summaryrefslogtreecommitdiff
path: root/source4/ldap_server/ldap_server.c
AgeCommit message (Collapse)AuthorFilesLines
2009-06-24Reenable the LDAPI socket for the merged buildVolker Lendecke1-2/+0
It seems that the samba4 part of the merged build does not pick up the DEVELOPER flag from the s3 configure. Jelmer, can you fix that properly? Thanks, Volker
2009-06-19Allow developers access the the privilaged ldapi socket for the momentAndrew Bartlett1-0/+4
This allows us some time to get the EXTERNAL bind working
2009-06-19s4:ldapsrv Place the 'privilaged' ldapi socket under an #ifdefAndrew Bartlett1-1/+11
This makes it clear to our users that this particular implementation isn't final (all parties are agreed that an EXTERNAL bind is the right way to do this, but it has not been implemented yet). Andrew Bartlett
2009-06-06Allow access as SYSTEM on a privileged ldapi connectionVolker Lendecke1-13/+83
This patch creates ldap_priv/ as a subdirectory under the private dir with the appropriate permissions to only allow the same access as the privileged winbind socket allows. Connecting to ldap_priv/ldapi gives SYSTEM access to the ldap database.
2009-05-29Fix some nonempty blank linesVolker Lendecke1-11/+11
2009-02-24libcli/ldap: move generic ldap control encoding code to ldap_message.cStefan Metzmacher1-2/+2
As they can we static there, we pass the specific handlers as parameter where we need to support controls. metze
2009-02-18Worked around a problem with select/poll/epoll and gnutls Andrew Tridgell1-0/+4
Our packet layer relies on the event system reliably telling us when a packet is available. When we are using a socket layer like TLS then things get a bit trickier, as there may be bytes in the encryption buffer which could be read even if there are no bytes at the socket level. The GNUTLS library is supposed to prevent this happening by always leaving some data at the socket level when there is data to be processed in its buffers, but it seems that this is not always reliable. To work around this I have added a new packet option packet_set_unreliable_select() which tells the packet layer to not assume that the socket layer has a reliable select, and to instead keep trying to read from the socket until it gets back no data. This option is set for the ldap client and server when TLS is negotiated. This seems to fix the problems with the ldaps tests.
2009-02-02s4:service_stream: s/private/private_dataStefan Metzmacher1-4/+4
metze
2009-02-02s4:ldap_server: s/private/private_dataStefan Metzmacher1-8/+8
metze
2008-12-29s4:lib/tevent: rename structsStefan Metzmacher1-5/+5
list="" list="$list event_context:tevent_context" list="$list fd_event:tevent_fd" list="$list timed_event:tevent_timer" for s in $list; do o=`echo $s | cut -d ':' -f1` n=`echo $s | cut -d ':' -f2` r=`git grep "struct $o" |cut -d ':' -f1 |sort -u` files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4` for f in $files; do cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp mv $f.tmp $f done done metze
2008-10-11Fix include paths to new location of libutil.Jelmer Vernooij1-2/+2
2008-09-23Merge ldb_search() and ldb_search_exp_fmt() into a simgle function.Simo Sorce1-6/+2
The previous ldb_search() interface made it way too easy to leak results, and being able to use a printf-like expression turns to be really useful.
