summaryrefslogtreecommitdiff
path: root/source4/ldap_server
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r7596: next step in ldap cleanup. I'm aiming to get rid of the cut&pastedAndrew Tridgell3-7/+7
ldif parsing code in libcli/ldap/ldap_ldif.c, and instead use the ldb ldif code. To do that I have changed the ldap code to use 'struct ldb_message_element' instead of 'struct ldap_attribute'. They are essentially the same structure anyway, so by making them really the same it will be much easier to use the ldb code in libcli/ldap/ I have also made 'struct ldb_val' the same as a DATA_BLOB, which will simplify data handling in quite a few places (I haven't yet removed all the code that maps between these two, that will come later) (This used to be commit 87fc3073392236221a3a6b933284e9e477c24ae5)
2007-10-10r7594: abartlet is right that this hack is not actually necessary, it justAndrew Tridgell1-6/+2
prevents a bogus: GSS Update failed: Miscellaneous failure (see text): ASN.1 identifier doesn't match expected value error on every ldap connection. I'll remove it and let the error remain until Andrew works out a better fix. (This used to be commit 6123eb2ecad6f53521b546f76954523fbc0fb981)
2007-10-10r7593: simplified the memory management in the ldap code. Having a mem_ctxAndrew Tridgell7-46/+57
element in a structure is not necessary any more. (This used to be commit 912d0427f52eac811b27bf7e385b0642f7dc7f53)
2007-10-10r7568: enable the NTLMSSP bulk data sign/seal code for out ldap server. ThisAndrew Tridgell1-8/+13
now works with windows clients, as I fixed the zero length bind ack packet. Andrew, note that this has the strncmp("NTLMSSP", data, 7) hack. Please replace with a more correct fix as we discussed. (This used to be commit 69b02e8adb25a5152aec15f55b2b2f67457cf08a)
2007-10-10r7565: fixed handling of sasl data in ldap serverAndrew Tridgell1-1/+2
(This used to be commit 9b7a89735f18f66ead010d5a1a0a6516ee9b93fe)
2007-10-10r7527: - added a ldb_search_bytree() interface, which takes a ldb_parse_treeAndrew Tridgell3-6/+6
instead of a search expression. This allows our ldap server to pass its ASN.1 parsed search expressions straight to ldb, instead of going via strings. - updated all the ldb modules code to handle the new interface - got rid of the separate ldb_parse.h now that the ldb_parse structures are exposed externally - moved to C99 structure initialisation in ldb - switched ldap server to using ldb_search_bytree() (This used to be commit 96620ab2ee5d440bbbc51c1bc0cad9977770f897)
2007-10-10r5585: LDB interfaces change:Simo Sorce3-46/+46
changes: - ldb_wrap disappears from code and become a private structure of db_wrap.c thanks to our move to talloc in ldb code, we do not need to expose it anymore - removal of ldb_close() function form the code thanks to our move to talloc in ldb code, we do not need it anymore use talloc_free() to close and free an ldb database - some minor updates to ldb modules code to cope with the change and fix some bugs I found out during the process (This used to be commit d58be9e74b786a11a57e89df36081d55730dfe0a)
2007-10-10r5583: some more docsSimo Sorce1-0/+787
(This used to be commit d7751e3181dc82ddd416ccd35c806c6f105b0825)
2007-10-10r5307: removed db_wrap.h from includes.hAndrew Tridgell2-0/+2
(This used to be commit 826baec7b348814a7bbdcdbec8c8526514f25da1)
2007-10-10r5305: removed libcli/ldap/ldap.h from includes.hAndrew Tridgell3-2/+6
(This used to be commit 0df3fdd8178085c40f9cd776cc3e1486ca559c8e)
2007-10-10r5304: removed lib/socket/socket.h from includes.hAndrew Tridgell1-0/+1
(This used to be commit b902ea546d2d1327b23f40ddaeeaa8e7e3662454)
2007-10-10r5294: - added a separate NBT-WINS test for WINS operations (register, ↵Andrew Tridgell1-1/+1
refresh, release and query) - change the iface_n_*() functions to return a "const char *" instead of a "struct ipv4_addr" I think that in general we should move towards "const char *" for all IP addresses, as this makes IPv6 much easier, and is also easier to debug. Andrew, when you get a chance, could you fix some of the auth code to use strings for IPs ? - return a NTSTATUS error on bad name queries and node status instead of using rcode. This makes the calling code simpler. - added low level name release code in libcli/nbt/ - use a real IP in the register and wins nbt torture tests, as w2k3 WINS server silently rejects some operations that don't come from the IP being used (eg. it says "yes" to a release, but does not in fact release the name) (This used to be commit bb1ab11d8e0ea0bd9ae34aebeb565d36fe4b495f)
