summaryrefslogtreecommitdiff
path: root/source4/lib
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r17197: This patch moves the encryption of bulk data on SASL negotiated securityAndrew Bartlett5-20/+56
contexts from the application layer into the socket layer. This improves a number of correctness aspects, as we now allow LDAP packets to cross multiple SASL packets. It should also make it much easier to write async LDAP tests from windows clients, as they use SASL by default. It is also vital to allowing OpenLDAP clients to use GSSAPI against Samba4, as it negotiates a rather small SASL buffer size. This patch mirrors the earlier work done to move TLS into the socket layer. Unusual in this pstch is the extra read callback argument I take. As SASL is a layer on top of a socket, it is entirely possible for the SASL layer to drain a socket dry, but for the caller not to have read all the decrypted data. This would leave the system without an event to restart the read (as the socket is dry). As such, I re-invoke the read handler from a timed callback, which should trigger on the next running of the event loop. I believe that the TLS code does require a similar callback. In trying to understand why this is required, imagine a SASL-encrypted LDAP packet in the following formation: +-----------------+---------------------+ | SASL Packet #1 | SASL Packet #2 | ----------------------------------------+ | LDAP Packet #1 | LDAP Packet #2 | ----------------------------------------+ In the old code, this was illegal, but it is perfectly standard SASL-encrypted LDAP. Without the callback, we would read and process the first LDAP packet, and the SASL code would have read the second SASL packet (to decrypt enough data for the LDAP packet), and no data would remain on the socket. Without data on the socket, read events stop. That is why I add timed events, until the SASL buffer is drained. Another approach would be to add a hack to the event system, to have it pretend there remained data to read off the network (but that is ugly). In improving the code, to handle more real-world cases, I've been able to remove almost all the special-cases in the testnonblock code. The only special case is that we must use a deterministic partial packet when calling send, rather than a random length. (1 + n/2). This is needed because of the way the SASL and TLS code works, and the 'resend on failure' requirements. Andrew Bartlett (This used to be commit 5d7c9c12cb2b39673172a357092b80cd814850b0)
2007-10-10r17195: Start thinking how to implement extended operations.Simo Sorce2-0/+18
Ad supports three extended operations: - start tls - dynamic objects - fast binds none of these are a priority. (This used to be commit 523e8f3ed4bf5fcf9dc0c9e2100e4ac3b8032be7)
2007-10-10r17186: "async" word abuse clean-up part 2Simo Sorce14-202/+188
(This used to be commit c6aa60c7e69abf1f83efc150b1c3ed02751c45fc)
2007-10-10r17185: Oh, I wanted to do this for sooo long time.Simo Sorce17-341/+341
Finally acknowledge that ldb is inherently async and does not have a dual personality anymore Rename all ldb_async_XXX functions to ldb_XXX except for ldb_async_result, it is now ldb_reply to reflect the real function of this structure. Simo. (This used to be commit 25fc7354049d62efeba17681ef1cdd326bc3f2ef)
2007-10-10r17176: remove off_t from talloc. size_t is large enough to holdStefan Metzmacher5-13/+11
the max amount of memory of one process metze (This used to be commit f47b7bb656c8854c16c5a28ba24d18eeb22b6e22)
2007-10-10r17174: Enable gnutls code, which requires the HAVE_GNUTLS CPP macro.Andrew Bartlett1-0/+3
Andrew Bartlett (This used to be commit f3b6e57b2336f36416e25c3a5cd793aa036b5b40)
2007-10-10r17168: Now that TLS (and soon SASL) is below the socket layer, we need toAndrew Bartlett4-14/+29
