summaryrefslogtreecommitdiff
path: root/source4/ldap_server/ldap_backend.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r21496: A number of ldb control and LDAP changes, surrounding theAndrew Bartlett1-4/+15
'phantom_root' flag in the search_options control - Add in support for LDB controls to the js layer - Test the behaviour - Implement support for the 'phantom_root' flag in the partitions module - Make the LDAP server set the 'phantom_root' flag in the search_options control - This replaces the global_catalog flag passed down as an opaque pointer - Rework the string-format control parsing function into ldb_parse_control_strings(), returning errors by ldb_errorstring() method, rather than with printf to stderr - Rework some of the ldb_control handling logic Andrew Bartlett (This used to be commit 2b3df7f38d7790358dbb4de1b8609bf794a351fb)
2007-10-10r20189: remove unused struct elementStefan Metzmacher1-2/+0
metze (This used to be commit d20d1872d5ed1176928b85ef9811c6a5177d0148)
2007-10-10r19832: better prototypes for the linearization functions:Simo Sorce1-1/+1
- ldb_dn_get_linearized returns a const string - ldb_dn_alloc_linearized allocs astring with the linearized dn (This used to be commit 3929c086d5d0b3f08b1c4f2f3f9602c3f4a9a4bd)
2007-10-10r19831: Big ldb_dn optimization and interfaces enhancement patchSimo Sorce1-19/+19
This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2007-10-10r19722: fix memory leaks and hierachie bugsStefan Metzmacher1-4/+6
metze (This used to be commit fddcbf5d4cce77705be43956ea93895432b64aa1)
2007-10-10r19721: ldapsrv_SearchCallback isn't needed any moreStefan Metzmacher1-60/+1
ldb_search_default_callback does the same... metze (This used to be commit 0edac60ec6f1e67de8e08f4e71e56b674915ad6e)
2007-10-10r19531: Make struct ldb_dn opaque and local to ldb_dn.cSimo Sorce1-4/+7
(This used to be commit 889fb983ba1cf8a11424a8b3dc3a5ef76e780082)
2007-10-10r19522: Remove gensec and credentials dependency from the rootdse module (lessAndrew Bartlett1-1/+31
dependency loops). This moves the evaluation of the SASL mechansim list to display in the rootDSE to the ldap server. Andrew Bartlett (This used to be commit 379da475e224d93c05d91b37902c121eb4007d97)
2007-10-10r18989: Fixes found by these two LDAP testsuites:Andrew Bartlett1-0/+4
- http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/ - http://gleg.net/protover_ldap_sample.shtml Also fixes found by a subsequent audit of the code for similar issues. (This used to be commit 441a4f6262459dabfefd9bb12622ada9c007a60c)
2007-10-10r18301: I discovered how to load the warnings from a build farm build intoAndrew Tridgell1-1/+1
emacs compile mode (hint, paste to a file, and compile as "cat filename"). This allowed me to fix nearly all the warnings for a IA_64 SuSE build very quickly. (This used to be commit eba6c84efff735bb0ca941ac4b755ce2b0591667)
2007-10-10r17930: Merge noinclude branch:Jelmer Vernooij1-1/+1
* Move dlinklist.h, smb.h to subsystem-specific directories * Clean up ads.h and move what is left of it to dsdb/ (only place where it's used) (This used to be commit f7afa1cb77f3cfa7020b57de12e6003db7cfcc42)
2007-10-10r17240: move extended operations to a new fileStefan Metzmacher1-77/+0
metze (This used to be commit 0b16350fa2da39a66c4479dbf74182b06f7ed91a)
2007-10-10r17237: - keep pointer to the different socketsStefan Metzmacher1-1/+1
- we need this to later: - to disallow a StartTLS when TLS is already in use - to place the TLS socket between the raw and sasl socket when we had a sasl bind before the StartTLS - and rfc4513 says that the server may allow to remove the TLS from the tcp connection again and reuse raw tcp - and also a 2nd sasl bind should replace the old sasl socket metze (This used to be commit 10cb9c07ac60b03472f2b0b09c4581cc715002ba)
2007-10-10r17224: Accept the start-tls extended request. Getting OpenLDAP to recogniseAndrew Bartlett1-1/+58
our certificate, and proceed with the connection is left as an exercise for the reader... Andrew Bartlett (This used to be commit 9bd66d4c95dd971e2b1b6371ba3ffc6c178c0d4c)
2007-10-10r17186: "async" word abuse clean-up part 2Simo Sorce1-3/+3
