summaryrefslogtreecommitdiff
path: root/source4/ldap_server
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r11447: fixed a problem with the ldap server spinning using CPU timeAndrew Tridgell1-10/+22
(This used to be commit c913f466cd27030f8c696ab60b1a4a2eb2ac260c)
2007-10-10r11408: fixed the mapping of ldb errors to ldap errors in the ldap serverAndrew Tridgell1-41/+20
(This used to be commit 647cb90360d1a790c8da34d48c46737762046e1b)
2007-10-10r11244: Relative path names in .mk filesJelmer Vernooij1-5/+5
(This used to be commit 24e10300906c380919d2d631bfb3b8fd6b3f54ba)
2007-10-10r11225: Remove pointless goto.Andrew Bartlett1-2/+0
Andrew Bartlett (This used to be commit 30f4ece4d2e55d2d50061f74a491d3f77551a6ae)
2007-10-10r11214: Remove scons files (see ↵Jelmer Vernooij1-4/+0
http://lists.samba.org/archive/samba-technical/2005-October/043443.html) (This used to be commit 7fffc5c9178158249be632ac0ca179c13bd1f98f)
2007-10-10r11200: Reposition the creation of the kerberos keytab for GSSAPI and Krb5Andrew Bartlett1-0/+18
authentication. This pulls the creating of the keytab back to the credentials code, and removes the special case of 'use keberos keytab = yes' for now. This allows (and requires) the callers to specify the credentials for the server credentails to GENSEC. This allows kpasswdd (soon to be added) to use a different set of kerberos credentials. The 'use kerberos keytab' code will be moved into the credentials layer, as the layers below now expect a keytab. We also now allow for the old secret to be stored into the credentials, allowing service password changes. Andrew Bartlett (This used to be commit 205f77c579ac8680c85f713a76de5767189c627b)
2007-10-10r11112: listen on the global catalog ldap server port as well if we are aAndrew Tridgell1-0/+11
PDC. I suspect we should behave slightly differently on the two ports, but this is a lot closer than not listening at all. When creating a user with mmc the global catalog port is used to check for an existing user (This used to be commit f8430c3f41313d0a71cea23e1a2ef98f088aff44)
2007-10-10r10914: moved the ldap time string functions into ldb so they can be used byAndrew Tridgell1-2/+2
the time attribute handling functions (This used to be commit 93c296d52718e77f8b702e1721b548eaadc56c76)
2007-10-10r10832: free the old session infoStefan Metzmacher1-0/+5
metze (This used to be commit 16b2569788348ee3654557cf714ea3b204375c3c)
2007-10-10r10820: Use talloc_get_type as suggested by tridge.Andrew Bartlett2-7/+7
Andrew Bartlett (This used to be commit 9c511a16f829df5f177b94c7234875d4ec8afe52)
2007-10-10r10810: This adds the hooks required to communicate the current user from theAndrew Bartlett8-1103/+141
authenticated session down into LDB. This associates a session info structure with the open LDB, allowing a future ldb_ntacl module to allow/deny operations on that basis. Along the way, I cleaned up a few things, and added new helper functions to assist. In particular the LSA pipe uses simpler queries for some of the setup. In ldap_server, I have removed the 'ldasrv:hacked' module, which hasn't been worked on (other than making it continue to compile) since January, and I think the features of this module are being put into ldb anyway. I have also changed the partitions in ldap_server to be initialised after the connection, with the private pointer used to associate the ldb with the incoming session. Andrew Bartlett (This used to be commit fd7203789a2c0929eecea8125b57b833a67fed71)
2007-10-10r10709: fixed a crash bug rather similar to the one volker found in the dcerpcAndrew Tridgell2-5/+25
code, where a stream_terminate_connection() while processing a request can cause a later defererence of the connection structure to die. (This used to be commit efbcb0f74176058a74d7134dae4658b891fc6f16)
2007-10-10r10586: Add MergedObject() builder. Default to Library() ratherJelmer Vernooij1-1/+1
then StaticLibrary() (This used to be commit b53313dc517986c69a4e4cb8fe3885b696f8faa1)
2007-10-10r10353: Fix typoVolker Lendecke1-1/+1
(This used to be commit b871ecbc2cf5ef2222e498f7819a06aa9082e155)
2007-10-10r10348: Add scons scripts for remaining subsystems. Most subsystems build now,Jelmer Vernooij1-1/+0
but final linking still fails (as does generating files asn1, et, idl and proto files) (This used to be commit 4f0d7f75b99c7f4388d8acb0838577d86baf68b5)
2007-10-10r10336: Add sconscript for a couple more subsystems.Jelmer Vernooij1-0/+5
(This used to be commit 59d4450453c25f5cce9b67b808ff0c4433c1d194)
2007-10-10r10315: Remove use of fstring and pstring in dynconfig.cJelmer Vernooij2-2/+0
Remove unused includes of dynconfig.h (This used to be commit 59083b7ba60d518ddb59646c4fd69938afd079b3)
