summaryrefslogtreecommitdiff
path: root/source4/libcli/ldap/ldap_client.c
AgeCommit message (Collapse)AuthorFilesLines
2009-08-17s4:libcli/ldap Explain why we set a hostname for ldapi:// connectionsAndrew Bartlett1-1/+3
It is a pretty odd thing to do, and it's only because of the restrictions of DIGEST-MD5 in Cyrus SASL that we do it. Andrew Bartlett
2009-07-31s4:libcli/ldap: the tls code steals the original socket on its own nowStefan Metzmacher1-3/+0
metze
2009-02-24libcli/ldap: move generic ldap control encoding code to ldap_message.cStefan Metzmacher1-2/+2
As they can we static there, we pass the specific handlers as parameter where we need to support controls. metze
2009-02-18Worked around a problem with select/poll/epoll and gnutls Andrew Tridgell1-0/+4
Our packet layer relies on the event system reliably telling us when a packet is available. When we are using a socket layer like TLS then things get a bit trickier, as there may be bytes in the encryption buffer which could be read even if there are no bytes at the socket level. The GNUTLS library is supposed to prevent this happening by always leaving some data at the socket level when there is data to be processed in its buffers, but it seems that this is not always reliable. To work around this I have added a new packet option packet_set_unreliable_select() which tells the packet layer to not assume that the socket layer has a reliable select, and to instead keep trying to read from the socket until it gets back no data. This option is set for the ldap client and server when TLS is negotiated. This seems to fix the problems with the ldaps tests.
2009-01-03s4:libcli/ldap: convert to tevent_* apiStefan Metzmacher1-13/+13
metze
2009-01-03s4:socket: use a socket_wrapper aware function to auto close the fd event ↵Stefan Metzmacher1-3/+4
for sockets metze
2008-12-29s4:lib/tevent: rename structsStefan Metzmacher1-4/+4
list="" list="$list event_context:tevent_context" list="$list fd_event:tevent_fd" list="$list timed_event:tevent_timer" for s in $list; do o=`echo $s | cut -d ':' -f1` n=`echo $s | cut -d ':' -f2` r=`git grep "struct $o" |cut -d ':' -f1 |sort -u` files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4` for f in $files; do cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp mv $f.tmp $f done done metze
2008-12-18s4:lib/socket: socket_connect_send() and socket_connect_ev() should only ↵Stefan Metzmacher1-1/+1
wrok with addresses metze
2008-10-23Fix function parameters.Jelmer Vernooij1-1/+1
2008-10-11Fix include paths to new location of libutil.Jelmer Vernooij1-2/+2
2008-09-29LDB ASYNC: misc changesSimo Sorce1-1/+1
2008-09-24Fix nasty bug that would come up only if a client connection to a remoteSimo Sorce1-9/+12
ldap server suddenly dies. We were creating a wrong talloc hierarchy, so the event.fde was not freed automatically as expected. This in turn made the event system call the ldap io handlers with a null packet structure, causing a segfault. Fix also the ordering in ldap_connection_dead() Thanks to Metze for the huge help in tracking down this one.
2008-07-15Make up a full hostname for ldapi connections.Andrew Bartlett1-2/+7
The DIGEST-MD5 SASL method requires a hostname, so provide one. Andrew Bartlett (This used to be commit edfb2ed1f22bc735af5a0c3d3ae6ab6771d28f2c)
2008-04-21Remove more event_context_init() uses from function calls within deep down ↵Simo Sorce1-8/+4
the code. Make sure we pass around the event_context where we need it instead. All test but a few python ones fail. Jelmer promised to fix them. (This used to be commit 3045d391626fba169aa26be52174883e18d323e9)
2008-04-02Install public header files again and include required prototypes.Jelmer Vernooij1-11/+12
(This used to be commit 47ffbbf67435904754469544390b67d34c958343)
2008-01-15util: Move asn1 to lib/util to trim down the number of subsystems.Jelmer Vernooij1-1/+1
(This used to be commit 44e1cfd2d0ef62e4ee541cec00581a7151d951b3)
2007-12-21r26376: Add context for libcli_resolve.Jelmer Vernooij1-2/+3
(This used to be commit 459e1466a411d6f83b7372e248566e6e71c745fc)
2007-12-21r26355: Eliminate global_loadparm in more places.Jelmer Vernooij1-5/+8
(This used to be commit 5d589a0d94bd76a9b4c9fc748854e8098ea43c4d)
2007-12-21r26335: Specify name_resolve_order to socket code.Jelmer Vernooij1-2/+2
(This used to be commit b03e5d00110be3f1fe5809dad4eb6ca5cea7463d)
2007-12-21r26266: Remove more global_loadparm uses.Jelmer Vernooij1-1/+2
(This used to be commit 99113075c4a96679bcec4f4d6bba4acb3dee4245)
2007-12-21r26238: Add a loadparm context parameter to torture_context, remove more ↵Jelmer Vernooij1-1/+12
uses of global_loadparm. (This used to be commit a33a5530545086b81a3b205aa109dff11c546926)
2007-12-21r26192: Handle, test and implement the style of extended_dn requiest that ↵Andrew Bartlett1-0/+15
