1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

366 Commits

Author SHA1 Message Date
Matthias Dieter Wallnöfer
9476c43967 s4:ldap_backend.c - Windows returns WERROR codes in majuscule HEX format 2010-08-15 19:42:39 +02:00
Matthias Dieter Wallnöfer
fb58c0f365 s4:ldap_backend.c - map error codes - add a change which allows custom WERROR codes
This is strictly needed by my recent passwords work, since I want to remove
most of the password change stuff in "samr_password.c". Since AD gives us
CONSTRAINT_VIOLATION on all change problems I cannot distinguish on the SAMR
level which the real cause was about. Therefore I need the extended WERROR codes
here.
2010-08-15 19:42:39 +02:00
Matthias Dieter Wallnöfer
d6ccd4c9da s4:ldap_backend.c - fix a DS error code after WERROR change 2010-08-14 19:44:58 +02:00
Andrew Tridgell
6b266b85cf s4-loadparm: 2nd half of lp_ to lpcfg_ conversion
this converts all callers that use the Samba4 loadparm lp_ calling
convention to use the lpcfg_ prefix.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-16 18:24:27 +10:00
Andrew Tridgell
f9022a1a30 s4-dsdb: fixed use after free of sasl mechanisms opaque
the supportedSASLMechanisms opaque must live for at least as long as
the ldb, or we can crash when the first connection is torn down

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-07-02 12:49:04 +10:00
Andrew Tridgell
2671b5aeb0 s4-dsdb: fixed spelling of supportedSASLMechanisms
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-07-02 12:49:04 +10:00
Stefan Metzmacher
bdfba236e9 s4:ldap_server: don't start if we can't bind to port 389
metze
2010-06-28 09:58:13 +02:00
Matthias Dieter Wallnöfer
449370db54 s4:ldap_backend.c - now also the LDAP server supports controls on delete operations 2010-06-20 18:52:31 +02:00
Matthias Dieter Wallnöfer
9803c89ee2 s4:ldap_backend.c - move function "ldb_mod_req_with_controls" to a better place in the code
Under the "add" and over the "delete" function.
2010-06-20 18:52:30 +02:00
Matthias Dieter Wallnöfer
c8d2c5fff0 s4:ldap_backend.c - add some newlines to make logs easier to read 2010-06-20 18:52:27 +02:00
Matthias Dieter Wallnöfer
7cbe3035d9 s4:ldap_backend.c - more customisations to match Windows Server error behaviour on renames 2010-06-19 17:53:23 +02:00
Matthias Dieter Wallnöfer
c9ef9da12f s4:ldap_backend.c - fix crash bugs when we got in error situations with "res" still set to "NULL" 2010-06-18 10:03:19 +02:00
Matthias Dieter Wallnöfer
e7fef1ac84 s4:ldap_backend.c - fix a small error (use "ModifyResponse" rather than "AddResponse") 2010-06-18 10:03:19 +02:00
Stefan Metzmacher
6dbcffb51d s4:lib: merge LDB_WRAP and LDBSAMBA and make LDBSAMBA a library.
This is needed to remove samba specifc symbols from the bundled
ldb, in order to get the ABI right.

metze

Signed-off-by: Andreas Schneider <asn@samba.org>
2010-06-16 14:07:28 +02:00
Matthias Dieter Wallnöfer
f3f91063bd s4:ldap_server/ldap_backend.c - send back also the extended error message if it exists
This message often contains suggestions how to fix issues.
2010-06-06 20:46:29 +02:00
Andrew Bartlett
c8a23147fe s4:libcli/ldap Rename ldap.h to libcli_ldap.h
It is a problem if a samba header is called ldap.h if we also want
to use OpenLDAP's ldap.h

Andrew Bartlett
2010-05-21 17:39:15 +10:00
Anatoliy Atanasov
f84aeea739 s4/rodc: Support read-only database
Check on modify if we are RODC and return referral.
On the ldap backend side now we pass context and ldb_modify_default_callback
to propagate the referral error to the client.
2010-05-04 18:32:18 +02:00
Andrew Bartlett
2c193fe91a s4:auth Remove event context from anonymous_session()
This should always return a simple structure with no need to consult a
DB, so remove the event context, and simplfy to call helper functions
that don't look at privilages.

