summaryrefslogtreecommitdiff
path: root/source4/libcli/ldap
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r7567: added wire parsing of NOT and extended ldap search requests. ThisAndrew Tridgell1-37/+97
allows us to parse and handle the complex queries we are getting from w2k, such as (|(|(&(!(groupType:1.2.840.113556.1.4.803=1))(groupType:1.2.840.113556.1.4.803=2147483648)(groupType:1.2.840.113556.1.4.804=6))(samAccountType=805306368))(samAccountType=805306369)) (This used to be commit 041bce591306a0fb26bd31fe371e30021ea5c0c1)
2007-10-10r7527: - added a ldb_search_bytree() interface, which takes a ldb_parse_treeAndrew Tridgell2-34/+10
instead of a search expression. This allows our ldap server to pass its ASN.1 parsed search expressions straight to ldb, instead of going via strings. - updated all the ldb modules code to handle the new interface - got rid of the separate ldb_parse.h now that the ldb_parse structures are exposed externally - moved to C99 structure initialisation in ldb - switched ldap server to using ldb_search_bytree() (This used to be commit 96620ab2ee5d440bbbc51c1bc0cad9977770f897)
2007-10-10r7524: make the ldap ASN.1 filter parse code go via a structAndrew Tridgell1-77/+107
ldb_parse_tree. This also fixes the error handling. next step will be to pass the parse tree straight into ldb, avoiding the string encoding completely. (This used to be commit 235cf625e20767c8d5d30c5955ae45e1fdf88bf2)
2007-10-10r7519: rip the copy of the ldap expression parser out of libcli/ldap/ and useAndrew Tridgell4-421/+43
the original one in lib/ldb/ instead. Having two copies of this code is silly. (This used to be commit 0e9f18c44858b692c724c004f362de9e3dc15db5)
2007-10-10r6817: - fixed empty ldap search elements in filtersAndrew Tridgell3-1/+19
- added support for guids in cldap netlogon searches. the cldap server now passes the LDAP-CLDAP torture test (This used to be commit eb7979d9def389942fa1c54693d2dfcb8828f544)
2007-10-10r6763: added functions in libcli/ldap/ to binary encode some NDR structures intoAndrew Tridgell4-2/+89
ldap friendly filter strings (This used to be commit 8890dd3ac331cffe83226a356c52df89c917c2b0)
2007-10-10r6745: - escape spaces in binary ldap blobsAndrew Tridgell2-3/+15
- expose the ldap filter string parsing outside of ldap.c (This used to be commit b644ff6fe164fbe359c47e4d34f5ad490ff61d5b)
2007-10-10r6732: - move sasl send recv code to the ldap libStefan Metzmacher2-1/+188
- support 'modrdn' ldif metze (This used to be commit b6a1734699953964fcde6fe6ea7048496492eb33)
2007-10-10r6726: support binary search elements in ldap_decode()Andrew Tridgell1-6/+42
(This used to be commit 2b36f1dfdd6cf3ab89f63b541ae4cd905fb03c8d)
2007-10-10r6689: minor ldap client library workAndrew Tridgell2-24/+63
- added support for binary encoded search filters - fixed some const handling - changed the message type to an enum, to help debugging (This used to be commit d5353b63428698d1ce95c50e2626f1841fa637e3)
2007-10-10r6028: A MAJOR update to intergrate the new credentails system fully withAndrew Bartlett2-22/+9
GENSEC, and to pull SCHANNEL into GENSEC, by making it less 'special'. GENSEC now no longer has it's own handling of 'set username' etc, instead it uses cli_credentials calls. In order to link the credentails code right though Samba, a lot of interfaces have changed to remove 'username, domain, password' arguments, and these have been replaced with a single 'struct cli_credentials'. In the session setup code, a new parameter 'workgroup' contains the client/server current workgroup, which seems unrelated to the authentication exchange (it was being filled in from the auth info). This allows in particular kerberos to only call back for passwords when it actually needs to perform the kinit. The kerberos code has been modified not to use the SPNEGO provided 'principal name' (in the mechListMIC), but to instead use the name the host was