Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit 5ff665b6531fdb4c7e56c49b7f923546d93b384c)
|
|
(This used to be commit 2f64b758460a3bde6c7b4a240998fb76bd6e0827)
|
|
(This used to be commit 7a0da66e39fde8c06ab8af94a14113141076c969)
|
|
metze
(This used to be commit e0e35965d1eaab182941d17da744b70c4234ca52)
|
|
(This used to be commit af6661e442ff37070cf49b6d9ab85a1c045ef293)
|
|
with samba3 easier.
(This used to be commit 4d755fb5d7adedd1dd8bad917b921324411bfd59)
|
|
metze
(This used to be commit 8999a9eb2e7f3e8e4ff8f5311b9375bde590f2a5)
|
|
but I think this is the wrong fix...
metze
(This used to be commit 018b142d93ba2d36cd68db407e4a591461137b9b)
|
|
metze
(This used to be commit cc729e646c5e3cb7919d033f90bda1dce545ff6b)
|
|
(This used to be commit ac71f40f8ff13c422e528dd5013842aa5a5004e7)
|
|
- change the test for net/if.h to do a full compile, not just an
existance test. net/if.h is completely broken on hpux, and can never
compile (it uses stuff before it defines it), so by using a
AC_TRY_COMPILE() test we avoid using net/if.h on hpux, which should
fix the build
(This used to be commit bde18f3d5ce837f600bae8d63f31d92a579fe1f2)
|
|
include them explicit
- undefine _XOPEN_SOURCE_EXTENDED for the AIX interface detection test
#define _XOPEN_SOURCE_EXTENDED 1 brings in sa_len to sockaddr on Tru64
which means the AIX code compiles...
metze
(This used to be commit 04a0a5144a249e12a9dcb327c5b6055e6a6135db)
|
|
defined
try to find the problem on Tru64...where configure says the AIX method finds 1 interface
but later can't compile netif.c. (revision 18486 was the last that detects ifconf with 2 interfaces)
metze
(This used to be commit 8fa9852160680054ddb5316c4ee03a03f8553a37)
|
|
(This used to be commit 449fab2c264aa50601f9a2d3310f1910ba97706b)
|
|
always at it as first private dependencies
metze
(This used to be commit 135d096776b53ae09ffc2b4f767dfbd18139570f)
|
|
happier now
(This used to be commit 18542f184f75074e56a9793a9e3b6c6d747bb9e6)
|
|
* Move dlinklist.h, smb.h to subsystem-specific directories
* Clean up ads.h and move what is left of it to dsdb/
(only place where it's used)
(This used to be commit f7afa1cb77f3cfa7020b57de12e6003db7cfcc42)
|
|
configure check for the interfaces.
should fix the build on some old sun boxes
metze
(This used to be commit f20e251bfd9f1eb7ce5c00739631b1625a2aa467)
|
|
pre-processed last, and get AIX and some other hosts to pass make test
again (I think the macros were being over-overridden).
Andrew Bartlett
(This used to be commit 650b99b19d3ede84848ebe747f8afbf2cce9d7e2)
|
|
metze
(This used to be commit b5c06d5b4ca4da6d1b582a33830471443a62d842)
|
|
contexts from the application layer into the socket layer.
This improves a number of correctness aspects, as we now allow LDAP
packets to cross multiple SASL packets. It should also make it much
easier to write async LDAP tests from windows clients, as they use SASL
by default. It is also vital to allowing OpenLDAP clients to use GSSAPI
against Samba4, as it negotiates a rather small SASL buffer size.
This patch mirrors the earlier work done to move TLS into the socket
layer.
Unusual in this pstch is the extra read callback argument I take. As
SASL is a layer on top of a socket, it is entirely possible for the
SASL layer to drain a socket dry, but for the caller not to have read
all the decrypted data. This would leave the system without an event
to restart the read (as the socket is dry).
As such, I re-invoke the read handler from a timed callback, which
should trigger on the next running of the event loop. I believe that
the TLS code does require a similar callback.
In trying to understand why this is required, imagine a SASL-encrypted
LDAP packet in the following formation:
+-----------------+---------------------+
| SASL Packet #1 | SASL Packet #2 |
----------------------------------------+
| LDAP Packet #1 | LDAP Packet #2 |
----------------------------------------+
In the old code, this was illegal, but it is perfectly standard
SASL-encrypted LDAP. Without the callback, we would read and process
the first LDAP packet, and the SASL code would have read the second SASL
packet (to decrypt enough data for the LDAP packet), and no data would
remain on the socket.
Without data on the socket, read events stop. That is why I add timed
events, until the SASL buffer is drained.
Another approach would be to add a hack to the event system, to have it
pretend there remained data to read off the network (but that is ugly).