2007-10-10r5266: This is a nice typo ;-)Günther Deschner1-1/+1
Guenther (This used to be commit 77b99c03b85827a1e70b0de41c8070e38af27374)
2007-10-10r5197: moved events code to lib/events/ (suggestion from metze)Andrew Tridgell1-1/+1
(This used to be commit 7f54c8a339f36aa43c9340be70ab7f0067593ef2)
2007-10-10r5195: most events don't need the time of the event, so save a ↵Andrew Tridgell1-4/+2
gettimeofday() call and just use timeval_current() when its actually needed (This used to be commit 236403cc4dc2924ed6a898acae0bb44cc1688dcc)
2007-10-10r5185: make all the events data structures private to events.c. This willAndrew Tridgell1-2/+2
make it possible to add optimisations to the events code such as keeping the next timed event in a sorted list, and using epoll for file descriptor events. I also removed the loop events code, as it wasn't being used anywhere, and changed timed events to always be one-shot (as adding a new timed event in the event handler is so easy to do if needed) (This used to be commit d7b4b6de51342a65bf46fce772d313f92f8d73d3)
2007-10-10r5102: This is a major simplification of the logic for controlling top levelAndrew Tridgell2-122/+85
servers in smbd. The old code still contained a fairly bit of legacy from the time when smbd was only handling SMB connection. The new code gets rid of all of the smb_server specific code in smbd/, and creates a much simpler infrastructures for new server code. Major changes include: - simplified the process model code a lot. - got rid of the top level server and service structures completely. The top level context is now the event_context. This got rid of service.h and server.h completely (they were the most confusing parts of the old code) - added service_stream.[ch] for the helper functions that are specific to stream type services (services that handle streams, and use a logically separate process per connection) - got rid of the builtin idle_handler code in the service logic, as none of the servers were using it, and it can easily be handled by a server in future by adding its own timed_event to the event context. - fixed some major memory leaks in the rpc server code. - added registration of servers, rather than hard coding our list of possible servers. This allows for servers as modules in the future. - temporarily disabled the winbind code until I add the helper functions for that type of server - added error checking on service startup. If a configured server fails to startup then smbd doesn't startup. - cleaned up the command line handling in smbd, removing unused options (This used to be commit cf6a46c3cbde7b1eb1b86bd3882b953a2de3a42e)
2007-10-10r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for theAndrew Tridgell6-52/+52
large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2007-10-10r4941: - all needed data is now in sam.ldb and hacked.ldb is not needed ↵Stefan Metzmacher1-48/+22
anymore by the hacked ldap backend - readd the schema naming context container object as it's needed for a w2k3 dc join metze (This used to be commit c583f806231652cce9879e9fc4237a5ab0774346)
2007-10-10r4897: Unbreak the LDAP server. Somehow the generic service structuresAndrew Bartlett1-7/+8
(which seem just a little too complex) changed, but this code was not updated or tested. Also clarify the existing code, by not reusing variables. Andrew Bartlett (This used to be commit eb46adade4a0b9f0977479eb767c0bc7936a9585)
2007-10-10r4728: split up server_services into:Stefan Metzmacher1-41/+27
- stream_socket services the smb, ldap and rpc service which sets up a srtam socket end then waits for connections and - task services which this you can create a seperate task that do something (this is also going through the process_model subsystem so with -M standard a new process for this created with -M thread a new thread ... I'll add datagram services later when we whave support for datagram sockets in lib/socket/ see the next commit as an example for service_task's metze (This used to be commit d5fa02746c6569b09b6e05785642da2fad3ba3e0)
2007-10-10r4716: add a real ugly hack to get all ldap queries of anStefan Metzmacher3-2/+1091
w2k3 dc join working I just commit that to not lose it if my home box would crash... you need a hacked.ldb with some stuff in it, I'll explain later and you need --option="ldapsrv:hacked=yes" so what is left now is KRB5 support for DCERPC in the server as the EVENT LOG of w2k3 says... metze (This used to be commit d72760d26ffe531e34bcbec623b986761152ae5b)
2007-10-10r4709: fix compiler warningsStefan Metzmacher1-12/+6
