summaryrefslogtreecommitdiff
path: root/source4/ldap_server/ldap_server.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r7751: only enable tls on the ldaps port in ldap server, and reject non-tlsAndrew Tridgell1-1/+4
connections on that port (This used to be commit 30da6a1cc41308a16a486111887f45bcf598f064)
2007-10-10r7749: some bug fixes from testing with socket:testnonblockAndrew Tridgell1-1/+1
- fixed some infinite loops in asn1.c - ensure asn1 callers know if an error is end of buffer or bad data - handle npending 0 in ldap server (This used to be commit f22c3b84c8912ccd36e676a782b58f1841be8875)
2007-10-10r7747: - simplified the ldap server buffer handlingAndrew Tridgell1-352/+234
- got rid of the special cases for sasl buffers - added a tls_socket_pending() call to determine how much data is waiting on a tls connection - removed the attempt at async handling of ldap calls. The buffers/sockets are all async, but the calls themselves are sync. (This used to be commit 73cb4aad229d08e17e22d5792580bd43a61b142a)
2007-10-10r7746: - added TLS support to our ldap serverAndrew Tridgell1-82/+112
- this involved changing the buffer handling in the ldap server quite a lot, as it didn't handle partial packets at all - removed completely bogus asn1_object_length() function. You can't do that with BER/DER (This used to be commit fed6f4cc6ceaf83aacb581499aeaf6af4ee8ddd2)
2007-10-10r7593: simplified the memory management in the ldap code. Having a mem_ctxAndrew Tridgell1-5/+9
element in a structure is not necessary any more. (This used to be commit 912d0427f52eac811b27bf7e385b0642f7dc7f53)
2007-10-10r7565: fixed handling of sasl data in ldap serverAndrew Tridgell1-1/+2
(This used to be commit 9b7a89735f18f66ead010d5a1a0a6516ee9b93fe)
2007-10-10r5304: removed lib/socket/socket.h from includes.hAndrew Tridgell1-0/+1
(This used to be commit b902ea546d2d1327b23f40ddaeeaa8e7e3662454)
2007-10-10r5294: - added a separate NBT-WINS test for WINS operations (register, ↵Andrew Tridgell1-1/+1
refresh, release and query) - change the iface_n_*() functions to return a "const char *" instead of a "struct ipv4_addr" I think that in general we should move towards "const char *" for all IP addresses, as this makes IPv6 much easier, and is also easier to debug. Andrew, when you get a chance, could you fix some of the auth code to use strings for IPs ? - return a NTSTATUS error on bad name queries and node status instead of using rcode. This makes the calling code simpler. - added low level name release code in libcli/nbt/ - use a real IP in the register and wins nbt torture tests, as w2k3 WINS server silently rejects some operations that don't come from the IP being used (eg. it says "yes" to a release, but does not in fact release the name) (This used to be commit bb1ab11d8e0ea0bd9ae34aebeb565d36fe4b495f)
2007-10-10r5197: moved events code to lib/events/ (suggestion from metze)Andrew Tridgell1-1/+1
(This used to be commit 7f54c8a339f36aa43c9340be70ab7f0067593ef2)
2007-10-10r5195: most events don't need the time of the event, so save a ↵Andrew Tridgell1-4/+2
gettimeofday() call and just use timeval_current() when its actually needed (This used to be commit 236403cc4dc2924ed6a898acae0bb44cc1688dcc)
2007-10-10r5185: make all the events data structures private to events.c. This willAndrew Tridgell1-2/+2
make it possible to add optimisations to the events code such as keeping the next timed event in a sorted list, and using epoll for file descriptor events. I also removed the loop events code, as it wasn't being used anywhere, and changed timed events to always be one-shot (as adding a new timed event in the event handler is so easy to do if needed) (This used to be commit d7b4b6de51342a65bf46fce772d313f92f8d73d3)
2007-10-10r5102: This is a major simplification of the logic for controlling top levelAndrew Tridgell1-121/+84
