Age | Commit message (Collapse) | Author | Files | Lines |
|
determine the source of the request
The aclread module used to use a control to make sure the request comes from the ldap server,
but now the rootdse filters out any unregistered controls comming from ldap, so the control is
lost. Using the LDB_HANDLE_FLAG_UNTRUSTED is a much more elegant solution.
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Wed Oct 27 11:55:11 UTC 2010 on sn-devel-104
|
|
|
|
|
|
|
|
|
|
this allows the rootdse module to filter unregistered controls
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Mon Oct 18 20:32:40 UTC 2010 on sn-devel-104
|
|
|
|
|
|
This should make our sasl and tls handling much more robust
against partial sent pdus.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Oct 8 11:55:26 UTC 2010 on sn-devel-104
|
|
This reverts commit b53fbc75acc525f2e2450370e704a62791271788.
There are problems with problems with broken gnutls versions.
We can readd this once we have the needed configure checks to
detect the bug in gnutls. See https://bugzilla.samba.org/show_bug.cgi?id=7218.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Oct 7 10:31:18 UTC 2010 on sn-devel-104
|
|
This should make our sasl and tls handling much more robust
against partial sent pdus.
metze
|
|
|
|
This ensures that two ldap server operations cannot happen in parallel
by using packet_recv_disable() and packet_recv_enable() to disable
other interfaces during ldap calls.
This prevents problems caused by parallel ldap operations where
transactions could overlap.
|
|
Both the session_info and the ldb can have references.
Andrew Bartlett
|
|
we need to pass the controls down to the add and rename ldb operations
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
WERROR codes
This is strictly needed by my recent passwords work, since I want to remove
most of the password change stuff in "samr_password.c". Since AD gives us
CONSTRAINT_VIOLATION on all change problems I cannot distinguish on the SAMR
level which the real cause was about. Therefore I need the extended WERROR codes
here.
|
|
|
|
this converts all callers that use the Samba4 loadparm lp_ calling
convention to use the lpcfg_ prefix.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
the supportedSASLMechanisms opaque must live for at least as long as
the ldb, or we can crash when the first connection is torn down
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
metze
|
|
operations
|
|
place in the code
Under the "add" and over the "delete" function.
|
|
|
|
behaviour on renames
|
|
"res" still set to "NULL"
|
|
"AddResponse")
|
|
This is needed to remove samba specifc symbols from the bundled
ldb, in order to get the ABI right.
metze
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
it exists
This message often contains suggestions how to fix issues.
|
|
It is a problem if a samba header is called ldap.h if we also want
to use OpenLDAP's ldap.h
Andrew Bartlett
|
|
Check on modify if we are RODC and return referral.
On the ldap backend side now we pass context and ldb_modify_default_callback
to propagate the referral error to the client.
|
|
This should always return a simple structure with no need to consult a
DB, so remove the event context, and simplfy to call helper functions
that don't look at privilages.
Andrew Bartlett
|
|
we won't be using the mk -> wscript generator again
|
|
them
|
|
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
This is needed for my work regarding the referrals when the domain scope control
isn't specified.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
ldap_backend used to filter out ldap controls on modify. Also, modified
python binding for ldap_modify to allow writing tests for such controls.
|
|
Using common parameters means that the ldb_wrap code can return a
reference rather than a new database
|
|
This allows us to reuse a ldb context if it is open twice, instead
of going through the expensive process of a full ldb open. We can
reuse it if all of the parameters are the same.
The change relies on callers using talloc_unlink() or free of a parent
to close a ldb context.
|
|
Similarly to system_session(), this creates a static
samdb_credentials()
|
|
This patch adds a system_session cache, preventing us from having to
recreate it on every ldb open, and allowing us to detect when the same
session is being used in ldb_wrap
|
|
Those error cases should be handled by LDB itself to be available on all
connection methods and not only over LDAP.
|
|
The main problem is that the "rdn_name" module launches on a rename request also
a modification one with the "special attributes" which can't be changed directly.
An introduced flag helps to bypass the restriction.
|
|
The Microsoft testsuite tried to rename
cn=administrator,cn=users,... into "",cn=users... which didn't go so well.
Andrew Bartlett
|
|
|