(This used to be commit c6aa60c7e69abf1f83efc150b1c3ed02751c45fc)
2007-10-10r17185: Oh, I wanted to do this for sooo long time.Simo Sorce1-2/+2
Finally acknowledge that ldb is inherently async and does not have a dual personality anymore Rename all ldb_async_XXX functions to ldb_XXX except for ldb_async_result, it is now ldb_reply to reflect the real function of this structure. Simo. (This used to be commit 25fc7354049d62efeba17681ef1cdd326bc3f2ef)
2007-10-10r16972: Replace the sequence_number function pointer in ldb with the ldb flags.Andrew Bartlett1-2/+7
The function pointer was meant to be unused, this patch fixes partition.c to use ldb_sequence_number(). (No backend provided the pointer any more). Set the flags onto the ldb structure, so that all backends opened by the partitions module inherit the flags. Set the read-ony flag when accessed as the global catalog Modify the LDAP server to track that this query is for the global catalog (by incoming port), and set a opqaue pointer. Next step is to read that opaque pointer in the partitions module. Andrew Bartlett (This used to be commit a1161cb30e4ffa09657a89e03ca85dd6efd4feba)
2007-10-10r16234: Set the request timeout from the LDAP search. Without this, theAndrew Bartlett1-1/+3
initial request time is uninitialised, and this causes havoc later. This also allows us to honour the client's wishes. We should be doing this for all the operations... Andrew Bartlett (This used to be commit c8f5b1c9281072179cd3f3cf282cf376dca24ba0)
2007-10-10r15944: rename LDB_ASYNC_ADD -> LDB_ADD, LDB_ASYNC_MODIFY -> LDB_MODIFY, etc...Simo Sorce1-1/+1
(This used to be commit 55d97ef88f377ef1dbf7b1774a15cf9035e2f320)
2007-10-10r15933: remove the last sync call to ldb_requestSimo Sorce1-4/+73
(This used to be commit 10d66aa61dab2e59e5a510cf34b1cfad86fc2529)
2007-10-10r14857: fix bugs noticed by the ibm code checkerStefan Metzmacher1-3/+4
metze (This used to be commit 07626bf3c7dc7162b852cc27e5a7c313ede3862a)
2007-10-10r13998: From now on ldb_request() will require an alloced requestSimo Sorce1-10/+12
By freeing the request you will be sure everything down the path get freed. this also means you have to steal the results if you want to keep them :) simo. (This used to be commit e8075e6a062ce5edb84485e45d0b841c2ee2af7d)
2007-10-10r13609: Get in the initial work on making ldb asyncSimo Sorce1-47/+2
Currently only ldb_ildap is async, the plan is to first make all backend support the async calls, and then remove the sync functions from backends and keep the only in the API. Modules will need to be transformed along the way. Simo (This used to be commit 1e2c13b2d52de7c534493dd79a2c0596a3e8c1f5)
2007-10-10r13606: An attempt to fix #3525.Andrew Bartlett1-12/+8
The problem was that the supportedControls were being stolen into the result sent to the client, then talloc_free()ed. This caused them to be invalid on the next rootDSE query. This also tries to avoid attaching the result to the long-term samdb context, and avoids an extra loop in the result processing (pointed out by tridge). Andrew BARtlett (This used to be commit d0b8957f38fda4d84a318d6121ad87ba53a9ddb3)
2007-10-10r13508: some ASN.1 element in LDAP are optional,Stefan Metzmacher1-3/+2
make it possible to code the difference between a zero length and a NULL DATA_BLOB... metze (This used to be commit 54f0b19c55df8ad3882f31a114e2ea0e4cf940ae)
2007-10-10r12880: Remove ldap partitions useless now and probably weSimo Sorce1-47/+543
will not use it anyway as we plan to support partitions in ldb directly like with rootdse Merge ldap_simple_ldb into ldap_backend, it is not simple anymore and makes no sense to have it separated now that ldap partitions are gone Initial attempt at working to some limit to avoid DOSs for the ldap server. Simo. (This used to be commit 97bff3e049eba48019f2b0f3eb5a19e32fef2e23)
2007-10-10r12733: Merge ldap/ldb controls into main treeSimo Sorce1-6/+8
There's still lot of work to do but the patch is stable enough to be pushed into the main samba4 tree. Simo. (This used to be commit 77125feaff252cab44d26593093a9c211c846ce8)
2007-10-10r12608: Remove some unused #include lines.Jelmer Vernooij1-1/+0