make the testnonblock skip some things. The socket *under* the tls socket is still tested. Andrew Bartlett (This used to be commit 9c33c6a20a77e3f15eac3d62488117517afad940)
2007-10-10r17167: indentAndrew Bartlett1-1/+1
(This used to be commit 4dcdc5a3ad6847be6c6199854121ae4ccadaa673)
2007-10-10r17157: bail out if sizeof(size_t) < sizeof(void *)Stefan Metzmacher1-0/+4
metze (This used to be commit f94198c2a8afd79b4c156773d14de691fd8bf0d5)
2007-10-10r17156: check for the size of a pointerStefan Metzmacher1-0/+1
metze (This used to be commit 58e124ade31efbd72297ecc41d8ddfc48546ac53)
2007-10-10r17114: print some sizes for debuggingStefan Metzmacher1-0/+3
metze (This used to be commit fa04ef88e5875c58fdfc7cbd2b24587bb740970d)
2007-10-10r17113: build tdb and ldb standalone with the same sizes of 'off_t' as from ↵Stefan Metzmacher2-0/+2
samba metze (This used to be commit 5c1e6c08c7cce233ca5798a325bdd17c2640286f)
2007-10-10r17112: - fix the build of the ldap ldb backend with newer openldap header ↵Stefan Metzmacher1-1/+2
files. - use the correct timeout variable (simo you should do a standalone build before commiting:-) metze (This used to be commit ac9d69d2574e8331b3ce9c3b97922ead9165fa79)
2007-10-10r17109: - use AC_SYS_LARGEFILE so that type sizes are the same when tallocStefan Metzmacher2-0/+4
is build standalone and inside samba - add configure checks for the some type sizes for debugging metze (This used to be commit 2977e7097ae9d6b96bb6f01c5c20bc2f3a518050)
2007-10-10r17062: make correct use of talloc destructors, and make the code much simplerStefan Metzmacher1-14/+12
should I merge that aslo to samba3? metze (This used to be commit c5672a54a02e3f457effd7cc693a6f6ac2dcc621)
2007-10-10r17061: - remove the currect talloc chunk from it's parent before freeing ↵Stefan Metzmacher2-7/+4
the children this fixes an endless loop bug! - reenable the test for this should I merge this to samba3? metze (This used to be commit 0559222b62930765519aaab5d33609ece29014d6)
2007-10-10r17031: When I first revived the objectclass sorting module, simo complainedAndrew Bartlett1-151/+293
that it should handle the add without a search. Now that I'm working on better behaviour with an LDAP backend, I've fixed the module to do just that. For an ADD, and a MODIFY with the REPLACE flag, we do not need the search step. Andrew Bartlett (This used to be commit 87573e2ee4a71168ea69182d2dc4ebf1779b7c02)
2007-10-10r16972: Replace the sequence_number function pointer in ldb with the ldb flags.Andrew Bartlett3-16/+22
The function pointer was meant to be unused, this patch fixes partition.c to use ldb_sequence_number(). (No backend provided the pointer any more). Set the flags onto the ldb structure, so that all backends opened by the partitions module inherit the flags. Set the read-ony flag when accessed as the global catalog Modify the LDAP server to track that this query is for the global catalog (by incoming port), and set a opqaue pointer. Next step is to read that opaque pointer in the partitions module. Andrew Bartlett (This used to be commit a1161cb30e4ffa09657a89e03ca85dd6efd4feba)
2007-10-10r16965: Take a better stab at comparison functions between string and binaryAndrew Bartlett1-24/+44
forms of the objectGUID and objectSID attributes. Andrew Bartlett (This used to be commit e7894b49b37de296320fea2e6d86052b81845e51)
2007-10-10r16938: Fix breakage of TDB on VOS (declaration after statement)Andrew Bartlett1-1/+2
Andrew Bartlett (This used to be commit d0ed7cd241e0e7889406f62fd620d8fe39d4498c)
2007-10-10r16937: Add const, to make it clear that it is invalid to talloc_free() the DNAndrew Bartlett1-7/+6
at this point. Andrew Bartlett (This used to be commit f7fb168ab69e39ab3ff236bb5db4e5306a79971d)
