From: Stefan Metzmacher Date: Thu, 26 Oct 2017 12:42:23 +0000 (+0200) Subject: selftest: add dbcheck tests for duplicate links X-Git-Tag: talloc-2.1.11~367 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=70bf809e0cdf84029022ca95fb83d17a0d6e36c0;p=thirdparty%2Fsamba.git selftest: add dbcheck tests for duplicate links BUG: https://bugzilla.samba.org/show_bug.cgi?id=13095 Pair-Programmed-With: Andrew Bartlett Signed-off-by: Stefan Metzmacher Signed-off-by: Andrew Bartlett --- diff --git a/source4/selftest/provisions/release-4-5-0-pre1/expected-dbcheck-link-output_duplicate_member.txt b/source4/selftest/provisions/release-4-5-0-pre1/expected-dbcheck-link-output_duplicate_member.txt new file mode 100644 index 00000000000..baa11ca3fd6 --- /dev/null +++ b/source4/selftest/provisions/release-4-5-0-pre1/expected-dbcheck-link-output_duplicate_member.txt @@ -0,0 +1,8 @@ +Checking 225 objects +WARNING: Link (back) mismatch for 'memberOf' (1) on 'CN=Administrator,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp' to 'member' (2) on 'CN=Enterprise Admins,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp' +ERROR: Duplicate link values for attribute 'member' in 'CN=Enterprise Admins,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp' +Duplicate link ';;;;;;;;;CN=Administrator,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp' +Correct link ';;;;;;;;;CN=Administrator,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp' +Remove duplicate links in attribute 'member' [YES] +Fixed duplicate links in attribute 'member' +Checked 225 objects (1 errors) diff --git a/source4/selftest/provisions/release-4-5-0-pre1/expected-duplicates-after-link-dbcheck.ldif b/source4/selftest/provisions/release-4-5-0-pre1/expected-duplicates-after-link-dbcheck.ldif new file mode 100644 index 00000000000..e70426c9b89 --- /dev/null +++ b/source4/selftest/provisions/release-4-5-0-pre1/expected-duplicates-after-link-dbcheck.ldif @@ -0,0 +1,28 @@ +# record 1 +dn: CN=Administrator,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp +memberOf: CN=Administrators,CN=Builtin,DC=release-4-5-0-pre1,DC=samba,DC=corp +memberOf: CN=Group Policy Creator Owners,CN=Users,DC=release-4-5-0-pre1,DC=sam + ba,DC=corp +memberOf: CN=Enterprise Admins,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp +memberOf: CN=Schema Admins,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp +memberOf: CN=Domain Admins,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp + +# record 2 +dn: CN=Enterprise Admins,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp +member: CN=Administrator,CN=Users,DC=release-4-5-0-pre1,DC=samba,DC=corp +memberOf: CN=Administrators,CN=Builtin,DC=release-4-5-0-pre1,DC=samba,DC=corp +memberOf: CN=Denied RODC Password Replication Group,CN=Users,DC=release-4-5-0- + pre1,DC=samba,DC=corp + +# Referral +ref: ldap:///CN=Configuration,DC=release-4-5-0-pre1,DC=samba,DC=corp + +# Referral +ref: ldap:///DC=DomainDnsZones,DC=release-4-5-0-pre1,DC=samba,DC=corp + +# Referral +ref: ldap:///DC=ForestDnsZones,DC=release-4-5-0-pre1,DC=samba,DC=corp + +# returned 5 records +# 2 entries +# 3 referrals diff --git a/testprogs/blackbox/dbcheck-links.sh b/testprogs/blackbox/dbcheck-links.sh index a64e8a326d6..074b60164dd 100755 --- a/testprogs/blackbox/dbcheck-links.sh +++ b/testprogs/blackbox/dbcheck-links.sh @@ -96,6 +96,41 @@ check_expected_after_objects() { fi } +duplicate_member() { + # We use an exisiting group so we have a stable GUID in the + # dbcheck output + LDIF1=$(TZ=UTC $ldbsearch -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb -b 'CN=Enterprise Admins,CN=users,DC=release-4-5-0-pre1,DC=samba,DC=corp' -s base --reveal --extended-dn member) + DN=$(echo "${LDIF1}" | grep '^dn: ') + MSG=$(echo "${LDIF1}" | grep -v '^dn: ' | grep -v '^#' | grep -v '^$') + ldif=$PREFIX_ABS/${RELEASE}/duplicate-member-multi.ldif + { + echo "${DN}" + echo "changetype: modify" + echo "replace: member" + echo "${MSG}" + echo "${MSG}" | sed -e 's!RMD_LOCAL_USN=[1-9][0-9]*!RMD_LOCAL_USN=0!' + } > $ldif + + TZ=UTC $ldbmodify -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb.d/DC%3DRELEASE-4-5-0-PRE1,DC%3DSAMBA,DC%3DCORP.ldb $ldif + if [ "$?" != "0" ]; then + return 1 + fi +} + +dbcheck_duplicate_member() { + dbcheck "_duplicate_member" "1" "" + return $? +} + +check_expected_after_duplicate_links() { + tmpldif=$PREFIX_ABS/$RELEASE/expected-duplicates-after-link-dbcheck.ldif.tmp + TZ=UTC $ldbsearch -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb '(|(cn=administrator)(cn=enterprise admins))' -s sub -b DC=release-4-5-0-pre1,DC=samba,DC=corp --show-deleted --sorted memberOf member > $tmpldif + diff $tmpldif $release_dir/expected-duplicates-after-link-dbcheck.ldif + if [ "$?" != "0" ]; then + return 1 + fi +} + dbcheck_dangling_multi_valued() { $PYTHON $BINDIR/samba-tool dbcheck -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb --fix --yes @@ -158,6 +193,10 @@ if [ -d $release_dir ]; then testit "check_expected_after_deleted_links" check_expected_after_deleted_links testit "check_expected_after_links" check_expected_after_links testit "check_expected_after_objects" check_expected_after_objects + testit "duplicate_member" duplicate_member + testit "dbcheck_duplicate_member" dbcheck_duplicate_member + testit "check_expected_after_duplicate_links" check_expected_after_duplicate_links + testit "duplicate_clean" dbcheck_clean testit "dangling_one_way_link" dangling_one_way_link testit "dbcheck_one_way" dbcheck_one_way testit "dbcheck_clean2" dbcheck_clean