(This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981)
2007-10-10r11955: got rid of the old rootDSE code in the ldap server.Andrew Tridgell1-5/+0
The partitioning logic is still there, but we only have one partition. If we need partitioning in the future it might be better to remove this partitioning code and use a partitioning module instead (This used to be commit f4685e7dc9bdc3b9e240c9f5891b9da9251f82e5)
2007-10-10r10810: This adds the hooks required to communicate the current user from theAndrew Bartlett1-14/+2
authenticated session down into LDB. This associates a session info structure with the open LDB, allowing a future ldb_ntacl module to allow/deny operations on that basis. Along the way, I cleaned up a few things, and added new helper functions to assist. In particular the LSA pipe uses simpler queries for some of the setup. In ldap_server, I have removed the 'ldasrv:hacked' module, which hasn't been worked on (other than making it continue to compile) since January, and I think the features of this module are being put into ldb anyway. I have also changed the partitions in ldap_server to be initialised after the connection, with the private pointer used to associate the ldb with the incoming session. Andrew Bartlett (This used to be commit fd7203789a2c0929eecea8125b57b833a67fed71)
2007-10-10r7777: allow for overriding the location of the sam databasein the ldap ↵Andrew Tridgell1-0/+14
server, using ldapsrv:samdb option. This allows the following: sam database=ldap://localhost ldapsrv:samdb=tdb:///home/tridge/samba/samba4/prefix/private/sam.ldb which allows us to test putting the sam on an ldap server using our own ldap server. This is a great stress test for the ldap code. (This used to be commit 40948ba3848e2cfd69ee5ef77031170a652e389b)
2007-10-10r7747: - simplified the ldap server buffer handlingAndrew Tridgell1-7/+7
- got rid of the special cases for sasl buffers - added a tls_socket_pending() call to determine how much data is waiting on a tls connection - removed the attempt at async handling of ldap calls. The buffers/sockets are all async, but the calls themselves are sync. (This used to be commit 73cb4aad229d08e17e22d5792580bd43a61b142a)
2007-10-10r7593: simplified the memory management in the ldap code. Having a mem_ctxAndrew Tridgell1-14/+18
element in a structure is not necessary any more. (This used to be commit 912d0427f52eac811b27bf7e385b0642f7dc7f53)
2007-10-10r7527: - added a ldb_search_bytree() interface, which takes a ldb_parse_treeAndrew Tridgell1-1/+1
instead of a search expression. This allows our ldap server to pass its ASN.1 parsed search expressions straight to ldb, instead of going via strings. - updated all the ldb modules code to handle the new interface - got rid of the separate ldb_parse.h now that the ldb_parse structures are exposed externally - moved to C99 structure initialisation in ldb - switched ldap server to using ldb_search_bytree() (This used to be commit 96620ab2ee5d440bbbc51c1bc0cad9977770f897)
2007-10-10r5305: removed libcli/ldap/ldap.h from includes.hAndrew Tridgell1-2/+3
(This used to be commit 0df3fdd8178085c40f9cd776cc3e1486ca559c8e)
2007-10-10r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for theAndrew Tridgell1-1/+1
large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2007-10-10r3464: split out registry.h, rap.h and ldap_server.hAndrew Tridgell1-0/+1
(This used to be commit 70d2090f6bf2c7e0caf1e9c020f330de88871f8e)
2007-10-10r3463: separated out some more headers (asn_1.h, messages.h, dlinklist.h and ↵Andrew Tridgell1-0/+1
ioctl.h) (This used to be commit b97e395c814762024336c1cf4d7c25be8da5813a)
2007-10-10r2891: call rootDSE only with LDAP_SEARCH_SCOPE_BASEStefan Metzmacher1-8/+9
this is needed because of the global catalog metze (This used to be commit 071c19c25df92e87355ce6efb5eb7ce7694cf09b)
2007-10-10r2877: the Bind and Unbind function are already moved...Stefan Metzmacher1-30/+0
metze (This used to be commit 5c3f3b4072ed67c6b6b11af6a0f7f2869c717cdb)
2007-10-10r2863: move the logical ldapsrv functions to a seperate fileStefan Metzmacher1-0/+279
metze (This used to be commit 5173c4d4fe78b2ca539e0b650745b63475d48e1d)