MMC uses. It appears that the control value is optional, implying type 0 responses. Failing to parse this was causing LDAP disconnects with 'unavailable critical extension'. Andrew Bartlett (This used to be commit 833dfc2f2af84c45f954e428c9ea6babf100ba92)
2007-12-21r25692: fixed another example where the free of fde and the free of the socketAndrew Tridgell1-1/+3
causes the fd to be closed before epoll is told (This used to be commit d19686cf8a3aba0c6601c5fa58cbf74461055c1c)
2007-10-10r25554: Convert last instances of BOOL, True and False to the standard types.Jelmer Vernooij1-3/+3
(This used to be commit 566aa14139510788548a874e9213d91317f83ca9)
2007-10-10r23792: convert Samba4 to GPLv3Andrew Tridgell1-3/+2
There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-10-10r23036: error checking on asn1_init() failureAndrew Tridgell1-1/+3
(This used to be commit 26cf8494084c0106ef0e1c9b6ef40eeadf945ef2)
2007-10-10r23030: finally fixed up our asn1 code to use better memory allocation. ThisAndrew Tridgell1-6/+5
should allow us to fix some long standing memory leaks. (This used to be commit 3db49c2ec9968221c1361785b94061046ecd159d)
2007-10-10r22884: Be consistant with the case of these constants.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 7b086eebd6af21674ca18c7d9b35cb2c6b57514a)
2007-10-10r22405: fix memory leak in error pathStefan Metzmacher1-0/+1
metze (This used to be commit d19195bfa5405822613d5236cd76547f0ac77bde)
2007-10-10r21806: I've been working over the last week to fix up the LDAP backend forAndrew Bartlett1-2/+5
Samba4. This only broke on global catalog queries, which turned out to be due to changes in the partitions module that metze needed for his DRSUAPI work. I've reworked partitions.c to always include the 'problematic' control, and therefore demonstrated that this is the issue. This ensures consistency, and should help with finding issues like this in future. As this control (DSDB_CONTROL_CURRENT_PARTITION_OID) is not intended to be linearised, I've added logic to allow it to be skipped when creating network packets. I've likewise make our LDAP server skip unknown controls, when marked 'not critical' on it's input, rather than just dropping the entire request. I need some help to generate a correct error packet when it is marked critical. Further work could perhaps be to have the ldap_encode routine return a textual description of what failed to encode, as that would have saved me a lot of time... Andrew Bartlett (This used to be commit eef710668f91d1bbaa2d834d9e653e11c8aac817)
2007-10-10r21761: - Give more detail on LDAP client library failures (make it clearAndrew Bartlett1-3/+6
where the error is from) - Make default error string more consistant Andrew Bartlett (This used to be commit 7f115579d20a3112efd11444fafcbf78698fc9a1)
2007-10-10r19507: Merge my DSO fixes branch. Building Samba's libraries as shared ↵Jelmer Vernooij1-1/+1
libraries works again now, by specifying --enable-dso to configure. (This used to be commit 7a01235067a4800b07b8919a6a475954bfb0b04c)
2007-10-10r18309: FreeBSD 6.1 has a symbol ldap_new_connection() in the system ldapAndrew Tridgell1-1/+1
library. Even though we don't like to that library, it gets loaded via nss-ldap, which means nss-ldap calls into the samba ldap lib with the wrong parameters, and crashes. We really need to use a completely different namespace in libcli/ldap/ (This used to be commit c440e0eed9afae5fe69995a7416971e7c8560779)
2007-10-10r18256: use the right status variableAndrew Tridgell1-2/+1
(This used to be commit f4b4bd945f5c3955aab0c3cf89ad6cdda7529dac)
2007-10-10r18024: The %c sscanf format I'm using doesn't null terminate.Andrew Bartlett1-0/+3
Andrew Bartlett (This used to be commit 1920cb8b3978f745cba7e854410deb9174de2dc0)
2007-10-10r18021: Add ldapi support to our LDAP client. To be used for testing anAndrew Bartlett1-34/+93
OpenLDAP backend. Andrew Bartlett (This used to be commit da66b53e6ac39c5f020781830ee69d460aa0cae5)
2007-10-10r17930: Merge noinclude branch:Jelmer Vernooij1-1/+1
* Move dlinklist.h, smb.h to subsystem-specific directories * Clean up ads.h and move what is left of it to dsdb/ (only place where it's used) (This used to be commit f7afa1cb77f3cfa7020b57de12e6003db7cfcc42)
2007-10-10r17222: Change the function prototypes for the GENSEc and TLS socket creationAndrew Bartlett1-5/+6
routines to return an NTSTATUS. This should help track down errors. Use a bit of talloc_steal and talloc_unlink to get the real socket to be a child of the GENSEC or TLS socket. Always return a new socket, even for the 'pass-though' case. Andrew Bartlett (This used to be commit 003e2ab93c87267ba28cd67bd85975bad62a8ea2)
2007-10-10r17197: This patch moves the encryption of bulk data on SASL negotiated securityAndrew Bartlett1-85/+9
