1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

414 Commits

Author SHA1 Message Date
Jelmer Vernooij
291ddf4336 r26237: Add loadparm context to the server service interface.
(This used to be commit 1386c5c925)
2007-12-21 05:47:15 +01:00
Jelmer Vernooij
7e298580e0 r26234: More global_loadparm fixes.
(This used to be commit 84892d030d)
2007-12-21 05:47:12 +01:00
Jelmer Vernooij
cc04f143dc r26229: Set loadparm context as opaque pointer in ldb, remove more uses of global_loadparm.
(This used to be commit 37d05fdc7b)
2007-12-21 05:47:06 +01:00
Jelmer Vernooij
51db4c3f3d r26228: Store loadparm context in auth context, move more loadparm_contexts up the call stack.
(This used to be commit ba75f1613a)
2007-12-21 05:47:05 +01:00
Jelmer Vernooij
f4a1083cf9 r26227: Make loadparm_context part of a server task, move loadparm_contexts further up the call stack.
(This used to be commit 0721a07aad)
2007-12-21 05:47:04 +01:00
Andrew Bartlett
1da2cfe03d r26193: In the LDAP server, use the new 'controls_decoded' element to
determine if this (possibly critical) control has been decoded.  This
allows us to return an error, rather than just dropping the socket.

Andrew Bartlett
(This used to be commit 230a60c191)
2007-12-21 05:46:44 +01:00
Jelmer Vernooij
0ac6bffdf4 r26136: Attempt to fix dependencies for auth.
(This used to be commit abf2600a04)
2007-12-21 05:46:18 +01:00
Jelmer Vernooij
ca0b72a1fd r26003: Split up DB_WRAP, as first step in an attempt to sanitize dependencies.
(This used to be commit 56dfcb4f2f)
2007-12-21 05:45:40 +01:00
Andrew Bartlett
bd6a651b38 r25960: Enable checks on the validity of the search base on sam.ldb in Samba4.
Remove bogus check to return NO_SUCH_ENTRY in ldap_backend.c, as this
error is now correctly emited from ldb.

Andrew Bartlett
(This used to be commit ed57862b90)
2007-12-21 05:45:19 +01:00
Andrew Bartlett
716391f106 r25921: Now also listen on ldapi by default in the LDAP server
Create a phpLDAPadmin configuration file example to use ldapi to talk
to Samba4

Andrew Bartlett
(This used to be commit 54f4c8ba61)
2007-12-21 05:45:03 +01:00
Jelmer Vernooij
2f1c0eca13 r25548: Convert to standard bool type.
(This used to be commit 190d73b44b)
2007-10-10 15:07:53 -05:00
Jelmer Vernooij
2f3551ca7c r25446: Merge some changes I made on the way home from SFO:
2007-09-29 More higher-level passing around of lp_ctx.
2007-09-29 Fix warning.
2007-09-29 Pass loadparm contexts on a higher level.
2007-09-29 Avoid using global loadparm context.
(This used to be commit 3468952e77)
2007-10-10 15:07:34 -05:00
Stefan Metzmacher
98038f71a7 r25428: forward declarations of enums are not portable,
so pass struct cli_credentials *cred instead of
enum credentials_use_kerberos use_kerberos.

metze
(This used to be commit b945aaa9da)
2007-10-10 15:07:31 -05:00
Jelmer Vernooij
37d53832a4 r25398: Parse loadparm context to all lp_*() functions.
(This used to be commit 3fcc960839)
2007-10-10 15:07:25 -05:00
Andrew Bartlett
ee257e902a r25299: Modify the provision script to take an additional argument: --server-role
This must be set to either 'domain controller', 'domain member' or 'standalone'.

The default for the provision now changes to 'standalone'.

This is not because Samba4 is particularlly useful in that mode, but
because we still want a positive sign from the administrator that we
should advertise as a DC.

We now do more to ensure the 'standalone' and 'member server'
provision output is reasonable, and try not to set odd things into the
database that only belong for the DC.

Andrew Bartlett
(This used to be commit 4cc4ed7719)
2007-10-10 15:07:09 -05:00
Jelmer Vernooij
ffeee68e4b r25026: Move param/param.h out of includes.h
(This used to be commit abe8349f9b)
2007-10-10 15:05:38 -05:00
Jelmer Vernooij
959915a8cb r25001: Fix more C++ and other warnings, fix some of the indentation with ts=4 lines that I accidently added earlier.
(This used to be commit 0bcb21ed74)
2007-10-10 15:05:28 -05:00
Jelmer Vernooij
0b91f39164 r24780: More work allowing libutil to be used by external users.
(This used to be commit 31993cf67b)
2007-10-10 15:03:10 -05:00
Jelmer Vernooij
61ffa08f4c r24712: No longer expose the 'BOOL' data type in any interfaces.
(This used to be commit 1ce32673d9)
2007-10-10 15:02:54 -05:00
Andrew Bartlett
4955b21f68 r23849: ldap_server: Provide more info in debug traces
blackbox tests:  increase test coverage by running more options.

Andrew Bartlett
(This used to be commit 46abf82675)
2007-10-10 14:59:24 -05:00
Andrew Bartlett
a0fa5051bd r23816: A little more static, but leave the dead code testjoin.c as documentation.
Andrew Bartlett
(This used to be commit 6679003c05)
2007-10-10 14:59:23 -05:00
Andrew Tridgell
0479a2f1cb r23792: convert Samba4 to GPLv3
There are still a few tidyups of old FSF addresses to come (in both s3
and s4). More commits soon.
(This used to be commit fcf38a38ac)
2007-10-10 14:59:12 -05:00
Andrew Bartlett
2d2cde7d95 r23762: Fix DN renames over LDAP, and instrument the partition module. Add a
test to prove the behaviour of LDAP renames etc.

Fix LDB to return correct error code when failing to rename one DN
onto another.

Andrew Bartlett
(This used to be commit 3f3da9c471)
2007-10-10 14:59:11 -05:00
Andrew Tridgell
931f594cf1 r23036: error checking on asn1_init() failure
(This used to be commit 26cf849408)
2007-10-10 14:52:43 -05:00
Andrew Tridgell
7bb939b1cb r23030: finally fixed up our asn1 code to use better memory allocation. This
should allow us to fix some long standing memory leaks.
(This used to be commit 3db49c2ec9)
2007-10-10 14:52:42 -05:00
Stefan Metzmacher
35ffca8932 r22403: this dependencies should be private
metze
(This used to be commit c3cc03ffb2)
2007-10-10 14:51:14 -05:00
Andrew Bartlett
9b03286b32 r21806: I've been working over the last week to fix up the LDAP backend for
Samba4.  This only broke on global catalog queries, which turned out to
be due to changes in the partitions module that metze needed for his
DRSUAPI work.

I've reworked partitions.c to always include the 'problematic' control,
and therefore demonstrated that this is the issue.  This ensures
consistency, and should help with finding issues like this in future.

As this control (DSDB_CONTROL_CURRENT_PARTITION_OID) is not intended to
be linearised, I've added logic to allow it to be skipped when creating
network packets.

I've likewise make our LDAP server skip unknown controls, when marked
'not critical' on it's input, rather than just dropping the entire
request.  I need some help to generate a correct error packet when it is
marked critical.

Further work could perhaps be to have the ldap_encode routine return a
textual description of what failed to encode, as that would have saved
me a lot of time...