Andrew Bartlett
2010-04-11 13:36:04 +10:00
Andrew Tridgell
b690fedef5 s4-waf: removed the AUTOGENERATED markers
we won't be using the mk -> wscript generator again
2010-04-06 20:27:16 +10:00
Andrew Tridgell
f9eae32f4b s4-waf: mark the wscript files as python so vim/emacs knows how to highlight them 2010-04-06 20:27:11 +10:00
Andrew Tridgell
845e0cbe6f build: commit all the waf build files in the tree 2010-04-06 20:26:48 +10:00
Matthias Dieter Wallnöfer
ec536a0121 s4:ldap_server - make it "signed-safe"
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-02-25 08:17:12 +11:00
Matthias Dieter Wallnöfer
545889a048 s4:LDAP server - Enable support for returning referrals through it
This is needed for my work regarding the referrals when the domain scope control
isn't specified.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-02-25 08:16:54 +11:00
Nadezhda Ivanova
ea365af4f5 Added freeing a successful req so it doesnt croud the ldb context 2009-12-18 17:57:08 +02:00
Nadezhda Ivanova
4330efe0f2 Removed ldb_modify_ctrl from ldb, implemented as a static in ldap_backend. 2009-12-15 20:29:20 +02:00
Nadezhda Ivanova
a760f169f4 Some changes to allow processing of ldap controls on modify requests.
ldap_backend used to filter out ldap controls on modify. Also, modified
python binding for ldap_modify to allow writing tests for such controls.
2009-11-20 13:22:38 +02:00
Andrew Tridgell
54bd30f706 s4-samdb: reduce the number of samdb opens at startup
Using common parameters means that the ldb_wrap code can return a
reference rather than a new database
2009-10-25 17:19:03 +11:00
Andrew Tridgell
4ad0397d8a s4-ldbwrap: added re-use of ldb contexts in ldb_wrap_connect()
This allows us to reuse a ldb context if it is open twice, instead
of going through the expensive process of a full ldb open. We can
reuse it if all of the parameters are the same.

The change relies on callers using talloc_unlink() or free of a parent
to close a ldb context.
2009-10-23 14:52:17 +11:00
Andrew Tridgell
05f93c3e8f s4-dsdb: add a static samdb_credentials
Similarly to system_session(), this creates a static
samdb_credentials()
2009-10-23 14:52:17 +11:00
Andrew Tridgell
98e4393df9 s4-dsdb: create a static system_session context
This patch adds a system_session cache, preventing us from having to
recreate it on every ldb open, and allowing us to detect when the same
session is being used in ldb_wrap
2009-10-23 14:52:17 +11:00
Matthias Dieter Wallnöfer
ee0204cfcc s4:ldap server - remove unused error handlings
Those error cases should be handled by LDB itself to be available on all
connection methods and not only over LDAP.
2009-10-08 00:18:06 +02:00
Matthias Dieter Wallnöfer
767fce6fcc s4:LDB/LDAP - Re-allow renames
The main problem is that the "rdn_name" module launches on a rename request also
a modification one with the "special attributes" which can't be changed directly.
An introduced flag helps to bypass the restriction.
2009-10-02 21:27:46 +02:00
Andrew Bartlett
737f21bd9d s4:ldap_server Ensure we don't segfault when sent a NULL new RDN
The Microsoft testsuite tried to rename
cn=administrator,cn=users,... into "",cn=users... which didn't go so well.

