1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

519 Commits

Author SHA1 Message Date
Simo Sorce
fd4e294c41 r17829: Fix the order of the bytes
(This used to be commit 9910c01a3a)
2007-10-10 14:16:46 -05:00
Andrew Tridgell
c8064e1f92 r17644: change the ldap server to always use the single process model. We are
not aiming to produce a high performance parallel ldap server, so
better to reserve the extra CPUs on a SMP box for file serving.
(This used to be commit 45c0580e5d)
2007-10-10 14:16:18 -05:00
Simo Sorce
798e4c687c r17642: some more mappings
(This used to be commit df1fe1a5c5)
2007-10-10 14:16:18 -05:00
Simo Sorce
4fc0366bce r17641: some more info, add oMObjectClass values (binary :-/)
(This used to be commit b07a783b98)
2007-10-10 14:16:18 -05:00
Simo Sorce
ff5120ea1f r17632: This is the most accurate mappings between LDAP OID Syntaxes and AD Syntaxes.
Generated by scripts that cross information from the Windows Schema and the
aggregate schema and cross verified by searching on the net
(This used to be commit 996452844a)
2007-10-10 14:16:17 -05:00
Simo Sorce
4719fede4c r17631: Some syntaxes from MS in a now vanished internet draft
(This used to be commit 1020edb0c7)
2007-10-10 14:16:17 -05:00
Stefan Metzmacher
a2eca9174c r17586: merge lib/netif into lib/socket and use -lnsl -lsocket on the
configure check for the interfaces.

should fix the build on some old sun boxes

metze
(This used to be commit f20e251bfd)
2007-10-10 14:15:39 -05:00
Simo Sorce
a23b63a8e5 r17516: Change helper function names to make more clear what they are meant to do
(This used to be commit ad75cf8695)
2007-10-10 14:15:31 -05:00
Simo Sorce
87b2218db7 r17434: update our index
(This used to be commit 9f79714389)
2007-10-10 14:15:25 -05:00
Simo Sorce
a72a455e29 r17433: remove obsoleted RFCs
(This used to be commit 7dffabc744)
2007-10-10 14:15:25 -05:00
Stefan Metzmacher
7a845bcb01 r17341: pass a messaging context to auth_context_create()
and gensec_server_start().

calling them with NULL for event context or messaging context
is no longer allowed!

metze
(This used to be commit 679ac74e71)
2007-10-10 14:15:17 -05:00
Stefan Metzmacher
04d776a409 r17251: - split out the starttls into its own function
- give an operations error when tls is already on the socket

metze
(This used to be commit 9190d134c9)
2007-10-10 14:10:23 -05:00
Stefan Metzmacher
aeb8077b96 r17240: move extended operations to a new file
metze
(This used to be commit 0b16350fa2)
2007-10-10 14:10:23 -05:00
Stefan Metzmacher
4cdcc17893 r17237: - keep pointer to the different sockets
- we need this to later:
  - to disallow a StartTLS when TLS is already in use
  - to place the TLS socket between the raw and sasl socket
    when we had a sasl bind before the StartTLS
  - and rfc4513 says that the server may allow to remove the TLS from
    the tcp connection again and reuse raw tcp
  - and also a 2nd sasl bind should replace the old sasl socket

metze
(This used to be commit 10cb9c07ac)
2007-10-10 14:10:22 -05:00
Stefan Metzmacher
79f7b58630 r17226: add some comments about ldap binds and pending requests
metze
(This used to be commit e8db1fb558)
2007-10-10 14:10:22 -05:00
Andrew Bartlett
a6629e037a r17224: Accept the start-tls extended request. Getting OpenLDAP to recognise
our certificate, and proceed with the connection is left as an
exercise for the reader...

Andrew Bartlett
(This used to be commit 9bd66d4c95)
2007-10-10 14:10:21 -05:00
Andrew Bartlett
9d6f276717 r17222: Change the function prototypes for the GENSEc and TLS socket creation
routines to return an NTSTATUS.  This should help track down errors.

Use a bit of talloc_steal and talloc_unlink to get the real socket to
be a child of the GENSEC or TLS socket.

Always return a new socket, even for the 'pass-though' case.

Andrew Bartlett
(This used to be commit 003e2ab93c)
2007-10-10 14:10:20 -05:00
Andrew Bartlett
d8f1e27b19 r17215: Prepare the SASL socket before actually settting it. This allows
errors to be reported corectly, rather than just dropping the socket.

