summaryrefslogtreecommitdiff
path: root/source4/ldap_server/config.mk
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r22403: this dependencies should be privateStefan Metzmacher1-3/+4
metze (This used to be commit c3cc03ffb290cb7c1eba51e98c52e5e7c1aba5fb)
2007-10-10r19522: Remove gensec and credentials dependency from the rootdse module (lessAndrew Bartlett1-0/+1
dependency loops). This moves the evaluation of the SASL mechansim list to display in the rootDSE to the ldap server. Andrew Bartlett (This used to be commit 379da475e224d93c05d91b37902c121eb4007d97)
2007-10-10r17240: move extended operations to a new fileStefan Metzmacher1-1/+2
metze (This used to be commit 0b16350fa2da39a66c4479dbf74182b06f7ed91a)
2007-10-10r17197: This patch moves the encryption of bulk data on SASL negotiated securityAndrew Bartlett1-1/+1
contexts from the application layer into the socket layer. This improves a number of correctness aspects, as we now allow LDAP packets to cross multiple SASL packets. It should also make it much easier to write async LDAP tests from windows clients, as they use SASL by default. It is also vital to allowing OpenLDAP clients to use GSSAPI against Samba4, as it negotiates a rather small SASL buffer size. This patch mirrors the earlier work done to move TLS into the socket layer. Unusual in this pstch is the extra read callback argument I take. As SASL is a layer on top of a socket, it is entirely possible for the SASL layer to drain a socket dry, but for the caller not to have read all the decrypted data. This would leave the system without an event to restart the read (as the socket is dry). As such, I re-invoke the read handler from a timed callback, which should trigger on the next running of the event loop. I believe that the TLS code does require a similar callback. In trying to understand why this is required, imagine a SASL-encrypted LDAP packet in the following formation: +-----------------+---------------------+ | SASL Packet #1 | SASL Packet #2 | ----------------------------------------+ | LDAP Packet #1 | LDAP Packet #2 | ----------------------------------------+ In the old code, this was illegal, but it is perfectly standard SASL-encrypted LDAP. Without the callback, we would read and process the first LDAP packet, and the SASL code would have read the second SASL packet (to decrypt enough data for the LDAP packet), and no data would remain on the socket. Without data on the socket, read events stop. That is why I add timed events, until the SASL buffer is drained. Another approach would be to add a hack to the event system, to have it pretend there remained data to read off the network (but that is ugly). In improving the code, to handle more real-world cases, I've been able to remove almost all the special-cases in the testnonblock code. The only special case is that we must use a deterministic partial packet when calling send, rather than a random length. (1 + n/2). This is needed because of the way the SASL and TLS code works, and the 'resend on failure' requirements. Andrew Bartlett (This used to be commit 5d7c9c12cb2b39673172a357092b80cd814850b0)
2007-10-10r15379: Fix shared library build's unresolved dependenciesJelmer Vernooij1-1/+1
(This used to be commit 0fafa2e59566f8f892d7dfd7dd33d0100b96a780)
2007-10-10r15301: Use static libraries internally. This required a few hacks in the buildJelmer Vernooij1-1/+3
system - these should be removed later on. (This used to be commit 06547391669e064d2b92f5841b7df5f101a34cb9)
2007-10-10r15207: Introduce PRIVATE_DEPENDENCIES and PUBLIC_DEPENDENCIES as replacementJelmer Vernooij1-1/+1
for REQUIRED_SUBSYSTEMS. (This used to be commit adc8a019b6da256f104abed1b82bfde6998a2ac9)
2007-10-10r14567: Make some more functions public.Jelmer Vernooij1-1/+1
(This used to be commit 8e84e6cb6b172c89072723e07f344da8f4476c1f)
2007-10-10r13924: Split more prototypes out of include/proto.h + initial work on headerJelmer Vernooij1-0/+1
file dependencies (This used to be commit 122835876748a3eaf5e8d31ad1abddab9acb8781)
2007-10-10r12880: Remove ldap partitions useless now and probably weSimo Sorce1-2/+1
