5 Usage: dbcheck-links.sh PREFIX RELEASE
14 .
`dirname $0`/subunit.sh
16 .
`dirname $0`/common-links.sh
19 tmpfile
=$PREFIX_ABS/$RELEASE/expected-dbcheck-link-output
${1}.txt.tmp
20 tmpldif1
=$PREFIX_ABS/$RELEASE/expected-dbcheck-output
${1}2.txt.tmp1
22 TZ
=UTC
$ldbsearch -H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb
-s base
-b '' |
grep highestCommittedUSN
> $tmpldif1
24 $PYTHON $BINDIR/samba-tool dbcheck
-H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb
$3 --fix --yes > $tmpfile
25 if [ "$?" != "$2" ]; then
28 sort $tmpfile > $tmpfile.sorted
29 sort $release_dir/expected-dbcheck-link-output
${1}.txt
> $tmpfile.expected
30 diff -u $tmpfile.sorted
$tmpfile.expected
31 if [ "$?" != "0" ]; then
35 tmpldif2
=$PREFIX_ABS/$RELEASE/expected-dbcheck-output
${1}2.txt.tmp2
36 TZ
=UTC
$ldbsearch -H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb
-s base
-b '' |
grep highestCommittedUSN
> $tmpldif2
38 diff -u $tmpldif1 $tmpldif2
39 if [ "$?" != "0" ]; then
50 dbcheck
"_one_way" "0" "CN=Configuration,DC=release-4-5-0-pre1,DC=samba,DC=corp"
55 tmpldif1
=$PREFIX_ABS/$RELEASE/expected-dbcheck-output2.txt.tmp1
57 TZ
=UTC
$ldbsearch -H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb
-s base
-b '' |
grep highestCommittedUSN
> $tmpldif1
59 $PYTHON $BINDIR/samba-tool dbcheck
-H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb
60 if [ "$?" != "0" ]; then
63 tmpldif2
=$PREFIX_ABS/$RELEASE/expected-dbcheck-output2.txt.tmp2
64 TZ
=UTC
$ldbsearch -H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb
-s base
-b '' |
grep highestCommittedUSN
> $tmpldif2
66 diff -u $tmpldif1 $tmpldif2
67 if [ "$?" != "0" ]; then
72 check_expected_after_links
() {
73 tmpldif
=$PREFIX_ABS/$RELEASE/expected-links-after-link-dbcheck.ldif.tmp
74 TZ
=UTC
$ldbsearch -H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb
'(|(cn=swimmers)(cn=leaders)(cn=helpers))' -s sub
-b DC
=release-4-5-0-pre1
,DC
=samba
,DC
=corp
--show-deleted --sorted member
> $tmpldif
75 diff -u $tmpldif $release_dir/expected-links-after-link-dbcheck.ldif
76 if [ "$?" != "0" ]; then
81 check_expected_after_deleted_links
() {
82 tmpldif
=$PREFIX_ABS/$RELEASE/expected-deleted-links-after-link-dbcheck.ldif.tmp
83 TZ
=UTC
$ldbsearch -H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb
'(|(cn=swimmers)(cn=leaders)(cn=helpers))' -s sub
-b DC
=release-4-5-0-pre1
,DC
=samba
,DC
=corp
--show-deleted --reveal --sorted member
> $tmpldif
84 diff -u $tmpldif $release_dir/expected-deleted-links-after-link-dbcheck.ldif
85 if [ "$?" != "0" ]; then
90 check_expected_after_objects
() {
91 tmpldif
=$PREFIX_ABS/$RELEASE/expected-objects-after-link-dbcheck.ldif.tmp
92 TZ
=UTC
$ldbsearch -H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb
'(|(samaccountname=fred)(samaccountname=ddg)(samaccountname=usg)(samaccountname=user1)(samaccountname=user1x)(samaccountname=user2))' -s sub
-b DC
=release-4-5-0-pre1
,DC
=samba
,DC
=corp
--show-deleted --reveal --sorted samAccountName |
grep sAMAccountName
> $tmpldif
93 diff -u $tmpldif $release_dir/expected-objects-after-link-dbcheck.ldif
94 if [ "$?" != "0" ]; then
100 # We use an exisiting group so we have a stable GUID in the
102 LDIF1
=$
(TZ
=UTC
$ldbsearch -H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb
-b 'CN=Enterprise Admins,CN=users,DC=release-4-5-0-pre1,DC=samba,DC=corp' -s base
--reveal --extended-dn member
)
103 DN
=$
(echo "${LDIF1}" |
grep '^dn: ')
104 MSG
=$
(echo "${LDIF1}" |
grep -v '^dn: ' |
grep -v '^#' |
grep -v '^$')
105 ldif
=$PREFIX_ABS/${RELEASE}/duplicate-member-multi.ldif
108 echo "changetype: modify"
109 echo "replace: member"
111 echo "${MSG}" |
sed -e 's!RMD_LOCAL_USN=[1-9][0-9]*!RMD_LOCAL_USN=0!'
