The branch, master has been updated
via 390bfed... s4:kcc_connection.c - fix typo in error message
via bc702a3... s4:ldap.py - comment a test part which fails with
another error code on Windows
via 8243272... s4:ldap.py - test the new "systemFlags" constraint
via f99d672... s4:objectclass LDB module - "add operation" - enhance
and clean the "systemFlags" section
via e009d02... s4:ldap.py - test for an invalid "objectCategory"
attribute
via 6e6af9c... s4:objectclass LDB module - "add operation" - implement
"objectCategory" validation
via 299b59b... s4:ldap.py - proof for the impossibility to add a
LSA-specific object over LDAP
via 89c71a8... s4:urgent_replication.py - relax also here the add of a
secrets object
via 67b1e1b... s3:dcesrv_lsa.c - use the RELAX control in order to
create LSA objects
via 25e973d... s4:dsdb/common/util.c - add a function "dsdb_add"
via 7d62128... s4:objectclass LDB module - "add operation" - reject
creation of LSA specific objects
via a3c6d4c... s4:objectclass LDB module - "add operation" - move two
checks
via ace6f52... s4:objectclass LDB module - "add operation" - deny
multiple "objectclass" message elements
via 9f0cbe1... s4:objectclass LDB module - "add" operation - free
"mem_ctx" as soon as possible
from 92282a8... s3: Remove references to smbd_messaging_context() from
the spoolss server
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 390bfed7b7d9edfa61e6d3b1f79ba33fbd44c42d
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Sat Aug 7 13:32:52 2010 +0200
s4:kcc_connection.c - fix typo in error message
commit bc702a394ddd1912c621054acbc75f29166fd17a
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Sat Aug 7 12:30:33 2010 +0200
s4:ldap.py - comment a test part which fails with another error code on
Windows
commit 8243272fa071dadd62199f84d7caf608d90ea6ed
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Sat Aug 7 11:59:57 2010 +0200
s4:ldap.py - test the new "systemFlags" constraint
commit f99d672b138e17e6b40f286a527812f75b65c3d7
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Sat Aug 7 11:50:10 2010 +0200
s4:objectclass LDB module - "add operation" - enhance and clean the
"systemFlags" section
Also here we have to test for single-valueness.
commit e009d02bd5718fb5e9f636a616ff3b622d68325d
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Sat Aug 7 11:07:03 2010 +0200
s4:ldap.py - test for an invalid "objectCategory" attribute
commit 6e6af9c14c1a421b8c3323982e5bd8bbb69589bb
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Sat Aug 7 11:04:53 2010 +0200
s4:objectclass LDB module - "add operation" - implement "objectCategory"
validation
commit 299b59b7c3603642154d78a5e3251926c8ce6e62
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Thu Aug 5 22:23:22 2010 +0200
s4:ldap.py - proof for the impossibility to add a LSA-specific object over
LDAP
commit 89c71a8f06414a62c04d3460e9b4c9348bfb7fd1
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Thu Aug 5 22:22:57 2010 +0200
s4:urgent_replication.py - relax also here the add of a secrets object
commit 67b1e1b8f3314f49d028a11df5ccda1e81986cda
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Thu Aug 5 22:00:27 2010 +0200
s3:dcesrv_lsa.c - use the RELAX control in order to create LSA objects
commit 25e973d5db9ffa6d4138cdbe7c3dd1880149ad2a
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Thu Aug 5 21:58:57 2010 +0200
s4:dsdb/common/util.c - add a function "dsdb_add"
commit 7d62128e2cce540043df84d51967e43bdca4c493
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Thu Aug 5 21:40:11 2010 +0200
s4:objectclass LDB module - "add operation" - reject creation of LSA
specific objects
(only using the RELAX flag allowed)
commit a3c6d4c4d52c174d7fcac73fb315dc7e7c03fdd9
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Thu Aug 5 21:02:29 2010 +0200
s4:objectclass LDB module - "add operation" - move two checks
To be more consistent with the MS-ADTS doc.
