From 7a4478845f903fd7380d0d28c7187e7151fe3c3b Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 8 Oct 2004 12:26:14 +0000
Subject: r2863: move the logical ldapsrv functions to a seperate file

metze
(This used to be commit 5173c4d4fe78b2ca539e0b650745b63475d48e1d)
---
 source4/ldap_server/ldap_backend.c | 279 +++++++++++++++++++++++++++++++++++++
 1 file changed, 279 insertions(+)
 create mode 100644 source4/ldap_server/ldap_backend.c

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
new file mode 100644
index 0000000000..7f733390c1
--- /dev/null
+++ b/source4/ldap_server/ldap_backend.c
@@ -0,0 +1,279 @@
+/* 
+   Unix SMB/CIFS implementation.
+   LDAP server
+   Copyright (C) Stefan Metzmacher 2004
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+
+struct ldapsrv_reply *ldapsrv_init_reply(struct ldapsrv_call *call, enum ldap_request_tag type)
+{
+	struct ldapsrv_reply *reply;
+
+	reply = talloc_p(call, struct ldapsrv_reply);
+	if (!reply) {
+		return NULL;
+	}
+
+	reply->prev = reply->next = NULL;
+	reply->state = LDAPSRV_REPLY_STATE_NEW;
+	reply->msg.messageid = call->request.messageid;
+	reply->msg.type = type;
+	reply->msg.mem_ctx = reply;
+
+	return reply;
+}
+
+NTSTATUS ldapsrv_queue_reply(struct ldapsrv_call *call, struct ldapsrv_reply *reply)
+{
+	DLIST_ADD_END(call->replies, reply, struct ldapsrv_reply *);
+	return NT_STATUS_OK;
+}
+
+struct ldapsrv_partition *ldapsrv_get_partition(struct ldapsrv_connection *conn, const char *dn)
+{
+	if (strcasecmp("", dn) == 0) {
+		return conn->service->rootDSE;
+	}
+
+	return conn->service->default_partition;
+}
+
+NTSTATUS ldapsrv_unwilling(struct ldapsrv_call *call, int error)
+{
+	struct ldapsrv_reply *reply;
+	struct ldap_ExtendedResponse *r;
+
+	DEBUG(10,("Unwilling type[%d] id[%d]\n", call->request.type, call->request.messageid));
+
+	reply = ldapsrv_init_reply(call, LDAP_TAG_ExtendedResponse);
+	if (!reply) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	r = &reply->msg.r.ExtendedResponse;
+	r->response.resultcode = error;
+	r->response.dn = NULL;
+	r->response.errormessage = NULL;
+	r->response.referral = NULL;
+	r->name = NULL;
+	r->value.data = NULL;
+	r->value.length = 0;
+
+	return ldapsrv_queue_reply(call, reply);
+}
+
+static NTSTATUS ldapsrv_BindRequest(struct ldapsrv_call *call)
+{
+	struct ldap_BindRequest *req = &call->request.r.BindRequest;
+	struct ldapsrv_reply *reply;
+	struct ldap_BindResponse *resp;
+
+	DEBUG(10, ("BindRequest dn: %s\n",req->dn));
+
+	reply = ldapsrv_init_reply(call, LDAP_TAG_BindResponse);
+	if (!reply) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	resp = &reply->msg.r.BindResponse;
+	resp->response.resultcode = 0;
+	resp->response.dn = NULL;
+	resp->response.errormessage = NULL;
+	resp->response.referral = NULL;
+	resp->SASL.secblob = data_blob(NULL, 0);
+
+	return ldapsrv_queue_reply(call, reply);
+}
+
+static NTSTATUS ldapsrv_UnbindRequest(struct ldapsrv_call *call)
+{
+/*	struct ldap_UnbindRequest *req = &call->request->r.UnbindRequest;*/
+	DEBUG(10, ("UnbindRequest\n"));
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
+{
+	struct ldap_SearchRequest *req = &call->request.r.SearchRequest;
+	struct ldapsrv_partition *part;
+
+	DEBUG(10, ("SearchRequest"));
+	DEBUGADD(10, (" basedn: %s", req->basedn));
+	DEBUGADD(10, (" filter: %s\n", req->filter));
+
+	part = ldapsrv_get_partition(call->conn, req->basedn);
+
+	if (!part->ops->Search) {
+		struct ldap_Result *done;
+		struct ldapsrv_reply *done_r;
+
+		done_r = ldapsrv_init_reply(call, LDAP_TAG_SearchResultDone);
+		if (!done_r) {
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		done = &done_r->msg.r.SearchResultDone;
+		done->resultcode = 53;
+		done->dn = NULL;
+		done->errormessage = NULL;
+		done->referral = NULL;
+
+		return ldapsrv_queue_reply(call, done_r);
+	}
+
+	return part->ops->Search(part, call, req);
+}
+
+static NTSTATUS ldapsrv_ModifyRequest(struct ldapsrv_call *call)
+{
+	struct ldap_ModifyRequest *req = &call->request.r.ModifyRequest;
+	struct ldapsrv_partition *part;
+
+	DEBUG(10, ("ModifyRequest"));
+	DEBUGADD(10, (" dn: %s", req->dn));
+
+	part = ldapsrv_get_partition(call->conn, req->dn);
+
+	if (!part->ops->Modify) {
+		return ldapsrv_unwilling(call, 53);
+	}
+
+	return part->ops->Modify(part, call, req);
+}
+
+static NTSTATUS ldapsrv_AddRequest(struct ldapsrv_call *call)
+{
+	struct ldap_AddRequest *req = &call->request.r.AddRequest;
+	struct ldapsrv_partition *part;
+
+	DEBUG(10, ("AddRequest"));
+	DEBUGADD(10, (" dn: %s", req->dn));
+
+	part = ldapsrv_get_partition(call->conn, req->dn);
+
+	if (!part->ops->Add) {
+		return ldapsrv_unwilling(call, 53);
+	}
+
+	return part->ops->Add(part, call, req);
+}
+
+static NTSTATUS ldapsrv_DelRequest(struct ldapsrv_call *call)
+{
+	struct ldap_DelRequest *req = &call->request.r.DelRequest;
+	struct ldapsrv_partition *part;
+
+	DEBUG(10, ("DelRequest"));
+	DEBUGADD(10, (" dn: %s", req->dn));
+
+	part = ldapsrv_get_partition(call->conn, req->dn);
+
+	if (!part->ops->Del) {
+		return ldapsrv_unwilling(call, 53);
+	}
+
+	return part->ops->Del(part, call, req);
+}
+
+static NTSTATUS ldapsrv_ModifyDNRequest(struct ldapsrv_call *call)
+{
+	struct ldap_ModifyDNRequest *req = &call->request.r.ModifyDNRequest;
+	struct ldapsrv_partition *part;
+
+	DEBUG(10, ("ModifyDNRequrest"));
+	DEBUGADD(10, (" dn: %s", req->dn));
+	DEBUGADD(10, (" newrdn: %s", req->newrdn));
+
+	part = ldapsrv_get_partition(call->conn, req->dn);
+
+	if (!part->ops->ModifyDN) {
+		return ldapsrv_unwilling(call, 53);
+	}
+
+	return part->ops->ModifyDN(part, call, req);
+}
+
+static NTSTATUS ldapsrv_CompareRequest(struct ldapsrv_call *call)
+{
+	struct ldap_CompareRequest *req = &call->request.r.CompareRequest;
+	struct ldapsrv_partition *part;
+
+	DEBUG(10, ("CompareRequest"));
+	DEBUGADD(10, (" dn: %s", req->dn));
+
+	part = ldapsrv_get_partition(call->conn, req->dn);
+
+	if (!part->ops->Compare) {
+		return ldapsrv_unwilling(call, 53);
+	}
+
+	return part->ops->Compare(part, call, req);
+}
+
+static NTSTATUS ldapsrv_AbandonRequest(struct ldapsrv_call *call)
+{
+/*	struct ldap_AbandonRequest *req = &call->request.r.AbandonRequest;*/
+	DEBUG(10, ("AbandonRequest\n"));
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS ldapsrv_ExtendedRequest(struct ldapsrv_call *call)
+{
+/*	struct ldap_ExtendedRequest *req = &call->request.r.ExtendedRequest;*/
+	struct ldapsrv_reply *reply;
+
+	DEBUG(10, ("Extended\n"));
+
+	reply = ldapsrv_init_reply(call, LDAP_TAG_ExtendedResponse);
+	if (!reply) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ZERO_STRUCT(reply->msg.r);
+
+	return ldapsrv_queue_reply(call, reply);
+}
+
+NTSTATUS ldapsrv_do_call(struct ldapsrv_call *call)
+{
+	switch(call->request.type) {
+	case LDAP_TAG_BindRequest:
+		return ldapsrv_BindRequest(call);
+	case LDAP_TAG_UnbindRequest:
+		return ldapsrv_UnbindRequest(call);
+	case LDAP_TAG_SearchRequest:
+		return ldapsrv_SearchRequest(call);
+	case LDAP_TAG_ModifyRequest:
+		return ldapsrv_ModifyRequest(call);
+	case LDAP_TAG_AddRequest:
+		return ldapsrv_AddRequest(call);
+	case LDAP_TAG_DelRequest:
+		return ldapsrv_DelRequest(call);
+	case LDAP_TAG_ModifyDNRequest:
+		return ldapsrv_ModifyDNRequest(call);
+	case LDAP_TAG_CompareRequest:
+		return ldapsrv_CompareRequest(call);
+	case LDAP_TAG_AbandonRequest:
+		return ldapsrv_AbandonRequest(call);
+	case LDAP_TAG_ExtendedRequest:
+		return ldapsrv_ExtendedRequest(call);
+	default:
+		return ldapsrv_unwilling(call, 2);
+	}
+}
-- 
cgit 


From 85e18e252da0524264f8a809239ddcf2a2dbe3af Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Sat, 9 Oct 2004 21:57:45 +0000
Subject: r2877: the Bind and Unbind function are already moved...

metze
(This used to be commit 5c3f3b4072ed67c6b6b11af6a0f7f2869c717cdb)
---
 source4/ldap_server/ldap_backend.c | 30 ------------------------------
 1 file changed, 30 deletions(-)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index 7f733390c1..f62657e579 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -78,36 +78,6 @@ NTSTATUS ldapsrv_unwilling(struct ldapsrv_call *call, int error)
 	return ldapsrv_queue_reply(call, reply);
 }
 
-static NTSTATUS ldapsrv_BindRequest(struct ldapsrv_call *call)
-{
-	struct ldap_BindRequest *req = &call->request.r.BindRequest;
-	struct ldapsrv_reply *reply;
-	struct ldap_BindResponse *resp;
-
-	DEBUG(10, ("BindRequest dn: %s\n",req->dn));
-
-	reply = ldapsrv_init_reply(call, LDAP_TAG_BindResponse);
-	if (!reply) {
-		return NT_STATUS_NO_MEMORY;
-	}
-
-	resp = &reply->msg.r.BindResponse;
-	resp->response.resultcode = 0;
-	resp->response.dn = NULL;
-	resp->response.errormessage = NULL;
-	resp->response.referral = NULL;
-	resp->SASL.secblob = data_blob(NULL, 0);
-
-	return ldapsrv_queue_reply(call, reply);
-}
-
-static NTSTATUS ldapsrv_UnbindRequest(struct ldapsrv_call *call)
-{
-/*	struct ldap_UnbindRequest *req = &call->request->r.UnbindRequest;*/
-	DEBUG(10, ("UnbindRequest\n"));
-	return NT_STATUS_OK;
-}
-
 static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
 {
 	struct ldap_SearchRequest *req = &call->request.r.SearchRequest;
-- 
cgit 


From 22f0d7012ce8393201ab0dbcc0bb958f94f1b563 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Sun, 10 Oct 2004 02:24:42 +0000
Subject: r2891: call rootDSE only with LDAP_SEARCH_SCOPE_BASE

this is needed because of the global catalog

metze
(This used to be commit 071c19c25df92e87355ce6efb5eb7ce7694cf09b)
---
 source4/ldap_server/ldap_backend.c | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index f62657e579..03df64f922 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -45,9 +45,10 @@ NTSTATUS ldapsrv_queue_reply(struct ldapsrv_call *call, struct ldapsrv_reply *re
 	return NT_STATUS_OK;
 }
 
-struct ldapsrv_partition *ldapsrv_get_partition(struct ldapsrv_connection *conn, const char *dn)
+struct ldapsrv_partition *ldapsrv_get_partition(struct ldapsrv_connection *conn, const char *dn, enum ldap_scope scope)
 {
-	if (strcasecmp("", dn) == 0) {
+	if (scope == LDAP_SEARCH_SCOPE_BASE
+	    && strcasecmp("", dn) == 0) {
 		return conn->service->rootDSE;
 	}
 
@@ -87,7 +88,7 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
 	DEBUGADD(10, (" basedn: %s", req->basedn));
 	DEBUGADD(10, (" filter: %s\n", req->filter));
 
-	part = ldapsrv_get_partition(call->conn, req->basedn);
+	part = ldapsrv_get_partition(call->conn, req->basedn, req->scope);
 
 	if (!part->ops->Search) {
 		struct ldap_Result *done;
@@ -118,7 +119,7 @@ static NTSTATUS ldapsrv_ModifyRequest(struct ldapsrv_call *call)
 	DEBUG(10, ("ModifyRequest"));
 	DEBUGADD(10, (" dn: %s", req->dn));
 
-	part = ldapsrv_get_partition(call->conn, req->dn);
+	part = ldapsrv_get_partition(call->conn, req->dn, LDAP_SEARCH_SCOPE_SUB);
 
 	if (!part->ops->Modify) {
 		return ldapsrv_unwilling(call, 53);
@@ -135,7 +136,7 @@ static NTSTATUS ldapsrv_AddRequest(struct ldapsrv_call *call)
 	DEBUG(10, ("AddRequest"));
 	DEBUGADD(10, (" dn: %s", req->dn));
 
-	part = ldapsrv_get_partition(call->conn, req->dn);
+	part = ldapsrv_get_partition(call->conn, req->dn, LDAP_SEARCH_SCOPE_SUB);
 
 	if (!part->ops->Add) {
 		return ldapsrv_unwilling(call, 53);
@@ -152,7 +153,7 @@ static NTSTATUS ldapsrv_DelRequest(struct ldapsrv_call *call)
 	DEBUG(10, ("DelRequest"));
 	DEBUGADD(10, (" dn: %s", req->dn));
 
-	part = ldapsrv_get_partition(call->conn, req->dn);
+	part = ldapsrv_get_partition(call->conn, req->dn, LDAP_SEARCH_SCOPE_SUB);
 
 	if (!part->ops->Del) {
 		return ldapsrv_unwilling(call, 53);
@@ -170,7 +171,7 @@ static NTSTATUS ldapsrv_ModifyDNRequest(struct ldapsrv_call *call)
 	DEBUGADD(10, (" dn: %s", req->dn));
 	DEBUGADD(10, (" newrdn: %s", req->newrdn));
 
-	part = ldapsrv_get_partition(call->conn, req->dn);
+	part = ldapsrv_get_partition(call->conn, req->dn, LDAP_SEARCH_SCOPE_SUB);
 
 	if (!part->ops->ModifyDN) {
 		return ldapsrv_unwilling(call, 53);
@@ -187,7 +188,7 @@ static NTSTATUS ldapsrv_CompareRequest(struct ldapsrv_call *call)
 	DEBUG(10, ("CompareRequest"));
 	DEBUGADD(10, (" dn: %s", req->dn));
 
-	part = ldapsrv_get_partition(call->conn, req->dn);
+	part = ldapsrv_get_partition(call->conn, req->dn, LDAP_SEARCH_SCOPE_SUB);
 
 	if (!part->ops->Compare) {
 		return ldapsrv_unwilling(call, 53);
-- 
cgit 


From 3643fb11092e28a9538ef32cedce8ff21ad86a28 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Tue, 2 Nov 2004 06:42:15 +0000
Subject: r3463: separated out some more headers (asn_1.h, messages.h,
 dlinklist.h and ioctl.h) (This used to be commit
 b97e395c814762024336c1cf4d7c25be8da5813a)

---
 source4/ldap_server/ldap_backend.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index 03df64f922..c4d44888c4 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -19,6 +19,7 @@
 */
 
 #include "includes.h"
+#include "dlinklist.h"
 
 
 struct ldapsrv_reply *ldapsrv_init_reply(struct ldapsrv_call *call, enum ldap_request_tag type)
-- 
cgit 


From a42142439aee9e75796e25cdf05e042174926abf Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Tue, 2 Nov 2004 06:52:59 +0000
Subject: r3464: split out registry.h, rap.h and ldap_server.h (This used to be
 commit 70d2090f6bf2c7e0caf1e9c020f330de88871f8e)

---
 source4/ldap_server/ldap_backend.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index c4d44888c4..8a26c3fd8f 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -19,6 +19,7 @@
 */
 
 #include "includes.h"
+#include "ldap_server/ldap_server.h"
 #include "dlinklist.h"
 
 
-- 
cgit 


From 759da3b915e2006d4c87b5ace47f399accd9ce91 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Thu, 27 Jan 2005 07:08:20 +0000
Subject: r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies
 for the large commit. I thought this was worthwhile to get done for
 consistency. (This used to be commit
 ec32b22ed5ec224f6324f5e069d15e92e38e15c0)

---
 source4/ldap_server/ldap_backend.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index 8a26c3fd8f..58c6dde436 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -27,7 +27,7 @@ struct ldapsrv_reply *ldapsrv_init_reply(struct ldapsrv_call *call, enum ldap_re
 {
 	struct ldapsrv_reply *reply;
 
-	reply = talloc_p(call, struct ldapsrv_reply);
+	reply = talloc(call, struct ldapsrv_reply);
 	if (!reply) {
 		return NULL;
 	}
-- 
cgit 


From 501379431c7fc6c9a78e74eca43b208184debce6 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Thu, 10 Feb 2005 07:08:40 +0000
Subject: r5305: removed libcli/ldap/ldap.h from includes.h (This used to be
 commit 0df3fdd8178085c40f9cd776cc3e1486ca559c8e)

---
 source4/ldap_server/ldap_backend.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index 58c6dde436..d87ea657d7 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -21,9 +21,10 @@
 #include "includes.h"
 #include "ldap_server/ldap_server.h"
 #include "dlinklist.h"
+#include "libcli/ldap/ldap.h"
 
 
-struct ldapsrv_reply *ldapsrv_init_reply(struct ldapsrv_call *call, enum ldap_request_tag type)
+struct ldapsrv_reply *ldapsrv_init_reply(struct ldapsrv_call *call, uint8_t type)
 {
 	struct ldapsrv_reply *reply;
 
@@ -47,7 +48,7 @@ NTSTATUS ldapsrv_queue_reply(struct ldapsrv_call *call, struct ldapsrv_reply *re
 	return NT_STATUS_OK;
 }
 
-struct ldapsrv_partition *ldapsrv_get_partition(struct ldapsrv_connection *conn, const char *dn, enum ldap_scope scope)
+struct ldapsrv_partition *ldapsrv_get_partition(struct ldapsrv_connection *conn, const char *dn, uint8_t scope)
 {
 	if (scope == LDAP_SEARCH_SCOPE_BASE
 	    && strcasecmp("", dn) == 0) {
-- 
cgit 


From 4b0e5bd75373ffa2d847706a71fd0349dfa15e71 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Mon, 13 Jun 2005 09:10:17 +0000
Subject: r7527: - added a ldb_search_bytree() interface, which takes a
 ldb_parse_tree   instead of a search expression. This allows our ldap server
 to pass   its ASN.1 parsed search expressions straight to ldb, instead of
 going   via strings.

