IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
These are the newly-added AttributeAuthorizationOnLDAPAdd and
BlockOwnerImplicitRights.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14810
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We need to be able to determine whether an object is a subclass of a
specific objectclass such as 'computer'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14833
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This function simulates an add or modify operation for an ldb message to
determine the final value of a particular single-valued attribute. This
is useful when validating attributes that should stay in sync with other
attributes, such as servicePrincipalName and dNSHostName.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14833
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
To use memcpy(), we need to specify the number of bytes to copy, rather
than the number of ldb_val structures.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15008
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Currently, we can crash the server by sending a large number of values
of a specific attribute (such as sAMAccountName) spread across a few
message elements. If val_count is larger than the total number of
elements, we get an access beyond the elements array.
Similarly, we can include unrelated message elements prior to the
message elements of the attribute in question, so that not all of the
attribute's values are copied into the returned elements values array.
This can cause the server to access uninitialised data, likely resulting
in a crash or unexpected behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15008
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Nobody uses it now. It never really did what it said it did. Almost
every use was wrong. It was a trap.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14876
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This function collects a superset of all the new values for the specified
attribute that could result from an ldb add or modify message.
In most cases -- where there is a single add or modify -- the exact set
of added values is returned, and this is done reasonably efficiently
using the existing element. Where it gets complicated is when there are
multiple elements for the same attribute in a message. Anything added
before a replace or delete will be included in these results but may not
end up in the database if the message runs its course. Examples:
sequence result
1. ADD the element is returned (exact)
2. REPLACE the element is returned (exact)
3. ADD, ADD both elements are concatenated together (exact)
4. ADD, REPLACE both elements are concatenated together (superset)
5. REPLACE, ADD both elements are concatenated together (exact)
6. ADD, DEL, ADD adds are concatenated together (superset)
7. REPLACE, REPLACE both concatenated (superset)
8. DEL, ADD last element is returned (exact)
Why this? In the past we have treated dsdb_get_single_valued_attr() as if
it returned the complete set of possible database changes, when in fact it
only returned the last non-delete. That is, it could have missed values
in examples 3-7 above.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14876
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Move of strcasecmp redefine to lib/util/safe_string.h in
https://gitlab.com/samba-team/samba/-/merge_requests/1507 broke build on
Fedora 33 with GCC 10.2.1 for those compilation units that use
ldb_att_cmp().
The reason for that is that ldb_attr_cmp() defined as
#define ldb_attr_cmp(a, b) strcasecmp(a, b)
because attribute names restricted to be ASCII by RFC2251 (LDAPv3 spec).
A solution is to add
#undef strcasecmp
to all source code files which use ldb_attr_cmp().
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 1 22:45:29 UTC 2020 on sn-devel-184
repl_meta_data.c uses the compatible features attribute of the
"@SAMBA_DSDB" special object to record that linked attributes are
being stored in the database in a sorted order. Soon the
linked_attributes module is going to want to know the same thing, and
in time other modules will want to know about other compatible
features, so we introduce a helper function.
Error checking is slightly improved.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Replace uses of the string "sessionInfo" with the constant
DSDB_SESSION_INFO, and "networkSessionInfo" with the constant
DSDB_NETWORK_SESSION_INFO.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
If we do not call ldb_module_done() then we do not know that up_req->callback()
has been called, and ldb_next_request() will call the callback again.
If called twice, the new ldb_lock_backend_callback() in ldb 1.2.0 will segfault.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12904
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Aug 1 07:52:38 CEST 2017 on sn-devel-144
This happens during provision, however due to the fact that the first
search in the rootDSE init does not check return codes, this was done
implicitly (and coincidentally).
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This is lightweight implementation and should be used on objects
with already verified objectClass attribute value - eg. valid classes,
sorted properly, etc.
Checkout objectclass.c module for heavy weight implementation.
Change-Id: Ifa7880d26246f67e2f982496fcc6c77e6648d56f
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This will eventually replace get_oc_guid_from_message(), returning the full dsdb_class.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
As this value is calculated new each time, we need to give it a context to live on.
If the value is the forced value during provision, a reference is taken.
This was responsible for the memory leak in the replication process. In the
example I was given, this DN appeared in memory 13596 times!
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Aug 14 10:05:14 CEST 2012 on sn-devel-104
And remove this helper module - it does not have much sense keeping it.
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Apr 11 06:31:51 CEST 2012 on sn-devel-104
the dsdb_check_optional_feature() call should look on our own NTDS DN
for the enabled feature. This should work for all features, not just
for forest wide fetaures.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
With this function your own search tree can be specified
This function is similar to ldb_build_search_req_ex as it allows to
pass a parse tree structure.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
We've to completely ignore the flags in that case.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Nov 7 11:10:23 UTC 2010 on sn-devel-104
This helps ensure that we don't get confusing error strings in the
logs on other error cases.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 19 12:16:07 UTC 2010 on sn-devel-104
Please do always use the functions which specifiy the appropriate integer
length to not run into platform-specific issues. Therefore I'm removing these
generic calls.
The merged I plan in this area require spliting security.h into
two header files, a common header and a session.h for the
remaining source4-specific code.
Andrew Bartlett