will not use it anyway as we plan to support partitions in ldb directly like with rootdse Merge ldap_simple_ldb into ldap_backend, it is not simple anymore and makes no sense to have it separated now that ldap partitions are gone Initial attempt at working to some limit to avoid DOSs for the ldap server. Simo. (This used to be commit 97bff3e049eba48019f2b0f3eb5a19e32fef2e23)
2007-10-10r12498: Eliminate INIT_OBJ_FILES and ADD_OBJ_FILES. We were not usingJelmer Vernooij1-1/+1
the difference between these at all, and in the future the fact that INIT_OBJ_FILES include smb_build.h will be sufficient to have recompiles at the right time. (This used to be commit b24f2583edee38abafa58578d8b5c4b43e517def)
2007-10-10r11955: got rid of the old rootDSE code in the ldap server.Andrew Tridgell1-1/+0
The partitioning logic is still there, but we only have one partition. If we need partitioning in the future it might be better to remove this partitioning code and use a partitioning module instead (This used to be commit f4685e7dc9bdc3b9e240c9f5891b9da9251f82e5)
2007-10-10r11244: Relative path names in .mk filesJelmer Vernooij1-5/+5
(This used to be commit 24e10300906c380919d2d631bfb3b8fd6b3f54ba)
2007-10-10r10810: This adds the hooks required to communicate the current user from theAndrew Bartlett1-2/+1
authenticated session down into LDB. This associates a session info structure with the open LDB, allowing a future ldb_ntacl module to allow/deny operations on that basis. Along the way, I cleaned up a few things, and added new helper functions to assist. In particular the LSA pipe uses simpler queries for some of the setup. In ldap_server, I have removed the 'ldasrv:hacked' module, which hasn't been worked on (other than making it continue to compile) since January, and I think the features of this module are being put into ldb anyway. I have also changed the partitions in ldap_server to be initialised after the connection, with the private pointer used to associate the ldb with the incoming session. Andrew Bartlett (This used to be commit fd7203789a2c0929eecea8125b57b833a67fed71)
2007-10-10r9391: Convert all the code to use struct ldb_dn to ohandle ldap like ↵Simo Sorce1-1/+0
distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2007-10-10r4716: add a real ugly hack to get all ldap queries of anStefan Metzmacher1-1/+2
w2k3 dc join working I just commit that to not lose it if my home box would crash... you need a hacked.ldb with some stuff in it, I'll explain later and you need --option="ldapsrv:hacked=yes" so what is left now is KRB5 support for DCERPC in the server as the EVENT LOG of w2k3 says... metze (This used to be commit d72760d26ffe531e34bcbec623b986761152ae5b)
2007-10-10r2864: - Bind and Unbind are no directory partition operationsStefan Metzmacher1-0/+1
- move Bind Unbind code to a seperate file metze (This used to be commit 3aa1a298970eab563ff6304210bee4696ecec105)
2007-10-10r2863: move the logical ldapsrv functions to a seperate fileStefan Metzmacher1-0/+1
metze (This used to be commit 5173c4d4fe78b2ca539e0b650745b63475d48e1d)
2007-10-10r2815: add some more docsSimo Sorce1-0/+1
add a nearly complete rfc conformat dn parsing function (This used to be commit 1bc5a94488f48ae5c8e67db169f24f5f24c4a234)
2007-10-10r2681: commit the first semi working search implementationStefan Metzmacher1-1/+1
which exports data from a ldb. I commit this code, so that someone can help me to find a strange bug metze (This used to be commit 67bb49172567af9d106ded55c1257b808d2a97ff)
2007-10-10r2527: - add a dummy for a simple ldb backendStefan Metzmacher1-2/+3
- handle the complete rootDSE search (maybe this will be also a partition module) metze (This used to be commit 6fc904a71cf5305d0c5c260ad1665499ea6c6f9a)
2007-10-10r2523: - readd rootDSE replyStefan Metzmacher1-1/+2
- add infrastructure start for having multiple directory partitions (backends) metze (This used to be commit 5103e7fe7873c0309461ad471f0529223d7c38eb)
2007-10-10r2321: add complately untested LDAP server startStefan Metzmacher1-0/+11
based on volker's patch this is compiled by default but not started by default metze (This used to be commit 5387bc423d4dc669cbac6626f8dd3a5498a6519d)