summaryrefslogtreecommitdiff
path: root/source4/ldap_server/ldap_server.c
AgeCommit message (Collapse)AuthorFilesLines
2011-03-04s4/ldb - remove now superflous "ldb_dn_validate" checksMatthias Dieter Wallnöfer1-1/+1
If we immediately afterwards perform an LDB base operation then we don't need an explicit "ldb_dn_validate" check anymore (only OOM makes sense). Reviewed by: Tridge
2011-02-10ldb: use #include <ldb.h> for ldbAndrew Tridgell1-2/+2
thi ensures we are using the header corresponding to the version of ldb we're linking against. Otherwise we could use the system ldb for link and the in-tree one for include Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-01Added SSL global catalogWilliam Brown1-3/+18
Reviewed-by: Andrew Bartlett Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Tue Feb 1 20:05:39 CET 2011 on sn-devel-104
2010-12-13s4:ldap_server: don't call ldb_req_mark_untrusted() on the privileged ldapi ↵Stefan Metzmacher1-3/+5
socket metze
2010-12-01s4-ldap: removed an incorrect talloc_move()Andrew Tridgell1-1/+1
the parent of this session_info is either the stream_connection, or its a system_session(). In either case reparenting it on the ldapsrv_connection doesn't achieve anything that I can see. The move was causing a steal on reference error because the session_info often has multiple references. Thanks to Metze for spotting this. Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Wed Dec 1 22:10:42 CET 2010 on sn-devel-104
2010-11-15s4-server: make server sockets a child of the task contextAndrew Tridgell1-8/+10
We previously allocated sockets as direct children of the event context. That led to crashes if a service called task_server_terminate(), as it left the socket open and handling events for a dead protocol. Making them a child of the task allows the task to terminate and take all its sockets with it. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-11-05s4-ldap_server Don't DEBUG() at level 2 every time a caller disconnectsAndrew Bartlett1-3/+0
Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Fri Nov 5 00:12:37 UTC 2010 on sn-devel-104
2010-10-30s4-smbd: don't initialise process models more than onceAndrew Tridgell1-1/+1
this also removes the event_context parameter from process model initialisation. It isn't needed, and is confusing when a process model init can be called from more than one place, possibly with different event contexts. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-10-10samdb: Add flags argument to samdb_connect().Jelmer Vernooij1-1/+1
2010-10-08s4:ldap_server: rewrite to socket layer to use tstreamStefan Metzmacher1-240/+522
This should make our sasl and tls handling much more robust against partial sent pdus. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Fri Oct 8 11:55:26 UTC 2010 on sn-devel-104
2010-10-07Revert "s4:ldap_server: rewrite to socket layer to use tstream"Stefan Metzmacher1-526/+240
This reverts commit b53fbc75acc525f2e2450370e704a62791271788. There are problems with problems with broken gnutls versions. We can readd this once we have the needed configure checks to detect the bug in gnutls. See https://bugzilla.samba.org/show_bug.cgi?id=7218. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Oct 7 10:31:18 UTC 2010 on sn-devel-104
2010-10-04s4:ldap_server: rewrite to socket layer to use tstreamStefan Metzmacher1-240/+526
This should make our sasl and tls handling much more robust against partial sent pdus. metze
2010-09-07s4-ldapserver: serialise ldap server operationsAndrew Tridgell1-0/+53
This ensures that two ldap server operations cannot happen in parallel by using packet_recv_disable() and packet_recv_enable() to disable other interfaces during ldap calls. This prevents problems caused by parallel ldap operations where transactions could overlap.