metze (This used to be commit 7aa86445e3290021fe40c5c9425ecdbc2dda1618)
2007-10-10r4634: disable sign and seal in ldap_server for now.Stefan Metzmacher1-6/+6
metze (This used to be commit 872c687184e5317b4477a184e0a954e6de0b8e9e)
2007-10-10r4629: we now have a global macro NT_STATUS_HAVE_NO_MEMORY()Stefan Metzmacher2-56/+42
so don't use a local one metze (This used to be commit dd217f7916c885e1395f6f2a78e38e10f56e5f0f)
2007-10-10r4628: this function should be staticStefan Metzmacher1-1/+1
metze (This used to be commit 590afa88f15c32bc14b2c23e2c57b3401d9c3de7)
2007-10-10r4549: got rid of a lot more uses of plain talloc(), instead usingAndrew Tridgell1-2/+2
talloc_size() or talloc_array_p() where appropriate. also fixed a memory leak in pvfs_copy_file() (failed to free a memory context) (This used to be commit 89b74b53546e1570b11b3702f40bee58aed8c503)
2007-10-10r4547: - added talloc_new(ctx) macro that is a neater form of the common ↵Andrew Tridgell2-4/+4
talloc(ctx, 0) call. - cleaned up some talloc usage in various files I'd like to get to the point that we have no calls to talloc(), at which point we will rename talloc_p() to talloc(), to encourage everyone to use the typesafe functions. (This used to be commit e6c81d7c9f8a6938947d3c1c8a971a0d6d50b67a)
2007-10-10r4475: fixed smbd to work with the small changes in the ldb API (the most ↵Andrew Tridgell2-10/+6
important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2007-10-10r4459: GENSEC refinements:Andrew Bartlett2-79/+55
In developing a GSSAPI plugin for GENSEC, it became clear that the API needed to change: - GSSAPI exposes only a wrap() and unwrap() interface, and determines the location of the signature itself. - The 'have feature' API did not correctly function in the recursive SPNEGO environment. As such, NTLMSSP has been updated to support these methods. The LDAP client and server have been updated to use the new wrap() and unwrap() methods, and now pass the LDAP-* tests in our smbtorture. (Unfortunely I still get valgrind warnings, in the code that was previously unreachable). Andrew Bartlett (This used to be commit 9923c3bc1b5a6e93a5996aadb039bd229e888ac6)
2007-10-10r4355: More work from the elves on Christmas eve:Andrew Bartlett1-0/+2
- Update Samba4's kerberos code to match the 'salting' changes in Samba3 (and many other cleanups by jra). - Move GENSEC into the modern era of talloc destructors. This avoids many of the memory leaks in this code, as we now can't somehow 'forget' to call the end routine. - This required fixing some of the talloc hierarchies. - The new krb5 seems more sensitive to getting the service name right, so start actually setting the service name on the krb5 context. Andrew Bartlett (This used to be commit 278bf1a61a6da6ef955a12c13d7b1a0357cebf1f)
2007-10-10r4079: implement the gensec_have_feature() correctly by askingStefan Metzmacher1-6/+6
the backend what is actually in use metze (This used to be commit 6f3eb7bc03609108b9e0ea5676fca3d04140e737)
2007-10-10r4037: fixed a bunch of "might be uninitialised" warnings after enabling -O1 ↵Andrew Tridgell1-5/+5
in my compile (This used to be commit 0928b1f5b68c858922c3ea6c27ed03b5091c6221)
2007-10-10r4000: DATA_BLOB.data is uint8_t * not void * :-)Stefan Metzmacher1-1/+1
(thanks abartlet for telling me) metze (This used to be commit 2783bf393f6310f9d827538329d619dad5b02dd0)
2007-10-10r3962: fix compiler warningsStefan Metzmacher1-1/+1
metze (This used to be commit 3bfb732187211d450db842a7533e4c7e915b6ce4)
2007-10-10r3783: - don't use make proto for ldb anymoreStefan Metzmacher2-2/+5
- split ldh.h out of samba's includes.h - make ldb_context and ldb_module private to the subsystem - use ltdb_ prefix for all ldb_tdb functions metze (This used to be commit f5ee40d6ce8224e280070975efc9911558fe675c)
2007-10-10r3762: - only load the readed bytes into the input bufferStefan Metzmacher1-2/+3
- fix compiler warnings with gcc-4.0 metze (This used to be commit 7a931ea0f4884d866bbb05b7b81f8e0598364813)
2007-10-10r3754: merge in ldb modules support from the tmp branch ldbPluginsSimo Sorce3-8/+80
(This used to be commit 71323f424b4561af1fdddd2358629049be3dad8c)
2007-10-10r3733: More build system fixes/features:Jelmer Vernooij1-3/+0
- Use .mk files directly (no need for a SMB_*_MK() macro when adding a new SUBSYSTEM, MODULE or BINARY). This allows addition of new modules and subsystems without running configure - Add support for generating .dot files with the Samba4 dependency tree (as used by the graphviz and springgraph utilities) (This used to be commit 64826da834e26ee0488674e27a0eae36491ee179)