- updated all the ldb modules code to handle the new interface

- got rid of the separate ldb_parse.h now that the ldb_parse
  structures are exposed externally

- moved to C99 structure initialisation in ldb

- switched ldap server to using ldb_search_bytree()
(This used to be commit 96620ab2ee5d440bbbc51c1bc0cad9977770f897)
---
 source4/ldap_server/ldap_backend.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index d87ea657d7..1c2ba87018 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -89,7 +89,7 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
 
 	DEBUG(10, ("SearchRequest"));
 	DEBUGADD(10, (" basedn: %s", req->basedn));
-	DEBUGADD(10, (" filter: %s\n", req->filter));
+	DEBUGADD(10, (" filter: %s\n", ldb_filter_from_tree(call, req->tree)));
 
 	part = ldapsrv_get_partition(call->conn, req->basedn, req->scope);
 
-- 
cgit 


From c0947b0d7f809f5139fbfcdbd618ed7b0a77d2be Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Wed, 15 Jun 2005 00:27:51 +0000
Subject: r7593: simplified the memory management in the ldap code. Having a
 mem_ctx element in a structure is not necessary any more. (This used to be
 commit 912d0427f52eac811b27bf7e385b0642f7dc7f53)

---
 source4/ldap_server/ldap_backend.c | 32 ++++++++++++++++++--------------
 1 file changed, 18 insertions(+), 14 deletions(-)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index 1c2ba87018..6ac9839e29 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -32,12 +32,16 @@ struct ldapsrv_reply *ldapsrv_init_reply(struct ldapsrv_call *call, uint8_t type
 	if (!reply) {
 		return NULL;
 	}
+	reply->msg = talloc(reply, struct ldap_message);
+	if (reply->msg == NULL) {
+		talloc_free(reply);
+		return NULL;
+	}
 
 	reply->prev = reply->next = NULL;
 	reply->state = LDAPSRV_REPLY_STATE_NEW;
-	reply->msg.messageid = call->request.messageid;
-	reply->msg.type = type;
-	reply->msg.mem_ctx = reply;
+	reply->msg->messageid = call->request->messageid;
+	reply->msg->type = type;
 
 	return reply;
 }
@@ -63,14 +67,14 @@ NTSTATUS ldapsrv_unwilling(struct ldapsrv_call *call, int error)
 	struct ldapsrv_reply *reply;
 	struct ldap_ExtendedResponse *r;
 
-	DEBUG(10,("Unwilling type[%d] id[%d]\n", call->request.type, call->request.messageid));
+	DEBUG(10,("Unwilling type[%d] id[%d]\n", call->request->type, call->request->messageid));
 
 	reply = ldapsrv_init_reply(call, LDAP_TAG_ExtendedResponse);
 	if (!reply) {
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	r = &reply->msg.r.ExtendedResponse;
+	r = &reply->msg->r.ExtendedResponse;
 	r->response.resultcode = error;
 	r->response.dn = NULL;
 	r->response.errormessage = NULL;
@@ -84,7 +88,7 @@ NTSTATUS ldapsrv_unwilling(struct ldapsrv_call *call, int error)
 
 static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
 {
-	struct ldap_SearchRequest *req = &call->request.r.SearchRequest;
+	struct ldap_SearchRequest *req = &call->request->r.SearchRequest;
 	struct ldapsrv_partition *part;
 
 	DEBUG(10, ("SearchRequest"));
@@ -102,7 +106,7 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
 			return NT_STATUS_NO_MEMORY;
 		}
 
-		done = &done_r->msg.r.SearchResultDone;
+		done = &done_r->msg->r.SearchResultDone;
 		done->resultcode = 53;
 		done->dn = NULL;
 		done->errormessage = NULL;
@@ -116,7 +120,7 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
 
 static NTSTATUS ldapsrv_ModifyRequest(struct ldapsrv_call *call)
 {
-	struct ldap_ModifyRequest *req = &call->request.r.ModifyRequest;
+	struct ldap_ModifyRequest *req = &call->request->r.ModifyRequest;
 	struct ldapsrv_partition *part;
 
 	DEBUG(10, ("ModifyRequest"));
@@ -133,7 +137,7 @@ static NTSTATUS ldapsrv_ModifyRequest(struct ldapsrv_call *call)
 
 static NTSTATUS ldapsrv_AddRequest(struct ldapsrv_call *call)
 {
-	struct ldap_AddRequest *req = &call->request.r.AddRequest;
+	struct ldap_AddRequest *req = &call->request->r.AddRequest;
 	struct ldapsrv_partition *part;
 
 	DEBUG(10, ("AddRequest"));
@@ -150,7 +154,7 @@ static NTSTATUS ldapsrv_AddRequest(struct ldapsrv_call *call)
 
 static NTSTATUS ldapsrv_DelRequest(struct ldapsrv_call *call)
 {
-	struct ldap_DelRequest *req = &call->request.r.DelRequest;
+	struct ldap_DelRequest *req = &call->request->r.DelRequest;
 	struct ldapsrv_partition *part;
 
 	DEBUG(10, ("DelRequest"));
@@ -167,7 +171,7 @@ static NTSTATUS ldapsrv_DelRequest(struct ldapsrv_call *call)
 
 static NTSTATUS ldapsrv_ModifyDNRequest(struct ldapsrv_call *call)
 {
-	struct ldap_ModifyDNRequest *req = &call->request.r.ModifyDNRequest;
+	struct ldap_ModifyDNRequest *req = &call->request->r.ModifyDNRequest;
 	struct ldapsrv_partition *part;
 
 	DEBUG(10, ("ModifyDNRequrest"));
@@ -185,7 +189,7 @@ static NTSTATUS ldapsrv_ModifyDNRequest(struct ldapsrv_call *call)
 
 static NTSTATUS ldapsrv_CompareRequest(struct ldapsrv_call *call)
 {
-	struct ldap_CompareRequest *req = &call->request.r.CompareRequest;
+	struct ldap_CompareRequest *req = &call->request->r.CompareRequest;
 	struct ldapsrv_partition *part;
 
 	DEBUG(10, ("CompareRequest"));
@@ -219,14 +223,14 @@ static NTSTATUS ldapsrv_ExtendedRequest(struct ldapsrv_call *call)
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	ZERO_STRUCT(reply->msg.r);
+	ZERO_STRUCT(reply->msg->r);
 
 	return ldapsrv_queue_reply(call, reply);
 }
 
 NTSTATUS ldapsrv_do_call(struct ldapsrv_call *call)
 {
-	switch(call->request.type) {
+	switch(call->request->type) {
 	case LDAP_TAG_BindRequest:
 		return ldapsrv_BindRequest(call);
 	case LDAP_TAG_UnbindRequest:
-- 
cgit 


From c7496c6cdb7bdcdd483868c21457350f567ec054 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Sun, 19 Jun 2005 09:31:34 +0000
Subject: r7747: - simplified the ldap server buffer handling

- got rid of the special cases for sasl buffers

- added a tls_socket_pending() call to determine how much data is waiting on a tls connection

- removed the attempt at async handling of ldap calls. The buffers/sockets are all async, but the calls themselves
  are sync.
(This used to be commit 73cb4aad229d08e17e22d5792580bd43a61b142a)
---
 source4/ldap_server/ldap_backend.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index 6ac9839e29..3da7277cc1 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -38,18 +38,15 @@ struct ldapsrv_reply *ldapsrv_init_reply(struct ldapsrv_call *call, uint8_t type
 		return NULL;
 	}
 
-	reply->prev = reply->next = NULL;
-	reply->state = LDAPSRV_REPLY_STATE_NEW;
 	reply->msg->messageid = call->request->messageid;
 	reply->msg->type = type;
 
 	return reply;
 }
 
-NTSTATUS ldapsrv_queue_reply(struct ldapsrv_call *call, struct ldapsrv_reply *reply)
+void ldapsrv_queue_reply(struct ldapsrv_call *call, struct ldapsrv_reply *reply)
 {
 	DLIST_ADD_END(call->replies, reply, struct ldapsrv_reply *);
-	return NT_STATUS_OK;
 }
 
 struct ldapsrv_partition *ldapsrv_get_partition(struct ldapsrv_connection *conn, const char *dn, uint8_t scope)
@@ -83,7 +80,8 @@ NTSTATUS ldapsrv_unwilling(struct ldapsrv_call *call, int error)
 	r->value.data = NULL;
 	r->value.length = 0;
 
-	return ldapsrv_queue_reply(call, reply);
+	ldapsrv_queue_reply(call, reply);
+	return NT_STATUS_OK;
 }
 
 static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
@@ -112,7 +110,8 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
 		done->errormessage = NULL;
 		done->referral = NULL;
 
-		return ldapsrv_queue_reply(call, done_r);
+		ldapsrv_queue_reply(call, done_r);
+		return NT_STATUS_OK;
 	}
 
 	return part->ops->Search(part, call, req);
@@ -225,7 +224,8 @@ static NTSTATUS ldapsrv_ExtendedRequest(struct ldapsrv_call *call)
 
 	ZERO_STRUCT(reply->msg->r);
 
-	return ldapsrv_queue_reply(call, reply);
+	ldapsrv_queue_reply(call, reply);
+	return NT_STATUS_OK;
 }
 
 NTSTATUS ldapsrv_do_call(struct ldapsrv_call *call)
-- 
cgit 


From db6933323c0997cc6334d447e9a938cb42731ae9 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Mon, 20 Jun 2005 04:59:10 +0000
Subject: r7777: allow for overriding the location of the sam databasein the
 ldap server, using ldapsrv:samdb option. This allows the following:

          sam database=ldap://localhost
          ldapsrv:samdb=tdb:///home/tridge/samba/samba4/prefix/private/sam.ldb

which allows us to test putting the sam on an ldap server using our
own ldap server. This is a great stress test for the ldap code.
(This used to be commit 40948ba3848e2cfd69ee5ef77031170a652e389b)
---
 source4/ldap_server/ldap_backend.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index 3da7277cc1..96c9b16f5d 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -255,3 +255,17 @@ NTSTATUS ldapsrv_do_call(struct ldapsrv_call *call)
 		return ldapsrv_unwilling(call, 2);
 	}
 }
+
+
+/*
+  connect to the sam database
+*/
+struct ldb_context *ldapsrv_sam_connect(struct ldapsrv_call *call)
+{
+	const char *url;
+	url = lp_parm_string(-1, "ldapsrv", "samdb");
+	if (url) {
+		return ldb_wrap_connect(call, url, 0, NULL);
+	}
+	return samdb_connect(call);
+}
-- 
cgit 


From 1377cca5f4beb43cf67fcc65eed79f14178d6349 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 7 Oct 2005 11:31:45 +0000
Subject: r10810: This adds the hooks required to communicate the current user
 from the authenticated session down into LDB.  This associates a session info
 structure with the open LDB, allowing a future ldb_ntacl module to allow/deny
 operations on that basis.

Along the way, I cleaned up a few things, and added new helper functions
to assist.  In particular the LSA pipe uses simpler queries for some of
the setup.

In ldap_server, I have removed the 'ldasrv:hacked' module, which hasn't
been worked on (other than making it continue to compile) since January,
and I think the features of this module are being put into ldb anyway.

I have also changed the partitions in ldap_server to be initialised
after the connection, with the private pointer used to associate the ldb
with the incoming session.

Andrew Bartlett
(This used to be commit fd7203789a2c0929eecea8125b57b833a67fed71)
---
 source4/ldap_server/ldap_backend.c | 16 ++--------------
 1 file changed, 2 insertions(+), 14 deletions(-)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index 96c9b16f5d..65e6d9d4d4 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -53,10 +53,10 @@ struct ldapsrv_partition *ldapsrv_get_partition(struct ldapsrv_connection *conn,
 {
 	if (scope == LDAP_SEARCH_SCOPE_BASE
 	    && strcasecmp("", dn) == 0) {
-		return conn->service->rootDSE;
+		return conn->rootDSE;
 	}
 
-	return conn->service->default_partition;
+	return conn->default_partition;
 }
 
 NTSTATUS ldapsrv_unwilling(struct ldapsrv_call *call, int error)
@@ -257,15 +257,3 @@ NTSTATUS ldapsrv_do_call(struct ldapsrv_call *call)
 }
 
 
-/*
-  connect to the sam database
-*/
-struct ldb_context *ldapsrv_sam_connect(struct ldapsrv_call *call)
-{
-	const char *url;
-	url = lp_parm_string(-1, "ldapsrv", "samdb");
-	if (url) {
-		return ldb_wrap_connect(call, url, 0, NULL);
-	}
-	return samdb_connect(call);
-}
-- 
cgit 


From 53562f774662eda06563870bb7daf857df01590f Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Tue, 29 Nov 2005 08:55:13 +0000
Subject: r11955: got rid of the old rootDSE code in the ldap server.

The partitioning logic is still there, but we only have one
partition. If we need partitioning in the future it might be better to
remove this partitioning code and use a partitioning module instead
(This used to be commit f4685e7dc9bdc3b9e240c9f5891b9da9251f82e5)
---
 source4/ldap_server/ldap_backend.c | 5 -----
 1 file changed, 5 deletions(-)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index 65e6d9d4d4..a1c08fcc99 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -51,11 +51,6 @@ void ldapsrv_queue_reply(struct ldapsrv_call *call, struct ldapsrv_reply *reply)
 
 struct ldapsrv_partition *ldapsrv_get_partition(struct ldapsrv_connection *conn, const char *dn, uint8_t scope)
 {
-	if (scope == LDAP_SEARCH_SCOPE_BASE
-	    && strcasecmp("", dn) == 0) {
-		return conn->rootDSE;
-	}
-
 	return conn->default_partition;
 }
 
-- 
cgit 


From d4de4c2d210d2e8c9b5aedf70695594809ad6a0b Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Fri, 30 Dec 2005 13:16:54 +0000
Subject: r12608: Remove some unused #include lines. (This used to be commit
 70e7449318aa0e9d2639c76730a7d1683b2f4981)

---
 source4/ldap_server/ldap_backend.c | 1 -
 1 file changed, 1 deletion(-)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index a1c08fcc99..637ce7bd63 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -21,7 +21,6 @@
 #include "includes.h"
 #include "ldap_server/ldap_server.h"
 #include "dlinklist.h"
-#include "libcli/ldap/ldap.h"
 
 
 struct ldapsrv_reply *ldapsrv_init_reply(struct ldapsrv_call *call, uint8_t type)
-- 
cgit 


From c908d0b2aa111659e57a73efb8c33c413965c846 Mon Sep 17 00:00:00 2001
From: Simo Sorce <idra@samba.org>
Date: Fri, 6 Jan 2006 04:01:23 +0000
Subject: r12733: Merge ldap/ldb controls into main tree There's still lot of
 work to do but the patch is stable enough to be pushed into the main samba4
 tree.

