summaryrefslogtreecommitdiff
path: root/source4/libcli/ldap
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r13344: Trust SASL to have subtle distinctions between NULL and zero-lengthAndrew Bartlett1-3/+17
responses... Also trust OpenLDAP to be pedantic about it, breaking connections to AD. In any case, we now get this 'right' (by nasty overloading hacks, but hey), and we can now use system-supplied OpenLDAP libs and SASL/GSSAPI to talk to Samba4. Andrew Bartlett (This used to be commit 0cbe18211a95f811b51865bc0e8729e9a302ad25)
2007-10-10r13342: Make the GSSAPI SASL mech actually work, by (shock horror) reading ↵Andrew Bartlett1-13/+6
the spec. GSSAPI differs from GSS-SPNEGO in an additional 3 packets, negotiating a buffer size and what integrity protection/privacy should be used. I worked off draft-ietf-sasl-gssapi-03, and this works against Win2k3. I'm doing this in the hope that Apple clients as well as SASL-based LDAP tools may get a bit further. I still can't get ldapsearch to work, it fails with the ever-helpful 'Local error'. Andrew Bartlett (This used to be commit 3e462897754b30306c1983af2d137329dd937ad6)
2007-10-10r12984: add parse code and ldbsearch cmdline code forStefan Metzmacher1-3/+23
NOTIFICATION LDAP Controls http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ldap/ldap/ldap_server_notification_oid.asp this doesn't work yet, but it shows that we need to extend ldb to correctly handle async requests... metze (This used to be commit 1fe67189490c9faf499b68a28071a6294a53db0e)
2007-10-10r12977: Some code to implement the client side of the Dirsync controlSimo Sorce1-0/+86
Still investigating how it works. Simo. (This used to be commit bebd403523e581606505e05e7cb621efbc22fa36)
2007-10-10r12925: implement client side of ASQ controlSimo Sorce1-0/+99
(This used to be commit dd386bdc6ca6fe0b25705d5a375d29e6940b437f)
2007-10-10r12917: fix decoding of ldap controlsSimo Sorce1-1/+1
some more work on timeouts (This used to be commit a7e2fe3cb33be2effff7eb764047567f2da3cd55)
2007-10-10r12733: Merge ldap/ldb controls into main treeSimo Sorce9-25/+518
There's still lot of work to do but the patch is stable enough to be pushed into the main samba4 tree. Simo. (This used to be commit 77125feaff252cab44d26593093a9c211c846ce8)
2007-10-10r12694: Move some headers to the directory of the subsystem they belong to.Jelmer Vernooij2-2/+2
(This used to be commit c722f665c90103f3ed57621c460e32ad33e7a8a3)
2007-10-10r12608: Remove some unused #include lines.Jelmer Vernooij5-6/+0
(This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981)
2007-10-10r12592: Remove some useless dependenciesJelmer Vernooij1-1/+2
(This used to be commit ca8db1a0cd77682ac2c6dc4718f5d753a4fcc4db)
2007-10-10r12542: Move some more prototypes out to seperate headersJelmer Vernooij3-0/+4
(This used to be commit 0aca5fd5130d980d07398f3291d294202aefe3c2)
2007-10-10r12498: Eliminate INIT_OBJ_FILES and ADD_OBJ_FILES. We were not usingJelmer Vernooij1-1/+1
the difference between these at all, and in the future the fact that INIT_OBJ_FILES include smb_build.h will be sufficient to have recompiles at the right time. (This used to be commit b24f2583edee38abafa58578d8b5c4b43e517def)
2007-10-10r12116: got rid of composite_trigger_done() and composite_trigger_error(), andAndrew Tridgell1-1/+1
instead make the normal composite_done() and composite_error() functions automatically trigger a delayed callback if the caller has had no opportunity to setup a async callback this removes one of the common mistakes in writing a composite function (This used to be commit f9413ce792ded682e05134b66d433eeec293e6f1)
2007-10-10r12062: SASL negotiation now requires a gensec_security context, so that weAndrew Bartlett1-1/+1
only try permitted mechanims. Andrew Bartlett (This used to be commit 0f50239dc40ee128e4985f8aec5bb5f440a4f3f0)
2007-10-10r11713: separate out the setting of the fde in the packet context from theAndrew Tridgell1-1/+2
enabling of packet serialisation (This used to be commit 6a47cd65a8b588f9ddd375c57caaba08281e7cbb)
2007-10-10r11620: switch the ldap client code over to using the generic packet codeAndrew Tridgell3-173/+129
(This used to be commit 1d29ad2a27d89454e5e3c4a3cf05cc5edde0208c)
2007-10-10r11528: Separate finding dcs from initializing a domain. Makes it easier to ↵Volker Lendecke1-0/+2