2007-10-10r3507: - added deferred replies on sharing violation in pvfs open. TheAndrew Tridgell1-3/+3
deferred reply is short-circuited immediately when the file is closed by another user, allowing it to be opened by the waiting user. - added a sane set of timeval manipulation routines - converted all the events code and code that uses it to use struct timeval instead of time_t, which allows for microsecond resolution instead of 1 second resolution. This was needed for doing the pvfs deferred open code, and is why the patch is so big. (This used to be commit 0d51511d408d91eb5f68a35e980e0875299b1831)
2007-10-10r3494: got rid of include/rewrite.h, and split out the dynconfig.h headerAndrew Tridgell1-0/+1
(This used to be commit 558de54ec6432a4ae90aa14a585f32c6cd03ced2)
2007-10-10r3481: split out client.h and events.hAndrew Tridgell1-0/+1
(This used to be commit c6f486574470a311e0d336c026103f131451e21e)
2007-10-10r3464: split out registry.h, rap.h and ldap_server.hAndrew Tridgell5-0/+5
(This used to be commit 70d2090f6bf2c7e0caf1e9c020f330de88871f8e)
2007-10-10r3463: separated out some more headers (asn_1.h, messages.h, dlinklist.h and ↵Andrew Tridgell2-1/+4
ioctl.h) (This used to be commit b97e395c814762024336c1cf4d7c25be8da5813a)
2007-10-10r3453: - split out the auth and popt includesAndrew Tridgell1-0/+1
- tidied up some of the system includes - moved a few more structures back from misc.idl to netlogon.idl and samr.idl now that pidl knows about inter-IDL dependencies (This used to be commit 7b7477ac42d96faac1b0ff361525d2c63cedfc64)
2007-10-10r3447: more include/system/XXX.h include filesAndrew Tridgell1-0/+1
(This used to be commit 264ce9181089922547e8f6f67116f2d7277a5105)
2007-10-10r3443: the next stage in the include files re-organisation.Andrew Tridgell1-4/+4
I have created the include/system/ directory, which will contain the wrappers for the system includes for logical subsystems. So far I have created include/system/kerberos.h and include/system/network.h, which contain all the system includes for kerberos code and networking code. These are the included in subsystems that need kerberos or networking respectively. Note that this method avoids the mess of #ifdef HAVE_XXX_H in every C file, instead each C module includes the include/system/XXX.h file for the logical system support it needs, and the details are kept isolated in include/system/ This patch also creates a "struct ipv4_addr" which replaces "struct in_addr" in our code. That avoids every C file needing to import all the system networking headers. (This used to be commit 2e25c71853f8996f73755277e448e7d670810349)
2007-10-10r3316: give the LDAP server a chance of operating correctly non-blocking (itAndrew Tridgell1-2/+2
didn't handle EINTR or EAGAIN) (This used to be commit c35a8f92c2df354e972ced9371d33657ce99988e)
2007-10-10r3304: changed the API to lib/socket/ a little.Andrew Tridgell1-4/+19
The main change is to make socket_recv() take a pre-allocated buffer, rather than allocating one itself. This allows non-blocking users of this API to avoid a memcpy(). As a result our messaging code is now about 10% faster, and the ncacn_ip_tcp and ncalrpc code is also faster. The second change was to remove the unused mem_ctx argument from socket_send(). Having it there implied that memory could be allocated, which meant the caller had to worry about freeing that memory (if for example it is sending in a tight loop using the same memory context). Removing that unused argument keeps life simpler for users. (This used to be commit a16e4756cd68ca8aab4ffc59d4d9db0b6e44dbd1)
2007-10-10r3278: - rewrote the client side rpc connection code to use lib/socket/Andrew Tridgell1-5/+3
rather than doing everything itself. This greatly simplifies the code, although I really don't like the socket_recv() interface (it always allocates memory for you, which means an extra memcpy in this code) - fixed several bugs in the socket_ipv4.c code, in particular client side code used a non-blocking connect but didn't handle EINPROGRESS, so it had no chance of working. Also fixed the error codes, using map_nt_error_from_unix() - cleaned up and expanded map_nt_error_from_unix() - changed interpret_addr2() to not take a mem_ctx. It makes absolutely no sense to allocate a fixed size 4 byte structure like this. Dozens of places in the code were also using interpret_addr2() incorrectly (precisely because the allocation made no sense) (This used to be commit 7f2c771b0e0e98c5c9e5cf662592d64d34ff1205)