Andrew Bartlett
(This used to be commit 83dd22accf)
2007-10-10 14:10:19 -05:00
Andrew Bartlett
ba07fa43d0 r17197: This patch moves the encryption of bulk data on SASL negotiated security
contexts from the application layer into the socket layer.

This improves a number of correctness aspects, as we now allow LDAP
packets to cross multiple SASL packets.  It should also make it much
easier to write async LDAP tests from windows clients, as they use SASL
by default.  It is also vital to allowing OpenLDAP clients to use GSSAPI
against Samba4, as it negotiates a rather small SASL buffer size.

This patch mirrors the earlier work done to move TLS into the socket
layer.

Unusual in this pstch is the extra read callback argument I take.  As
SASL is a layer on top of a socket, it is entirely possible for the
SASL layer to drain a socket dry, but for the caller not to have read
all the decrypted data.  This would leave the system without an event
to restart the read (as the socket is dry).

As such, I re-invoke the read handler from a timed callback, which
should trigger on the next running of the event loop.  I believe that
the TLS code does require a similar callback.

In trying to understand why this is required, imagine a SASL-encrypted
LDAP packet in the following formation:

+-----------------+---------------------+
| SASL  Packet #1 | SASL Packet #2      |
----------------------------------------+
| LDAP Packet #1       | LDAP Packet #2 |
----------------------------------------+

In the old code, this was illegal, but it is perfectly standard
SASL-encrypted LDAP.  Without the callback, we would read and process
the first LDAP packet, and the SASL code would have read the second SASL
packet (to decrypt enough data for the LDAP packet), and no data would
remain on the socket.

Without data on the socket, read events stop.  That is why I add timed
events, until the SASL buffer is drained.

Another approach would be to add a hack to the event system, to have it
pretend there remained data to read off the network (but that is ugly).

In improving the code, to handle more real-world cases, I've been able
to remove almost all the special-cases in the testnonblock code.  The
only special case is that we must use a deterministic partial packet
when calling send, rather than a random length.  (1 + n/2).  This is
needed because of the way the SASL and TLS code works, and the 'resend
on failure' requirements.

Andrew Bartlett
(This used to be commit 5d7c9c12cb)
2007-10-10 14:10:18 -05:00
Simo Sorce
fcea638657 r17193: Remove ancient stuff never really used
(This used to be commit a6709196ca)
2007-10-10 14:10:17 -05:00
Simo Sorce
3faab3e6dd r17189: Add the new LDAP rfc series
(This used to be commit d3f8b813b3)
2007-10-10 14:10:17 -05:00
Simo Sorce
49f68caed2 r17186: "async" word abuse clean-up part 2
(This used to be commit c6aa60c7e6)
2007-10-10 14:10:17 -05:00
Simo Sorce
c93817b36d r17185: Oh, I wanted to do this for sooo long time.
Finally acknowledge that ldb is inherently async and does not have a dual personality anymore
Rename all ldb_async_XXX functions to ldb_XXX except for ldb_async_result, it is now ldb_reply
to reflect the real function of this structure.

Simo.
(This used to be commit 25fc735404)
2007-10-10 14:10:16 -05:00
Andrew Bartlett
32ab518767 r16972: Replace the sequence_number function pointer in ldb with the ldb flags.
The function pointer was meant to be unused, this patch fixes
partition.c to use ldb_sequence_number().  (No backend provided the
pointer any more).

Set the flags onto the ldb structure, so that all backends opened by
the partitions module inherit the flags.

Set the read-ony flag when accessed as the global catalog

Modify the LDAP server to track that this query is for the global
catalog (by incoming port), and set a opqaue pointer.

Next step is to read that opaque pointer in the partitions module.

Andrew Bartlett
(This used to be commit a1161cb30e)
2007-10-10 14:10:04 -05:00
Andrew Bartlett
9da5d4fd69 r16795: Fix crash found by Dave Fenwick <djf@samba.org>.
The session_info was not being attached to the connection, so
subsequent checks in the kludge_acl module were looking at free()ed
memory.

Andrew Bartlett
(This used to be commit 7e9079ac7a)
2007-10-10 14:09:46 -05:00
Andrew Bartlett
d4c5627073 r16234: Set the request timeout from the LDAP search. Without this, the
initial request time is uninitialised, and this causes havoc later.
This also allows us to honour the client's wishes.

We should be doing this for all the operations...