servers in smbd. The old code still contained a fairly bit of legacy from the time when smbd was only handling SMB connection. The new code gets rid of all of the smb_server specific code in smbd/, and creates a much simpler infrastructures for new server code. Major changes include: - simplified the process model code a lot. - got rid of the top level server and service structures completely. The top level context is now the event_context. This got rid of service.h and server.h completely (they were the most confusing parts of the old code) - added service_stream.[ch] for the helper functions that are specific to stream type services (services that handle streams, and use a logically separate process per connection) - got rid of the builtin idle_handler code in the service logic, as none of the servers were using it, and it can easily be handled by a server in future by adding its own timed_event to the event context. - fixed some major memory leaks in the rpc server code. - added registration of servers, rather than hard coding our list of possible servers. This allows for servers as modules in the future. - temporarily disabled the winbind code until I add the helper functions for that type of server - added error checking on service startup. If a configured server fails to startup then smbd doesn't startup. - cleaned up the command line handling in smbd, removing unused options (This used to be commit cf6a46c3cbde7b1eb1b86bd3882b953a2de3a42e)
2007-10-10r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for theAndrew Tridgell1-8/+8
large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2007-10-10r4897: Unbreak the LDAP server. Somehow the generic service structuresAndrew Bartlett1-7/+8
(which seem just a little too complex) changed, but this code was not updated or tested. Also clarify the existing code, by not reusing variables. Andrew Bartlett (This used to be commit eb46adade4a0b9f0977479eb767c0bc7936a9585)
2007-10-10r4728: split up server_services into:Stefan Metzmacher1-41/+27
- stream_socket services the smb, ldap and rpc service which sets up a srtam socket end then waits for connections and - task services which this you can create a seperate task that do something (this is also going through the process_model subsystem so with -M standard a new process for this created with -M thread a new thread ... I'll add datagram services later when we whave support for datagram sockets in lib/socket/ see the next commit as an example for service_task's metze (This used to be commit d5fa02746c6569b09b6e05785642da2fad3ba3e0)
2007-10-10r4716: add a real ugly hack to get all ldap queries of anStefan Metzmacher1-1/+5
w2k3 dc join working I just commit that to not lose it if my home box would crash... you need a hacked.ldb with some stuff in it, I'll explain later and you need --option="ldapsrv:hacked=yes" so what is left now is KRB5 support for DCERPC in the server as the EVENT LOG of w2k3 says... metze (This used to be commit d72760d26ffe531e34bcbec623b986761152ae5b)
2007-10-10r4547: - added talloc_new(ctx) macro that is a neater form of the common ↵Andrew Tridgell1-2/+2
talloc(ctx, 0) call. - cleaned up some talloc usage in various files I'd like to get to the point that we have no calls to talloc(), at which point we will rename talloc_p() to talloc(), to encourage everyone to use the typesafe functions. (This used to be commit e6c81d7c9f8a6938947d3c1c8a971a0d6d50b67a)
2007-10-10r4459: GENSEC refinements:Andrew Bartlett1-69/+44
In developing a GSSAPI plugin for GENSEC, it became clear that the API needed to change: - GSSAPI exposes only a wrap() and unwrap() interface, and determines the location of the signature itself. - The 'have feature' API did not correctly function in the recursive SPNEGO environment. As such, NTLMSSP has been updated to support these methods. The LDAP client and server have been updated to use the new wrap() and unwrap() methods, and now pass the LDAP-* tests in our smbtorture. (Unfortunely I still get valgrind warnings, in the code that was previously unreachable). Andrew Bartlett (This used to be commit 9923c3bc1b5a6e93a5996aadb039bd229e888ac6)
2007-10-10r4079: implement the gensec_have_feature() correctly by askingStefan Metzmacher1-6/+6
the backend what is actually in use metze (This used to be commit 6f3eb7bc03609108b9e0ea5676fca3d04140e737)
2007-10-10r3762: - only load the readed bytes into the input bufferStefan Metzmacher1-2/+3
- fix compiler warnings with gcc-4.0 metze (This used to be commit 7a931ea0f4884d866bbb05b7b81f8e0598364813)
2007-10-10r3507: - added deferred replies on sharing violation in pvfs open. TheAndrew Tridgell1-3/+3
