IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
To count LDB objects use variables of type "unsigned (int)" or "long long int"
on binary or downto searches.
To count characters in strings use "size_t".
To calculate differences between pointers use "ptrdiff_t".
This is used to udpate just the DN components of a ldb_dn, leaving the
other extended fields alone. It is needed to prevent linked attribute
updates from removing other extended components.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
The first bug was that setting a component twice could cause it to
appear twice in the DN.
The second bug was that using an existing ldb_val from a previous call
of ldb_dn_get_extended_component() as an argument to
ldb_dn_set_extended_component() would cause a valgrind error (as the
array the val pointed into will change).
The DN escape function was using the form \c where c is any
character. The unescape function was using \XX where XX is a 2 digit
hex number. The asymmetry led to quite a few problems when we start to
deal with DNs containing escape chars, such as CN=foo\0ADEL:XXX. The
result was a DN that was not accessible.
This patch changes the escaping to follow RFC2253 much more
closely. We accept either type of escape, and produce the two types of
escape, depending on the character being escaped
This is now in dsdb_dn. Removing this to a specific wrapper avoids a
number of bugs where Binary DNs were being handled incorrectly.
This reverts much of tridge's commit
fd22e0304782e20b9bbb29464b6c745d409ff4c6
Andrew Bartlett
The ldb_dn_explode code normally enforces all special characters,
including a '=', must be escaped. Unfortunately this conflicts with
the ltdb index DNs, which for binary attributes may be base64
encoded. This allows a unescaped '=' as a special case for index DNs.
AD has the concept of a DN prefixed with B:NN:XXXXXX: that contains a
binary blob. We need to support those in order to give correctly
formatted binary blobs for things like wellKnownObjects
This implementation is not ideal, as it allows for binary blobs on all
DNs, whereas it should only allow them on those with a syntax of
2.5.5.7. We should clean this up in the future, but meanwhile this
implementation at least gets us a working DC join of w2k8 to s4.
This patch also uses a static function for marking DNs as invalid,
which is very useful when debugging this code, as you can break on it
in gdb.
Separate again the public from the private headers.
Add a new header specific for modules.
Also add service function for modules as now ldb_context and ldb_module are
opaque structures for them.
This introduces a new set of pluggable syntax, for use on the
extended DN, and uses them when parsing the DN.
If the DN appears to be in the extended form, we no longer return the
full DN 'as is', but only return the normal part from
ldb_dn_get_linearized().
When validating/parsing the DN we validate not only the format of the
DN, but also the contents of the GUID or SID (to ensure they are
plausable).
We also have functions to set and get the extended components on the DN.
For now, extended_dn_get_linearized() returns a newly constructed and
allocated string each time.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
The linearized version is not casefolded so length might not match
and yet the strings be equivalent. This can happen if one component
is case-insensitive and a letter that have an uppercase version of
a multibyte character that differ in legth from the corresponding
lowercase one.
This is a partial fix towards bugs due to us walking past the end of
what we think are strings in ldb. There is much more work to do in
this area.
Andrew Bartlett
(This used to be commit 5805a9a8f35fd90fa4f718f73534817fa3bbdfd2)
an attempt to work around this: Maybe it helps if we include other stuff
first.
This raises a question however: Do we want the DN handling to be locale
dependent? isalpha() can return different things depending on the
current locale.
(This used to be commit 75ba82dee052fa5f4141e66e1cb748101aa95d71)