Andrew Bartlett
(This used to be commit eef710668f)
2007-10-10 14:49:29 -05:00
Stefan Metzmacher
bf772399bf r21511: this seems to be the nicer fix for the problem with
the windows 2000 LDAP client

metze
(This used to be commit d40465470f)
2007-10-10 14:48:47 -05:00
Andrew Bartlett
7dc7156bd7 r21496: A number of ldb control and LDAP changes, surrounding the
'phantom_root' flag in the search_options control

- Add in support for LDB controls to the js layer
- Test the behaviour
- Implement support for the 'phantom_root' flag in the partitions module
- Make the LDAP server set the 'phantom_root' flag in the search_options control
  - This replaces the global_catalog flag passed down as an opaque pointer
- Rework the string-format control parsing function into
  ldb_parse_control_strings(), returning errors by ldb_errorstring()
  method, rather than with printf to stderr
- Rework some of the ldb_control handling logic

Andrew Bartlett
(This used to be commit 2b3df7f38d)
2007-10-10 14:48:44 -05:00
Stefan Metzmacher
89278a1469 r20906: allow LDAP simple binds using the following syntaxes in the DN field:
CN=Administrator,CN=Users,DC=w2k3,DC=vmnet1,DC=vm,DC=base
Administrator@W2K3
W2K3\Administrator
w2k3.vmnet1.vm.base/Users/Administrator

w2k3 also allows this (and maybe more...?)

metze
(This used to be commit 40c27ef88d)
2007-10-10 14:43:50 -05:00
Stefan Metzmacher
030ede5852 r20407: the oMObjectClass values are not padded to 10 bytes!
metze
(This used to be commit f860dd2dca)
2007-10-10 14:30:24 -05:00
Stefan Metzmacher
9f2945b00d r20322: I assume the options attribute of the nTDSDSA object contains
mutiple flags not just 1 for being a global catalog

metze
(This used to be commit 202645e196)
2007-10-10 14:29:40 -05:00
Stefan Metzmacher
a3c0f3035d r20189: remove unused struct element
metze
(This used to be commit d20d1872d5)
2007-10-10 14:29:20 -05:00
Andrew Bartlett
d471e52d23 r20149: Remove the smb.conf distinction between PDC and BDC. Now the correct
way to setup a Samba4 DC is to set 'server role = domain controller'.

We use the fSMORoleOwner attribute in the base DN to determine the PDC.

This patch is quite large, as I have corrected a number of places that
assumed taht we are always the PDC, or that used the smb.conf
lp_server_role() to determine that.

Also included is a warning fix in the SAMR code, where the IDL has
seperated a couple of types for group display enumeration.

We also now use the ldb database to determine if we should run the
global catalog service.

In the near future, I will complete the DRSUAPI
DsGetDomainControllerInfo server-side on the same basis.

Andrew Bartlett
(This used to be commit 67d8365e83)
2007-10-10 14:29:15 -05:00
Simo Sorce
a9e31b33b5 r19832: better prototypes for the linearization functions:
- ldb_dn_get_linearized
  returns a const string

- ldb_dn_alloc_linearized
  allocs astring with the linearized dn
(This used to be commit 3929c086d5)
2007-10-10 14:28:22 -05:00
Simo Sorce
4889eb9f7a r19831: Big ldb_dn optimization and interfaces enhancement patch
This patch changes a lot of the code in ldb_dn.c, and also
removes and add a number of manipulation functions around.

The aim is to avoid validating a dn if not necessary as the
validation code is necessarily slow. This is mainly to speed up
internal operations where input is not user generated and so we
can assume the DNs need no validation. The code is designed to
keep the data as a string if possible.

The code is not yet 100% perfect, but pass all the tests so far.
A memleak is certainly present, I'll work on that next.

Simo.
(This used to be commit a580c871d3)
2007-10-10 14:28:22 -05:00
Stefan Metzmacher
3c6b9db18f r19722: fix memory leaks and hierachie bugs
metze
(This used to be commit fddcbf5d4c)
2007-10-10 14:28:14 -05:00
Stefan Metzmacher
132b046ec8 r19721: ldapsrv_SearchCallback isn't needed any more
ldb_search_default_callback does the same...

metze
(This used to be commit 0edac60ec6)
2007-10-10 14:28:13 -05:00
Andrew Bartlett
13dbee3ffe r19598: Ahead of a merge to current lorikeet-heimdal:
Break up auth/auth.h not to include the world.

Add credentials_krb5.h with the kerberos dependent prototypes.

Andrew Bartlett
(This used to be commit 2b569c42e0)
2007-10-10 14:25:00 -05:00
Simo Sorce
b7774527fa r19531: Make struct ldb_dn opaque and local to ldb_dn.c
(This used to be commit 889fb983ba)
2007-10-10 14:24:44 -05:00
Andrew Bartlett
899ae849e8 r19522: Remove gensec and credentials dependency from the rootdse module (less
dependency loops).

This moves the evaluation of the SASL mechansim list to display in the
rootDSE to the ldap server.

Andrew Bartlett
(This used to be commit 379da475e2)
2007-10-10 14:24:44 -05:00
Andrew Bartlett
31454d2e8b r18989: Fixes found by these two LDAP testsuites:
- http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/
- http://gleg.net/protover_ldap_sample.shtml

Also fixes found by a subsequent audit of the code for similar issues.
(This used to be commit 441a4f6262)
2007-10-10 14:20:26 -05:00
Simo Sorce
460679fd53 r18909: use newer functions that were introduced after this code was made
(This used to be commit 3ce1796eb4)
2007-10-10 14:20:20 -05:00
Andrew Tridgell
30ee8beb93 r18301: I discovered how to load the warnings from a build farm build into
emacs compile mode (hint, paste to a file, and compile as "cat
filename").

This allowed me to fix nearly all the warnings for a IA_64 SuSE build
very quickly.
(This used to be commit eba6c84eff)
2007-10-10 14:18:04 -05:00
Jelmer Vernooij
0329d755a7 r17930: Merge noinclude branch:
* Move dlinklist.h, smb.h to subsystem-specific directories
 * Clean up ads.h and move what is left of it to dsdb/
   (only place where it's used)
(This used to be commit f7afa1cb77)
2007-10-10 14:16:54 -05:00
Simo Sorce
fd4e294c41 r17829: Fix the order of the bytes
(This used to be commit 9910c01a3a)
2007-10-10 14:16:46 -05:00
Andrew Tridgell
c8064e1f92 r17644: change the ldap server to always use the single process model. We are
not aiming to produce a high performance parallel ldap server, so
better to reserve the extra CPUs on a SMP box for file serving.
(This used to be commit 45c0580e5d)
2007-10-10 14:16:18 -05:00
Simo Sorce
798e4c687c r17642: some more mappings
(This used to be commit df1fe1a5c5)
2007-10-10 14:16:18 -05:00
Simo Sorce
4fc0366bce r17641: some more info, add oMObjectClass values (binary :-/)
(This used to be commit b07a783b98)
2007-10-10 14:16:18 -05:00
Simo Sorce
ff5120ea1f r17632: This is the most accurate mappings between LDAP OID Syntaxes and AD Syntaxes.
Generated by scripts that cross information from the Windows Schema and the
aggregate schema and cross verified by searching on the net
(This used to be commit 996452844a)
2007-10-10 14:16:17 -05:00
Simo Sorce
4719fede4c r17631: Some syntaxes from MS in a now vanished internet draft
(This used to be commit 1020edb0c7)
2007-10-10 14:16:17 -05:00
Stefan Metzmacher
a2eca9174c r17586: merge lib/netif into lib/socket and use -lnsl -lsocket on the
configure check for the interfaces.