114 TZ
=UTC
$ldbmodify -H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb.d
/DC
%3DRELEASE-4-5-0-PRE1
,DC
%3DSAMBA
,DC
%3DCORP.ldb
$ldif
115 if [ "$?" != "0" ]; then
120 dbcheck_duplicate_member
() {
121 dbcheck
"_duplicate_member" "1" ""
125 check_expected_after_duplicate_links
() {
126 tmpldif
=$PREFIX_ABS/$RELEASE/expected-duplicates-after-link-dbcheck.ldif.tmp
127 TZ
=UTC
$ldbsearch -H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb
'(|(cn=administrator)(cn=enterprise admins))' -s sub
-b DC
=release-4-5-0-pre1
,DC
=samba
,DC
=corp
--show-deleted --sorted memberOf member
> $tmpldif
128 diff -u $tmpldif $release_dir/expected-duplicates-after-link-dbcheck.ldif
129 if [ "$?" != "0" ]; then
134 missing_link_sid_corruption
() {
135 # Step1: add user "missingsidu1"
137 ldif
=$PREFIX_ABS/${RELEASE}/missing_link_sid_corruption1.ldif
139 dn: CN=missingsidu1,CN=users,DC=release-4-5-0-pre1,DC=samba,DC=corp
142 samaccountname: missingsidu1
143 objectGUID: 0da8f25e-d110-11e8-80b7-3c970ec68461
144 objectSid: S-1-5-21-4177067393-1453636373-93818738-771
147 out
=$
(TZ
=UTC
$ldbmodify -H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb
--relax $ldif)
148 if [ "$?" != "0" ]; then
149 echo "ldbmodify returned:\n$out"
153 # Step2: add user "missingsidu2"
155 ldif
=$PREFIX_ABS/${RELEASE}/missing_link_sid_corruption2.ldif
157 dn: CN=missingsidu2,CN=users,DC=release-4-5-0-pre1,DC=samba,DC=corp
160 samaccountname: missingsidu2
161 objectGUID: 66eb8f52-d110-11e8-ab9b-3c970ec68461
162 objectSid: S-1-5-21-4177067393-1453636373-93818738-772
165 out
=$
(TZ
=UTC
$ldbmodify -H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb
--relax $ldif)
166 if [ "$?" != "0" ]; then
167 echo "ldbmodify returned:\n$out"
171 # Step3: add group "missingsidg3" and add users as members
173 ldif
=$PREFIX_ABS/${RELEASE}/missing_link_sid_corruption3.ldif
175 dn: CN=missingsidg3,CN=users,DC=release-4-5-0-pre1,DC=samba,DC=corp
178 samaccountname: missingsidg3
179 objectGUID: fd992424-d114-11e8-bb36-3c970ec68461
180 objectSid: S-1-5-21-4177067393-1453636373-93818738-773
181 member: CN=missingsidu1,CN=users,DC=release-4-5-0-pre1,DC=samba,DC=corp
182 member: CN=missingsidu2,CN=users,DC=release-4-5-0-pre1,DC=samba,DC=corp
185 out
=$
(TZ
=UTC
$ldbmodify -H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb
--relax $ldif)
186 if [ "$?" != "0" ]; then
187 echo "ldbmodify returned:\n$out"
191 # Step4: remove one user again, so that we have one deleted link
193 ldif
=$PREFIX_ABS/${RELEASE}/missing_link_sid_corruption4.ldif
195 dn: CN=missingsidg3,CN=users,DC=release-4-5-0-pre1,DC=samba,DC=corp
198 member: CN=missingsidu1,CN=users,DC=release-4-5-0-pre1,DC=samba,DC=corp
201 out
=$
(TZ
=UTC
$ldbmodify -H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb
--relax $ldif)
202 if [ "$?" != "0" ]; then
203 echo "ldbmodify returned:\n$out"
208 # Step5: remove the SIDS from the links
210 LDIF1
=$
(TZ
=UTC
$ldbsearch -H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb
-b 'CN=missingsidg3,CN=users,DC=release-4-5-0-pre1,DC=samba,DC=corp' -s base
--reveal --extended-dn --show-binary member
)
211 DN
=$
(echo "${LDIF1}" |
grep '^dn: ')
212 MSG
=$
(echo "${LDIF1}" |
grep -v '^dn: ' |
grep -v '^#' |
grep -v '^$')
213 ldif
=$PREFIX_ABS/${RELEASE}/missing_link_sid_corruption5.ldif
216 echo "changetype: modify"
217 echo "replace: member"
