Common errors in ldb use
Simo Sorce
idra at samba.org
Tue Dec 27 10:24:54 GMT 2005
On Tue, 2005-12-27 at 20:51 +1100, Andrew Bartlett wrote:
> This was allegedly part of the win2000 issue in the KDC. The
> sam_get_results_principal() is in auth/auth_sam.c, and uses the
> attribute lists at the top of this file, but they are queried in
> hdb-ldb.c
>
> The issue that prompted this mail is in rpc_server/samr/samr_password.c
>
> The list of user_attrs[] in samdb_set_password() does not include
> "msDS-KeyVersionNumber", but the code:
>
> kvno = samdb_result_uint(res[0],
> "msDS-KeyVersionNumber", 0);
>
> expects it to be there in the result.
Sorry but you cannot blame ldb, or request changes in it, for mistakes
done at the caller level.
> > If that's just for sanity, then you should probably build a function
> > that check your expectations by passing in a list of attributes and an
> > ldb_message structure.
>
> Frankly, I don't care were the function is (samdb, gendb, ldb), but I
> would suggest that we made the mistake too often to just trust the
> current functions.
I do care, and I think you should do the right query to get the expected
results.
> > I do not see any good reason to make this inside general usage
> > functions.
>
> It is the lack of this safety that causes bugs in Samba4 today.
I'd say lack of testing, but anyway, to solve this problem I'd make the
right call where needed instead of searching for a tutor underneath.
Simo.
--
Simo Sorce - idra at samba.org
Samba Team - http://www.samba.org
Italian Site - http://samba.xsec.it
More information about the samba-technical
mailing list