IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This is used to udpate just the DN components of a ldb_dn, leaving the
other extended fields alone. It is needed to prevent linked attribute
updates from removing other extended components.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
The first bug was that setting a component twice could cause it to
appear twice in the DN.
The second bug was that using an existing ldb_val from a previous call
of ldb_dn_get_extended_component() as an argument to
ldb_dn_set_extended_component() would cause a valgrind error (as the
array the val pointed into will change).
The DN escape function was using the form \c where c is any
character. The unescape function was using \XX where XX is a 2 digit
hex number. The asymmetry led to quite a few problems when we start to
deal with DNs containing escape chars, such as CN=foo\0ADEL:XXX. The
result was a DN that was not accessible.
This patch changes the escaping to follow RFC2253 much more
closely. We accept either type of escape, and produce the two types of
escape, depending on the character being escaped
This is now in dsdb_dn. Removing this to a specific wrapper avoids a
number of bugs where Binary DNs were being handled incorrectly.
This reverts much of tridge's commit
fd22e0304782e20b9bbb29464b6c745d409ff4c6
Andrew Bartlett
The ldb_dn_explode code normally enforces all special characters,
including a '=', must be escaped. Unfortunately this conflicts with
the ltdb index DNs, which for binary attributes may be base64
encoded. This allows a unescaped '=' as a special case for index DNs.
AD has the concept of a DN prefixed with B:NN:XXXXXX: that contains a
binary blob. We need to support those in order to give correctly
formatted binary blobs for things like wellKnownObjects
This implementation is not ideal, as it allows for binary blobs on all
DNs, whereas it should only allow them on those with a syntax of
2.5.5.7. We should clean this up in the future, but meanwhile this
implementation at least gets us a working DC join of w2k8 to s4.
This patch also uses a static function for marking DNs as invalid,
which is very useful when debugging this code, as you can break on it
in gdb.
Separate again the public from the private headers.
Add a new header specific for modules.
Also add service function for modules as now ldb_context and ldb_module are
opaque structures for them.
This introduces a new set of pluggable syntax, for use on the
extended DN, and uses them when parsing the DN.
If the DN appears to be in the extended form, we no longer return the
full DN 'as is', but only return the normal part from
ldb_dn_get_linearized().
When validating/parsing the DN we validate not only the format of the
DN, but also the contents of the GUID or SID (to ensure they are
plausable).
We also have functions to set and get the extended components on the DN.
For now, extended_dn_get_linearized() returns a newly constructed and
allocated string each time.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
The linearized version is not casefolded so length might not match
and yet the strings be equivalent. This can happen if one component
is case-insensitive and a letter that have an uppercase version of
a multibyte character that differ in legth from the corresponding
lowercase one.
This is a partial fix towards bugs due to us walking past the end of
what we think are strings in ldb. There is much more work to do in
this area.
Andrew Bartlett
(This used to be commit 5805a9a8f35fd90fa4f718f73534817fa3bbdfd2)
an attempt to work around this: Maybe it helps if we include other stuff
first.
This raises a question however: Do we want the DN handling to be locale
dependent? isalpha() can return different things depending on the
current locale.
(This used to be commit 75ba82dee052fa5f4141e66e1cb748101aa95d71)
to a ldb_schema_syntax struct.
the default attribute handler is now registered dynamicly as "*"
attribute, instead of having its own code path.
ldb_schema_attribute's can be added to the ldb_schema given a
ldb_schema_syntax struct or the syntax name
we may also need to introduce a ldb_schema_matching_rule,
and add a pointer to a default ldb_schema_matching_rule
in the ldb_schema_syntax.
metze
(This used to be commit b97b8f5dcbce006f005e53ca79df3330e62f117b)
this works now against w2k3:
bin/ldbedit -U administrator%test -H ldap://w2k3-101/ -b "<GUID=44087590-dd95-435c-adc1-ec20a50807be>" -s base
bin/ldbedit -U administrator%test -H ldap://w2k3-101/ -b "<SID=S-1-5-21-769185814-1958994947-1641909093-513>" -s base
bin/ldbedit -U administrator%test -H ldap://w2k3-101/ -b "<WKGUID=AB8153B7768811D1ADED00C04FD8D5CD,DC=w2k3,dc=vmnet1,dc=vm,dc=base>" -s base
and we should try to implement this in the server too...
metze
(This used to be commit 3c087c89707398d88799367240fe4e6f8b192bb4)
act like this again...
also when we already have a casefoled value we should not call ldb_dn_casefold_internal()
metze
(This used to be commit cbf4eb16725992bfdfa5a334e0e5547e6df568e6)
- ldb_dn_get_linearized
returns a const string
- ldb_dn_alloc_linearized
allocs astring with the linearized dn
(This used to be commit 3929c086d5d0b3f08b1c4f2f3f9602c3f4a9a4bd)
This patch changes a lot of the code in ldb_dn.c, and also
removes and add a number of manipulation functions around.
The aim is to avoid validating a dn if not necessary as the
validation code is necessarily slow. This is mainly to speed up
internal operations where input is not user generated and so we
can assume the DNs need no validation. The code is designed to
keep the data as a string if possible.
The code is not yet 100% perfect, but pass all the tests so far.
A memleak is certainly present, I'll work on that next.
Simo.
(This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