219 echo "${MSG}" |
sed \
220 -e 's!<SID=S-1-5-21-4177067393-1453636373-93818738-771>;!!g' \
221 -e 's!<SID=S-1-5-21-4177067393-1453636373-93818738-772>;!!g' \
222 -e 's!RMD_ADDTIME=[1-9][0-9]*!RMD_ADDTIME=123456789000000000!g' \
223 -e 's!RMD_CHANGETIME=[1-9][0-9]*!RMD_CHANGETIME=123456789000000000!g' \
227 out
=$
(TZ
=UTC
$ldbmodify -H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb.d
/DC
%3DRELEASE-4-5-0-PRE1
,DC
%3DSAMBA
,DC
%3DCORP.ldb
$ldif)
228 if [ "$?" != "0" ]; then
229 echo "ldbmodify returned:\n$out"
236 dbcheck_missing_link_sid_corruption
() {
237 dbcheck
"-missing-link-sid-corruption" "1" ""
241 forward_link_corruption
() {
243 # Step1: add a duplicate forward link from
244 # "CN=Enterprise Admins" to "CN=Administrator"
246 LDIF1
=$
(TZ
=UTC
$ldbsearch -H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb
-b 'CN=Enterprise Admins,CN=users,DC=release-4-5-0-pre1,DC=samba,DC=corp' -s base
--reveal --extended-dn member
)
247 DN
=$
(echo "${LDIF1}" |
grep '^dn: ')
248 MSG
=$
(echo "${LDIF1}" |
grep -v '^dn: ' |
grep -v '^#' |
grep -v '^$')
249 ldif
=$PREFIX_ABS/${RELEASE}/forward_link_corruption1.ldif
252 echo "changetype: modify"
253 echo "replace: member"
255 echo "${MSG}" |
sed -e 's!RMD_LOCAL_USN=[1-9][0-9]*!RMD_LOCAL_USN=0!'
258 out
=$
(TZ
=UTC
$ldbmodify -H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb.d
/DC
%3DRELEASE-4-5-0-PRE1
,DC
%3DSAMBA
,DC
%3DCORP.ldb
$ldif)
259 if [ "$?" != "0" ]; then
260 echo "ldbmodify returned:\n$out"
265 # Step2: add user "dangling"
267 ldif
=$PREFIX_ABS/${RELEASE}/forward_link_corruption2.ldif
269 dn: CN=dangling,CN=users,DC=release-4-5-0-pre1,DC=samba,DC=corp
272 samaccountname: dangling
273 objectGUID: fd8a04ac-cea0-4921-b1a6-c173e1155c22
276 out
=$
(TZ
=UTC
$ldbmodify -H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb
--relax $ldif)
277 if [ "$?" != "0" ]; then
278 echo "ldbmodify returned:\n$out"
283 # Step3: add a dangling backlink from
284 # "CN=dangling" to "CN=Enterprise Admins"
286 ldif
=$PREFIX_ABS/${RELEASE}/forward_link_corruption3.ldif
288 echo "dn: CN=dangling,CN=users,DC=release-4-5-0-pre1,DC=samba,DC=corp"
289 echo "changetype: modify"
291 echo "memberOf: <GUID=304ad703-468b-465e-9787-470b3dfd7d75>;<SID=S-1-5-21-4177067393-1453636373-93818738-519>;CN=Enterprise Admins,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp"
294 out
=$
(TZ
=UTC
$ldbmodify -H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb.d
/DC
%3DRELEASE-4-5-0-PRE1
,DC
%3DSAMBA
,DC
%3DCORP.ldb
$ldif)
295 if [ "$?" != "0" ]; then
296 echo "ldbmodify returned:\n$out"
301 dbcheck_forward_link_corruption
() {
302 dbcheck
"-forward-link-corruption" "1" ""
306 check_expected_after_dbcheck_forward_link_corruption
() {
307 tmpldif
=$PREFIX_ABS/$RELEASE/expected-after-dbcheck-forward-link-corruption.ldif.tmp
308 TZ
=UTC
$ldbsearch -H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb
'(|(cn=dangling)(cn=enterprise admins))' -s sub
-b DC
=release-4-5-0-pre1
,DC
=samba
,DC
=corp
--show-deleted --sorted memberOf member
> $tmpldif
309 diff -u $tmpldif $release_dir/expected-after-dbcheck-forward-link-corruption.ldif
310 if [ "$?" != "0" ]; then
315 oneway_link_corruption
() {
317 # Step1: add OU "dangling-ou"
319 ldif
=$PREFIX_ABS/${RELEASE}/oneway_link_corruption.ldif
321 dn: OU=dangling-ou,DC=release-4-5-0-pre1,DC=samba,DC=corp
