s4:dcesrv_samr_EnumDomainUsers - make this call look more similar to "EnumDomainGroups" and "EnumDomainAliases"

Matthias Dieter Wallnöfer mdw at samba.org
Sun Jun 13 01:43:47 MDT 2010


the original intention was to fix another bug which I didn't find in the 
SAMR RPC code since it is located/or not handled in the DSDB code. But 
so I cleaned up each function to be more consistent to their siblings 
(makes them easier to understand and maintain).

Back to my real bug: The problem is with linked attributes: if you 
remove one, it is marked as "removed" on the repl_meta_data 
(replication) level - but it does still exist. So the problem is, when 
you do a search eg (member=xxx) and there are entries with removed 
"member: xxx" attributes they are still returned! That shouldn't happen 
and confuses SAMR.

It would be really nice if you or someone else could fix this! I'm 
really not an expert in the "repl_meta_data" code.


Andrew Bartlett wrote:
> On Sat, 2010-06-12 at 09:52 -0500, Matthias Dieter Wallnöfer wrote:
>> The branch, master has been updated
>>         via  890d590... s4:password_hash LDB module - this does really deactivate the MS LAN manager hash
>>         via  3e98262... s4:password_hash LDB module - fix comment
>>         via  4d68147... s4:torture - SAMR testsuite - now we do support "GetAliasMembership" as expected
>>         via  d2c25e1... s4:dcesrv_samr_GetAliasMembership - provide a correct implementation
>>         via  4a8ee9a... s4:dcesrv_samr_EnumDomainGroups/Aliases - when we don't get a SID then the database is corrupted
>>         via  4659b3c... s4:dcesrv_samr_QueryAliasInfo - return "NT_STATUS_NO_SUCH_ALIAS" when it wasn't found
>>         via  d2099a1... s4:dcesrv_samr_QueryGroupInfo - make it more like "QueryAliasInfo"
>>         via  776eb25... s4:dcesrv_samr_QueryUserInfo - minor fixes
>>         via  cdecae6... s4:dcesrv_samr_QueryDomainInfo - allocate the "info" structure only when really needed
>>         via  0171f71... s4:dcesrv_samr_EnumDomainGroups - mostly small fixes
>>         via  f2c3d39... s4:dcesrv_samr_EnumDomainAliases - return an empty array also when no entry was returned
>>         via  5a1cb70... s4:dcesrv_samr_EnumDomainAliases - mostly small fixes
>>         via  84bda98... s4:dcesrv_samr_EnumDomainUsers - make this call look more similar to "EnumDomainGroups" and "EnumDomainAliases"
>>         via  bbb0b31... s4:ldif_read_prefixMap - don't cause memory leaks on error conditions
>>        from  14974ba... s3: Remove smbd_server_conn from cancel_pending_lock_requests_by_fid_smb2
> Matthias,
> Thanks for all these fixes!
> BTW, I did want to point out, because it isn't documented anywhere, what
> functions we are trying to move our code to use, and what functions I
> would like to remove.
> In general, the samdb_*() functions are the older functions, and return
> -1 on errors etc.  These we should try and use less, and eventually
> eliminate.
> The newer utility fucntions are the dsdb_*() functions, particularly
> those in dsdb_util.c.  These give better error returns, and are what I
> would like our code to start using were sensible, and to otherwise use
> the ldb_*() functions directly.
> Anyway, I do appreciate your efforts here, particularly to fix up and
> enable testing of dcesrv_samr_GetAliasMembership.
> Thanks!
> Andrew Bartlett

More information about the samba-technical mailing list