possibly support cldap and other stuff in the future. This temporarily disables wbinfo -t, but that will come back soon. Try an ldap bind using gss-spnego. This got me krb5 binds against "our" w2k3 and a trusted w2k, although with some memleaks from krb5 and a BAD_OPTION tgs-rep error. Volker (This used to be commit d14948fdf687c8f70ef9ec35445b7eb04da84253)
2007-10-10r11523: Working towards having Samba3 join Samba4, this allows the SASLAndrew Bartlett1-3/+7
credentials to be NULL, where the client is requesting a CIFS style server-first negTokenInit. Andrew Bartlett (This used to be commit eba652ecc89766304fdad14463072dc311693701)
2007-10-10r11521: Add in client support for checking supportedSASLmechanisms, and thenAndrew Bartlett1-2/+55
determining a mechanism to use. Currently it doesn't to fallbacks like SPNEGO does, but this could be added (to GENSEC, not to here). This also adds a new function to GENSEC, which returns a list of SASL names in our preference order (currently determined by the build system of all things...). Also make the similar function used for OIDs in SPNEGO do the same. This is all a very long-winded way of moving from a hard-coded NTLM to GSS-SPNEGO in our SASL client... Andrew Bartlett (This used to be commit 130eb9bb9a37957614c87e0e6846a812abb51e00)
2007-10-10r11369: Implement socket_connect_multi: Connect to multiple ipv4 tcp ports inVolker Lendecke1-12/+5
sequence, with a 2-millisecond timeout between firing the syn packets. Build smbcli_sock_connect_send upon that. Volker (This used to be commit 5718df44d90d113304c5deed1e2e7f82ff9e928f)
2007-10-10r11274: Start a connection attempt to the DC's port 389. To do this ↵Volker Lendecke1-18/+79
properly, make socket_connect and ldap_connect properly async. Volker (This used to be commit bcc71fc1deeed443d7cf00220ce264011ddf588d)
2007-10-10r11271: Fix a warning and an infinite recursionVolker Lendecke1-2/+3
(This used to be commit 7bc855359a82010fefa9fd1d4c719292bfc83528)
2007-10-10r11244: Relative path names in .mk filesJelmer Vernooij1-6/+6
(This used to be commit 24e10300906c380919d2d631bfb3b8fd6b3f54ba)
2007-10-10r11214: Remove scons files (see ↵Jelmer Vernooij1-0/+0
http://lists.samba.org/archive/samba-technical/2005-October/043443.html) (This used to be commit 7fffc5c9178158249be632ac0ca179c13bd1f98f)
2007-10-10r11114: - fixed error handling on bad bind in ildap clientAndrew Tridgell2-2/+64
- added nicer error display, giving a string version of the error code (This used to be commit 5ec486bb81536b38a5f40cae7555cbcbbfa52263)
2007-10-10r11052: bring samba4 uptodate with the samba4-winsrepl branch,Stefan Metzmacher1-5/+0
before the bad merge metze (This used to be commit 471c0ca4abb17fb5f73c0efed195c67628c1c06e)
2007-10-10r11037:Stefan Metzmacher1-0/+5
(This used to be commit 6913e338405a5aca5c70cf6e022532c596ed0a36)
2007-10-10r10913: This patch isn't as big as it looks ...Andrew Tridgell1-6/+5
most of the changes are fixes to make all the ldb code compile without warnings on gcc4. Unfortunately That required a lot of casts :-( I have also added the start of an 'operational' module, which will replace the timestamp module, plus add support for some other operational attributes In ldb_msg_*() I added some new utility functions to make the operational module sane, and remove the 'ldb' argument from the ldb_msg_add_*() functions. That argument was only needed back in the early days of ldb when we didn't use the hierarchical talloc and thus needed a place to get the allocation function from. Now its just a pain to pass around everywhere. Also added a ldb_debug_set() function that calls ldb_debug() plus sets the result using ldb_set_errstring(). That saves on some awkward coding in a few places. (This used to be commit f6818daecca95760c12f79fd307770cbe3346f57)
2007-10-10r10668: added a ildap_search_bytree() functionAndrew Tridgell1-5/+20
(This used to be commit fd6d895ebdb201ac6afaf5c8ec84d003765cdff6)
2007-10-10r10478: More work on proto headers; we now generate a couple of smaller onesJelmer Vernooij1-5/+0
that are then included by include/proto.h (This used to be commit 703ffbaaaca11f3d8781cfe9e7542fcaa626d991)
2007-10-10r10348: Add scons scripts for remaining subsystems. Most subsystems build now,Jelmer Vernooij1-0/+5
but final linking still fails (as does generating files asn1, et, idl and proto files) (This used to be commit 4f0d7f75b99c7f4388d8acb0838577d86baf68b5)
2007-10-10r10213: fixed a memory leak in the ldap client and server code spotted by KarlAndrew Tridgell2-3/+3
