summaryrefslogtreecommitdiff
path: root/source4
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r17237: - keep pointer to the different socketsStefan Metzmacher4-3/+10
- we need this to later: - to disallow a StartTLS when TLS is already in use - to place the TLS socket between the raw and sasl socket when we had a sasl bind before the StartTLS - and rfc4513 says that the server may allow to remove the TLS from the tcp connection again and reuse raw tcp - and also a 2nd sasl bind should replace the old sasl socket metze (This used to be commit 10cb9c07ac60b03472f2b0b09c4581cc715002ba)
2007-10-10r17230: don't overwrite the error with NT_STATUS_NO_MEMORYStefan Metzmacher1-10/+7
metze (This used to be commit f2196bf9b662d3f38d59eceb8c54f9d2e3f7b505)
2007-10-10r17227: don't call a function which takes some nonoptional argsStefan Metzmacher1-9/+15
with NULL. metze (This used to be commit 3711b968adf8a0951171ad1a90be65a9ae0dc03b)
2007-10-10r17226: add some comments about ldap binds and pending requestsStefan Metzmacher1-0/+14
metze (This used to be commit e8db1fb55833ab7b9e0be391ff822b34682cb38c)
2007-10-10r17225: Fix the build by fixing the spelling of START-TLS.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 4827a6b171d7b007f1641ef422d23449fb5a1606)
2007-10-10r17224: Accept the start-tls extended request. Getting OpenLDAP to recogniseAndrew Bartlett1-1/+58
our certificate, and proceed with the connection is left as an exercise for the reader... Andrew Bartlett (This used to be commit 9bd66d4c95dd971e2b1b6371ba3ffc6c178c0d4c)
2007-10-10r17223: In some protocols it is not possible to negoitate off some features,Andrew Bartlett1-5/+3
without the agreement of the peer. This can cause problems, because one side things sealing is disabled, while the other thinks it is enabled. Andrew Bartlett (This used to be commit 68ddc4921f43252b3fba73e9d85cc38c359d599d)
2007-10-10r17222: Change the function prototypes for the GENSEc and TLS socket creationAndrew Bartlett8-78/+148
routines to return an NTSTATUS. This should help track down errors. Use a bit of talloc_steal and talloc_unlink to get the real socket to be a child of the GENSEC or TLS socket. Always return a new socket, even for the 'pass-though' case. Andrew Bartlett (This used to be commit 003e2ab93c87267ba28cd67bd85975bad62a8ea2)
2007-10-10r17221: Add some integer wrap parinoia to data_blob_append().Andrew Bartlett1-5/+18
Andrew Bartlett (This used to be commit 7c5a25a423da3db982396ac507df985fa934be73)
2007-10-10r17215: Prepare the SASL socket before actually settting it. This allowsAndrew Bartlett1-29/+51
errors to be reported corectly, rather than just dropping the socket. Andrew Bartlett (This used to be commit 83dd22accfd565e86d831490043d6beaa9648c96)
2007-10-10r17210: I wonder how I missed this, build farm caught it.Simo Sorce1-1/+1
(This used to be commit e0af5cf51dbedccfe47cfd6ec5232847f586ece8)
2007-10-10r17209: Add dependency over the new share configuration module into smbdSimo Sorce1-1/+2
Should fix some build farm machine (This used to be commit 15b8fafb991d3ce4b40c144702399d6f705a8e8e)
2007-10-10r17208: Add a away to test the ldb module.Simo Sorce2-0/+257
Actually you can't test both classic and ldb together, but you can replace the standard script/tests/mktestsetup.sh file with this one and run make test to see share_ldb in action (This used to be commit d4c2b893504feb3a232e74d14584405b3aaaf942)
2007-10-10r17207: Add the ldb based shares configuration moduleSimo Sorce2-0/+291
(This used to be commit df1da91d4fe0233763398f46fe663e0b879054c3)
2007-10-10r17206: Add a modular API for share configuration.Simo Sorce30-230/+1005
Commit the classic backwards compatible module which is the default one (This used to be commit a89cc346b9296cb49929898d257a064a6c2bae86)
2007-10-10r17205: Even if this makes me look foolish, at least start to scratch on the ↵Volker Lendecke2-24/+308
surface of spoolss. If snum is to be removed, then we should make at least the attempt to walk parts of the code before and after the changes. This walks GetPrinterInfo level 0-7. Volker (This used to be commit 0c05f571a0eda2412896f340b7c751cf7cbdbd2a)
2007-10-10r17197: This patch moves the encryption of bulk data on SASL negotiated securityAndrew Bartlett18-248/+639