connected to as. This better matches Microsoft behaviour, is more secure and allows better use of standard kerberos functions. To achieve this, I made changes to our socket code so that the hostname (before name resolution) is now recorded on the socket. In schannel, most of the code from librpc/rpc/dcerpc_schannel.c is now in libcli/auth/schannel.c, and it looks much more like a standard GENSEC module. The actual sign/seal code moved to libcli/auth/schannel_sign.c in a previous commit. The schannel credentails structure is now merged with the rest of the credentails, as many of the values (username, workstation, domain) where already present there. This makes handling this in a generic manner much easier, as there is no longer a custom entry-point. The auth_domain module continues to be developed, but is now just as functional as auth_winbind. The changes here are consequential to the schannel changes. The only removed function at this point is the RPC-LOGIN test (simulating the load of a WinXP login), which needs much more work to clean it up (it contains copies of too much code from all over the torture suite, and I havn't been able to penetrate its 'structure'). Andrew Bartlett (This used to be commit 2301a4b38a21aa60917973451687063d83d18d66)
2007-10-10r5322: removed a whole bunch of #include lines that minimal_includes.plAndrew Tridgell1-1/+0
thinks are not needed. Now to see how this fares on the build farm :) (This used to be commit 80ffcc650c9c86141507edd8338b97814a85f868)
2007-10-10r5308: trimmed back a lot of the old macros from smb_macros.hAndrew Tridgell1-2/+2
(This used to be commit bf43c9bdcf9e654d123f6a2b29feb9189ca9e561)
2007-10-10r5305: removed libcli/ldap/ldap.h from includes.hAndrew Tridgell5-0/+63
(This used to be commit 0df3fdd8178085c40f9cd776cc3e1486ca559c8e)
2007-10-10r5298: - got rid of pstring.h from includes.h. This at least makes it a bitAndrew Tridgell2-2/+4
less likely that anyone will use pstring for new code - got rid of winbind_client.h from includes.h. This one triggered a huge change, as winbind_client.h was including system/filesys.h and defining the old uint32 and uint16 types, as well as its own pstring and fstring. (This used to be commit 9db6c79e902ec538108d6b7d3324039aabe1704f)
2007-10-10r5137: fix typesStefan Metzmacher1-1/+1
metze (This used to be commit add1c579375d08040f722946da31ee3862f9e7ac)
2007-10-10r5107: moved the horrible ldap socket code, and the even worseAndrew Tridgell1-0/+240
asn1-tied-to-blocking-sockets code into the ldap client and torture suite, and out of the generic libs, so nobody else is tempted to use it for any new code. (This used to be commit 39d1ced21baeca40d1fca62ba65243ca8f15757e)
2007-10-10r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for theAndrew Tridgell3-14/+14
large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2007-10-10r5034: - added a type mapping function in pidl, so the type names in our IDLAndrew Tridgell1-6/+6
files don't need to match the type names in the generated headers - with this type mapping we no longer need definitions for the deprecated "int32", "uint8" etc form of types. We can now force everyone to use the standard types int32_t, uint8_t etc. - fixed all the code that used the deprecated types - converted the IDL types "int64" and "uint64" to "dlong" and "udlong". These are the 4 byte aligned 64 bit integers that Microsoft internally define as two 32 bit integers in a structure. After discussions with Ronnie Sahlberg we decided that calling these "int64" was confusing, as it implied a true 8 byte aligned type - fixed all the cases where we incorrectly used things like "NTTIME_hyper" in our C code. The generated API now uses a NTTIME for those. The fact that it is hyper-aligned on the wire is not relevant to the API, and should remain just a IDL property (This used to be commit f86521677d7ff16bdc4815f9524e5286026f10f3)