Melcher. ldap_encode() now takes a memory context to use for the data blob (This used to be commit 09948a59336a7f02bf2b4605f2d4d886e65b85f2)
2007-10-10r9505: Work on GENSEC and the code that calls it, for tighter interfaceAndrew Bartlett1-8/+26
requirements, and for better error reporting. In particular, the composite session setup (extended security/SPNEGO) code now returns errors, rather than NT_STATUS_NO_MEMORY. This is seen particularly when GENSEC fails to start. The tighter interface rules apply to NTLMSSP, which must be called exactly the right number of times. This is to match some of our other less-tested modules, where adding flexablity is harder. (and this is security code, so let's just get it right). As such, the DCE/RPC and LDAP clients have been updated. Andrew Bartlett (This used to be commit 134550cf752b9edad66c3368750bfb4bbd9d55d1)
2007-10-10r9240: - move struct security_token to the idl file, with this we canStefan Metzmacher1-5/+5
the ndr_pull/push/print functions for it in the ntacl-lsm module - fix compiler warnings in the ldap_encode_ndr_* code metze (This used to be commit 83d65d0d7ed9c240ad44aa2c881c1f07212bfda4)
2007-10-10r8917: Better support for extended ldap search operationsSimo Sorce1-17/+49
Try to follow the RFC where possible and adapt to openLdap and AD way of handling this structure (This used to be commit d844d45d87b4114bc1b9af2e40f8c27ba3e219de)
2007-10-10r8811: Fix the build..Jelmer Vernooij1-0/+1
(This used to be commit fac77f5fa267da57a55e88cad8993897e80741a0)
2007-10-10r8585: add to ldb and ldap comparison functionalitySimo Sorce1-9/+96
better pares filters Approx is currently only a stub need to dig more info to understand what it really means and how it works exactly (This used to be commit a9e8cd0bad27ed2b3c6a12302e787ba3c9a70a3c)
2007-10-10r8530: Now our ldap server is able to fullfill present and substring searchesSimo Sorce1-36/+184
(This used to be commit a910671bd8c6d2d8d5b6ff30fc07ead244e696f1)
2007-10-10r8523: match a zero message id in ldap replies to the last request sent. ↵Andrew Tridgell1-0/+8
Thanks to simo for noticing that this is needed to catch the server sending a "can't decode request" error reply (This used to be commit 6e81e866dc7a5dc014d2d9f2e09803c6adfd1830)
2007-10-10r8414: Some C++ friendlyness fixes - 'not' is apparently a keyword in C++.Tim Potter1-3/+3
(This used to be commit bcfb3a45e4a5962fe763f8071d4458f4bd11605b)
2007-10-10r7860: switch our ldb storage format to use a NDR encoded objectSid. This isAndrew Tridgell1-1/+1
quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2007-10-10r7855: fixed a typoAndrew Tridgell1-1/+1
(This used to be commit a1155651e722e28496be02b729c950afae5db9a9)
2007-10-10r7810: don't give errors when the ldap server sends us reference repliesAndrew Tridgell1-1/+2
(This used to be commit f2b2d2626f5eb4fbd7d7c5cdcde486d00fc19447)
2007-10-10r7770: added ldaps support to our ldap client libraryAndrew Tridgell3-9/+19
(This used to be commit 8f5c2e8682795258a6361b9516a38a8fabdef150)
2007-10-10r7763: fixed some circular dependenciesAndrew Tridgell1-1/+1
(This used to be commit 3bdf89b0f7521ca39d48dc4c32fe96971d4d60fd)
2007-10-10r7749: some bug fixes from testing with socket:testnonblockAndrew Tridgell1-2/+3
- fixed some infinite loops in asn1.c - ensure asn1 callers know if an error is end of buffer or bad data - handle npending 0 in ldap server (This used to be commit f22c3b84c8912ccd36e676a782b58f1841be8875)
2007-10-10r7747: - simplified the ldap server buffer handlingAndrew Tridgell1-1/+1
- got rid of the special cases for sasl buffers - added a tls_socket_pending() call to determine how much data is waiting on a tls connection - removed the attempt at async handling of ldap calls. The buffers/sockets are all async, but the calls themselves are sync. (This used to be commit 73cb4aad229d08e17e22d5792580bd43a61b142a)
2007-10-10r7725: fixed a bug with partial asn1 frames in the ldap clientAndrew Tridgell1-0/+3
(This used to be commit 0f22306a9c61c1b00aeb0f3bf7e875d9b7b4606d)
2007-10-10r7724: added encoding of LDB_OP_NOT search componentsAndrew Tridgell1-1/+6
(This used to be commit 82b1feeafea57ca1b8d7bf79f777eebcc703769c)
2007-10-10r7723: - fix a mismatched asn1 push/pop on bindAndrew Tridgell1-29/+26
- add error checking to ldap_encode() - fixed the asn1 codes for extended search - use asn1 context macros (This used to be commit 25d500b6e559b9a530ae65a21046cfde0f8c41af)