IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This is used to udpate just the DN components of a ldb_dn, leaving the
other extended fields alone. It is needed to prevent linked attribute
updates from removing other extended components.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
This canonicalise avoids a problem with an add that has multiple
elements with the same el->name. That is allowed by MS servers, and by
ldb, but it breaks things like the tdb backend and the repl_meta_data
RPMD handling.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
If an ace has the PRINCIPAL_SELF as trustee, this sid has to be replaced with
the onjectSid of the object being checked. PRINCIPAL_SELF is the way to grant rights
to an account over itself.
It isn't very useful just saying that a control is not supported,
without saying which one is the problem
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
This control will allow inspection of internal ldb values, which would
normally be stripped before being presented to users. The first use
will be stripping linked attribute meta data extended components.
The first bug was that setting a component twice could cause it to
appear twice in the DN.
The second bug was that using an existing ldb_val from a previous call
of ldb_dn_get_extended_component() as an argument to
ldb_dn_set_extended_component() would cause a valgrind error (as the
array the val pointed into will change).
(as objectClass will always be a case insensitive ascii string, we can
make a much simpler match function here than for the general case).
Andrew Bartlett
This tries to show that the domain object should not have a
primaryGroupToken, for example. (This passes against the old and new
code, as the failure case requires an object with an objectSid, and
exactly one group in it's subtree. Sadly I don't know of a valid structure
that I can construct to test this).
Andrew Bartlett
Includes the following verifications for the constructed parentGUID:
- Checks if it returns nothing when there is no parent object
- Ensures that attributes mentioned after the parentGUID
are returned correctly (this avoid a bug pointed out by Tridge
during sync constructed parentGUID development)
Signed-off-by: Andrew Tridgell <tridge@samba.org>
This reverts commit 7d400715e9af2056690c03a1a2f45c7f343fa313.
"convert_string_talloc_convenience" does always add the NULL termination. Didn't
know that. Thanks Jelmer for pointing out!
- reserve a new Samba OID for recalculate SD control
- fix the update SD function
- fix handling of kvno in the update_machine_account_password function
- fix handling of handles in RPC winreg server
Signed-off-by: Andrew Tridgell <tridge@samba.org>
We were testing for valid DNs in ldbrename in the command line
tool. This hid a bug in the ldb library where we caught a bad DN in
the objectclass module rather than in the main ldb code. It is better
to do validation of the DNs passed on the command line in the library
code, as this gives us more consistent error handling between the
programming APIs for ldb and the command line.
Apparently Windows Server (2003) doesn't like the comma delimiter here. I got
always error 16 ("LDB_NO_SUCH_ATTRIBUTE"). With this change the test works
again.