In improving the code, to handle more real-world cases, I've been able
to remove almost all the special-cases in the testnonblock code. The
only special case is that we must use a deterministic partial packet
when calling send, rather than a random length. (1 + n/2). This is
needed because of the way the SASL and TLS code works, and the 'resend
on failure' requirements.
Andrew Bartlett
(This used to be commit 5d7c9c12cb2b39673172a357092b80cd814850b0)
|
|
make the testnonblock skip some things. The socket *under* the tls
socket is still tested.
Andrew Bartlett
(This used to be commit 9c33c6a20a77e3f15eac3d62488117517afad940)
|
|
(This used to be commit 61c6100617589ac6df4f527877241464cacbf8b3)
|
|
(This used to be commit dea82fa615e33115e42ef04c8d2a54788aa38e9a)
|
|
Split of system/locale.h header from system/iconv.h
Previously, iconv wasn't being used on these systems
(This used to be commit aa6d66fda69779d1c2948a1aca85dbd5208f1cba)
|
|
This reduces caller complexity, because the TLS code is now called
just like any other socket. (A new socket context is returned by the
tls_init_server and tls_init_client routines).
When TLS is not available, the original socket is returned.
Andrew Bartlett
(This used to be commit 09b2f30dfa7a640f5187b4933204e9680be61497)
|
|
in pkg-config files for now as
they break external projects.
(This used to be commit f919fd6655f00361691e676d260bd40e0b8ddcc7)
|
|
(This used to be commit 49bac12767ca59095ad6609a3826f7f17ddb601c)
|
|
-lsocket on SUN
boxes.
(This used to be commit c95ad11307dc89384c10bd5919817bf12d9c1ed9)
|
|
This is in preperation for making TLS a socket library.
Andrew Bartlett
(This used to be commit a312812b92f5ac7e6bd2c4af725dbbbc900d4452)
|
|
(This used to be commit 598ea173cd718dad0df24505796ca50cb728a2e9)
|
|
(This used to be commit 7113a16309a83225f3ab6ccbfe48778ae8fc52e8)
|
|
Use inet_ntop to convert IPv6 names to strings. Don't do a reverse
lookup.
Andrew Bartlett
(This used to be commit bf57b213c2c4c835037456deea7d522f2fc905e6)
|
|
on most systems.
(This used to be commit c0ab0f4ed49d88807d07b1504574ca35542e2943)
|
|
(This used to be commit f0afe9e2ff16515df1b3226b479b19ea3e9c3d0c)
|
|
system - these should be removed later on.
(This used to be commit 06547391669e064d2b92f5841b7df5f101a34cb9)
|
|
Recursive dependencies are now forbidden (the build system
will bail out if there are any).
I've split up auth_sam.c into auth_sam.c and sam.c. Andrew,
please rename sam.c / move its contents to whatever/wherever you think suits
best.
(This used to be commit 6646384aaf3e7fa2aa798c3e564b94b0617ec4d0)
|
|
Move unistr-specific code to lib/charset/. Remove _m from some places where it's not needed.
(This used to be commit 03224e112424968fc3f547c6159c7ccae2d1aa5b)
|
|
with local
(empty) libpopt.a overriding global one
(This used to be commit 2f06305e53478e5030c24550954f221a9a97c83f)
|
|
(This used to be commit 8de11ec2445ce414b37938b07937fdd7837f89a2)
|
|
for REQUIRED_SUBSYSTEMS.
(This used to be commit adc8a019b6da256f104abed1b82bfde6998a2ac9)
|
|
(This used to be commit 51b4270513752d2eafbe77f9de598de16ef84a1f)
|
|
(This used to be commit 9c37f847d32d2f327a88c53a90af0c73126b76be)
|
|
(This used to be commit e017246f1052f3344b90500e04c73277923baa20)
|
|
metze
(This used to be commit d099282d4956e7dc1134abf0632b01c40160e114)
|
|
file dependencies
(This used to be commit 122835876748a3eaf5e8d31ad1abddab9acb8781)
|
|
(This used to be commit d98948716f237c3a501b283a0bbc3837bb3fd3c8)
|
|
metze
(This used to be commit 8fc2b68aa8d1a6bb3a828b3a1ab5f2a4f354f6f7)
|
|
metze
(This used to be commit e70ca698cea901a66f7201c16bb3ba1faa7e7289)
|
|
structure that is more generic than just 'IP/port'.
It now passes make test, and has been reviewed and updated by
metze. (Thankyou *very* much).
This passes 'make test' as well as kerberos use (not currently in the
testsuite).
The original purpose of this patch was to have Samba able to pass a
socket address stucture from the BSD layer into the kerberos routines
and back again. It also removes nbt_peer_addr, which was being used
for a similar purpose.
It is a large change, but worthwhile I feel.
Andrew Bartlett
(This used to be commit 88198c4881d8620a37086f80e4da5a5b71c5bbb2)
|