Andrew Bartlett
(This used to be commit c8f5b1c928)
2007-10-10 14:09:07 -05:00
Simo Sorce
2d19dca9c8 r15944: rename LDB_ASYNC_ADD -> LDB_ADD, LDB_ASYNC_MODIFY -> LDB_MODIFY, etc...
(This used to be commit 55d97ef88f)
2007-10-10 14:08:43 -05:00
Simo Sorce
2613d19937 r15933: remove the last sync call to ldb_request
(This used to be commit 10d66aa61d)
2007-10-10 14:08:41 -05:00
Andrew Bartlett
742c110cd6 r15400: Move the TLS code behind the socket interface.
This reduces caller complexity, because the TLS code is now called
just like any other socket.  (A new socket context is returned by the
tls_init_server and tls_init_client routines).

When TLS is not available, the original socket is returned.

Andrew Bartlett
(This used to be commit 09b2f30dfa)
2007-10-10 14:05:32 -05:00
Jelmer Vernooij
5c3a1d76ff r15379: Fix shared library build's unresolved dependencies
(This used to be commit 0fafa2e595)
2007-10-10 14:05:29 -05:00
Andrew Bartlett
26259ce98b r15317: Because LDB is now async, there are more places were we might run the
even context again.  We need to ensure we don't process packets until
we are finished setting up the connection, have the ldb in place etc.

We may need to do the same in other servers.

Andrew Bartlett
(This used to be commit 9bbc93bef2)
2007-10-10 14:05:11 -05:00
Jelmer Vernooij
b00c236906 r15301: Use static libraries internally. This required a few hacks in the build
system - these should be removed later on.
(This used to be commit 0654739166)
2007-10-10 14:05:07 -05:00
Jelmer Vernooij
69b51f702a r15207: Introduce PRIVATE_DEPENDENCIES and PUBLIC_DEPENDENCIES as replacement
for REQUIRED_SUBSYSTEMS.
(This used to be commit adc8a019b6)
2007-10-10 14:04:18 -05:00
Stefan Metzmacher
f53e12b41b r14857: fix bugs noticed by the ibm code checker
metze
(This used to be commit 07626bf3c7)
2007-10-10 13:59:43 -05:00
Andrew Bartlett
13f45733a3 r14673: Don't double-free conn, it is below 'c' free'ed by
stream_terminate_connection()

Andrew Bartlett
(This used to be commit a6c7979860)
2007-10-10 13:59:07 -05:00
Jelmer Vernooij
9565c70898 r14567: Make some more functions public.
(This used to be commit 8e84e6cb6b)
2007-10-10 13:58:48 -05:00
Stefan Metzmacher
651ca6553e r14079: I just found the setproctitle library from alt linux:-)
- add set_title hook to the process models
- use setproctitle library in process_model standard if available
- the the title for the task servers and on connections

metze
(This used to be commit 526f20bbec)
2007-10-10 13:56:49 -05:00
Stefan Metzmacher
60823d1878 r14078: move ldb_global_init() to the main smbd code,
to fix the process_model standard

metze
(This used to be commit a465126e15)
2007-10-10 13:56:49 -05:00
Simo Sorce
82da2d401e r13998: From now on ldb_request() will require an alloced request
By freeing the request you will be sure everything down the path get freed.

this also means you have to steal the results if you want to keep them :)

simo.
(This used to be commit e8075e6a06)
2007-10-10 13:52:36 -05:00
Stefan Metzmacher
c9e5d884fc r13941: fix the build
metze
(This used to be commit d9da948b0f)
2007-10-10 13:52:29 -05:00
Jelmer Vernooij
9bd7dd9121 r13926: More header splitups.
(This used to be commit 930daa9f41)
2007-10-10 13:52:26 -05:00
Jelmer Vernooij
4ac2be9958 r13924: Split more prototypes out of include/proto.h + initial work on header
file dependencies
(This used to be commit 1228358767)
2007-10-10 13:52:24 -05:00
Stefan Metzmacher
20c7347f43 r13812: fix compiler warning
metze
(This used to be commit 1340cb1f3b)
2007-10-10 13:52:13 -05:00
Jelmer Vernooij
26af14c39b r13786: [merge] Add registration functions for LDB modules
Applications that use LDB modules will now have to run ldb_global_init()
before they can use LDB.

