IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
determine if this (possibly critical) control has been decoded. This
allows us to return an error, rather than just dropping the socket.
Andrew Bartlett
2007-09-29 More higher-level passing around of lp_ctx.
2007-09-29 Fix warning.
2007-09-29 Pass loadparm contexts on a higher level.
2007-09-29 Avoid using global loadparm context.
'phantom_root' flag in the search_options control
- Add in support for LDB controls to the js layer
- Test the behaviour
- Implement support for the 'phantom_root' flag in the partitions module
- Make the LDAP server set the 'phantom_root' flag in the search_options control
- This replaces the global_catalog flag passed down as an opaque pointer
- Rework the string-format control parsing function into
ldb_parse_control_strings(), returning errors by ldb_errorstring()
method, rather than with printf to stderr
- Rework some of the ldb_control handling logic
Andrew Bartlett
This patch changes a lot of the code in ldb_dn.c, and also
removes and add a number of manipulation functions around.
The aim is to avoid validating a dn if not necessary as the
validation code is necessarily slow. This is mainly to speed up
internal operations where input is not user generated and so we
can assume the DNs need no validation. The code is designed to
keep the data as a string if possible.
The code is not yet 100% perfect, but pass all the tests so far.
A memleak is certainly present, I'll work on that next.
Simo.
emacs compile mode (hint, paste to a file, and compile as "cat
filename").
This allowed me to fix nearly all the warnings for a IA_64 SuSE build
very quickly.
- we need this to later:
- to disallow a StartTLS when TLS is already in use
- to place the TLS socket between the raw and sasl socket
when we had a sasl bind before the StartTLS
- and rfc4513 says that the server may allow to remove the TLS from
the tcp connection again and reuse raw tcp
- and also a 2nd sasl bind should replace the old sasl socket
metze
Finally acknowledge that ldb is inherently async and does not have a dual personality anymore
Rename all ldb_async_XXX functions to ldb_XXX except for ldb_async_result, it is now ldb_reply
to reflect the real function of this structure.
Simo.
The function pointer was meant to be unused, this patch fixes
partition.c to use ldb_sequence_number(). (No backend provided the
pointer any more).
Set the flags onto the ldb structure, so that all backends opened by
the partitions module inherit the flags.
Set the read-ony flag when accessed as the global catalog
Modify the LDAP server to track that this query is for the global
catalog (by incoming port), and set a opqaue pointer.
Next step is to read that opaque pointer in the partitions module.
Andrew Bartlett
initial request time is uninitialised, and this causes havoc later.
This also allows us to honour the client's wishes.
We should be doing this for all the operations...
Andrew Bartlett
By freeing the request you will be sure everything down the path get freed.
this also means you have to steal the results if you want to keep them :)
simo.
Currently only ldb_ildap is async, the plan
is to first make all backend support the async calls,
and then remove the sync functions from backends and
keep the only in the API.
Modules will need to be transformed along the way.
Simo
The problem was that the supportedControls were being stolen into the
result sent to the client, then talloc_free()ed. This caused them to
be invalid on the next rootDSE query.
This also tries to avoid attaching the result to the long-term samdb
context, and avoids an extra loop in the result processing (pointed
out by tridge).
Andrew BARtlett
will not use it anyway as we plan to support
partitions in ldb directly like with rootdse
Merge ldap_simple_ldb into ldap_backend, it is
not simple anymore and makes no sense to have
it separated now that ldap partitions are gone
Initial attempt at working to some limit to avoid DOSs
for the ldap server.
Simo.
The partitioning logic is still there, but we only have one
partition. If we need partitioning in the future it might be better to
remove this partitioning code and use a partitioning module instead
authenticated session down into LDB. This associates a session info
structure with the open LDB, allowing a future ldb_ntacl module to
allow/deny operations on that basis.
Along the way, I cleaned up a few things, and added new helper functions
to assist. In particular the LSA pipe uses simpler queries for some of
the setup.
In ldap_server, I have removed the 'ldasrv:hacked' module, which hasn't
been worked on (other than making it continue to compile) since January,
and I think the features of this module are being put into ldb anyway.
I have also changed the partitions in ldap_server to be initialised
after the connection, with the private pointer used to associate the ldb
with the incoming session.
Andrew Bartlett
ldapsrv:samdb option. This allows the following:
sam database=ldap://localhost
ldapsrv:samdb=tdb:///home/tridge/samba/samba4/prefix/private/sam.ldb
which allows us to test putting the sam on an ldap server using our
own ldap server. This is a great stress test for the ldap code.
- got rid of the special cases for sasl buffers
- added a tls_socket_pending() call to determine how much data is waiting on a tls connection
- removed the attempt at async handling of ldap calls. The buffers/sockets are all async, but the calls themselves
are sync.
instead of a search expression. This allows our ldap server to pass
its ASN.1 parsed search expressions straight to ldb, instead of going
via strings.
- updated all the ldb modules code to handle the new interface
- got rid of the separate ldb_parse.h now that the ldb_parse
structures are exposed externally
- moved to C99 structure initialisation in ldb
- switched ldap server to using ldb_search_bytree()
