Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit 889fb983ba1cf8a11424a8b3dc3a5ef76e780082)
|
|
dependency loops).
This moves the evaluation of the SASL mechansim list to display in the
rootDSE to the ldap server.
Andrew Bartlett
(This used to be commit 379da475e224d93c05d91b37902c121eb4007d97)
|
|
- http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/
- http://gleg.net/protover_ldap_sample.shtml
Also fixes found by a subsequent audit of the code for similar issues.
(This used to be commit 441a4f6262459dabfefd9bb12622ada9c007a60c)
|
|
(This used to be commit 3ce1796eb4cca7fd78366ee540a998a1ca377866)
|
|
emacs compile mode (hint, paste to a file, and compile as "cat
filename").
This allowed me to fix nearly all the warnings for a IA_64 SuSE build
very quickly.
(This used to be commit eba6c84efff735bb0ca941ac4b755ce2b0591667)
|
|
* Move dlinklist.h, smb.h to subsystem-specific directories
* Clean up ads.h and move what is left of it to dsdb/
(only place where it's used)
(This used to be commit f7afa1cb77f3cfa7020b57de12e6003db7cfcc42)
|
|
(This used to be commit 9910c01a3a5dd417c47e83b9c9b6df8f4547e816)
|
|
not aiming to produce a high performance parallel ldap server, so
better to reserve the extra CPUs on a SMP box for file serving.
(This used to be commit 45c0580e5d3b18301bc5706423bb407d001fb61d)
|
|
(This used to be commit df1fe1a5c543453d5500ded30a982e7795d88670)
|
|
(This used to be commit b07a783b9881c5df305b939cd2acf9ee69610e9c)
|
|
Syntaxes.
Generated by scripts that cross information from the Windows Schema and the
aggregate schema and cross verified by searching on the net
(This used to be commit 996452844a9ac3df10e8b2c63dc693e5a753fc9d)
|
|
(This used to be commit 1020edb0c721da8889f5ce93e5497bb34ebbf786)
|
|
configure check for the interfaces.
should fix the build on some old sun boxes
metze
(This used to be commit f20e251bfd9f1eb7ce5c00739631b1625a2aa467)
|
|
to do
(This used to be commit ad75cf869550af66119d0293503024d41d834e02)
|
|
(This used to be commit 9f79714389373735807c1ed8ec9f2fddaa77a9dc)
|
|
(This used to be commit 7dffabc744271b0ab98d00c0cc23600d1b536d29)
|
|
and gensec_server_start().
calling them with NULL for event context or messaging context
is no longer allowed!
metze
(This used to be commit 679ac74e71b111344f1097ab389c0b83a9247710)
|
|
- give an operations error when tls is already on the socket
metze
(This used to be commit 9190d134c9be774c53f6dae52b7c4cdcc053d00f)
|
|
metze
(This used to be commit 0b16350fa2da39a66c4479dbf74182b06f7ed91a)
|
|
- we need this to later:
- to disallow a StartTLS when TLS is already in use
- to place the TLS socket between the raw and sasl socket
when we had a sasl bind before the StartTLS
- and rfc4513 says that the server may allow to remove the TLS from
the tcp connection again and reuse raw tcp
- and also a 2nd sasl bind should replace the old sasl socket
metze
(This used to be commit 10cb9c07ac60b03472f2b0b09c4581cc715002ba)
|
|
metze
(This used to be commit e8db1fb55833ab7b9e0be391ff822b34682cb38c)
|
|
our certificate, and proceed with the connection is left as an
exercise for the reader...
Andrew Bartlett
(This used to be commit 9bd66d4c95dd971e2b1b6371ba3ffc6c178c0d4c)
|
|
routines to return an NTSTATUS. This should help track down errors.
Use a bit of talloc_steal and talloc_unlink to get the real socket to
be a child of the GENSEC or TLS socket.
Always return a new socket, even for the 'pass-though' case.
Andrew Bartlett
(This used to be commit 003e2ab93c87267ba28cd67bd85975bad62a8ea2)
|
|
errors to be reported corectly, rather than just dropping the socket.
Andrew Bartlett
(This used to be commit 83dd22accfd565e86d831490043d6beaa9648c96)
|
|
contexts from the application layer into the socket layer.
This improves a number of correctness aspects, as we now allow LDAP
packets to cross multiple SASL packets. It should also make it much
easier to write async LDAP tests from windows clients, as they use SASL
by default. It is also vital to allowing OpenLDAP clients to use GSSAPI
against Samba4, as it negotiates a rather small SASL buffer size.
This patch mirrors the earlier work done to move TLS into the socket
layer.
Unusual in this pstch is the extra read callback argument I take. As
SASL is a layer on top of a socket, it is entirely possible for the
SASL layer to drain a socket dry, but for the caller not to have read
all the decrypted data. This would leave the system without an event
to restart the read (as the socket is dry).
As such, I re-invoke the read handler from a timed callback, which
should trigger on the next running of the event loop. I believe that
the TLS code does require a similar callback.
In trying to understand why this is required, imagine a SASL-encrypted
LDAP packet in the following formation:
+-----------------+---------------------+
| SASL Packet #1 | SASL Packet #2 |
----------------------------------------+
| LDAP Packet #1 | LDAP Packet #2 |
----------------------------------------+
In the old code, this was illegal, but it is perfectly standard
SASL-encrypted LDAP. Without the callback, we would read and process
the first LDAP packet, and the SASL code would have read the second SASL
packet (to decrypt enough data for the LDAP packet), and no data would
remain on the socket.
