Age | Commit message (Collapse) | Author | Files | Lines |
|
support in Heimdal.
This removes the 'ext_keytab' step from my Samba4/WinXP client howto.
In doing this work, I realised that the replay cache in Heimdal is
currently a no-op, so I have removed the calls to it, and therefore
the mutex calls from passdb/secrets.c.
This patch also includes a replacement 'magic' mechanism detection,
that does not issue extra error messages from deep inside the GSSAPI
code.
Andrew Bartlett
(This used to be commit c19d5706f4fa760415b727b970bc99e7f1abd064)
|
|
(This used to be commit 0a8c722c8017e20635223b2c5dfc58759478312c)
|
|
(This used to be commit 2b2675055e5113eccb0b876799b226d480335495)
|
|
does
(This used to be commit 38a14396262eeb279d67c2f0da06bfa0706a3be4)
|
|
them just yet. I have tested them, and they work fine, but enabling
them will break code in rpc_server/ and samdb, so we need to fix that
first
(This used to be commit 07d459406b4c63e49141e0e533e1274b4052abf9)
|
|
so that ldbedit, ldbsearch etc can display nice human readable ldif,
while storing the data as binary blobs. This will be used for storing
NDR encoded objectSid and similar attributes, while making the command
line interface sane
(This used to be commit 37e283089a846fc0608fef3981a3447300e33728)
|
|
bug was being silently ignored with the tdb backend because of this
bug. A case where the ldap backend was right, and the tdb backend was
wrong!
(This used to be commit ddb26db763c314049043d80d27113226c0f2e656)
|
|
the two-way
tree nature of the data structure. I think I've finally got it right
also added talloc_show_parents() for debugging
(This used to be commit 5760ed20eed509b0b6e09e78c942dd0f70350fa9)
|
|
(This used to be commit ee3fe42fb16821eedd564201d953042190f7826f)
|
|
the previous commit for the method.
(This used to be commit b0ad505510b9df8e7f05fb646046114eb6b997ed)
|
|
These provide a way to find a parent of a ptr that is of a given
type. I will be using this to find the event context in smbd, relying
on the fact that everything is a child of the top level event
context. I did look at the alternatives, and found that passing the
event context to just about every call in smbd was getting way too
complex (we need to get it to anything that can do a ldb operation, as
that can invoke ldap).
So this method avoids a global, and seems to work nicely
(This used to be commit bdb55c7a10a516b75652065e14f5acd09d24ab35)
|
|
for use by backends.
Currently only EventContext is used in this way.
(This used to be commit 9fa21b245843371f7777682ee4e5b98e2925b4d0)
|
|
(This used to be commit bc6bc84ef4ad3434c6cb8d94a8d7a105ad2fd8c2)
|
|
(This used to be commit 71ee6a1df542b95c61217de71e6f56b8ce9d81b5)
|
|
(This used to be commit 97e4ba84fb4cf4b95270c5d49b6bb8a9a92feaac)
|
|
(This used to be commit 818ae965afad37216d804aa630359d875794612e)
|
|
the problem with the ldap tests in 'make test'
(This used to be commit 56fe27623ce31015a5a14f176f1445f51d57b0b8)
|
|
connections on that port
(This used to be commit 30da6a1cc41308a16a486111887f45bcf598f064)
|
|
(This used to be commit 135c3367ff737246ea40030d3c852769666ff522)
|
|
- fixed some infinite loops in asn1.c
- ensure asn1 callers know if an error is end of buffer or bad data
- handle npending 0 in ldap server
(This used to be commit f22c3b84c8912ccd36e676a782b58f1841be8875)
|
|
- got rid of the special cases for sasl buffers
- added a tls_socket_pending() call to determine how much data is waiting on a tls connection
- removed the attempt at async handling of ldap calls. The buffers/sockets are all async, but the calls themselves
are sync.
(This used to be commit 73cb4aad229d08e17e22d5792580bd43a61b142a)
|
|
(This used to be commit 42d8a1a222430bd64962da7cc4ac0193b5c003f7)
|
|
(This used to be commit 3d60b3a8eea5ac6c35cf2e579ae12cef3dc1794e)
|
|
servers
can easily become tls enabled. This will be used to add support for ldaps
(This used to be commit 950500f603725349d2a0e22878e83dd1b5975f9f)
|
|
(This used to be commit a440133140a6adb5ea62d37690b9c4ae74dc6be0)
|
|
(This used to be commit cf17f90a83cf04815544c5408eb56d00546b3e88)
|
|
(This used to be commit fe2b77af2352f1964402a4286105916e990dc36f)
|
|
(This used to be commit 57132344b4e39a670e683b3db00665e5f7a899fd)
|
|
- handle ldb_errstring() calls on failed connect
(This used to be commit 8698a20fcc6a04ccbe533afd742e7a5df94423ee)
|
|
is not specified, so:
ldbsearch ldap://hostname '(objectclass=user)'
works without knowing the domain name
(This used to be commit f6c2c5190737ca11f55a147f5295ccca505fb58b)
|
|
encrypted ldbedit against w2k3
(This used to be commit 6277c3923e7d9c26753424b1e77ac62f8e0729a4)
|
|
(This used to be commit aec0544962483b3cd8507b2de6d1552691e72932)
|
|
(This used to be commit f852661463624714ad8e7adc0547b2f07b8f9f6d)
|
|
(This used to be commit 5e8db1c9b3bb6c5196652a7af877b4204148c305)
|
|
cmdline credentials code (which will be done soon)
- added a ldb_init() call, and changed ldb_connect() to take a ldb
context. This allows for much better error handling in
ldb_connect(), and also made the popt conversion easier
- fixed up all the existing backends with the new syntax
- improved error handling in *_connect()
- fixed a crash bug in the new case_fold_required() code
- ensured that ltdb_rename() and all ltdb_search() paths get the read lock
- added a ldb_oom() macro to make it easier to report out of memory
situations in ldb code
(This used to be commit f648fdf187669d6d87d01dd4e786b03cd420f220)
|
|
in all the callers. This also allows us to be more flexible in the
type of password we store.