2007-10-10r16936: Correct comment in this comparison functionAndrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit d64987a2882c70669421b02aee8d75d95ce99bcb)
2007-10-10r16932: Consistanly use the macro for these DNs and attributes.Andrew Bartlett1-2/+2
Andrew Bartlett (This used to be commit dd6ca3342218aa25619a98d48e0efbbe31012c30)
2007-10-10r16923: remove unused substitude codeStefan Metzmacher2-171/+0
metze (This used to be commit ea88c8c99eff2203d13f9877e590d9d7f2fbb910)
2007-10-10r16922: move some macros out of talloc.h as the don't belong to tallocStefan Metzmacher2-8/+4
metze (This used to be commit 4c68e315e2288eef97527911daf18622a994ac31)
2007-10-10r16917: Fix compile errors found by the testing of tdb on the build farm.Andrew Bartlett1-3/+9
Andrew Bartlett (This used to be commit a6e0846d9b5f1adc2ff137247a5c3f32746e43b5)
2007-10-10r16916: Implement metze's proposed changes to the tdb logging API.Andrew Bartlett8-21/+39
This clearly links the log function with its private pointer, and makes the argument list for tdb_open_ex a bit shorter. Andrew Bartlett (This used to be commit 5d5503e8d8a10ead3ef21a5ffda52cadb9a07727)
2007-10-10r16908: Set an error string if we can't find a backend for an operation.Andrew Bartlett1-1/+5
Andrew Bartlett (This used to be commit 6a8c9af9bae8c482dfdb07114ae8313b7e35d9e9)
2007-10-10r16832: I should be more careful (and test!) when trying to make compilers andAndrew Bartlett1-1/+3
static checkers happy... Andrew Bartlett (This used to be commit ae7ec0d553650b2a90fac8b7564b8f986e3e4288)
2007-10-10r16829: Fix a number of issues raised by the IBM checker, or gcc warnings.Andrew Bartlett1-8/+11
In particular, this removes one use of the LDB_DN_NULL_FAILED macro, which was being used on more than DNs, had an embedded goto, and confused the IBM checker. In the password_hash code, ensure that sambaAttr is not, before checking the number of values. In GENSEC, note that this switch value can't occour. This seems to be the only way to quiet both the IBM checker and gcc, as well as cope with possibly invalid inputs. Andrew Bartlet (This used to be commit 3e58350ec2ab883795b1dd03ac46a3520cac67d0)
2007-10-10r16825: Make ldb_sainity_check() set an error string. This makes it muchAndrew Bartlett4-13/+26
easier to chase down what modules or application code gets wrong. Ensure not to leave memory allocated on failure in ldb_search() Andrew Bartlett (This used to be commit 0828739951ed879640f8ed6e4700d8ca6b8221b8)
2007-10-10r16784: - make some function in ldb static, they not need to be exported ↵Simo Sorce1-3/+3
anywhere - fix a bad segfault Andrew please make test before committing. Simo. (This used to be commit b9b6bb3e89d3b0e04ccce15156c1a128b6f20d88)
2007-10-10r16776: fix typoStefan Metzmacher1-1/+1
metze (This used to be commit 249bf24a40f78aab181a4cce8c42902859e43238)
2007-10-10r16774: This patch modifies the tdb API to allow the logging function to be usedAndrew Bartlett15-129/+198
as part of ldb. This allows tdb failures to be passed all the way up to Samba's DEBUG system, which allowed easier debugging. Unfortunately I had to extend the tdb API, as the logging function didn't have a context pointer. I've worked over the 'debug levels' in TDB. Most of them were 0, which didn't seem right, as some were trace-like messages. We didn't see any of these previously, except when accessing TDB directly. Andrew Bartlett (This used to be commit 58898092c1ce043f6d698db5065f372b79109e22)
2007-10-10r16716: patch from Bjoern Jacke to fix compiler warnings on AIXStefan Metzmacher1-0/+44
metze (This used to be commit 3e5de223f715343b6421d580dc1b3f9d67c980da)
2007-10-10r16571: - make push/pull_ascii()/_ucs() functions static,Stefan Metzmacher1-6/+19
