summaryrefslogtreecommitdiff
path: root/source4/libcli/ldap
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r6028: A MAJOR update to intergrate the new credentails system fully withAndrew Bartlett2-22/+9
GENSEC, and to pull SCHANNEL into GENSEC, by making it less 'special'. GENSEC now no longer has it's own handling of 'set username' etc, instead it uses cli_credentials calls. In order to link the credentails code right though Samba, a lot of interfaces have changed to remove 'username, domain, password' arguments, and these have been replaced with a single 'struct cli_credentials'. In the session setup code, a new parameter 'workgroup' contains the client/server current workgroup, which seems unrelated to the authentication exchange (it was being filled in from the auth info). This allows in particular kerberos to only call back for passwords when it actually needs to perform the kinit. The kerberos code has been modified not to use the SPNEGO provided 'principal name' (in the mechListMIC), but to instead use the name the host was connected to as. This better matches Microsoft behaviour, is more secure and allows better use of standard kerberos functions. To achieve this, I made changes to our socket code so that the hostname (before name resolution) is now recorded on the socket. In schannel, most of the code from librpc/rpc/dcerpc_schannel.c is now in libcli/auth/schannel.c, and it looks much more like a standard GENSEC module. The actual sign/seal code moved to libcli/auth/schannel_sign.c in a previous commit. The schannel credentails structure is now merged with the rest of the credentails, as many of the values (username, workstation, domain) where already present there. This makes handling this in a generic manner much easier, as there is no longer a custom entry-point. The auth_domain module continues to be developed, but is now just as functional as auth_winbind. The changes here are consequential to the schannel changes. The only removed function at this point is the RPC-LOGIN test (simulating the load of a WinXP login), which needs much more work to clean it up (it contains copies of too much code from all over the torture suite, and I havn't been able to penetrate its 'structure'). Andrew Bartlett (This used to be commit 2301a4b38a21aa60917973451687063d83d18d66)
2007-10-10r5322: removed a whole bunch of #include lines that minimal_includes.plAndrew Tridgell1-1/+0
thinks are not needed. Now to see how this fares on the build farm :) (This used to be commit 80ffcc650c9c86141507edd8338b97814a85f868)
2007-10-10r5308: trimmed back a lot of the old macros from smb_macros.hAndrew Tridgell1-2/+2
(This used to be commit bf43c9bdcf9e654d123f6a2b29feb9189ca9e561)
2007-10-10r5305: removed libcli/ldap/ldap.h from includes.hAndrew Tridgell5-0/+63
(This used to be commit 0df3fdd8178085c40f9cd776cc3e1486ca559c8e)
2007-10-10r5298: - got rid of pstring.h from includes.h. This at least makes it a bitAndrew Tridgell2-2/+4
less likely that anyone will use pstring for new code - got rid of winbind_client.h from includes.h. This one triggered a huge change, as winbind_client.h was including system/filesys.h and defining the old uint32 and uint16 types, as well as its own pstring and fstring. (This used to be commit 9db6c79e902ec538108d6b7d3324039aabe1704f)
2007-10-10r5137: fix typesStefan Metzmacher1-1/+1
metze (This used to be commit add1c579375d08040f722946da31ee3862f9e7ac)
2007-10-10r5107: moved the horrible ldap socket code, and the even worseAndrew Tridgell1-0/+240
asn1-tied-to-blocking-sockets code into the ldap client and torture suite, and out of the generic libs, so nobody else is tempted to use it for any new code. (This used to be commit 39d1ced21baeca40d1fca62ba65243ca8f15757e)
2007-10-10r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for theAndrew Tridgell3-14/+14
