IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
this allows a ldb module to register a hook function called at various
stages of processing. It will be initially used for ldb command line
hooks, but should work generally.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
this supports module loading in ldb which uses the approach of "load
all modules in a directory". This is much more flexible than the
current module loading, as it will allow us to load modules for
command line parsing and authentication.
Modules are loaded from a colon separated path, in the environment
variable LDB_MODULES_PATH. If unset, it defaults to LDB_MODULESDIR.
Within each directory modules are loaded recursively (traversing down
the directory tree). The device/inode number of each module is
remembered to prevent us loading a module twice.
Each module is checked for a ldb_init_module() function with
dlsym(). If found, it is called with the ldb module version as an
argument.
The new waf-based build system now has all the same functionality, and
the old build system has been broken for quite some time.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sun Oct 31 02:01:44 UTC 2010 on sn-devel-104
moved it out of the general waf build as the s3 waf build cannot yet
handle linking with -Wl,-no-undefined
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Oct 25 01:12:15 UTC 2010 on sn-devel-104
This control is exactly thought for the actions which previously were performed
using the RELAX one.
We agreed that the RELAX control will only remain for interactions with OpenLDAP.
Commit 8556602b04 wasn't quite right - it only
restored the functionality on the positive integer range.
This one however should now really support the whole unsigned range.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Tue Oct 19 10:52:08 UTC 2010 on sn-devel-104
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Tue Oct 19 01:27:44 UTC 2010 on sn-devel-104
the ldap server will mark a control with a NULL oid in order to remove
it. This prevents a O(n^2) cost in control handling.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
these will be used to determine if a ldb request comes from an
untrusted source. We want requests over ldap:// to be marked untrusted
so we can reject unregistered controls
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Use the signed counter for the binary search but use an unsigned one for
accessing the entry.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Mon Oct 18 19:01:31 UTC 2010 on sn-devel-104
"find_element" returns an "int" since there is also the possibility that a
certain element doesn't exist - then "-1" is returned. But beside this
exception treat all other return values as unsigned.
This greatly assists in debugging what is going on with the
ldb handle, as it indicates where it was created.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Oct 18 11:54:46 UTC 2010 on sn-devel-104
This must be available to the OpenLDAP backend, to set the GUID values
in some situations. We need a proper ACL mechanism to control the use
or abuse of this control.
This reverts commit 10adee8936.
This makes our LDAP much more secure and less error-prone.
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Oct 16 19:43:36 UTC 2010 on sn-devel-104
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Wed Oct 13 11:42:18 UTC 2010 on sn-devel-104
this also fixes error handling in case of bad syntax, memory error
etc, which was previously conidered as a mismatch, but should return
an error
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
this function takes the operator being invoked, which will allow
schema functions to provide more fine grained control over
comparisons.
The key bug this was introduced to fix is the incorrect handling of
the LDB_OP_PRESENT test for deleted linked attributes. The backends
are unaware of the deleted state of these links, so they cannot do a
LDB_OP_PRESENT test on their own.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
we need to use the build modules, not the installed modules, so tests
run from the source directory are valid
Pair-Programmed-With: Jelmer Vernooij <jelmer@samba.org>
This is deliberate behaviour.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Oct 11 13:45:14 UTC 2010 on sn-devel-104
applicable.
Allow using both pyembed and pyext, to prevent unresolved symbols.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sun Oct 10 03:54:01 UTC 2010 on sn-devel-104
It is the same as ldb_request_add_control, except it will replace
an existing control.
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Sep 27 19:00:38 UTC 2010 on sn-devel-104
this is used to help debug async ldb requests. The ldb request handle
now contains a location string and the parent request pointer. This
allows us to print a backtrace of ldb requests in the dsdb modules.
When this flag is set on an element in an add/modify request then the
normal validate_ldb() call that checks the element against schema
constraints is disabled
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
This ensures that internal bits for the element flags in add/modify
requests are not set via the ldb API
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
The flags field of message elements is part of a set of flags. We had
LDB_FLAG_MOD_MASK for extracting the type, but it was only rarely
being used (only 1 call used it correctly). This adds
LDB_FLAG_MOD_MASK() to make it more obvious what is going on.
This will allow us to use some of the other flags bits for internal
markers on elements
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
this control adds a unique msDS-SecondaryKrbTgtNumber attribute to a
user object.
There is some 'interesting' interaction with the rangeLower and
rangeUpper attributes and this add. We don't implementat
rangeLower/rangeUpper yet, but when we do we'll need an override for
this control (or be careful about module ordering).
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
the problem was the inconsistency between the key form of DNs between
the itdb used for indexing and the on disk form
Thanks to Matthieu Patou for finding this bug!
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
They are not quite safe to use (requires caller to steal
resulting message in own context) and may lead to holding
memory for too long.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Previos implementation from ldb_msg_canonicalize()
was moved into this function and now ldb_msg_canonicalize()
is based on ldb_msg_normalize()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Previous implementation was 'leaking' attribute name
string, that is allocated by ldb_msg_add_empty()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
It just adds another element, nothing more.
Caller is responsible to fill-in the added element and
determine how to handle data allocation contexts.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Old implementation from ldb_msg_diff() was moved into
this this function but with changed interface
so that a memory context may be passed.
ldb_msg_diff() function is now based on ldb_msg_difference(),
which fixes a hidden leak - internal ldb_msg object
(returned from ldb_msg_canonicalize) wasn't freed
and stays attached to ldb_context for the connection lifetime.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
These will be used to help avoid the problem we have with hundreds of
places that do "return LDB_ERR_OPERATIONS_ERROR" without an
explanation. It is very difficult to track down ldb errors which don't
have any explanation.
By replacing "return LDB_ERR_OPERATIONS_ERROR;" with "return ldb_operr(ldb);"
we at least get a file:line message in the ldb error string. It isn't
an ideal error message, but it is much better than just "operations
error"
This change also makes ldb_oom() return the error code
(LDB_ERR_OPERATIONS_ERROR) so you can do:
return ldb_oom(ldb);
instead of:
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
fixed several bugs in error handling. the ldb context was used without
being initialised in the error paths, and several error paths did not
set an ldb error string.
Using "#!/usr/bin/env python" is more portable. It still isn't ideal
though, as we should really use the python path found at configure
time. We do that in many places already, but some don't.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
These are just a subset of the DS_DOMAIN_ functionality flags, are compared and often confused with each other. Just make them one set.
Andrew Bartlett
As per Nadia's request and abartlet's suggestion the test now also sets the
"dSHeuristics" attribute properly to be able to perform the tests also against
Windows without further configuration.
The code has the neat feature that it undoes the change and resets the
behaviour as it was before.
It seems to me more consistent (and also to keep the same behaviour on all
backends).
Also the DRS hack should therefore not be needed anymore since the
"repl_meta_data" module launches requests behind "objectclass_attrs".
We can have some special (bad) messages which contain multiple message elements
for the same attribute. The AD password change ones are such an example.
