summaryrefslogtreecommitdiff
path: root/source4/ldap_server/ldap_backend.c
AgeCommit message (Collapse)AuthorFilesLines
2009-08-04s4-ldap_server: fix generated error string in map_ldb_error().Günther Deschner1-1/+1
Guenther
2009-07-31s4: Enhances the LDAP server to display error messages like Windows ServerMatthias Dieter Wallnöfer1-27/+178
Those error messages also include the WERROR code of the failed operation(s) in this manner: <error code eight chars in HEX>: <further error message> This also addresses bug #4949
2009-07-01use a talloc_unlink() as ops may have a referenceAndrew Tridgell1-1/+1
2008-12-17s4:ldap_server: return the extended dn to the LDAP client if availableAndrew Bartlett1-1/+16
This uses an early peek at the extended_dn_control (in the request) to see what output format to use. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-11-17Remove restrictions on number of DN components in LDAP serverAndrew Bartlett1-13/+9
There is no reason for these restrictions to be in the LDAP server - they belong in the LDB layer. When accepting 'extended' or 'alternate' DNs we can't tell anyway. Andrew Bartlett
2008-11-02Remove use of global_loadparm for disabled gensec backends.Jelmer Vernooij1-0/+3
2008-10-11Fix include paths to new location of libutil.Jelmer Vernooij1-1/+1
2008-09-29LDB ASYNC: misc changesSimo Sorce1-19/+16
2008-09-23Merge ldb_search() and ldb_search_exp_fmt() into a simgle function.Simo Sorce1-2/+2
The previous ldb_search() interface made it way too easy to leak results, and being able to use a printf-like expression turns to be really useful.
2008-07-15Use secrets.ldb to store credentials to contact LDAP backend.Andrew Bartlett1-4/+5
This makes Samba4 behave much like Samba3 did, and use a single set of administrative credentials for it's connection to LDAP. Andrew Bartlett (This used to be commit e396a59788d77aa2fbf3b523c3773fe0e5c976c0)
2008-07-02ldap_server: allow modifies to the root dse record and pass them to the ldb ↵Stefan Metzmacher1-1/+1
layer metze (This used to be commit 3da6f7f95d7c04cff49fa2312f94c059686d11e4)
2008-04-17Specify event_context to ldb_wrap_connect explicitly.Jelmer Vernooij1-0/+2
(This used to be commit b4e1ae07a284c044704322446c94351c2decff91)
2008-03-29Fix more valgrind issues.Andrew Bartlett1-0/+5
This passes down the timeout more consistantly, and ensures that no matter how the modules screw up, we don't free() the memory we are going to write into the ASN1 packet until we actually write it out. Andrew Bartlett (This used to be commit eefd46289b90967ce6b4cd385fb1f7e1d6f9b343)
2008-03-29Fix some valgrind issues.Andrew Bartlett1-3/+3
These small changes seem to fix some of the early issues in 'make valgrindtest' Previously, the subtree_delete code didn't pass on the timeout, leaving it uninitialised. The ldap_server/ldap_backend.c change tidies up the talloc hierarchy a bit. Andrew Bartlett (This used to be commit 95314f29a9cf83db71d37e68728bfb5009fce60d)
2007-12-21r26266: Remove more global_loadparm uses.Jelmer Vernooij1-2/+3
(This used to be commit 99113075c4a96679bcec4f4d6bba4acb3dee4245)
2007-12-21r26193: In the LDAP server, use the new 'controls_decoded' element toAndrew Bartlett1-0/+12
determine if this (possibly critical) control has been decoded. This allows us to return an error, rather than just dropping the socket. Andrew Bartlett (This used to be commit 230a60c1910f95ce5139c174d6d79786fca08433)
2007-12-21r26003: Split up DB_WRAP, as first step in an attempt to sanitize dependencies.Jelmer Vernooij1-1/+1
(This used to be commit 56dfcb4f2f8e74c9d8b2fe3a0df043781188a555)
2007-12-21r25960: Enable checks on the validity of the search base on sam.ldb in Samba4.Andrew Bartlett1-4/+0
Remove bogus check to return NO_SUCH_ENTRY in ldap_backend.c, as this error is now correctly emited from ldb. Andrew Bartlett (This used to be commit ed57862b90812e5a38ca81935b131338112fb19f)
2007-10-10r25446: Merge some changes I made on the way home from SFO:Jelmer Vernooij1-1/+3
2007-09-29 More higher-level passing around of lp_ctx. 2007-09-29 Fix warning. 2007-09-29 Pass loadparm contexts on a higher level. 2007-09-29 Avoid using global loadparm context. (This used to be commit 3468952e771ab31f90b6c374ade01c5550810f42)
