5 Usage: dbcheck-links.sh PREFIX RELEASE
14 .
`dirname $0`/subunit.sh
16 .
`dirname $0`/common-links.sh
19 tmpfile
=$PREFIX_ABS/$RELEASE/expected-dbcheck-link-output
${1}.txt.tmp
20 tmpldif1
=$PREFIX_ABS/$RELEASE/expected-dbcheck-output
${1}2.txt.tmp1
22 TZ
=UTC
$ldbsearch -H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb
-s base
-b '' |
grep highestCommittedUSN
> $tmpldif1
24 $PYTHON $BINDIR/samba-tool dbcheck
-H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb
$3 --fix --yes > $tmpfile
25 if [ "$?" != "$2" ]; then
28 sort $tmpfile > $tmpfile.sorted
29 sort $release_dir/expected-dbcheck-link-output
${1}.txt
> $tmpfile.expected
30 diff -u $tmpfile.sorted
$tmpfile.expected
31 if [ "$?" != "0" ]; then
35 tmpldif2
=$PREFIX_ABS/$RELEASE/expected-dbcheck-output
${1}2.txt.tmp2
36 TZ
=UTC
$ldbsearch -H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb
-s base
-b '' |
grep highestCommittedUSN
> $tmpldif2
38 diff -u $tmpldif1 $tmpldif2
39 if [ "$?" != "0" ]; then
50 dbcheck
"_one_way" "0" "CN=Configuration,DC=release-4-5-0-pre1,DC=samba,DC=corp"
55 tmpldif1
=$PREFIX_ABS/$RELEASE/expected-dbcheck-output2.txt.tmp1
57 TZ
=UTC
$ldbsearch -H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb
-s base
-b '' |
grep highestCommittedUSN
> $tmpldif1
59 $PYTHON $BINDIR/samba-tool dbcheck
-H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb
60 if [ "$?" != "0" ]; then
63 tmpldif2
=$PREFIX_ABS/$RELEASE/expected-dbcheck-output2.txt.tmp2
64 TZ
=UTC
$ldbsearch -H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb
-s base
-b '' |
grep highestCommittedUSN
> $tmpldif2
66 diff -u $tmpldif1 $tmpldif2
67 if [ "$?" != "0" ]; then
72 check_expected_after_links
() {
73 tmpldif
=$PREFIX_ABS/$RELEASE/expected-links-after-link-dbcheck.ldif.tmp
74 TZ
=UTC
$ldbsearch -H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb
'(|(cn=swimmers)(cn=leaders)(cn=helpers))' -s sub
-b DC
=release-4-5-0-pre1
,DC
=samba
,DC
=corp
--show-deleted --sorted member
> $tmpldif
75 diff -u $tmpldif $release_dir/expected-links-after-link-dbcheck.ldif
76 if [ "$?" != "0" ]; then
81 check_expected_after_deleted_links
() {
82 tmpldif
=$PREFIX_ABS/$RELEASE/expected-deleted-links-after-link-dbcheck.ldif.tmp
83 TZ
=UTC
$ldbsearch -H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb
'(|(cn=swimmers)(cn=leaders)(cn=helpers))' -s sub
-b DC
=release-4-5-0-pre1
,DC
=samba
,DC
=corp
--show-deleted --reveal --sorted member
> $tmpldif
84 diff -u $tmpldif $release_dir/expected-deleted-links-after-link-dbcheck.ldif
85 if [ "$?" != "0" ]; then
90 check_expected_after_objects
() {
91 tmpldif
=$PREFIX_ABS/$RELEASE/expected-objects-after-link-dbcheck.ldif.tmp
92 TZ
=UTC
$ldbsearch -H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb
'(|(samaccountname=fred)(samaccountname=ddg)(samaccountname=usg)(samaccountname=user1)(samaccountname=user1x)(samaccountname=user2))' -s sub
-b DC
=release-4-5-0-pre1
,DC
=samba
,DC
=corp
--show-deleted --reveal --sorted samAccountName |
grep sAMAccountName
> $tmpldif
93 diff -u $tmpldif $release_dir/expected-objects-after-link-dbcheck.ldif
94 if [ "$?" != "0" ]; then
100 # We use an exisiting group so we have a stable GUID in the
102 LDIF1
=$
(TZ
=UTC
$ldbsearch -H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb
-b 'CN=Enterprise Admins,CN=users,DC=release-4-5-0-pre1,DC=samba,DC=corp' -s base
--reveal --extended-dn member
)
103 DN
=$
(echo "${LDIF1}" |
grep '^dn: ')
104 MSG
=$
(echo "${LDIF1}" |
grep -v '^dn: ' |
grep -v '^#' |
grep -v '^$')
105 ldif
=$PREFIX_ABS/${RELEASE}/duplicate-member-multi.ldif
108 echo "changetype: modify"
109 echo "replace: member"
111 echo "${MSG}" |
sed -e 's!RMD_LOCAL_USN=[1-9][0-9]*!RMD_LOCAL_USN=0!'
