diff options
author | Andrew Tridgell <tridge@samba.org> | 2011-07-11 12:23:01 +1000 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2011-07-11 14:32:44 +1000 |
commit | e14725c8fe4c257d9951d48d3093ecb9916abfae (patch) | |
tree | 6af632621972216b052be894f45bbd4b4cea3ee5 | |
parent | 6f6cda72fc6d737060dd1f747b0e3b0f497b8d57 (diff) | |
download | samba-e14725c8fe4c257d9951d48d3093ecb9916abfae.tar.gz samba-e14725c8fe4c257d9951d48d3093ecb9916abfae.tar.bz2 samba-e14725c8fe4c257d9951d48d3093ecb9916abfae.zip |
dbcheck: check all objects, including deleted objects
this makes dbcheck search over all objects, deleted or not. This
matters because when another DC replicates from this DC it replicates
the deleted objects as well, so invalid attributes in deleted objects
can cause problems on the new DC (for example, windows can get stuck
or even crash during the replication)
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
-rw-r--r-- | source4/scripting/python/samba/dbchecker.py | 33 | ||||
-rw-r--r-- | source4/scripting/python/samba/netcmd/dbcheck.py | 2 |
2 files changed, 18 insertions, 17 deletions
diff --git a/source4/scripting/python/samba/dbchecker.py b/source4/scripting/python/samba/dbchecker.py index df9e9d75c1..eea9dfc28e 100644 --- a/source4/scripting/python/samba/dbchecker.py +++ b/source4/scripting/python/samba/dbchecker.py @@ -136,7 +136,7 @@ class dbcheck(object): if self.verbose: self.report(self.samdb.write_ldif(m, ldb.CHANGETYPE_MODIFY)) try: - self.samdb.modify(m, controls=["relax:0"], validate=False) + self.samdb.modify(m, controls=["relax:0", "show_deleted:1"], validate=False) except Exception, msg: self.report("Failed to remove empty attribute %s : %s" % (attrname, msg)) return @@ -172,7 +172,7 @@ class dbcheck(object): if self.verbose: self.report(self.samdb.write_ldif(m, ldb.CHANGETYPE_MODIFY)) try: - self.samdb.modify(m, controls=["relax:0"], validate=False) + self.samdb.modify(m, controls=["relax:0", "show_deleted:1"], validate=False) except Exception, msg: self.report("Failed to normalise attribute %s : %s" % (attrname, msg)) return @@ -187,9 +187,7 @@ class dbcheck(object): # handle a missing GUID extended DN component def err_incorrect_dn_GUID(self, dn, attrname, val, dsdb_dn, errstr): self.report("ERROR: %s component for %s in object %s - %s" % (errstr, attrname, dn, val)) - controls=["extended_dn:1:1"] - if self.is_deleted_objects_dn(dsdb_dn): - controls.append("show_deleted:1") + controls=["extended_dn:1:1", "show_deleted:1"] try: res = self.samdb.search(base=str(dsdb_dn.dn), scope=ldb.SCOPE_BASE, attrs=[], controls=controls) @@ -208,7 +206,7 @@ class dbcheck(object): if self.verbose: self.report(self.samdb.write_ldif(m, ldb.CHANGETYPE_MODIFY)) try: - self.samdb.modify(m) + self.samdb.modify(m, controls=["show_deleted:1"]) except Exception, msg: self.report("Failed to fix %s on attribute %s : %s" % (errstr, attrname, msg)) return @@ -229,7 +227,7 @@ class dbcheck(object): if self.verbose: self.report(self.samdb.write_ldif(m, ldb.CHANGETYPE_MODIFY)) try: - self.samdb.modify(m) + self.samdb.modify(m, controls=["show_deleted:1"]) except Exception, msg: self.report("Failed to remove deleted DN attribute %s : %s" % (attrname, msg)) return @@ -252,7 +250,7 @@ class dbcheck(object): if self.verbose: self.report(self.samdb.write_ldif(m, ldb.CHANGETYPE_MODIFY)) try: - self.samdb.modify(m) + self.samdb.modify(m, controls=["show_deleted:1"]) except Exception, msg: self.report("Failed to fix incorrect DN string on attribute %s : %s" % (attrname, msg)) return @@ -272,7 +270,7 @@ class dbcheck(object): if self.verbose: self.report(self.samdb.write_ldif(m, ldb.CHANGETYPE_MODIFY)) try: - self.samdb.modify(m, controls=["relax:0"]) + self.samdb.modify(m, controls=["relax:0", "show_deleted:1"]) except Exception, msg: self.report("Failed to remove unknown attribute %s : %s" % (attrname, msg)) return @@ -305,12 +303,13 @@ class dbcheck(object): self.err_incorrect_dn_GUID(obj.dn, attrname, val, dsdb_dn, "incorrect GUID") continue - # the target DN might be deleted - if ((not self.is_deleted_objects_dn(dsdb_dn)) and - 'isDeleted' in res[0] and - res[0]['isDeleted'][0].upper() == "TRUE"): - # note that we don't check this for the special wellKnownObjects prefix - # for Deleted Objects, as we expect that to be deleted + # now we have two cases - the source object might or might not be deleted + is_deleted = 'isDeleted' in obj and obj['isDeleted'][0].upper() == 'TRUE' + target_is_deleted = 'isDeleted' in res[0] and res[0]['isDeleted'][0].upper() == 'TRUE' + + # the target DN is not allowed to be deleted, unless the target DN is the + # special Deleted Objects container + if target_is_deleted and not is_deleted and not self.is_deleted_objects_dn(dsdb_dn): error_count += 1 self.err_deleted_dn(obj.dn, attrname, val, dsdb_dn, res[0].dn) continue @@ -332,7 +331,9 @@ class dbcheck(object): '''check one object''' if self.verbose: self.report("Checking object %s" % dn) - res = self.samdb.search(base=dn, scope=ldb.SCOPE_BASE, controls=["extended_dn:1:1"], attrs=attrs) + res = self.samdb.search(base=dn, scope=ldb.SCOPE_BASE, + controls=["extended_dn:1:1", "show_deleted:1"], + attrs=attrs) if len(res) != 1: self.report("Object %s disappeared during check" % dn) return 1 diff --git a/source4/scripting/python/samba/netcmd/dbcheck.py b/source4/scripting/python/samba/netcmd/dbcheck.py index fce45306ca..203d447b12 100644 --- a/source4/scripting/python/samba/netcmd/dbcheck.py +++ b/source4/scripting/python/samba/netcmd/dbcheck.py @@ -86,7 +86,7 @@ class cmd_dbcheck(Command): raise CommandError("Unknown scope %s" % scope) search_scope = scope_map[scope] - controls = [] + controls = ['show_deleted:1'] if H.startswith('ldap'): controls.append('paged_results:1:1000') if cross_ncs: |