Age | Commit message (Collapse) | Author | Files | Lines |
|
needs to be renamed (operation_add?).
This allows me to match the behaviour and substitute with the
entryUUID module for remote LDAP connections.
Andrew Bartlett
(This used to be commit af02b4d7c631bb15bf5a5f73f9fdc23075d50f60)
|
|
Martin Kühl
<mkhl@samba.org>.
Martin took over the work done last year by Jelmer, in last year's
SoC. This was a substanital task, as the the ldb modules API changed
significantly during the past year, with the addition of async calls.
This changeset reimplements and enables the ldb_map ldb module and
adapts the example module and test case, both named samba3sam, to the
implementation.
The ldb_map module supports splitting an ldb database into two parts
(called the "local" and "remote" part) and storing the data in one of
them (the remote database) in a different format while the other acts
as a fallback.
This allows ldb to e.g. store to and load data from a remote LDAP
server and present it according to the Samba4 schema while still
allowing the LDAP to present and modify its data separately.
A complex example of this is the samba3sam module (by Jelmer
Vernooij), which maps data between the samba3 and samba4 schemas.
A simpler example is given by the entryUUID module (by Andrew
Bartlett), which handles some of the differences between AD and
OpenLDAP in operational attributes. It principally maps objectGUID,
to and from entryUUID elements. This is also an example of a module
that doesn't use the local backend as fallback storage.
This merge also splits the ldb_map.c file into smaller, more
manageable parts.
(This used to be commit af2bece4d343a9f787b2e3628848b266cec2b9f0)
|
|
pre-processed last, and get AIX and some other hosts to pass make test
again (I think the macros were being over-overridden).
Andrew Bartlett
(This used to be commit 650b99b19d3ede84848ebe747f8afbf2cce9d7e2)
|
|
to do
(This used to be commit ad75cf869550af66119d0293503024d41d834e02)
|
|
(This used to be commit 5f7864515008a596bbf92163ef8bd48dc8269b09)
|
|
helper function to set them.
(This used to be commit 260868bae56194fcb98d55afc22fc66d96a303df)
|
|
HAVE_PREAD_DECL/HAVE_PWRITE_DECL
and common/io.h already defines pread and pwrite as static if they are not.
remove unneded defines
(This used to be commit 941f680453a081d51f6499f9b5dc06c7e6640334)
|
|
gidNumber attributes instead
Do not change unixName right now, we don't have an attribute to use in the posixGroup class,
and I think we should remove its usage altogether and look up users and groups by their uid/gid only.
Simo.
(This used to be commit d57b521aadf24a277152ec1ff1dac3210bd14316)
|
|
(This used to be commit 8c6efd7b55e4ad45e1bd10519a1b91285a4e0347)
|
|
metze
(This used to be commit 5609ab2116e3568e4f1a82b3ae781f17a6ffb645)
|
|
metze
(This used to be commit 785c46ed375b99f5765c2d8a2c7c1aaf400119f8)
|
|
metze
(This used to be commit bb1e4954f9aa60858a2c5b2f798f10fd75849b42)
|
|
metze
(This used to be commit d3e2e1af80c419ca0008e400b3d8899f2e0d0d83)
|
|
- and add torture tests also based on the rfc's
metze
(This used to be commit d48930a02f9560640697fd57e4bba03dc0abe284)
|
|
Andrew Bartlett
(This used to be commit c016db2187120991e8ad779b9df35480d7c19400)
|
|
function.
Andrew Bartlett
(This used to be commit bed17cc579d82f04e44ce3c3d1e74d999c2ab867)
|
|
they all have rangeLower=16 rangeUpper=16
and attribute syntax 2.5.5.10
metze
(This used to be commit 932f8bec21a64be3ca84c32a2ceaea98e2ceecf9)
|
|
metze
(This used to be commit 96259f0f24b114e505241c9d2deb702a8b40f1b6)
|
|
metze
(This used to be commit 40dc7c1787c16bfc15ac87fee81d2d2d1f3d2fde)
|
|
metze
(This used to be commit 84e74a759cfa49ebc8b4ba1b8e729d6d920fc55a)
|
|
with this you can limit a search to a specific partitions
or a search over all partitions without getting referrals.
(Witch is the default behavior on the Global Catalog Port)
metze
(This used to be commit 4ccd0f8171f3748ee6efe1abd3f894d2cdf46bf4)
|
|
metze
(This used to be commit 23759a1e9b05c4fde475a9016cb0b7447656d7e7)
|
|
this attriute is used to group multiple attribute
to a propertySet for access control.
metze
(This used to be commit 96e9d46091c9fb4fd92782a42fcd9f2c510e9b56)
|
|
because the handlers are called within the async callbacks
in side the main search.
Also it makes no sense to give the sddl encoder the sid of the primary
domain when we need a description of a real security_descriptor,
this only makes sense for the defaultSecurityDescriptor...
metze
(This used to be commit 92f133f1ef1cd4064c9b328244d3be3351c5bab9)
|
|
top->level1->level2->level3
level3 has a deny destructor
talloc_free(level1)
result: top->level3
metze
(This used to be commit 3be930b81d2caf5e13105efa02280c4fc45181cb)
|
|
(This used to be commit 300d6e724d1ce386ad53852c0645fa8de374625a)
|
|
Andrew Bartlett
(This used to be commit 798c0791d8e8d10dde41a6dbceb0866265f9a709)
|
|
creative use of memory contexts
(This used to be commit fc97b5dc8ce65232a7a98ffb59def44a931b1565)
|
|
Andrew Bartlett
(This used to be commit 59fc8031ecf3ba5aa2eff9ec5fa7df76d0c990c6)
|
|
testsuite.