114 TZ
=UTC
$ldbmodify -H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb.d
/DC
%3DRELEASE-4-5-0-PRE1
,DC
%3DSAMBA
,DC
%3DCORP.ldb
$ldif
115 if [ "$?" != "0" ]; then
120 dbcheck_duplicate_member
() {
121 dbcheck
"_duplicate_member" "1" ""
125 check_expected_after_duplicate_links
() {
126 tmpldif
=$PREFIX_ABS/$RELEASE/expected-duplicates-after-link-dbcheck.ldif.tmp
127 TZ
=UTC
$ldbsearch -H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb
'(|(cn=administrator)(cn=enterprise admins))' -s sub
-b DC
=release-4-5-0-pre1
,DC
=samba
,DC
=corp
--show-deleted --sorted memberOf member
> $tmpldif
128 diff -u $tmpldif $release_dir/expected-duplicates-after-link-dbcheck.ldif
129 if [ "$?" != "0" ]; then
134 missing_link_sid_corruption
() {
135 # Step1: add user "missingsidu1"
137 ldif
=$PREFIX_ABS/${RELEASE}/missing_link_sid_corruption1.ldif
139 dn: CN=missingsidu1,CN=users,DC=release-4-5-0-pre1,DC=samba,DC=corp
142 samaccountname: missingsidu1
143 objectGUID: 0da8f25e-d110-11e8-80b7-3c970ec68461
144 objectSid: S-1-5-21-4177067393-1453636373-93818738-771
147 out
=$
(TZ
=UTC
$ldbmodify -H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb
--relax $ldif)
148 if [ "$?" != "0" ]; then
149 echo "ldbmodify returned:\n$out"
153 # Step2: add user "missingsidu2"
155 ldif
=$PREFIX_ABS/${RELEASE}/missing_link_sid_corruption2.ldif
157 dn: CN=missingsidu2,CN=users,DC=release-4-5-0-pre1,DC=samba,DC=corp
160 samaccountname: missingsidu2
161 objectGUID: 66eb8f52-d110-11e8-ab9b-3c970ec68461
162 objectSid: S-1-5-21-4177067393-1453636373-93818738-772
165 out
=$
(TZ
=UTC
$ldbmodify -H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb
--relax $ldif)
166 if [ "$?" != "0" ]; then
167 echo "ldbmodify returned:\n$out"
171 # Step3: add group "missingsidg3" and add users as members
173 ldif
=$PREFIX_ABS/${RELEASE}/missing_link_sid_corruption3.ldif
175 dn: CN=missingsidg3,CN=users,DC=release-4-5-0-pre1,DC=samba,DC=corp
178 samaccountname: missingsidg3
179 objectGUID: fd992424-d114-11e8-bb36-3c970ec68461
180 objectSid: S-1-5-21-4177067393-1453636373-93818738-773
181 member: CN=missingsidu1,CN=users,DC=release-4-5-0-pre1,DC=samba,DC=corp
182 member: CN=missingsidu2,CN=users,DC=release-4-5-0-pre1,DC=samba,DC=corp
185 out
=$
(TZ
=UTC
$ldbmodify -H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb
--relax $ldif)
186 if [ "$?" != "0" ]; then
187 echo "ldbmodify returned:\n$out"
191 # Step4: remove one user again, so that we have one deleted link
193 ldif
=$PREFIX_ABS/${RELEASE}/missing_link_sid_corruption4.ldif
195 dn: CN=missingsidg3,CN=users,DC=release-4-5-0-pre1,DC=samba,DC=corp
198 member: CN=missingsidu1,CN=users,DC=release-4-5-0-pre1,DC=samba,DC=corp
201 out
=$
(TZ
=UTC
$ldbmodify -H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb
--relax $ldif)
202 if [ "$?" != "0" ]; then
203 echo "ldbmodify returned:\n$out"
208 # Step5: remove the SIDS from the links
210 LDIF1
=$
(TZ
=UTC
$ldbsearch -H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb
-b 'CN=missingsidg3,CN=users,DC=release-4-5-0-pre1,DC=samba,DC=corp' -s base
--reveal --extended-dn --show-binary member
)
211 DN
=$
(echo "${LDIF1}" |
grep '^dn: ')
212 MSG
=$
(echo "${LDIF1}" |
grep -v '^dn: ' |
grep -v '^#' |
grep -v '^$')
213 ldif
=$PREFIX_ABS/${RELEASE}/missing_link_sid_corruption5.ldif