contexts from the application layer into the socket layer. This improves a number of correctness aspects, as we now allow LDAP packets to cross multiple SASL packets. It should also make it much easier to write async LDAP tests from windows clients, as they use SASL by default. It is also vital to allowing OpenLDAP clients to use GSSAPI against Samba4, as it negotiates a rather small SASL buffer size. This patch mirrors the earlier work done to move TLS into the socket layer. Unusual in this pstch is the extra read callback argument I take. As SASL is a layer on top of a socket, it is entirely possible for the SASL layer to drain a socket dry, but for the caller not to have read all the decrypted data. This would leave the system without an event to restart the read (as the socket is dry). As such, I re-invoke the read handler from a timed callback, which should trigger on the next running of the event loop. I believe that the TLS code does require a similar callback. In trying to understand why this is required, imagine a SASL-encrypted LDAP packet in the following formation: +-----------------+---------------------+ | SASL Packet #1 | SASL Packet #2 | ----------------------------------------+ | LDAP Packet #1 | LDAP Packet #2 | ----------------------------------------+ In the old code, this was illegal, but it is perfectly standard SASL-encrypted LDAP. Without the callback, we would read and process the first LDAP packet, and the SASL code would have read the second SASL packet (to decrypt enough data for the LDAP packet), and no data would remain on the socket. Without data on the socket, read events stop. That is why I add timed events, until the SASL buffer is drained. Another approach would be to add a hack to the event system, to have it pretend there remained data to read off the network (but that is ugly). In improving the code, to handle more real-world cases, I've been able to remove almost all the special-cases in the testnonblock code. The only special case is that we must use a deterministic partial packet when calling send, rather than a random length. (1 + n/2). This is needed because of the way the SASL and TLS code works, and the 'resend on failure' requirements. Andrew Bartlett (This used to be commit 5d7c9c12cb2b39673172a357092b80cd814850b0)
2007-10-10r17196: Clarify that SSL is used for LDAP as well as SWAT.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit d79bfbe87d4eb0e3541f5bdd7eed888ccb20a710)
2007-10-10r17195: Start thinking how to implement extended operations.Simo Sorce2-0/+18
Ad supports three extended operations: - start tls - dynamic objects - fast binds none of these are a priority. (This used to be commit 523e8f3ed4bf5fcf9dc0c9e2100e4ac3b8032be7)
2007-10-10r17193: Remove ancient stuff never really usedSimo Sorce2-364/+0
(This used to be commit a6709196ca4d50fdb84a562cd8f49db4275bb1dc)
2007-10-10r17189: Add the new LDAP rfc seriesSimo Sorce24-0/+27176
(This used to be commit d3f8b813b33d1338e62f099017a1d4a32745e7a2)
2007-10-10r17187: Beginnings of a little lsa walker for Samba3, if only to prevent theVolker Lendecke2-0/+78
regression we had in 3.0.23... Volker (This used to be commit 0236f3b41a4f9015f8551ffb67db59fa48212bf5)
2007-10-10r17186: "async" word abuse clean-up part 2Simo Sorce23-286/+272
(This used to be commit c6aa60c7e69abf1f83efc150b1c3ed02751c45fc)
2007-10-10r17185: Oh, I wanted to do this for sooo long time.Simo Sorce24-427/+427
Finally acknowledge that ldb is inherently async and does not have a dual personality anymore Rename all ldb_async_XXX functions to ldb_XXX except for ldb_async_result, it is now ldb_reply to reflect the real function of this structure. Simo. (This used to be commit 25fc7354049d62efeba17681ef1cdd326bc3f2ef)
2007-10-10r17176: remove off_t from talloc. size_t is large enough to holdStefan Metzmacher5-13/+11
the max amount of memory of one process metze (This used to be commit f47b7bb656c8854c16c5a28ba24d18eeb22b6e22)
2007-10-10r17174: Enable gnutls code, which requires the HAVE_GNUTLS CPP macro.Andrew Bartlett1-0/+3
Andrew Bartlett (This used to be commit f3b6e57b2336f36416e25c3a5cd793aa036b5b40)
2007-10-10r17173: Check for oversize output, not oversize input, and fix the GSSAPI mechAndrew Bartlett1-10/+11
to work (it broke it in the previous commit). Andrew Bartlett (This used to be commit e96638bc74f0752ce8af6626a04c92d48b917ffe)
2007-10-10r17171: Add a gensec function to determine the maximum negotiated buffer size,Andrew Bartlett3-34/+134
and the maximum amount of user data that may be fitted into that. This is used in the new SASL code, to correctly honour SASL buffer sizes. Andrew Bartlett (This used to be commit cbbe99d9c1f0262e67a495fb098cacc09fd78e05)
2007-10-10r17170: Catch some more out-of-memory cases, and provide some clues whenAndrew Bartlett1-7/+18
chasing down bad signatures that may be due to data truncation. Andrew Bartlett (This used to be commit d304760d3d909e55cbf2c744cdb2b4137f74b81b)
