v originating_change_time| grep -v whenChanged > $tmpldif
+ diff $tmpldif $release_dir/expected-replpropertymetadata-after-dbcheck2.ldif
+ if [ "$?" != "0" ]; then
+ return 1
+ fi
+ TZ=UTC $ldbsearch -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb cn=ops_run_anything3 -s one -b OU=SUDOers,DC=release-4-1-0rc3,DC=samba,DC=corp \* replpropertymetadata --sorted --show-binary > $tmpldif
+ diff $tmpldif $release_dir/expected-replpropertymetadata-after-dbcheck3.ldif
if [ "$?" != "0" ]; then
return 1
fi
if [ -d $release_dir ]; then
testit $RELEASE undump
testit "reindex" reindex
+ testit "current_version_mod" do_current_version_mod
testit "check_expected_before_values" check_expected_before_values
testit_expect_failure "dbcheck" dbcheck
testit "check_expected_after_values" check_expected_after_values