A preliminary userParameters patch

Andrew Bartlett abartlet at samba.org
Fri Oct 4 12:59:54 MDT 2013 

On Fri, 2013-10-04 at 10:47 +0200, Stefan (metze) Metzmacher wrote:
> Am 04.10.2013 05:47, schrieb Andrew Bartlett:
> > Attached is a patch that just forces userParameters to be octectString
> > (I hope).  
> > 
> > We need tests etc, but I wanted your thoughts so we can tell Karolin
> > what do about 4.1 and bug 8077 (where I have also attached this patch). 
> > 
> > What do you think?
> 
> I just tested (within TDB_NO_FSYNC=1 buildnice make -j testenv
> SELFTEST_TESTENV=vampire_dc)
> that a value of
> 
> userParameters::
> IAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgA
>  CAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAUAAFABoACA
>  ABAEMAdAB4AEMAZgBnAFAAcgBlAHMAZQBuAHQANTUxZTBiYjAYAAgAAQBDAHQAeABDAGYAZwBGAGw
>  AYQBnAHMAMQAwMGYwZTBmNxIACAABAEMAdAB4AFMAaABhAGQAbwB3ADAxMDAwMDAwKgACAAEAQwB0
>  AHgATQBpAG4ARQBuAGMAcgB5AHAAdABpAG8AbgBMAGUAdgBlAGwAMDEgAEgAAQBDAHQAeABXAEYAU
>  AByAG8AZgBpAGwAZQBQAGEAdABoADJmNzc2NTJmNjQ2ZjJmNmU2Zjc0MmY3MjY1NzA2YzY5NjM2MT
>  c0NjUyZjc0Njg2OTczMmY2MTc0NzQ3MjY5NjI3NTc0NjUwMA==
> 
> 0000   20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00     . . . . . . . .
> 0010   20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00     . . . . . . . .
> 0020   20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00     . . . . . . . .
> 0030   20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00     . . . . . . . .
> 0040   20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00     . . . . . . . .
> 0050   20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00     . . . . . . . .
> 0060   50 00 05 00 1A 00 08 00 01 00 43 00 74 00 78 00    P.........C.t.x.
> 0070   43 00 66 00 67 00 50 00 72 00 65 00 73 00 65 00    C.f.g.P.r.e.s.e.
> 0080   6E 00 74 00 35 35 31 65 30 62 62 30 18 00 08 00    n.t.551e0bb0....
> 0090   01 00 43 00 74 00 78 00 43 00 66 00 67 00 46 00    ..C.t.x.C.f.g.F.
> 00A0   6C 00 61 00 67 00 73 00 31 00 30 30 66 30 65 30    l.a.g.s.1.00f0e0
> 00B0   66 37 12 00 08 00 01 00 43 00 74 00 78 00 53 00    f7......C.t.x.S.
> 00C0   68 00 61 00 64 00 6F 00 77 00 30 31 30 30 30 30    h.a.d.o.w.010000
> 00D0   30 30 2A 00 02 00 01 00 43 00 74 00 78 00 4D 00    00*.....C.t.x.M.
> 00E0   69 00 6E 00 45 00 6E 00 63 00 72 00 79 00 70 00    i.n.E.n.c.r.y.p.
> 00F0   74 00 69 00 6F 00 6E 00 4C 00 65 00 76 00 65 00    t.i.o.n.L.e.v.e.
> 0100   6C 00 30 31 20 00 48 00 01 00 43 00 74 00 78 00    l.01 .H...C.t.x.
> 0110   57 00 46 00 50 00 72 00 6F 00 66 00 69 00 6C 00    W.F.P.r.o.f.i.l.
> 0120   65 00 50 00 61 00 74 00 68 00 32 66 37 37 36 35    e.P.a.t.h.2f7765
> 0130   32 66 36 34 36 66 32 66 36 65 36 66 37 34 32 66    2f646f2f6e6f742f
> 0140   37 32 36 35 37 30 36 63 36 39 36 33 36 31 37 34    7265706c69636174
> 0150   36 35 32 66 37 34 36 38 36 39 37 33 32 66 36 31    652f746869732f61
> 0160   37 34 37 34 37 32 36 39 36 32 37 35 37 34 36 35    7474726962757465
> 0170   30 30
> 
> Gets correctly replicated without your patch.

However, that is only between Samba AD and Samba AD.  I've not proved it
yet, but with the wrong syntax in place, replication to Windows should
result in corrupt values (it would be 20 00 00 00 20 00 00 00 00),
replication from Windows would also result in corrupt values (20 20).

> So I don't think there's no need for an urgent fix for 4.1.0.

OK. 

> We should try to create a real fix for this in master and think about
> backporting it once we're happy with the final result.

I think we will have quite a few different cases to catch with dbcheck
here in the long-run.  

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba-technical mailing list