[LDB][PATCH] Make LDB fail on invalid baseDN
Stefan (metze) Metzmacher
metze at samba.org
Fri Nov 9 12:35:56 GMT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Andrew Bartlett schrieb:
> When searching in LDB, we don't currently ensure that the base DN
> actually exists. With this patch we will - therefore returning correct
> errors to clients, and matching behaviour with LDAP (making support for
> an LDAP backend easier, as the same error paths apply).
> The main issue with this patch so far is that places where we expect
> this non-standard behaviour. Many I've removed for the LDAP backend,
> but I still need to work on SPOOLSS and WINS.
There's also the samba3 group mapping code and the OpenChange code.
And I think there're lot more callers within samba which check for
res->count == 0 instead of NO_SUCH_OBJECT, do a grep 'res->count' */*.c
*/*/*.c */*/*/*.c. In most cases this are BASE searches...
I think we would be good to explict enable this new behavior via
an @OPTIONS object. And only do for our samdb.ldb.
> The main issue I can see with this patch is that it's racy - it is
> theoretically possible for the base DN to exist, and be deleted before
> we finish the search, as it's just a 'pre-check'.
Doesn't ltdb_[un]lock_read() handle this.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the samba-technical