Age | Commit message (Collapse) | Author | Files | Lines |
|
If we immediately afterwards perform an LDB base operation then we don't
need an explicit "ldb_dn_validate" check anymore (only OOM makes sense).
Reviewed by: Tridge
|
|
thi ensures we are using the header corresponding to the version of
ldb we're linking against. Otherwise we could use the system ldb for
link and the in-tree one for include
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Reviewed-by: Andrew Bartlett
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Tue Feb 1 20:05:39 CET 2011 on sn-devel-104
|
|
socket
metze
|
|
the parent of this session_info is either the stream_connection, or
its a system_session(). In either case reparenting it on the
ldapsrv_connection doesn't achieve anything that I can see.
The move was causing a steal on reference error because the
session_info often has multiple references.
Thanks to Metze for spotting this.
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Wed Dec 1 22:10:42 CET 2010 on sn-devel-104
|
|
We previously allocated sockets as direct children of the event
context. That led to crashes if a service called
task_server_terminate(), as it left the socket open and handling
events for a dead protocol.
Making them a child of the task allows the task to terminate and take
all its sockets with it.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri Nov 5 00:12:37 UTC 2010 on sn-devel-104
|
|
this also removes the event_context parameter from process model
initialisation. It isn't needed, and is confusing when a process model
init can be called from more than one place, possibly with different
event contexts.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
This should make our sasl and tls handling much more robust
against partial sent pdus.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Oct 8 11:55:26 UTC 2010 on sn-devel-104
|
|
This reverts commit b53fbc75acc525f2e2450370e704a62791271788.
There are problems with problems with broken gnutls versions.
We can readd this once we have the needed configure checks to
detect the bug in gnutls. See https://bugzilla.samba.org/show_bug.cgi?id=7218.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Oct 7 10:31:18 UTC 2010 on sn-devel-104
|
|
This should make our sasl and tls handling much more robust
against partial sent pdus.
metze
|
|
This ensures that two ldap server operations cannot happen in parallel
by using packet_recv_disable() and packet_recv_enable() to disable
other interfaces during ldap calls.
This prevents problems caused by parallel ldap operations where
transactions could overlap.
|
|
this converts all callers that use the Samba4 loadparm lp_ calling
convention to use the lpcfg_ prefix.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
metze
|
|
It is a problem if a samba header is called ldap.h if we also want
to use OpenLDAP's ldap.h
Andrew Bartlett
|
|
This should always return a simple structure with no need to consult a
DB, so remove the event context, and simplfy to call helper functions
that don't look at privilages.
Andrew Bartlett
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Using common parameters means that the ldb_wrap code can return a
reference rather than a new database
|
|
This allows us to reuse a ldb context if it is open twice, instead
of going through the expensive process of a full ldb open. We can
reuse it if all of the parameters are the same.
The change relies on callers using talloc_unlink() or free of a parent
to close a ldb context.
|
|
This patch adds a system_session cache, preventing us from having to
recreate it on every ldb open, and allowing us to detect when the same
session is being used in ldb_wrap
|
|
When one of our core tasks fails to initialise it can now ask for the
server as a whole to die, rather than limping along in a degraded
state.
|
|
stream_terminate_connection() removes the fd event
This fixes a crash bug where tls_destructor() relies on the fd event still being there.
metze
|
|
metze
|
|
It seems that the samba4 part of the merged build does not pick up the
DEVELOPER flag from the s3 configure.
Jelmer, can you fix that properly?
Thanks,
Volker
|
|
This allows us some time to get the EXTERNAL bind working
|
|
This makes it clear to our users that this particular implementation
isn't final (all parties are agreed that an EXTERNAL bind is the right
way to do this, but it has not been implemented yet).
Andrew Bartlett
|
|
This patch creates ldap_priv/ as a subdirectory under the private dir with the
appropriate permissions to only allow the same access as the privileged winbind
socket allows. Connecting to ldap_priv/ldapi gives SYSTEM access to the ldap
database.
|
|
|
|
As they can we static there, we pass the specific handlers as parameter
where we need to support controls.
metze
|
|
Our packet layer relies on the event system reliably telling us when a
packet is available. When we are using a socket layer like TLS then
things get a bit trickier, as there may be bytes in the encryption
buffer which could be read even if there are no bytes at the socket
level. The GNUTLS library is supposed to prevent this happening by
always leaving some data at the socket level when there is data to be
processed in its buffers, but it seems that this is not always
reliable.
To work around this I have added a new packet option
packet_set_unreliable_select() which tells the packet layer to not
assume that the socket layer has a reliable select, and to instead
keep trying to read from the socket until it gets back no data. This
option is set for the ldap client and server when TLS is negotiated.
This seems to fix the problems with the ldaps tests.
|
|
metze
|
|
metze
|
|
list=""
list="$list event_context:tevent_context"
list="$list fd_event:tevent_fd"
list="$list timed_event:tevent_timer"
for s in $list; do
o=`echo $s | cut -d ':' -f1`
n=`echo $s | cut -d ':' -f2`
r=`git grep "struct $o" |cut -d ':' -f1 |sort -u`
files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4`
for f in $files; do
cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp
mv $f.tmp $f
done
done
metze
|
|
|
|
The previous ldb_search() interface made it way too easy to leak results,
and being able to use a printf-like expression turns to be really useful.
|
|
metze
|
|
We just open it to figure out if we need to be a Global Catalog server.
Andrew Bartlett
(This used to be commit f13572d9e9f1962b637cbd573588184d1459d252)
|
|
(This used to be commit b4e1ae07a284c044704322446c94351c2decff91)
|
|
(This used to be commit 47ffbbf67435904754469544390b67d34c958343)
|
|
This passes down the timeout more consistantly, and ensures that no
matter how the modules screw up, we don't free() the memory we are
going to write into the ASN1 packet until we actually write it out.
Andrew Bartlett
(This used to be commit eefd46289b90967ce6b4cd385fb1f7e1d6f9b343)
|
|
task_service_init() manually. Now this is called from service.c for
all services.
Andrew Bartlett
(This used to be commit 9c9a4731cafd0dcf6c8523a7b06759cd4f14e4db)
|
|
needed to change prefork behaviour based on what service is being
started.
Andrew Bartlett and David Disseldorp
(This used to be commit 0d830580e3539c96da3aa6c72fafe6eacd7a74a0)
|
|
(This used to be commit 44e1cfd2d0ef62e4ee541cec00581a7151d951b3)
|
|
(This used to be commit 18cd08623eaad7d2cd63b82ea5275d4dfd21cf00)
|
|
(This used to be commit 50c46160d997e0448f51ae09e0f3c79e8519fa41)
|
|
this can be shared with the CLDAP server (for the netlogon reply).
Andrew Bartlett
(This used to be commit 592c10ae11c94007e38404a7edea9fd8471f1907)
|
|
(This used to be commit 1b947fe0e6e16318e5a8127bb4932d6b5d20bcf6)
|
|
(This used to be commit a35e51871bbf1ab33fc316fa59e597b722769c50)
|
|
(This used to be commit 9f975417cc66bfd4589da38bfd23731dbe0e6153)
|