IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
The session keys as supplied already have a reference on them, so
stealing them creates challenges. For 16 bytes, it is just easier to
be consistant and copy them.
Andrew Bartlett
The talloc hirarchy here was a bit odd - we would both steal the
parsed ldif onto 'NULL', then reference it onto a python talloc
wrapper.
Now we just leave the reference, after we complete building the object.
Andrew Bartlett
The problem here was that some parts of the ldb_message were still
attached to the ldb_ldif structure, and when only the message was
taken (and the ldif free'ed to reclaim memory) we refereced free'ed
memory.
Andrew Bartlett
we may not throw away LD_LIBRARY_PATH and friends as they sometimes contain
important information. Some of the build farm machines for example have the
python lib path in there - we can't run make test when we suddenly forget how
to use python
Using ldb unique indexes for samAccountName doesn't work with DRS as
the other DC may send us a deleted record (tombstone record), which
has the same samAccountName as an existing record. That would then
create two records in the same partition with the same samAccountName.
So we needed to put back the logic in samldb.c which explicitly
checked whether a samAccountName already exists on add
This is needed to prevent samba3 and samba4 from using an ABI
incompatible system version of talloc
See ongoing discussion on the samba-technical mailing list
The LDB_ERR_NO_SUCH_OBJECT varient is not a defined variable. This
should improve error handling in our python code on some
systems. Unfortunately it still doesn't work on mine. I need to trap
Jelmer somewhere where he can't escape some day and force him to
divulge the deep druid secrets of python exception handling ....
The previous code incorrectly assumed that attributes such as
subClassOf come over the wire as strings. In fact they come over as 32
bit integers which refer to goversIDs. We have to post-process these
as it sometimes happens that a governsID comes over the wire before
the record that defines what it means.
- This changes the attribute "forceLogoff" to its' default
values according to Windows Server 2003 R2
- Also this corrects the "subRefs" attribute of the base-DN which only refers
to direct child partitions (and therefore not to the complete transitive closure)
A dcerpc request may have a reference from a still completing async
callback, but we now consider the request to be complete. We want to
lose the main parent, leaving just the reference, if any.
This reworks the notes file to be less stream-of-consciousness and more
task for porting, with a very particular focus on a potential port of
Samba4 to use MIT Kerberos.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
The previous code only allowed an KRB5_NT_ENTERPRISE name (an e-mail
list user principal name) in an AS-REQ. Evidence from the wild
(Win2k8 reportadely) indicates that this is instead valid for all
types of requests.
While this is now handled in heimdal/kdc/misc.c, a flag is now defined
in Heimdal's hdb so that we can take over this handling in future (once we start
using a system Heimdal, and if we find out there is more to be done
here).
Andrew Bartlett
The function LDB_lookup_principal() has been eliminated, and it's
contents spread back to it's callers. Removing the abstraction makes
the code clearer.
Also ensure we never pass unescaped user input to a LDB search
function.
Andrew Bartlett