216 echo "changetype: modify"
217 echo "replace: member"
219 echo "${MSG}" |
sed \
220 -e 's!<SID=S-1-5-21-4177067393-1453636373-93818738-771>;!!g' \
221 -e 's!<SID=S-1-5-21-4177067393-1453636373-93818738-772>;!!g' \
222 -e 's!RMD_ADDTIME=[1-9][0-9]*!RMD_ADDTIME=123456789000000000!g' \
223 -e 's!RMD_CHANGETIME=[1-9][0-9]*!RMD_CHANGETIME=123456789000000000!g' \
227 out
=$
(TZ
=UTC
$ldbmodify -H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb.d
/DC
%3DRELEASE-4-5-0-PRE1
,DC
%3DSAMBA
,DC
%3DCORP.ldb
$ldif)
228 if [ "$?" != "0" ]; then
229 echo "ldbmodify returned:\n$out"
236 dbcheck_missing_link_sid_corruption
() {
237 dbcheck
"-missing-link-sid-corruption" "1" ""
241 add_lost_deleted_user1
() {
242 ldif
=$PREFIX_ABS/${RELEASE}/add_lost_deleted_user1.ldif
244 dn: CN=fred\0ADEL:2301a64c-1234-5678-851e-12d4a711cfb4,OU=removed,DC=release-4-5-0-pre1,DC=samba,DC=corp
247 objectClass: organizationalPerson
250 whenCreated: 20160629043638.0Z
252 objectGUID: 2301a64c-1234-5678-851e-12d4a711cfb4
253 objectSid: S-1-5-21-4177067393-1453636373-93818738-1011
255 userAccountControl: 512
257 lastKnownParent: <GUID=f28216e9-1234-5678-8b2d-6bb229563b62>;OU=removed,DC=rel
258 ease-4-5-0-pre1,DC=samba,DC=corp
260 cn:: ZnJlZApERUw6MjMwMWE2NGMtMTIzNC01Njc4LTg1MWUtMTJkNGE3MTFjZmI0
261 name:: ZnJlZApERUw6MjMwMWE2NGMtMTIzNC01Njc4LTg1MWUtMTJkNGE3MTFjZmI0
262 replPropertyMetaData:: AQAAAAAAAAAXAAAAAAAAAAAAAAABAAAAVuGDDQMAAACjlkROuH+XT4o
263 z0jjbi14tnA4AAAAAAACcDgAAAAAAAAMAAAACAAAAV+GDDQMAAACjlkROuH+XT4oz0jjbi14tog4A
264 AAAAAACiDgAAAAAAAAEAAgABAAAAVuGDDQMAAACjlkROuH+XT4oz0jjbi14tnA4AAAAAAACcDgAAA
265 AAAAAIAAgABAAAAVuGDDQMAAACjlkROuH+XT4oz0jjbi14tnA4AAAAAAACcDgAAAAAAADAAAgABAA
266 AAV+GDDQMAAACjlkROuH+XT4oz0jjbi14tog4AAAAAAACiDgAAAAAAABkBAgABAAAAVuGDDQMAAAC
267 jlkROuH+XT4oz0jjbi14tnA4AAAAAAACcDgAAAAAAAAEACQACAAAAV+GDDQMAAACjlkROuH+XT4oz
268 0jjbi14tog4AAAAAAACiDgAAAAAAAAgACQADAAAAVuGDDQMAAACjlkROuH+XT4oz0jjbi14tng4AA
269 AAAAACeDgAAAAAAABAACQACAAAAV+GDDQMAAACjlkROuH+XT4oz0jjbi14tog4AAAAAAACiDgAAAA
270 AAABkACQACAAAAV+GDDQMAAACjlkROuH+XT4oz0jjbi14tog4AAAAAAACiDgAAAAAAAFoACQABAAA
271 AVuGDDQMAAACjlkROuH+XT4oz0jjbi14tnQ4AAAAAAACdDgAAAAAAAF4ACQABAAAAVuGDDQMAAACj
272 lkROuH+XT4oz0jjbi14tnQ4AAAAAAACdDgAAAAAAAGAACQADAAAAV+GDDQMAAACjlkROuH+XT4oz0
273 jjbi14tog4AAAAAAACiDgAAAAAAAGIACQACAAAAV+GDDQMAAACjlkROuH+XT4oz0jjbi14tog4AAA
274 AAAACiDgAAAAAAAH0ACQABAAAAVuGDDQMAAACjlkROuH+XT4oz0jjbi14tnQ4AAAAAAACdDgAAAAA
275 AAJIACQABAAAAVuGDDQMAAACjlkROuH+XT4oz0jjbi14tnA4AAAAAAACcDgAAAAAAAJ8ACQACAAAA
276 V+GDDQMAAACjlkROuH+XT4oz0jjbi14tog4AAAAAAACiDgAAAAAAAN0ACQABAAAAVuGDDQMAAACjl
277 kROuH+XT4oz0jjbi14tnA4AAAAAAACcDgAAAAAAAC4BCQACAAAAV+GDDQMAAACjlkROuH+XT4oz0j
278 jbi14tog4AAAAAAACiDgAAAAAAAJACCQACAAAAV+GDDQMAAACjlkROuH+XT4oz0jjbi14tog4AAAA
279 AAACiDgAAAAAAAA0DCQABAAAAV+GDDQMAAACjlkROuH+XT4oz0jjbi14tog4AAAAAAACiDgAAAAAA
280 AA4DCQACAAAAV+GDDQMAAACjlkROuH+XT4oz0jjbi14tog4AAAAAAACiDgAAAAAAAAoICQABAAAAV
281 +GDDQMAAACjlkROuH+XT4oz0jjbi14tog4AAAAAAACiDgAAAAAAAA==
282 whenChanged: 20160629043639.0Z
284 nTSecurityDescriptor:: AQAXjBQAAAAwAAAATAAAAMQAAAABBQAAAAAABRUAAACB/fj4FbukVnK
285 PlwUAAgAAAQUAAAAAAAUVAAAAgf34+BW7pFZyj5cFAAIAAAQAeAACAAAAB1o4ACAAAAADAAAAvjsO
286 8/Cf0RG2AwAA+ANnwaV6lr/mDdARooUAqgAwSeIBAQAAAAAAAQAAAAAHWjgAIAAAAAMAAAC/Ow7z8