Without data on the socket, read events stop. That is why I add timed
events, until the SASL buffer is drained.
Another approach would be to add a hack to the event system, to have it
pretend there remained data to read off the network (but that is ugly).
In improving the code, to handle more real-world cases, I've been able
to remove almost all the special-cases in the testnonblock code. The
only special case is that we must use a deterministic partial packet
when calling send, rather than a random length. (1 + n/2). This is
needed because of the way the SASL and TLS code works, and the 'resend
on failure' requirements.
Andrew Bartlett
(This used to be commit 5d7c9c12cb2b39673172a357092b80cd814850b0)
|
|
(This used to be commit a6709196ca4d50fdb84a562cd8f49db4275bb1dc)
|
|
(This used to be commit d3f8b813b33d1338e62f099017a1d4a32745e7a2)
|
|
(This used to be commit c6aa60c7e69abf1f83efc150b1c3ed02751c45fc)
|
|
Finally acknowledge that ldb is inherently async and does not have a dual personality anymore
Rename all ldb_async_XXX functions to ldb_XXX except for ldb_async_result, it is now ldb_reply
to reflect the real function of this structure.
Simo.
(This used to be commit 25fc7354049d62efeba17681ef1cdd326bc3f2ef)
|
|
The function pointer was meant to be unused, this patch fixes
partition.c to use ldb_sequence_number(). (No backend provided the
pointer any more).
Set the flags onto the ldb structure, so that all backends opened by
the partitions module inherit the flags.
Set the read-ony flag when accessed as the global catalog
Modify the LDAP server to track that this query is for the global
catalog (by incoming port), and set a opqaue pointer.
Next step is to read that opaque pointer in the partitions module.
Andrew Bartlett
(This used to be commit a1161cb30e4ffa09657a89e03ca85dd6efd4feba)
|
|
The session_info was not being attached to the connection, so
subsequent checks in the kludge_acl module were looking at free()ed
memory.
Andrew Bartlett
(This used to be commit 7e9079ac7af0bcd5d22040c7418cf58f86a72a1d)
|
|
initial request time is uninitialised, and this causes havoc later.
This also allows us to honour the client's wishes.
We should be doing this for all the operations...
Andrew Bartlett
(This used to be commit c8f5b1c9281072179cd3f3cf282cf376dca24ba0)
|
|
(This used to be commit 55d97ef88f377ef1dbf7b1774a15cf9035e2f320)
|
|
(This used to be commit 10d66aa61dab2e59e5a510cf34b1cfad86fc2529)
|
|
This reduces caller complexity, because the TLS code is now called
just like any other socket. (A new socket context is returned by the
tls_init_server and tls_init_client routines).
When TLS is not available, the original socket is returned.
Andrew Bartlett
(This used to be commit 09b2f30dfa7a640f5187b4933204e9680be61497)
|
|
(This used to be commit 0fafa2e59566f8f892d7dfd7dd33d0100b96a780)
|
|
even context again. We need to ensure we don't process packets until
we are finished setting up the connection, have the ldb in place etc.
We may need to do the same in other servers.
Andrew Bartlett
(This used to be commit 9bbc93bef2881251b734732d84bf0b2e5cf8b285)
|
|
system - these should be removed later on.
(This used to be commit 06547391669e064d2b92f5841b7df5f101a34cb9)
|
|
for REQUIRED_SUBSYSTEMS.
(This used to be commit adc8a019b6da256f104abed1b82bfde6998a2ac9)
|
|
metze
(This used to be commit 07626bf3c7dc7162b852cc27e5a7c313ede3862a)
|
|
stream_terminate_connection()
Andrew Bartlett
(This used to be commit a6c797986053ecf6bbce54028d7ea4106635c558)
|
|
(This used to be commit 8e84e6cb6b172c89072723e07f344da8f4476c1f)
|
|
- add set_title hook to the process models
- use setproctitle library in process_model standard if available
- the the title for the task servers and on connections
metze
(This used to be commit 526f20bbecc9bbd607595637c15fc4001d3f0c70)
|
|
to fix the process_model standard
metze
(This used to be commit a465126e15490c5605064eb2387fb589d312db7b)
|
|
By freeing the request you will be sure everything down the path get freed.
this also means you have to steal the results if you want to keep them :)
simo.
(This used to be commit e8075e6a062ce5edb84485e45d0b841c2ee2af7d)
|
|
metze
(This used to be commit d9da948b0f7f9698decc140a0a549d27675d14e4)
|
|
(This used to be commit 930daa9f416ecba1d75b8ad46bb42e336545672f)
|
|
file dependencies
(This used to be commit 122835876748a3eaf5e8d31ad1abddab9acb8781)
|
|
metze
(This used to be commit 1340cb1f3bdbde4d3759d77b28631611c4e150bb)
|
|
Applications that use LDB modules will now have to run ldb_global_init()
before they can use LDB.
The next step will be adding support for loading LDB modules from .so
files. This will also allow us to use one LDB without difference between the
standalone and the Samba-specific build
(This used to be commit 52a235650514039bf8ffee99a784bbc1b6ae6b92)
|