2007-10-10r10252: a recent checkin from simo changed the handling of BASE and SUBTREEAndrew Tridgell1-1/+2
searches in ldb to be more ldap compliant, but broke the wins server and the ejs ldb code. This fixes those up so 'make test' passes again. (This used to be commit dff660c23c97114d0c1be705f4d6a9c114b60456)
2007-10-10r10237: fix parameter, how have I missed this...?Stefan Metzmacher1-1/+1
metze (This used to be commit d02e1aa049f29590fbb5e08a32ee54177baa71a7)
2007-10-10r10213: fixed a memory leak in the ldap client and server code spotted by KarlAndrew Tridgell1-1/+3
Melcher. ldap_encode() now takes a memory context to use for the data blob (This used to be commit 09948a59336a7f02bf2b4605f2d4d886e65b85f2)
2007-10-10r10078: - add a 'struct data_blob_list_item'Stefan Metzmacher2-23/+23
- use this for the send_queue's of the different stream_servers to not redefine the same struct so often, and it maybe will be used in other places too metze (This used to be commit b6694f067ab7aff0ee303dbfe8a6e7fad801e7e9)
2007-10-10r9417: Ask for the ASYNC_REPLIES feature, as will want that.Andrew Bartlett1-0/+1
Andrew Bartlett (This used to be commit 8cb8f99ae602f3bca0235e5e695ecb1ba55b0e46)
2007-10-10r9391: Convert all the code to use struct ldb_dn to ohandle ldap like ↵Simo Sorce3-113/+86
distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
2007-10-10r8926: RFC 2891 - LDAP Control Extension for Server Side Sorting of Search ↵Simo Sorce1-0/+451
Results (This used to be commit 5dd4844cc5f1e719d55e642c5f1b8af5655fec89)
2007-10-10r8811: Fix the build..Jelmer Vernooij1-0/+1
(This used to be commit fac77f5fa267da57a55e88cad8993897e80741a0)
2007-10-10r8520: fixed a pile of warnings from the build farm gcc -Wall output onAndrew Tridgell2-2/+4
S390. This is an attempt to avoid the panic we're seeing in the automatic builds. The main fixes are: - assumptions that sizeof(size_t) == sizeof(int), mostly in printf formats - use of NULL format statements to perform dn searches. - assumption that sizeof() returns an int (This used to be commit a58ea6b3854973b694d2b1e22323ed7eb00e3a3f)
2007-10-10r8514: add docsSimo Sorce1-0/+2803
(This used to be commit 876f0a095b8aa7060c62f91fc5715af1f1432e8b)
2007-10-10r8272: added the hooks for adding a name to a messaging context, so we willAndrew Tridgell1-0/+3
be able to send a message to the "ldap_server" task without having to know its task ID. (This used to be commit 8f69867867857e0c9a9246c2dec9612ccc234724)
2007-10-10r8222: 0 entries are no error, unless it's a base searchStefan Metzmacher1-1/+5
metze (This used to be commit 0297943ff201b06cc7a3c4aba5d81481a4cc5966)
2007-10-10r7918: fixed a crash bug in the ldap serverAndrew Tridgell1-1/+1
(This used to be commit 44ded17bc2501cd8d03fb3a94a3b7c502f5a2128)
2007-10-10r7911: task_terminate() is defined in the macosx headers, so change the nameAndrew Tridgell1-1/+1
to task_server_terminate() (This used to be commit a7447e25ac203f0ee09ffdf72df1094eb70e7c0c)
2007-10-10r7854: only enable wrapping in the ldap server if it was negotiated by gensecAndrew Tridgell1-2/+4
(This used to be commit 355983493bc87b9e812152ef81773dccb23e03d5)
2007-10-10r7801: the ldap server needs this logic tooAndrew Tridgell2-0/+12
(This used to be commit 1dbb5bf2c1c6e11b3467b6eb1a2206c6299bc25b)
2007-10-10r7777: allow for overriding the location of the sam databasein the ldap ↵Andrew Tridgell3-13/+27
server, using ldapsrv:samdb option. This allows the following: sam database=ldap://localhost ldapsrv:samdb=tdb:///home/tridge/samba/samba4/prefix/private/sam.ldb which allows us to test putting the sam on an ldap server using our own ldap server. This is a great stress test for the ldap code. (This used to be commit 40948ba3848e2cfd69ee5ef77031170a652e389b)
2007-10-10r7753: removed debugging code :-)Andrew Tridgell1-2/+0
(This used to be commit 51ea22db2df3a002de3779302cd455bfb2e3fec2)
2007-10-10r7751: only enable tls on the ldaps port in ldap server, and reject non-tlsAndrew Tridgell1-1/+4
connections on that port (This used to be commit 30da6a1cc41308a16a486111887f45bcf598f064)
2007-10-10r7749: some bug fixes from testing with socket:testnonblockAndrew Tridgell1-1/+1
- fixed some infinite loops in asn1.c - ensure asn1 callers know if an error is end of buffer or bad data - handle npending 0 in ldap server (This used to be commit f22c3b84c8912ccd36e676a782b58f1841be8875)
2007-10-10r7747: - simplified the ldap server buffer handlingAndrew Tridgell7-468/+301