commit ace6f52d57e40d3e198f844fd3f2f35392ffc620
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Thu Aug 5 21:01:38 2010 +0200
s4:objectclass LDB module - "add operation" - deny multiple "objectclass"
message elements
Requested by MS-ADTS 3.1.1.5.2.2
commit 9f0cbe1558ec473f0a75b662bbc123473aa0a7aa
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Thu Aug 5 20:59:56 2010 +0200
s4:objectclass LDB module - "add" operation - free "mem_ctx" as soon as
possible
We don't need to have it around until the end of the function.
-----------------------------------------------------------------------
Summary of changes:
source4/dsdb/common/util.c | 30 ++++++
source4/dsdb/kcc/kcc_connection.c | 4 +-
source4/dsdb/samdb/ldb_modules/objectclass.c | 127 ++++++++++++++++-------
source4/dsdb/tests/python/ldap.py | 44 +++++++-
source4/dsdb/tests/python/urgent_replication.py | 3 +-
source4/rpc_server/lsa/dcesrv_lsa.c | 6 +-
6 files changed, 163 insertions(+), 51 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index b8d7278..52ba81d 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -3528,6 +3528,36 @@ int dsdb_request_add_controls(struct ldb_request *req,
uint32_t dsdb_flags)
}
/*
+ an add with a set of controls
+*/
+int dsdb_add(struct ldb_context *ldb, const struct ldb_message *message,
+ uint32_t dsdb_flags)
+{
+ struct ldb_request *req;
+ int ret;
+
+ ret = ldb_build_add_req(&req, ldb, ldb,
+ message,
+ NULL,
+ NULL,
+ ldb_op_default_callback,
+ NULL);
+
+ if (ret != LDB_SUCCESS) return ret;
+
+ ret = dsdb_request_add_controls(req, dsdb_flags);
+ if (ret != LDB_SUCCESS) {
+ talloc_free(req);
+ return ret;
+ }
+
+ ret = dsdb_autotransaction_request(ldb, req);
+
+ talloc_free(req);
+ return ret;
+}
+
+/*
a modify with a set of controls
*/
int dsdb_modify(struct ldb_context *ldb, const struct ldb_message *message,
diff --git a/source4/dsdb/kcc/kcc_connection.c
b/source4/dsdb/kcc/kcc_connection.c
index e8f2e59..76b07b6 100644
--- a/source4/dsdb/kcc/kcc_connection.c
+++ b/source4/dsdb/kcc/kcc_connection.c
@@ -216,8 +216,8 @@ struct kcc_connection_list *kccsrv_find_connections(struct
kccsrv_service *s,
ret = dsdb_find_guid_by_dn(s->samdb, server_dn,
&list->servers[i].dsa_guid);
if (ret != LDB_SUCCESS) {
- DEBUG(0, ("failed to find connection server's GUID"
- "by DN=%s: %s\n",
+ DEBUG(0, ("Failed to find connection server's GUID by "
+ "DN=%s: %s\n",
ldb_dn_get_linearized(server_dn),
ldb_strerror(ret)));
continue;
diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c
b/source4/dsdb/samdb/ldb_modules/objectclass.c
index 44d8889..9c2e416 100644
--- a/source4/dsdb/samdb/ldb_modules/objectclass.c
+++ b/source4/dsdb/samdb/ldb_modules/objectclass.c
@@ -401,13 +401,6 @@ static int objectclass_add(struct ldb_module *module,
struct ldb_request *req)
}
}
- /* the various objectclasses must be specified on add operations */
- if (ldb_msg_find_element(req->op.add.message, "objectClass") == NULL) {
- ldb_asprintf_errstring(ldb, "objectclass: Cannot add %s, no
objectclass specified!",
-
