From 5bf75d01c792793ef60219250b7e22ea0846ab03 Mon Sep 17 00:00:00 2001 From: Joseph Sutton Date: Fri, 4 Jun 2021 11:32:00 +1200 Subject: [PATCH] dbcheck: Refactor RID Set check to use free_rid_bounds() This function provides a simpler method of getting the bounds of the range of RIDs we want to check. We also now check that the low bound is less than the high bound for both rIDAllocationPool and rIDPreviousAllocationPool. Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett Reviewed-by: Douglas Bagnall --- python/samba/dbchecker.py | 52 ++++++++++++++++++++++------------------------- 1 file changed, 24 insertions(+), 28 deletions(-) diff --git a/python/samba/dbchecker.py b/python/samba/dbchecker.py index 253e392d262..64bfc3d2078 100644 --- a/python/samba/dbchecker.py +++ b/python/samba/dbchecker.py @@ -2740,45 +2740,41 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base))) # locally when the DC is the RID Manager) if dn == self.rid_set_dn: + pool_attrs = ["rIDAllocationPool", "rIDPreviousAllocationPool"] + res = self.samdb.search(base=self.rid_set_dn, scope=ldb.SCOPE_BASE, - attrs=["rIDAllocationPool", - "rIDPreviousAllocationPool", - "rIDUsedPool", - "rIDNextRID"]) - pool_attr = "rIDPreviousAllocationPool" - if (pool_attr not in res[0] - or int(res[0][pool_attr][0]) == 0): - # We have not used it yet, check the next pool instead - pool_attr = "rIDAllocationPool" + attrs=pool_attrs) - if "rIDAllocationPool" not in res[0]: - self.report("No rIDAllocationPool found in %s" % dn) - error_count += 1 - else: - current_pool = int(res[0][pool_attr][0]) + for pool_attr in pool_attrs: + if pool_attr not in res[0]: + continue - high = (0xFFFFFFFF00000000 & current_pool) >> 32 - low = 0x00000000FFFFFFFF & current_pool + pool = int(res[0][pool_attr][0]) - if high <= low: - self.report("Invalid RID set %d-%s, %d >= %d!" % (low, high, low, high)) - error_count += 1 + high = pool >> 32 + low = 0xFFFFFFFF & pool - if "rIDNextRID" in res[0]: - last_used_rid = int(res[0]["rIDNextRID"][0]) - else: - last_used_rid = 0 + if pool != 0 and low >= high: + self.report("Invalid RID pool %d-%d, %d >= %d!" % (low, high, low, high)) + error_count += 1 - if last_used_rid == 0: - next_free_rid = low - else: - next_free_rid = last_used_rid + 1 + if "rIDAllocationPool" not in res[0]: + self.report("No rIDAllocationPool found in %s" % dn) + error_count += 1 + try: + next_free_rid, high = self.samdb.free_rid_bounds() + except ldb.LdbError as err: + enum, estr = err.args + self.report("Couldn't get available RIDs: %s" % estr) + error_count += 1 + else: # Check the remainder of this pool for conflicts. If # ridalloc_allocate_rid() moves to a new pool, this # will be above high, so we will stop. + domain_sid = self.samdb.get_domain_sid() while next_free_rid <= high: - sid = "%s-%d" % (self.samdb.get_domain_sid(), next_free_rid) + sid = "%s-%d" % (domain_sid, next_free_rid) try: res = self.samdb.search(base="" % sid, scope=ldb.SCOPE_BASE, attrs=[]) -- 2.11.4.GIT