Andrew Bartlett
2009-10-02 12:45:06 +02:00
Andrew Tridgell
46b7374098 s4-ldap: fixed spelling 2009-09-28 10:24:19 +10:00
Jelmer Vernooij
6a79ad7664 gensec: Avoid exposing lp_ctx on the API level. 2009-09-26 20:55:18 +02:00
Andrew Tridgell
e9a589feac s4-server: kill main daemon if a task fails to initialise
When one of our core tasks fails to initialise it can now ask for the
server as a whole to die, rather than limping along in a degraded
state.
2009-09-18 18:05:55 -07:00
Andrew Bartlett
093148c1f0 s4:ldap_server Correct removal of talloc_steal()
This corrects commit 7a82aed71b.  The
steal did not set ent->attributes, so it was incorrect to assign to
ent->attributes.

Andrew Bartlett
2009-08-14 13:12:35 +10:00
Andrew Bartlett
7a82aed71b s4:ldap_server Remove another talloc_steal (with references)
This talloc_steal also conflicts with the ldb_map code, and like the
previous commit, is rudundent given the talloc_steal of the whole msg
above.

Andrew Bartlett
2009-08-14 12:57:46 +10:00
Andrew Bartlett
5c3cf58a84 s4:ldap_server Don't talloc_steal (with references) in ldap_backend
There may or may not be a need to take a reference to the 'name' in
the ldb_map code, but given we seal the whole msg just above here, it
makes no senst to steal the name, but not the values.

Andrew Bartlett
2009-08-14 12:48:10 +10:00
Stefan Metzmacher
f224089138 s4:ldap_server: make sure we shutdown the tls socket before stream_terminate_connection() removes the fd event
This fixes a crash bug where tls_destructor() relies on the fd event still being there.

metze
2009-08-05 10:10:14 +02:00
Günther Deschner
7048165e7a s4-ldap_server: fix generated error string in map_ldb_error().
Guenther
2009-08-04 00:16:37 +02:00
Matthias Dieter Wallnöfer
04ea52f867 s4: Enhances the LDAP server to display error messages like Windows Server
Those error messages also include the WERROR code of the failed operation(s) in this
manner: <error code eight chars in HEX>: <further error message>

This also addresses bug #4949
2009-07-31 17:41:04 +02:00
Stefan Metzmacher
471e67a733 s4:ldap_server: the tls code steals the original socket on its own now
metze
2009-07-31 14:42:04 +02:00
Andrew Tridgell
2d981919b8 use a talloc_unlink() as ops may have a reference 2009-07-01 15:15:37 +10:00
Volker Lendecke
17a65541bd Reenable the LDAPI socket for the merged build
It seems that the samba4 part of the merged build does not pick up the
DEVELOPER flag from the s3 configure.

Jelmer, can you fix that properly?

Thanks,

Volker
2009-06-24 16:30:55 +02:00
Andrew Bartlett
ec47444a7e Allow developers access the the privilaged ldapi socket for the moment
This allows us some time to get the EXTERNAL bind working
2009-06-19 15:31:54 +10:00
Andrew Bartlett
dcc9ae6995 s4:ldapsrv Place the 'privilaged' ldapi socket under an #ifdef
This makes it clear to our users that this particular implementation
isn't final (all parties are agreed that an EXTERNAL bind is the right
way to do this, but it has not been implemented yet).

Andrew Bartlett
2009-06-19 14:36:06 +10:00
Volker Lendecke
256b227b27 Allow access as SYSTEM on a privileged ldapi connection
This patch creates ldap_priv/ as a subdirectory under the private dir with the
appropriate permissions to only allow the same access as the privileged winbind
socket allows. Connecting to ldap_priv/ldapi gives SYSTEM access to the ldap
database.
2009-06-06 13:10:30 +02:00
Volker Lendecke
f6535d3f3f Fix some nonempty blank lines 2009-05-29 09:48:55 +02:00
Stefan Metzmacher
f6b0a99cef libcli/ldap: move generic ldap control encoding code to ldap_message.c
As they can we static there, we pass the specific handlers as parameter
where we need to support controls.

metze
2009-02-24 17:55:41 +01:00