The next step will be adding support for loading LDB modules from .so
files. This will also allow us to use one LDB without difference between the
standalone and the Samba-specific build
(This used to be commit 52a2356505)
2007-10-10 13:52:11 -05:00
Simo Sorce
00fe70e5b9 r13609: Get in the initial work on making ldb async
Currently only ldb_ildap is async, the plan
is to first make all backend support the async calls,
and then remove the sync functions from backends and
keep the only in the API.

Modules will need to be transformed along the way.

Simo
(This used to be commit 1e2c13b2d5)
2007-10-10 13:51:59 -05:00
Andrew Bartlett
f490434c0f r13606: An attempt to fix #3525.
The problem was that the supportedControls were being stolen into the
result sent to the client, then talloc_free()ed.  This caused them to
be invalid on the next rootDSE query.

This also tries to avoid attaching the result to the long-term samdb
context, and avoids an extra loop in the result processing (pointed
out by tridge).

Andrew BARtlett
(This used to be commit d0b8957f38)
2007-10-10 13:51:59 -05:00
Stefan Metzmacher
7449f4d803 r13508: some ASN.1 element in LDAP are optional,
make it possible to code the difference between a zero length and a NULL DATA_BLOB...

metze
(This used to be commit 54f0b19c55)
2007-10-10 13:51:56 -05:00
Simo Sorce
5972e01163 r13357: more docs
(This used to be commit 5af9086dea)
2007-10-10 13:51:49 -05:00
Andrew Bartlett
15f73e6404 r13339: Propogate more error infomation into the error packet and reformat the
code a little.  This also fixes a segfault when we didn't fill in the
error message.

Andrew Bartlett
(This used to be commit 3be01a4ac7)
2007-10-10 13:51:46 -05:00
Simo Sorce
1d43fa6c9f r13307: docs
(This used to be commit e56630d1f8)
2007-10-10 13:51:43 -05:00
Simo Sorce
eed0a95128 r12917: fix decoding of ldap controls
some more work on timeouts
(This used to be commit a7e2fe3cb3)
2007-10-10 13:51:02 -05:00
Simo Sorce
d45a8de617 r12905: add some ldap policies
not yet enforced except for the initial connection timeout
(This used to be commit fa1ae9a44b)
2007-10-10 13:51:01 -05:00
Simo Sorce
a7a79d2b25 r12880: Remove ldap partitions useless now and probably we
will not use it anyway as we plan to support
partitions in ldb directly like with rootdse

Merge ldap_simple_ldb into ldap_backend, it is
not simple anymore and makes no sense to have
it separated now that ldap partitions are gone

Initial attempt at working to some limit to avoid DOSs
for the ldap server.

Simo.
(This used to be commit 97bff3e049)
2007-10-10 13:50:57 -05:00
Andrew Bartlett
f55ea8bb3d r12804: This patch reworks the Samba4 sockets layer to use a socket_address
structure that is more generic than just 'IP/port'.

It now passes make test, and has been reviewed and updated by
metze. (Thankyou *very* much).

This passes 'make test' as well as kerberos use (not currently in the
testsuite).

The original purpose of this patch was to have Samba able to pass a
socket address stucture from the BSD layer into the kerberos routines
and back again.   It also removes nbt_peer_addr, which was being used
for a similar purpose.

It is a large change, but worthwhile I feel.

Andrew Bartlett
(This used to be commit 88198c4881)
2007-10-10 13:49:57 -05:00
Stefan Metzmacher
a36c172d46 r12792: fix compiler warning
metze
(This used to be commit 1eca5f46c6)
2007-10-10 13:49:55 -05:00
Simo Sorce
c908d0b2aa r12733: Merge ldap/ldb controls into main tree
There's still lot of work to do but the patch is stable
enough to be pushed into the main samba4 tree.

Simo.
(This used to be commit 77125feaff)
2007-10-10 13:49:47 -05:00
Jelmer Vernooij
78c50015bb r12694: Move some headers to the directory of the subsystem they belong to.
(This used to be commit c722f665c9)
2007-10-10 13:49:39 -05:00
Andrew Bartlett
bedfb06326 r12686: Push the real SASL list into the rootdse.
Get this out of the server credentials, and push it down to ldb via an
opaque pointer.

Andrew Bartlett
(This used to be commit 61700252e0)
2007-10-10 13:49:38 -05:00
Jelmer Vernooij
d4de4c2d21 r12608: Remove some unused #include lines.
(This used to be commit 70e7449318)
2007-10-10 13:49:03 -05:00
Andrew Bartlett
cca1daeab1 r12595: There was no comment on the mailing list, so kill the 'ldapsrv:samdb'
parameter.  It isn't useful with so many other things in the ldap
server opening the database directly.  Best to run this as a seperate
process, and change the global options.