2010-07-16s4-loadparm: 2nd half of lp_ to lpcfg_ conversionAndrew Tridgell1-12/+12
this converts all callers that use the Samba4 loadparm lp_ calling convention to use the lpcfg_ prefix. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-06-28s4:ldap_server: don't start if we can't bind to port 389Stefan Metzmacher1-1/+4
metze
2010-05-21s4:libcli/ldap Rename ldap.h to libcli_ldap.hAndrew Bartlett1-1/+0
It is a problem if a samba header is called ldap.h if we also want to use OpenLDAP's ldap.h Andrew Bartlett
2010-04-11s4:auth Remove event context from anonymous_session()Andrew Bartlett1-1/+1
This should always return a simple structure with no need to consult a DB, so remove the event context, and simplfy to call helper functions that don't look at privilages. Andrew Bartlett
2010-02-25s4:ldap_server - make it "signed-safe"Matthias Dieter Wallnöfer1-1/+2
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-10-25s4-samdb: reduce the number of samdb opens at startupAndrew Tridgell1-4/+2
Using common parameters means that the ldb_wrap code can return a reference rather than a new database
2009-10-23s4-ldbwrap: added re-use of ldb contexts in ldb_wrap_connect()Andrew Tridgell1-1/+1
This allows us to reuse a ldb context if it is open twice, instead of going through the expensive process of a full ldb open. We can reuse it if all of the parameters are the same. The change relies on callers using talloc_unlink() or free of a parent to close a ldb context.
2009-10-23s4-dsdb: create a static system_session contextAndrew Tridgell1-1/+1
This patch adds a system_session cache, preventing us from having to recreate it on every ldb open, and allowing us to detect when the same session is being used in ldb_wrap
2009-09-18s4-server: kill main daemon if a task fails to initialiseAndrew Tridgell1-4/+6
When one of our core tasks fails to initialise it can now ask for the server as a whole to die, rather than limping along in a degraded state.
2009-08-05s4:ldap_server: make sure we shutdown the tls socket before ↵Stefan Metzmacher1-0/+1
stream_terminate_connection() removes the fd event This fixes a crash bug where tls_destructor() relies on the fd event still being there. metze
2009-07-31s4:ldap_server: the tls code steals the original socket on its own nowStefan Metzmacher1-1/+2
metze
2009-06-24Reenable the LDAPI socket for the merged buildVolker Lendecke1-2/+0
It seems that the samba4 part of the merged build does not pick up the DEVELOPER flag from the s3 configure. Jelmer, can you fix that properly? Thanks, Volker
2009-06-19Allow developers access the the privilaged ldapi socket for the momentAndrew Bartlett1-0/+4
This allows us some time to get the EXTERNAL bind working
2009-06-19s4:ldapsrv Place the 'privilaged' ldapi socket under an #ifdefAndrew Bartlett1-1/+11
This makes it clear to our users that this particular implementation isn't final (all parties are agreed that an EXTERNAL bind is the right way to do this, but it has not been implemented yet). Andrew Bartlett
2009-06-06Allow access as SYSTEM on a privileged ldapi connectionVolker Lendecke1-13/+83
This patch creates ldap_priv/ as a subdirectory under the private dir with the appropriate permissions to only allow the same access as the privileged winbind socket allows. Connecting to ldap_priv/ldapi gives SYSTEM access to the ldap database.
2009-05-29Fix some nonempty blank linesVolker Lendecke1-11/+11
2009-02-24libcli/ldap: move generic ldap control encoding code to ldap_message.cStefan Metzmacher1-2/+2
As they can we static there, we pass the specific handlers as parameter where we need to support controls. metze
2009-02-18Worked around a problem with select/poll/epoll and gnutls Andrew Tridgell1-0/+4
Our packet layer relies on the event system reliably telling us when a packet is available. When we are using a socket layer like TLS then things get a bit trickier, as there may be bytes in the encryption buffer which could be read even if there are no bytes at the socket level. The GNUTLS library is supposed to prevent this happening by always leaving some data at the socket level when there is data to be processed in its buffers, but it seems that this is not always reliable. To work around this I have added a new packet option packet_set_unreliable_select() which tells the packet layer to not assume that the socket layer has a reliable select, and to instead keep trying to read from the socket until it gets back no data. This option is set for the ldap client and server when TLS is negotiated. This seems to fix the problems with the ldaps tests.
