[PATCH] numericoid OIDs validation

[Stefan (metze) Metzmacher]

Am 20.10.2010 13:13, schrieb Kamen Mazdrashki:
> Hi Tridge,
> 
> I am currently working on a prefixMap corruption in S4.
> I am going to change OIDs validation function in dsdb/schema_syntax.c
> so that numericoid OIDs are validated in a different way than using
> prefixMap/Schema to validate those.
> I want to use ber_write_*/ber_read_* functions to do the validation
> and while implementing this I've noticed that ber_write_OID_String()
> function is not tested for error cases. So I did :).
> Please check at:
> http://git.samba.org/?p=kamenim/samba.git;a=shortlog;h=refs/heads/pfm-save-review
> 
> But what I am wondering now is, should I push this patch at all.
> It will make ber_write_OID_String() a little bit slower with the added value
> of being more robust against invalid OIDs.
> Perhaps it is good thing for the function, but I am afraid it is very often
> used with OIDs that are for sure a valid OIDs.
> 
> (2) Another way is to implement just OID_validation() function
> that is to be used when validating numeric OIDs (usually when we add new
> objects in Schema).
> 
> (3) And yet another way I could think of is let syntax->validate() functions
> to validate those and just make sure they do really validate correctly by
> implementing unit-test for dsdb_syntax syntaxes.
> (validate() functions usually do write/read/compare, so they should
> fail on invalid OIDs even when ber_write_OID_() doesn't fail)

Shouldn't the schema_data_add() function make sure that we have
the new prefix map already, if not this is the place to add it.
I think we also need a schema_data_modify() function...

The syntax->validate() function should keep validating against the schema.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20101020/3c012f5b/attachment.pgp>