Simo.
(This used to be commit 77125feaff252cab44d26593093a9c211c846ce8)
---
 source4/ldap_server/ldap_backend.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index 637ce7bd63..1e6d05a9bd 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -21,6 +21,7 @@
 #include "includes.h"
 #include "ldap_server/ldap_server.h"
 #include "dlinklist.h"
+#include "libcli/ldap/ldap.h"
 
 
 struct ldapsrv_reply *ldapsrv_init_reply(struct ldapsrv_call *call, uint8_t type)
@@ -39,6 +40,7 @@ struct ldapsrv_reply *ldapsrv_init_reply(struct ldapsrv_call *call, uint8_t type
 
 	reply->msg->messageid = call->request->messageid;
 	reply->msg->type = type;
+	reply->msg->controls = NULL;
 
 	return reply;
 }
@@ -108,7 +110,7 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
 		return NT_STATUS_OK;
 	}
 
-	return part->ops->Search(part, call, req);
+	return part->ops->Search(part, call);
 }
 
 static NTSTATUS ldapsrv_ModifyRequest(struct ldapsrv_call *call)
@@ -125,7 +127,7 @@ static NTSTATUS ldapsrv_ModifyRequest(struct ldapsrv_call *call)
 		return ldapsrv_unwilling(call, 53);
 	}
 
-	return part->ops->Modify(part, call, req);
+	return part->ops->Modify(part, call);
 }
 
 static NTSTATUS ldapsrv_AddRequest(struct ldapsrv_call *call)
@@ -142,7 +144,7 @@ static NTSTATUS ldapsrv_AddRequest(struct ldapsrv_call *call)
 		return ldapsrv_unwilling(call, 53);
 	}
 
-	return part->ops->Add(part, call, req);
+	return part->ops->Add(part, call);
 }
 
 static NTSTATUS ldapsrv_DelRequest(struct ldapsrv_call *call)
@@ -159,7 +161,7 @@ static NTSTATUS ldapsrv_DelRequest(struct ldapsrv_call *call)
 		return ldapsrv_unwilling(call, 53);
 	}
 
-	return part->ops->Del(part, call, req);
+	return part->ops->Del(part, call);
 }
 
 static NTSTATUS ldapsrv_ModifyDNRequest(struct ldapsrv_call *call)
@@ -177,7 +179,7 @@ static NTSTATUS ldapsrv_ModifyDNRequest(struct ldapsrv_call *call)
 		return ldapsrv_unwilling(call, 53);
 	}
 
-	return part->ops->ModifyDN(part, call, req);
+	return part->ops->ModifyDN(part, call);
 }
 
 static NTSTATUS ldapsrv_CompareRequest(struct ldapsrv_call *call)
@@ -194,7 +196,7 @@ static NTSTATUS ldapsrv_CompareRequest(struct ldapsrv_call *call)
 		return ldapsrv_unwilling(call, 53);
 	}
 
-	return part->ops->Compare(part, call, req);
+	return part->ops->Compare(part, call);
 }
 
 static NTSTATUS ldapsrv_AbandonRequest(struct ldapsrv_call *call)
-- 
cgit 


From a7a79d2b256c97bd6ffa6e9740d14366ebc7602e Mon Sep 17 00:00:00 2001
From: Simo Sorce <idra@samba.org>
Date: Fri, 13 Jan 2006 00:38:35 +0000
Subject: r12880: Remove ldap partitions useless now and probably we will not
 use it anyway as we plan to support partitions in ldb directly like with
 rootdse

Merge ldap_simple_ldb into ldap_backend, it is
not simple anymore and makes no sense to have
it separated now that ldap partitions are gone

Initial attempt at working to some limit to avoid DOSs
for the ldap server.

Simo.
(This used to be commit 97bff3e049eba48019f2b0f3eb5a19e32fef2e23)
---
 source4/ldap_server/ldap_backend.c | 590 ++++++++++++++++++++++++++++++++++---
 1 file changed, 543 insertions(+), 47 deletions(-)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index 1e6d05a9bd..562263371b 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -22,7 +22,79 @@
 #include "ldap_server/ldap_server.h"
 #include "dlinklist.h"
 #include "libcli/ldap/ldap.h"
+#include "lib/ldb/include/ldb.h"
+#include "lib/ldb/include/ldb_errors.h"
+#include "dsdb/samdb/samdb.h"
+
+#define VALID_DN_SYNTAX(dn,i) do {\
+	if (!(dn)) {\
+		return NT_STATUS_NO_MEMORY;\
+	} else if ((dn)->comp_num < (i)) {\
+		result = LDAP_INVALID_DN_SYNTAX;\
+		errstr = "Invalid DN (" #i " components needed for '" #dn "')";\
+		goto reply;\
+	}\
+} while(0)
+
+static int map_ldb_error(struct ldb_context *ldb, int err, const char **errstring)
+{
+	*errstring = ldb_errstring(ldb);
+	
+	/* its 1:1 for now */
+	return err;
+}
+
+/*
+  map controls
+*/
+static int get_ldb_controls(void *mem_ctx, struct ldap_Control **controls, struct ldb_control ***lcontrols)
+{
+	struct ldb_control **lctrl;
+	int i, l;
+
+	if (controls == NULL || controls[0] == NULL) {
+		*lcontrols = NULL;
+		return LDB_SUCCESS;
+	}
+
+	l = 0;
+	lctrl = NULL;
+	*lcontrols = NULL;
+	
+	for (i = 0; controls[i] != NULL; i++) {
+		lctrl = talloc_realloc(mem_ctx, lctrl, struct ldb_control *, l + 2);
+		if (lctrl == NULL) {
+			return LDB_ERR_OTHER;
+		}
+		lctrl[l] = talloc(lctrl, struct ldb_control);
+		if (lctrl[l] == NULL) {
+			return LDB_ERR_OTHER;
+		}
+		lctrl[l]->oid = controls[i]->oid;
+		lctrl[l]->critical = controls[i]->critical;
+		lctrl[l]->data = controls[i]->value;
+		l++;
+	}	
+	lctrl[l] = NULL;
 
+	*lcontrols = lctrl;
+
+	return LDB_SUCCESS;
+}
+
+/*
+  connect to the sam database
+*/
+NTSTATUS ldapsrv_backend_Init(struct ldapsrv_connection *conn) 
+{
+	conn->ldb = samdb_connect(conn, conn->session_info);
+	if (conn->ldb == NULL) {
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+	ldb_set_opaque(conn->ldb, "server_credentials", conn->server_credentials);
+
+	return NT_STATUS_OK;
+}
 
 struct ldapsrv_reply *ldapsrv_init_reply(struct ldapsrv_call *call, uint8_t type)
 {
@@ -50,11 +122,6 @@ void ldapsrv_queue_reply(struct ldapsrv_call *call, struct ldapsrv_reply *reply)
 	DLIST_ADD_END(call->replies, reply, struct ldapsrv_reply *);
 }
 
-struct ldapsrv_partition *ldapsrv_get_partition(struct ldapsrv_connection *conn, const char *dn, uint8_t scope)
-{
-	return conn->default_partition;
-}
-
 NTSTATUS ldapsrv_unwilling(struct ldapsrv_call *call, int error)
 {
 	struct ldapsrv_reply *reply;
@@ -83,120 +150,549 @@ NTSTATUS ldapsrv_unwilling(struct ldapsrv_call *call, int error)
 static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
 {
 	struct ldap_SearchRequest *req = &call->request->r.SearchRequest;
-	struct ldapsrv_partition *part;
+	struct ldap_SearchResEntry *ent;
+	struct ldap_Result *done;
+	struct ldapsrv_reply *ent_r, *done_r;
+	void *local_ctx;
+	struct ldb_context *samdb = call->conn->ldb;
+	struct ldb_dn *basedn;
+	struct ldb_result *res = NULL;
+	struct ldb_request lreq;
+	enum ldb_scope scope = LDB_SCOPE_DEFAULT;
+	const char **attrs = NULL;
+	const char *errstr = NULL;
+	int success_limit = 1;
+	int result = LDAP_SUCCESS;
+	int ldb_ret;
+	int i, j, y;
 
 	DEBUG(10, ("SearchRequest"));
 	DEBUGADD(10, (" basedn: %s", req->basedn));
 	DEBUGADD(10, (" filter: %s\n", ldb_filter_from_tree(call, req->tree)));
 
-	part = ldapsrv_get_partition(call->conn, req->basedn, req->scope);
+	local_ctx = talloc_named(call, 0, "sldb_Search local memory context");
+	NT_STATUS_HAVE_NO_MEMORY(local_ctx);
+
+	basedn = ldb_dn_explode(local_ctx, req->basedn);
+	VALID_DN_SYNTAX(basedn, 0);
+
+	DEBUG(10, ("SearchRequest: basedn: [%s]\n", req->basedn));
+	DEBUG(10, ("SearchRequest: filter: [%s]\n", ldb_filter_from_tree(call, req->tree)));
+
+	switch (req->scope) {
+		case LDAP_SEARCH_SCOPE_BASE:
+			DEBUG(10,("SearchRequest: scope: [BASE]\n"));
+			scope = LDB_SCOPE_BASE;
+			success_limit = 0;
+			break;
+		case LDAP_SEARCH_SCOPE_SINGLE:
+			DEBUG(10,("SearchRequest: scope: [ONE]\n"));
+			scope = LDB_SCOPE_ONELEVEL;
+			success_limit = 0;
+			break;
+		case LDAP_SEARCH_SCOPE_SUB:
+			DEBUG(10,("SearchRequest: scope: [SUB]\n"));
+			scope = LDB_SCOPE_SUBTREE;
+			success_limit = 0;
+			break;
+	}
 
-	if (!part->ops->Search) {
-		struct ldap_Result *done;
-		struct ldapsrv_reply *done_r;
+	if (req->num_attributes >= 1) {
+		attrs = talloc_array(samdb, const char *, req->num_attributes+1);
+		NT_STATUS_HAVE_NO_MEMORY(attrs);
 
-		done_r = ldapsrv_init_reply(call, LDAP_TAG_SearchResultDone);
-		if (!done_r) {
-			return NT_STATUS_NO_MEMORY;
+		for (i=0; i < req->num_attributes; i++) {
+			DEBUG(10,("SearchRequest: attrs: [%s]\n",req->attributes[i]));
+			attrs[i] = req->attributes[i];
 		}
+		attrs[i] = NULL;
+	}
+
+	DEBUG(5,("ldb_request dn=%s filter=%s\n", 
+		 req->basedn, ldb_filter_from_tree(call, req->tree)));
 
-		done = &done_r->msg->r.SearchResultDone;
-		done->resultcode = 53;
-		done->dn = NULL;
-		done->errormessage = NULL;
-		done->referral = NULL;
+	ZERO_STRUCT(lreq);
+	lreq.operation = LDB_REQ_SEARCH;
+	lreq.op.search.base = basedn;
+	lreq.op.search.scope = scope;
+	lreq.op.search.tree = req->tree;
+	lreq.op.search.attrs = attrs;
 
-		ldapsrv_queue_reply(call, done_r);
-		return NT_STATUS_OK;
+	ldb_ret = get_ldb_controls(local_ctx, call->request->controls, &lreq.controls);
+
+	if (ldb_ret != LDB_SUCCESS) {
+		/* get_ldb_controls fails only on a critical internal error or when
+		 * a control is defined as critical but it is not supported
+		 */
+		goto reply;
 	}
 
-	return part->ops->Search(part, call);
+	ldb_ret = ldb_request(samdb, &lreq);
+
+	res = talloc_steal(samdb, lreq.op.search.res);
+
+	if (ldb_ret == LDB_SUCCESS) {
+		for (i = 0; i < res->count; i++) {
+			ent_r = ldapsrv_init_reply(call, LDAP_TAG_SearchResultEntry);
+			NT_STATUS_HAVE_NO_MEMORY(ent_r);
+
+			ent = &ent_r->msg->r.SearchResultEntry;
+			ent->dn = ldb_dn_linearize(ent_r, res->msgs[i]->dn);
+			ent->num_attributes = 0;
+			ent->attributes = NULL;
+			if (res->msgs[i]->num_elements == 0) {
+				goto queue_reply;
+			}
+			ent->num_attributes = res->msgs[i]->num_elements;
+			ent->attributes = talloc_array(ent_r, struct ldb_message_element, ent->num_attributes);
+			NT_STATUS_HAVE_NO_MEMORY(ent->attributes);
+			for (j=0; j < ent->num_attributes; j++) {
+				ent->attributes[j].name = talloc_steal(ent->attributes, res->msgs[i]->elements[j].name);
+				ent->attributes[j].num_values = 0;
+				ent->attributes[j].values = NULL;
+				if (req->attributesonly && (res->msgs[i]->elements[j].num_values == 0)) {
+					continue;
+				}
+				ent->attributes[j].num_values = res->msgs[i]->elements[j].num_values;
+				ent->attributes[j].values = talloc_array(ent->attributes,
+								DATA_BLOB, ent->attributes[j].num_values);
+				NT_STATUS_HAVE_NO_MEMORY(ent->attributes[j].values);
+				for (y=0; y < ent->attributes[j].num_values; y++) {
+					ent->attributes[j].values[y].length = res->msgs[i]->elements[j].values[y].length;
+					ent->attributes[j].values[y].data = talloc_steal(ent->attributes[j].values,
+										res->msgs[i]->elements[j].values[y].data);
+				}
+			}
+queue_reply:
+			ldapsrv_queue_reply(call, ent_r);
+		}
+	}
+
+reply:
+	done_r = ldapsrv_init_reply(call, LDAP_TAG_SearchResultDone);
+	NT_STATUS_HAVE_NO_MEMORY(done_r);
+
+	done = &done_r->msg->r.SearchResultDone;
+	done->dn = NULL;
+	done->referral = NULL;
+
+	if (ldb_ret == LDB_SUCCESS) {
+		if (res->count >= success_limit) {
+			DEBUG(10,("SearchRequest: results: [%d]\n", res->count));
+			result = LDAP_SUCCESS;
+			errstr = NULL;
+		} else if (res->count == 0) {
+			DEBUG(10,("SearchRequest: no results\n"));
+			result = LDAP_NO_SUCH_OBJECT;
+			errstr = ldb_errstring(samdb);
+		}
+		if (res->controls) {
+			done_r->msg->controls = (struct ldap_Control **)(res->controls);
+		}
+	} else {
+		DEBUG(10,("SearchRequest: error\n"));
+		result = map_ldb_error(samdb, ldb_ret, &errstr);
+	}
+
+	done->resultcode = result;
+	done->errormessage = (errstr?talloc_strdup(done_r, errstr):NULL);
+
+	talloc_free(local_ctx);
+
+	ldapsrv_queue_reply(call, done_r);
+	return NT_STATUS_OK;
 }
 
 static NTSTATUS ldapsrv_ModifyRequest(struct ldapsrv_call *call)
 {
 	struct ldap_ModifyRequest *req = &call->request->r.ModifyRequest;
-	struct ldapsrv_partition *part;
+	struct ldap_Result *modify_result;
+	struct ldapsrv_reply *modify_reply;
+	void *local_ctx;
+	struct ldb_context *samdb = call->conn->ldb;
+	struct ldb_message *msg = NULL;
+	struct ldb_dn *dn;
+	const char *errstr = NULL;
+	int result = LDAP_SUCCESS;
+	int ldb_ret;
+	int i,j;
 
 	DEBUG(10, ("ModifyRequest"));
 	DEBUGADD(10, (" dn: %s", req->dn));
 
-	part = ldapsrv_get_partition(call->conn, req->dn, LDAP_SEARCH_SCOPE_SUB);
+	local_ctx = talloc_named(call, 0, "ModifyRequest local memory context");
+	NT_STATUS_HAVE_NO_MEMORY(local_ctx);
+
+	dn = ldb_dn_explode(local_ctx, req->dn);
+	VALID_DN_SYNTAX(dn, 1);
+
+	DEBUG(10, ("ModifyRequest: dn: [%s]\n", req->dn));
+
+	msg = talloc(local_ctx, struct ldb_message);
+	NT_STATUS_HAVE_NO_MEMORY(msg);
+
+	msg->dn = dn;
+	msg->private_data = NULL;
+	msg->num_elements = 0;
+	msg->elements = NULL;
+
+	if (req->num_mods > 0) {
+		msg->num_elements = req->num_mods;
+		msg->elements = talloc_array(msg, struct ldb_message_element, req->num_mods);
+		NT_STATUS_HAVE_NO_MEMORY(msg->elements);
+
+		for (i=0; i < msg->num_elements; i++) {
+			msg->elements[i].name = discard_const_p(char, req->mods[i].attrib.name);
+			msg->elements[i].num_values = 0;
+			msg->elements[i].values = NULL;
+
+			switch (req->mods[i].type) {
+			default:
+				result = LDAP_PROTOCOL_ERROR;
+				errstr = "Invalid LDAP_MODIFY_* type";
+				goto reply;
+			case LDAP_MODIFY_ADD:
+				msg->elements[i].flags = LDB_FLAG_MOD_ADD;
+				break;
+			case LDAP_MODIFY_DELETE:
+				msg->elements[i].flags = LDB_FLAG_MOD_DELETE;
+				break;
+			case LDAP_MODIFY_REPLACE:
+				msg->elements[i].flags = LDB_FLAG_MOD_REPLACE;
+				break;
+			}
+
+			msg->elements[i].num_values = req->mods[i].attrib.num_values;
+			if (msg->elements[i].num_values > 0) {
+				msg->elements[i].values = talloc_array(msg, struct ldb_val, msg->elements[i].num_values);
+				NT_STATUS_HAVE_NO_MEMORY(msg->elements[i].values);
+
+				for (j=0; j < msg->elements[i].num_values; j++) {
+					if (!(req->mods[i].attrib.values[j].length > 0)) {
+						result = LDAP_OTHER;
+						errstr = "Empty attribute values are not allowed";
+						goto reply;
+					}
+					msg->elements[i].values[j].length = req->mods[i].attrib.values[j].length;
+					msg->elements[i].values[j].data = req->mods[i].attrib.values[j].data;			
+				}
+			}
+		}
+	} else {
+		result = LDAP_OTHER;
+		errstr = "No mods are not allowed";
+		goto reply;
+	}
+
+reply:
+	modify_reply = ldapsrv_init_reply(call, LDAP_TAG_ModifyResponse);
+	NT_STATUS_HAVE_NO_MEMORY(modify_reply);
 
-	if (!part->ops->Modify) {
-		return ldapsrv_unwilling(call, 53);
+	if (result == LDAP_SUCCESS) {
+		ldb_ret = ldb_modify(samdb, msg);
+		result = map_ldb_error(samdb, ldb_ret, &errstr);
 	}
 
-	return part->ops->Modify(part, call);
+	modify_result = &modify_reply->msg->r.AddResponse;
+	modify_result->dn = NULL;
+	modify_result->resultcode = result;
+	modify_result->errormessage = (errstr?talloc_strdup(modify_reply, errstr):NULL);
+	modify_result->referral = NULL;
+
+	talloc_free(local_ctx);
+
+	ldapsrv_queue_reply(call, modify_reply);
+	return NT_STATUS_OK;
+
 }
 
 static NTSTATUS ldapsrv_AddRequest(struct ldapsrv_call *call)
 {
 	struct ldap_AddRequest *req = &call->request->r.AddRequest;
-	struct ldapsrv_partition *part;
+	struct ldap_Result *add_result;
+	struct ldapsrv_reply *add_reply;
+	void *local_ctx;
+	struct ldb_context *samdb = call->conn->ldb;
+	struct ldb_message *msg = NULL;
+	struct ldb_dn *dn;
+	const char *errstr = NULL;
+	int result = LDAP_SUCCESS;
+	int ldb_ret;
+	int i,j;
 