large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2007-10-10r5034: - added a type mapping function in pidl, so the type names in our IDLAndrew Tridgell1-6/+6
files don't need to match the type names in the generated headers - with this type mapping we no longer need definitions for the deprecated "int32", "uint8" etc form of types. We can now force everyone to use the standard types int32_t, uint8_t etc. - fixed all the code that used the deprecated types - converted the IDL types "int64" and "uint64" to "dlong" and "udlong". These are the 4 byte aligned 64 bit integers that Microsoft internally define as two 32 bit integers in a structure. After discussions with Ronnie Sahlberg we decided that calling these "int64" was confusing, as it implied a true 8 byte aligned type - fixed all the cases where we incorrectly used things like "NTTIME_hyper" in our C code. The generated API now uses a NTTIME for those. The fact that it is hyper-aligned on the wire is not relevant to the API, and should remain just a IDL property (This used to be commit f86521677d7ff16bdc4815f9524e5286026f10f3)
2007-10-10r4591: - converted the other _p talloc functions to not need _pAndrew Tridgell1-1/+1
- added #if TALLOC_DEPRECATED around the _p functions - fixes the code that broke from the above while doing this I fixed quite a number of places that were incorrectly using the non type-safe talloc functions to use the type safe ones. Some were even doing multiplies for array allocation, which is potentially unsafe. (This used to be commit 6e7754abd0c225527fb38363996a6e241b87b37e)
2007-10-10r4549: got rid of a lot more uses of plain talloc(), instead usingAndrew Tridgell2-5/+5
talloc_size() or talloc_array_p() where appropriate. also fixed a memory leak in pvfs_copy_file() (failed to free a memory context) (This used to be commit 89b74b53546e1570b11b3702f40bee58aed8c503)
2007-10-10r4460: Add a new GENSEC module: gensec_gssapiAndrew Bartlett1-3/+7
(disabled by default, set parametric option: gensec:gssapi=yes to enable). This module backs directly onto GSSAPI, and allows us to sign and seal GSSAPI/Krb5 connections in particular. This avoids me reinventing the entire GSSAPI wheel. Currently a lot of things are left as default - we will soon start specifiying OIDs as well as passwords (it uses the keytab only at the moment). Tested with our LDAP-* torture tests against Win2k3. My hope is to use this module to access the new SPNEGO implementation in Heimdal, to avoid having to standards-verify our own. Andrew Bartlett (This used to be commit 14b650c85db14a9bf97e24682b2643b63c51ff35)
2007-10-10r4386: Grr, fix copy-and-paste bug.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 13aa88ed65a8914000cccbecf80929db3df65037)
2007-10-10r4385: Set the correct target service.Andrew Bartlett1-0/+7
Andrew Bartlett (This used to be commit 722f59c7c8d09f548d9325c6051d6687d7aa16c2)
2007-10-10r4079: implement the gensec_have_feature() correctly by askingStefan Metzmacher1-1/+1
the backend what is actually in use metze (This used to be commit 6f3eb7bc03609108b9e0ea5676fca3d04140e737)
2007-10-10r4055: fixed more places to use type safe allocation macrosAndrew Tridgell1-5/+4
(This used to be commit eec698254f67365f27b4b7569fa982e22472aca1)
2007-10-10r4052: fixed a bunch of code to use the type safe _p allocation macrosAndrew Tridgell1-2/+2
(This used to be commit 80d15fa3402a9d1183467463f6b21c0b674bc442)
2007-10-10r3733: More build system fixes/features:Jelmer Vernooij1-1/+0
- Use .mk files directly (no need for a SMB_*_MK() macro when adding a new SUBSYSTEM, MODULE or BINARY). This allows addition of new modules and subsystems without running configure - Add support for generating .dot files with the Samba4 dependency tree (as used by the graphviz and springgraph utilities) (This used to be commit 64826da834e26ee0488674e27a0eae36491ee179)
2007-10-10r3585: check sscanf return codeStefan Metzmacher1-1/+5
metze (This used to be commit 9701abfa3a5f6351c8c7bced6adb751be9f5ff31)