contexts from the application layer into the socket layer. This improves a number of correctness aspects, as we now allow LDAP packets to cross multiple SASL packets. It should also make it much easier to write async LDAP tests from windows clients, as they use SASL by default. It is also vital to allowing OpenLDAP clients to use GSSAPI against Samba4, as it negotiates a rather small SASL buffer size. This patch mirrors the earlier work done to move TLS into the socket layer. Unusual in this pstch is the extra read callback argument I take. As SASL is a layer on top of a socket, it is entirely possible for the SASL layer to drain a socket dry, but for the caller not to have read all the decrypted data. This would leave the system without an event to restart the read (as the socket is dry). As such, I re-invoke the read handler from a timed callback, which should trigger on the next running of the event loop. I believe that the TLS code does require a similar callback. In trying to understand why this is required, imagine a SASL-encrypted LDAP packet in the following formation: +-----------------+---------------------+ | SASL Packet #1 | SASL Packet #2 | ----------------------------------------+ | LDAP Packet #1 | LDAP Packet #2 | ----------------------------------------+ In the old code, this was illegal, but it is perfectly standard SASL-encrypted LDAP. Without the callback, we would read and process the first LDAP packet, and the SASL code would have read the second SASL packet (to decrypt enough data for the LDAP packet), and no data would remain on the socket. Without data on the socket, read events stop. That is why I add timed events, until the SASL buffer is drained. Another approach would be to add a hack to the event system, to have it pretend there remained data to read off the network (but that is ugly). In improving the code, to handle more real-world cases, I've been able to remove almost all the special-cases in the testnonblock code. The only special case is that we must use a deterministic partial packet when calling send, rather than a random length. (1 + n/2). This is needed because of the way the SASL and TLS code works, and the 'resend on failure' requirements. Andrew Bartlett (This used to be commit 5d7c9c12cb2b39673172a357092b80cd814850b0)
2007-10-10r15854: more talloc_set_destructor() typesafe fixesAndrew Tridgell1-2/+1
(This used to be commit 61c6100617589ac6df4f527877241464cacbf8b3)
2007-10-10r15400: Move the TLS code behind the socket interface.Andrew Bartlett1-18/+21
This reduces caller complexity, because the TLS code is now called just like any other socket. (A new socket context is returned by the tls_init_server and tls_init_client routines). When TLS is not available, the original socket is returned. Andrew Bartlett (This used to be commit 09b2f30dfa7a640f5187b4933204e9680be61497)
2007-10-10r15288: fix some problemsSimo Sorce1-3/+3
(This used to be commit d448389be88b3bb9d6f9a3b8a1e1597c4988a0ff)
2007-10-10r15241: Add helper function to set reconnect status defaultsSimo Sorce1-0/+11
(This used to be commit 6fff8f871a607e561531e2aabef37f3469aa85e9)
2007-10-10r15238: Add some code to automatically reconnect if we want to.Simo Sorce1-10/+68
(This used to be commit e2102999e26566543162455b34adbd2b0486b74d)
2007-10-10r13609: Get in the initial work on making ldb asyncSimo Sorce1-17/+17
Currently only ldb_ildap is async, the plan is to first make all backend support the async calls, and then remove the sync functions from backends and keep the only in the API. Modules will need to be transformed along the way. Simo (This used to be commit 1e2c13b2d52de7c534493dd79a2c0596a3e8c1f5)
2007-10-10r12733: Merge ldap/ldb controls into main treeSimo Sorce1-0/+1
There's still lot of work to do but the patch is stable enough to be pushed into the main samba4 tree. Simo. (This used to be commit 77125feaff252cab44d26593093a9c211c846ce8)
2007-10-10r12694: Move some headers to the directory of the subsystem they belong to.Jelmer Vernooij1-1/+1
(This used to be commit c722f665c90103f3ed57621c460e32ad33e7a8a3)
2007-10-10r12608: Remove some unused #include lines.Jelmer Vernooij1-2/+0
(This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981)
2007-10-10r12542: Move some more prototypes out to seperate headersJelmer Vernooij1-0/+1
(This used to be commit 0aca5fd5130d980d07398f3291d294202aefe3c2)
2007-10-10r12116: got rid of composite_trigger_done() and composite_trigger_error(), andAndrew Tridgell1-1/+1
instead make the normal composite_done() and composite_error() functions automatically trigger a delayed callback if the caller has had no opportunity to setup a async callback this removes one of the common mistakes in writing a composite function (This used to be commit f9413ce792ded682e05134b66d433eeec293e6f1)