should fix the build on some old sun boxes

metze
(This used to be commit f20e251bfd)
2007-10-10 14:15:39 -05:00
Simo Sorce
a23b63a8e5 r17516: Change helper function names to make more clear what they are meant to do
(This used to be commit ad75cf8695)
2007-10-10 14:15:31 -05:00
Simo Sorce
87b2218db7 r17434: update our index
(This used to be commit 9f79714389)
2007-10-10 14:15:25 -05:00
Simo Sorce
a72a455e29 r17433: remove obsoleted RFCs
(This used to be commit 7dffabc744)
2007-10-10 14:15:25 -05:00
Stefan Metzmacher
7a845bcb01 r17341: pass a messaging context to auth_context_create()
and gensec_server_start().

calling them with NULL for event context or messaging context
is no longer allowed!

metze
(This used to be commit 679ac74e71)
2007-10-10 14:15:17 -05:00
Stefan Metzmacher
04d776a409 r17251: - split out the starttls into its own function
- give an operations error when tls is already on the socket

metze
(This used to be commit 9190d134c9)
2007-10-10 14:10:23 -05:00
Stefan Metzmacher
aeb8077b96 r17240: move extended operations to a new file
metze
(This used to be commit 0b16350fa2)
2007-10-10 14:10:23 -05:00
Stefan Metzmacher
4cdcc17893 r17237: - keep pointer to the different sockets
- we need this to later:
  - to disallow a StartTLS when TLS is already in use
  - to place the TLS socket between the raw and sasl socket
    when we had a sasl bind before the StartTLS
  - and rfc4513 says that the server may allow to remove the TLS from
    the tcp connection again and reuse raw tcp
  - and also a 2nd sasl bind should replace the old sasl socket

metze
(This used to be commit 10cb9c07ac)
2007-10-10 14:10:22 -05:00
Stefan Metzmacher
79f7b58630 r17226: add some comments about ldap binds and pending requests
metze
(This used to be commit e8db1fb558)
2007-10-10 14:10:22 -05:00
Andrew Bartlett
a6629e037a r17224: Accept the start-tls extended request. Getting OpenLDAP to recognise
our certificate, and proceed with the connection is left as an
exercise for the reader...

Andrew Bartlett
(This used to be commit 9bd66d4c95)
2007-10-10 14:10:21 -05:00
Andrew Bartlett
9d6f276717 r17222: Change the function prototypes for the GENSEc and TLS socket creation
routines to return an NTSTATUS.  This should help track down errors.

Use a bit of talloc_steal and talloc_unlink to get the real socket to
be a child of the GENSEC or TLS socket.

Always return a new socket, even for the 'pass-though' case.

Andrew Bartlett
(This used to be commit 003e2ab93c)
2007-10-10 14:10:20 -05:00
Andrew Bartlett
d8f1e27b19 r17215: Prepare the SASL socket before actually settting it. This allows
errors to be reported corectly, rather than just dropping the socket.

Andrew Bartlett
(This used to be commit 83dd22accf)
2007-10-10 14:10:19 -05:00
Andrew Bartlett
ba07fa43d0 r17197: This patch moves the encryption of bulk data on SASL negotiated security
contexts from the application layer into the socket layer.

This improves a number of correctness aspects, as we now allow LDAP
packets to cross multiple SASL packets.  It should also make it much
easier to write async LDAP tests from windows clients, as they use SASL
by default.  It is also vital to allowing OpenLDAP clients to use GSSAPI
against Samba4, as it negotiates a rather small SASL buffer size.

This patch mirrors the earlier work done to move TLS into the socket
layer.

Unusual in this pstch is the extra read callback argument I take.  As
SASL is a layer on top of a socket, it is entirely possible for the
SASL layer to drain a socket dry, but for the caller not to have read
all the decrypted data.  This would leave the system without an event
to restart the read (as the socket is dry).

As such, I re-invoke the read handler from a timed callback, which
should trigger on the next running of the event loop.  I believe that
the TLS code does require a similar callback.

In trying to understand why this is required, imagine a SASL-encrypted
LDAP packet in the following formation:

+-----------------+---------------------+
| SASL  Packet #1 | SASL Packet #2      |
----------------------------------------+
| LDAP Packet #1       | LDAP Packet #2 |
----------------------------------------+

In the old code, this was illegal, but it is perfectly standard
SASL-encrypted LDAP.  Without the callback, we would read and process
the first LDAP packet, and the SASL code would have read the second SASL
packet (to decrypt enough data for the LDAP packet), and no data would
remain on the socket.

Without data on the socket, read events stop.  That is why I add timed
events, until the SASL buffer is drained.

Another approach would be to add a hack to the event system, to have it
pretend there remained data to read off the network (but that is ugly).

In improving the code, to handle more real-world cases, I've been able
to remove almost all the special-cases in the testnonblock code.  The
only special case is that we must use a deterministic partial packet
when calling send, rather than a random length.  (1 + n/2).  This is
needed because of the way the SASL and TLS code works, and the 'resend
on failure' requirements.

Andrew Bartlett
(This used to be commit 5d7c9c12cb)
2007-10-10 14:10:18 -05:00
Simo Sorce
fcea638657 r17193: Remove ancient stuff never really used
(This used to be commit a6709196ca)
2007-10-10 14:10:17 -05:00
Simo Sorce
3faab3e6dd r17189: Add the new LDAP rfc series
(This used to be commit d3f8b813b3)
2007-10-10 14:10:17 -05:00
Simo Sorce
49f68caed2 r17186: "async" word abuse clean-up part 2
(This used to be commit c6aa60c7e6)
2007-10-10 14:10:17 -05:00
Simo Sorce
c93817b36d r17185: Oh, I wanted to do this for sooo long time.
Finally acknowledge that ldb is inherently async and does not have a dual personality anymore
Rename all ldb_async_XXX functions to ldb_XXX except for ldb_async_result, it is now ldb_reply
to reflect the real function of this structure.

Simo.
(This used to be commit 25fc735404)
2007-10-10 14:10:16 -05:00
Andrew Bartlett
32ab518767 r16972: Replace the sequence_number function pointer in ldb with the ldb flags.
The function pointer was meant to be unused, this patch fixes
partition.c to use ldb_sequence_number().  (No backend provided the
pointer any more).

Set the flags onto the ldb structure, so that all backends opened by
the partitions module inherit the flags.

Set the read-ony flag when accessed as the global catalog

Modify the LDAP server to track that this query is for the global
catalog (by incoming port), and set a opqaue pointer.

Next step is to read that opaque pointer in the partitions module.

Andrew Bartlett
(This used to be commit a1161cb30e)
2007-10-10 14:10:04 -05:00
Andrew Bartlett
9da5d4fd69 r16795: Fix crash found by Dave Fenwick <djf@samba.org>.
The session_info was not being attached to the connection, so
subsequent checks in the kludge_acl module were looking at free()ed
memory.

Andrew Bartlett
(This used to be commit 7e9079ac7a)
2007-10-10 14:09:46 -05:00
Andrew Bartlett
d4c5627073 r16234: Set the request timeout from the LDAP search. Without this, the
initial request time is uninitialised, and this causes havoc later.
This also allows us to honour the client's wishes.

We should be doing this for all the operations...

Andrew Bartlett
(This used to be commit c8f5b1c928)
2007-10-10 14:09:07 -05:00
Simo Sorce
2d19dca9c8 r15944: rename LDB_ASYNC_ADD -> LDB_ADD, LDB_ASYNC_MODIFY -> LDB_MODIFY, etc...
(This used to be commit 55d97ef88f)
2007-10-10 14:08:43 -05:00
Simo Sorce
2613d19937 r15933: remove the last sync call to ldb_request
(This used to be commit 10d66aa61d)
2007-10-10 14:08:41 -05:00
Andrew Bartlett
742c110cd6 r15400: Move the TLS code behind the socket interface.
This reduces caller complexity, because the TLS code is now called
just like any other socket.  (A new socket context is returned by the
tls_init_server and tls_init_client routines).

