[PATCH] DSDB schema attributes with no linkID are wrongly set as one way links

Andrew Bartlett abartlet at samba.org
Sun Dec 14 14:32:13 MST 2014 

On Wed, 2014-12-03 at 13:52 +0100, Stefan (metze) Metzmacher wrote:
> Hi Samuel,
> 
> > I have found that schema attributes entries with no linkID are set as 
> > one way links, which I think is wrong. 
> > 
> > When loading the schema, the function dsdb_attribute_from_ldb 
> > initialize the linkID field of the dsdb_attribute structure to 0 if 
> > the entry being loaded does not have linkID. Later, the function 
> > dsdb_setup_attribute_shortcuts sets one_way_link to true when the 
> > dsdb_attribute->linkID == 0, which cause all attributes with no linkID 
> > be considered one way links.
> > 
> > I have found here 
> > http://technet.microsoft.com/en-us/library/cc773309(v=ws.10).aspx that 
> > zero is not a valid value for linkID:
> > 
> > A linked pair is identified by the linkID values of two 
> > attributeSchema objects. The linkID of the forward link is an even, 
> > positive, nonzero value, and the linkID of the associated back link is 
> > the value of the forward linkID, incremented by one.
> > 
> > So I think dsdb_attribute->one_way_link has to be set to false when 
> > dsdb_attribute->linkID is 0.
> 
> Sorry, but this patch is wrong.
> 
> 'dsdb_attribute->linkID == 0' is the definition of a one way link.
> 
> We only need a separate variable 'dsdb_attribute->one_way_link' because
> the Windows schema is broken and defines attributes with linkID > 0
> and forgot to define an attribute for the backlink.

Metze,

Thanks for looking over this.  

Samuel,

We can't change our internal state here, it is critical for the existing
modules that rely on it.  If you need a new state, with slightly
different semantics to what we need for updating the links when they
move, then either calculate it at runtime from linkID > 0, or work out
what exact rules apply to this new class of links. 

The confusion stems from that in Samba, so far, we have considered all
DN objects to be linked attributes, some of which are one one-way,
either because they don't have a linkID or because they don't have a
matching odd/even linkID pair.

I hope this helps,

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20141215/3921396c/attachment.pgp>

More information about the samba-technical mailing list