summaryrefslogtreecommitdiff
path: root/source4/ldap_server
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r7854: only enable wrapping in the ldap server if it was negotiated by gensecAndrew Tridgell1-2/+4
(This used to be commit 355983493bc87b9e812152ef81773dccb23e03d5)
2007-10-10r7801: the ldap server needs this logic tooAndrew Tridgell2-0/+12
(This used to be commit 1dbb5bf2c1c6e11b3467b6eb1a2206c6299bc25b)
2007-10-10r7777: allow for overriding the location of the sam databasein the ldap ↵Andrew Tridgell3-13/+27
server, using ldapsrv:samdb option. This allows the following: sam database=ldap://localhost ldapsrv:samdb=tdb:///home/tridge/samba/samba4/prefix/private/sam.ldb which allows us to test putting the sam on an ldap server using our own ldap server. This is a great stress test for the ldap code. (This used to be commit 40948ba3848e2cfd69ee5ef77031170a652e389b)
2007-10-10r7753: removed debugging code :-)Andrew Tridgell1-2/+0
(This used to be commit 51ea22db2df3a002de3779302cd455bfb2e3fec2)
2007-10-10r7751: only enable tls on the ldaps port in ldap server, and reject non-tlsAndrew Tridgell1-1/+4
connections on that port (This used to be commit 30da6a1cc41308a16a486111887f45bcf598f064)
2007-10-10r7749: some bug fixes from testing with socket:testnonblockAndrew Tridgell1-1/+1
- fixed some infinite loops in asn1.c - ensure asn1 callers know if an error is end of buffer or bad data - handle npending 0 in ldap server (This used to be commit f22c3b84c8912ccd36e676a782b58f1841be8875)
2007-10-10r7747: - simplified the ldap server buffer handlingAndrew Tridgell7-468/+301
- got rid of the special cases for sasl buffers - added a tls_socket_pending() call to determine how much data is waiting on a tls connection - removed the attempt at async handling of ldap calls. The buffers/sockets are all async, but the calls themselves are sync. (This used to be commit 73cb4aad229d08e17e22d5792580bd43a61b142a)
2007-10-10r7746: - added TLS support to our ldap serverAndrew Tridgell2-82/+115
- this involved changing the buffer handling in the ldap server quite a lot, as it didn't handle partial packets at all - removed completely bogus asn1_object_length() function. You can't do that with BER/DER (This used to be commit fed6f4cc6ceaf83aacb581499aeaf6af4ee8ddd2)
2007-10-10r7726: - removed some unused variablesAndrew Tridgell1-1/+1
- handle ldb_errstring() calls on failed connect (This used to be commit 8698a20fcc6a04ccbe533afd742e7a5df94423ee)
2007-10-10r7720: - simplify the asn1 decode of ldap_search() a lot, taking advantage ofAndrew Tridgell1-16/+4
the fact that the ldap data structures now use ldb_message_element. - fixed null termination of elements in ildap (This used to be commit 09060994c1ed12073ae6e1131d7074db8fdc523c)
2007-10-10r7711: update callers of ldb_connect() for new syntaxAndrew Tridgell1-53/+16
(This used to be commit f852661463624714ad8e7adc0547b2f07b8f9f6d)
2007-10-10r7677: fixed ldap server to honor 'private path'Andrew Tridgell1-1/+1
(This used to be commit f6abed5660ad8f7298eb2aebbaa25a8c355861a6)
2007-10-10r7670: fixed rootDSE search in ldap serverAndrew Tridgell1-1/+1
(This used to be commit 0981a375cfa9d8d75b6c89613eadb9d14cf1064f)
2007-10-10r7633: this patch started as an attempt to make the dcerpc code use a givenAndrew Tridgell1-1/+3
event_context for the socket_connect() call, so that when things that use dcerpc are running alongside anything else it doesn't block the whole process during a connect. Then of course I needed to change any code that created a dcerpc connection (such as the auth code) to also take an event context, and anything that called that and so on .... thus the size of the patch. There were 3 places where I punted: - abartlet wanted me to add a gensec_set_event_context() call instead of adding it to the gensec init calls. Andrew, my apologies for not doing this. I didn't do it as adding a new parameter allowed me to catch all the callers with the compiler. Now that its done, we could go back and use gensec_set_event_context() - the ejs code calls auth initialisation, which means it should pass in the event context from the web server. I punted on that. Needs fixing. - I used a NULL event context in dcom_get_pipe(). This is equivalent to what we did already, but should be fixed to use a callers event context. Jelmer, can you think of a clean way to do that? I also cleaned up a couple of things: - libnet_context_destroy() makes no sense. I removed it. - removed some unused vars in various places (This used to be commit 3a3025485bdb8f600ab528c0b4b4eef0c65e3fc9)
