Age | Commit message (Collapse) | Author | Files | Lines |
|
gensec_update_send/recv() api
metze
(This used to be commit 14ecc563431335c99df33f4a454b3b02380ae165)
|
|
- note this is still uses the sync update() hook of the gensec modules
but it allows me to fix the callers first
Later auth_check_password() will also get an async version,
so that we can later implement an async version of auth_winbind
using async IRPC to the winbind task.
metze
(This used to be commit d5638a4fafd1d60ccc4cd76e92a1b2b0093865a7)
|
|
metze
(This used to be commit e4c28001d336f69534437d3eaae1ec8b52455cd9)
|
|
- check explicit check for varargs.h as fallback from stdarg.h
and fail the build if both are not present
metze
(This used to be commit b091d182fe8f36dfb67b7ede933a963b74034d91)
|
|
metze
(This used to be commit 195754b169f68399008dda074181a2a16e4ecce5)
|
|
(hopefully nobody will ever see this:-)
metze
(This used to be commit 196803a6c6a2588f0d3315bc38a56112ecb81349)
|
|
ref pointers!
I'm sure there're more places and more care is needed when idl files
are changed. Hopefully testing against windows in the build farm
find such bugs in future...
Why is in the client library this no more possible:
NTSTATUS foo([in,out,ref] uint8 *foo);
and then just
r.in.foo = &foo;
status = dcerpc_foo(p, mem_ctx, &r);
and r.out.foo will set to r.in.foo via pidl magic,
that worked some time ago...
metze
(This used to be commit d8952f00c77ba59e0806b0de802ac28ac977779c)
|
|
(This used to be commit 7b05c007ea0a8df994af62625b529a164a104903)
|
|
metze
(This used to be commit b5c06d5b4ca4da6d1b582a33830471443a62d842)
|
|
- give an operations error when tls is already on the socket
metze
(This used to be commit 9190d134c9be774c53f6dae52b7c4cdcc053d00f)
|
|
Andrew Bartlett
(This used to be commit dc4500eb902fbb0a0e7d3b38a9d257ea839d00d3)
|
|
metze
(This used to be commit 7b136ddf488b7b4a1aae31c9927b027216e60ae5)
|
|
metze
(This used to be commit ed5ffc7bfc57c72bb95562c88bd2ec290daed10c)
|
|
metze
(This used to be commit 0b16350fa2da39a66c4479dbf74182b06f7ed91a)
|
|
(This used to be commit c575dee5c76ca33a07ab62dc59f80ece1bd84abc)
|
|
- we need this to later:
- to disallow a StartTLS when TLS is already in use
- to place the TLS socket between the raw and sasl socket
when we had a sasl bind before the StartTLS
- and rfc4513 says that the server may allow to remove the TLS from
the tcp connection again and reuse raw tcp
- and also a 2nd sasl bind should replace the old sasl socket
metze
(This used to be commit 10cb9c07ac60b03472f2b0b09c4581cc715002ba)
|
|
metze
(This used to be commit f2196bf9b662d3f38d59eceb8c54f9d2e3f7b505)
|
|
with NULL.
metze
(This used to be commit 3711b968adf8a0951171ad1a90be65a9ae0dc03b)
|
|
metze
(This used to be commit e8db1fb55833ab7b9e0be391ff822b34682cb38c)
|
|
Andrew Bartlett
(This used to be commit 4827a6b171d7b007f1641ef422d23449fb5a1606)
|
|
our certificate, and proceed with the connection is left as an
exercise for the reader...
Andrew Bartlett
(This used to be commit 9bd66d4c95dd971e2b1b6371ba3ffc6c178c0d4c)
|
|
without the agreement of the peer. This can cause problems, because
one side things sealing is disabled, while the other thinks it is
enabled.
Andrew Bartlett
(This used to be commit 68ddc4921f43252b3fba73e9d85cc38c359d599d)
|
|
routines to return an NTSTATUS. This should help track down errors.
Use a bit of talloc_steal and talloc_unlink to get the real socket to
be a child of the GENSEC or TLS socket.
Always return a new socket, even for the 'pass-though' case.
Andrew Bartlett
(This used to be commit 003e2ab93c87267ba28cd67bd85975bad62a8ea2)
|
|
Andrew Bartlett
(This used to be commit 7c5a25a423da3db982396ac507df985fa934be73)
|
|
errors to be reported corectly, rather than just dropping the socket.
Andrew Bartlett
(This used to be commit 83dd22accfd565e86d831490043d6beaa9648c96)
|
|
(This used to be commit e0af5cf51dbedccfe47cfd6ec5232847f586ece8)
|
|
Should fix some build farm machine
(This used to be commit 15b8fafb991d3ce4b40c144702399d6f705a8e8e)
|
|
Actually you can't test both classic and ldb together, but you can replace the standard
script/tests/mktestsetup.sh file with this one and run make test to see share_ldb in action
(This used to be commit d4c2b893504feb3a232e74d14584405b3aaaf942)
|
|
(This used to be commit df1da91d4fe0233763398f46fe663e0b879054c3)
|
|
Commit the classic backwards compatible module which is the default one
(This used to be commit a89cc346b9296cb49929898d257a064a6c2bae86)
|
|
surface
of spoolss. If snum is to be removed, then we should make at least the attempt
to walk parts of the code before and after the changes.