 	DEBUG(10, ("AddRequest"));
 	DEBUGADD(10, (" dn: %s", req->dn));
 
-	part = ldapsrv_get_partition(call->conn, req->dn, LDAP_SEARCH_SCOPE_SUB);
+	local_ctx = talloc_named(call, 0, "AddRequest local memory context");
+	NT_STATUS_HAVE_NO_MEMORY(local_ctx);
+
+	dn = ldb_dn_explode(local_ctx, req->dn);
+	VALID_DN_SYNTAX(dn,1);
+
+	DEBUG(10, ("AddRequest: dn: [%s]\n", req->dn));
+
+	msg = talloc(local_ctx, struct ldb_message);
+	NT_STATUS_HAVE_NO_MEMORY(msg);
+
+	msg->dn = dn;
+	msg->private_data = NULL;
+	msg->num_elements = 0;
+	msg->elements = NULL;
+
+	if (req->num_attributes > 0) {
+		msg->num_elements = req->num_attributes;
+		msg->elements = talloc_array(msg, struct ldb_message_element, msg->num_elements);
+		NT_STATUS_HAVE_NO_MEMORY(msg->elements);
+
+		for (i=0; i < msg->num_elements; i++) {
+			msg->elements[i].name = discard_const_p(char, req->attributes[i].name);
+			msg->elements[i].flags = 0;
+			msg->elements[i].num_values = 0;
+			msg->elements[i].values = NULL;
+			
+			if (req->attributes[i].num_values > 0) {
+				msg->elements[i].num_values = req->attributes[i].num_values;
+				msg->elements[i].values = talloc_array(msg, struct ldb_val, msg->elements[i].num_values);
+				NT_STATUS_HAVE_NO_MEMORY(msg->elements[i].values);
+
+				for (j=0; j < msg->elements[i].num_values; j++) {
+					if (!(req->attributes[i].values[j].length > 0)) {
+						result = LDAP_OTHER;
+						errstr = "Empty attribute values are not allowed";
+						goto reply;
+					}
+					msg->elements[i].values[j].length = req->attributes[i].values[j].length;
+					msg->elements[i].values[j].data = req->attributes[i].values[j].data;			
+				}
+			} else {
+				result = LDAP_OTHER;
+				errstr = "No attribute values are not allowed";
+				goto reply;
+			}
+		}
+	} else {
+		result = LDAP_OTHER;
+		errstr = "No attributes are not allowed";
+		goto reply;
+	}
+
+reply:
+	add_reply = ldapsrv_init_reply(call, LDAP_TAG_AddResponse);
+	NT_STATUS_HAVE_NO_MEMORY(add_reply);
 
-	if (!part->ops->Add) {
-		return ldapsrv_unwilling(call, 53);
+	if (result == LDAP_SUCCESS) {
+		ldb_ret = ldb_add(samdb, msg);
+		result = map_ldb_error(samdb, ldb_ret, &errstr);
 	}
 
-	return part->ops->Add(part, call);
+	add_result = &add_reply->msg->r.AddResponse;
+	add_result->dn = NULL;
+	add_result->resultcode = result;
+	add_result->errormessage = (errstr?talloc_strdup(add_reply,errstr):NULL);
+	add_result->referral = NULL;
+
+	talloc_free(local_ctx);
+
+	ldapsrv_queue_reply(call, add_reply);
+	return NT_STATUS_OK;
+
 }
 
 static NTSTATUS ldapsrv_DelRequest(struct ldapsrv_call *call)
 {
 	struct ldap_DelRequest *req = &call->request->r.DelRequest;
-	struct ldapsrv_partition *part;
+	struct ldap_Result *del_result;
+	struct ldapsrv_reply *del_reply;
+	void *local_ctx;
+	struct ldb_context *samdb = call->conn->ldb;
+	struct ldb_dn *dn;
+	const char *errstr = NULL;
+	int result = LDAP_SUCCESS;
+	int ldb_ret;
 
 	DEBUG(10, ("DelRequest"));
 	DEBUGADD(10, (" dn: %s", req->dn));
 
-	part = ldapsrv_get_partition(call->conn, req->dn, LDAP_SEARCH_SCOPE_SUB);
+	local_ctx = talloc_named(call, 0, "DelRequest local memory context");
+	NT_STATUS_HAVE_NO_MEMORY(local_ctx);
+
+	dn = ldb_dn_explode(local_ctx, req->dn);
+	VALID_DN_SYNTAX(dn,1);
+
+	DEBUG(10, ("DelRequest: dn: [%s]\n", req->dn));
 
-	if (!part->ops->Del) {
-		return ldapsrv_unwilling(call, 53);
+reply:
+	del_reply = ldapsrv_init_reply(call, LDAP_TAG_DelResponse);
+	NT_STATUS_HAVE_NO_MEMORY(del_reply);
+
+	if (result == LDAP_SUCCESS) {
+		ldb_ret = ldb_delete(samdb, dn);
+		result = map_ldb_error(samdb, ldb_ret, &errstr);
 	}
 
-	return part->ops->Del(part, call);
+	del_result = &del_reply->msg->r.DelResponse;
+	del_result->dn = NULL;
+	del_result->resultcode = result;
+	del_result->errormessage = (errstr?talloc_strdup(del_reply,errstr):NULL);
+	del_result->referral = NULL;
+
+	talloc_free(local_ctx);
+
+	ldapsrv_queue_reply(call, del_reply);
+	return NT_STATUS_OK;
 }
 
 static NTSTATUS ldapsrv_ModifyDNRequest(struct ldapsrv_call *call)
 {
 	struct ldap_ModifyDNRequest *req = &call->request->r.ModifyDNRequest;
-	struct ldapsrv_partition *part;
+	struct ldap_Result *modifydn;
+	struct ldapsrv_reply *modifydn_r;
+	void *local_ctx;
+	struct ldb_context *samdb = call->conn->ldb;
+	struct ldb_dn *olddn, *newdn, *newrdn;
+	struct ldb_dn *parentdn = NULL;
+	const char *errstr = NULL;
+	int result = LDAP_SUCCESS;
+	int ldb_ret;
 
 	DEBUG(10, ("ModifyDNRequrest"));
 	DEBUGADD(10, (" dn: %s", req->dn));
 	DEBUGADD(10, (" newrdn: %s", req->newrdn));
 
-	part = ldapsrv_get_partition(call->conn, req->dn, LDAP_SEARCH_SCOPE_SUB);
+	local_ctx = talloc_named(call, 0, "ModifyDNRequest local memory context");
+	NT_STATUS_HAVE_NO_MEMORY(local_ctx);
+
+	olddn = ldb_dn_explode(local_ctx, req->dn);
+	VALID_DN_SYNTAX(olddn, 2);
+
+	newrdn = ldb_dn_explode(local_ctx, req->newrdn);
+	VALID_DN_SYNTAX(newrdn, 1);
+
+	DEBUG(10, ("ModifyDNRequest: olddn: [%s]\n", req->dn));
+	DEBUG(10, ("ModifyDNRequest: newrdn: [%s]\n", req->newrdn));
 
-	if (!part->ops->ModifyDN) {
-		return ldapsrv_unwilling(call, 53);
+	/* we can't handle the rename if we should not remove the old dn */
+	if (!req->deleteolddn) {
+		result = LDAP_UNWILLING_TO_PERFORM;
+		errstr = "Old RDN must be deleted";
+		goto reply;
 	}
 
-	return part->ops->ModifyDN(part, call);
+	if (newrdn->comp_num > 1) {
+		result = LDAP_NAMING_VIOLATION;
+		errstr = "Error new RDN invalid";
+		goto reply;
+	}
+
+	if (req->newsuperior) {
+		parentdn = ldb_dn_explode(local_ctx, req->newsuperior);
+		VALID_DN_SYNTAX(parentdn, 0);
+		DEBUG(10, ("ModifyDNRequest: newsuperior: [%s]\n", req->newsuperior));
+		
+		if (parentdn->comp_num < 1) {
+			result = LDAP_AFFECTS_MULTIPLE_DSAS;
+			errstr = "Error new Superior DN invalid";
+			goto reply;
+		}
+	}
+
+	if (!parentdn) {
+		parentdn = ldb_dn_get_parent(local_ctx, olddn);
+		NT_STATUS_HAVE_NO_MEMORY(parentdn);
+	}
+
+	newdn = ldb_dn_make_child(local_ctx, ldb_dn_get_rdn(local_ctx, newrdn), parentdn);
+	NT_STATUS_HAVE_NO_MEMORY(newdn);
+
+reply:
+	modifydn_r = ldapsrv_init_reply(call, LDAP_TAG_ModifyDNResponse);
+	NT_STATUS_HAVE_NO_MEMORY(modifydn_r);
+
+	if (result == LDAP_SUCCESS) {
+		ldb_ret = ldb_rename(samdb, olddn, newdn);
+		result = map_ldb_error(samdb, ldb_ret, &errstr);
+	}
+
+	modifydn = &modifydn_r->msg->r.ModifyDNResponse;
+	modifydn->dn = NULL;
+	modifydn->resultcode = result;
+	modifydn->errormessage = (errstr?talloc_strdup(modifydn_r,errstr):NULL);
+	modifydn->referral = NULL;
+
+	talloc_free(local_ctx);
+
+	ldapsrv_queue_reply(call, modifydn_r);
+	return NT_STATUS_OK;
 }
 
 static NTSTATUS ldapsrv_CompareRequest(struct ldapsrv_call *call)
 {
 	struct ldap_CompareRequest *req = &call->request->r.CompareRequest;
-	struct ldapsrv_partition *part;
+	struct ldap_Result *compare;
+	struct ldapsrv_reply *compare_r;
+	void *local_ctx;
+	struct ldb_context *samdb = call->conn->ldb;
+	struct ldb_result *res = NULL;
+	struct ldb_dn *dn;
+	const char *attrs[1];
+	const char *errstr = NULL;
+	const char *filter = NULL;
+	int result = LDAP_SUCCESS;
+	int ldb_ret;
 
 	DEBUG(10, ("CompareRequest"));
 	DEBUGADD(10, (" dn: %s", req->dn));
 
-	part = ldapsrv_get_partition(call->conn, req->dn, LDAP_SEARCH_SCOPE_SUB);
-
-	if (!part->ops->Compare) {
-		return ldapsrv_unwilling(call, 53);
+	local_ctx = talloc_named(call, 0, "CompareRequest local_memory_context");
+	NT_STATUS_HAVE_NO_MEMORY(local_ctx);
+
+	dn = ldb_dn_explode(local_ctx, req->dn);
+	VALID_DN_SYNTAX(dn, 1);
+
+	DEBUG(10, ("CompareRequest: dn: [%s]\n", req->dn));
+	filter = talloc_asprintf(local_ctx, "(%s=%*s)", req->attribute, 
+				 (int)req->value.length, req->value.data);
+	NT_STATUS_HAVE_NO_MEMORY(filter);
+
+	DEBUGADD(10, ("CompareRequest: attribute: [%s]\n", filter));
+
+	attrs[0] = NULL;
+
+reply:
+	compare_r = ldapsrv_init_reply(call, LDAP_TAG_CompareResponse);
+	NT_STATUS_HAVE_NO_MEMORY(compare_r);
+
+	if (result == LDAP_SUCCESS) {
+		ldb_ret = ldb_search(samdb, dn, LDB_SCOPE_BASE, filter, attrs, &res);
+		talloc_steal(samdb, res);
+		if (ldb_ret != LDB_SUCCESS) {
+			result = map_ldb_error(samdb, ldb_ret, &errstr);
+			DEBUG(10,("CompareRequest: error: %s\n", errstr));
+		} else if (res->count == 0) {
+			DEBUG(10,("CompareRequest: doesn't matched\n"));
+			result = LDAP_COMPARE_FALSE;
+			errstr = NULL;
+		} else if (res->count == 1) {
+			DEBUG(10,("CompareRequest: matched\n"));
+			result = LDAP_COMPARE_TRUE;
+			errstr = NULL;
+		} else if (res->count > 1) {
+			result = LDAP_OTHER;
+			errstr = "too many objects match";
+			DEBUG(10,("CompareRequest: %d results: %s\n", res->count, errstr));
+		}
 	}
 
-	return part->ops->Compare(part, call);
+	compare = &compare_r->msg->r.CompareResponse;
+	compare->dn = NULL;
+	compare->resultcode = result;
+	compare->errormessage = (errstr?talloc_strdup(compare_r,errstr):NULL);
+	compare->referral = NULL;
+
+	talloc_free(local_ctx);
+
+	ldapsrv_queue_reply(call, compare_r);
+	return NT_STATUS_OK;
 }
 
 static NTSTATUS ldapsrv_AbandonRequest(struct ldapsrv_call *call)
-- 
cgit 


From 7449f4d8030e7d4a14c75d35af5ea68cf682d24f Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 15 Feb 2006 15:19:10 +0000
Subject: r13508: some ASN.1 element in LDAP are optional, make it possible to
 code the difference between a zero length and a NULL DATA_BLOB...

metze
(This used to be commit 54f0b19c55df8ad3882f31a114e2ea0e4cf940ae)
---
 source4/ldap_server/ldap_backend.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index 562263371b..37e45ce3e6 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -139,9 +139,8 @@ NTSTATUS ldapsrv_unwilling(struct ldapsrv_call *call, int error)
 	r->response.dn = NULL;
 	r->response.errormessage = NULL;
 	r->response.referral = NULL;
-	r->name = NULL;
-	r->value.data = NULL;
-	r->value.length = 0;
+	r->oid = NULL;
+	r->value = NULL;
 
 	ldapsrv_queue_reply(call, reply);
 	return NT_STATUS_OK;
-- 
cgit 


From f490434c0f1f8e63de478c6d65f264277257968a Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 22 Feb 2006 00:26:56 +0000
Subject: r13606: An attempt to fix #3525.

The problem was that the supportedControls were being stolen into the
result sent to the client, then talloc_free()ed.  This caused them to
be invalid on the next rootDSE query.

This also tries to avoid attaching the result to the long-term samdb
context, and avoids an extra loop in the result processing (pointed
out by tridge).

Andrew BARtlett
(This used to be commit d0b8957f38fda4d84a318d6121ad87ba53a9ddb3)
---
 source4/ldap_server/ldap_backend.c | 20 ++++++++------------
 1 file changed, 8 insertions(+), 12 deletions(-)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index 37e45ce3e6..1399ac18e4 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -153,7 +153,7 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
 	struct ldap_Result *done;
 	struct ldapsrv_reply *ent_r, *done_r;
 	void *local_ctx;
-	struct ldb_context *samdb = call->conn->ldb;
+	struct ldb_context *samdb = talloc_get_type(call->conn->ldb, struct ldb_context);
 	struct ldb_dn *basedn;
 	struct ldb_result *res = NULL;
 	struct ldb_request lreq;
@@ -163,13 +163,13 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
 	int success_limit = 1;
 	int result = LDAP_SUCCESS;
 	int ldb_ret;
-	int i, j, y;
+	int i, j;
 
 	DEBUG(10, ("SearchRequest"));
 	DEBUGADD(10, (" basedn: %s", req->basedn));
 	DEBUGADD(10, (" filter: %s\n", ldb_filter_from_tree(call, req->tree)));
 
-	local_ctx = talloc_named(call, 0, "sldb_Search local memory context");
+	local_ctx = talloc_new(call);
 	NT_STATUS_HAVE_NO_MEMORY(local_ctx);
 
 	basedn = ldb_dn_explode(local_ctx, req->basedn);
@@ -228,7 +228,8 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
 
 	ldb_ret = ldb_request(samdb, &lreq);
 
-	res = talloc_steal(samdb, lreq.op.search.res);
+	/* Ensure we don't keep the search results around for too long */
+	res = talloc_steal(local_ctx, lreq.op.search.res);
 
 	if (ldb_ret == LDB_SUCCESS) {
 		for (i = 0; i < res->count; i++) {
@@ -253,14 +254,8 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
 					continue;
 				}
 				ent->attributes[j].num_values = res->msgs[i]->elements[j].num_values;
-				ent->attributes[j].values = talloc_array(ent->attributes,
-								DATA_BLOB, ent->attributes[j].num_values);
-				NT_STATUS_HAVE_NO_MEMORY(ent->attributes[j].values);
-				for (y=0; y < ent->attributes[j].num_values; y++) {
-					ent->attributes[j].values[y].length = res->msgs[i]->elements[j].values[y].length;
-					ent->attributes[j].values[y].data = talloc_steal(ent->attributes[j].values,
-										res->msgs[i]->elements[j].values[y].data);
-				}
+				ent->attributes[j].values = res->msgs[i]->elements[j].values;
+				talloc_steal(ent->attributes, res->msgs[i]->elements[j].values);
 			}
 queue_reply:
 			ldapsrv_queue_reply(call, ent_r);
@@ -287,6 +282,7 @@ reply:
 		}
 		if (res->controls) {
 			done_r->msg->controls = (struct ldap_Control **)(res->controls);
+			talloc_steal(done_r, res->controls);
 		}
 	} else {
 		DEBUG(10,("SearchRequest: error\n"));
-- 
cgit 


From 00fe70e5b917769418f68eaa255d3a06a9a08ce7 Mon Sep 17 00:00:00 2001
From: Simo Sorce <idra@samba.org>
Date: Wed, 22 Feb 2006 01:31:35 +0000
Subject: r13609: Get in the initial work on making ldb async Currently only
 ldb_ildap is async, the plan is to first make all backend support the async
 calls, and then remove the sync functions from backends and keep the only in
 the API.

