[PATCH] Error, rather than segfault on invalid attributes in replicated updates

Stefan (metze) Metzmacher metze at samba.org
Wed Jun 5 00:33:16 MDT 2013 

Am 05.06.2013 02:04, schrieb Andrew Bartlett:
> On Wed, 2013-06-05 at 09:53 +1000, Andrew Bartlett wrote:
>> This patch causes us to error, rather than segfault (as seen in recent
>> autobuilds) if we are given an attribute that can't be found in the
>> local schema.
>>
>> My hope is that this may assist us in finding the real bug.
>>
>> Andrew Bartlett
> 
> Curiously, I seem to have added this in (but I don't recall why I made
> this change):
> 
> commit d799b25dd3ed0f72ee03949225ba241c5538d7d6
> Author: Andrew Bartlett <abartlet at samba.org>
> Date:   Thu Aug 9 16:16:03 2012 +1000
> 
>     s4-dsdb: Remove strcasecmp() fallback in
> replmd_ldb_message_element_attid_sort
>     
>     In all callers, we must already have a attributeID for each of the
>     values or else we would have already given an error, or could not
> have
>     obtained the message over DRS.
>     
>     Andrew Bartlett
>     
>     Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
>     Autobuild-Date(master): Thu Aug  9 11:39:54 CEST 2012 on
> sn-devel-104
> 
> However, what has me more curious is why we sort at all:
> 
> The sorting seems to have been added very early:
> 
> commit c84d8124b2c61e9ef5d3c43333b76009b5f79a5b
> Author: Stefan Metzmacher <metze at samba.org>
> Date:   Tue Jan 23 10:21:14 2007 +0000
> 
>     r20968: - add functions to sort the meta data and attribute arrays
>     - we should use them before we store records to disk
>     
>     metze
>     (This used to be commit a5200ef0cae5e8b0cedf196c9d76afc46e08c316)
> 
> The curious thing is that in replmd_modify() and
> replmd_replicated_apply_merge() we sort only the modifies being made,
> not the whole record, so I don't think it is stored sorted.  It makes no
> sense to me to only sort in the add case.  Should we just drop the sort?

No, we should do the sorting always. I just skipped this because it's
complicated to do that.

This way it's much easier to do diffs between ldif output from different
servers.

I've also seen some admin scripts which access ldap results via numeric
index,
instead of name, which means they rely on the order of attributes
and always work against a windows server.

metze

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20130605/81fee792/attachment.pgp>

More information about the samba-technical mailing list