deferred reply is short-circuited immediately when the file is closed by another user, allowing it to be opened by the waiting user. - added a sane set of timeval manipulation routines - converted all the events code and code that uses it to use struct timeval instead of time_t, which allows for microsecond resolution instead of 1 second resolution. This was needed for doing the pvfs deferred open code, and is why the patch is so big. (This used to be commit 0d51511d408d91eb5f68a35e980e0875299b1831)
2007-10-10r3481: split out client.h and events.hAndrew Tridgell1-0/+1
(This used to be commit c6f486574470a311e0d336c026103f131451e21e)
2007-10-10r3464: split out registry.h, rap.h and ldap_server.hAndrew Tridgell1-0/+1
(This used to be commit 70d2090f6bf2c7e0caf1e9c020f330de88871f8e)
2007-10-10r3463: separated out some more headers (asn_1.h, messages.h, dlinklist.h and ↵Andrew Tridgell1-1/+3
ioctl.h) (This used to be commit b97e395c814762024336c1cf4d7c25be8da5813a)
2007-10-10r3453: - split out the auth and popt includesAndrew Tridgell1-0/+1
- tidied up some of the system includes - moved a few more structures back from misc.idl to netlogon.idl and samr.idl now that pidl knows about inter-IDL dependencies (This used to be commit 7b7477ac42d96faac1b0ff361525d2c63cedfc64)
2007-10-10r3443: the next stage in the include files re-organisation.Andrew Tridgell1-4/+4
I have created the include/system/ directory, which will contain the wrappers for the system includes for logical subsystems. So far I have created include/system/kerberos.h and include/system/network.h, which contain all the system includes for kerberos code and networking code. These are the included in subsystems that need kerberos or networking respectively. Note that this method avoids the mess of #ifdef HAVE_XXX_H in every C file, instead each C module includes the include/system/XXX.h file for the logical system support it needs, and the details are kept isolated in include/system/ This patch also creates a "struct ipv4_addr" which replaces "struct in_addr" in our code. That avoids every C file needing to import all the system networking headers. (This used to be commit 2e25c71853f8996f73755277e448e7d670810349)
2007-10-10r3316: give the LDAP server a chance of operating correctly non-blocking (itAndrew Tridgell1-2/+2
didn't handle EINTR or EAGAIN) (This used to be commit c35a8f92c2df354e972ced9371d33657ce99988e)
2007-10-10r3304: changed the API to lib/socket/ a little.Andrew Tridgell1-4/+19
The main change is to make socket_recv() take a pre-allocated buffer, rather than allocating one itself. This allows non-blocking users of this API to avoid a memcpy(). As a result our messaging code is now about 10% faster, and the ncacn_ip_tcp and ncalrpc code is also faster. The second change was to remove the unused mem_ctx argument from socket_send(). Having it there implied that memory could be allocated, which meant the caller had to worry about freeing that memory (if for example it is sending in a tight loop using the same memory context). Removing that unused argument keeps life simpler for users. (This used to be commit a16e4756cd68ca8aab4ffc59d4d9db0b6e44dbd1)
2007-10-10r3278: - rewrote the client side rpc connection code to use lib/socket/Andrew Tridgell1-5/+3
rather than doing everything itself. This greatly simplifies the code, although I really don't like the socket_recv() interface (it always allocates memory for you, which means an extra memcpy in this code) - fixed several bugs in the socket_ipv4.c code, in particular client side code used a non-blocking connect but didn't handle EINPROGRESS, so it had no chance of working. Also fixed the error codes, using map_nt_error_from_unix() - cleaned up and expanded map_nt_error_from_unix() - changed interpret_addr2() to not take a mem_ctx. It makes absolutely no sense to allocate a fixed size 4 byte structure like this. Dozens of places in the code were also using interpret_addr2() incorrectly (precisely because the allocation made no sense) (This used to be commit 7f2c771b0e0e98c5c9e5cf662592d64d34ff1205)
2007-10-10r3136: - Allow specifying socket type when adding smbd serviceJelmer Vernooij1-2/+2
- Make sure a epm_tower struct is completely initialized - Some more minor fixes (This used to be commit d560dcbdb85cb2c6915bdb9e2f82f1872b0f5a52)