ldb_dn_get_linearized(req->op.add.message->dn));
- return LDB_ERR_OBJECT_CLASS_VIOLATION;
- }
-
ac = oc_init_context(module, req);
if (ac == NULL) {
return ldb_operr(ldb);
@@ -450,6 +443,7 @@ static int objectclass_do_add(struct oc_context *ac)
const char *rdn_name = NULL;
char *value;
const struct dsdb_class *objectclass;
+ struct ldb_dn *objectcategory;
int32_t systemFlags = 0;
int ret;
@@ -494,14 +488,16 @@ static int objectclass_do_add(struct oc_context *ac)
}
if (ac->schema != NULL) {
- /* This is now the objectClass list from the database */
objectclass_element = ldb_msg_find_element(msg, "objectClass");
-
if (!objectclass_element) {
- /* Where did it go? bail now... */
+ ldb_asprintf_errstring(ldb, "objectclass: Cannot add
%s, no objectclass specified!",
+ ldb_dn_get_linearized(msg->dn));
talloc_free(mem_ctx);
- return ldb_operr(ldb);
+ return LDB_ERR_OBJECT_CLASS_VIOLATION;
}
+
+ /* Here we do now get the "objectClass" list from the
+ * database. */
ret = objectclass_sort(ac->module, ac->schema, mem_ctx,
objectclass_element, &sorted);
if (ret != LDB_SUCCESS) {
@@ -509,17 +505,26 @@ static int objectclass_do_add(struct oc_context *ac)
return ret;
}
- ldb_msg_remove_attr(msg, "objectClass");
+ ldb_msg_remove_element(msg, objectclass_element);
+
+ /* Well, now we shouldn't find any additional "objectClass"
+ * message element (required by the AD specification). */
+ objectclass_element = ldb_msg_find_element(msg, "objectClass");
+ if (objectclass_element != NULL) {
+ ldb_asprintf_errstring(ldb, "objectclass: Cannot add
%s, only one 'objectclass' attribute specification is allowed!",
+ ldb_dn_get_linearized(msg->dn));
+ talloc_free(mem_ctx);
+ return LDB_ERR_OBJECT_CLASS_VIOLATION;
+ }
+
+ /* We must completely replace the existing objectClass entry,
+ * because we need it sorted. */
ret = ldb_msg_add_empty(msg, "objectClass", 0, NULL);
-
if (ret != LDB_SUCCESS) {
talloc_free(mem_ctx);
return ret;
}
- /* We must completely replace the existing objectClass entry,
- * because we need it sorted */
-
/* Move from the linked list back into an ldb msg */
for (current = sorted; current; current = current->next) {
value = talloc_strdup(msg,
current->objectclass->lDAPDisplayName);
@@ -537,6 +542,8 @@ static int objectclass_do_add(struct oc_context *ac)
}
}
+ talloc_free(mem_ctx);
+
/* Retrive the message again so get_last_structural_class works
*/
objectclass_element = ldb_msg_find_element(msg, "objectClass");
@@ -559,6 +566,20 @@ static int objectclass_do_add(struct oc_context *ac)
return LDB_ERR_NAMING_VIOLATION;
}
+ if (objectclass->systemOnly &&
!ldb_request_get_control(ac->req, LDB_CONTROL_RELAX_OID)) {
+ ldb_asprintf_errstring(ldb, "objectClass %s is
systemOnly, rejecting creation of %s",
+ objectclass->lDAPDisplayName,
ldb_dn_get_linearized(msg->dn));
+ return LDB_ERR_UNWILLING_TO_PERFORM;
+ }
+
+ if (((strcmp(objectclass->lDAPDisplayName, "secret") == 0) ||
+ (strcmp(objectclass->lDAPDisplayName, "trustedDomain") ==
0)) &&
+ !ldb_request_get_control(ac->req, LDB_CONTROL_RELAX_OID)) {
