summaryrefslogtreecommitdiff
path: root/source4/libcli/ldap/ldap_bind.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r15400: Move the TLS code behind the socket interface.Andrew Bartlett1-1/+1
This reduces caller complexity, because the TLS code is now called just like any other socket. (A new socket context is returned by the tls_init_server and tls_init_client routines). When TLS is not available, the original socket is returned. Andrew Bartlett (This used to be commit 09b2f30dfa7a640f5187b4933204e9680be61497)
2007-10-10r15238: Add some code to automatically reconnect if we want to.Simo Sorce1-0/+53
(This used to be commit e2102999e26566543162455b34adbd2b0486b74d)
2007-10-10r15181: Don't try kerberos sign/seal when in SSLSimo Sorce1-1/+6
(This used to be commit 3be3b1130c41e8e372531c137c46f91c5c0acf98)
2007-10-10r13508: some ASN.1 element in LDAP are optional,Stefan Metzmacher1-3/+16
make it possible to code the difference between a zero length and a NULL DATA_BLOB... metze (This used to be commit 54f0b19c55df8ad3882f31a114e2ea0e4cf940ae)
2007-10-10r13342: Make the GSSAPI SASL mech actually work, by (shock horror) reading ↵Andrew Bartlett1-13/+6
the spec. GSSAPI differs from GSS-SPNEGO in an additional 3 packets, negotiating a buffer size and what integrity protection/privacy should be used. I worked off draft-ietf-sasl-gssapi-03, and this works against Win2k3. I'm doing this in the hope that Apple clients as well as SASL-based LDAP tools may get a bit further. I still can't get ldapsearch to work, it fails with the ever-helpful 'Local error'. Andrew Bartlett (This used to be commit 3e462897754b30306c1983af2d137329dd937ad6)
2007-10-10r12733: Merge ldap/ldb controls into main treeSimo Sorce1-1/+4
There's still lot of work to do but the patch is stable enough to be pushed into the main samba4 tree. Simo. (This used to be commit 77125feaff252cab44d26593093a9c211c846ce8)
2007-10-10r12608: Remove some unused #include lines.Jelmer Vernooij1-1/+0
(This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981)
2007-10-10r12062: SASL negotiation now requires a gensec_security context, so that weAndrew Bartlett1-1/+1
only try permitted mechanims. Andrew Bartlett (This used to be commit 0f50239dc40ee128e4985f8aec5bb5f440a4f3f0)
2007-10-10r11521: Add in client support for checking supportedSASLmechanisms, and thenAndrew Bartlett1-2/+55
determining a mechanism to use. Currently it doesn't to fallbacks like SPNEGO does, but this could be added (to GENSEC, not to here). This also adds a new function to GENSEC, which returns a list of SASL names in our preference order (currently determined by the build system of all things...). Also make the similar function used for OIDs in SPNEGO do the same. This is all a very long-winded way of moving from a hard-coded NTLM to GSS-SPNEGO in our SASL client... Andrew Bartlett (This used to be commit 130eb9bb9a37957614c87e0e6846a812abb51e00)
2007-10-10r11114: - fixed error handling on bad bind in ildap clientAndrew Tridgell1-1/+2
- added nicer error display, giving a string version of the error code (This used to be commit 5ec486bb81536b38a5f40cae7555cbcbbfa52263)
2007-10-10r9505: Work on GENSEC and the code that calls it, for tighter interfaceAndrew Bartlett1-8/+26
requirements, and for better error reporting. In particular, the composite session setup (extended security/SPNEGO) code now returns errors, rather than NT_STATUS_NO_MEMORY. This is seen particularly when GENSEC fails to start. The tighter interface rules apply to NTLMSSP, which must be called exactly the right number of times. This is to match some of our other less-tested modules, where adding flexablity is harder. (and this is security code, so let's just get it right). As such, the DCE/RPC and LDAP clients have been updated. Andrew Bartlett (This used to be commit 134550cf752b9edad66c3368750bfb4bbd9d55d1)
2007-10-10r7855: fixed a typoAndrew Tridgell1-1/+1
(This used to be commit a1155651e722e28496be02b729c950afae5db9a9)
2007-10-10r7717: fixed some typosAndrew Tridgell1-4/+4
(This used to be commit fc8feee56034fe165359c804d111f80e5b3ebb65)
2007-10-10r7633: this patch started as an attempt to make the dcerpc code use a givenAndrew Tridgell1-1/+1
event_context for the socket_connect() call, so that when things that use dcerpc are running alongside anything else it doesn't block the whole process during a connect. Then of course I needed to change any code that created a dcerpc connection (such as the auth code) to also take an event context, and anything that called that and so on .... thus the size of the patch. There were 3 places where I punted: - abartlet wanted me to add a gensec_set_event_context() call instead of adding it to the gensec init calls. Andrew, my apologies for not doing this. I didn't do it as adding a new parameter allowed me to catch all the callers with the compiler. Now that its done, we could go back and use gensec_set_event_context() - the ejs code calls auth initialisation, which means it should pass in the event context from the web server. I punted on that. Needs fixing. - I used a NULL event context in dcom_get_pipe(). This is equivalent to what we did already, but should be fixed to use a callers event context. Jelmer, can you think of a clean way to do that? I also cleaned up a couple of things: - libnet_context_destroy() makes no sense. I removed it. - removed some unused vars in various places (This used to be commit 3a3025485bdb8f600ab528c0b4b4eef0c65e3fc9)
2007-10-10r7626: a new ldap client library. Main features are:Andrew Tridgell1-0/+250
- hooked into events system, so requests can be truly async and won't interfere with other processing happening at the same time - uses NTSTATUS codes for errors (previously errors were mostly ignored). In a similar fashion to the DOS error handling, I have reserved a range of the NTSTATUS code 32 bit space for LDAP error codes, so a function can return a LDAP error code in a NTSTATUS - much cleaner packet handling (This used to be commit 2e3c660b2fc20e046d82bf1cc296422b6e7dfad0)