IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This is used to udpate just the DN components of a ldb_dn, leaving the
other extended fields alone. It is needed to prevent linked attribute
updates from removing other extended components.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
This canonicalise avoids a problem with an add that has multiple
elements with the same el->name. That is allowed by MS servers, and by
ldb, but it breaks things like the tdb backend and the repl_meta_data
RPMD handling.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
This control will allow inspection of internal ldb values, which would
normally be stripped before being presented to users. The first use
will be stripping linked attribute meta data extended components.
The first bug was that setting a component twice could cause it to
appear twice in the DN.
The second bug was that using an existing ldb_val from a previous call
of ldb_dn_get_extended_component() as an argument to
ldb_dn_set_extended_component() would cause a valgrind error (as the
array the val pointed into will change).
(as objectClass will always be a case insensitive ascii string, we can
make a much simpler match function here than for the general case).
Andrew Bartlett
- reserve a new Samba OID for recalculate SD control
- fix the update SD function
- fix handling of kvno in the update_machine_account_password function
- fix handling of handles in RPC winreg server
Signed-off-by: Andrew Tridgell <tridge@samba.org>
We were testing for valid DNs in ldbrename in the command line
tool. This hid a bug in the ldb library where we caught a bad DN in
the objectclass module rather than in the main ldb code. It is better
to do validation of the DNs passed on the command line in the library
code, as this gives us more consistent error handling between the
programming APIs for ldb and the command line.
The DN escape function was using the form \c where c is any
character. The unescape function was using \XX where XX is a 2 digit
hex number. The asymmetry led to quite a few problems when we start to
deal with DNs containing escape chars, such as CN=foo\0ADEL:XXX. The
result was a DN that was not accessible.
This patch changes the escaping to follow RFC2253 much more
closely. We accept either type of escape, and produce the two types of
escape, depending on the character being escaped
This is now in dsdb_dn. Removing this to a specific wrapper avoids a
number of bugs where Binary DNs were being handled incorrectly.
This reverts much of tridge's commit
fd22e0304782e20b9bbb29464b6c745d409ff4c6
Andrew Bartlett
This helps pin down where errors occour, by printing a call stack and
setting error strings and trace messages in the transaction case.
Andrew Bartlett
The ldb_dn_explode code normally enforces all special characters,
including a '=', must be escaped. Unfortunately this conflicts with
the ltdb index DNs, which for binary attributes may be base64
encoded. This allows a unescaped '=' as a special case for index DNs.
This reverts commit f9990e9b391f330a8e6c5c158ee4e4eaa50f6176.
abartlet claims that this behaviour is too AD specific to put here. Btw I had
also some doubts if this is clean enough. I put it only here to make "ldap.py"
pass.
I'll try to find a new solution soon.
AD has the concept of a DN prefixed with B:NN:XXXXXX: that contains a
binary blob. We need to support those in order to give correctly
formatted binary blobs for things like wellKnownObjects
This implementation is not ideal, as it allows for binary blobs on all
DNs, whereas it should only allow them on those with a syntax of
2.5.5.7. We should clean this up in the future, but meanwhile this
implementation at least gets us a working DC join of w2k8 to s4.
This patch also uses a static function for marking DNs as invalid,
which is very useful when debugging this code, as you can break on it
in gdb.