Modules will need to be transformed along the way.

Simo
(This used to be commit 1e2c13b2d52de7c534493dd79a2c0596a3e8c1f5)
---
 source4/ldap_server/ldap_backend.c | 49 ++------------------------------------
 1 file changed, 2 insertions(+), 47 deletions(-)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index 1399ac18e4..713d99a2ea 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -44,44 +44,6 @@ static int map_ldb_error(struct ldb_context *ldb, int err, const char **errstrin
 	return err;
 }
 
-/*
-  map controls
-*/
-static int get_ldb_controls(void *mem_ctx, struct ldap_Control **controls, struct ldb_control ***lcontrols)
-{
-	struct ldb_control **lctrl;
-	int i, l;
-
-	if (controls == NULL || controls[0] == NULL) {
-		*lcontrols = NULL;
-		return LDB_SUCCESS;
-	}
-
-	l = 0;
-	lctrl = NULL;
-	*lcontrols = NULL;
-	
-	for (i = 0; controls[i] != NULL; i++) {
-		lctrl = talloc_realloc(mem_ctx, lctrl, struct ldb_control *, l + 2);
-		if (lctrl == NULL) {
-			return LDB_ERR_OTHER;
-		}
-		lctrl[l] = talloc(lctrl, struct ldb_control);
-		if (lctrl[l] == NULL) {
-			return LDB_ERR_OTHER;
-		}
-		lctrl[l]->oid = controls[i]->oid;
-		lctrl[l]->critical = controls[i]->critical;
-		lctrl[l]->data = controls[i]->value;
-		l++;
-	}	
-	lctrl[l] = NULL;
-
-	*lcontrols = lctrl;
-
-	return LDB_SUCCESS;
-}
-
 /*
   connect to the sam database
 */
@@ -217,14 +179,7 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
 	lreq.op.search.tree = req->tree;
 	lreq.op.search.attrs = attrs;
 
-	ldb_ret = get_ldb_controls(local_ctx, call->request->controls, &lreq.controls);
-
-	if (ldb_ret != LDB_SUCCESS) {
-		/* get_ldb_controls fails only on a critical internal error or when
-		 * a control is defined as critical but it is not supported
-		 */
-		goto reply;
-	}
+	lreq.controls = call->request->controls;
 
 	ldb_ret = ldb_request(samdb, &lreq);
 
@@ -281,7 +236,7 @@ reply:
 			errstr = ldb_errstring(samdb);
 		}
 		if (res->controls) {
-			done_r->msg->controls = (struct ldap_Control **)(res->controls);
+			done_r->msg->controls = res->controls;
 			talloc_steal(done_r, res->controls);
 		}
 	} else {
-- 
cgit 


From 82da2d401e54d0b3124b727fab755d94dd5402d4 Mon Sep 17 00:00:00 2001
From: Simo Sorce <idra@samba.org>
Date: Wed, 8 Mar 2006 01:01:14 +0000
Subject: r13998: From now on ldb_request() will require an alloced request By
 freeing the request you will be sure everything down the path get freed.

this also means you have to steal the results if you want to keep them :)

simo.
(This used to be commit e8075e6a062ce5edb84485e45d0b841c2ee2af7d)
---
 source4/ldap_server/ldap_backend.c | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index 713d99a2ea..b9f002f157 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -118,7 +118,7 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
 	struct ldb_context *samdb = talloc_get_type(call->conn->ldb, struct ldb_context);
 	struct ldb_dn *basedn;
 	struct ldb_result *res = NULL;
-	struct ldb_request lreq;
+	struct ldb_request *lreq;
 	enum ldb_scope scope = LDB_SCOPE_DEFAULT;
 	const char **attrs = NULL;
 	const char *errstr = NULL;
@@ -172,19 +172,21 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
 	DEBUG(5,("ldb_request dn=%s filter=%s\n", 
 		 req->basedn, ldb_filter_from_tree(call, req->tree)));
 
-	ZERO_STRUCT(lreq);
-	lreq.operation = LDB_REQ_SEARCH;
-	lreq.op.search.base = basedn;
-	lreq.op.search.scope = scope;
-	lreq.op.search.tree = req->tree;
-	lreq.op.search.attrs = attrs;
+	lreq = talloc(local_ctx, struct ldb_request);
+	NT_STATUS_HAVE_NO_MEMORY(local_ctx);
+	
+	lreq->operation = LDB_REQ_SEARCH;
+	lreq->op.search.base = basedn;
+	lreq->op.search.scope = scope;
+	lreq->op.search.tree = req->tree;
+	lreq->op.search.attrs = attrs;
 
-	lreq.controls = call->request->controls;
+	lreq->controls = call->request->controls;
 
-	ldb_ret = ldb_request(samdb, &lreq);
+	ldb_ret = ldb_request(samdb, lreq);
 
 	/* Ensure we don't keep the search results around for too long */
-	res = talloc_steal(local_ctx, lreq.op.search.res);
+	res = talloc_steal(local_ctx, lreq->op.search.res);
 
 	if (ldb_ret == LDB_SUCCESS) {
 		for (i = 0; i < res->count; i++) {
-- 
cgit 


From f53e12b41b8d669c175536449fc676389cc3dd57 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Sun, 2 Apr 2006 11:17:07 +0000
Subject: r14857: fix bugs noticed by the ibm code checker

metze
(This used to be commit 07626bf3c7dc7162b852cc27e5a7c313ede3862a)
---
 source4/ldap_server/ldap_backend.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index b9f002f157..1b5bc9fe8b 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -123,8 +123,8 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
 	const char **attrs = NULL;
 	const char *errstr = NULL;
 	int success_limit = 1;
-	int result = LDAP_SUCCESS;
-	int ldb_ret;
+	int result = -1;
+	int ldb_ret = -1;
 	int i, j;
 
 	DEBUG(10, ("SearchRequest"));
@@ -227,7 +227,8 @@ reply:
 	done->dn = NULL;
 	done->referral = NULL;
 
-	if (ldb_ret == LDB_SUCCESS) {
+	if (result != -1) {
+	} else if (ldb_ret == LDB_SUCCESS) {
 		if (res->count >= success_limit) {
 			DEBUG(10,("SearchRequest: results: [%d]\n", res->count));
 			result = LDAP_SUCCESS;
-- 
cgit 


From 2613d19937546a96d8c8c4583a029f10a17860bf Mon Sep 17 00:00:00 2001
From: Simo Sorce <idra@samba.org>
Date: Mon, 29 May 2006 16:50:22 +0000
Subject: r15933: remove the last sync call to ldb_request (This used to be
 commit 10d66aa61dab2e59e5a510cf34b1cfad86fc2529)

---
 source4/ldap_server/ldap_backend.c | 77 ++++++++++++++++++++++++++++++++++++--
 1 file changed, 73 insertions(+), 4 deletions(-)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index 1b5bc9fe8b..d462a3c4e2 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -108,6 +108,65 @@ NTSTATUS ldapsrv_unwilling(struct ldapsrv_call *call, int error)
 	return NT_STATUS_OK;
 }
 
+static int ldapsrv_SearchCallback(struct ldb_context *ldb, void *context, struct ldb_async_result *ares)
+{
+	struct ldb_result *res;
+	int n;
+	
+ 	if (!context || !ares) {
+		DEBUG(3, ("NULL Context or Ares in ldapsrv_SearchCallback"));
+		return LDB_ERR_OPERATIONS_ERROR;
+	}	
+
+	res = talloc_get_type(context, struct ldb_result);
+
+	if (ares->type == LDB_REPLY_ENTRY) {
+		res->msgs = talloc_realloc(res, res->msgs, struct ldb_message *, res->count + 2);
+		if (! res->msgs) {
+			goto error;
+		}
+
+		res->msgs[res->count + 1] = NULL;
+
+		res->msgs[res->count] = talloc_steal(res->msgs, ares->message);
+		if (! res->msgs[res->count]) {
+			goto error;
+		}
+
+		res->count++;
+	}
+
+	if (ares->type == LDB_REPLY_REFERRAL) {
+		if (res->refs) {
+			for (n = 0; res->refs[n]; n++) /*noop*/ ;
+		} else {
+			n = 0;
+		}
+
+		res->refs = talloc_realloc(res, res->refs, char *, n + 2);
+		if (! res->refs) {
+			goto error;
+		}
+
+		res->refs[n] = talloc_steal(res->refs, ares->referral);
+		res->refs[n + 1] = NULL;
+	}
+
+	if (ares->controls) {
+		res->controls = talloc_steal(res, ares->controls);
+		if (! res->controls) {
+			goto error;
+		}
+	}
+
+	talloc_free(ares);
+	return LDB_SUCCESS;
+
+error:
+	talloc_free(ares);
+	return LDB_ERR_OPERATIONS_ERROR;
+}
+
 static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
 {
 	struct ldap_SearchRequest *req = &call->request->r.SearchRequest;
@@ -173,9 +232,12 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
 		 req->basedn, ldb_filter_from_tree(call, req->tree)));
 
 	lreq = talloc(local_ctx, struct ldb_request);
-	NT_STATUS_HAVE_NO_MEMORY(local_ctx);
+	NT_STATUS_HAVE_NO_MEMORY(lreq);
+
+	res = talloc_zero(local_ctx, struct ldb_result);
+	NT_STATUS_HAVE_NO_MEMORY(res);
 	
-	lreq->operation = LDB_REQ_SEARCH;
+	lreq->operation = LDB_ASYNC_SEARCH;
 	lreq->op.search.base = basedn;
 	lreq->op.search.scope = scope;
 	lreq->op.search.tree = req->tree;
@@ -183,10 +245,17 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
 
 	lreq->controls = call->request->controls;
 
+	lreq->async.context = res;
+	lreq->async.callback = ldapsrv_SearchCallback;
+	lreq->async.timeout = 600;
+
 	ldb_ret = ldb_request(samdb, lreq);
 
-	/* Ensure we don't keep the search results around for too long */
-	res = talloc_steal(local_ctx, lreq->op.search.res);
+	if (ldb_ret != LDB_SUCCESS) {
+		goto reply;
+	}
+
+	ldb_ret = ldb_async_wait(lreq->async.handle, LDB_WAIT_ALL);
 
 	if (ldb_ret == LDB_SUCCESS) {
 		for (i = 0; i < res->count; i++) {
-- 
cgit 


From 2d19dca9c80a5e3990296dde67163fce36ac883d Mon Sep 17 00:00:00 2001
From: Simo Sorce <idra@samba.org>
Date: Tue, 30 May 2006 00:33:52 +0000
Subject: r15944: rename LDB_ASYNC_ADD -> LDB_ADD, LDB_ASYNC_MODIFY ->
 LDB_MODIFY, etc... (This used to be commit
 55d97ef88f377ef1dbf7b1774a15cf9035e2f320)

---
 source4/ldap_server/ldap_backend.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index d462a3c4e2..0c8d9da45b 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -237,7 +237,7 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
 	res = talloc_zero(local_ctx, struct ldb_result);
 	NT_STATUS_HAVE_NO_MEMORY(res);
 	
-	lreq->operation = LDB_ASYNC_SEARCH;
+	lreq->operation = LDB_SEARCH;
 	lreq->op.search.base = basedn;
 	lreq->op.search.scope = scope;
 	lreq->op.search.tree = req->tree;
-- 
cgit 


From d4c5627073865b2c36b8e283b2cdc866c7514086 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 14 Jun 2006 23:39:18 +0000
Subject: r16234: Set the request timeout from the LDAP search.  Without this,
 the initial request time is uninitialised, and this causes havoc later. This
 also allows us to honour the client's wishes.

We should be doing this for all the operations...

Andrew Bartlett
(This used to be commit c8f5b1c9281072179cd3f3cf282cf376dca24ba0)
---
 source4/ldap_server/ldap_backend.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index 0c8d9da45b..0dafd0f312 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -247,7 +247,9 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
 
 	lreq->async.context = res;
 	lreq->async.callback = ldapsrv_SearchCallback;
-	lreq->async.timeout = 600;
+
+	/* Copy the timeout from the incoming call */
+	ldb_set_timeout(samdb, lreq, req->timelimit);
 
 	ldb_ret = ldb_request(samdb, lreq);
 
-- 
cgit 


From 32ab51876728577375b954a04103f71ddd4d93dc Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 12 Jul 2006 04:59:41 +0000
Subject: r16972: Replace the sequence_number function pointer in ldb with the
 ldb flags.

The function pointer was meant to be unused, this patch fixes
partition.c to use ldb_sequence_number().  (No backend provided the
pointer any more).

Set the flags onto the ldb structure, so that all backends opened by
the partitions module inherit the flags.

Set the read-ony flag when accessed as the global catalog

Modify the LDAP server to track that this query is for the global
catalog (by incoming port), and set a opqaue pointer.

Next step is to read that opaque pointer in the partitions module.

Andrew Bartlett
(This used to be commit a1161cb30e4ffa09657a89e03ca85dd6efd4feba)
---
 source4/ldap_server/ldap_backend.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index 0dafd0f312..fcd282da9e 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -24,7 +24,7 @@
 #include "libcli/ldap/ldap.h"
 #include "lib/ldb/include/ldb.h"
 #include "lib/ldb/include/ldb_errors.h"
-#include "dsdb/samdb/samdb.h"
+#include "lib/db_wrap.h"
 
 #define VALID_DN_SYNTAX(dn,i) do {\
 	if (!(dn)) {\
@@ -49,12 +49,17 @@ static int map_ldb_error(struct ldb_context *ldb, int err, const char **errstrin
 */
 NTSTATUS ldapsrv_backend_Init(struct ldapsrv_connection *conn) 
 {
-	conn->ldb = samdb_connect(conn, conn->session_info);
+	conn->ldb = ldb_wrap_connect(conn, lp_sam_url(), conn->session_info,
+				     NULL, conn->global_catalog ? LDB_FLG_RDONLY : 0, NULL);
 	if (conn->ldb == NULL) {
 		return NT_STATUS_INTERNAL_DB_CORRUPTION;
 	}
 	ldb_set_opaque(conn->ldb, "server_credentials", conn->server_credentials);
 
+	if (conn->global_catalog) {
+		ldb_set_opaque(conn->ldb, "global_catalog", (void *)(-1));
+	}
+
 	return NT_STATUS_OK;
 }
 
-- 
cgit 


From c93817b36d3ff7f44cb7b3e1d1a29e37ec12affe Mon Sep 17 00:00:00 2001
From: Simo Sorce <idra@samba.org>
Date: Sat, 22 Jul 2006 16:56:33 +0000
Subject: r17185: Oh, I wanted to do this for sooo long time. Finally
 acknowledge that ldb is inherently async and does not have a dual personality
 anymore Rename all ldb_async_XXX functions to ldb_XXX except for
 ldb_async_result, it is now ldb_reply to reflect the real function of this
 structure.

Simo.
(This used to be commit 25fc7354049d62efeba17681ef1cdd326bc3f2ef)
---
 source4/ldap_server/ldap_backend.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index fcd282da9e..3f9aaf6af8 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -113,7 +113,7 @@ NTSTATUS ldapsrv_unwilling(struct ldapsrv_call *call, int error)
 	return NT_STATUS_OK;
 }
 
-static int ldapsrv_SearchCallback(struct ldb_context *ldb, void *context, struct ldb_async_result *ares)
+static int ldapsrv_SearchCallback(struct ldb_context *ldb, void *context, struct ldb_reply *ares)
 {
 	struct ldb_result *res;
 	int n;
@@ -262,7 +262,7 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
 		goto reply;
 	}
 
-	ldb_ret = ldb_async_wait(lreq->async.handle, LDB_WAIT_ALL);
+	ldb_ret = ldb_wait(lreq->async.handle, LDB_WAIT_ALL);
 
 	if (ldb_ret == LDB_SUCCESS) {
 		for (i = 0; i < res->count; i++) {
-- 
cgit 


From 49f68caed20d2a7d1850e493005bdf85929d6365 Mon Sep 17 00:00:00 2001
From: Simo Sorce <idra@samba.org>
Date: Sat, 22 Jul 2006 17:21:59 +0000
Subject: r17186: "async" word abuse clean-up part 2 (This used to be commit
 c6aa60c7e69abf1f83efc150b1c3ed02751c45fc)

---
 source4/ldap_server/ldap_backend.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index 3f9aaf6af8..6e4df86b88 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -250,8 +250,8 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
 
 	lreq->controls = call->request->controls;
 
-	lreq->async.context = res;
-	lreq->async.callback = ldapsrv_SearchCallback;
+	lreq->context = res;
+	lreq->callback = ldapsrv_SearchCallback;
 
 	/* Copy the timeout from the incoming call */
 	ldb_set_timeout(samdb, lreq, req->timelimit);
@@ -262,7 +262,7 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
 		goto reply;
 	}
 
-	ldb_ret = ldb_wait(lreq->async.handle, LDB_WAIT_ALL);
+	ldb_ret = ldb_wait(lreq->handle, LDB_WAIT_ALL);
 
 	if (ldb_ret == LDB_SUCCESS) {
 		for (i = 0; i < res->count; i++) {
-- 
cgit 


From a6629e037a35c0e36e5bf8c38f88e675e8a40cbd Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 25 Jul 2006 02:57:51 +0000
Subject: r17224: Accept the start-tls extended request.  Getting OpenLDAP to
 recognise our certificate, and proceed with the connection is left as an
 exercise for the reader...