2007-10-10r17169: Test LDAP with testnonblock.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 9d866a030ea75b9589c3332725d23ba5f0e9669d)
2007-10-10r17168: Now that TLS (and soon SASL) is below the socket layer, we need toAndrew Bartlett4-14/+29
make the testnonblock skip some things. The socket *under* the tls socket is still tested. Andrew Bartlett (This used to be commit 9c33c6a20a77e3f15eac3d62488117517afad940)
2007-10-10r17167: indentAndrew Bartlett1-1/+1
(This used to be commit 4dcdc5a3ad6847be6c6199854121ae4ccadaa673)
2007-10-10r17157: bail out if sizeof(size_t) < sizeof(void *)Stefan Metzmacher1-0/+4
metze (This used to be commit f94198c2a8afd79b4c156773d14de691fd8bf0d5)
2007-10-10r17156: check for the size of a pointerStefan Metzmacher1-0/+1
metze (This used to be commit 58e124ade31efbd72297ecc41d8ddfc48546ac53)
2007-10-10r17141: Prove that create dispositions with truncate andJeremy Allison1-0/+71
overwrite break oplocks. Jeremy. (This used to be commit 94886f8c4029a9661a0bce2f7d9c41a3a5eaa366)
2007-10-10r17139: Checking in Volker's extended oplock test.Jeremy Allison2-87/+121
Jeremy (This used to be commit 720c425af167373aaedf739d1d7794ada3fcddf6)
2007-10-10r17114: print some sizes for debuggingStefan Metzmacher1-0/+3
metze (This used to be commit fa04ef88e5875c58fdfc7cbd2b24587bb740970d)
2007-10-10r17113: build tdb and ldb standalone with the same sizes of 'off_t' as from ↵Stefan Metzmacher2-0/+2
samba metze (This used to be commit 5c1e6c08c7cce233ca5798a325bdd17c2640286f)
2007-10-10r17112: - fix the build of the ldap ldb backend with newer openldap header ↵Stefan Metzmacher1-1/+2
files. - use the correct timeout variable (simo you should do a standalone build before commiting:-) metze (This used to be commit ac9d69d2574e8331b3ce9c3b97922ead9165fa79)
2007-10-10r17109: - use AC_SYS_LARGEFILE so that type sizes are the same when tallocStefan Metzmacher2-0/+4
is build standalone and inside samba - add configure checks for the some type sizes for debugging metze (This used to be commit 2977e7097ae9d6b96bb6f01c5c20bc2f3a518050)
2007-10-10r17104: Rename function parameters and variables to avoid shadowing globalAndrew Bartlett1-10/+10
declarations. Andrew Bartlett (This used to be commit 15dd43b77328c4d56438bdb34b3e8139c5a83878)
2007-10-10r17103: Big updates to the not-yet-enabled partitions module. It now servicesAndrew Bartlett1-4/+189
the Global Catalog port 'correctly' (in a very simple sense) in that it should be no worse than what we had before. We now combine partitions together to search over the whole tree, when we are marked as 'global catalog'. Andrew Bartlett (This used to be commit 0a354a1ddeccd9a6b1610bc6813a86fcdfc4d310)
2007-10-10r17099: Samba3 now passes RAW-LOCK completely, no need forJeremy Allison1-10/+0
parameters to protect it. Jeremy. (This used to be commit 382c37e3d70c4d259c400dba3d7e4c3846f66c34)
2007-10-10r17088: add ntvfs mapping function for notifyStefan Metzmacher2-1/+65
metze (This used to be commit 7daf432d58ecebd10a28acd3ddbded9cb16536d0)
2007-10-10r17087: - make pvfs_notify_next_send staticStefan Metzmacher1-4/+2
- fix double free: a talloc_reference(a,b) when a is a child of b doesn't prevent talloc_free(b) from destroiying a and b. metze (This used to be commit 41acbc6645cc22d7f5f061dc5eda9b938ca018ba)
2007-10-10r17085: reuse the existing sec_desc_buf structStefan Metzmacher2-8/+4
metze (This used to be commit 22463cbcdd159657d04657071451738e768d0b2a)
2007-10-10r17084: implement SMB2 Cancel in the server,Stefan Metzmacher4-11/+125
that makes it possible for clients to cancel async requests, like NOTIFY... metze (This used to be commit eaccd3c4353833daf584aaea4d7e8f11004a8072)
2007-10-10r17083: - implement SMB2 Cancel in the clientStefan Metzmacher5-5/+105
- the 0xffffffffffffffff seqnum is reserved for SMB2 Break (oplock breaks) so don't use it in a request. we should someday try to test this... metze (This used to be commit 730cdc4475822e28cb400116641294a7f98ad0b5)
2007-10-10r17082: Add a test that walks and tests denying tconX access via the share ↵Volker Lendecke5-20/+312
security descriptor. This is something that W2k3 does _not_ pass and probably is not expected to, it seems the don't check access at tconX time. Thanks to metze for the hint how in the srvsvc_NetShareInfo1501 struct the length of the sd can be encoded in idl. As metze says, there's probably more to the share secdesc, this needs more testing. This one is here to walk the samba3 code. Volker (This used to be commit 67185508229a8d7f144c22cb194f573c932d6de5)
2007-10-10r17081: add idle handler support to the smb2 client lib tooStefan Metzmacher2-0/+45
metze (This used to be commit 1f48e7dca6a06078f3655a7f7a8f109bd6c0cb8e)