323 objectclass: organizationalUnit
324 objectGUID: 20600e7c-92bb-492e-9552-f3ed7f8a2cad
327 out
=$
(TZ
=UTC
$ldbmodify -H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb
--relax $ldif)
328 if [ "$?" != "0" ]; then
329 echo "ldbmodify returned:\n$out"
334 # Step2: add msExchConfigurationContainer "dangling-msexch"
336 ldif
=$PREFIX_ABS/${RELEASE}/oneway_link_corruption2.ldif
338 dn: OU=dangling-from,DC=release-4-5-0-pre1,DC=samba,DC=corp
340 objectclass: organizationalUnit
341 seeAlso: OU=dangling-ou,DC=release-4-5-0-pre1,DC=samba,DC=corp
344 out
=$
(TZ
=UTC
$ldbmodify -H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb
$ldif)
345 if [ "$?" != "0" ]; then
346 echo "ldbmodify returned:\n$out"
351 # Step3: rename dangling-ou to dangling-ou2
353 # Because this is a one-way link we don't fix it at runtime
355 out
=$
(TZ
=UTC
$ldbrename -H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb OU
=dangling-ou
,DC
=release-4-5-0-pre1
,DC
=samba
,DC
=corp OU
=dangling-ou2
,DC
=release-4-5-0-pre1
,DC
=samba
,DC
=corp
)
356 if [ "$?" != "0" ]; then
357 echo "ldbmodify returned:\n$out"
362 dbcheck_oneway_link_corruption
() {
363 dbcheck
"-oneway-link-corruption" "0" ""
367 check_expected_after_dbcheck_oneway_link_corruption
() {
368 tmpldif
=$PREFIX_ABS/$RELEASE/expected-after-dbcheck-oneway-link-corruption.ldif.tmp
369 TZ
=UTC
$ldbsearch -H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb
'(|(ou=dangling-ou)(ou=dangling-ou2)(ou=dangling-from))' -s sub
-b DC
=release-4-5-0-pre1
,DC
=samba
,DC
=corp
--show-deleted --sorted seeAlso
> $tmpldif
370 diff -u $tmpldif $release_dir/expected-after-dbcheck-oneway-link-corruption.ldif
371 if [ "$?" != "0" ]; then
376 dbcheck_dangling_multi_valued
() {
378 $PYTHON $BINDIR/samba-tool dbcheck
-H tdb
://$PREFIX_ABS/${RELEASE}/private
/sam.ldb
--fix --yes
379 if [ "$?" != "1" ]; then
384 dangling_multi_valued_check_missing
() {
385 WORDS
=`TZ=UTC $ldbsearch -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb '(samaccountname=dangling-multi2)' -s sub -b DC=release-4-5-0-pre1,DC=samba,DC=corp --show-deleted --reveal --sorted msDS-RevealedDSAs | grep msDS-RevealedDSAs | wc -l`
386 if [ $WORDS -ne 4 ]; then
387 echo Got only
$WORDS links
for dangling-multi2
390 WORDS
=`TZ=UTC $ldbsearch -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb '(samaccountname=dangling-multi3)' -s sub -b DC=release-4-5-0-pre1,DC=samba,DC=corp --show-deleted --reveal --sorted msDS-RevealedDSAs | grep msDS-RevealedDSAs | wc -l`
391 if [ $WORDS -ne 4 ]; then
392 echo Got only
$WORDS links
for dangling-multi3
397 dangling_multi_valued_check_equal_or_too_many
() {
398 WORDS
=`TZ=UTC $ldbsearch -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb '(samaccountname=dangling-multi1)' -s sub -b DC=release-4-5-0-pre1,DC=samba,DC=corp --show-deleted --reveal --sorted msDS-RevealedDSAs | grep msDS-RevealedDSAs | wc -l`
399 if [ $WORDS -ne 4 ]; then
400 echo Got
$WORDS links
for dangling-multi1
404 WORDS
=`TZ=UTC $ldbsearch -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb '(samaccountname=dangling-multi5)' -s sub -b DC=release-4-5-0-pre1,DC=samba,DC=corp --show-deleted --reveal --sorted msDS-RevealedDSAs | grep msDS-RevealedDSAs | wc -l`
406 if [ $WORDS -ne 0 ]; then
407 echo Got
$WORDS links
for dangling-multi5
411 WORDS