287 J/REbYDAAD4A2fBpXqWv+YN0BGihQCqADBJ4gEBAAAAAAABAAAAAAQA1AcsAAAAAAAkAP8BDwABBQ
288 AAAAAABRUAAACB/fj4FbukVnKPlwUAAgAAAAAUAP8BDwABAQAAAAAABRIAAAAAABgA/wEPAAECAAA
289 AAAAFIAAAACQCAAAAABQAlAACAAEBAAAAAAAFCgAAAAUAKAAAAQAAAQAAAFMacqsvHtARmBkAqgBA
290 UpsBAQAAAAAABQoAAAAFACgAAAEAAAEAAABUGnKrLx7QEZgZAKoAQFKbAQEAAAAAAAUKAAAABQAoA
291 AABAAABAAAAVhpyqy8e0BGYGQCqAEBSmwEBAAAAAAAFCgAAAAUAKAAwAAAAAQAAAIa4tXdKlNERrr
292 0AAPgDZ8EBAQAAAAAABQoAAAAFACgAMAAAAAEAAACylVfkVZTREa69AAD4A2fBAQEAAAAAAAUKAAA
293 ABQAoADAAAAABAAAAs5VX5FWU0RGuvQAA+ANnwQEBAAAAAAAFCgAAAAUAOAAQAAAAAQAAAPiIcAPh
294 CtIRtCIAoMlo+TkBBQAAAAAABRUAAACB/fj4FbukVnKPlwUpAgAABQA4ABAAAAABAAAAAEIWTMAg0
295 BGnaACqAG4FKQEFAAAAAAAFFQAAAIH9+PgVu6RWco+XBSkCAAAFADgAEAAAAAEAAABAwgq8qXnQEZ
296 AgAMBPwtTPAQUAAAAAAAUVAAAAgf34+BW7pFZyj5cFKQIAAAAAFAAAAAIAAQEAAAAAAAULAAAABQA
297 oABAAAAABAAAAQi+6WaJ50BGQIADAT8LTzwEBAAAAAAAFCwAAAAUAKAAQAAAAAQAAAIa4tXdKlNER
298 rr0AAPgDZ8EBAQAAAAAABQsAAAAFACgAEAAAAAEAAACzlVfkVZTREa69AAD4A2fBAQEAAAAAAAULA
299 AAABQAoABAAAAABAAAAVAGN5Pi80RGHAgDAT7lgUAEBAAAAAAAFCwAAAAUAKAAAAQAAAQAAAFMacq
300 svHtARmBkAqgBAUpsBAQAAAAAAAQAAAAAFADgAEAAAAAEAAAAQICBfpXnQEZAgAMBPwtTPAQUAAAA
301 AAAUVAAAAgf34+BW7pFZyj5cFKQIAAAUAOAAwAAAAAQAAAH96lr/mDdARooUAqgAwSeIBBQAAAAAA
302 BRUAAACB/fj4FbukVnKPlwUFAgAABQAsABAAAAABAAAAHbGpRq5gWkC36P+KWNRW0gECAAAAAAAFI
303 AAAADACAAAFACwAMAAAAAEAAAAcmrZtIpTREa69AAD4A2fBAQIAAAAAAAUgAAAAMQIAAAUALAAwAA
304 AAAQAAAGK8BVjJvShEpeKFag9MGF4BAgAAAAAABSAAAAAxAgAABRo8ABAAAAADAAAAAEIWTMAg0BG
305 naACqAG4FKRTMKEg3FLxFmwetbwFeXygBAgAAAAAABSAAAAAqAgAABRI8ABAAAAADAAAAAEIWTMAg
306 0BGnaACqAG4FKbp6lr/mDdARooUAqgAwSeIBAgAAAAAABSAAAAAqAgAABRo8ABAAAAADAAAAECAgX
307 6V50BGQIADAT8LUzxTMKEg3FLxFmwetbwFeXygBAgAAAAAABSAAAAAqAgAABRI8ABAAAAADAAAAEC
308 AgX6V50BGQIADAT8LUz7p6lr/mDdARooUAqgAwSeIBAgAAAAAABSAAAAAqAgAABRo8ABAAAAADAAA
309 AQMIKvKl50BGQIADAT8LUzxTMKEg3FLxFmwetbwFeXygBAgAAAAAABSAAAAAqAgAABRI8ABAAAAAD
310 AAAAQMIKvKl50BGQIADAT8LUz7p6lr/mDdARooUAqgAwSeIBAgAAAAAABSAAAAAqAgAABRo8ABAAA
311 AADAAAAQi+6WaJ50BGQIADAT8LTzxTMKEg3FLxFmwetbwFeXygBAgAAAAAABSAAAAAqAgAABRI8AB
312 AAAAADAAAAQi+6WaJ50BGQIADAT8LTz7p6lr/mDdARooUAqgAwSeIBAgAAAAAABSAAAAAqAgAABRo
313 8ABAAAAADAAAA+IhwA+EK0hG0IgCgyWj5ORTMKEg3FLxFmwetbwFeXygBAgAAAAAABSAAAAAqAgAA
314 BRI8ABAAAAADAAAA+IhwA+EK0hG0IgCgyWj5Obp6lr/mDdARooUAqgAwSeIBAgAAAAAABSAAAAAqA
315 gAABRo4ABAAAAADAAAAbZ7Gt8cs0hGFTgCgyYP2CIZ6lr/mDdARooUAqgAwSeIBAQAAAAAABQkAAA
316 AFGjgAEAAAAAMAAABtnsa3xyzSEYVOAKDJg/YInHqWv+YN0BGihQCqADBJ4gEBAAAAAAAFCQAAAAU
317 SOAAQAAAAAwAAAG2exrfHLNIRhU4AoMmD9gi6epa/5g3QEaKFAKoAMEniAQEAAAAAAAUJAAAABRos
318 AJQAAgACAAAAFMwoSDcUvEWbB61vAV5fKAECAAAAAAAFIAAAACoCAAAFGiwAlAACAAIAAACcepa/5
319 g3QEaKFAKoAMEniAQIAAAAAAAUgAAAAKgIAAAUSLACUAAIAAgAAALp6lr/mDdARooUAqgAwSeIBAg
320 AAAAAABSAAAAAqAgAABRIoADABAAABAAAA3kfmkW/ZcEuVV9Y/9PPM2AEBAAAAAAAFCgAAAAASJAD
321 /AQ8AAQUAAAAAAAUVAAAAgf34+BW7pFZyj5cFBwIAAAASGAAEAAAAAQIAAAAAAAUgAAAAKgIAAAAS
322 GAC9AQ8AAQIAAAAAAAUgAAAAIAIAAA==
325 out
=$
(TZ
=UTC
$ldbadd -H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb.d
/DC
%3DRELEASE-4-5-0-PRE1
,DC
%3DSAMBA
,DC
%3DCORP.ldb
$ldif)
326 if [ "$?" != "0" ]; then
327 echo "ldbadd returned:\n$out"
334 dbcheck_lost_deleted_user1
() {
335 dbcheck
"-lost-deleted-user1" "1" ""
339 remove_lost_deleted_user1
() {
340 out
=$
(TZ
=UTC
