[LDB][PATCH] Make LDB fail on invalid baseDN
abartlet at samba.org
Sat Nov 10 00:44:47 GMT 2007
On Fri, 2007-11-09 at 13:35 +0100, Stefan (metze) Metzmacher wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Andrew Bartlett schrieb:
> > When searching in LDB, we don't currently ensure that the base DN
> > actually exists. With this patch we will - therefore returning correct
> > errors to clients, and matching behaviour with LDAP (making support for
> > an LDAP backend easier, as the same error paths apply).
> > The main issue with this patch so far is that places where we expect
> > this non-standard behaviour. Many I've removed for the LDAP backend,
> > but I still need to work on SPOOLSS and WINS.
> There's also the samba3 group mapping code and the OpenChange code.
> And I think there're lot more callers within samba which check for
> res->count == 0 instead of NO_SUCH_OBJECT, do a grep 'res->count' */*.c
> */*/*.c */*/*/*.c. In most cases this are BASE searches...
> I think we would be good to explict enable this new behavior via
> an @OPTIONS object. And only do for our samdb.ldb.
That does seem easier than fixing all the other LDB users.
> > The main issue I can see with this patch is that it's racy - it is
> > theoretically possible for the base DN to exist, and be deleted before
> > we finish the search, as it's just a 'pre-check'.
> Doesn't ltdb_[un]lock_read() handle this.
I suppose it would - I would appreciate any guidance in that matter.
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20071110/8bd54c9a/attachment.bin
More information about the samba-technical