2007-10-10r3584: fix referral handlingStefan Metzmacher2-5/+13
metze (This used to be commit 4868f1ea857e94f60dbde83bfb54def8a5ee728f)
2007-10-10r3583: - seperate the ldap client code and the ldap parsing codeStefan Metzmacher4-657/+699
(vl: we should only sync the parsing code with trunk) - use hierachical talloc in the ldap client code metze (This used to be commit 1e9c0b68ca9ddb28877d45fc1b47653b13a7446d)
2007-10-10r3475: don't pass a ptr to an enum as a ptr to an int (bug found by tcc)Andrew Tridgell1-1/+3
(This used to be commit a7e5bde6befa8da8fc7447b295d9177126f74964)
2007-10-10r3463: separated out some more headers (asn_1.h, messages.h, dlinklist.h and ↵Andrew Tridgell1-9/+11
ioctl.h) (This used to be commit b97e395c814762024336c1cf4d7c25be8da5813a)
2007-10-10r3453: - split out the auth and popt includesAndrew Tridgell1-0/+1
- tidied up some of the system includes - moved a few more structures back from misc.idl to netlogon.idl and samr.idl now that pidl knows about inter-IDL dependencies (This used to be commit 7b7477ac42d96faac1b0ff361525d2c63cedfc64)
2007-10-10r3449: more include file reductionAndrew Tridgell2-0/+2
the ldb part isn't ideal, I will have to think of a better solution (This used to be commit 6b1f86aea8427a8e957b1aeb0ec2f507297f07cb)
2007-10-10r3443: the next stage in the include files re-organisation.Andrew Tridgell1-1/+2
I have created the include/system/ directory, which will contain the wrappers for the system includes for logical subsystems. So far I have created include/system/kerberos.h and include/system/network.h, which contain all the system includes for kerberos code and networking code. These are the included in subsystems that need kerberos or networking respectively. Note that this method avoids the mess of #ifdef HAVE_XXX_H in every C file, instead each C module includes the include/system/XXX.h file for the logical system support it needs, and the details are kept isolated in include/system/ This patch also creates a "struct ipv4_addr" which replaces "struct in_addr" in our code. That avoids every C file needing to import all the system networking headers. (This used to be commit 2e25c71853f8996f73755277e448e7d670810349)
2007-10-10r3096: typoStefan Metzmacher1-1/+1
metze (This used to be commit c730d7d638875c239f0b67c1d4b25eb1fb01c5ff)
2007-10-10r3094: import all LDAP error codes from the RFC 2251Stefan Metzmacher1-5/+39
metze (This used to be commit f1d8f4bc5df5b4f284739096684c9dbc76352511)
2007-10-10r3079: make code more pretty :-)Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 9c911b361c4dbb058eb48150c113c2e95b8053da)
2007-10-10r2884: parse LDAP Control messagesStefan Metzmacher1-0/+41
metze (This used to be commit e23dcb18870450be4252a0dba3e427f73291da25)
2007-10-10r2861: encode and decode BindRequest/Response correctStefan Metzmacher1-69/+82
and some minor changes - make ldap_encode/decode_response maore usable metze (This used to be commit cc77baf729a56499e19a50dcb1a404a4777b36d5)
2007-10-10r2853: add torture test to find the defaultNamingContext on the RootDSEStefan Metzmacher1-0/+2
try a sasl sealed CompareRequest abartlet: we need to check how SINGING only can work, it failed for me:-( metze (This used to be commit 1dabd04e265bbc1e8335f816708c2639746d9afd)
2007-10-10r2851: don't destroy the gensec context it's used for sign and sealStefan Metzmacher1-2/+3
check the result of ldap_receive() metze (This used to be commit 778cf6d92bc3c50add43b573652c2aefef65026c)
2007-10-10r2750: decode AbandonRequest correct (untested:-)Stefan Metzmacher1-2/+6
metze (This used to be commit 4233067921d386d4bf02218b479083cdbe2bd3c1)
2007-10-10r2747: use DATA_BLOB for attribute valuesStefan Metzmacher2-5/+17
en/decode CompareRequest/Response correct metze (This used to be commit 72dfea2b07aea83d0965a585f6e388eb88a7c6d1)
2007-10-10r2695: revert "Del" renamingSimo Sorce3-20/+20
(This used to be commit ddd74dae8efe4e04b5a56ee9ecd9d4f87f99d104)