2007-10-10r7596: next step in ldap cleanup. I'm aiming to get rid of the cut&pastedAndrew Tridgell3-7/+7
ldif parsing code in libcli/ldap/ldap_ldif.c, and instead use the ldb ldif code. To do that I have changed the ldap code to use 'struct ldb_message_element' instead of 'struct ldap_attribute'. They are essentially the same structure anyway, so by making them really the same it will be much easier to use the ldb code in libcli/ldap/ I have also made 'struct ldb_val' the same as a DATA_BLOB, which will simplify data handling in quite a few places (I haven't yet removed all the code that maps between these two, that will come later) (This used to be commit 87fc3073392236221a3a6b933284e9e477c24ae5)
2007-10-10r7594: abartlet is right that this hack is not actually necessary, it justAndrew Tridgell1-6/+2
prevents a bogus: GSS Update failed: Miscellaneous failure (see text): ASN.1 identifier doesn't match expected value error on every ldap connection. I'll remove it and let the error remain until Andrew works out a better fix. (This used to be commit 6123eb2ecad6f53521b546f76954523fbc0fb981)
2007-10-10r7593: simplified the memory management in the ldap code. Having a mem_ctxAndrew Tridgell7-46/+57
element in a structure is not necessary any more. (This used to be commit 912d0427f52eac811b27bf7e385b0642f7dc7f53)
2007-10-10r7568: enable the NTLMSSP bulk data sign/seal code for out ldap server. ThisAndrew Tridgell1-8/+13
now works with windows clients, as I fixed the zero length bind ack packet. Andrew, note that this has the strncmp("NTLMSSP", data, 7) hack. Please replace with a more correct fix as we discussed. (This used to be commit 69b02e8adb25a5152aec15f55b2b2f67457cf08a)
2007-10-10r7565: fixed handling of sasl data in ldap serverAndrew Tridgell1-1/+2
(This used to be commit 9b7a89735f18f66ead010d5a1a0a6516ee9b93fe)
2007-10-10r7527: - added a ldb_search_bytree() interface, which takes a ldb_parse_treeAndrew Tridgell3-6/+6
instead of a search expression. This allows our ldap server to pass its ASN.1 parsed search expressions straight to ldb, instead of going via strings. - updated all the ldb modules code to handle the new interface - got rid of the separate ldb_parse.h now that the ldb_parse structures are exposed externally - moved to C99 structure initialisation in ldb - switched ldap server to using ldb_search_bytree() (This used to be commit 96620ab2ee5d440bbbc51c1bc0cad9977770f897)
2007-10-10r5585: LDB interfaces change:Simo Sorce3-46/+46
changes: - ldb_wrap disappears from code and become a private structure of db_wrap.c thanks to our move to talloc in ldb code, we do not need to expose it anymore - removal of ldb_close() function form the code thanks to our move to talloc in ldb code, we do not need it anymore use talloc_free() to close and free an ldb database - some minor updates to ldb modules code to cope with the change and fix some bugs I found out during the process (This used to be commit d58be9e74b786a11a57e89df36081d55730dfe0a)
2007-10-10r5583: some more docsSimo Sorce1-0/+787
(This used to be commit d7751e3181dc82ddd416ccd35c806c6f105b0825)
2007-10-10r5307: removed db_wrap.h from includes.hAndrew Tridgell2-0/+2
(This used to be commit 826baec7b348814a7bbdcdbec8c8526514f25da1)
2007-10-10r5305: removed libcli/ldap/ldap.h from includes.hAndrew Tridgell3-2/+6
(This used to be commit 0df3fdd8178085c40f9cd776cc3e1486ca559c8e)
2007-10-10r5304: removed lib/socket/socket.h from includes.hAndrew Tridgell1-0/+1
(This used to be commit b902ea546d2d1327b23f40ddaeeaa8e7e3662454)
2007-10-10r5294: - added a separate NBT-WINS test for WINS operations (register, ↵Andrew Tridgell1-1/+1
refresh, release and query) - change the iface_n_*() functions to return a "const char *" instead of a "struct ipv4_addr" I think that in general we should move towards "const char *" for all IP addresses, as this makes IPv6 much easier, and is also easier to debug. Andrew, when you get a chance, could you fix some of the auth code to use strings for IPs ? - return a NTSTATUS error on bad name queries and node status instead of using rcode. This makes the calling code simpler. - added low level name release code in libcli/nbt/ - use a real IP in the register and wins nbt torture tests, as w2k3 WINS server silently rejects some operations that don't come from the IP being used (eg. it says "yes" to a release, but does not in fact release the name) (This used to be commit bb1ab11d8e0ea0bd9ae34aebeb565d36fe4b495f)