2009-02-02s4:service_stream: s/private/private_dataStefan Metzmacher1-4/+4
metze
2009-02-02s4:ldap_server: s/private/private_dataStefan Metzmacher1-8/+8
metze
2008-12-29s4:lib/tevent: rename structsStefan Metzmacher1-5/+5
list="" list="$list event_context:tevent_context" list="$list fd_event:tevent_fd" list="$list timed_event:tevent_timer" for s in $list; do o=`echo $s | cut -d ':' -f1` n=`echo $s | cut -d ':' -f2` r=`git grep "struct $o" |cut -d ':' -f1 |sort -u` files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4` for f in $files; do cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp mv $f.tmp $f done done metze
2008-10-11Fix include paths to new location of libutil.Jelmer Vernooij1-2/+2
2008-09-23Merge ldb_search() and ldb_search_exp_fmt() into a simgle function.Simo Sorce1-6/+2
The previous ldb_search() interface made it way too easy to leak results, and being able to use a printf-like expression turns to be really useful.
2008-09-22s4: allways initialize the process model before it's usedStefan Metzmacher1-1/+1
metze
2008-07-16Don't keep an extra ldb around forever.Andrew Bartlett1-1/+5
We just open it to figure out if we need to be a Global Catalog server. Andrew Bartlett (This used to be commit f13572d9e9f1962b637cbd573588184d1459d252)
2008-04-17Specify event_context to ldb_wrap_connect explicitly.Jelmer Vernooij1-2/+3
(This used to be commit b4e1ae07a284c044704322446c94351c2decff91)
2008-04-02Install public header files again and include required prototypes.Jelmer Vernooij1-0/+2
(This used to be commit 47ffbbf67435904754469544390b67d34c958343)
2008-03-29Fix more valgrind issues.Andrew Bartlett1-1/+3
This passes down the timeout more consistantly, and ensures that no matter how the modules screw up, we don't free() the memory we are going to write into the ASN1 packet until we actually write it out. Andrew Bartlett (This used to be commit eefd46289b90967ce6b4cd385fb1f7e1d6f9b343)
2008-02-04Remove useless layer of indirection, where every service calledAndrew Bartlett1-13/+1
task_service_init() manually. Now this is called from service.c for all services. Andrew Bartlett (This used to be commit 9c9a4731cafd0dcf6c8523a7b06759cd4f14e4db)
2008-02-04Rework service init functions to pass down service name. This isAndrew Bartlett1-1/+1
needed to change prefork behaviour based on what service is being started. Andrew Bartlett and David Disseldorp (This used to be commit 0d830580e3539c96da3aa6c72fafe6eacd7a74a0)
2008-01-15util: Move asn1 to lib/util to trim down the number of subsystems.Jelmer Vernooij1-1/+1
(This used to be commit 44e1cfd2d0ef62e4ee541cec00581a7151d951b3)
2008-01-05r26672: Janitorial: Remove uses of global_loadparm.Jelmer Vernooij1-5/+10
(This used to be commit 18cd08623eaad7d2cd63b82ea5275d4dfd21cf00)
2008-01-05r26669: Janitorial: Remove uses of global_loadparm.Jelmer Vernooij1-1/+3
(This used to be commit 50c46160d997e0448f51ae09e0f3c79e8519fa41)
2008-01-03r26648: Move detection of global catalog captability to a central function, soAndrew Bartlett1-20/+1
this can be shared with the CLDAP server (for the netlogon reply). Andrew Bartlett (This used to be commit 592c10ae11c94007e38404a7edea9fd8471f1907)
2007-12-21r26430: require explicit specification of loadparm context.Jelmer Vernooij1-1/+1
(This used to be commit 1b947fe0e6e16318e5a8127bb4932d6b5d20bcf6)
2007-12-21r26402: Require a talloc context in libnetif.Jelmer Vernooij1-1/+1
(This used to be commit a35e51871bbf1ab33fc316fa59e597b722769c50)
2007-12-21r26401: Don't cache interfaces context in libnetif.Jelmer Vernooij1-2/+6
(This used to be commit 9f975417cc66bfd4589da38bfd23731dbe0e6153)