$ldbdel -H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb
"<GUID=2301a64c-1234-5678-851e-12d4a711cfb4>" --show-recycled --relax)
341 if [ "$?" != "0" ]; then
342 echo "ldbdel returned:\n$out"
349 add_lost_deleted_user2
() {
350 ldif
=$PREFIX_ABS/${RELEASE}/add_lost_deleted_user2.ldif
352 dn: CN=fred\0ADEL:2301a64c-8765-4321-851e-12d4a711cfb4,CN=LostAndFound,DC=release-4-5-0-pre1,DC=samba,DC=corp
355 objectClass: organizationalPerson
358 whenCreated: 20160629043638.0Z
360 objectGUID: 2301a64c-8765-4321-851e-12d4a711cfb4
361 objectSid: S-1-5-21-4177067393-1453636373-93818738-1001
363 userAccountControl: 512
365 lastKnownParent: OU=removed,DC=release-4-5-0-pre1,DC=samba,DC=corp
367 cn:: ZnJlZApERUw6MjMwMWE2NGMtODc2NS00MzIxLTg1MWUtMTJkNGE3MTFjZmI0
368 name:: ZnJlZApERUw6MjMwMWE2NGMtODc2NS00MzIxLTg1MWUtMTJkNGE3MTFjZmI0
369 replPropertyMetaData:: AQAAAAAAAAAXAAAAAAAAAAAAAAABAAAAVuGDDQMAAACjlkROuH+XT4o
370 z0jjbi14tnA4AAAAAAACcDgAAAAAAAAMAAAACAAAAV+GDDQMAAACjlkROuH+XT4oz0jjbi14tog4A
371 AAAAAACiDgAAAAAAAAEAAgABAAAAVuGDDQMAAACjlkROuH+XT4oz0jjbi14tnA4AAAAAAACcDgAAA
372 AAAAAIAAgABAAAAVuGDDQMAAACjlkROuH+XT4oz0jjbi14tnA4AAAAAAACcDgAAAAAAADAAAgABAA
373 AAV+GDDQMAAACjlkROuH+XT4oz0jjbi14tog4AAAAAAACiDgAAAAAAABkBAgABAAAAVuGDDQMAAAC
374 jlkROuH+XT4oz0jjbi14tnA4AAAAAAACcDgAAAAAAAAEACQAEAAAAePOWEgMAAACjlkROuH+XT4oz
375 0jjbi14tvA4AAAAAAAC8DgAAAAAAAAgACQADAAAAVuGDDQMAAACjlkROuH+XT4oz0jjbi14tng4AA
376 AAAAACeDgAAAAAAABAACQACAAAAV+GDDQMAAACjlkROuH+XT4oz0jjbi14tog4AAAAAAACiDgAAAA
377 AAABkACQACAAAAV+GDDQMAAACjlkROuH+XT4oz0jjbi14tog4AAAAAAACiDgAAAAAAAFoACQABAAA
378 AVuGDDQMAAACjlkROuH+XT4oz0jjbi14tnQ4AAAAAAACdDgAAAAAAAF4ACQABAAAAVuGDDQMAAACj
379 lkROuH+XT4oz0jjbi14tnQ4AAAAAAACdDgAAAAAAAGAACQADAAAAV+GDDQMAAACjlkROuH+XT4oz0
380 jjbi14tog4AAAAAAACiDgAAAAAAAGIACQACAAAAV+GDDQMAAACjlkROuH+XT4oz0jjbi14tog4AAA
381 AAAACiDgAAAAAAAH0ACQABAAAAVuGDDQMAAACjlkROuH+XT4oz0jjbi14tnQ4AAAAAAACdDgAAAAA
382 AAJIACQABAAAAVuGDDQMAAACjlkROuH+XT4oz0jjbi14tnA4AAAAAAACcDgAAAAAAAJ8ACQACAAAA
383 V+GDDQMAAACjlkROuH+XT4oz0jjbi14tog4AAAAAAACiDgAAAAAAAN0ACQABAAAAVuGDDQMAAACjl
384 kROuH+XT4oz0jjbi14tnA4AAAAAAACcDgAAAAAAAC4BCQACAAAAV+GDDQMAAACjlkROuH+XT4oz0j
385 jbi14tog4AAAAAAACiDgAAAAAAAJACCQACAAAAV+GDDQMAAACjlkROuH+XT4oz0jjbi14tog4AAAA
386 AAACiDgAAAAAAAA0DCQADAAAAePOWEgMAAACjlkROuH+XT4oz0jjbi14tvQ4AAAAAAAC9DgAAAAAA
387 AA4DCQACAAAAV+GDDQMAAACjlkROuH+XT4oz0jjbi14tog4AAAAAAACiDgAAAAAAAAoICQABAAAAV
388 +GDDQMAAACjlkROuH+XT4oz0jjbi14tog4AAAAAAACiDgAAAAAAAA==
389 whenChanged: 20160629043639.0Z
391 nTSecurityDescriptor:: AQAXjBQAAAAwAAAATAAAAMQAAAABBQAAAAAABRUAAACB/fj4FbukVnK
392 PlwUAAgAAAQUAAAAAAAUVAAAAgf34+BW7pFZyj5cFAAIAAAQAeAACAAAAB1o4ACAAAAADAAAAvjsO
393 8/Cf0RG2AwAA+ANnwaV6lr/mDdARooUAqgAwSeIBAQAAAAAAAQAAAAAHWjgAIAAAAAMAAAC/Ow7z8
394 J/REbYDAAD4A2fBpXqWv+YN0BGihQCqADBJ4gEBAAAAAAABAAAAAAQA1AcsAAAAAAAkAP8BDwABBQ
395 AAAAAABRUAAACB/fj4FbukVnKPlwUAAgAAAAAUAP8BDwABAQAAAAAABRIAAAAAABgA/wEPAAECAAA
396 AAAAFIAAAACQCAAAAABQAlAACAAEBAAAAAAAFCgAAAAUAKAAAAQAAAQAAAFMacqsvHtARmBkAqgBA
397 UpsBAQAAAAAABQoAAAAFACgAAAEAAAEAAABUGnKrLx7QEZgZAKoAQFKbAQEAAAAAAAUKAAAABQAoA
398 AABAAABAAAAVhpyqy8e0BGYGQCqAEBSmwEBAAAAAAAFCgAAAAUAKAAwAAAAAQAAAIa4tXdKlNERrr
399 0AAPgDZ8EBAQAAAAAABQoAAAAFACgAMAAAAAEAAACylVfkVZTREa69AAD4A2fBAQEAAAAAAAUKAAA
400 ABQAoADAAAAABAAAAs5VX5FWU0RGuvQAA+ANnwQEBAAAAAAAFCgAAAAUAOAAQAAAAAQAAAPiIcAPh
