summaryrefslogtreecommitdiff
path: root/source4/libcli/ldap/ldap_controls.c
AgeCommit message (Collapse)AuthorFilesLines
2010-12-13s4:ldap_controls: allow DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID over sockets.Stefan Metzmacher1-2/+2
The DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID control has to data attached to it. So we can allow it to be send over LDAP. We'll accept this control over the privileged ldapi socket only. metze
2010-10-27s4-ldb: Changes the aclread module to use LDB_HANDLE_FLAG_UNTRUSTED to ↵Nadezhda Ivanova1-2/+0
determine the source of the request The aclread module used to use a control to make sure the request comes from the ldap server, but now the rootdse filters out any unregistered controls comming from ldap, so the control is lost. Using the LDB_HANDLE_FLAG_UNTRUSTED is a much more elegant solution. Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Wed Oct 27 11:55:11 UTC 2010 on sn-devel-104
2010-10-23s4/ldb:introduce the LDB_CONTROL_PROVISION_OID controlMatthias Dieter Wallnöfer1-0/+2
This control is exactly thought for the actions which previously were performed using the RELAX one. We agreed that the RELAX control will only remain for interactions with OpenLDAP.
2010-10-23ldb:rename LDB_CONTROL_BYPASSOPERATIONAL_OID into ↵Matthias Dieter Wallnöfer1-2/+2
LDB_CONTROL_BYPASS_OPERATIONAL_OID It's nicer to have this consistent with "BYPASS_PASSWORD_HASH".
2010-10-18Revert "s4:dsdb - make the RELAX control private"Andrew Bartlett1-2/+1
This must be available to the OpenLDAP backend, to set the GUID values in some situations. We need a proper ACL mechanism to control the use or abuse of this control. This reverts commit 10adee89367cee9add993869280542418fb3d370.
2010-10-16s4:dsdb - make the RELAX control privateMatthias Dieter Wallnöfer1-1/+2
This makes our LDAP much more secure and less error-prone. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat Oct 16 19:43:36 UTC 2010 on sn-devel-104
2010-10-16s4:libcli/ldap/ldap_controls.c - fix up the controls listMatthias Dieter Wallnöfer1-29/+49
- add missing private controls and comments - use control defines rather than hardcoded values -> easier to comprehend - reorder controls
2010-09-26s4-ldap: Added a control to apply the access checks on read via LDAPNadezhda Ivanova1-0/+2
2010-08-17s4-dsdb: added support for LDB_CONTROL_RODC_DCPROMO_OIDAndrew Tridgell1-0/+1
this control adds a unique msDS-SecondaryKrbTgtNumber attribute to a user object. There is some 'interesting' interaction with the rangeLower and rangeUpper attributes and this add. We don't implementat rangeLower/rangeUpper yet, but when we do we'll need an override for this control (or be careful about module ordering). Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-17s4-ldap: use common functions for ldap flag controls encode/decodeAndrew Tridgell1-163/+11
many controls are simple present/not-present flags, and don't need their own parsers Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-06-28s4/libcli: Register LDB_CONTROL_REVEAL_INTERNALS and ↵Endi S. Dewata1-0/+4
DSDB_CONTROL_PASSWORD_CHANGE_STATUS_OID controls. Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
2010-06-20ldb:controls - add the "TREE_DELETE" control for allowing subtree deletesMatthias Dieter Wallnöfer1-0/+20
2010-06-20s4:ldap_controls.c - remove encoding functions for private recalculate SD ↵Matthias Dieter Wallnöfer1-19/+0
control
2010-06-07s4: Remove an uselessly exposed controlMatthieu Patou1-1/+0
2010-05-21s4:libcli/ldap Rename ldap.h to libcli_ldap.hAndrew Bartlett1-1/+1
It is a problem if a samba header is called ldap.h if we also want to use OpenLDAP's ldap.h Andrew Bartlett
2010-03-02s4-libcli: Added NULL handlers for DSDB_CONTROL_DN_STORAGE_FORMAT_OID and ↵Endi S. Dewata1-0/+4
LDB_CONTROL_AS_SYSTEM_OID Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-11-28s4: fix SD update and password change in upgrade scriptMatthieu Patou1-0/+20
