svn commit: samba r16021 - in
branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules: .
idra at samba.org
idra at samba.org
Sat Jun 3 00:54:34 GMT 2006
Author: idra
Date: 2006-06-03 00:54:33 +0000 (Sat, 03 Jun 2006)
New Revision: 16021
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=16021
Log:
While studying how to make samldb really async I found a critical situation handled in the incorrect way.
A while(1) loop may end up looping forever consuming all valid RIDs because of a secondary bug.
And anyway nextRid is supposed to always give back a new unique RID, if someone messed up the database let him
fix the problem first, trying to be smart here would probably end up in worst results.
Simo.
Modified:
branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/samldb.c
Changeset:
Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/samldb.c
===================================================================
--- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/samldb.c 2006-06-03 00:36:03 UTC (rev 16020)
+++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/samldb.c 2006-06-03 00:54:33 UTC (rev 16021)
@@ -226,39 +226,39 @@
struct ldb_message **sid_msgs;
const char *sid_attrs[] = { NULL };
- do {
- ret = samldb_find_next_rid(module, mem_ctx, dn, &old_rid);
- if (ret) {
- return ret;
- }
+ ret = samldb_find_next_rid(module, mem_ctx, dn, &old_rid);
+ if (ret) {
+ return ret;
+ }
- /* return the new object sid */
- obj_sid = dom_sid_add_rid(mem_ctx, dom_sid, old_rid);
+ /* return the new object sid */
+ obj_sid = dom_sid_add_rid(mem_ctx, dom_sid, old_rid);
- ret = samldb_set_next_rid(module->ldb, mem_ctx, dn, old_rid, old_rid + 1);
- if (ret != 0) {
- return ret;
- }
+ ret = samldb_set_next_rid(module->ldb, mem_ctx, dn, old_rid, old_rid + 1);
+ if (ret != 0) {
+ return ret;
+ }
- *new_sid = dom_sid_add_rid(mem_ctx, dom_sid, old_rid + 1);
- if (!*new_sid) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
+ *new_sid = dom_sid_add_rid(mem_ctx, dom_sid, old_rid + 1);
+ if (!*new_sid) {
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
- ret = gendb_search(module->ldb,
- mem_ctx, NULL, &sid_msgs, sid_attrs,
- "objectSid=%s",
- ldap_encode_ndr_dom_sid(mem_ctx, *new_sid));
- if (ret == 0) {
- /* Great. There are no conflicting users/groups/etc */
- return 0;
- } else if (ret == -1) {
- /* Bugger, there is a problem, and we don't know what it is until gendb_search improves */
- return ret;
- } else {
- /* gah, there are conflicting sids, lets move around the loop again... */
- }
- } while (1);
+ ret = gendb_search(module->ldb,
+ mem_ctx, NULL, &sid_msgs, sid_attrs,
+ "objectSid=%s",
+ ldap_encode_ndr_dom_sid(mem_ctx, *new_sid));
+ if (ret == -1) {
+ /* Bugger, there is a problem, and we don't know what it is until gendb_search improves */
+ return ret;
+ } else {
+ /* gah, there are conflicting sids.
+ * This is a critical situation it means that someone messed up with
+ * the DB and nextRid is not returning free RIDs, report an error
+ * and refuse to create any user until the problem is fixed */
+ ldb_set_errstring(module->ldb, talloc_asprintf(mem_ctx, "Critical Error: unconsistent DB, unable to retireve an unique RID to generate a new SID"));
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
return ret;
}
More information about the samba-cvs
mailing list