Andrew Bartlett
(This used to be commit 9bd66d4c95dd971e2b1b6371ba3ffc6c178c0d4c)
---
 source4/ldap_server/ldap_backend.c | 59 +++++++++++++++++++++++++++++++++++++-
 1 file changed, 58 insertions(+), 1 deletion(-)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index 6e4df86b88..d6aeedfde8 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -25,6 +25,10 @@
 #include "lib/ldb/include/ldb.h"
 #include "lib/ldb/include/ldb_errors.h"
 #include "lib/db_wrap.h"
+#include "lib/tls/tls.h"
+#include "smbd/service_task.h"
+#include "smbd/service_stream.h"
+#include "smbd/service.h"
 
 #define VALID_DN_SYNTAX(dn,i) do {\
 	if (!(dn)) {\
@@ -731,9 +735,25 @@ static NTSTATUS ldapsrv_AbandonRequest(struct ldapsrv_call *call)
 	return NT_STATUS_OK;
 }
 
+
+struct ldapsrv_starttls_context {
+	struct ldapsrv_connection *conn;
+	struct socket_context *tls_socket;
+};
+
+static void ldapsrv_start_tls(void *private) 
+{
+	struct ldapsrv_starttls_context *ctx = talloc_get_type(private, struct ldapsrv_starttls_context);
+	talloc_steal(ctx->conn->connection, ctx->tls_socket);
+	talloc_unlink(ctx->conn->connection, ctx->conn->connection->socket);
+
+	ctx->conn->connection->socket = ctx->tls_socket;
+	packet_set_socket(ctx->conn->packet, ctx->conn->connection->socket);
+}
+
 static NTSTATUS ldapsrv_ExtendedRequest(struct ldapsrv_call *call)
 {
-/*	struct ldap_ExtendedRequest *req = &call->request.r.ExtendedRequest;*/
+	struct ldap_ExtendedRequest *req = &call->request->r.ExtendedRequest;
 	struct ldapsrv_reply *reply;
 
 	DEBUG(10, ("Extended\n"));
@@ -745,6 +765,43 @@ static NTSTATUS ldapsrv_ExtendedRequest(struct ldapsrv_call *call)
 
 	ZERO_STRUCT(reply->msg->r);
 
+	/* check if we have a START_TLS call */
+	if (strcmp(req->oid, LDB_EXTENDED_START_TLS_OID) == 0) {
+		NTSTATUS status;
+		struct ldapsrv_starttls_context *ctx;
+		int result = 0;
+		const char *errstr;
+		ctx = talloc(call, struct ldapsrv_starttls_context); 
+
+		if (ctx) {
+			ctx->conn = call->conn;
+			ctx->tls_socket = tls_init_server(call->conn->service->tls_params,
+						 call->conn->connection->socket,
+						 call->conn->connection->event.fde, 
+						 NULL);
+		} 
+
+		if (!ctx || !ctx->tls_socket) {
+			result = LDAP_OPERATIONS_ERROR;
+			errstr = talloc_asprintf(reply, 
+						 "START-TLS: Failed to setup TLS socket");
+		} else {
+			result = LDAP_SUCCESS;
+			errstr = NULL;
+			call->send_callback = ldapsrv_start_tls;
+			call->send_private  = ctx;
+		}
+
+		reply->msg->r.ExtendedResponse.response.resultcode = result;
+		reply->msg->r.ExtendedResponse.response.errormessage = errstr;
+		reply->msg->r.ExtendedResponse.oid = talloc_strdup(reply, req->oid);
+		if (!reply->msg->r.ExtendedResponse.oid) {
+			return NT_STATUS_NO_MEMORY;
+		}
+	}
+
+	/* TODO: OID not recognized, return a protocol error */
+
 	ldapsrv_queue_reply(call, reply);
 	return NT_STATUS_OK;
 }
-- 
cgit 


From 4cdcc1789363907f850a05c4b3349746c710ebf0 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Tue, 25 Jul 2006 19:20:04 +0000
Subject: r17237: - keep pointer to the different sockets - we need this to
 later:   - to disallow a StartTLS when TLS is already in use   - to place the
 TLS socket between the raw and sasl socket     when we had a sasl bind before
 the StartTLS   - and rfc4513 says that the server may allow to remove the TLS
 from     the tcp connection again and reuse raw tcp   - and also a 2nd sasl
 bind should replace the old sasl socket

metze
(This used to be commit 10cb9c07ac60b03472f2b0b09c4581cc715002ba)
---
 source4/ldap_server/ldap_backend.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index d6aeedfde8..5f51a0a157 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -747,6 +747,7 @@ static void ldapsrv_start_tls(void *private)
 	talloc_steal(ctx->conn->connection, ctx->tls_socket);
 	talloc_unlink(ctx->conn->connection, ctx->conn->connection->socket);
 
+	ctx->conn->sockets.tls = ctx->tls_socket;
 	ctx->conn->connection->socket = ctx->tls_socket;
 	packet_set_socket(ctx->conn->packet, ctx->conn->connection->socket);
 }
@@ -767,7 +768,6 @@ static NTSTATUS ldapsrv_ExtendedRequest(struct ldapsrv_call *call)
 
 	/* check if we have a START_TLS call */
 	if (strcmp(req->oid, LDB_EXTENDED_START_TLS_OID) == 0) {
-		NTSTATUS status;
 		struct ldapsrv_starttls_context *ctx;
 		int result = 0;
 		const char *errstr;
-- 
cgit 


From aeb8077b9600ffea6e4e7ee5caca54fbf941eb6e Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Tue, 25 Jul 2006 20:05:00 +0000
Subject: r17240: move extended operations to a new file

metze
(This used to be commit 0b16350fa2da39a66c4479dbf74182b06f7ed91a)
---
 source4/ldap_server/ldap_backend.c | 77 --------------------------------------
 1 file changed, 77 deletions(-)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index 5f51a0a157..273c703924 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -25,10 +25,6 @@
 #include "lib/ldb/include/ldb.h"
 #include "lib/ldb/include/ldb_errors.h"
 #include "lib/db_wrap.h"
-#include "lib/tls/tls.h"
-#include "smbd/service_task.h"
-#include "smbd/service_stream.h"
-#include "smbd/service.h"
 
 #define VALID_DN_SYNTAX(dn,i) do {\
 	if (!(dn)) {\
@@ -735,77 +731,6 @@ static NTSTATUS ldapsrv_AbandonRequest(struct ldapsrv_call *call)
 	return NT_STATUS_OK;
 }
 
-
-struct ldapsrv_starttls_context {
-	struct ldapsrv_connection *conn;
-	struct socket_context *tls_socket;
-};
-
-static void ldapsrv_start_tls(void *private) 
-{
-	struct ldapsrv_starttls_context *ctx = talloc_get_type(private, struct ldapsrv_starttls_context);
-	talloc_steal(ctx->conn->connection, ctx->tls_socket);
-	talloc_unlink(ctx->conn->connection, ctx->conn->connection->socket);
-
-	ctx->conn->sockets.tls = ctx->tls_socket;
-	ctx->conn->connection->socket = ctx->tls_socket;
-	packet_set_socket(ctx->conn->packet, ctx->conn->connection->socket);
-}
-
-static NTSTATUS ldapsrv_ExtendedRequest(struct ldapsrv_call *call)
-{
-	struct ldap_ExtendedRequest *req = &call->request->r.ExtendedRequest;
-	struct ldapsrv_reply *reply;
-
-	DEBUG(10, ("Extended\n"));
-
-	reply = ldapsrv_init_reply(call, LDAP_TAG_ExtendedResponse);
-	if (!reply) {
-		return NT_STATUS_NO_MEMORY;
-	}
-
-	ZERO_STRUCT(reply->msg->r);
-
-	/* check if we have a START_TLS call */
-	if (strcmp(req->oid, LDB_EXTENDED_START_TLS_OID) == 0) {
-		struct ldapsrv_starttls_context *ctx;
-		int result = 0;
-		const char *errstr;
-		ctx = talloc(call, struct ldapsrv_starttls_context); 
-
-		if (ctx) {
-			ctx->conn = call->conn;
-			ctx->tls_socket = tls_init_server(call->conn->service->tls_params,
-						 call->conn->connection->socket,
-						 call->conn->connection->event.fde, 
-						 NULL);
-		} 
-
-		if (!ctx || !ctx->tls_socket) {
-			result = LDAP_OPERATIONS_ERROR;
-			errstr = talloc_asprintf(reply, 
-						 "START-TLS: Failed to setup TLS socket");
-		} else {
-			result = LDAP_SUCCESS;
-			errstr = NULL;
-			call->send_callback = ldapsrv_start_tls;
-			call->send_private  = ctx;
-		}
-
-		reply->msg->r.ExtendedResponse.response.resultcode = result;
-		reply->msg->r.ExtendedResponse.response.errormessage = errstr;
-		reply->msg->r.ExtendedResponse.oid = talloc_strdup(reply, req->oid);
-		if (!reply->msg->r.ExtendedResponse.oid) {
-			return NT_STATUS_NO_MEMORY;
-		}
-	}
-
-	/* TODO: OID not recognized, return a protocol error */
-
-	ldapsrv_queue_reply(call, reply);
-	return NT_STATUS_OK;
-}
-
 NTSTATUS ldapsrv_do_call(struct ldapsrv_call *call)
 {
 	switch(call->request->type) {
@@ -833,5 +758,3 @@ NTSTATUS ldapsrv_do_call(struct ldapsrv_call *call)
 		return ldapsrv_unwilling(call, 2);
 	}
 }
-
-
-- 
cgit 


From 0329d755a7611ba3897fc1ee9bdce410cc33d7f8 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Wed, 30 Aug 2006 11:29:34 +0000
Subject: r17930: Merge noinclude branch:  * Move dlinklist.h, smb.h to
 subsystem-specific directories  * Clean up ads.h and move what is left of it
 to dsdb/    (only place where it's used) (This used to be commit
 f7afa1cb77f3cfa7020b57de12e6003db7cfcc42)

---
 source4/ldap_server/ldap_backend.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index 273c703924..bbb16a2e90 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -20,7 +20,7 @@
 
 #include "includes.h"
 #include "ldap_server/ldap_server.h"
-#include "dlinklist.h"
+#include "lib/util/dlinklist.h"
 #include "libcli/ldap/ldap.h"
 #include "lib/ldb/include/ldb.h"
 #include "lib/ldb/include/ldb_errors.h"
-- 
cgit 


From 30ee8beb9316a99e8a49993306252591106cb349 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Sat, 9 Sep 2006 10:05:58 +0000
Subject: r18301: I discovered how to load the warnings from a build farm build
 into emacs compile mode (hint, paste to a file, and compile as "cat
 filename").

This allowed me to fix nearly all the warnings for a IA_64 SuSE build
very quickly.
(This used to be commit eba6c84efff735bb0ca941ac4b755ce2b0591667)
---
 source4/ldap_server/ldap_backend.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index bbb16a2e90..e8e3e293b7 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -578,7 +578,7 @@ static NTSTATUS ldapsrv_ModifyDNRequest(struct ldapsrv_call *call)
 	struct ldapsrv_reply *modifydn_r;
 	void *local_ctx;
 	struct ldb_context *samdb = call->conn->ldb;
-	struct ldb_dn *olddn, *newdn, *newrdn;
+	struct ldb_dn *olddn, *newdn=NULL, *newrdn;
 	struct ldb_dn *parentdn = NULL;
 	const char *errstr = NULL;
 	int result = LDAP_SUCCESS;
-- 
cgit 


From 31454d2e8b70f7aca87099dba25abe790781c7a7 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 29 Sep 2006 04:45:15 +0000
Subject: r18989: Fixes found by these two LDAP testsuites: -
 http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/ -
 http://gleg.net/protover_ldap_sample.shtml

Also fixes found by a subsequent audit of the code for similar issues.
(This used to be commit 441a4f6262459dabfefd9bb12622ada9c007a60c)
---
 source4/ldap_server/ldap_backend.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index e8e3e293b7..3cd1f1c58a 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -220,6 +220,10 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
 			scope = LDB_SCOPE_SUBTREE;
 			success_limit = 0;
 			break;
+	        default:
+			result = LDAP_PROTOCOL_ERROR;
+			errstr = "Invalid scope";
+			break;
 	}
 
 	if (req->num_attributes >= 1) {
-- 
cgit 


From 899ae849e87bf4c294f8e30d0de9a17917526321 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 1 Nov 2006 03:21:04 +0000
Subject: r19522: Remove gensec and credentials dependency from the rootdse
 module (less dependency loops).

This moves the evaluation of the SASL mechansim list to display in the
rootDSE to the ldap server.

Andrew Bartlett
(This used to be commit 379da475e224d93c05d91b37902c121eb4007d97)
---
 source4/ldap_server/ldap_backend.c | 32 +++++++++++++++++++++++++++++++-
 1 file changed, 31 insertions(+), 1 deletion(-)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index 3cd1f1c58a..9e26f1c6eb 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -25,6 +25,8 @@
 #include "lib/ldb/include/ldb.h"
 #include "lib/ldb/include/ldb_errors.h"
 #include "lib/db_wrap.h"
+#include "auth/credentials/credentials.h"
+#include "auth/gensec/gensec.h"
 
 #define VALID_DN_SYNTAX(dn,i) do {\
 	if (!(dn)) {\
@@ -54,7 +56,35 @@ NTSTATUS ldapsrv_backend_Init(struct ldapsrv_connection *conn)
 	if (conn->ldb == NULL) {
 		return NT_STATUS_INTERNAL_DB_CORRUPTION;
 	}
-	ldb_set_opaque(conn->ldb, "server_credentials", conn->server_credentials);
+
+	if (conn->server_credentials) {
+		char **sasl_mechs = NULL;
+		struct gensec_security_ops **backends = gensec_security_all();
+		enum credentials_use_kerberos use_kerberos
+			= cli_credentials_get_kerberos_state(conn->server_credentials);
+		struct gensec_security_ops **ops
+			= gensec_use_kerberos_mechs(conn, backends, use_kerberos);
+		int i, j = 0;
+		for (i = 0; ops && ops[i]; i++) {
+			if (ops[i]->sasl_name && ops[i]->server_start) {
+				char *sasl_name = talloc_strdup(conn, ops[i]->sasl_name);
+
+				if (!sasl_name) {
+					return NT_STATUS_NO_MEMORY;
+				}
+				sasl_mechs = talloc_realloc(conn, sasl_mechs, char *, j + 2);
+				if (!sasl_mechs) {
+					return NT_STATUS_NO_MEMORY;
+				}
+				sasl_mechs[j] = sasl_name;
+				talloc_steal(sasl_mechs, sasl_name);
+				sasl_mechs[j+1] = NULL;
+				j++;
+			}
+		}
+		talloc_free(ops);
+		ldb_set_opaque(conn->ldb, "supportedSASLMechanims", sasl_mechs);
+	}
 
 	if (conn->global_catalog) {
 		ldb_set_opaque(conn->ldb, "global_catalog", (void *)(-1));
-- 
cgit 


From b7774527faf095f612eb1de48efacec6bd710a87 Mon Sep 17 00:00:00 2001
From: Simo Sorce <idra@samba.org>
Date: Wed, 1 Nov 2006 23:31:26 +0000
Subject: r19531: Make struct ldb_dn opaque and local to ldb_dn.c (This used to
 be commit 889fb983ba1cf8a11424a8b3dc3a5ef76e780082)

---
 source4/ldap_server/ldap_backend.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index 9e26f1c6eb..8e102139fe 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -31,7 +31,7 @@
 #define VALID_DN_SYNTAX(dn,i) do {\
 	if (!(dn)) {\
 		return NT_STATUS_NO_MEMORY;\
-	} else if ((dn)->comp_num < (i)) {\
+	} else if (ldb_dn_get_comp_num(dn) < (i)) {\
 		result = LDAP_INVALID_DN_SYNTAX;\
 		errstr = "Invalid DN (" #i " components needed for '" #dn "')";\
 		goto reply;\
@@ -641,7 +641,7 @@ static NTSTATUS ldapsrv_ModifyDNRequest(struct ldapsrv_call *call)
 		goto reply;
 	}
 
-	if (newrdn->comp_num > 1) {
+	if (ldb_dn_get_comp_num(newrdn) > 1) {
 		result = LDAP_NAMING_VIOLATION;
 		errstr = "Error new RDN invalid";
 		goto reply;
@@ -652,7 +652,7 @@ static NTSTATUS ldapsrv_ModifyDNRequest(struct ldapsrv_call *call)
 		VALID_DN_SYNTAX(parentdn, 0);
 		DEBUG(10, ("ModifyDNRequest: newsuperior: [%s]\n", req->newsuperior));
 		
-		if (parentdn->comp_num < 1) {
+		if (ldb_dn_get_comp_num(parentdn) < 1) {
 			result = LDAP_AFFECTS_MULTIPLE_DSAS;
 			errstr = "Error new Superior DN invalid";
 			goto reply;
@@ -664,7 +664,10 @@ static NTSTATUS ldapsrv_ModifyDNRequest(struct ldapsrv_call *call)
 		NT_STATUS_HAVE_NO_MEMORY(parentdn);
 	}
 
-	newdn = ldb_dn_make_child(local_ctx, ldb_dn_get_rdn(local_ctx, newrdn), parentdn);
+	newdn = ldb_dn_build_child(local_ctx,
+				   ldb_dn_get_rdn_name(newrdn),
+				   (char *)ldb_dn_get_rdn_val(newrdn)->data,
+				   parentdn);
 	NT_STATUS_HAVE_NO_MEMORY(newdn);
 
 reply:
-- 
cgit 


From 132b046ec833072bb29fc01aa6e063eee63090da Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 15 Nov 2006 16:36:14 +0000
Subject: r19721: ldapsrv_SearchCallback isn't needed any more
 ldb_search_default_callback does the same...

metze
(This used to be commit 0edac60ec6f1e67de8e08f4e71e56b674915ad6e)
---
 source4/ldap_server/ldap_backend.c | 61 +-------------------------------------
 1 file changed, 1 insertion(+), 60 deletions(-)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index 8e102139fe..05b263204e 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -143,65 +143,6 @@ NTSTATUS ldapsrv_unwilling(struct ldapsrv_call *call, int error)
 	return NT_STATUS_OK;
 }
 
