Age | Commit message (Collapse) | Author | Files | Lines |
|
credentials to be NULL, where the client is requesting a CIFS style
server-first negTokenInit.
Andrew Bartlett
(This used to be commit eba652ecc89766304fdad14463072dc311693701)
|
|
determining a mechanism to use.
Currently it doesn't to fallbacks like SPNEGO does, but this could be
added (to GENSEC, not to here).
This also adds a new function to GENSEC, which returns a list of SASL
names in our preference order (currently determined by the build
system of all things...).
Also make the similar function used for OIDs in SPNEGO do the same.
This is all a very long-winded way of moving from a hard-coded NTLM to
GSS-SPNEGO in our SASL client...
Andrew Bartlett
(This used to be commit 130eb9bb9a37957614c87e0e6846a812abb51e00)
|
|
sequence, with a 2-millisecond timeout between firing the syn packets. Build
smbcli_sock_connect_send upon that.
Volker
(This used to be commit 5718df44d90d113304c5deed1e2e7f82ff9e928f)
|
|
properly, make
socket_connect and ldap_connect properly async.
Volker
(This used to be commit bcc71fc1deeed443d7cf00220ce264011ddf588d)
|
|
(This used to be commit 7bc855359a82010fefa9fd1d4c719292bfc83528)
|
|
(This used to be commit 24e10300906c380919d2d631bfb3b8fd6b3f54ba)
|
|
http://lists.samba.org/archive/samba-technical/2005-October/043443.html)
(This used to be commit 7fffc5c9178158249be632ac0ca179c13bd1f98f)
|
|
- added nicer error display, giving a string version of the error code
(This used to be commit 5ec486bb81536b38a5f40cae7555cbcbbfa52263)
|
|
before the bad merge
metze
(This used to be commit 471c0ca4abb17fb5f73c0efed195c67628c1c06e)
|
|
(This used to be commit 6913e338405a5aca5c70cf6e022532c596ed0a36)
|
|
most of the changes are fixes to make all the ldb code compile without
warnings on gcc4. Unfortunately That required a lot of casts :-(
I have also added the start of an 'operational' module, which will
replace the timestamp module, plus add support for some other
operational attributes
In ldb_msg_*() I added some new utility functions to make the
operational module sane, and remove the 'ldb' argument from the
ldb_msg_add_*() functions. That argument was only needed back in the
early days of ldb when we didn't use the hierarchical talloc and thus
needed a place to get the allocation function from. Now its just a
pain to pass around everywhere.
Also added a ldb_debug_set() function that calls ldb_debug() plus sets
the result using ldb_set_errstring(). That saves on some awkward
coding in a few places.
(This used to be commit f6818daecca95760c12f79fd307770cbe3346f57)
|
|
(This used to be commit fd6d895ebdb201ac6afaf5c8ec84d003765cdff6)
|
|
that are then included by include/proto.h
(This used to be commit 703ffbaaaca11f3d8781cfe9e7542fcaa626d991)
|
|
but final linking still fails (as does generating files asn1, et, idl and proto
files)
(This used to be commit 4f0d7f75b99c7f4388d8acb0838577d86baf68b5)
|
|
Melcher. ldap_encode() now takes a memory context to use for the data
blob
(This used to be commit 09948a59336a7f02bf2b4605f2d4d886e65b85f2)
|
|
requirements, and for better error reporting.
In particular, the composite session setup (extended security/SPNEGO)
code now returns errors, rather than NT_STATUS_NO_MEMORY. This is
seen particularly when GENSEC fails to start.
The tighter interface rules apply to NTLMSSP, which must be called
exactly the right number of times. This is to match some of our other
less-tested modules, where adding flexablity is harder. (and this is
security code, so let's just get it right). As such, the DCE/RPC and
LDAP clients have been updated.