2007-10-10r25428: forward declarations of enums are not portable,Stefan Metzmacher1-3/+1
so pass struct cli_credentials *cred instead of enum credentials_use_kerberos use_kerberos. metze (This used to be commit b945aaa9dadc4c0595340d35725b49bac8e5778e)
2007-10-10r25398: Parse loadparm context to all lp_*() functions.Jelmer Vernooij1-1/+1
(This used to be commit 3fcc960839c6e5ca4de2c3c042f12f369ac5f238)
2007-10-10r25026: Move param/param.h out of includes.hJelmer Vernooij1-0/+1
(This used to be commit abe8349f9b4387961ff3665d8c589d61cd2edf31)
2007-10-10r23849: ldap_server: Provide more info in debug tracesAndrew Bartlett1-7/+8
blackbox tests: increase test coverage by running more options. Andrew Bartlett (This used to be commit 46abf82675ea0ce06a162be5d733da0c236880c2)
2007-10-10r23816: A little more static, but leave the dead code testjoin.c as ↵Andrew Bartlett1-1/+1
documentation. Andrew Bartlett (This used to be commit 6679003c0553804333f0090a91e1fe53837ceb47)
2007-10-10r23792: convert Samba4 to GPLv3Andrew Tridgell1-3/+2
There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-10-10r23762: Fix DN renames over LDAP, and instrument the partition module. Add aAndrew Bartlett1-0/+1
test to prove the behaviour of LDAP renames etc. Fix LDB to return correct error code when failing to rename one DN onto another. Andrew Bartlett (This used to be commit 3f3da9c4710b7752ed97f55c2fc3d32a63d352af)
2007-10-10r21496: A number of ldb control and LDAP changes, surrounding theAndrew Bartlett1-4/+15
'phantom_root' flag in the search_options control - Add in support for LDB controls to the js layer - Test the behaviour - Implement support for the 'phantom_root' flag in the partitions module - Make the LDAP server set the 'phantom_root' flag in the search_options control - This replaces the global_catalog flag passed down as an opaque pointer - Rework the string-format control parsing function into ldb_parse_control_strings(), returning errors by ldb_errorstring() method, rather than with printf to stderr - Rework some of the ldb_control handling logic Andrew Bartlett (This used to be commit 2b3df7f38d7790358dbb4de1b8609bf794a351fb)
2007-10-10r20189: remove unused struct elementStefan Metzmacher1-2/+0
metze (This used to be commit d20d1872d5ed1176928b85ef9811c6a5177d0148)
2007-10-10r19832: better prototypes for the linearization functions:Simo Sorce1-1/+1
- ldb_dn_get_linearized returns a const string - ldb_dn_alloc_linearized allocs astring with the linearized dn (This used to be commit 3929c086d5d0b3f08b1c4f2f3f9602c3f4a9a4bd)
2007-10-10r19831: Big ldb_dn optimization and interfaces enhancement patchSimo Sorce1-19/+19
This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2007-10-10r19722: fix memory leaks and hierachie bugsStefan Metzmacher1-4/+6
metze (This used to be commit fddcbf5d4cce77705be43956ea93895432b64aa1)
2007-10-10r19721: ldapsrv_SearchCallback isn't needed any moreStefan Metzmacher1-60/+1
ldb_search_default_callback does the same... metze (This used to be commit 0edac60ec6f1e67de8e08f4e71e56b674915ad6e)
2007-10-10r19531: Make struct ldb_dn opaque and local to ldb_dn.cSimo Sorce1-4/+7
(This used to be commit 889fb983ba1cf8a11424a8b3dc3a5ef76e780082)
2007-10-10r19522: Remove gensec and credentials dependency from the rootdse module (lessAndrew Bartlett1-1/+31
dependency loops). This moves the evaluation of the SASL mechansim list to display in the rootDSE to the ldap server. Andrew Bartlett (This used to be commit 379da475e224d93c05d91b37902c121eb4007d97)
2007-10-10r18989: Fixes found by these two LDAP testsuites:Andrew Bartlett1-0/+4
- http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/ - http://gleg.net/protover_ldap_sample.shtml Also fixes found by a subsequent audit of the code for similar issues. (This used to be commit 441a4f6262459dabfefd9bb12622ada9c007a60c)
2007-10-10r18301: I discovered how to load the warnings from a build farm build intoAndrew Tridgell1-1/+1
emacs compile mode (hint, paste to a file, and compile as "cat filename"). This allowed me to fix nearly all the warnings for a IA_64 SuSE build very quickly. (This used to be commit eba6c84efff735bb0ca941ac4b755ce2b0591667)
2007-10-10r17930: Merge noinclude branch:Jelmer Vernooij1-1/+1