2007-10-10r4591: - converted the other _p talloc functions to not need _pAndrew Tridgell1-1/+1
- added #if TALLOC_DEPRECATED around the _p functions - fixes the code that broke from the above while doing this I fixed quite a number of places that were incorrectly using the non type-safe talloc functions to use the type safe ones. Some were even doing multiplies for array allocation, which is potentially unsafe. (This used to be commit 6e7754abd0c225527fb38363996a6e241b87b37e)
2007-10-10r4549: got rid of a lot more uses of plain talloc(), instead usingAndrew Tridgell2-5/+5
talloc_size() or talloc_array_p() where appropriate. also fixed a memory leak in pvfs_copy_file() (failed to free a memory context) (This used to be commit 89b74b53546e1570b11b3702f40bee58aed8c503)
2007-10-10r4460: Add a new GENSEC module: gensec_gssapiAndrew Bartlett1-3/+7
(disabled by default, set parametric option: gensec:gssapi=yes to enable). This module backs directly onto GSSAPI, and allows us to sign and seal GSSAPI/Krb5 connections in particular. This avoids me reinventing the entire GSSAPI wheel. Currently a lot of things are left as default - we will soon start specifiying OIDs as well as passwords (it uses the keytab only at the moment). Tested with our LDAP-* torture tests against Win2k3. My hope is to use this module to access the new SPNEGO implementation in Heimdal, to avoid having to standards-verify our own. Andrew Bartlett (This used to be commit 14b650c85db14a9bf97e24682b2643b63c51ff35)
2007-10-10r4386: Grr, fix copy-and-paste bug.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 13aa88ed65a8914000cccbecf80929db3df65037)
2007-10-10r4385: Set the correct target service.Andrew Bartlett1-0/+7
Andrew Bartlett (This used to be commit 722f59c7c8d09f548d9325c6051d6687d7aa16c2)
2007-10-10r4079: implement the gensec_have_feature() correctly by askingStefan Metzmacher1-1/+1
the backend what is actually in use metze (This used to be commit 6f3eb7bc03609108b9e0ea5676fca3d04140e737)
2007-10-10r4055: fixed more places to use type safe allocation macrosAndrew Tridgell1-5/+4
(This used to be commit eec698254f67365f27b4b7569fa982e22472aca1)
2007-10-10r4052: fixed a bunch of code to use the type safe _p allocation macrosAndrew Tridgell1-2/+2
(This used to be commit 80d15fa3402a9d1183467463f6b21c0b674bc442)
2007-10-10r3733: More build system fixes/features:Jelmer Vernooij1-1/+0
- Use .mk files directly (no need for a SMB_*_MK() macro when adding a new SUBSYSTEM, MODULE or BINARY). This allows addition of new modules and subsystems without running configure - Add support for generating .dot files with the Samba4 dependency tree (as used by the graphviz and springgraph utilities) (This used to be commit 64826da834e26ee0488674e27a0eae36491ee179)
2007-10-10r3585: check sscanf return codeStefan Metzmacher1-1/+5
metze (This used to be commit 9701abfa3a5f6351c8c7bced6adb751be9f5ff31)
2007-10-10r3584: fix referral handlingStefan Metzmacher2-5/+13
metze (This used to be commit 4868f1ea857e94f60dbde83bfb54def8a5ee728f)
2007-10-10r3583: - seperate the ldap client code and the ldap parsing codeStefan Metzmacher4-657/+699
(vl: we should only sync the parsing code with trunk) - use hierachical talloc in the ldap client code metze (This used to be commit 1e9c0b68ca9ddb28877d45fc1b47653b13a7446d)
2007-10-10r3475: don't pass a ptr to an enum as a ptr to an int (bug found by tcc)Andrew Tridgell1-1/+3
(This used to be commit a7e5bde6befa8da8fc7447b295d9177126f74964)
2007-10-10r3463: separated out some more headers (asn_1.h, messages.h, dlinklist.h and ↵Andrew Tridgell1-9/+11
ioctl.h) (This used to be commit b97e395c814762024336c1cf4d7c25be8da5813a)
2007-10-10r3453: - split out the auth and popt includesAndrew Tridgell1-0/+1
- tidied up some of the system includes - moved a few more structures back from misc.idl to netlogon.idl and samr.idl now that pidl knows about inter-IDL dependencies (This used to be commit 7b7477ac42d96faac1b0ff361525d2c63cedfc64)