When TLS is not available, the original socket is returned.

Andrew Bartlett
(This used to be commit 09b2f30dfa)
2007-10-10 14:05:32 -05:00
Jelmer Vernooij
5c3a1d76ff r15379: Fix shared library build's unresolved dependencies
(This used to be commit 0fafa2e595)
2007-10-10 14:05:29 -05:00
Andrew Bartlett
26259ce98b r15317: Because LDB is now async, there are more places were we might run the
even context again.  We need to ensure we don't process packets until
we are finished setting up the connection, have the ldb in place etc.

We may need to do the same in other servers.

Andrew Bartlett
(This used to be commit 9bbc93bef2)
2007-10-10 14:05:11 -05:00
Jelmer Vernooij
b00c236906 r15301: Use static libraries internally. This required a few hacks in the build
system - these should be removed later on.
(This used to be commit 0654739166)
2007-10-10 14:05:07 -05:00
Jelmer Vernooij
69b51f702a r15207: Introduce PRIVATE_DEPENDENCIES and PUBLIC_DEPENDENCIES as replacement
for REQUIRED_SUBSYSTEMS.
(This used to be commit adc8a019b6)
2007-10-10 14:04:18 -05:00
Stefan Metzmacher
f53e12b41b r14857: fix bugs noticed by the ibm code checker
metze
(This used to be commit 07626bf3c7)
2007-10-10 13:59:43 -05:00
Andrew Bartlett
13f45733a3 r14673: Don't double-free conn, it is below 'c' free'ed by
stream_terminate_connection()

Andrew Bartlett
(This used to be commit a6c7979860)
2007-10-10 13:59:07 -05:00
Jelmer Vernooij
9565c70898 r14567: Make some more functions public.
(This used to be commit 8e84e6cb6b)
2007-10-10 13:58:48 -05:00
Stefan Metzmacher
651ca6553e r14079: I just found the setproctitle library from alt linux:-)
- add set_title hook to the process models
- use setproctitle library in process_model standard if available
- the the title for the task servers and on connections

metze
(This used to be commit 526f20bbec)
2007-10-10 13:56:49 -05:00
Stefan Metzmacher
60823d1878 r14078: move ldb_global_init() to the main smbd code,
to fix the process_model standard

metze
(This used to be commit a465126e15)
2007-10-10 13:56:49 -05:00
Simo Sorce
82da2d401e r13998: From now on ldb_request() will require an alloced request
By freeing the request you will be sure everything down the path get freed.

this also means you have to steal the results if you want to keep them :)

simo.
(This used to be commit e8075e6a06)
2007-10-10 13:52:36 -05:00
Stefan Metzmacher
c9e5d884fc r13941: fix the build
metze
(This used to be commit d9da948b0f)
2007-10-10 13:52:29 -05:00
Jelmer Vernooij
9bd7dd9121 r13926: More header splitups.
(This used to be commit 930daa9f41)
2007-10-10 13:52:26 -05:00
Jelmer Vernooij
4ac2be9958 r13924: Split more prototypes out of include/proto.h + initial work on header
file dependencies
(This used to be commit 1228358767)
2007-10-10 13:52:24 -05:00
Stefan Metzmacher
20c7347f43 r13812: fix compiler warning
metze
(This used to be commit 1340cb1f3b)
2007-10-10 13:52:13 -05:00
Jelmer Vernooij
26af14c39b r13786: [merge] Add registration functions for LDB modules
Applications that use LDB modules will now have to run ldb_global_init()
before they can use LDB.

The next step will be adding support for loading LDB modules from .so
files. This will also allow us to use one LDB without difference between the
standalone and the Samba-specific build
(This used to be commit 52a2356505)
2007-10-10 13:52:11 -05:00
Simo Sorce
00fe70e5b9 r13609: Get in the initial work on making ldb async
Currently only ldb_ildap is async, the plan
is to first make all backend support the async calls,
and then remove the sync functions from backends and
keep the only in the API.

Modules will need to be transformed along the way.

Simo
(This used to be commit 1e2c13b2d5)
2007-10-10 13:51:59 -05:00
Andrew Bartlett
f490434c0f r13606: An attempt to fix #3525.
The problem was that the supportedControls were being stolen into the
result sent to the client, then talloc_free()ed.  This caused them to
be invalid on the next rootDSE query.

This also tries to avoid attaching the result to the long-term samdb
context, and avoids an extra loop in the result processing (pointed
out by tridge).

Andrew BARtlett
(This used to be commit d0b8957f38)
2007-10-10 13:51:59 -05:00
Stefan Metzmacher
7449f4d803 r13508: some ASN.1 element in LDAP are optional,
make it possible to code the difference between a zero length and a NULL DATA_BLOB...

metze
(This used to be commit 54f0b19c55)
2007-10-10 13:51:56 -05:00
Simo Sorce
5972e01163 r13357: more docs
(This used to be commit 5af9086dea)
2007-10-10 13:51:49 -05:00
Andrew Bartlett
15f73e6404 r13339: Propogate more error infomation into the error packet and reformat the
code a little.  This also fixes a segfault when we didn't fill in the
error message.

Andrew Bartlett
(This used to be commit 3be01a4ac7)
2007-10-10 13:51:46 -05:00
Simo Sorce
1d43fa6c9f r13307: docs
(This used to be commit e56630d1f8)
2007-10-10 13:51:43 -05:00
Simo Sorce
eed0a95128 r12917: fix decoding of ldap controls
some more work on timeouts
(This used to be commit a7e2fe3cb3)
2007-10-10 13:51:02 -05:00
Simo Sorce
d45a8de617 r12905: add some ldap policies
not yet enforced except for the initial connection timeout
(This used to be commit fa1ae9a44b)
2007-10-10 13:51:01 -05:00
Simo Sorce
a7a79d2b25 r12880: Remove ldap partitions useless now and probably we
will not use it anyway as we plan to support
partitions in ldb directly like with rootdse

Merge ldap_simple_ldb into ldap_backend, it is
not simple anymore and makes no sense to have
it separated now that ldap partitions are gone

Initial attempt at working to some limit to avoid DOSs
for the ldap server.

Simo.
(This used to be commit 97bff3e049)
2007-10-10 13:50:57 -05:00
Andrew Bartlett
f55ea8bb3d r12804: This patch reworks the Samba4 sockets layer to use a socket_address
structure that is more generic than just 'IP/port'.

It now passes make test, and has been reviewed and updated by
metze. (Thankyou *very* much).

This passes 'make test' as well as kerberos use (not currently in the
testsuite).

The original purpose of this patch was to have Samba able to pass a
socket address stucture from the BSD layer into the kerberos routines
and back again.   It also removes nbt_peer_addr, which was being used
for a similar purpose.

It is a large change, but worthwhile I feel.

Andrew Bartlett
(This used to be commit 88198c4881)
2007-10-10 13:49:57 -05:00
Stefan Metzmacher
a36c172d46 r12792: fix compiler warning
metze
(This used to be commit 1eca5f46c6)
2007-10-10 13:49:55 -05:00
Simo Sorce
c908d0b2aa r12733: Merge ldap/ldb controls into main tree
There's still lot of work to do but the patch is stable
enough to be pushed into the main samba4 tree.

Simo.
(This used to be commit 77125feaff)
2007-10-10 13:49:47 -05:00
Jelmer Vernooij
78c50015bb r12694: Move some headers to the directory of the subsystem they belong to.
(This used to be commit c722f665c9)
2007-10-10 13:49:39 -05:00
Andrew Bartlett
bedfb06326 r12686: Push the real SASL list into the rootdse.
Get this out of the server credentials, and push it down to ldb via an
opaque pointer.

