IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
These tests are for both the new extended DN functionality (and were
vital in finding bugs during implementation) and for the normal DN
parsing and comparison routines.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This uses an early peek at the extended_dn_control (in the request) to see what output
format to use.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This provides the two extended DN handlers for the GUID and SID types,
and makes the parsing more strict (where possible, it uses
ndr_pull_struct_blob_all(), to cause an error if trailing data is
found).
Signed-off-by: Stefan Metzmacher <metze@samba.org>
When things go wrong with LDB, this routine seems to be particularly
sensitive to it. This extra debugging should help the next poor soul who
breaks LDB.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This allows searches with the extended DN control to still print the
extended DN in ldif output (it would otherwise be parsed and hidden in
the structure).
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Encode and decode the OpenLDAP dereference control (draft-masarati-ldap-deref-00)
At this time, the ldb_controls infrustructure does not handle request
and reply controls having different formats, so this is purely the
client implementation (ie, there is no decode of the client->server
packet, and no encode of the server->client packet).
Signed-off-by: Stefan Metzmacher <metze@samba.org>
The OpenLDAP dereference control (draft-masarati-ldap-deref-00) uses
an attribute list, as found in the search reply, but without one
enclosing ASN1_SEQUENCE(0)
This allows the dereference control parsing code to use this as a
helper function.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Whenever we pass a DN to the LDAP server, we now use
ldb_dn_get_extended_linearized(). This allows us to send the extended
DN if set, and therefore allows searches of the form
'<GUID=aaa45ea0-94cd-45e9-8753-abe455d9a8f1>'.
We actually use the '0' format (GUID=aaa45ea094cd45e98753abe455d9a8f1)
because it is more widely supported (by Win2k in particular).
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This introduces a new set of pluggable syntax, for use on the
extended DN, and uses them when parsing the DN.
If the DN appears to be in the extended form, we no longer return the
full DN 'as is', but only return the normal part from
ldb_dn_get_linearized().
When validating/parsing the DN we validate not only the format of the
DN, but also the contents of the GUID or SID (to ensure they are
plausable).
We also have functions to set and get the extended components on the DN.
For now, extended_dn_get_linearized() returns a newly constructed and
allocated string each time.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This module is not used at the moment, but if we do use it again, we
should try to avoid duplicate lists.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This avoids accidentily running off the end of a string, and uses a
single 'guess which type of GUID I have' algorithm.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
It seems that in 2deeb99fff adding the
partition control to this request was missed out.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
ldb indexing can cause huge files, and huge memory usage. This
experiment allows us to keep indexes in memory during a transaction,
then to write the indexes to disk when the transaction completes. The
result is that the db is much smaller (we have seen improvements of
about 100x in file size) and memory usage during large transactions is
also greatly reduced
Note that this patch uses the unusual strategy of putting pointers
into a ldb (and thus into a tdb). This works because the pointers are
only there during a transaction, so the pointers are not exposed to
any other users of the database. The pointers allow us to avoid some
really bad allocation problems with tdb record allocation during the
re-indexing.
re-indexing in ldb is triggered on any modification to the @ATTRIBUTES
or @INDEXLIST records. This happens to produce a worst-case
fragmentation of the database, as all @INDEX records are deleted then
re-created. By repacking after re-indexing we ensure that the database
ends up without extreme fragmentation.
The command line tools ldbadd, ldbmodify and ldbedit should operate
within a transaction to make them more efficient. The ldbadd tool in
particular is much faster when adding a large number of records if all
the adds happen within a transaction. Previously there was a
transaction per record.
previous behaviour for the 'bad bind' case.
(It is only close, not matching - Windows 2008 sends a different,
non-zero, assoc_group_id each time)
Andrew Bartlett
dom_sid.sub_auths rather than a dynamically allocated one.
This makes it possible to use the same DCE/RPC object code for Samba 3
and Samba 4's DCE/RPC parsers and allows copying sids more easily
(since they no longer contain any pointers). The cost of having additional
manual marshalling code is limited (~35 additional lines of C code).
This schema is *NOT* licenced under a standard Free Software licence,
but does provide us the freedoms we need to use the schema, and the
requirement to distribute as 'part of an implemenation' is similar to
common Free font licences that are accepted by major linux distributions.
Andrew Bartlett