2007-10-10r3449: more include file reductionAndrew Tridgell2-0/+2
the ldb part isn't ideal, I will have to think of a better solution (This used to be commit 6b1f86aea8427a8e957b1aeb0ec2f507297f07cb)
2007-10-10r3443: the next stage in the include files re-organisation.Andrew Tridgell1-1/+2
I have created the include/system/ directory, which will contain the wrappers for the system includes for logical subsystems. So far I have created include/system/kerberos.h and include/system/network.h, which contain all the system includes for kerberos code and networking code. These are the included in subsystems that need kerberos or networking respectively. Note that this method avoids the mess of #ifdef HAVE_XXX_H in every C file, instead each C module includes the include/system/XXX.h file for the logical system support it needs, and the details are kept isolated in include/system/ This patch also creates a "struct ipv4_addr" which replaces "struct in_addr" in our code. That avoids every C file needing to import all the system networking headers. (This used to be commit 2e25c71853f8996f73755277e448e7d670810349)
2007-10-10r3096: typoStefan Metzmacher1-1/+1
metze (This used to be commit c730d7d638875c239f0b67c1d4b25eb1fb01c5ff)
2007-10-10r3094: import all LDAP error codes from the RFC 2251Stefan Metzmacher1-5/+39
metze (This used to be commit f1d8f4bc5df5b4f284739096684c9dbc76352511)
2007-10-10r3079: make code more pretty :-)Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 9c911b361c4dbb058eb48150c113c2e95b8053da)
2007-10-10r2884: parse LDAP Control messagesStefan Metzmacher1-0/+41
metze (This used to be commit e23dcb18870450be4252a0dba3e427f73291da25)
2007-10-10r2861: encode and decode BindRequest/Response correctStefan Metzmacher1-69/+82
and some minor changes - make ldap_encode/decode_response maore usable metze (This used to be commit cc77baf729a56499e19a50dcb1a404a4777b36d5)
2007-10-10r2853: add torture test to find the defaultNamingContext on the RootDSEStefan Metzmacher1-0/+2
try a sasl sealed CompareRequest abartlet: we need to check how SINGING only can work, it failed for me:-( metze (This used to be commit 1dabd04e265bbc1e8335f816708c2639746d9afd)
2007-10-10r2851: don't destroy the gensec context it's used for sign and sealStefan Metzmacher1-2/+3
check the result of ldap_receive() metze (This used to be commit 778cf6d92bc3c50add43b573652c2aefef65026c)
2007-10-10r2750: decode AbandonRequest correct (untested:-)Stefan Metzmacher1-2/+6
metze (This used to be commit 4233067921d386d4bf02218b479083cdbe2bd3c1)
2007-10-10r2747: use DATA_BLOB for attribute valuesStefan Metzmacher2-5/+17
en/decode CompareRequest/Response correct metze (This used to be commit 72dfea2b07aea83d0965a585f6e388eb88a7c6d1)
2007-10-10r2695: revert "Del" renamingSimo Sorce3-20/+20
(This used to be commit ddd74dae8efe4e04b5a56ee9ecd9d4f87f99d104)
2007-10-10r2690: deleted by mistakeSimo Sorce1-0/+3
(This used to be commit 3d587a7141908362657afc2dfd0c78d73a5fed07)
2007-10-10r2689: Use consistent naming Del -> DeleteSimo Sorce3-23/+21
Add delete functionality to ldb simple lda server backend add some const in ldap.h (This used to be commit 5ed9a6eb184f34eb572dd81202237042518ec7cd)
2007-10-10r2671: we're getting too many errors caused by the talloc_realloc() API notAndrew Tridgell2-15/+19
taking a context (so when you pass a NULL pointer you end up with memory in a top level context). Fixed it by changing the API to take a context. The context is only used if the pointer you are reallocing is NULL. (This used to be commit 8dc23821c9f54b2f13049b5e608a0cafb81aa540)
2007-10-10r2629: convert gensec to the new talloc modelAndrew Tridgell1-1/+1
by making our gensec structures a talloc child of the open connection we can be sure that it will be destroyed when the connection is dropped. (This used to be commit f12ee2f241aab1549bc1d9ca4c35a35a1ca0d09d)