Andrew Bartlett
(This used to be commit 61700252e0)
2007-10-10 13:49:38 -05:00
Jelmer Vernooij
d4de4c2d21 r12608: Remove some unused #include lines.
(This used to be commit 70e7449318)
2007-10-10 13:49:03 -05:00
Andrew Bartlett
cca1daeab1 r12595: There was no comment on the mailing list, so kill the 'ldapsrv:samdb'
parameter.  It isn't useful with so many other things in the ldap
server opening the database directly.  Best to run this as a seperate
process, and change the global options.

Andrew Bartlett
(This used to be commit 34d6220cec)
2007-10-10 13:49:00 -05:00
Jelmer Vernooij
2cd5ca7d25 r12542: Move some more prototypes out to seperate headers
(This used to be commit 0aca5fd513)
2007-10-10 13:47:55 -05:00
Jelmer Vernooij
d8e35f8828 r12498: Eliminate INIT_OBJ_FILES and ADD_OBJ_FILES. We were not using
the difference between these at all, and in the future the
fact that INIT_OBJ_FILES include smb_build.h will be sufficient to
have recompiles at the right time.
(This used to be commit b24f2583ed)
2007-10-10 13:47:45 -05:00
Andrew Bartlett
6bd8be8671 r12360: Add simple bind support into our LDAP server.
Needs changes to our client code for automated testing.

Andrew Bartlett
(This used to be commit e751d81414)
2007-10-10 13:47:30 -05:00
Andrew Bartlett
a1827a1deb r12227: I realised that I wasn't yet seeing authenticated LDAP for the ldb
backend.

The idea is that every time we open an LDB, we can provide a
session_info and/or credentials.  This would allow any ldb to be remote
to LDAP.  We should also support provisioning to a authenticated ldap
server.

(They are separate so we can say authenticate as foo for remote, but
here we just want a token of SYSTEM).

Andrew Bartlett
(This used to be commit ae2f3a64ee)
2007-10-10 13:47:22 -05:00
Simo Sorce
f2c3c28a7c r12148: add the docs for the paged results control
(This used to be commit 9fab4ab272)
2007-10-10 13:47:14 -05:00
Stefan Metzmacher
e246a06751 r12126: get rid of the local ->terminate hacks, we do that genericly now
metze
(This used to be commit a7baf165c1)
2007-10-10 13:47:12 -05:00
Andrew Tridgell
6eabad9c9d r11958: - fixed memory leaks in the ldb_result handling in ldb operations
- removed an unnecessary level of pointer in ldb_search structure
(This used to be commit b8d4afb14a)
2007-10-10 13:46:51 -05:00
Andrew Tridgell
53562f7746 r11955: got rid of the old rootDSE code in the ldap server.
The partitioning logic is still there, but we only have one
partition. If we need partitioning in the future it might be better to
remove this partitioning code and use a partitioning module instead
(This used to be commit f4685e7dc9)
2007-10-10 13:46:50 -05:00
Andrew Tridgell
614950aed3 r11713: separate out the setting of the fde in the packet context from the
enabling of packet serialisation
(This used to be commit 6a47cd65a8)
2007-10-10 13:46:17 -05:00
Andrew Tridgell
f59c61d413 r11622: convert the ldap server to the generic packet code
(This used to be commit 6ef4ba0c81)
2007-10-10 13:46:00 -05:00
Simo Sorce
5c95905871 r11567: Ldb API change patch.
This patch changes the way lsb_search is called and the meaning of the returned integer.
The last argument of ldb_search is changed from struct ldb_message to struct ldb_result
which contains a pointer to a struct ldb_message list and a count of the number of messages.
The return is not the count of messages anymore but instead it is an ldb error value.

I tryed to keep the patch as tiny as possible bu as you can guess I had to change a good
amount of places. I also tried to double check all my changes being sure that the calling
functions would still behave as before. But this patch is big enough that I fear some bug
may have been introduced anyway even if it passes the test suite. So if you are currently
working on any file being touched please give it a deep look and blame me for any error.

Simo.
(This used to be commit 22c8c97e6f)
2007-10-10 13:45:53 -05:00
Andrew Tridgell
f8ebd5a53c r11447: fixed a problem with the ldap server spinning using CPU time
(This used to be commit c913f466cd)
2007-10-10 13:45:38 -05:00
Andrew Tridgell
da048ad7ca r11408: fixed the mapping of ldb errors to ldap errors in the ldap server
(This used to be commit 647cb90360)
2007-10-10 13:45:33 -05:00
Jelmer Vernooij
4c5a4a7e02 r11244: Relative path names in .mk files
(This used to be commit 24e1030090)
2007-10-10 13:45:06 -05:00
Andrew Bartlett
90550077b9 r11225: Remove pointless goto.
Andrew Bartlett
(This used to be commit 30f4ece4d2)
2007-10-10 13:45:05 -05:00
Jelmer Vernooij
f4d590662e r11214: Remove scons files (see http://lists.samba.org/archive/samba-technical/2005-October/043443.html)
(This used to be commit 7fffc5c917)
2007-10-10 13:45:03 -05:00
Andrew Bartlett
372ca26b20 r11200: Reposition the creation of the kerberos keytab for GSSAPI and Krb5
authentication.  This pulls the creating of the keytab back to the
credentials code, and removes the special case of 'use keberos keytab
= yes' for now.

This allows (and requires) the callers to specify the credentials for
the server credentails to GENSEC.  This allows kpasswdd (soon to be
added) to use a different set of kerberos credentials.

The 'use kerberos keytab' code will be moved into the credentials
layer, as the layers below now expect a keytab.

We also now allow for the old secret to be stored into the
credentials, allowing service password changes.

Andrew Bartlett
(This used to be commit 205f77c579)
2007-10-10 13:45:00 -05:00
Andrew Tridgell
374ced5ab0 r11112: listen on the global catalog ldap server port as well if we are a
PDC. I suspect we should behave slightly differently on the two ports,
but this is a lot closer than not listening at all. When creating a
user with mmc the global catalog port is used to check for an existing
user
(This used to be commit f8430c3f41)
2007-10-10 13:44:51 -05:00
Andrew Tridgell
33da2fabe6 r10914: moved the ldap time string functions into ldb so they can be used by
the time attribute handling functions
(This used to be commit 93c296d527)
2007-10-10 13:39:42 -05:00
Stefan Metzmacher
1e14572a26 r10832: free the old session info
metze
(This used to be commit 16b2569788)
2007-10-10 13:39:33 -05:00
Andrew Bartlett
b992481d7e r10820: Use talloc_get_type as suggested by tridge.
Andrew Bartlett
(This used to be commit 9c511a16f8)
2007-10-10 13:39:32 -05:00
Andrew Bartlett
1377cca5f4 r10810: This adds the hooks required to communicate the current user from the
authenticated session down into LDB.  This associates a session info
structure with the open LDB, allowing a future ldb_ntacl module to
allow/deny operations on that basis.

Along the way, I cleaned up a few things, and added new helper functions
to assist.  In particular the LSA pipe uses simpler queries for some of
the setup.

In ldap_server, I have removed the 'ldasrv:hacked' module, which hasn't
been worked on (other than making it continue to compile) since January,
and I think the features of this module are being put into ldb anyway.

I have also changed the partitions in ldap_server to be initialised
after the connection, with the private pointer used to associate the ldb
with the incoming session.