Andrew Bartlett
(This used to be commit 00b8588c68526e1d86fda0bd81c0b86f690b62c3)
|
|
This takes our link dependencies from this:
tridge@blu:~/samba/samba4/source$ ldd bin/ldbsearch
libdl.so.2 => /lib/tls/libdl.so.2 (0xb7fc9000)
libldap_r.so.2 => /usr/lib/libldap_r.so.2 (0xb7f92000)
liblber.so.2 => /usr/local/lib/liblber.so.2 (0xb7f85000)
libpam.so.0 => /lib/libpam.so.0 (0xb7f7d000)
libc.so.6 => /lib/tls/libc.so.6 (0xb7e48000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0xb7fea000)
libresolv.so.2 => /lib/tls/libresolv.so.2 (0xb7e36000)
libcrypt.so.1 => /lib/tls/libcrypt.so.1 (0xb7e09000)
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7df3000)
libgnutls.so.11 => /usr/lib/libgnutls.so.11 (0xb7d8c000)
libpthread.so.0 => /lib/tls/libpthread.so.0 (0xb7d7d000)
libtasn1.so.2 => /usr/lib/libtasn1.so.2 (0xb7d6d000)
libgcrypt.so.11 => /usr/lib/libgcrypt.so.11 (0xb7d20000)
libgpg-error.so.0 => /usr/lib/libgpg-error.so.0 (0xb7d1c000)
libz.so.1 => /usr/lib/libz.so.1 (0xb7d09000)
libnsl.so.1 => /lib/tls/libnsl.so.1 (0xb7cf5000)
to this:
tridge@blu:~/samba/samba4/source$ ldd bin/ldbsearch
libdl.so.2 => /lib/tls/libdl.so.2 (0xb7fc9000)
libpam.so.0 => /lib/libpam.so.0 (0xb7fc0000)
libc.so.6 => /lib/tls/libc.so.6 (0xb7e8b000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0xb7fea000)
this finally gets rid of the implicit dependency on pthreads! Yay!
(This used to be commit 844d2a20830a4666b6c38f6a58305be64b6b76fa)
|
|
- fixed a bug in socket_connect_ev()
(This used to be commit 3f77b879a035929a843e02b798d54eba6625bde7)
|
|
Next step is to
remove the check for the ldap libraries in configure
(This used to be commit 74841dbb2a86bb1c584b5c26c4cd24a818a65a34)
|
|
(This used to be commit ac3f33c61555a2afa30fe446676013564982e257)
|
|
resolution fails)
(This used to be commit 4013c2ddea0cd03f875e2acf40d2a34344017d05)
|
|
loops in corrupted tdb files.
Jeremy.
(This used to be commit f9f3037d6855259edd56fd5a23d63dbb37f0a751)
|
|
(This used to be commit 8735188b46d4bb6c3d63d22a8c6f3fad2c82df89)
|
|
event_context for the socket_connect() call, so that when things that
use dcerpc are running alongside anything else it doesn't block the
whole process during a connect.
Then of course I needed to change any code that created a dcerpc
connection (such as the auth code) to also take an event context, and
anything that called that and so on .... thus the size of the patch.
There were 3 places where I punted:
- abartlet wanted me to add a gensec_set_event_context() call
instead of adding it to the gensec init calls. Andrew, my
apologies for not doing this. I didn't do it as adding a new
parameter allowed me to catch all the callers with the
compiler. Now that its done, we could go back and use
gensec_set_event_context()
- the ejs code calls auth initialisation, which means it should pass
in the event context from the web server. I punted on that. Needs fixing.
- I used a NULL event context in dcom_get_pipe(). This is equivalent
to what we did already, but should be fixed to use a callers event
context. Jelmer, can you think of a clean way to do that?
I also cleaned up a couple of things:
- libnet_context_destroy() makes no sense. I removed it.
- removed some unused vars in various places
(This used to be commit 3a3025485bdb8f600ab528c0b4b4eef0c65e3fc9)
|
|
(This used to be commit a4d05988637b4e607c3cdad83bfb1e9cf923b7f0)
|
|
- hooked into events system, so requests can be truly async and won't
interfere with other processing happening at the same time
- uses NTSTATUS codes for errors (previously errors were mostly
ignored). In a similar fashion to the DOS error handling, I have
reserved a range of the NTSTATUS code 32 bit space for LDAP error
codes, so a function can return a LDAP error code in a NTSTATUS
- much cleaner packet handling
(This used to be commit 2e3c660b2fc20e046d82bf1cc296422b6e7dfad0)
|
|
(This used to be commit b38bb63175ae0bdcf833c017e5fbbfc2c0769506)
|
|
(This used to be commit 0218fc678e375a05fbc4da5500706199340918e2)
|
|
(This used to be commit ce9966e091d36f66d409ac6f7b5e462c9dc37325)
|
|
(This used to be commit 0a64948152a446b5e127578d49b1ed8a90a1a222)
|