Andrew Bartlett
(This used to be commit 134550cf752b9edad66c3368750bfb4bbd9d55d1)
|
|
the ndr_pull/push/print functions for it in the ntacl-lsm module
- fix compiler warnings in the ldap_encode_ndr_* code
metze
(This used to be commit 83d65d0d7ed9c240ad44aa2c881c1f07212bfda4)
|
|
Try to follow the RFC where possible and adapt to
openLdap and AD way of handling this structure
(This used to be commit d844d45d87b4114bc1b9af2e40f8c27ba3e219de)
|
|
(This used to be commit fac77f5fa267da57a55e88cad8993897e80741a0)
|
|
better pares filters
Approx is currently only a stub need to dig more info to
understand what it really means and how it works exactly
(This used to be commit a9e8cd0bad27ed2b3c6a12302e787ba3c9a70a3c)
|
|
(This used to be commit a910671bd8c6d2d8d5b6ff30fc07ead244e696f1)
|
|
Thanks to simo
for noticing that this is needed to catch the server sending a "can't decode request"
error reply
(This used to be commit 6e81e866dc7a5dc014d2d9f2e09803c6adfd1830)
|
|
(This used to be commit bcfb3a45e4a5962fe763f8071d4458f4bd11605b)
|
|
quite a large change as we had lots of code that assumed that
objectSid was a string in S- format.
metze and simo tried to convince me to use NDR format months ago, but
I didn't listen, so its fair that I have the pain of fixing all the
code now :-)
This builds on the ldb_register_samba_handlers() and ldif handlers
code I did earlier this week. There are still three parts of this
conversion I have not finished:
- the ltdb index records need to use the string form of the objectSid
(to keep the DNs sane). Until that it done I have disabled indexing on
objectSid, which is a big performance hit, but allows us to pass
all our tests while I rejig the indexing system to use a externally
supplied conversion function
- I haven't yet put in place the code that allows client to use the
"S-xxx-yyy" form for objectSid in ldap search expressions. w2k3
supports this, presumably by looking for the "S-" prefix to
determine what type of objectSid form is being used by the client. I
have been working on ways to handle this, but am not happy with
them yet so they aren't part of this patch
- I need to change pidl to generate push functions that take a
"const void *" instead of a "void*" for the data pointer. That will
fix the couple of new warnings this code generates.
Luckily it many places the conversion to NDR formatted records
actually simplified the code, as it means we no longer need as many
calls to dom_sid_parse_talloc(). In some places it got more complex,
but not many.
(This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
|
|
(This used to be commit a1155651e722e28496be02b729c950afae5db9a9)
|
|
(This used to be commit f2b2d2626f5eb4fbd7d7c5cdcde486d00fc19447)
|
|
(This used to be commit 8f5c2e8682795258a6361b9516a38a8fabdef150)
|
|
(This used to be commit 3bdf89b0f7521ca39d48dc4c32fe96971d4d60fd)
|
|
- fixed some infinite loops in asn1.c
- ensure asn1 callers know if an error is end of buffer or bad data
- handle npending 0 in ldap server
(This used to be commit f22c3b84c8912ccd36e676a782b58f1841be8875)
|
|
- got rid of the special cases for sasl buffers
- added a tls_socket_pending() call to determine how much data is waiting on a tls connection
- removed the attempt at async handling of ldap calls. The buffers/sockets are all async, but the calls themselves
are sync.
(This used to be commit 73cb4aad229d08e17e22d5792580bd43a61b142a)
|
|
(This used to be commit 0f22306a9c61c1b00aeb0f3bf7e875d9b7b4606d)
|
|
(This used to be commit 82b1feeafea57ca1b8d7bf79f777eebcc703769c)
|
|
- add error checking to ldap_encode()
- fixed the asn1 codes for extended search
- use asn1 context macros
(This used to be commit 25d500b6e559b9a530ae65a21046cfde0f8c41af)
|
|
(This used to be commit 060323530454edf21b217550b373513e5860146c)
|
|
the fact that the ldap data structures now use ldb_message_element.
- fixed null termination of elements in ildap
(This used to be commit 09060994c1ed12073ae6e1131d7074db8fdc523c)
|
|
(This used to be commit fc8feee56034fe165359c804d111f80e5b3ebb65)
|
|
(This used to be commit de5f265b6c586335965a6de844c203206261cc3b)
|
|
(This used to be commit dc419fc89973c2d7fa333df389b75cb218e8a848)
|
|
(This used to be commit abc9f4bd89d0eda655f7de01db49cbbb64682bf4)
|
|
interface is very similar to the traditional ldap interface, and will
be used as part of a ldb backend based on the current ldb_ldap backend
- fixed some allocation issues in ldb_msg.c
(This used to be commit b34a29dcf26f68a2f47380a6c74a4095fdfd2fbe)
|
|
event_context for the socket_connect() call, so that when things that
use dcerpc are running alongside anything else it doesn't block the
whole process during a connect.