Andrew Bartlett
(This used to be commit fd7203789a)
2007-10-10 13:39:32 -05:00
Andrew Tridgell
a04f65b1c7 r10709: fixed a crash bug rather similar to the one volker found in the dcerpc
code, where a stream_terminate_connection() while processing a request
can cause a later defererence of the connection structure to die.
(This used to be commit efbcb0f741)
2007-10-10 13:39:23 -05:00
Jelmer Vernooij
5058f4b9e8 r10586: Add MergedObject() builder. Default to Library() rather
then StaticLibrary()
(This used to be commit b53313dc51)
2007-10-10 13:39:08 -05:00
Volker Lendecke
5c40f9cd9b r10353: Fix typo
(This used to be commit b871ecbc2c)
2007-10-10 13:38:31 -05:00
Jelmer Vernooij
6812c73534 r10348: Add scons scripts for remaining subsystems. Most subsystems build now,
but final linking still fails (as does generating files asn1, et, idl and proto
files)
(This used to be commit 4f0d7f75b9)
2007-10-10 13:38:30 -05:00
Jelmer Vernooij
5b02ee9b9d r10336: Add sconscript for a couple more subsystems.
(This used to be commit 59d4450453)
2007-10-10 13:38:29 -05:00
Jelmer Vernooij
349294d358 r10315: Remove use of fstring and pstring in dynconfig.c
Remove unused includes of dynconfig.h
(This used to be commit 59083b7ba6)
2007-10-10 13:38:17 -05:00
Andrew Tridgell
95040e9341 r10252: a recent checkin from simo changed the handling of BASE and SUBTREE
searches in ldb to be more ldap compliant, but broke the wins server
and the ejs ldb code. This fixes those up so 'make test' passes again.
(This used to be commit dff660c23c)
2007-10-10 13:38:11 -05:00
Stefan Metzmacher
84951a4cee r10237: fix parameter, how have I missed this...?
metze
(This used to be commit d02e1aa049)
2007-10-10 13:38:10 -05:00
Andrew Tridgell
a129ad36eb r10213: fixed a memory leak in the ldap client and server code spotted by Karl
Melcher. ldap_encode() now takes a memory context to use for the data
blob
(This used to be commit 09948a5933)
2007-10-10 13:38:09 -05:00
Stefan Metzmacher
a8ec371a61 r10078: - add a 'struct data_blob_list_item'
- use this for the send_queue's of the different stream_servers
  to not redefine the same struct so often, and it maybe will be used
  in other places too

metze
(This used to be commit b6694f067a)
2007-10-10 13:37:51 -05:00
Andrew Bartlett
897e9f2b4d r9417: Ask for the ASYNC_REPLIES feature, as will want that.
Andrew Bartlett
(This used to be commit 8cb8f99ae6)
2007-10-10 13:33:36 -05:00
Simo Sorce
3e4c4cff21 r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names
Provide more functions to handle DNs in this form
(This used to be commit 692e35b779)
2007-10-10 13:33:32 -05:00
Simo Sorce
e66f76c864 r8926: RFC 2891 - LDAP Control Extension for Server Side Sorting of Search Results
(This used to be commit 5dd4844cc5)
2007-10-10 13:30:58 -05:00
Jelmer Vernooij
6553dd0c60 r8811: Fix the build..
(This used to be commit fac77f5fa2)
2007-10-10 13:30:07 -05:00
Andrew Tridgell
e835621799 r8520: fixed a pile of warnings from the build farm gcc -Wall output on
S390. This is an attempt to avoid the panic we're seeing in the
automatic builds.

The main fixes are:

 - assumptions that sizeof(size_t) == sizeof(int), mostly in printf formats

 - use of NULL format statements to perform dn searches.

 - assumption that sizeof() returns an int
(This used to be commit a58ea6b385)
2007-10-10 13:29:34 -05:00
Simo Sorce
b86111fe83 r8514: add docs
(This used to be commit 876f0a095b)
2007-10-10 13:29:33 -05:00
Andrew Tridgell
c6881d1e65 r8272: added the hooks for adding a name to a messaging context, so we will
be able to send a message to the "ldap_server" task without having to
know its task ID.
(This used to be commit 8f69867867)
2007-10-10 13:19:29 -05:00
Stefan Metzmacher
a1a3b96731 r8222: 0 entries are no error, unless it's a base search
metze
(This used to be commit 0297943ff2)
2007-10-10 13:19:21 -05:00
Andrew Tridgell
3214f2e212 r7918: fixed a crash bug in the ldap server
(This used to be commit 44ded17bc2)
2007-10-10 13:18:50 -05:00
Andrew Tridgell
b3e493470f r7911: task_terminate() is defined in the macosx headers, so change the name
to task_server_terminate()
(This used to be commit a7447e25ac)
2007-10-10 13:18:48 -05:00
Andrew Tridgell
63811f0cb8 r7854: only enable wrapping in the ldap server if it was negotiated by gensec
(This used to be commit 355983493b)
2007-10-10 13:18:43 -05:00
Andrew Tridgell
a7bbc024ed r7801: the ldap server needs this logic too
(This used to be commit 1dbb5bf2c1)
2007-10-10 13:18:37 -05:00
Andrew Tridgell
db6933323c r7777: allow for overriding the location of the sam databasein the ldap server, using
ldapsrv:samdb option. This allows the following:

          sam database=ldap://localhost
          ldapsrv:samdb=tdb:///home/tridge/samba/samba4/prefix/private/sam.ldb

which allows us to test putting the sam on an ldap server using our
own ldap server. This is a great stress test for the ldap code.
(This used to be commit 40948ba384)
2007-10-10 13:18:35 -05:00
Andrew Tridgell
b3e862b2d5 r7753: removed debugging code :-)
(This used to be commit 51ea22db2d)
2007-10-10 13:18:31 -05:00
Andrew Tridgell
7a17da2186 r7751: only enable tls on the ldaps port in ldap server, and reject non-tls
connections on that port
(This used to be commit 30da6a1cc4)
2007-10-10 13:18:31 -05:00
Andrew Tridgell
7267cb3312 r7749: some bug fixes from testing with socket:testnonblock
- fixed some infinite loops in asn1.c

- ensure asn1 callers know if an error is end of buffer or bad data

- handle npending 0 in ldap server
(This used to be commit f22c3b84c8)
2007-10-10 13:18:30 -05:00
Andrew Tridgell
c7496c6cdb r7747: - simplified the ldap server buffer handling
- got rid of the special cases for sasl buffers

- added a tls_socket_pending() call to determine how much data is waiting on a tls connection

- removed the attempt at async handling of ldap calls. The buffers/sockets are all async, but the calls themselves
  are sync.
(This used to be commit 73cb4aad22)
2007-10-10 13:18:30 -05:00
Andrew Tridgell
68853a1c7b r7746: - added TLS support to our ldap server
- this involved changing the buffer handling in the ldap server quite a
  lot, as it didn't handle partial packets at all

- removed completely bogus asn1_object_length() function. You can't
  do that with BER/DER
(This used to be commit fed6f4cc6c)
2007-10-10 13:18:30 -05:00
Andrew Tridgell
bf75ae4155 r7726: - removed some unused variables
- handle ldb_errstring() calls on failed connect
(This used to be commit 8698a20fcc)
2007-10-10 13:18:27 -05:00
Andrew Tridgell
b4eee348c4 r7720: - simplify the asn1 decode of ldap_search() a lot, taking advantage of
the fact that the ldap data structures now use ldb_message_element.

- fixed null termination of elements in ildap
(This used to be commit 09060994c1)
2007-10-10 13:18:26 -05:00
Andrew Tridgell
74037cbe92 r7711: update callers of ldb_connect() for new syntax
(This used to be commit f852661463)
2007-10-10 13:18:24 -05:00
Andrew Tridgell
fa165a688c r7677: fixed ldap server to honor 'private path'
(This used to be commit f6abed5660)
2007-10-10 13:18:21 -05:00
Andrew Tridgell
cf4552761e r7670: fixed rootDSE search in ldap server
(This used to be commit 0981a375cf)
2007-10-10 13:18:20 -05:00
Andrew Tridgell
af237084ec r7633: this patch started as an attempt to make the dcerpc code use a given
event_context for the socket_connect() call, so that when things that
use dcerpc are running alongside anything else it doesn't block the
whole process during a connect.