2008-09-22s4: allways initialize the process model before it's usedStefan Metzmacher1-1/+1
metze
2008-07-16Don't keep an extra ldb around forever.Andrew Bartlett1-1/+5
We just open it to figure out if we need to be a Global Catalog server. Andrew Bartlett (This used to be commit f13572d9e9f1962b637cbd573588184d1459d252)
2008-04-17Specify event_context to ldb_wrap_connect explicitly.Jelmer Vernooij1-2/+3
(This used to be commit b4e1ae07a284c044704322446c94351c2decff91)
2008-04-02Install public header files again and include required prototypes.Jelmer Vernooij1-0/+2
(This used to be commit 47ffbbf67435904754469544390b67d34c958343)
2008-03-29Fix more valgrind issues.Andrew Bartlett1-1/+3
This passes down the timeout more consistantly, and ensures that no matter how the modules screw up, we don't free() the memory we are going to write into the ASN1 packet until we actually write it out. Andrew Bartlett (This used to be commit eefd46289b90967ce6b4cd385fb1f7e1d6f9b343)
2008-02-04Remove useless layer of indirection, where every service calledAndrew Bartlett1-13/+1
task_service_init() manually. Now this is called from service.c for all services. Andrew Bartlett (This used to be commit 9c9a4731cafd0dcf6c8523a7b06759cd4f14e4db)
2008-02-04Rework service init functions to pass down service name. This isAndrew Bartlett1-1/+1
needed to change prefork behaviour based on what service is being started. Andrew Bartlett and David Disseldorp (This used to be commit 0d830580e3539c96da3aa6c72fafe6eacd7a74a0)
2008-01-15util: Move asn1 to lib/util to trim down the number of subsystems.Jelmer Vernooij1-1/+1
(This used to be commit 44e1cfd2d0ef62e4ee541cec00581a7151d951b3)
2008-01-05r26672: Janitorial: Remove uses of global_loadparm.Jelmer Vernooij1-5/+10
(This used to be commit 18cd08623eaad7d2cd63b82ea5275d4dfd21cf00)
2008-01-05r26669: Janitorial: Remove uses of global_loadparm.Jelmer Vernooij1-1/+3
(This used to be commit 50c46160d997e0448f51ae09e0f3c79e8519fa41)
2008-01-03r26648: Move detection of global catalog captability to a central function, soAndrew Bartlett1-20/+1
this can be shared with the CLDAP server (for the netlogon reply). Andrew Bartlett (This used to be commit 592c10ae11c94007e38404a7edea9fd8471f1907)
2007-12-21r26430: require explicit specification of loadparm context.Jelmer Vernooij1-1/+1
(This used to be commit 1b947fe0e6e16318e5a8127bb4932d6b5d20bcf6)
2007-12-21r26402: Require a talloc context in libnetif.Jelmer Vernooij1-1/+1
(This used to be commit a35e51871bbf1ab33fc316fa59e597b722769c50)
2007-12-21r26401: Don't cache interfaces context in libnetif.Jelmer Vernooij1-2/+6
(This used to be commit 9f975417cc66bfd4589da38bfd23731dbe0e6153)
2007-12-21r26325: Remove use of global_loadparm in netif.Jelmer Vernooij1-2/+2
(This used to be commit e452cb28594f23add7c00247ed39e8323aea78a6)
2007-12-21r26313: Fix more uses of static loadparm.Jelmer Vernooij1-4/+12
(This used to be commit 6fd0d9d3b75546d08c24c513e05b1843d5777608)
2007-12-21r26266: Remove more global_loadparm uses.Jelmer Vernooij1-2/+3
(This used to be commit 99113075c4a96679bcec4f4d6bba4acb3dee4245)
2007-12-21r26252: Specify loadparm_context explicitly when creating sessions.Jelmer Vernooij1-1/+1
(This used to be commit 7280c1e9415daabb2712db1372e23f9846272ede)
2007-12-21r26250: Avoid global_loadparm in a couple more places.Jelmer Vernooij1-1/+1
(This used to be commit 2c6b755309fdf685cd0b0564272bf83038574a43)
2007-12-21r26238: Add a loadparm context parameter to torture_context, remove more ↵Jelmer Vernooij1-1/+1
uses of global_loadparm. (This used to be commit a33a5530545086b81a3b205aa109dff11c546926)
2007-12-21r26237: Add loadparm context to the server service interface.Jelmer Vernooij1-0/+1
(This used to be commit 1386c5c92505a950c65411b8af74d703ce023f95)
2007-12-21r26228: Store loadparm context in auth context, move more loadparm_contexts ↵Jelmer Vernooij1-3/+2
up the call stack. (This used to be commit ba75f1613a9aac69dd5df94dd8a2b37820acd166)
2007-12-21r26227: Make loadparm_context part of a server task, move loadparm_contexts ↵Jelmer Vernooij1-6/+7
further up the call stack. (This used to be commit 0721a07aada6a1fae6dcbd610b8783df57d7bbad)
2007-12-21r25921: Now also listen on ldapi by default in the LDAP serverAndrew Bartlett1-0/+14
Create a phpLDAPadmin configuration file example to use ldapi to talk to Samba4 Andrew Bartlett (This used to be commit 54f4c8ba6127757fd272bd97e301188eb69977ed)
2007-10-10r25548: Convert to standard bool type.Jelmer Vernooij1-1/+1