2007-10-10r5266: This is a nice typo ;-)Günther Deschner1-1/+1
Guenther (This used to be commit 77b99c03b85827a1e70b0de41c8070e38af27374)
2007-10-10r5197: moved events code to lib/events/ (suggestion from metze)Andrew Tridgell1-1/+1
(This used to be commit 7f54c8a339f36aa43c9340be70ab7f0067593ef2)
2007-10-10r5195: most events don't need the time of the event, so save a ↵Andrew Tridgell1-4/+2
gettimeofday() call and just use timeval_current() when its actually needed (This used to be commit 236403cc4dc2924ed6a898acae0bb44cc1688dcc)
2007-10-10r5185: make all the events data structures private to events.c. This willAndrew Tridgell1-2/+2
make it possible to add optimisations to the events code such as keeping the next timed event in a sorted list, and using epoll for file descriptor events. I also removed the loop events code, as it wasn't being used anywhere, and changed timed events to always be one-shot (as adding a new timed event in the event handler is so easy to do if needed) (This used to be commit d7b4b6de51342a65bf46fce772d313f92f8d73d3)
2007-10-10r5102: This is a major simplification of the logic for controlling top levelAndrew Tridgell2-122/+85
servers in smbd. The old code still contained a fairly bit of legacy from the time when smbd was only handling SMB connection. The new code gets rid of all of the smb_server specific code in smbd/, and creates a much simpler infrastructures for new server code. Major changes include: - simplified the process model code a lot. - got rid of the top level server and service structures completely. The top level context is now the event_context. This got rid of service.h and server.h completely (they were the most confusing parts of the old code) - added service_stream.[ch] for the helper functions that are specific to stream type services (services that handle streams, and use a logically separate process per connection) - got rid of the builtin idle_handler code in the service logic, as none of the servers were using it, and it can easily be handled by a server in future by adding its own timed_event to the event context. - fixed some major memory leaks in the rpc server code. - added registration of servers, rather than hard coding our list of possible servers. This allows for servers as modules in the future. - temporarily disabled the winbind code until I add the helper functions for that type of server - added error checking on service startup. If a configured server fails to startup then smbd doesn't startup. - cleaned up the command line handling in smbd, removing unused options (This used to be commit cf6a46c3cbde7b1eb1b86bd3882b953a2de3a42e)
2007-10-10r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for theAndrew Tridgell6-52/+52
large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2007-10-10r4941: - all needed data is now in sam.ldb and hacked.ldb is not needed ↵Stefan Metzmacher1-48/+22
anymore by the hacked ldap backend - readd the schema naming context container object as it's needed for a w2k3 dc join metze (This used to be commit c583f806231652cce9879e9fc4237a5ab0774346)
2007-10-10r4897: Unbreak the LDAP server. Somehow the generic service structuresAndrew Bartlett1-7/+8
(which seem just a little too complex) changed, but this code was not updated or tested. Also clarify the existing code, by not reusing variables. Andrew Bartlett (This used to be commit eb46adade4a0b9f0977479eb767c0bc7936a9585)
2007-10-10r4728: split up server_services into:Stefan Metzmacher1-41/+27
- stream_socket services the smb, ldap and rpc service which sets up a srtam socket end then waits for connections and - task services which this you can create a seperate task that do something (this is also going through the process_model subsystem so with -M standard a new process for this created with -M thread a new thread ... I'll add datagram services later when we whave support for datagram sockets in lib/socket/ see the next commit as an example for service_task's metze (This used to be commit d5fa02746c6569b09b6e05785642da2fad3ba3e0)