Then of course I needed to change any code that created a dcerpc
connection (such as the auth code) to also take an event context, and
anything that called that and so on .... thus the size of the patch.

There were 3 places where I punted:

  - abartlet wanted me to add a gensec_set_event_context() call
    instead of adding it to the gensec init calls. Andrew, my
    apologies for not doing this. I didn't do it as adding a new
    parameter allowed me to catch all the callers with the
    compiler. Now that its done, we could go back and use
    gensec_set_event_context()

  - the ejs code calls auth initialisation, which means it should pass
    in the event context from the web server. I punted on that. Needs fixing.

  - I used a NULL event context in dcom_get_pipe(). This is equivalent
    to what we did already, but should be fixed to use a callers event
    context. Jelmer, can you think of a clean way to do that?

I also cleaned up a couple of things:

 - libnet_context_destroy() makes no sense. I removed it.

 - removed some unused vars in various places
(This used to be commit 3a3025485b)
2007-10-10 13:18:15 -05:00
Andrew Tridgell
3e92471d4c r7596: next step in ldap cleanup. I'm aiming to get rid of the cut&pasted
ldif parsing code in libcli/ldap/ldap_ldif.c, and instead use the ldb
ldif code. To do that I have changed the ldap code to use 'struct
ldb_message_element' instead of 'struct ldap_attribute'. They are
essentially the same structure anyway, so by making them really the
same it will be much easier to use the ldb code in libcli/ldap/

I have also made 'struct ldb_val' the same as a DATA_BLOB, which will
simplify data handling in quite a few places (I haven't yet removed
all the code that maps between these two, that will come later)
(This used to be commit 87fc307339)
2007-10-10 13:18:12 -05:00
Andrew Tridgell
a7d6185f41 r7594: abartlet is right that this hack is not actually necessary, it just
prevents a bogus:
  GSS Update failed: Miscellaneous failure (see text): ASN.1 identifier doesn't match expected value
error on every ldap connection. I'll remove it and let the error remain until Andrew
works out a better fix.
(This used to be commit 6123eb2eca)
2007-10-10 13:18:12 -05:00
Andrew Tridgell
c0947b0d7f r7593: simplified the memory management in the ldap code. Having a mem_ctx
element in a structure is not necessary any more.
(This used to be commit 912d0427f5)
2007-10-10 13:18:12 -05:00
Andrew Tridgell
db2e86f75c r7568: enable the NTLMSSP bulk data sign/seal code for out ldap server. This
now works with windows clients, as I fixed the zero length bind ack packet.

Andrew, note that this has the strncmp("NTLMSSP", data, 7) hack. Please
replace with a more correct fix as we discussed.
(This used to be commit 69b02e8adb)
2007-10-10 13:18:10 -05:00
Andrew Tridgell
2e89687144 r7565: fixed handling of sasl data in ldap server
(This used to be commit 9b7a89735f)
2007-10-10 13:18:09 -05:00
Andrew Tridgell
4b0e5bd753 r7527: - added a ldb_search_bytree() interface, which takes a ldb_parse_tree
instead of a search expression. This allows our ldap server to pass
  its ASN.1 parsed search expressions straight to ldb, instead of going
  via strings.

- updated all the ldb modules code to handle the new interface

- got rid of the separate ldb_parse.h now that the ldb_parse
  structures are exposed externally

- moved to C99 structure initialisation in ldb

- switched ldap server to using ldb_search_bytree()
(This used to be commit 96620ab2ee)
2007-10-10 13:18:06 -05:00
Simo Sorce
b1b14817ea r5585: LDB interfaces change:
changes:
- ldb_wrap disappears from code and become a private structure of db_wrap.c
  thanks to our move to talloc in ldb code, we do not need to expose it anymore

- removal of ldb_close() function form the code
  thanks to our move to talloc in ldb code, we do not need it anymore
  use talloc_free() to close and free an ldb database

- some minor updates to ldb modules code to cope with the change and fix some
  bugs I found out during the process
(This used to be commit d58be9e74b)
2007-10-10 13:10:55 -05:00
Simo Sorce
e8eee542d3 r5583: some more docs
(This used to be commit d7751e3181)
2007-10-10 13:10:54 -05:00
Andrew Tridgell
a5bd1ccada r5307: removed db_wrap.h from includes.h
(This used to be commit 826baec7b3)
2007-10-10 13:09:40 -05:00
Andrew Tridgell
501379431c r5305: removed libcli/ldap/ldap.h from includes.h
(This used to be commit 0df3fdd817)
2007-10-10 13:09:39 -05:00
Andrew Tridgell
bed7c9ec32 r5304: removed lib/socket/socket.h from includes.h
(This used to be commit b902ea546d)
2007-10-10 13:09:39 -05:00
Andrew Tridgell
b9bb7f596d r5294: - added a separate NBT-WINS test for WINS operations (register, refresh, release and query)
- change the iface_n_*() functions to return a "const char *" instead of a "struct ipv4_addr"
  I think that in general we should move towards "const char *" for
  all IP addresses, as this makes IPv6 much easier, and is also easier
  to debug. Andrew, when you get a chance, could you fix some of the
  auth code to use strings for IPs ?

- return a NTSTATUS error on bad name queries and node status instead
  of using rcode. This makes the calling code simpler.

- added low level name release code in libcli/nbt/

- use a real IP in the register and wins nbt torture tests, as w2k3
  WINS server silently rejects some operations that don't come from the
  IP being used (eg. it says "yes" to a release, but does not in fact
  release the name)
(This used to be commit bb1ab11d8e)
2007-10-10 13:09:37 -05:00
Günther Deschner
c4eeb0459c r5266: This is a nice typo ;-)
Guenther
(This used to be commit 77b99c03b8)
2007-10-10 13:09:35 -05:00
Andrew Tridgell
131dc76d56 r5197: moved events code to lib/events/ (suggestion from metze)
(This used to be commit 7f54c8a339)
2007-10-10 13:09:30 -05:00
Andrew Tridgell
0798d54b4f r5195: most events don't need the time of the event, so save a gettimeofday() call
and just use timeval_current() when its actually needed
(This used to be commit 236403cc4d)
2007-10-10 13:09:30 -05:00
Andrew Tridgell
66170ef8b3 r5185: make all the events data structures private to events.c. This will
make it possible to add optimisations to the events code such as
keeping the next timed event in a sorted list, and using epoll for
file descriptor events.

I also removed the loop events code, as it wasn't being used anywhere,
and changed timed events to always be one-shot (as adding a new timed
event in the event handler is so easy to do if needed)
(This used to be commit d7b4b6de51)
2007-10-10 13:09:29 -05:00
Andrew Tridgell
55d4d36993 r5102: This is a major simplification of the logic for controlling top level
servers in smbd. The old code still contained a fairly bit of legacy
from the time when smbd was only handling SMB connection. The new code
gets rid of all of the smb_server specific code in smbd/, and creates
a much simpler infrastructures for new server code.

Major changes include:

 - simplified the process model code a lot.

 - got rid of the top level server and service structures
   completely. The top level context is now the event_context. This
   got rid of service.h and server.h completely (they were the most
   confusing parts of the old code)

 - added service_stream.[ch] for the helper functions that are
   specific to stream type services (services that handle streams, and
   use a logically separate process per connection)

 - got rid of the builtin idle_handler code in the service logic, as
   none of the servers were using it, and it can easily be handled by
   a server in future by adding its own timed_event to the event
   context.