-static int ldapsrv_SearchCallback(struct ldb_context *ldb, void *context, struct ldb_reply *ares)
-{
-	struct ldb_result *res;
-	int n;
-	
- 	if (!context || !ares) {
-		DEBUG(3, ("NULL Context or Ares in ldapsrv_SearchCallback"));
-		return LDB_ERR_OPERATIONS_ERROR;
-	}	
-
-	res = talloc_get_type(context, struct ldb_result);
-
-	if (ares->type == LDB_REPLY_ENTRY) {
-		res->msgs = talloc_realloc(res, res->msgs, struct ldb_message *, res->count + 2);
-		if (! res->msgs) {
-			goto error;
-		}
-
-		res->msgs[res->count + 1] = NULL;
-
-		res->msgs[res->count] = talloc_steal(res->msgs, ares->message);
-		if (! res->msgs[res->count]) {
-			goto error;
-		}
-
-		res->count++;
-	}
-
-	if (ares->type == LDB_REPLY_REFERRAL) {
-		if (res->refs) {
-			for (n = 0; res->refs[n]; n++) /*noop*/ ;
-		} else {
-			n = 0;
-		}
-
-		res->refs = talloc_realloc(res, res->refs, char *, n + 2);
-		if (! res->refs) {
-			goto error;
-		}
-
-		res->refs[n] = talloc_steal(res->refs, ares->referral);
-		res->refs[n + 1] = NULL;
-	}
-
-	if (ares->controls) {
-		res->controls = talloc_steal(res, ares->controls);
-		if (! res->controls) {
-			goto error;
-		}
-	}
-
-	talloc_free(ares);
-	return LDB_SUCCESS;
-
-error:
-	talloc_free(ares);
-	return LDB_ERR_OPERATIONS_ERROR;
-}
-
 static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
 {
 	struct ldap_SearchRequest *req = &call->request->r.SearchRequest;
@@ -285,7 +226,7 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
 	lreq->controls = call->request->controls;
 
 	lreq->context = res;
-	lreq->callback = ldapsrv_SearchCallback;
+	lreq->callback = ldb_search_default_callback;
 
 	/* Copy the timeout from the incoming call */
 	ldb_set_timeout(samdb, lreq, req->timelimit);
-- 
cgit 


From 3c6b9db18f064fe1e2907352b23809832168e00f Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 15 Nov 2006 16:53:32 +0000
Subject: r19722: fix memory leaks and hierachie bugs

metze
(This used to be commit fddcbf5d4cce77705be43956ea93895432b64aa1)
---
 source4/ldap_server/ldap_backend.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index 05b263204e..1a2206b831 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -198,7 +198,7 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
 	}
 
 	if (req->num_attributes >= 1) {
-		attrs = talloc_array(samdb, const char *, req->num_attributes+1);
+		attrs = talloc_array(local_ctx, const char *, req->num_attributes+1);
 		NT_STATUS_HAVE_NO_MEMORY(attrs);
 
 		for (i=0; i < req->num_attributes; i++) {
@@ -368,7 +368,8 @@ static NTSTATUS ldapsrv_ModifyRequest(struct ldapsrv_call *call)
 
 			msg->elements[i].num_values = req->mods[i].attrib.num_values;
 			if (msg->elements[i].num_values > 0) {
-				msg->elements[i].values = talloc_array(msg, struct ldb_val, msg->elements[i].num_values);
+				msg->elements[i].values = talloc_array(msg->elements, struct ldb_val,
+								       msg->elements[i].num_values);
 				NT_STATUS_HAVE_NO_MEMORY(msg->elements[i].values);
 
 				for (j=0; j < msg->elements[i].num_values; j++) {
@@ -456,7 +457,8 @@ static NTSTATUS ldapsrv_AddRequest(struct ldapsrv_call *call)
 			
 			if (req->attributes[i].num_values > 0) {
 				msg->elements[i].num_values = req->attributes[i].num_values;
-				msg->elements[i].values = talloc_array(msg, struct ldb_val, msg->elements[i].num_values);
+				msg->elements[i].values = talloc_array(msg->elements, struct ldb_val,
+								       msg->elements[i].num_values);
 				NT_STATUS_HAVE_NO_MEMORY(msg->elements[i].values);
 
 				for (j=0; j < msg->elements[i].num_values; j++) {
@@ -671,7 +673,7 @@ reply:
 
 	if (result == LDAP_SUCCESS) {
 		ldb_ret = ldb_search(samdb, dn, LDB_SCOPE_BASE, filter, attrs, &res);
-		talloc_steal(samdb, res);
+		talloc_steal(local_ctx, res);
 		if (ldb_ret != LDB_SUCCESS) {
 			result = map_ldb_error(samdb, ldb_ret, &errstr);
 			DEBUG(10,("CompareRequest: error: %s\n", errstr));
-- 
cgit 


From 4889eb9f7aae9349e426d0f6d2217adff67eaebd Mon Sep 17 00:00:00 2001
From: Simo Sorce <idra@samba.org>
Date: Wed, 22 Nov 2006 00:59:34 +0000
Subject: r19831: Big ldb_dn optimization and interfaces enhancement patch

This patch changes a lot of the code in ldb_dn.c, and also
removes and add a number of manipulation functions around.

The aim is to avoid validating a dn if not necessary as the
validation code is necessarily slow. This is mainly to speed up
internal operations where input is not user generated and so we
can assume the DNs need no validation. The code is designed to
keep the data as a string if possible.

The code is not yet 100% perfect, but pass all the tests so far.
A memleak is certainly present, I'll work on that next.

Simo.
(This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
---
 source4/ldap_server/ldap_backend.c | 38 +++++++++++++++++++-------------------
 1 file changed, 19 insertions(+), 19 deletions(-)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index 1a2206b831..de99280ded 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -31,6 +31,10 @@
 #define VALID_DN_SYNTAX(dn,i) do {\
 	if (!(dn)) {\
 		return NT_STATUS_NO_MEMORY;\
+	} else if ( ! ldb_dn_validate(dn)) {\
+		result = LDAP_INVALID_DN_SYNTAX;\
+		errstr = "Invalid DN format";\
+		goto reply;\
 	} else if (ldb_dn_get_comp_num(dn) < (i)) {\
 		result = LDAP_INVALID_DN_SYNTAX;\
 		errstr = "Invalid DN (" #i " components needed for '" #dn "')";\
@@ -169,7 +173,7 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
 	local_ctx = talloc_new(call);
 	NT_STATUS_HAVE_NO_MEMORY(local_ctx);
 
-	basedn = ldb_dn_explode(local_ctx, req->basedn);
+	basedn = ldb_dn_new(local_ctx, samdb, req->basedn);
 	VALID_DN_SYNTAX(basedn, 0);
 
 	DEBUG(10, ("SearchRequest: basedn: [%s]\n", req->basedn));
@@ -327,7 +331,7 @@ static NTSTATUS ldapsrv_ModifyRequest(struct ldapsrv_call *call)
 	local_ctx = talloc_named(call, 0, "ModifyRequest local memory context");
 	NT_STATUS_HAVE_NO_MEMORY(local_ctx);
 
-	dn = ldb_dn_explode(local_ctx, req->dn);
+	dn = ldb_dn_new(local_ctx, samdb, req->dn);
 	VALID_DN_SYNTAX(dn, 1);
 
 	DEBUG(10, ("ModifyRequest: dn: [%s]\n", req->dn));
@@ -431,7 +435,7 @@ static NTSTATUS ldapsrv_AddRequest(struct ldapsrv_call *call)
 	local_ctx = talloc_named(call, 0, "AddRequest local memory context");
 	NT_STATUS_HAVE_NO_MEMORY(local_ctx);
 
-	dn = ldb_dn_explode(local_ctx, req->dn);
+	dn = ldb_dn_new(local_ctx, samdb, req->dn);
 	VALID_DN_SYNTAX(dn,1);
 
 	DEBUG(10, ("AddRequest: dn: [%s]\n", req->dn));
@@ -522,7 +526,7 @@ static NTSTATUS ldapsrv_DelRequest(struct ldapsrv_call *call)
 	local_ctx = talloc_named(call, 0, "DelRequest local memory context");
 	NT_STATUS_HAVE_NO_MEMORY(local_ctx);
 
-	dn = ldb_dn_explode(local_ctx, req->dn);
+	dn = ldb_dn_new(local_ctx, samdb, req->dn);
 	VALID_DN_SYNTAX(dn,1);
 
 	DEBUG(10, ("DelRequest: dn: [%s]\n", req->dn));
@@ -568,10 +572,10 @@ static NTSTATUS ldapsrv_ModifyDNRequest(struct ldapsrv_call *call)
 	local_ctx = talloc_named(call, 0, "ModifyDNRequest local memory context");
 	NT_STATUS_HAVE_NO_MEMORY(local_ctx);
 
-	olddn = ldb_dn_explode(local_ctx, req->dn);
+	olddn = ldb_dn_new(local_ctx, samdb, req->dn);
 	VALID_DN_SYNTAX(olddn, 2);
 
-	newrdn = ldb_dn_explode(local_ctx, req->newrdn);
+	newrdn = ldb_dn_new(local_ctx, samdb, req->newrdn);
 	VALID_DN_SYNTAX(newrdn, 1);
 
 	DEBUG(10, ("ModifyDNRequest: olddn: [%s]\n", req->dn));
@@ -584,14 +588,8 @@ static NTSTATUS ldapsrv_ModifyDNRequest(struct ldapsrv_call *call)
 		goto reply;
 	}
 
-	if (ldb_dn_get_comp_num(newrdn) > 1) {
-		result = LDAP_NAMING_VIOLATION;
-		errstr = "Error new RDN invalid";
-		goto reply;
-	}
-
 	if (req->newsuperior) {
-		parentdn = ldb_dn_explode(local_ctx, req->newsuperior);
+		parentdn = ldb_dn_new(local_ctx, samdb, req->newsuperior);
 		VALID_DN_SYNTAX(parentdn, 0);
 		DEBUG(10, ("ModifyDNRequest: newsuperior: [%s]\n", req->newsuperior));
 		
@@ -607,11 +605,13 @@ static NTSTATUS ldapsrv_ModifyDNRequest(struct ldapsrv_call *call)
 		NT_STATUS_HAVE_NO_MEMORY(parentdn);
 	}
 
-	newdn = ldb_dn_build_child(local_ctx,
-				   ldb_dn_get_rdn_name(newrdn),
-				   (char *)ldb_dn_get_rdn_val(newrdn)->data,
-				   parentdn);
-	NT_STATUS_HAVE_NO_MEMORY(newdn);
+	if ( ! ldb_dn_add_child_fmt(parentdn,
+				"%s=%s",
+				ldb_dn_get_rdn_name(newrdn),
+				(char *)ldb_dn_get_rdn_val(newrdn)->data)) {
+		result = LDAP_OTHER;
+		goto reply;
+	}
 
 reply:
 	modifydn_r = ldapsrv_init_reply(call, LDAP_TAG_ModifyDNResponse);
@@ -655,7 +655,7 @@ static NTSTATUS ldapsrv_CompareRequest(struct ldapsrv_call *call)
 	local_ctx = talloc_named(call, 0, "CompareRequest local_memory_context");
 	NT_STATUS_HAVE_NO_MEMORY(local_ctx);
 
-	dn = ldb_dn_explode(local_ctx, req->dn);
+	dn = ldb_dn_new(local_ctx, samdb, req->dn);
 	VALID_DN_SYNTAX(dn, 1);
 
 	DEBUG(10, ("CompareRequest: dn: [%s]\n", req->dn));
-- 
cgit 


From a9e31b33b55a873c2f01db5e348560176adf863d Mon Sep 17 00:00:00 2001
From: Simo Sorce <idra@samba.org>
Date: Wed, 22 Nov 2006 02:05:19 +0000
Subject: r19832: better prototypes for the linearization functions:

- ldb_dn_get_linearized
  returns a const string

- ldb_dn_alloc_linearized
  allocs astring with the linearized dn
(This used to be commit 3929c086d5d0b3f08b1c4f2f3f9602c3f4a9a4bd)
---
 source4/ldap_server/ldap_backend.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index de99280ded..aaa8e453ca 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -249,7 +249,7 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
 			NT_STATUS_HAVE_NO_MEMORY(ent_r);
 
 			ent = &ent_r->msg->r.SearchResultEntry;
-			ent->dn = ldb_dn_linearize(ent_r, res->msgs[i]->dn);
+			ent->dn = ldb_dn_alloc_linearized(ent_r, res->msgs[i]->dn);
 			ent->num_attributes = 0;
 			ent->attributes = NULL;
 			if (res->msgs[i]->num_elements == 0) {
-- 
cgit 


From a3c0f3035d338b5bf00ecd436cb0ebfcbdc7345d Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 15 Dec 2006 20:22:17 +0000
Subject: r20189: remove unused struct element

metze
(This used to be commit d20d1872d5ed1176928b85ef9811c6a5177d0148)
---
 source4/ldap_server/ldap_backend.c | 2 --
 1 file changed, 2 deletions(-)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index aaa8e453ca..b318996f43 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -340,7 +340,6 @@ static NTSTATUS ldapsrv_ModifyRequest(struct ldapsrv_call *call)
 	NT_STATUS_HAVE_NO_MEMORY(msg);
 
 	msg->dn = dn;
-	msg->private_data = NULL;
 	msg->num_elements = 0;
 	msg->elements = NULL;
 
@@ -444,7 +443,6 @@ static NTSTATUS ldapsrv_AddRequest(struct ldapsrv_call *call)
 	NT_STATUS_HAVE_NO_MEMORY(msg);
 
 	msg->dn = dn;
-	msg->private_data = NULL;
 	msg->num_elements = 0;
 	msg->elements = NULL;
 
-- 
cgit 


From 7dc7156bd76425df129102a42dd29a85fd8c7ebc Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 22 Feb 2007 01:54:40 +0000
Subject: r21496: A number of ldb control and LDAP changes, surrounding the
 'phantom_root' flag in the search_options control

- Add in support for LDB controls to the js layer
- Test the behaviour
- Implement support for the 'phantom_root' flag in the partitions module
- Make the LDAP server set the 'phantom_root' flag in the search_options control
  - This replaces the global_catalog flag passed down as an opaque pointer
- Rework the string-format control parsing function into
  ldb_parse_control_strings(), returning errors by ldb_errorstring()
  method, rather than with printf to stderr
- Rework some of the ldb_control handling logic

Andrew Bartlett
(This used to be commit 2b3df7f38d7790358dbb4de1b8609bf794a351fb)
---
 source4/ldap_server/ldap_backend.c | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index b318996f43..fa8c07fa55 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -90,10 +90,6 @@ NTSTATUS ldapsrv_backend_Init(struct ldapsrv_connection *conn)
 		ldb_set_opaque(conn->ldb, "supportedSASLMechanims", sasl_mechs);
 	}
 
-	if (conn->global_catalog) {
-		ldb_set_opaque(conn->ldb, "global_catalog", (void *)(-1));
-	}
-
 	return NT_STATUS_OK;
 }
 
@@ -229,6 +225,21 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
 
 	lreq->controls = call->request->controls;
 
+	if (call->conn->global_catalog) {
+		struct ldb_control *search_control = ldb_request_get_control(lreq, LDB_CONTROL_SEARCH_OPTIONS_OID);
+		
+		struct ldb_search_options_control *search_options = NULL;
+		if (search_control) {
+			search_options = talloc_get_type(search_control->data, struct ldb_search_options_control);
+			search_options->search_options |= LDB_SEARCH_OPTION_PHANTOM_ROOT;
+		} else {
+			search_options = talloc(lreq, struct ldb_search_options_control);
+			NT_STATUS_HAVE_NO_MEMORY(search_options);
+			search_options->search_options = LDB_SEARCH_OPTION_PHANTOM_ROOT;
+			ldb_request_add_control(lreq, LDB_CONTROL_SEARCH_OPTIONS_OID, false, search_options);
+		}
+	}
+
 	lreq->context = res;
 	lreq->callback = ldb_search_default_callback;
 
-- 
cgit 


From 2d2cde7d95e0871ea66ce8186a54c3b28834051b Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 9 Jul 2007 12:31:35 +0000
Subject: r23762: Fix DN renames over LDAP, and instrument the partition
 module.  Add a test to prove the behaviour of LDAP renames etc.

Fix LDB to return correct error code when failing to rename one DN
onto another.

Andrew Bartlett
(This used to be commit 3f3da9c4710b7752ed97f55c2fc3d32a63d352af)
---
 source4/ldap_server/ldap_backend.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index fa8c07fa55..bfcdbd2dc1 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -621,6 +621,7 @@ static NTSTATUS ldapsrv_ModifyDNRequest(struct ldapsrv_call *call)
 		result = LDAP_OTHER;
 		goto reply;
 	}
+	newdn = parentdn;
 
 reply:
 	modifydn_r = ldapsrv_init_reply(call, LDAP_TAG_ModifyDNResponse);
-- 
cgit 


From 0479a2f1cbae51fcd8dbdc3c148c808421fb4d25 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Tue, 10 Jul 2007 02:07:03 +0000
Subject: r23792: convert Samba4 to GPLv3

There are still a few tidyups of old FSF addresses to come (in both s3
and s4). More commits soon.
(This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
---
 source4/ldap_server/ldap_backend.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index bfcdbd2dc1..be11a47f87 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -5,7 +5,7 @@
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2 of the License, or
+   the Free Software Foundation; either version 3 of the License, or
    (at your option) any later version.
    
    This program is distributed in the hope that it will be useful,
@@ -14,8 +14,7 @@
    GNU General Public License for more details.
    
    You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software
-   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
 #include "includes.h"
-- 
cgit 


From a0fa5051bdb30d2d5e6d106f7c67c00211c93341 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 10 Jul 2007 13:41:00 +0000
Subject: r23816: A little more static, but leave the dead code testjoin.c as
 documentation.

