Setting 'nTSecurityDescriptor' via LDAP fails
Nadezhda Ivanova
nadezhda.ivanova at postpath.com
Tue Mar 17 14:39:54 GMT 2009
Hi Simo,
I happened to look at the ldb.h for another reason just 5 minutes ago, and there is a comment that the ldb_val.data is always null terminated, so it is correct to add a null character at the end when creating a value, and there shouldn't be a problem.
This particular bug is already fixed, Zahari included the path to our public repo from where the patch can be merged in his mail. We cannot send it as git mail patch as we cannot use unix mail clients.
Nadya
-----Original Message-----
From: simo [mailto:idra at samba.org]
Sent: Tuesday, March 17, 2009 4:24 PM
To: Nadezhda Ivanova
Cc: Zahari Zahariev; samba-technical at lists.samba.org
Subject: RE: Setting 'nTSecurityDescriptor' via LDAP fails
On Tue, 2009-03-17 at 16:04 +0200, Nadezhda Ivanova wrote:
> Hi Simo,
> Could you elaborate a bit? Where do we set the handler? The problem
> concerns the Ldb python class that is used in tests and provisioning
> and is in the C code of the binding. At that particular place
> (puldb.c:1276), the data type is not checked, only if we check for
> single or multi-valued attribute...
I was commenting on the supposed LDB problem, the bug you find in the
python code is real.
Now I checked in ldb and indeed in source4/lib/ldb-samba/ldif_handlers.c
ntSecurityDescriptor is marked as LDB_SYNTAX_SAMBA_SECURITY_DESCRIPTOR
This should make internal handling of it "correct".
So if you still see bugs where strlen is used instead of data.length I'd
like to know if you can make a very simple reproducible case to
investigate where this bug might be.
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>
More information about the samba-technical
mailing list