 - fixed some major memory leaks in the rpc server code.

 - added registration of servers, rather than hard coding our list of
   possible servers. This allows for servers as modules in the future.

 - temporarily disabled the winbind code until I add the helper
   functions for that type of server

 - added error checking on service startup. If a configured server
   fails to startup then smbd doesn't startup.

 - cleaned up the command line handling in smbd, removing unused options
(This used to be commit cf6a46c3cb)
2007-10-10 13:09:22 -05:00
Andrew Tridgell
759da3b915 r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the
large commit. I thought this was worthwhile to get done for
consistency.
(This used to be commit ec32b22ed5)
2007-10-10 13:09:15 -05:00
Stefan Metzmacher
0475cfe570 r4941: - all needed data is now in sam.ldb and hacked.ldb is not needed anymore by the hacked ldap backend
- readd the schema naming context container object as it's needed for a w2k3 dc join

metze
(This used to be commit c583f80623)
2007-10-10 13:09:08 -05:00
Andrew Bartlett
757a063a13 r4897: Unbreak the LDAP server. Somehow the generic service structures
(which seem just a little too complex) changed, but this code was not
updated or tested.

Also clarify the existing code, by not reusing variables.

Andrew Bartlett
(This used to be commit eb46adade4)
2007-10-10 13:09:04 -05:00
Stefan Metzmacher
9327ec51d1 r4728: split up server_services into:
- stream_socket services
  the smb, ldap and rpc service which sets up a srtam socket end then
  waits for connections
and
- task services
  which this you can create a seperate task that do something
  (this is also going through the process_model subsystem
  so with -M standard a new process for this created
  with -M thread a new thread ...

I'll add datagram services later when we whave support for datagram sockets in lib/socket/

see the next commit as an example for service_task's

metze
(This used to be commit d5fa02746c)
2007-10-10 13:08:49 -05:00
Stefan Metzmacher
ef4e85614e r4716: add a real ugly hack to get all ldap queries of an
w2k3 dc join working

I just commit that to not lose it if my home box would crash...

you need a hacked.ldb with some stuff in it, I'll explain later

and you need --option="ldapsrv:hacked=yes"

so what is left now is KRB5 support for DCERPC in the server
as the EVENT LOG of w2k3 says...

metze
(This used to be commit d72760d26f)
2007-10-10 13:08:47 -05:00
Stefan Metzmacher
09c34de35a r4709: fix compiler warnings
metze
(This used to be commit 7aa86445e3)
2007-10-10 13:08:46 -05:00
Stefan Metzmacher
047d41cc49 r4634: disable sign and seal in ldap_server for now.
metze
(This used to be commit 872c687184)
2007-10-10 13:08:37 -05:00
Stefan Metzmacher
b343cc97de r4629: we now have a global macro NT_STATUS_HAVE_NO_MEMORY()
so don't use a local one

metze
(This used to be commit dd217f7916)
2007-10-10 13:08:36 -05:00
Stefan Metzmacher
e1426c51ab r4628: this function should be static
metze
(This used to be commit 590afa88f1)
2007-10-10 13:08:35 -05:00
Andrew Tridgell
ddc10d4d37 r4549: got rid of a lot more uses of plain talloc(), instead using
talloc_size() or talloc_array_p() where appropriate.

also fixed a memory leak in pvfs_copy_file() (failed to free a memory
context)
(This used to be commit 89b74b5354)
2007-10-10 13:08:25 -05:00
Andrew Tridgell
cc55aef7c1 r4547: - added talloc_new(ctx) macro that is a neater form of the common talloc(ctx, 0) call.
- cleaned up some talloc usage in various files

I'd like to get to the point that we have no calls to talloc(), at
which point we will rename talloc_p() to talloc(), to encourage
everyone to use the typesafe functions.
(This used to be commit e6c81d7c9f)
2007-10-10 13:08:20 -05:00
Andrew Tridgell
500d5523d2 r4475: fixed smbd to work with the small changes in the ldb API (the most important
change was in the ldb_msg_add_*() routines, which now use the msg as a context,
and thus it needs to be a talloc ptr)
(This used to be commit 1a4713bfd0)
2007-10-10 13:07:55 -05:00
Andrew Bartlett
9a6671cf95 r4459: GENSEC refinements:
In developing a GSSAPI plugin for GENSEC, it became clear that the API
needed to change:
 - GSSAPI exposes only a wrap() and unwrap() interface, and determines
   the location of the signature itself.
 - The 'have feature' API did not correctly function in the recursive
   SPNEGO environment.

As such, NTLMSSP has been updated to support these methods.

The LDAP client and server have been updated to use the new wrap() and
unwrap() methods, and now pass the LDAP-* tests in our smbtorture.
(Unfortunely I still get valgrind warnings, in the code that was
previously unreachable).

Andrew Bartlett
(This used to be commit 9923c3bc1b)
2007-10-10 13:07:53 -05:00
Andrew Bartlett
44113c4de1 r4355: More work from the elves on Christmas eve:
- Update Samba4's kerberos code to match the 'salting' changes in
   Samba3 (and many other cleanups by jra).

 - Move GENSEC into the modern era of talloc destructors.  This avoids
   many of the memory leaks in this code, as we now can't somehow
   'forget' to call the end routine.
  - This required fixing some of the talloc hierarchies.

 - The new krb5 seems more sensitive to getting the service name
   right, so start actually setting the service name on the krb5 context.

Andrew Bartlett
(This used to be commit 278bf1a61a)
2007-10-10 13:07:37 -05:00
Stefan Metzmacher
0ad10aec63 r4079: implement the gensec_have_feature() correctly by asking
the backend what is actually in use

metze
(This used to be commit 6f3eb7bc03)
2007-10-10 13:06:23 -05:00
Andrew Tridgell
4183b2ac38 r4037: fixed a bunch of "might be uninitialised" warnings after enabling -O1 in my compile
(This used to be commit 0928b1f5b6)
2007-10-10 13:06:16 -05:00
Stefan Metzmacher
15543f18ac r4000: DATA_BLOB.data is uint8_t * not void * :-)
(thanks abartlet for telling me)

metze
(This used to be commit 2783bf393f)
2007-10-10 13:06:13 -05:00
Stefan Metzmacher
1814aad561 r3962: fix compiler warnings
metze
(This used to be commit 3bfb732187)
2007-10-10 13:06:08 -05:00
Stefan Metzmacher
8a18778286 r3783: - don't use make proto for ldb anymore
- split ldh.h out of samba's includes.h

- make ldb_context and ldb_module private to the subsystem

- use ltdb_ prefix for all ldb_tdb functions

metze
(This used to be commit f5ee40d6ce)
2007-10-10 13:05:52 -05:00
Stefan Metzmacher
0a5ea499ec r3762: - only load the readed bytes into the input buffer
- fix compiler warnings with gcc-4.0

metze
(This used to be commit 7a931ea0f4)
2007-10-10 13:05:52 -05:00
Simo Sorce
679e95db03 r3754: merge in ldb modules support from the tmp branch ldbPlugins
(This used to be commit 71323f424b)
2007-10-10 13:05:51 -05:00
Jelmer Vernooij
8e16d8a76f r3733: More build system fixes/features:
- Use .mk files directly (no need for a SMB_*_MK() macro when adding a new SUBSYSTEM, MODULE or BINARY). This allows addition of new modules and subsystems without running configure
 - Add support for generating .dot files with the Samba4 dependency tree (as used by the graphviz and springgraph utilities)
(This used to be commit 64826da834)
2007-10-10 13:05:47 -05:00