IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
been working on for at least half a year now. Contains the following
improvements:
* proper layering (finally!) for the registry library. Distinction is
now made between 'real' backends (local, remote, wine, etc) and
the low-level hive backends (regf, creg, ldb, ...) that are only used
by the local registry backend
* tests for all important hive and registry operations
* re-enable RPC-WINREG tests (still needs more work though, as
some return values aren't checked yet)
* write support for REGF files
* dir backend now supports setting/reading values, creating keys
* support for storing security descriptors
* remove CREG backend as it was incomplete, didn't match the data model
and wasn't used at all anyway
* support for parsing ADM files as used by the policy editor (see lib/policy)
* support for parsing PREG files (format used by .POL files)
* new streaming interface for registry diffs (improves speed and memory usage
for regdiff/regpatch significantly)
... and fixes a large number of bugs in the registry code
This patch prevents non-root and non-administrator users from running
the provision, upgrade and vampire pages. *I think* the rest of SWAT
is LDB operations, or otherwise authenticated, so we should now be
secure.
I wish I had a better way to 'prove' we got this right, but this is better than nothing, and moves us closer to an alpha.
Andrew Bartlett
Before the provisioning enters to the function provision_default_paths (in
scripting/libjs/provision.js), the variable subobj.DNSDOMAIN isn't properly set
(for example for the filename of the DNS zonefile).
Andrew Bartlett
On default Active Directory installations, the NETLOGON share isn't
an indipendent directory. In fact it's mapped to the subdirectory
"scripts" from the share SYSVOL under <Domain name>.
Andrew Bartlett
This involves creating the SYSVOL and NETLOGON shares at provision
time, and creating the right subdirectories.
This also changes the behaviour of lp.get("foo") in ejs - we now
return undefined, rather than syntax error, if the parameter doesn't
exist (perhaps because the share isn't defined).
Andrew Bartlett
where LDB isn't as strict as OpenLDAP, the self join record contains
duplicate servicePrincipalNames once the DNS name and domain name are
made equal. (Easier to just skip the useless self-join).
Andrew Bartlett
- samba3sam.js: rework the samba3sam test to not use objectCategory,
as it's has special rules (dnsName a simple match)
- ldap.js: Test the ordering of the objectClass attributes for the baseDN
- schema_init.c: Load the mayContain and mustContain (and system...) attributes when
reading the schema from ldb
- To make the schema load not suck in terms of performance, write the
schema into a static global variable
- ldif_handlers.c: Match objectCategory for equality and canonicolisation
based on the loaded schema, not simple tring manipuation
- ldb_msg.c: don't duplicate attributes when adding attributes to a list
- kludge_acl.c: return allowedAttributesEffective based on schema results
and privilages
Andrew Bartlett
Fix a nasty issue we had with SWAT. We could not provision into a
different domain, as we didn't re-calcuate the DOMAINDN after the user
changed it in the form.
Andrew Bartlett
This required a new mkdir() call in ejs.
We can now provision just the schema for ad2oLschema to operate on
(with provision_schema(), without performing the whole provision, just
to wipe it again (adjustments to 'make test' to come soon).
Andrew Bartlett
change the way the ejs object is being created and return listing
context (with status) rather than collecting all entries gathered
from libnet call.
rafal
--partitions-only (suggestions for a better name welcome) will setup
the partitions records, but no any data in those partitions. This can
then point at the already configured remote LDAP server.
Andrew Bartlett
partitions onto the target LDAP server.
Make the LDAP provision run before smbd starts, then stop the LDAP
server. This ensures this occurs synchronously, We then restart it
for the 'real run' (with slapd's stdin being the FIFO).
This required fixing a few things in the provision scripts, with more
containers being created via a add/modify pair.
Andrew Bartlett
'phantom_root' flag in the search_options control
- Add in support for LDB controls to the js layer
- Test the behaviour
- Implement support for the 'phantom_root' flag in the partitions module
- Make the LDAP server set the 'phantom_root' flag in the search_options control
- This replaces the global_catalog flag passed down as an opaque pointer
- Rework the string-format control parsing function into
ldb_parse_control_strings(), returning errors by ldb_errorstring()
method, rather than with printf to stderr
- Rework some of the ldb_control handling logic
Andrew Bartlett
We were returning just true/false and discarding error number and string.
This checking probably breaks swat, will fix it in next round as swat
is what made me look into this as I had no way to get back error messages
to show to the users.
Simo.