- got rid of the special cases for sasl buffers - added a tls_socket_pending() call to determine how much data is waiting on a tls connection - removed the attempt at async handling of ldap calls. The buffers/sockets are all async, but the calls themselves are sync. (This used to be commit 73cb4aad229d08e17e22d5792580bd43a61b142a)
2007-10-10r7746: - added TLS support to our ldap serverAndrew Tridgell2-82/+115
- this involved changing the buffer handling in the ldap server quite a lot, as it didn't handle partial packets at all - removed completely bogus asn1_object_length() function. You can't do that with BER/DER (This used to be commit fed6f4cc6ceaf83aacb581499aeaf6af4ee8ddd2)
2007-10-10r7726: - removed some unused variablesAndrew Tridgell1-1/+1
- handle ldb_errstring() calls on failed connect (This used to be commit 8698a20fcc6a04ccbe533afd742e7a5df94423ee)
2007-10-10r7720: - simplify the asn1 decode of ldap_search() a lot, taking advantage ofAndrew Tridgell1-16/+4
the fact that the ldap data structures now use ldb_message_element. - fixed null termination of elements in ildap (This used to be commit 09060994c1ed12073ae6e1131d7074db8fdc523c)
2007-10-10r7711: update callers of ldb_connect() for new syntaxAndrew Tridgell1-53/+16
(This used to be commit f852661463624714ad8e7adc0547b2f07b8f9f6d)
2007-10-10r7677: fixed ldap server to honor 'private path'Andrew Tridgell1-1/+1
(This used to be commit f6abed5660ad8f7298eb2aebbaa25a8c355861a6)
2007-10-10r7670: fixed rootDSE search in ldap serverAndrew Tridgell1-1/+1
(This used to be commit 0981a375cfa9d8d75b6c89613eadb9d14cf1064f)
2007-10-10r7633: this patch started as an attempt to make the dcerpc code use a givenAndrew Tridgell1-1/+3
event_context for the socket_connect() call, so that when things that use dcerpc are running alongside anything else it doesn't block the whole process during a connect. Then of course I needed to change any code that created a dcerpc connection (such as the auth code) to also take an event context, and anything that called that and so on .... thus the size of the patch. There were 3 places where I punted: - abartlet wanted me to add a gensec_set_event_context() call instead of adding it to the gensec init calls. Andrew, my apologies for not doing this. I didn't do it as adding a new parameter allowed me to catch all the callers with the compiler. Now that its done, we could go back and use gensec_set_event_context() - the ejs code calls auth initialisation, which means it should pass in the event context from the web server. I punted on that. Needs fixing. - I used a NULL event context in dcom_get_pipe(). This is equivalent to what we did already, but should be fixed to use a callers event context. Jelmer, can you think of a clean way to do that? I also cleaned up a couple of things: - libnet_context_destroy() makes no sense. I removed it. - removed some unused vars in various places (This used to be commit 3a3025485bdb8f600ab528c0b4b4eef0c65e3fc9)
2007-10-10r7596: next step in ldap cleanup. I'm aiming to get rid of the cut&pastedAndrew Tridgell3-7/+7
ldif parsing code in libcli/ldap/ldap_ldif.c, and instead use the ldb ldif code. To do that I have changed the ldap code to use 'struct ldb_message_element' instead of 'struct ldap_attribute'. They are essentially the same structure anyway, so by making them really the same it will be much easier to use the ldb code in libcli/ldap/ I have also made 'struct ldb_val' the same as a DATA_BLOB, which will simplify data handling in quite a few places (I haven't yet removed all the code that maps between these two, that will come later) (This used to be commit 87fc3073392236221a3a6b933284e9e477c24ae5)
2007-10-10r7594: abartlet is right that this hack is not actually necessary, it justAndrew Tridgell1-6/+2
prevents a bogus: GSS Update failed: Miscellaneous failure (see text): ASN.1 identifier doesn't match expected value error on every ldap connection. I'll remove it and let the error remain until Andrew works out a better fix. (This used to be commit 6123eb2ecad6f53521b546f76954523fbc0fb981)
2007-10-10r7593: simplified the memory management in the ldap code. Having a mem_ctxAndrew Tridgell7-46/+57
element in a structure is not necessary any more. (This used to be commit 912d0427f52eac811b27bf7e385b0642f7dc7f53)
2007-10-10r7568: enable the NTLMSSP bulk data sign/seal code for out ldap server. ThisAndrew Tridgell1-8/+13
now works with windows clients, as I fixed the zero length bind ack packet. Andrew, note that this has the strncmp("NTLMSSP", data, 7) hack. Please replace with a more correct fix as we discussed. (This used to be commit 69b02e8adb25a5152aec15f55b2b2f67457cf08a)
2007-10-10r7565: fixed handling of sasl data in ldap serverAndrew Tridgell1-1/+2
(This used to be commit 9b7a89735f18f66ead010d5a1a0a6516ee9b93fe)