callers should use push/pull_string() functions with STR_ASCII or STR_UNICODE - make the push/pull_ascii/ucs2/utf8_talloc() functions complete (they should be reduced to pull/push_string_talloc() later...) metze (This used to be commit b0af976187d2d46b7dbe5a532a5491476b459119)
2007-10-10r16556: Add mkdtemp to libreplace. This is apparantly available on LinuxJames Peach4-2/+22
and BSD systems, but it's not everywhere. (This used to be commit b3d2512ed4fc8c378607bcc2dc241a1f77ab7197)
2007-10-10r16517: Get rid of pointless safe_free() (not SAFE_FREE()!) function.Jelmer Vernooij2-14/+1
(This used to be commit 6bc91497827a66af6d9adf26c689e9cc458d8ecf)
2007-10-10r16516: Get rid of file_exists() as there already is a file_exist().Jelmer Vernooij1-9/+0
(This used to be commit c4b3c2b18c6df43c8a4808fab72bc45439ba9421)
2007-10-10r16447: print the result of talloc_set_parent()Stefan Metzmacher1-3/+4
trying to find the bug on HPUX metze (This used to be commit 3db6bd87158cd615a3e35009598863758099595b)
2007-10-10r16446: talloc_set_name() allocates and can fail...Stefan Metzmacher2-7/+22
pass the error to the callers metze (This used to be commit 7aa07a1e0b2abd1a6ecd490410685d20c0201094)
2007-10-10r16445: print out valuesStefan Metzmacher1-2/+4
metze (This used to be commit 972634b2021e60b27d68b0fd6d49ef95398d92e2)
2007-10-10r16442: if we want to use CHECK_SIZE(NULL, 3)Stefan Metzmacher1-0/+2
we need null tracking, so enable it explicit before running any tests metze (This used to be commit f3cd971ab70c3edee4da87b8ca38ec215c8bff49)
2007-10-10r16264: Add, but do not yet enable, the partitions module.Andrew Bartlett4-8/+15
This required changes to the rootDSE module, to allow registration of partitions. In doing so I renamed the 'register' operation to 'register_control' and 'register_partition', which changed a few more modules. Due to the behaviour of certain LDAP servers, we create the baseDN entry in two parts: Firstly, we allow the admin to export a simple LDIF file to add to their server. Then we perform a modify to add the remaining attributes. To delete all users in partitions, we must now search and delete all objects in the partition, rather than a simple search from the root. Against LDAP, this might not delete all objects, so we allow this to fail. In testing, we found that the 'Domain Controllers' container was misnamed, and should be 'CN=', rather than 'OU='. To avoid the Templates being found in default searches, they have been moved to CN=Templates from CN=Templates,${BASEDN}. Andrew Bartlett (This used to be commit b49a4fbb57f10726bd288fdc9fc95c0cbbe9094a)
2007-10-10r16186: Use full include path to make sure it's being picked up by theJelmer Vernooij1-1/+1
dependency generator. (This used to be commit fbbc3b11683d594d31e6487873946b68c2c46923)
2007-10-10r16185: Remove autogenerated file from SVN.Jelmer Vernooij1-25/+0
(This used to be commit a975f11d452deb2c5e06b8ba02f528b08d2842e1)
2007-10-10r16172: Translate the ldb error codes into appropriate messages for theAndrew Bartlett1-3/+9
transaction cases. Andrew Bartlett (This used to be commit 28883f719304ee438c54a4d33e6bf1239f8c4094)
2007-10-10r16143: Fix disappearance of user-specified CPPFLAGS,LDFLAGS and LIBS variables.Jelmer Vernooij1-3/+6
(This used to be commit b7c3f80efd08c2206048d00815b7396488c91d3b)
2007-10-10r16100: Patch from Michael Wood <mwood@icts.uct.ac.za>: s/then/than/ for ↵Gerald Carter7-9/+9
correct grammar (This used to be commit 26a2fa97e4c819e630bc9b50e11c8d5328c7b8c8)
2007-10-10r16090: Fix standalone build after the rename of enum ldb_request_type inTim Potter3-21/+21
r15944. Hey idra I think a better rename would be to keep the LDB_REQ suffix here to remain consistent with the other enums (e.g ldb_reply_type, ldb_async_wait_type and ldb_async_state). (This used to be commit d44ee8c43bd8f6f978330a8ded8bf30ffad494d6)