2007-10-10r4716: add a real ugly hack to get all ldap queries of anStefan Metzmacher3-2/+1091
w2k3 dc join working I just commit that to not lose it if my home box would crash... you need a hacked.ldb with some stuff in it, I'll explain later and you need --option="ldapsrv:hacked=yes" so what is left now is KRB5 support for DCERPC in the server as the EVENT LOG of w2k3 says... metze (This used to be commit d72760d26ffe531e34bcbec623b986761152ae5b)
2007-10-10r4709: fix compiler warningsStefan Metzmacher1-12/+6
metze (This used to be commit 7aa86445e3290021fe40c5c9425ecdbc2dda1618)
2007-10-10r4634: disable sign and seal in ldap_server for now.Stefan Metzmacher1-6/+6
metze (This used to be commit 872c687184e5317b4477a184e0a954e6de0b8e9e)
2007-10-10r4629: we now have a global macro NT_STATUS_HAVE_NO_MEMORY()Stefan Metzmacher2-56/+42
so don't use a local one metze (This used to be commit dd217f7916c885e1395f6f2a78e38e10f56e5f0f)
2007-10-10r4628: this function should be staticStefan Metzmacher1-1/+1
metze (This used to be commit 590afa88f15c32bc14b2c23e2c57b3401d9c3de7)
2007-10-10r4549: got rid of a lot more uses of plain talloc(), instead usingAndrew Tridgell1-2/+2
talloc_size() or talloc_array_p() where appropriate. also fixed a memory leak in pvfs_copy_file() (failed to free a memory context) (This used to be commit 89b74b53546e1570b11b3702f40bee58aed8c503)
2007-10-10r4547: - added talloc_new(ctx) macro that is a neater form of the common ↵Andrew Tridgell2-4/+4
talloc(ctx, 0) call. - cleaned up some talloc usage in various files I'd like to get to the point that we have no calls to talloc(), at which point we will rename talloc_p() to talloc(), to encourage everyone to use the typesafe functions. (This used to be commit e6c81d7c9f8a6938947d3c1c8a971a0d6d50b67a)
2007-10-10r4475: fixed smbd to work with the small changes in the ldb API (the most ↵Andrew Tridgell2-10/+6
important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2007-10-10r4459: GENSEC refinements:Andrew Bartlett2-79/+55
In developing a GSSAPI plugin for GENSEC, it became clear that the API needed to change: - GSSAPI exposes only a wrap() and unwrap() interface, and determines the location of the signature itself. - The 'have feature' API did not correctly function in the recursive SPNEGO environment. As such, NTLMSSP has been updated to support these methods. The LDAP client and server have been updated to use the new wrap() and unwrap() methods, and now pass the LDAP-* tests in our smbtorture. (Unfortunely I still get valgrind warnings, in the code that was previously unreachable). Andrew Bartlett (This used to be commit 9923c3bc1b5a6e93a5996aadb039bd229e888ac6)
2007-10-10r4355: More work from the elves on Christmas eve:Andrew Bartlett1-0/+2
- Update Samba4's kerberos code to match the 'salting' changes in Samba3 (and many other cleanups by jra). - Move GENSEC into the modern era of talloc destructors. This avoids many of the memory leaks in this code, as we now can't somehow 'forget' to call the end routine. - This required fixing some of the talloc hierarchies. - The new krb5 seems more sensitive to getting the service name right, so start actually setting the service name on the krb5 context. Andrew Bartlett (This used to be commit 278bf1a61a6da6ef955a12c13d7b1a0357cebf1f)
2007-10-10r4079: implement the gensec_have_feature() correctly by askingStefan Metzmacher1-6/+6
the backend what is actually in use metze (This used to be commit 6f3eb7bc03609108b9e0ea5676fca3d04140e737)
2007-10-10r4037: fixed a bunch of "might be uninitialised" warnings after enabling -O1 ↵Andrew Tridgell1-5/+5
in my compile (This used to be commit 0928b1f5b68c858922c3ea6c27ed03b5091c6221)
2007-10-10r4000: DATA_BLOB.data is uint8_t * not void * :-)Stefan Metzmacher1-1/+1
(thanks abartlet for telling me) metze (This used to be commit 2783bf393f6310f9d827538329d619dad5b02dd0)
2007-10-10r3962: fix compiler warningsStefan Metzmacher1-1/+1
metze (This used to be commit 3bfb732187211d450db842a7533e4c7e915b6ce4)
2007-10-10r3783: - don't use make proto for ldb anymoreStefan Metzmacher2-2/+5
- split ldh.h out of samba's includes.h - make ldb_context and ldb_module private to the subsystem - use ltdb_ prefix for all ldb_tdb functions metze (This used to be commit f5ee40d6ce8224e280070975efc9911558fe675c)