Common errors in ldb use
idra at samba.org
Tue Dec 27 16:40:19 GMT 2005
On Tue, 2005-12-27 at 21:35 +1100, Andrew Bartlett wrote:
> On Tue, 2005-12-27 at 11:24 +0100, Simo Sorce wrote:
> > On Tue, 2005-12-27 at 20:51 +1100, Andrew Bartlett wrote:
> > > This was allegedly part of the win2000 issue in the KDC. The
> > > sam_get_results_principal() is in auth/auth_sam.c, and uses the
> > > attribute lists at the top of this file, but they are queried in
> > > hdb-ldb.c
> > >
> > > The issue that prompted this mail is in rpc_server/samr/samr_password.c
> > >
> > > The list of user_attrs in samdb_set_password() does not include
> > > "msDS-KeyVersionNumber", but the code:
> > >
> > > kvno = samdb_result_uint(res,
> > > "msDS-KeyVersionNumber", 0);
> > >
> > > expects it to be there in the result.
> > Sorry but you cannot blame ldb, or request changes in it, for mistakes
> > done at the caller level.
> I think that I very well can!
> > I'd say lack of testing, but anyway, to solve this problem I'd make the
> > right call where needed instead of searching for a tutor underneath.
> By the same argument there is no value in talloc_get_type(), because we
> never make mistakes in passing void* pointers, as perfect programmers.
No, that's a different thing, your request is like asking nsswitch
subsystem to abort when you ask for bob and joe users if jane is not
returned back ...
> Back in the real world, I humbly request the provision and use of APIs
> that make it easier to detect the mistakes that I (as a mere human) tend
> to make.
the API is clear in this case, I welcome eventually an upper layer call
that makes extra checks if you need them, I see no need to double check
in ldb if what you asked is exactly what you get back.
More information about the samba-technical