Then of course I needed to change any code that created a dcerpc
connection (such as the auth code) to also take an event context, and
anything that called that and so on .... thus the size of the patch.
There were 3 places where I punted:
- abartlet wanted me to add a gensec_set_event_context() call
instead of adding it to the gensec init calls. Andrew, my
apologies for not doing this. I didn't do it as adding a new
parameter allowed me to catch all the callers with the
compiler. Now that its done, we could go back and use
gensec_set_event_context()
- the ejs code calls auth initialisation, which means it should pass
in the event context from the web server. I punted on that. Needs fixing.
- I used a NULL event context in dcom_get_pipe(). This is equivalent
to what we did already, but should be fixed to use a callers event
context. Jelmer, can you think of a clean way to do that?
I also cleaned up a couple of things:
- libnet_context_destroy() makes no sense. I removed it.
- removed some unused vars in various places
(This used to be commit 3a3025485bdb8f600ab528c0b4b4eef0c65e3fc9)
|
|
- hooked into events system, so requests can be truly async and won't
interfere with other processing happening at the same time
- uses NTSTATUS codes for errors (previously errors were mostly
ignored). In a similar fashion to the DOS error handling, I have
reserved a range of the NTSTATUS code 32 bit space for LDAP error
codes, so a function can return a LDAP error code in a NTSTATUS
- much cleaner packet handling
(This used to be commit 2e3c660b2fc20e046d82bf1cc296422b6e7dfad0)
|
|
so best to just remove it. If we need it again, then it will be easy
to just use a wrapper around the ldb code.
(This used to be commit b316e1c2d3e4dc09c321ec72b40d78ffb855e101)
|
|
structure in a couple of places
(This used to be commit bcd4671acae2be51958cbae23a0ab2dd2b194a5e)
|
|
ldif parsing code in libcli/ldap/ldap_ldif.c, and instead use the ldb
ldif code. To do that I have changed the ldap code to use 'struct
ldb_message_element' instead of 'struct ldap_attribute'. They are
essentially the same structure anyway, so by making them really the
same it will be much easier to use the ldb code in libcli/ldap/
I have also made 'struct ldb_val' the same as a DATA_BLOB, which will
simplify data handling in quite a few places (I haven't yet removed
all the code that maps between these two, that will come later)
(This used to be commit 87fc3073392236221a3a6b933284e9e477c24ae5)
|
|
element in a structure is not necessary any more.
(This used to be commit 912d0427f52eac811b27bf7e385b0642f7dc7f53)
|
|
allows us to parse and handle the complex queries we are getting from
w2k, such as
(|(|(&(!(groupType:1.2.840.113556.1.4.803=1))(groupType:1.2.840.113556.1.4.803=2147483648)(groupType:1.2.840.113556.1.4.804=6))(samAccountType=805306368))(samAccountType=805306369))
(This used to be commit 041bce591306a0fb26bd31fe371e30021ea5c0c1)
|
|
instead of a search expression. This allows our ldap server to pass
its ASN.1 parsed search expressions straight to ldb, instead of going
via strings.
- updated all the ldb modules code to handle the new interface
- got rid of the separate ldb_parse.h now that the ldb_parse
structures are exposed externally
- moved to C99 structure initialisation in ldb
- switched ldap server to using ldb_search_bytree()
(This used to be commit 96620ab2ee5d440bbbc51c1bc0cad9977770f897)
|
|
ldb_parse_tree. This also fixes the error handling.
next step will be to pass the parse tree straight into ldb, avoiding
the string encoding completely.
(This used to be commit 235cf625e20767c8d5d30c5955ae45e1fdf88bf2)
|
|
the original one in lib/ldb/ instead. Having two copies of this code
is silly.
(This used to be commit 0e9f18c44858b692c724c004f362de9e3dc15db5)
|