Andrew Bartlett
(This used to be commit 6679003c0553804333f0090a91e1fe53837ceb47)
---
 source4/ldap_server/ldap_backend.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index be11a47f87..2f5e4348e1 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -118,7 +118,7 @@ void ldapsrv_queue_reply(struct ldapsrv_call *call, struct ldapsrv_reply *reply)
 	DLIST_ADD_END(call->replies, reply, struct ldapsrv_reply *);
 }
 
-NTSTATUS ldapsrv_unwilling(struct ldapsrv_call *call, int error)
+static NTSTATUS ldapsrv_unwilling(struct ldapsrv_call *call, int error)
 {
 	struct ldapsrv_reply *reply;
 	struct ldap_ExtendedResponse *r;
-- 
cgit 


From 4955b21f68699826dfa9158681943673bbb10f6b Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 12 Jul 2007 06:15:47 +0000
Subject: r23849: ldap_server:  Provide more info in debug traces

blackbox tests:  increase test coverage by running more options.

Andrew Bartlett
(This used to be commit 46abf82675ea0ce06a162be5d733da0c236880c2)
---
 source4/ldap_server/ldap_backend.c | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index 2f5e4348e1..c8ae293a2a 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -155,7 +155,7 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
 	struct ldb_request *lreq;
 	enum ldb_scope scope = LDB_SCOPE_DEFAULT;
 	const char **attrs = NULL;
-	const char *errstr = NULL;
+	const char *scope_str, *errstr = NULL;
 	int success_limit = 1;
 	int result = -1;
 	int ldb_ret = -1;
@@ -176,25 +176,26 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
 
 	switch (req->scope) {
 		case LDAP_SEARCH_SCOPE_BASE:
-			DEBUG(10,("SearchRequest: scope: [BASE]\n"));
+			scope_str = "BASE";
 			scope = LDB_SCOPE_BASE;
 			success_limit = 0;
 			break;
 		case LDAP_SEARCH_SCOPE_SINGLE:
-			DEBUG(10,("SearchRequest: scope: [ONE]\n"));
+			scope_str = "ONE";
 			scope = LDB_SCOPE_ONELEVEL;
 			success_limit = 0;
 			break;
 		case LDAP_SEARCH_SCOPE_SUB:
-			DEBUG(10,("SearchRequest: scope: [SUB]\n"));
+			scope_str = "SUB";
 			scope = LDB_SCOPE_SUBTREE;
 			success_limit = 0;
 			break;
 	        default:
 			result = LDAP_PROTOCOL_ERROR;
 			errstr = "Invalid scope";
-			break;
+			goto reply;
 	}
+	DEBUG(10,("SearchRequest: scope: [%s]\n", scope_str));
 
 	if (req->num_attributes >= 1) {
 		attrs = talloc_array(local_ctx, const char *, req->num_attributes+1);
@@ -207,8 +208,8 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
 		attrs[i] = NULL;
 	}
 
-	DEBUG(5,("ldb_request dn=%s filter=%s\n", 
-		 req->basedn, ldb_filter_from_tree(call, req->tree)));
+	DEBUG(5,("ldb_request %s dn=%s filter=%s\n", 
+		 scope_str, req->basedn, ldb_filter_from_tree(call, req->tree)));
 
 	lreq = talloc(local_ctx, struct ldb_request);
 	NT_STATUS_HAVE_NO_MEMORY(lreq);
-- 
cgit 


From ffeee68e4b72dd94fee57366bd8d38b8c284c3d4 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Sat, 8 Sep 2007 12:42:09 +0000
Subject: r25026: Move param/param.h out of includes.h (This used to be commit
 abe8349f9b4387961ff3665d8c589d61cd2edf31)

---
 source4/ldap_server/ldap_backend.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index c8ae293a2a..5afcf8cd12 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -26,6 +26,7 @@
 #include "lib/db_wrap.h"
 #include "auth/credentials/credentials.h"
 #include "auth/gensec/gensec.h"
+#include "param/param.h"
 
 #define VALID_DN_SYNTAX(dn,i) do {\
 	if (!(dn)) {\
-- 
cgit 


From 37d53832a4623653f706e77985a79d84bd7c6694 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Fri, 28 Sep 2007 01:17:46 +0000
Subject: r25398: Parse loadparm context to all lp_*() functions. (This used to
 be commit 3fcc960839c6e5ca4de2c3c042f12f369ac5f238)

---
 source4/ldap_server/ldap_backend.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index 5afcf8cd12..e81c5bf445 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -55,7 +55,7 @@ static int map_ldb_error(struct ldb_context *ldb, int err, const char **errstrin
 */
 NTSTATUS ldapsrv_backend_Init(struct ldapsrv_connection *conn) 
 {
-	conn->ldb = ldb_wrap_connect(conn, lp_sam_url(), conn->session_info,
+	conn->ldb = ldb_wrap_connect(conn, lp_sam_url(global_loadparm), conn->session_info,
 				     NULL, conn->global_catalog ? LDB_FLG_RDONLY : 0, NULL);
 	if (conn->ldb == NULL) {
 		return NT_STATUS_INTERNAL_DB_CORRUPTION;
-- 
cgit 


From 98038f71a7b072912c974d131012335ca22c5259 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Sat, 29 Sep 2007 15:16:38 +0000
Subject: r25428: forward declarations of enums are not portable, so pass
 struct cli_credentials *cred instead of enum credentials_use_kerberos
 use_kerberos.

metze
(This used to be commit b945aaa9dadc4c0595340d35725b49bac8e5778e)
---
 source4/ldap_server/ldap_backend.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index e81c5bf445..ae0fd207b5 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -64,10 +64,8 @@ NTSTATUS ldapsrv_backend_Init(struct ldapsrv_connection *conn)
 	if (conn->server_credentials) {
 		char **sasl_mechs = NULL;
 		struct gensec_security_ops **backends = gensec_security_all();
-		enum credentials_use_kerberos use_kerberos
-			= cli_credentials_get_kerberos_state(conn->server_credentials);
 		struct gensec_security_ops **ops
-			= gensec_use_kerberos_mechs(conn, backends, use_kerberos);
+			= gensec_use_kerberos_mechs(conn, backends, conn->server_credentials);
 		int i, j = 0;
 		for (i = 0; ops && ops[i]; i++) {
 			if (ops[i]->sasl_name && ops[i]->server_start) {
-- 
cgit 


From 2f3551ca7cee59d4d053cceb87abdf1da1b3a1ad Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Mon, 1 Oct 2007 18:52:55 +0000
Subject: r25446: Merge some changes I made on the way home from SFO:

2007-09-29 More higher-level passing around of lp_ctx.
2007-09-29 Fix warning.
2007-09-29 Pass loadparm contexts on a higher level.
2007-09-29 Avoid using global loadparm context.
(This used to be commit 3468952e771ab31f90b6c374ade01c5550810f42)
---
 source4/ldap_server/ldap_backend.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index ae0fd207b5..25d19a5a58 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -55,7 +55,9 @@ static int map_ldb_error(struct ldb_context *ldb, int err, const char **errstrin
 */
 NTSTATUS ldapsrv_backend_Init(struct ldapsrv_connection *conn) 
 {
-	conn->ldb = ldb_wrap_connect(conn, lp_sam_url(global_loadparm), conn->session_info,
+	conn->ldb = ldb_wrap_connect(conn, 
+				     global_loadparm,
+				     lp_sam_url(global_loadparm), conn->session_info,
 				     NULL, conn->global_catalog ? LDB_FLG_RDONLY : 0, NULL);
 	if (conn->ldb == NULL) {
 		return NT_STATUS_INTERNAL_DB_CORRUPTION;
-- 
cgit 


From bd6a651b38446512af4982a376ddead658b6ee74 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 15 Nov 2007 02:45:31 +0100
Subject: r25960: Enable checks on the validity of the search base on sam.ldb
 in Samba4.

Remove bogus check to return NO_SUCH_ENTRY in ldap_backend.c, as this
error is now correctly emited from ldb.

Andrew Bartlett
(This used to be commit ed57862b90812e5a38ca81935b131338112fb19f)
---
 source4/ldap_server/ldap_backend.c | 4 ----
 1 file changed, 4 deletions(-)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index 25d19a5a58..62fe6270dc 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -300,10 +300,6 @@ reply:
 			DEBUG(10,("SearchRequest: results: [%d]\n", res->count));
 			result = LDAP_SUCCESS;
 			errstr = NULL;
-		} else if (res->count == 0) {
-			DEBUG(10,("SearchRequest: no results\n"));
-			result = LDAP_NO_SUCH_OBJECT;
-			errstr = ldb_errstring(samdb);
 		}
 		if (res->controls) {
 			done_r->msg->controls = res->controls;
-- 
cgit 


From ca0b72a1fdb7bd965065e833df34662afef0423e Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Fri, 16 Nov 2007 20:12:00 +0100
Subject: r26003: Split up DB_WRAP, as first step in an attempt to sanitize
 dependencies. (This used to be commit
 56dfcb4f2f8e74c9d8b2fe3a0df043781188a555)

---
 source4/ldap_server/ldap_backend.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index 62fe6270dc..5a953947f3 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -23,7 +23,7 @@
 #include "libcli/ldap/ldap.h"
 #include "lib/ldb/include/ldb.h"
 #include "lib/ldb/include/ldb_errors.h"
-#include "lib/db_wrap.h"
+#include "lib/ldb_wrap.h"
 #include "auth/credentials/credentials.h"
 #include "auth/gensec/gensec.h"
 #include "param/param.h"
-- 
cgit 


From 1da2cfe03d956e5f209b049f931851b4afa1287c Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 29 Nov 2007 08:02:36 +0100
Subject: r26193: In the LDAP server, use the new 'controls_decoded' element to

determine if this (possibly critical) control has been decoded.  This
allows us to return an error, rather than just dropping the socket.

Andrew Bartlett
(This used to be commit 230a60c1910f95ce5139c174d6d79786fca08433)
---
 source4/ldap_server/ldap_backend.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index 5a953947f3..a6697dfba8 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -720,6 +720,18 @@ static NTSTATUS ldapsrv_AbandonRequest(struct ldapsrv_call *call)
 
 NTSTATUS ldapsrv_do_call(struct ldapsrv_call *call)
 {
+	int i;
+	struct ldap_message *msg = call->request;
+	/* Check for undecoded critical extensions */
+	for (i=0; msg->controls && msg->controls[i]; i++) {
+		if (!msg->controls_decoded[i] && 
+		    msg->controls[i]->critical) {
+			DEBUG(3, ("ldapsrv_do_call: Critical extension %s is not known to this server\n",
+				  msg->controls[i]->oid));
+			return ldapsrv_unwilling(call, LDAP_UNAVAILABLE_CRITICAL_EXTENSION);
+		}
+	}
+
 	switch(call->request->type) {
 	case LDAP_TAG_BindRequest:
 		return ldapsrv_BindRequest(call);
-- 
cgit 


From 2f8dc4f48f1802baa3405e7803563f6840e0d1b3 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Mon, 3 Dec 2007 21:25:06 +0100
Subject: r26266: Remove more global_loadparm uses. (This used to be commit
 99113075c4a96679bcec4f4d6bba4acb3dee4245)

---
 source4/ldap_server/ldap_backend.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index a6697dfba8..346aacaa99 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -56,8 +56,9 @@ static int map_ldb_error(struct ldb_context *ldb, int err, const char **errstrin
 NTSTATUS ldapsrv_backend_Init(struct ldapsrv_connection *conn) 
 {
 	conn->ldb = ldb_wrap_connect(conn, 
-				     global_loadparm,
-				     lp_sam_url(global_loadparm), conn->session_info,
+				     conn->lp_ctx,
+				     lp_sam_url(conn->lp_ctx), 
+				     conn->session_info,
 				     NULL, conn->global_catalog ? LDB_FLG_RDONLY : 0, NULL);
 	if (conn->ldb == NULL) {
 		return NT_STATUS_INTERNAL_DB_CORRUPTION;
-- 
cgit 


From e0c90d613121432700ea44011fda51e623de996c Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 29 Mar 2008 11:18:00 +1100
Subject: Fix some valgrind issues.

These small changes seem to fix some of the early issues in 'make
valgrindtest'

Previously, the subtree_delete code didn't pass on the timeout,
leaving it uninitialised.

The ldap_server/ldap_backend.c change tidies up the talloc hierarchy a
bit.

Andrew Bartlett
(This used to be commit 95314f29a9cf83db71d37e68728bfb5009fce60d)
---
 source4/ldap_server/ldap_backend.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index 346aacaa99..8b1c3cec69 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -216,9 +216,6 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
 	lreq = talloc(local_ctx, struct ldb_request);
 	NT_STATUS_HAVE_NO_MEMORY(lreq);
 
-	res = talloc_zero(local_ctx, struct ldb_result);
-	NT_STATUS_HAVE_NO_MEMORY(res);
-	
 	lreq->operation = LDB_SEARCH;
 	lreq->op.search.base = basedn;
 	lreq->op.search.scope = scope;
@@ -242,6 +239,9 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
 		}
 	}
 
+	res = talloc_zero(lreq, struct ldb_result);
+	NT_STATUS_HAVE_NO_MEMORY(res);
+	
 	lreq->context = res;
 	lreq->callback = ldb_search_default_callback;
 
-- 
cgit 


From 1c1c6fca660c304630672e87c20819daf8e008fc Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 29 Mar 2008 13:32:15 +1100
Subject: Fix more valgrind issues.

This passes down the timeout more consistantly, and ensures that no
matter how the modules screw up, we don't free() the memory we are
going to write into the ASN1 packet until we actually write it out.

Andrew Bartlett
(This used to be commit eefd46289b90967ce6b4cd385fb1f7e1d6f9b343)
---
 source4/ldap_server/ldap_backend.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index 8b1c3cec69..9b43d7bd74 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -261,6 +261,11 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
 			ent_r = ldapsrv_init_reply(call, LDAP_TAG_SearchResultEntry);
 			NT_STATUS_HAVE_NO_MEMORY(ent_r);
 
+			/* Better to have the whole message kept here,
+			 * than to find someone further up didn't put
+			 * a value in the right spot in the talloc tree */
+			talloc_steal(ent_r, res->msgs[i]);
+			
 			ent = &ent_r->msg->r.SearchResultEntry;
 			ent->dn = ldb_dn_alloc_linearized(ent_r, res->msgs[i]->dn);
 			ent->num_attributes = 0;
-- 
cgit 


From 21fc7673780aa1d7c0caab7b17ff9171238913ba Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Thu, 17 Apr 2008 12:23:44 +0200
Subject: Specify event_context to ldb_wrap_connect explicitly. (This used to
 be commit b4e1ae07a284c044704322446c94351c2decff91)

---
 source4/ldap_server/ldap_backend.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index 9b43d7bd74..9047773529 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -27,6 +27,7 @@
 #include "auth/credentials/credentials.h"
 #include "auth/gensec/gensec.h"
 #include "param/param.h"
+#include "smbd/service_stream.h"
 
 #define VALID_DN_SYNTAX(dn,i) do {\
 	if (!(dn)) {\
@@ -56,6 +57,7 @@ static int map_ldb_error(struct ldb_context *ldb, int err, const char **errstrin
 NTSTATUS ldapsrv_backend_Init(struct ldapsrv_connection *conn) 
 {
 	conn->ldb = ldb_wrap_connect(conn, 
+				     conn->connection->event.ctx,
 				     conn->lp_ctx,
 				     lp_sam_url(conn->lp_ctx), 
 				     conn->session_info,
-- 
cgit 


From 0a391223acc78c7338fe3a38b61742f3cb67b551 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 2 Jul 2008 10:28:42 +0200
Subject: ldap_server: allow modifies to the root dse record and pass them to
 the ldb layer

metze
(This used to be commit 3da6f7f95d7c04cff49fa2312f94c059686d11e4)
---
 source4/ldap_server/ldap_backend.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index 9047773529..2193c989cf 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -348,7 +348,7 @@ static NTSTATUS ldapsrv_ModifyRequest(struct ldapsrv_call *call)
 	NT_STATUS_HAVE_NO_MEMORY(local_ctx);
 
 	dn = ldb_dn_new(local_ctx, samdb, req->dn);
-	VALID_DN_SYNTAX(dn, 1);
+	VALID_DN_SYNTAX(dn, 0);
 
 	DEBUG(10, ("ModifyRequest: dn: [%s]\n", req->dn));
 
-- 
cgit 


From 532899386b229fc4e72303d18e951686634c8757 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 15 Jul 2008 15:07:13 +1000
Subject: Use secrets.ldb to store credentials to contact LDAP backend.

This makes Samba4 behave much like Samba3 did, and use a single set of
administrative credentials for it's connection to LDAP.

Andrew Bartlett
(This used to be commit e396a59788d77aa2fbf3b523c3773fe0e5c976c0)
---
 source4/ldap_server/ldap_backend.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index 2193c989cf..504dcf1c0f 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -21,13 +21,13 @@
 #include "ldap_server/ldap_server.h"
 #include "lib/util/dlinklist.h"
 #include "libcli/ldap/ldap.h"
-#include "lib/ldb/include/ldb.h"
-#include "lib/ldb/include/ldb_errors.h"
-#include "lib/ldb_wrap.h"
 #include "auth/credentials/credentials.h"
 #include "auth/gensec/gensec.h"
 #include "param/param.h"
 #include "smbd/service_stream.h"
+#include "dsdb/samdb/samdb.h"
+#include "lib/ldb/include/ldb_errors.h"
+#include "lib/ldb_wrap.h"
 
 #define VALID_DN_SYNTAX(dn,i) do {\
 	if (!(dn)) {\
@@ -61,7 +61,8 @@ NTSTATUS ldapsrv_backend_Init(struct ldapsrv_connection *conn)
 				     conn->lp_ctx,
 				     lp_sam_url(conn->lp_ctx), 
 				     conn->session_info,
-				     NULL, conn->global_catalog ? LDB_FLG_RDONLY : 0, NULL);
+				     samdb_credentials(conn, conn->connection->event.ctx, conn->lp_ctx), 
+				     conn->global_catalog ? LDB_FLG_RDONLY : 0, NULL);
 	if (conn->ldb == NULL) {
 		return NT_STATUS_INTERNAL_DB_CORRUPTION;
 	}
-- 
cgit