401 CtIRtCIAoMlo+TkBBQAAAAAABRUAAACB/fj4FbukVnKPlwUpAgAABQA4ABAAAAABAAAAAEIWTMAg0
402 BGnaACqAG4FKQEFAAAAAAAFFQAAAIH9+PgVu6RWco+XBSkCAAAFADgAEAAAAAEAAABAwgq8qXnQEZ
403 AgAMBPwtTPAQUAAAAAAAUVAAAAgf34+BW7pFZyj5cFKQIAAAAAFAAAAAIAAQEAAAAAAAULAAAABQA
404 oABAAAAABAAAAQi+6WaJ50BGQIADAT8LTzwEBAAAAAAAFCwAAAAUAKAAQAAAAAQAAAIa4tXdKlNER
405 rr0AAPgDZ8EBAQAAAAAABQsAAAAFACgAEAAAAAEAAACzlVfkVZTREa69AAD4A2fBAQEAAAAAAAULA
406 AAABQAoABAAAAABAAAAVAGN5Pi80RGHAgDAT7lgUAEBAAAAAAAFCwAAAAUAKAAAAQAAAQAAAFMacq
407 svHtARmBkAqgBAUpsBAQAAAAAAAQAAAAAFADgAEAAAAAEAAAAQICBfpXnQEZAgAMBPwtTPAQUAAAA
408 AAAUVAAAAgf34+BW7pFZyj5cFKQIAAAUAOAAwAAAAAQAAAH96lr/mDdARooUAqgAwSeIBBQAAAAAA
409 BRUAAACB/fj4FbukVnKPlwUFAgAABQAsABAAAAABAAAAHbGpRq5gWkC36P+KWNRW0gECAAAAAAAFI
410 AAAADACAAAFACwAMAAAAAEAAAAcmrZtIpTREa69AAD4A2fBAQIAAAAAAAUgAAAAMQIAAAUALAAwAA
411 AAAQAAAGK8BVjJvShEpeKFag9MGF4BAgAAAAAABSAAAAAxAgAABRo8ABAAAAADAAAAAEIWTMAg0BG
412 naACqAG4FKRTMKEg3FLxFmwetbwFeXygBAgAAAAAABSAAAAAqAgAABRI8ABAAAAADAAAAAEIWTMAg
413 0BGnaACqAG4FKbp6lr/mDdARooUAqgAwSeIBAgAAAAAABSAAAAAqAgAABRo8ABAAAAADAAAAECAgX
414 6V50BGQIADAT8LUzxTMKEg3FLxFmwetbwFeXygBAgAAAAAABSAAAAAqAgAABRI8ABAAAAADAAAAEC
415 AgX6V50BGQIADAT8LUz7p6lr/mDdARooUAqgAwSeIBAgAAAAAABSAAAAAqAgAABRo8ABAAAAADAAA
416 AQMIKvKl50BGQIADAT8LUzxTMKEg3FLxFmwetbwFeXygBAgAAAAAABSAAAAAqAgAABRI8ABAAAAAD
417 AAAAQMIKvKl50BGQIADAT8LUz7p6lr/mDdARooUAqgAwSeIBAgAAAAAABSAAAAAqAgAABRo8ABAAA
418 AADAAAAQi+6WaJ50BGQIADAT8LTzxTMKEg3FLxFmwetbwFeXygBAgAAAAAABSAAAAAqAgAABRI8AB
419 AAAAADAAAAQi+6WaJ50BGQIADAT8LTz7p6lr/mDdARooUAqgAwSeIBAgAAAAAABSAAAAAqAgAABRo
420 8ABAAAAADAAAA+IhwA+EK0hG0IgCgyWj5ORTMKEg3FLxFmwetbwFeXygBAgAAAAAABSAAAAAqAgAA
421 BRI8ABAAAAADAAAA+IhwA+EK0hG0IgCgyWj5Obp6lr/mDdARooUAqgAwSeIBAgAAAAAABSAAAAAqA
422 gAABRo4ABAAAAADAAAAbZ7Gt8cs0hGFTgCgyYP2CIZ6lr/mDdARooUAqgAwSeIBAQAAAAAABQkAAA
423 AFGjgAEAAAAAMAAABtnsa3xyzSEYVOAKDJg/YInHqWv+YN0BGihQCqADBJ4gEBAAAAAAAFCQAAAAU
424 SOAAQAAAAAwAAAG2exrfHLNIRhU4AoMmD9gi6epa/5g3QEaKFAKoAMEniAQEAAAAAAAUJAAAABRos
425 AJQAAgACAAAAFMwoSDcUvEWbB61vAV5fKAECAAAAAAAFIAAAACoCAAAFGiwAlAACAAIAAACcepa/5
426 g3QEaKFAKoAMEniAQIAAAAAAAUgAAAAKgIAAAUSLACUAAIAAgAAALp6lr/mDdARooUAqgAwSeIBAg
427 AAAAAABSAAAAAqAgAABRIoADABAAABAAAA3kfmkW/ZcEuVV9Y/9PPM2AEBAAAAAAAFCgAAAAASJAD
428 /AQ8AAQUAAAAAAAUVAAAAgf34+BW7pFZyj5cFBwIAAAASGAAEAAAAAQIAAAAAAAUgAAAAKgIAAAAS
429 GAC9AQ8AAQIAAAAAAAUgAAAAIAIAAA==
432 out
=$
(TZ
=UTC
$ldbadd -H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb.d
/DC
%3DRELEASE-4-5-0-PRE1
,DC
%3DSAMBA
,DC
%3DCORP.ldb
$ldif)
433 if [ "$?" != "0" ]; then
434 echo "ldbadd returned:\n$out"
441 dbcheck_lost_deleted_user2
() {
442 dbcheck
"-lost-deleted-user2" "1" ""
446 forward_link_corruption
() {
448 # Step1: add a duplicate forward link from
449 # "CN=Enterprise Admins" to "CN=Administrator"
451 LDIF1
=$
(TZ
=UTC
$ldbsearch -H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb
-b 'CN=Enterprise Admins,CN=users,DC=release-4-5-0-pre1,DC=samba,DC=corp' -s base
--reveal --extended-dn member
)
452 DN
=$
(echo "${LDIF1}" |
grep '^dn: ')
453 MSG
=$
(echo "${LDIF1}" |
grep -v '^dn: ' |
grep -v '^#' |
grep -v '^$')
454 ldif
=$PREFIX_ABS/${RELEASE}/forward_link_corruption1.ldif
457 echo "changetype: modify"
458 echo "replace: member"
460 echo "${MSG}" |
sed -e 's!RMD_LOCAL_USN=[1-9][0-9]*!RMD_LOCAL_USN=0!'