- reserve a new Samba OID for recalculate SD control - fix the update SD function - fix handling of kvno in the update_machine_account_password function - fix handling of handles in RPC winreg server Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-11-19s4:ldbcli - Added encoder/decoder for relax control.Endi S. Dewata1-2/+20
2009-11-12s4:libcli/ldap Add 'relax' OID to known network representationsAndrew Bartlett1-0/+2
This patch, inspired by a patche by Endi S. Dewata <edewata@redhat.com>, allows this control to be passed to the LDAP backend. Andrew Bartlett
2009-10-02s4: fix various warnings (not "const" related ones)Matthias Dieter Wallnöfer1-2/+2
2009-07-23s4:libcli/ldap: add support for new Recycle Bin Feature LDAP ControlsStefan Metzmacher1-0/+40
LDAP_SERVER_SHOW_RECYCLED_OID 1.2.840.113556.1.4.2064 LDAP_SERVER_SHOW_DEACTIVATED_LINK_OID 1.2.840.113556.1.4.2065 metze
2009-06-10fixed the encoding/decoding of the reverse attribute for server side sortAndrew Tridgell1-3/+10
2009-02-24libcli/ldap: move generic ldap control encoding code to ldap_message.cStefan Metzmacher1-127/+4
As they can we static there, we pass the specific handlers as parameter where we need to support controls. metze
2009-02-24s4:libcli/ldap: don't use 'void **out' as arguments as the behavior is not ↵Stefan Metzmacher1-17/+32
defined in C. metze
2008-12-17s4:dsdb: add support for DSDB_OPENLDAP_DEREFERENCE_CONTROLAndrew Bartlett1-0/+115
Encode and decode the OpenLDAP dereference control (draft-masarati-ldap-deref-00) At this time, the ldb_controls infrustructure does not handle request and reply controls having different formats, so this is purely the client implementation (ie, there is no decode of the client->server packet, and no encode of the server->client packet). Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-10-20Make sure prototypes are always included, make some functions static andJelmer Vernooij1-0/+1
remove some unused functions.
2008-10-11Fix include paths to new location of libutil.Jelmer Vernooij1-1/+1
2008-01-15util: Move asn1 to lib/util to trim down the number of subsystems.Jelmer Vernooij1-1/+1
(This used to be commit 44e1cfd2d0ef62e4ee541cec00581a7151d951b3)
2007-12-21r26192: Handle, test and implement the style of extended_dn requiest that ↵Andrew Bartlett1-2/+16
MMC uses. It appears that the control value is optional, implying type 0 responses. Failing to parse this was causing LDAP disconnects with 'unavailable critical extension'. Andrew Bartlett (This used to be commit 833dfc2f2af84c45f954e428c9ea6babf100ba92)
2007-10-10r25554: Convert last instances of BOOL, True and False to the standard types.Jelmer Vernooij1-265/+265
(This used to be commit 566aa14139510788548a874e9213d91317f83ca9)
2007-10-10r24248: Attempt to fix bug #4830 by <mwallnoefer@yahoo.de>. If there is noAndrew Bartlett1-0/+1
payload to the control, we still need to inialise *value, as otherwise we read uninitialised data later. Andrew Bartlett (This used to be commit f6566480b7f1b4036b38284aa539f3a69f5c4573)
2007-10-10r23792: convert Samba4 to GPLv3Andrew Tridgell1-3/+2
There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-10-10r23036: error checking on asn1_init() failureAndrew Tridgell1-0/+40
(This used to be commit 26cf8494084c0106ef0e1c9b6ef40eeadf945ef2)
2007-10-10r23030: finally fixed up our asn1 code to use better memory allocation. ThisAndrew Tridgell1-177/+167
should allow us to fix some long standing memory leaks. (This used to be commit 3db49c2ec9968221c1361785b94061046ecd159d)
2007-10-10r21806: I've been working over the last week to fix up the LDAP backend forAndrew Bartlett1-27/+44