2007-10-10r2881: also bind the ldap service on the global catalog service portStefan Metzmacher1-0/+3
(port 3268) metze (This used to be commit 7d17122c71e5a84c4804b5630790ba2d1dac73ee)
2007-10-10r2878: add server sasl supportStefan Metzmacher1-19/+29
(there are a lot of clean ups following later, but the LDAP-BASIC test works :-) metze (This used to be commit 34fe29c04a76f2f53f27adcaf9be2dce8d177516)
2007-10-10r2863: move the logical ldapsrv functions to a seperate fileStefan Metzmacher1-257/+0
metze (This used to be commit 5173c4d4fe78b2ca539e0b650745b63475d48e1d)
2007-10-10r2862: prepare LDAP SASL support for the serverStefan Metzmacher1-12/+188
metze (This used to be commit 9a7505bd74a453b10aa2d40071bb80eb656bc61f)
2007-10-10r2731: use debug level 10 everywhereStefan Metzmacher1-7/+7
metze (This used to be commit a0e4dca3dab1da02edc09fd5f80690ec0b764c17)
2007-10-10r2724: - use ldapsrv_service and set it up with the rootDSE and default ↵Stefan Metzmacher1-13/+42
partition (this is not complete yet) - call asn1_free() after each call metze (This used to be commit 0aa622bdc497e4ae1a23bd47ad9d9bf2757c8fd5)
2007-10-10r2695: revert "Del" renamingSimo Sorce1-7/+7
(This used to be commit ddd74dae8efe4e04b5a56ee9ecd9d4f87f99d104)
2007-10-10r2689: Use consistent naming Del -> DeleteSimo Sorce1-7/+7
Add delete functionality to ldb simple lda server backend add some const in ldap.h (This used to be commit 5ed9a6eb184f34eb572dd81202237042518ec7cd)
2007-10-10r2688: - fix case where listed attributes are askedStefan Metzmacher1-81/+70
- use the return code of the functions and only call ldapsrv_terminate_connection from ldapsrv_recv() or ldapsrv_send() - the rootdse is now a normal partition metze (This used to be commit af1501a28d700f90cd2243fbfdce6527a0f62961)
2007-10-10r2646: - use a talloc destructor to ensure that sockets from the new socketAndrew Tridgell1-1/+1
library are closed on abnormal termination - convert the service.h structures to the new talloc methods (This used to be commit 2dc334a3284858eb1c7190f9687c9b6c879ecc9d)
2007-10-10r2628: got rid of some warnings and converted a few more places to use ↵Andrew Tridgell1-1/+1
hierarchical memory allocation (This used to be commit 26da45a8019a2d6c9ff2ac2a6739c7d0b42b00de)
2007-10-10r2527: - add a dummy for a simple ldb backendStefan Metzmacher1-7/+5
- handle the complete rootDSE search (maybe this will be also a partition module) metze (This used to be commit 6fc904a71cf5305d0c5c260ad1665499ea6c6f9a)
2007-10-10r2526: use LDAP error 53 (unwillingToPerform)Stefan Metzmacher1-6/+6
when the backend didn't implement the call metze (This used to be commit e2fe6858494da311ee9a3f06dd84509572318893)
2007-10-10r2525: fix a search response when the backend didn't support SearchStefan Metzmacher1-1/+16
we return LDAP error 32 (noSuchObject) now instead of a protocol error metze (This used to be commit f9dc34cd0b5e5e05e5ca6b034a7056b34053c4d0)
2007-10-10r2523: - readd rootDSE replyStefan Metzmacher1-76/+86
- add infrastructure start for having multiple directory partitions (backends) metze (This used to be commit 5103e7fe7873c0309461ad471f0529223d7c38eb)
2007-10-10r2509: add a struct ldapsrv_call which is simular to the dcesrv_call_state ↵Stefan Metzmacher1-283/+245
struct and related stuff... metze (This used to be commit dc1f8212ff717765c40ea5668e841db50e636748)
2007-10-10r2447: let the server code use the new lib/socket/ stuffStefan Metzmacher1-18/+37
metze (This used to be commit 2fd577d2417e117a7e8c1a56feb147eae805df34)
2007-10-10r2401: make our LDAP server useable:Stefan Metzmacher1-3/+200
- we need to mark the fd event as writable otherwise we'll never senda packet to the client - a search response have to ended by a LDAP result message - return currentTime, supportedLDAPVersion and dnsHostName for testing ldap -x -s base -h ldap://localhost/ is now works against our LDAP server metze (This used to be commit 3a9ca351166cf56de878e4408e221df299271c32)
2007-10-10r2321: add complately untested LDAP server startStefan Metzmacher1-0/+455
based on volker's patch this is compiled by default but not started by default metze (This used to be commit 5387bc423d4dc669cbac6626f8dd3a5498a6519d)