This walks GetPrinterInfo level 0-7.
Volker
(This used to be commit 0c05f571a0eda2412896f340b7c751cf7cbdbd2a)
|
|
contexts from the application layer into the socket layer.
This improves a number of correctness aspects, as we now allow LDAP
packets to cross multiple SASL packets. It should also make it much
easier to write async LDAP tests from windows clients, as they use SASL
by default. It is also vital to allowing OpenLDAP clients to use GSSAPI
against Samba4, as it negotiates a rather small SASL buffer size.
This patch mirrors the earlier work done to move TLS into the socket
layer.
Unusual in this pstch is the extra read callback argument I take. As
SASL is a layer on top of a socket, it is entirely possible for the
SASL layer to drain a socket dry, but for the caller not to have read
all the decrypted data. This would leave the system without an event
to restart the read (as the socket is dry).
As such, I re-invoke the read handler from a timed callback, which
should trigger on the next running of the event loop. I believe that
the TLS code does require a similar callback.
In trying to understand why this is required, imagine a SASL-encrypted
LDAP packet in the following formation:
+-----------------+---------------------+
| SASL Packet #1 | SASL Packet #2 |
----------------------------------------+
| LDAP Packet #1 | LDAP Packet #2 |
----------------------------------------+
In the old code, this was illegal, but it is perfectly standard
SASL-encrypted LDAP. Without the callback, we would read and process
the first LDAP packet, and the SASL code would have read the second SASL
packet (to decrypt enough data for the LDAP packet), and no data would
remain on the socket.
Without data on the socket, read events stop. That is why I add timed
events, until the SASL buffer is drained.
Another approach would be to add a hack to the event system, to have it
pretend there remained data to read off the network (but that is ugly).
In improving the code, to handle more real-world cases, I've been able
to remove almost all the special-cases in the testnonblock code. The
only special case is that we must use a deterministic partial packet
when calling send, rather than a random length. (1 + n/2). This is
needed because of the way the SASL and TLS code works, and the 'resend
on failure' requirements.
Andrew Bartlett
(This used to be commit 5d7c9c12cb2b39673172a357092b80cd814850b0)
|
|
Andrew Bartlett
(This used to be commit d79bfbe87d4eb0e3541f5bdd7eed888ccb20a710)
|
|
Ad supports three extended operations:
- start tls
- dynamic objects
- fast binds
none of these are a priority.
(This used to be commit 523e8f3ed4bf5fcf9dc0c9e2100e4ac3b8032be7)
|
|
(This used to be commit a6709196ca4d50fdb84a562cd8f49db4275bb1dc)
|
|
(This used to be commit d3f8b813b33d1338e62f099017a1d4a32745e7a2)
|
|
regression we had in 3.0.23...
Volker
(This used to be commit 0236f3b41a4f9015f8551ffb67db59fa48212bf5)
|
|
(This used to be commit c6aa60c7e69abf1f83efc150b1c3ed02751c45fc)
|
|
Finally acknowledge that ldb is inherently async and does not have a dual personality anymore
Rename all ldb_async_XXX functions to ldb_XXX except for ldb_async_result, it is now ldb_reply
to reflect the real function of this structure.
Simo.
(This used to be commit 25fc7354049d62efeba17681ef1cdd326bc3f2ef)
|
|
the max amount of memory of one process
metze
(This used to be commit f47b7bb656c8854c16c5a28ba24d18eeb22b6e22)
|
|
Andrew Bartlett
(This used to be commit f3b6e57b2336f36416e25c3a5cd793aa036b5b40)
|
|
to work (it broke it in the previous commit).
Andrew Bartlett
(This used to be commit e96638bc74f0752ce8af6626a04c92d48b917ffe)
|
|
and the maximum amount of user data that may be fitted into that.
This is used in the new SASL code, to correctly honour SASL buffer sizes.
Andrew Bartlett
(This used to be commit cbbe99d9c1f0262e67a495fb098cacc09fd78e05)
|
|
chasing down bad signatures that may be due to data truncation.
Andrew Bartlett
(This used to be commit d304760d3d909e55cbf2c744cdb2b4137f74b81b)
|
|
Andrew Bartlett
(This used to be commit 9d866a030ea75b9589c3332725d23ba5f0e9669d)
|
|
make the testnonblock skip some things. The socket *under* the tls
socket is still tested.
Andrew Bartlett
(This used to be commit 9c33c6a20a77e3f15eac3d62488117517afad940)
|
|
(This used to be commit 4dcdc5a3ad6847be6c6199854121ae4ccadaa673)
|
|
metze
(This used to be commit f94198c2a8afd79b4c156773d14de691fd8bf0d5)
|
|
metze
(This used to be commit 58e124ade31efbd72297ecc41d8ddfc48546ac53)
|
|
overwrite break oplocks.
Jeremy.
(This used to be commit 94886f8c4029a9661a0bce2f7d9c41a3a5eaa366)
|