Andrew Bartlett
(This used to be commit 23314c3953676124a2ad06e8b3a3b297c11f2800)
|
|
Awesome how this didn't break everything around...
(This used to be commit 1b3b6176592314e91af9ed911e8a244519dea9aa)
|
|
Andrew Bartlett
(This used to be commit 54eda4b85975c44c993a7dc45f6caa898076f163)
|
|
(This used to be commit 97c4d41a30a5d85145abb781cb7001b502bc7dcb)
|
|
reply rules to be followed.
Add code to do a fake async callback on the skipped records.
Andrew Bartlett
(This used to be commit 26bc7dbed978f92e814d9803366eac7d7f4ded3e)
|
|
Andrew Bartlett
(This used to be commit 38bd4f61794e5a664822240d77c1e1c61abc7c44)
|
|
the end.
Andrew Bartlett
(This used to be commit 2a87ed1111f4ed72798372d6005a88a929c39de6)
|
|
drops the connection. The reconnect code needs to be hooked in here.
Andrew Bartlett
(This used to be commit 778debedea77ac81cc05f00f27bb96a58cbebcd8)
|
|
Adjust the web_server code to cope with this.
Andrew Bartlett
(This used to be commit 3043969708edbdab58ee57e2fbffa293b6406813)
|
|
metze
(This used to be commit 1d74291626399d283c180e136a3f7a8c27ecdb37)
|
|
- check explicit check for varargs.h as fallback from stdarg.h
and fail the build if both are not present
metze
(This used to be commit b091d182fe8f36dfb67b7ede933a963b74034d91)
|
|
metze
(This used to be commit 195754b169f68399008dda074181a2a16e4ecce5)
|
|
(hopefully nobody will ever see this:-)
metze
(This used to be commit 196803a6c6a2588f0d3315bc38a56112ecb81349)
|
|
metze
(This used to be commit b5c06d5b4ca4da6d1b582a33830471443a62d842)
|
|
metze
(This used to be commit ed5ffc7bfc57c72bb95562c88bd2ec290daed10c)
|
|
(This used to be commit c575dee5c76ca33a07ab62dc59f80ece1bd84abc)
|
|
Andrew Bartlett
(This used to be commit 4827a6b171d7b007f1641ef422d23449fb5a1606)
|
|
routines to return an NTSTATUS. This should help track down errors.
Use a bit of talloc_steal and talloc_unlink to get the real socket to
be a child of the GENSEC or TLS socket.
Always return a new socket, even for the 'pass-though' case.
Andrew Bartlett
(This used to be commit 003e2ab93c87267ba28cd67bd85975bad62a8ea2)
|
|
Andrew Bartlett
(This used to be commit 7c5a25a423da3db982396ac507df985fa934be73)
|
|
contexts from the application layer into the socket layer.
This improves a number of correctness aspects, as we now allow LDAP
packets to cross multiple SASL packets. It should also make it much
easier to write async LDAP tests from windows clients, as they use SASL
by default. It is also vital to allowing OpenLDAP clients to use GSSAPI
against Samba4, as it negotiates a rather small SASL buffer size.
This patch mirrors the earlier work done to move TLS into the socket
layer.
Unusual in this pstch is the extra read callback argument I take. As
SASL is a layer on top of a socket, it is entirely possible for the
SASL layer to drain a socket dry, but for the caller not to have read
all the decrypted data. This would leave the system without an event
to restart the read (as the socket is dry).
As such, I re-invoke the read handler from a timed callback, which
should trigger on the next running of the event loop. I believe that
the TLS code does require a similar callback.
In trying to understand why this is required, imagine a SASL-encrypted
LDAP packet in the following formation:
+-----------------+---------------------+
| SASL Packet #1 | SASL Packet #2 |
----------------------------------------+
| LDAP Packet #1 | LDAP Packet #2 |
----------------------------------------+
In the old code, this was illegal, but it is perfectly standard
SASL-encrypted LDAP. Without the callback, we would read and process
the first LDAP packet, and the SASL code would have read the second SASL
packet (to decrypt enough data for the LDAP packet), and no data would
remain on the socket.
Without data on the socket, read events stop. That is why I add timed
events, until the SASL buffer is drained.
Another approach would be to add a hack to the event system, to have it
pretend there remained data to read off the network (but that is ugly).
In improving the code, to handle more real-world cases, I've been able
to remove almost all the special-cases in the testnonblock code. The
only special case is that we must use a deterministic partial packet
when calling send, rather than a random length. (1 + n/2). This is
needed because of the way the SASL and TLS code works, and the 'resend
on failure' requirements.
Andrew Bartlett
(This used to be commit 5d7c9c12cb2b39673172a357092b80cd814850b0)
|
|
Ad supports three extended operations:
- start tls
- dynamic objects
- fast binds
none of these are a priority.
(This used to be commit 523e8f3ed4bf5fcf9dc0c9e2100e4ac3b8032be7)
|