(This used to be commit 190d73b44b9b9c6dabbd26212d596d985b25edab)
2007-10-10r25398: Parse loadparm context to all lp_*() functions.Jelmer Vernooij1-4/+4
(This used to be commit 3fcc960839c6e5ca4de2c3c042f12f369ac5f238)
2007-10-10r25299: Modify the provision script to take an additional argument: ↵Andrew Bartlett1-0/+12
--server-role This must be set to either 'domain controller', 'domain member' or 'standalone'. The default for the provision now changes to 'standalone'. This is not because Samba4 is particularlly useful in that mode, but because we still want a positive sign from the administrator that we should advertise as a DC. We now do more to ensure the 'standalone' and 'member server' provision output is reasonable, and try not to set odd things into the database that only belong for the DC. Andrew Bartlett (This used to be commit 4cc4ed7719aff712e735628410bd3813c7d6aa40)
2007-10-10r25026: Move param/param.h out of includes.hJelmer Vernooij1-0/+1
(This used to be commit abe8349f9b4387961ff3665d8c589d61cd2edf31)
2007-10-10r25001: Fix more C++ and other warnings, fix some of the indentation with ↵Jelmer Vernooij1-1/+2
ts=4 lines that I accidently added earlier. (This used to be commit 0bcb21ed740fcec0f48ad36bbc2deee2948e8fc7)
2007-10-10r24780: More work allowing libutil to be used by external users.Jelmer Vernooij1-2/+3
(This used to be commit 31993cf67b816a184a4a4e92ef8ca2532c797190)
2007-10-10r23792: convert Samba4 to GPLv3Andrew Tridgell1-3/+2
There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-10-10r23036: error checking on asn1_init() failureAndrew Tridgell1-1/+3
(This used to be commit 26cf8494084c0106ef0e1c9b6ef40eeadf945ef2)
2007-10-10r23030: finally fixed up our asn1 code to use better memory allocation. ThisAndrew Tridgell1-5/+5
should allow us to fix some long standing memory leaks. (This used to be commit 3db49c2ec9968221c1361785b94061046ecd159d)
2007-10-10r21806: I've been working over the last week to fix up the LDAP backend forAndrew Bartlett1-2/+4
Samba4. This only broke on global catalog queries, which turned out to be due to changes in the partitions module that metze needed for his DRSUAPI work. I've reworked partitions.c to always include the 'problematic' control, and therefore demonstrated that this is the issue. This ensures consistency, and should help with finding issues like this in future. As this control (DSDB_CONTROL_CURRENT_PARTITION_OID) is not intended to be linearised, I've added logic to allow it to be skipped when creating network packets. I've likewise make our LDAP server skip unknown controls, when marked 'not critical' on it's input, rather than just dropping the entire request. I need some help to generate a correct error packet when it is marked critical. Further work could perhaps be to have the ldap_encode routine return a textual description of what failed to encode, as that would have saved me a lot of time... Andrew Bartlett (This used to be commit eef710668f91d1bbaa2d834d9e653e11c8aac817)
2007-10-10r20322: I assume the options attribute of the nTDSDSA object containsStefan Metzmacher1-2/+2
mutiple flags not just 1 for being a global catalog metze (This used to be commit 202645e196b1425f9043bd34dd02a1418e2e3dd9)
2007-10-10r20149: Remove the smb.conf distinction between PDC and BDC. Now the correctAndrew Bartlett1-5/+40
way to setup a Samba4 DC is to set 'server role = domain controller'. We use the fSMORoleOwner attribute in the base DN to determine the PDC. This patch is quite large, as I have corrected a number of places that assumed taht we are always the PDC, or that used the smb.conf lp_server_role() to determine that. Also included is a warning fix in the SAMR code, where the IDL has seperated a couple of types for group display enumeration. We also now use the ldb database to determine if we should run the global catalog service. In the near future, I will complete the DRSUAPI DsGetDomainControllerInfo server-side on the same basis. Andrew Bartlett (This used to be commit 67d8365e831adf3eaecd8b34dcc481fc82565893)
2007-10-10r19831: Big ldb_dn optimization and interfaces enhancement patchSimo Sorce1-4/+5
This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2007-10-10r19598: Ahead of a merge to current lorikeet-heimdal:Andrew Bartlett1-0/+2
Break up auth/auth.h not to include the world. Add credentials_krb5.h with the kerberos dependent prototypes. Andrew Bartlett (This used to be commit 2b569c42e0fbb596ea82484d0e1cb22e193037b9)