+ ldb_asprintf_errstring(ldb, "objectClass %s is
LSA-specific, rejecting creation of %s",
+ objectclass->lDAPDisplayName,
ldb_dn_get_linearized(msg->dn));
+ return LDB_ERR_UNWILLING_TO_PERFORM;
+ }
+
if (ac->search_res && ac->search_res->message) {
struct ldb_message_element *oc_el
= ldb_msg_find_element(ac->search_res->message,
"objectClass");
@@ -589,43 +610,72 @@ static int objectclass_do_add(struct oc_context *ac)
}
}
- if (objectclass->systemOnly &&
!ldb_request_get_control(ac->req, LDB_CONTROL_RELAX_OID)) {
- ldb_asprintf_errstring(ldb, "objectClass %s is
systemOnly, rejecting creation of %s",
- objectclass->lDAPDisplayName,
ldb_dn_get_linearized(msg->dn));
- return LDB_ERR_UNWILLING_TO_PERFORM;
- }
-
- if (!ldb_msg_find_element(msg, "objectCategory")) {
- struct dsdb_extended_dn_store_format *dn_format =
talloc_get_type(ldb_module_get_private(ac->module), struct
dsdb_extended_dn_store_format);
+ objectcategory = ldb_msg_find_attr_as_dn(ldb, ac, msg,
+ "objectCategory");
+ if (objectcategory == NULL) {
+ struct dsdb_extended_dn_store_format *dn_format =
+
talloc_get_type(ldb_module_get_private(ac->module),
+ struct
dsdb_extended_dn_store_format);
if (dn_format && dn_format->store_extended_dn_in_ldb ==
false) {
/* Strip off extended components */
- struct ldb_dn *dn = ldb_dn_new(msg, ldb,
objectclass->defaultObjectCategory);
+ struct ldb_dn *dn = ldb_dn_new(ac, ldb,
+
objectclass->defaultObjectCategory);
value = ldb_dn_alloc_linearized(msg, dn);
talloc_free(dn);
} else {
- value = talloc_strdup(msg,
objectclass->defaultObjectCategory);
+ value = talloc_strdup(msg,
+
objectclass->defaultObjectCategory);
}
if (value == NULL) {
- talloc_free(mem_ctx);
return ldb_oom(ldb);
}
- ldb_msg_add_string(msg, "objectCategory", value);
+
+ ret = ldb_msg_add_string(msg, "objectCategory", value);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+ } else {
+ const struct dsdb_class *ocClass =
+ dsdb_class_by_cn_ldb_val(ac->schema,
+
ldb_dn_get_rdn_val(objectcategory));
+ if (ocClass != NULL) {
+ struct ldb_dn *dn = ldb_dn_new(ac, ldb,
+
ocClass->defaultObjectCategory);
+ if (ldb_dn_compare(objectcategory, dn) != 0) {
+ ocClass = NULL;
+ }
+ }
+ talloc_free(objectcategory);
+ if (ocClass == NULL) {
+ ldb_asprintf_errstring(ldb, "objectclass:
Cannot add %s, 'objectCategory' attribute invalid!",
+
ldb_dn_get_linearized(msg->dn));
+ return LDB_ERR_OBJECT_CLASS_VIOLATION;
+ }
}
+
if (!ldb_msg_find_element(msg, "showInAdvancedViewOnly") &&
(objectclass->defaultHidingValue == true)) {
ldb_msg_add_string(msg, "showInAdvancedViewOnly",
"TRUE");
}
- /* There are very special rules for systemFlags, see MS-ADTS
3.1.1.5.2.4 */
+ /* There are very special rules for systemFlags, see MS-ADTS
+ * MS-ADTS 3.1.1.5.2.4 */
+
el = ldb_msg_find_element(msg, "systemFlags");
+ if ((el != NULL) && (el->num_values > 1)) {
+ ldb_asprintf_errstring(ldb, "objectclass: Cannot add
%s, 'systemFlags' attribute multivalued!",
+ ldb_dn_get_linearized(msg->dn));
+ return LDB_ERR_CONSTRAINT_VIOLATION;
+ }
systemFlags = ldb_msg_find_attr_as_int(msg, "systemFlags", 0);