463 out
=$
(TZ
=UTC
$ldbmodify -H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb.d
/DC
%3DRELEASE-4-5-0-PRE1
,DC
%3DSAMBA
,DC
%3DCORP.ldb
$ldif)
464 if [ "$?" != "0" ]; then
465 echo "ldbmodify returned:\n$out"
470 # Step2: add user "dangling"
472 ldif
=$PREFIX_ABS/${RELEASE}/forward_link_corruption2.ldif
474 dn: CN=dangling,CN=users,DC=release-4-5-0-pre1,DC=samba,DC=corp
477 samaccountname: dangling
478 objectGUID: fd8a04ac-cea0-4921-b1a6-c173e1155c22
481 out
=$
(TZ
=UTC
$ldbmodify -H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb
--relax $ldif)
482 if [ "$?" != "0" ]; then
483 echo "ldbmodify returned:\n$out"
488 # Step3: add a dangling backlink from
489 # "CN=dangling" to "CN=Enterprise Admins"
491 ldif
=$PREFIX_ABS/${RELEASE}/forward_link_corruption3.ldif
493 echo "dn: CN=dangling,CN=users,DC=release-4-5-0-pre1,DC=samba,DC=corp"
494 echo "changetype: modify"
496 echo "memberOf: <GUID=304ad703-468b-465e-9787-470b3dfd7d75>;<SID=S-1-5-21-4177067393-1453636373-93818738-519>;CN=Enterprise Admins,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp"
499 out
=$
(TZ
=UTC
$ldbmodify -H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb.d
/DC
%3DRELEASE-4-5-0-PRE1
,DC
%3DSAMBA
,DC
%3DCORP.ldb
$ldif)
500 if [ "$?" != "0" ]; then
501 echo "ldbmodify returned:\n$out"
506 dbcheck_forward_link_corruption
() {
507 dbcheck
"-forward-link-corruption" "1" ""
511 check_expected_after_dbcheck_forward_link_corruption
() {
512 tmpldif
=$PREFIX_ABS/$RELEASE/expected-after-dbcheck-forward-link-corruption.ldif.tmp
513 TZ
=UTC
$ldbsearch -H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb
'(|(cn=dangling)(cn=enterprise admins))' -s sub
-b DC
=release-4-5-0-pre1
,DC
=samba
,DC
=corp
--show-deleted --sorted memberOf member
> $tmpldif
514 diff -u $tmpldif $release_dir/expected-after-dbcheck-forward-link-corruption.ldif
515 if [ "$?" != "0" ]; then
520 oneway_link_corruption
() {
522 # Step1: add OU "dangling-ou"
524 ldif
=$PREFIX_ABS/${RELEASE}/oneway_link_corruption.ldif
526 dn: OU=dangling-ou,DC=release-4-5-0-pre1,DC=samba,DC=corp
528 objectclass: organizationalUnit
529 objectGUID: 20600e7c-92bb-492e-9552-f3ed7f8a2cad
532 out
=$
(TZ
=UTC
$ldbmodify -H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb
--relax $ldif)
533 if [ "$?" != "0" ]; then
534 echo "ldbmodify returned:\n$out"
539 # Step2: add msExchConfigurationContainer "dangling-msexch"
541 ldif
=$PREFIX_ABS/${RELEASE}/oneway_link_corruption2.ldif
543 dn: OU=dangling-from,DC=release-4-5-0-pre1,DC=samba,DC=corp
545 objectclass: organizationalUnit
546 seeAlso: OU=dangling-ou,DC=release-4-5-0-pre1,DC=samba,DC=corp
549 out
=$
(TZ
=UTC
$ldbmodify -H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb
$ldif)
550 if [ "$?" != "0" ]; then
551 echo "ldbmodify returned:\n$out"
556 # Step3: rename dangling-ou to dangling-ou2
558 # Because this is a one-way link we don't fix it at runtime
560 out
=$
(TZ
=UTC
$ldbrename -H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb OU
=dangling-ou
,DC
=release-4-5-0-pre1
,DC
=samba
,DC
=corp OU
=dangling-ou2
,DC
=release-4-5-0-pre1
,DC
=samba
,DC
=corp
)
561 if [ "$?" != "0" ]; then
562 echo "ldbmodify returned:\n$out"
567 dbcheck_oneway_link_corruption
() {
568 dbcheck
"-oneway-link-corruption" "0" ""
572 check_expected_after_dbcheck_oneway_link_corruption
() {
573 tmpldif
=$PREFIX_ABS/$RELEASE/expected-after-dbcheck-oneway-link-corruption.ldif.tmp
574 TZ
=UTC
$ldbsearch -H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb
'(|(ou=dangling-ou)(ou=dangling-ou2)(ou=dangling-from))' -s sub
-b DC
=release-4-5-0-pre1
,DC
=samba
,DC
=corp
--show-deleted --sorted seeAlso
> $tmpldif
575 diff -u $tmpldif $release_dir/expected-after-dbcheck-oneway-link-corruption.ldif
576 if [ "$?" != "0" ]; then
581 dbcheck_dangling_multi_valued
() {
583 $PYTHON $BINDIR/samba-tool dbcheck
-H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb
--fix --yes
584 if [ "$?" != "1" ]; then
589 dangling_multi_valued_check_missing
() {
590 WORDS
=`TZ=UTC $ldbsearch -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb '(samaccountname=dangling-multi2)' -s sub -b DC=release-4-5-0-pre1,DC=samba,DC=corp --show-deleted --reveal --sorted msDS-RevealedDSAs | grep msDS-RevealedDSAs | wc -l`
591 if [ $WORDS -ne 4 ]; then
592 echo Got only
$WORDS links
for dangling-multi2
595 WORDS
=`TZ=UTC $ldbsearch -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb '(samaccountname=dangling-multi3)' -s sub -b DC=release-4-5-0-pre1,DC=samba,DC=corp --show-deleted --reveal --sorted msDS-RevealedDSAs | grep msDS-RevealedDSAs | wc -l`
596 if [ $WORDS -ne 4 ]; then
597 echo Got only
$WORDS links