=`TZ=UTC $ldbsearch -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb '(samaccountname=Administrator)' -s sub -b DC=release-4-5-0-pre1,DC=samba,DC=corp --show-deleted --reveal --sorted msDS-RevealedDSAs | grep msDS-RevealedDSAs | wc -l`
413 if [ $WORDS -ne 2 ]; then
414 echo Got
$WORDS links
for Administrator
420 if [ -d $release_dir ]; then
421 testit
$RELEASE undump
422 testit
"add_two_more_users" add_two_more_users
423 testit
"add_four_more_links" add_four_more_links
424 testit
"remove_one_link" remove_one_link
425 testit
"remove_one_user" remove_one_user
426 testit
"move_one_user" move_one_user
427 testit
"add_dangling_link" add_dangling_link
428 testit
"add_dangling_backlink" add_dangling_backlink
429 testit
"add_deleted_dangling_backlink" add_deleted_dangling_backlink
430 testit
"revive_links_on_deleted_group" revive_links_on_deleted_group
431 testit
"revive_backlink_on_deleted_group" revive_backlink_on_deleted_group
432 testit
"add_deleted_target_link" add_deleted_target_link
433 testit
"add_deleted_target_backlink" add_deleted_target_backlink
434 testit
"dbcheck_dangling" dbcheck_dangling
435 testit
"dbcheck_clean" dbcheck_clean
436 testit
"check_expected_after_deleted_links" check_expected_after_deleted_links
437 testit
"check_expected_after_links" check_expected_after_links
438 testit
"check_expected_after_objects" check_expected_after_objects
439 testit
"duplicate_member" duplicate_member
440 testit
"dbcheck_duplicate_member" dbcheck_duplicate_member
441 testit
"check_expected_after_duplicate_links" check_expected_after_duplicate_links
442 testit
"duplicate_clean" dbcheck_clean
443 testit
"forward_link_corruption" forward_link_corruption
444 testit
"dbcheck_forward_link_corruption" dbcheck_forward_link_corruption
445 testit
"check_expected_after_dbcheck_forward_link_corruption" check_expected_after_dbcheck_forward_link_corruption
446 testit
"forward_link_corruption_clean" dbcheck_clean
447 testit
"oneway_link_corruption" oneway_link_corruption
448 testit
"dbcheck_oneway_link_corruption" dbcheck_oneway_link_corruption
449 testit
"check_expected_after_dbcheck_oneway_link_corruption" check_expected_after_dbcheck_oneway_link_corruption
450 testit
"oneway_link_corruption_clean" dbcheck_clean
451 testit
"dangling_one_way_link" dangling_one_way_link
452 testit
"dbcheck_one_way" dbcheck_one_way
453 testit
"dbcheck_clean2" dbcheck_clean
454 testit
"missing_link_sid_corruption" missing_link_sid_corruption
455 testit
"dbcheck_missing_link_sid_corruption" dbcheck_missing_link_sid_corruption
456 testit
"missing_link_sid_clean" dbcheck_clean
457 testit
"dangling_one_way_dn" dangling_one_way_dn
458 testit
"deleted_one_way_dn" deleted_one_way_dn
459 testit
"dbcheck_clean3" dbcheck_clean
460 testit
"add_dangling_multi_valued" add_dangling_multi_valued
461 testit
"dbcheck_dangling_multi_valued" dbcheck_dangling_multi_valued
462 testit
"dangling_multi_valued_check_missing" dangling_multi_valued_check_missing
463 testit
"dangling_multi_valued_check_equal_or_too_many" dangling_multi_valued_check_equal_or_too_many
464 # Currently this cannot pass
465 testit
"dbcheck_dangling_multi_valued_clean" dbcheck_clean
467 subunit_start_test
$RELEASE
468 subunit_skip_test
$RELEASE <<EOF
472 subunit_start_test
"tombstones_expunge"
473 subunit_skip_test
"tombstones_expunge" <<EOF
478 if [ -d $PREFIX_ABS/${RELEASE} ]; then
479 rm -fr $PREFIX_ABS/${RELEASE}