- if (el) {
- /* Only these flags may be set by a client, but we
can't tell between a client and our provision at this point */
- /* systemFlags &= ( SYSTEM_FLAG_CONFIG_ALLOW_RENAME |
SYSTEM_FLAG_CONFIG_ALLOW_MOVE | SYSTEM_FLAG_CONFIG_LIMITED_MOVE); */
- ldb_msg_remove_element(msg, el);
- }
+ ldb_msg_remove_attr(msg, "systemFlags");
+
+ /* Only these flags may be set by a client, but we can't tell
+ * between a client and our provision at this point
+ * systemFlags &= ( SYSTEM_FLAG_CONFIG_ALLOW_RENAME |
SYSTEM_FLAG_CONFIG_ALLOW_MOVE | SYSTEM_FLAG_CONFIG_LIMITED_MOVE);
+ */
/* This flag is only allowed on attributeSchema objects */
if (ldb_attr_cmp(objectclass->lDAPDisplayName,
"attributeSchema") == 0) {
@@ -648,14 +698,15 @@ static int objectclass_do_add(struct oc_context *ac)
/* TODO: If parent object is site or subnet, also add
(SYSTEM_FLAG_CONFIG_ALLOW_RENAME) */
if (el || systemFlags != 0) {
- samdb_msg_add_int(ldb, msg, msg, "systemFlags",
systemFlags);
+ ret = samdb_msg_add_int(ldb, msg, msg, "systemFlags",
+ systemFlags);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
}
}
- talloc_free(mem_ctx);
ret = ldb_msg_sanity_check(ldb, msg);
-
-
if (ret != LDB_SUCCESS) {
return ret;
}
diff --git a/source4/dsdb/tests/python/ldap.py
b/source4/dsdb/tests/python/ldap.py
index 6ef8b6c..864b7fa 100755
--- a/source4/dsdb/tests/python/ldap.py
+++ b/source4/dsdb/tests/python/ldap.py
@@ -29,7 +29,7 @@ from ldb import FLAG_MOD_ADD, FLAG_MOD_REPLACE,
FLAG_MOD_DELETE
from samba import Ldb
from samba.dsdb import (UF_NORMAL_ACCOUNT, UF_WORKSTATION_TRUST_ACCOUNT,
UF_PASSWD_NOTREQD, UF_ACCOUNTDISABLE, ATYPE_NORMAL_ACCOUNT,
- ATYPE_WORKSTATION_TRUST)
+ ATYPE_WORKSTATION_TRUST, SYSTEM_FLAG_DOMAIN_DISALLOW_MOVE)
from subunit.run import SubunitTestRunner
import unittest
@@ -118,11 +118,21 @@ class BasicTests(unittest.TestCase):
self.delete_force(self.ldb, "cn=ldaptestobject," + self.base_dn)
self.delete_force(self.ldb, "description=xyz,cn=users," + self.base_dn)
self.delete_force(self.ldb, "ou=testou,cn=users," + self.base_dn)
+ self.delete_force(self.ldb, "cn=testsecret,cn=system," + self.base_dn)
def test_objectclasses(self):
"""Test objectClass behaviour"""
print "Test objectClass behaviour"""
+ # We cannot create LSA-specific objects (oc "secret" or
"trustedDomain")
+ try:
+ self.ldb.add({
+ "dn": "cn=testsecret,cn=system," + self.base_dn,
+ "objectClass": "secret" })
+ self.fail()
+ except LdbError, (num, _):
+ self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+
# Invalid objectclass specified
try:
self.ldb.add({
@@ -132,6 +142,26 @@ class BasicTests(unittest.TestCase):
except LdbError, (num, _):
self.assertEquals(num, ERR_NO_SUCH_ATTRIBUTE)
+ # Invalid objectCategory specified
+ try:
+ self.ldb.add({
+ "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+ "objectClass": "person",
+ "objectCategory": self.base_dn })
+ self.fail()
+ except LdbError, (num, _):
+ self.assertEquals(num, ERR_OBJECT_CLASS_VIOLATION)
+
+ # Multi-valued "systemFlags"
+ try:
+ self.ldb.add({
+ "dn": "cn=ldaptestuser,cn=users," + self.base_dn,
+ "objectClass": "person",
+ "systemFlags": ["0", str(SYSTEM_FLAG_DOMAIN_DISALLOW_MOVE)] })
+ self.fail()
+ except LdbError, (num, _):
+ self.assertEquals(num, ERR_CONSTRAINT_VIOLATION)
+
# We cannot instanciate from an abstract objectclass
try:
self.ldb.add({
@@ -322,6 +352,7 @@ class BasicTests(unittest.TestCase):
self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
self.delete_force(self.ldb, "cn=ldaptestobject," + self.base_dn)
+ self.delete_force(self.ldb, "cn=testsecret,cn=system," + self.base_dn)
def test_invalid_parent(self):
"""Test adding an object with invalid parent"""
@@ -1664,11 +1695,12 @@ objectClass: container
except LdbError, (num, _):
self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
- try:
- ldb.delete("cn=Enterprise Configuration,cn=Partitions," +
self.configuration_dn)
- self.fail()
- except LdbError, (num, _):
- self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
+# TODO: This fails with LDB_ERR_NOT_ALLOWED_ON_NON_LEAF on Windows
+# try:
+# ldb.delete("cn=Enterprise Configuration,cn=Partitions," +
self.configuration_dn)
+# self.fail()
+# except LdbError, (num, _):
+# self.assertEquals(num, ERR_UNWILLING_TO_PERFORM)
# Performs some "systemFlags" testing
diff --git a/source4/dsdb/tests/python/urgent_replication.py
b/source4/dsdb/tests/python/urgent_replication.py
index 42f3cd0..3c35af6 100755
--- a/source4/dsdb/tests/python/urgent_replication.py
+++ b/source4/dsdb/tests/python/urgent_replication.py
@@ -254,8 +254,7 @@ defaultHidingValue: TRUE""");
"objectClass":"secret",
"cn":"test secret",
"name":"test secret",
- "currentValue":"xxxxxxx"});
-
+ "currentValue":"xxxxxxx"}, ["relax:0"]);
# urgent replication should be enabled when creating
res = self.ldb.load_partition_usn(self.base_dn)
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c
b/source4/rpc_server/lsa/dcesrv_lsa.c
index 37e807b..7c7bdfd 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -27,8 +27,8 @@
#include "auth/kerberos/kerberos.h"
#include "librpc/gen_ndr/ndr_drsblobs.h"
#include "librpc/gen_ndr/ndr_lsa.h"
-#include "../lib/crypto/crypto.h"
#include "lib/util/tsort.h"
+#include "dsdb/common/util.c"
/*
this type allows us to distinguish handle types
@@ -1084,7 +1084,7 @@ static NTSTATUS
dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc
trusted_domain_state->trusted_domain_dn =
talloc_reference(trusted_domain_state, msg->dn);
/* create the trusted_domain */
- ret = ldb_add(sam_ldb, msg);
+ ret = dsdb_add(sam_ldb, msg, DSDB_MODIFY_RELAX);
switch (ret) {
case LDB_SUCCESS:
break;
@@ -2966,7 +2966,7 @@ static NTSTATUS dcesrv_lsa_CreateSecret(struct
dcesrv_call_state *dce_call, TALL
secret_state->secret_dn = talloc_reference(secret_state, msg->dn);
/* create the secret */
- ret = ldb_add(secret_state->sam_ldb, msg);
+ ret = dsdb_add(secret_state->sam_ldb, msg, DSDB_MODIFY_RELAX);
if (ret != LDB_SUCCESS) {
DEBUG(0,("Failed to create secret record %s: %s\n",
ldb_dn_get_linearized(msg->dn),
--
Samba Shared Repository