Samba4. This only broke on global catalog queries, which turned out to be due to changes in the partitions module that metze needed for his DRSUAPI work. I've reworked partitions.c to always include the 'problematic' control, and therefore demonstrated that this is the issue. This ensures consistency, and should help with finding issues like this in future. As this control (DSDB_CONTROL_CURRENT_PARTITION_OID) is not intended to be linearised, I've added logic to allow it to be skipped when creating network packets. I've likewise make our LDAP server skip unknown controls, when marked 'not critical' on it's input, rather than just dropping the entire request. I need some help to generate a correct error packet when it is marked critical. Further work could perhaps be to have the ldap_encode routine return a textual description of what failed to encode, as that would have saved me a lot of time... Andrew Bartlett (This used to be commit eef710668f91d1bbaa2d834d9e653e11c8aac817)
2007-10-10r17430: implement the LDAP_SERVER_PERMISSIVE_MODIFY control in the clientStefan Metzmacher1-0/+20
metze (This used to be commit 96259f0f24b114e505241c9d2deb702a8b40f1b6)
2007-10-10r17429: implement the LDAP_SERVER_SHOW_DELETED control in the clientStefan Metzmacher1-0/+20
metze (This used to be commit 40dc7c1787c16bfc15ac87fee81d2d2d1f3d2fde)
2007-10-10r17420: add client support for the LDAP_SERVER_DOMAIN_SCOPE controlStefan Metzmacher1-0/+20
metze (This used to be commit 84e74a759cfa49ebc8b4ba1b8e729d6d920fc55a)
2007-10-10r17419: add client support for the LDAP_SERVER_SEARCH_OPTIONS support.Stefan Metzmacher1-0/+59
with this you can limit a search to a specific partitions or a search over all partitions without getting referrals. (Witch is the default behavior on the Global Catalog Port) metze (This used to be commit 4ccd0f8171f3748ee6efe1abd3f894d2cdf46bf4)
2007-10-10r17418: add client support for the LDAP_SERVER_SD_FLAGS controlStefan Metzmacher1-0/+59
metze (This used to be commit 23759a1e9b05c4fde475a9016cb0b7447656d7e7)
2007-10-10r15573: Fix build of systems that have iconv headers in non-standard locationsJelmer Vernooij1-1/+0
Split of system/locale.h header from system/iconv.h Previously, iconv wasn't being used on these systems (This used to be commit aa6d66fda69779d1c2948a1aca85dbd5208f1cba)
2007-10-10r15365: Fix error in my previous commit, caught by metze.Jelmer Vernooij1-3/+3
(This used to be commit 0d99397007960e555f562f1498a202407e235f36)
2007-10-10r15358: Fix some compiler warnings / type safety. Found by tccJelmer Vernooij1-2/+6
(This used to be commit 12ba42de5886f9f4f9b1698476557e0c217d06f3)
2007-10-10r14424: another empty controls caseAndrew Tridgell1-1/+3
(This used to be commit 7d0eb678bf3649fb4e09da039dd1b716ea3df2cc)
2007-10-10r13609: Get in the initial work on making ldb asyncSimo Sorce1-9/+40
Currently only ldb_ildap is async, the plan is to first make all backend support the async calls, and then remove the sync functions from backends and keep the only in the API. Modules will need to be transformed along the way. Simo (This used to be commit 1e2c13b2d52de7c534493dd79a2c0596a3e8c1f5)
2007-10-10r13508: some ASN.1 element in LDAP are optional,Stefan Metzmacher1-13/+21
make it possible to code the difference between a zero length and a NULL DATA_BLOB... metze (This used to be commit 54f0b19c55df8ad3882f31a114e2ea0e4cf940ae)
2007-10-10r13506: zero memory as some ASN.1 elements are optional, and we should ↵Stefan Metzmacher1-1/+1
initialize them for the internal use... found by 'make valgrindtest' metze (This used to be commit 1db9501c5261a974c6da1938537c7991ff6cfefd)
2007-10-10r13372: fixes ... still no joySimo Sorce1-0/+8
(This used to be commit 0e2cca9153619d646b90f32620905ab66b017c6a)
2007-10-10r13361: initial implementation of the vlv controlSimo Sorce1-1/+244
seem still buggy, can't make w2k3 to like it yet (This used to be commit e1318383e91f6f6db39e3e3c9946fbb089753947)
2007-10-10r13354: Add tests to check that controls work properlySimo Sorce1-1/+1
Fix asq module, add a second_stage_init to register with rootdse Fix asq control ldap parsing routines (this was nasty to find out) (This used to be commit 933a80397d137f7d5b79c82a068d62bb6928ef47)