* Move dlinklist.h, smb.h to subsystem-specific directories * Clean up ads.h and move what is left of it to dsdb/ (only place where it's used) (This used to be commit f7afa1cb77f3cfa7020b57de12e6003db7cfcc42)
2007-10-10r17240: move extended operations to a new fileStefan Metzmacher1-77/+0
metze (This used to be commit 0b16350fa2da39a66c4479dbf74182b06f7ed91a)
2007-10-10r17237: - keep pointer to the different socketsStefan Metzmacher1-1/+1
- we need this to later: - to disallow a StartTLS when TLS is already in use - to place the TLS socket between the raw and sasl socket when we had a sasl bind before the StartTLS - and rfc4513 says that the server may allow to remove the TLS from the tcp connection again and reuse raw tcp - and also a 2nd sasl bind should replace the old sasl socket metze (This used to be commit 10cb9c07ac60b03472f2b0b09c4581cc715002ba)
2007-10-10r17224: Accept the start-tls extended request. Getting OpenLDAP to recogniseAndrew Bartlett1-1/+58
our certificate, and proceed with the connection is left as an exercise for the reader... Andrew Bartlett (This used to be commit 9bd66d4c95dd971e2b1b6371ba3ffc6c178c0d4c)
2007-10-10r17186: "async" word abuse clean-up part 2Simo Sorce1-3/+3
(This used to be commit c6aa60c7e69abf1f83efc150b1c3ed02751c45fc)
2007-10-10r17185: Oh, I wanted to do this for sooo long time.Simo Sorce1-2/+2
Finally acknowledge that ldb is inherently async and does not have a dual personality anymore Rename all ldb_async_XXX functions to ldb_XXX except for ldb_async_result, it is now ldb_reply to reflect the real function of this structure. Simo. (This used to be commit 25fc7354049d62efeba17681ef1cdd326bc3f2ef)
2007-10-10r16972: Replace the sequence_number function pointer in ldb with the ldb flags.Andrew Bartlett1-2/+7
The function pointer was meant to be unused, this patch fixes partition.c to use ldb_sequence_number(). (No backend provided the pointer any more). Set the flags onto the ldb structure, so that all backends opened by the partitions module inherit the flags. Set the read-ony flag when accessed as the global catalog Modify the LDAP server to track that this query is for the global catalog (by incoming port), and set a opqaue pointer. Next step is to read that opaque pointer in the partitions module. Andrew Bartlett (This used to be commit a1161cb30e4ffa09657a89e03ca85dd6efd4feba)
2007-10-10r16234: Set the request timeout from the LDAP search. Without this, theAndrew Bartlett1-1/+3
initial request time is uninitialised, and this causes havoc later. This also allows us to honour the client's wishes. We should be doing this for all the operations... Andrew Bartlett (This used to be commit c8f5b1c9281072179cd3f3cf282cf376dca24ba0)
2007-10-10r15944: rename LDB_ASYNC_ADD -> LDB_ADD, LDB_ASYNC_MODIFY -> LDB_MODIFY, etc...Simo Sorce1-1/+1
(This used to be commit 55d97ef88f377ef1dbf7b1774a15cf9035e2f320)
2007-10-10r15933: remove the last sync call to ldb_requestSimo Sorce1-4/+73
(This used to be commit 10d66aa61dab2e59e5a510cf34b1cfad86fc2529)
2007-10-10r14857: fix bugs noticed by the ibm code checkerStefan Metzmacher1-3/+4
metze (This used to be commit 07626bf3c7dc7162b852cc27e5a7c313ede3862a)
2007-10-10r13998: From now on ldb_request() will require an alloced requestSimo Sorce1-10/+12
By freeing the request you will be sure everything down the path get freed. this also means you have to steal the results if you want to keep them :) simo. (This used to be commit e8075e6a062ce5edb84485e45d0b841c2ee2af7d)
2007-10-10r13609: Get in the initial work on making ldb asyncSimo Sorce1-47/+2
Currently only ldb_ildap is async, the plan is to first make all backend support the async calls, and then remove the sync functions from backends and keep the only in the API. Modules will need to be transformed along the way. Simo (This used to be commit 1e2c13b2d52de7c534493dd79a2c0596a3e8c1f5)
2007-10-10r13606: An attempt to fix #3525.Andrew Bartlett1-12/+8
The problem was that the supportedControls were being stolen into the result sent to the client, then talloc_free()ed. This caused them to be invalid on the next rootDSE query. This also tries to avoid attaching the result to the long-term samdb context, and avoids an extra loop in the result processing (pointed out by tridge). Andrew BARtlett (This used to be commit d0b8957f38fda4d84a318d6121ad87ba53a9ddb3)