for dangling-multi3
602 dangling_multi_valued_check_equal_or_too_many
() {
603 WORDS
=`TZ=UTC $ldbsearch -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb '(samaccountname=dangling-multi1)' -s sub -b DC=release-4-5-0-pre1,DC=samba,DC=corp --show-deleted --reveal --sorted msDS-RevealedDSAs | grep msDS-RevealedDSAs | wc -l`
604 if [ $WORDS -ne 4 ]; then
605 echo Got
$WORDS links
for dangling-multi1
609 WORDS
=`TZ=UTC $ldbsearch -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb '(samaccountname=dangling-multi5)' -s sub -b DC=release-4-5-0-pre1,DC=samba,DC=corp --show-deleted --reveal --sorted msDS-RevealedDSAs | grep msDS-RevealedDSAs | wc -l`
611 if [ $WORDS -ne 0 ]; then
612 echo Got
$WORDS links
for dangling-multi5
616 WORDS
=`TZ=UTC $ldbsearch -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb '(samaccountname=Administrator)' -s sub -b DC=release-4-5-0-pre1,DC=samba,DC=corp --show-deleted --reveal --sorted msDS-RevealedDSAs | grep msDS-RevealedDSAs | wc -l`
618 if [ $WORDS -ne 2 ]; then
619 echo Got
$WORDS links
for Administrator
625 if [ -d $release_dir ]; then
626 testit
$RELEASE undump
627 testit
"add_two_more_users" add_two_more_users
628 testit
"add_four_more_links" add_four_more_links
629 testit
"remove_one_link" remove_one_link
630 testit
"remove_one_user" remove_one_user
631 testit
"move_one_user" move_one_user
632 testit
"add_dangling_link" add_dangling_link
633 testit
"add_dangling_backlink" add_dangling_backlink
634 testit
"add_deleted_dangling_backlink" add_deleted_dangling_backlink
635 testit
"revive_links_on_deleted_group" revive_links_on_deleted_group
636 testit
"revive_backlink_on_deleted_group" revive_backlink_on_deleted_group
637 testit
"add_deleted_target_link" add_deleted_target_link
638 testit
"add_deleted_target_backlink" add_deleted_target_backlink
639 testit
"dbcheck_dangling" dbcheck_dangling
640 testit
"dbcheck_clean" dbcheck_clean
641 testit
"check_expected_after_deleted_links" check_expected_after_deleted_links
642 testit
"check_expected_after_links" check_expected_after_links
643 testit
"check_expected_after_objects" check_expected_after_objects
644 testit
"duplicate_member" duplicate_member
645 testit
"dbcheck_duplicate_member" dbcheck_duplicate_member
646 testit
"check_expected_after_duplicate_links" check_expected_after_duplicate_links
647 testit
"duplicate_clean" dbcheck_clean
648 testit
"forward_link_corruption" forward_link_corruption
649 testit
"dbcheck_forward_link_corruption" dbcheck_forward_link_corruption
650 testit
"check_expected_after_dbcheck_forward_link_corruption" check_expected_after_dbcheck_forward_link_corruption
651 testit
"forward_link_corruption_clean" dbcheck_clean
652 testit
"oneway_link_corruption" oneway_link_corruption
653 testit
"dbcheck_oneway_link_corruption" dbcheck_oneway_link_corruption
654 testit
"check_expected_after_dbcheck_oneway_link_corruption" check_expected_after_dbcheck_oneway_link_corruption
655 testit
"oneway_link_corruption_clean" dbcheck_clean
656 testit
"dangling_one_way_link" dangling_one_way_link
657 testit
"dbcheck_one_way" dbcheck_one_way
658 testit
"dbcheck_clean2" dbcheck_clean
659 testit
"missing_link_sid_corruption" missing_link_sid_corruption
660 testit
"dbcheck_missing_link_sid_corruption" dbcheck_missing_link_sid_corruption
661 testit
"missing_link_sid_clean" dbcheck_clean
662 testit
"add_lost_deleted_user1" add_lost_deleted_user1
663 testit
"dbcheck_lost_deleted_user1" dbcheck_lost_deleted_user1
664 testit
"lost_deleted_user1_clean_A" dbcheck_clean
665 testit
"remove_lost_deleted_user1" remove_lost_deleted_user1
666 testit
"lost_deleted_user1_clean_B" dbcheck_clean
667 testit
"add_lost_deleted_user2" add_lost_deleted_user2
668 testit
"dbcheck_lost_deleted_user2" dbcheck_lost_deleted_user2
669 testit
"lost_deleted_user2_clean" dbcheck_clean
670 testit
"dangling_one_way_dn" dangling_one_way_dn
671 testit
"deleted_one_way_dn" deleted_one_way_dn
672 testit
"dbcheck_clean3" dbcheck_clean
673 testit
"add_dangling_multi_valued" add_dangling_multi_valued
674 testit
"dbcheck_dangling_multi_valued" dbcheck_dangling_multi_valued
675 testit
"dangling_multi_valued_check_missing" dangling_multi_valued_check_missing
676 testit
"dangling_multi_valued_check_equal_or_too_many" dangling_multi_valued_check_equal_or_too_many
677 # Currently this cannot pass
678 testit
"dbcheck_dangling_multi_valued_clean" dbcheck_clean
680 subunit_start_test
$RELEASE
681 subunit_skip_test
$RELEASE <<EOF
685 subunit_start_test
"tombstones_expunge"
686 subunit_skip_test
"tombstones_expunge" <<EOF
691 if [ -d $PREFIX_ABS/${RELEASE} ]; then
692 rm -fr $PREFIX_ABS/${RELEASE}