2007-10-10r2690: deleted by mistakeSimo Sorce1-0/+3
(This used to be commit 3d587a7141908362657afc2dfd0c78d73a5fed07)
2007-10-10r2689: Use consistent naming Del -> DeleteSimo Sorce3-23/+21
Add delete functionality to ldb simple lda server backend add some const in ldap.h (This used to be commit 5ed9a6eb184f34eb572dd81202237042518ec7cd)
2007-10-10r2671: we're getting too many errors caused by the talloc_realloc() API notAndrew Tridgell2-15/+19
taking a context (so when you pass a NULL pointer you end up with memory in a top level context). Fixed it by changing the API to take a context. The context is only used if the pointer you are reallocing is NULL. (This used to be commit 8dc23821c9f54b2f13049b5e608a0cafb81aa540)
2007-10-10r2629: convert gensec to the new talloc modelAndrew Tridgell1-1/+1
by making our gensec structures a talloc child of the open connection we can be sure that it will be destroyed when the connection is dropped. (This used to be commit f12ee2f241aab1549bc1d9ca4c35a35a1ca0d09d)
2007-10-10r2508: - implemented ldap_decode() for UnbindRequest and ExtendedRequestStefan Metzmacher1-3/+27
- fail when we got a wrong tag in ldap_decode() metze (This used to be commit e942f414c5f9130c7ac9996612caaefd29f5eeca)
2007-10-10r2432: more string function updates.Andrew Tridgell1-1/+1
btw, the reason I want to use strncasecmp() instead of StrnCaseCmp() is that the Samba internal functions are built to deal with multi-byte, whereas in the cases I am converting we know we are dealing with solely ascii string constants, so going via the slow conversion libraries is pointless. (This used to be commit cef08d5789277bdaa25d5bf0e7cfca8615230f1b)
2007-10-10r2347: merge LDAP ASN.1 fixes from trunkStefan Metzmacher1-1/+1
metze (This used to be commit 492a00d909d6f3ff8305f102551f60d91d988ccd)
2007-10-10r2173: Fix asn1 BOOLEANs. Thanks to Love Hornquist-Astrand.Volker Lendecke1-4/+4
Volker (This used to be commit 53f58c053b643c8b45d2f9394faf8cfdd5005f6d)
2007-10-10r1983: a completely new implementation of tallocAndrew Tridgell2-7/+6
This version does the following: 1) talloc_free(), talloc_realloc() and talloc_steal() lose their (redundent) first arguments 2) you can use _any_ talloc pointer as a talloc context to allocate more memory. This allows you to create complex data structures where the top level structure is the logical parent of the next level down, and those are the parents of the level below that. Then destroy either the lot with a single talloc_free() or destroy any sub-part with a talloc_free() of that part 3) you can name any pointer. Use talloc_named() which is just like talloc() but takes the printf style name argument as well as the parent context and the size. The whole thing ends up being a very simple piece of code, although some of the pointer walking gets hairy. So far, I'm just using the new talloc() like the old one. The next step is to actually take advantage of the new interface properly. Expect some new commits soon that simplify some common coding styles in samba4 by using the new talloc(). (This used to be commit e35bb094c52e550b3105dd1638d8d90de71d854f)
2007-10-10r1944: put ldif functions in a separate fileSimo Sorce4-412/+440
(This used to be commit 8be31e5c854e4462163b97b897ff41de95f181c4)
2007-10-10r1881: empty structs are not allowed by all compilersStefan Metzmacher1-0/+1
metze (This used to be commit 4c6c4d6bc8927b93f29beecf44aef5c228533a43)
2007-10-10r1862: add invalid_creds ldap errorStefan Metzmacher1-0/+1
metze (This used to be commit 11c866d602fb4daefc1dced349606bd8ccd38ef2)
2007-10-10r1856: - move asn1 functions to asn1.cStefan Metzmacher1-43/+47
- merge some stuff from trunk metze (This used to be commit 267edf1c0bb1ed73f1ba19148e6412b9a1c41979)
2007-10-10r1805: ...I just forgot to say that the sasl bind actually works now:-)Stefan Metzmacher1-0/+2
metze (This used to be commit a2cd725681fa7b10a5cca337554be17f628465c0)