Andrew Bartlett
(This used to be commit 34d6220cec)
2007-10-10 13:49:00 -05:00
Jelmer Vernooij
2cd5ca7d25 r12542: Move some more prototypes out to seperate headers
(This used to be commit 0aca5fd513)
2007-10-10 13:47:55 -05:00
Jelmer Vernooij
d8e35f8828 r12498: Eliminate INIT_OBJ_FILES and ADD_OBJ_FILES. We were not using
the difference between these at all, and in the future the
fact that INIT_OBJ_FILES include smb_build.h will be sufficient to
have recompiles at the right time.
(This used to be commit b24f2583ed)
2007-10-10 13:47:45 -05:00
Andrew Bartlett
6bd8be8671 r12360: Add simple bind support into our LDAP server.
Needs changes to our client code for automated testing.

Andrew Bartlett
(This used to be commit e751d81414)
2007-10-10 13:47:30 -05:00
Andrew Bartlett
a1827a1deb r12227: I realised that I wasn't yet seeing authenticated LDAP for the ldb
backend.

The idea is that every time we open an LDB, we can provide a
session_info and/or credentials.  This would allow any ldb to be remote
to LDAP.  We should also support provisioning to a authenticated ldap
server.

(They are separate so we can say authenticate as foo for remote, but
here we just want a token of SYSTEM).

Andrew Bartlett
(This used to be commit ae2f3a64ee)
2007-10-10 13:47:22 -05:00
Simo Sorce
f2c3c28a7c r12148: add the docs for the paged results control
(This used to be commit 9fab4ab272)
2007-10-10 13:47:14 -05:00
Stefan Metzmacher
e246a06751 r12126: get rid of the local ->terminate hacks, we do that genericly now
metze
(This used to be commit a7baf165c1)
2007-10-10 13:47:12 -05:00
Andrew Tridgell
6eabad9c9d r11958: - fixed memory leaks in the ldb_result handling in ldb operations
- removed an unnecessary level of pointer in ldb_search structure
(This used to be commit b8d4afb14a)
2007-10-10 13:46:51 -05:00
Andrew Tridgell
53562f7746 r11955: got rid of the old rootDSE code in the ldap server.
The partitioning logic is still there, but we only have one
partition. If we need partitioning in the future it might be better to
remove this partitioning code and use a partitioning module instead
(This used to be commit f4685e7dc9)
2007-10-10 13:46:50 -05:00
Andrew Tridgell
614950aed3 r11713: separate out the setting of the fde in the packet context from the
enabling of packet serialisation
(This used to be commit 6a47cd65a8)
2007-10-10 13:46:17 -05:00
Andrew Tridgell
f59c61d413 r11622: convert the ldap server to the generic packet code
(This used to be commit 6ef4ba0c81)
2007-10-10 13:46:00 -05:00
Simo Sorce
5c95905871 r11567: Ldb API change patch.
This patch changes the way lsb_search is called and the meaning of the returned integer.
The last argument of ldb_search is changed from struct ldb_message to struct ldb_result
which contains a pointer to a struct ldb_message list and a count of the number of messages.
The return is not the count of messages anymore but instead it is an ldb error value.

I tryed to keep the patch as tiny as possible bu as you can guess I had to change a good
amount of places. I also tried to double check all my changes being sure that the calling
functions would still behave as before. But this patch is big enough that I fear some bug
may have been introduced anyway even if it passes the test suite. So if you are currently
working on any file being touched please give it a deep look and blame me for any error.

Simo.
(This used to be commit 22c8c97e6f)
2007-10-10 13:45:53 -05:00
Andrew Tridgell
f8ebd5a53c r11447: fixed a problem with the ldap server spinning using CPU time
(This used to be commit c913f466cd)
2007-10-10 13:45:38 -05:00
Andrew Tridgell
da048ad7ca r11408: fixed the mapping of ldb errors to ldap errors in the ldap server
(This used to be commit 647cb90360)
2007-10-10 13:45:33 -05:00
Jelmer Vernooij
4c5a4a7e02 r11244: Relative path names in .mk files
(This used to be commit 24e1030090)
2007-10-10 13:45:06 -05:00
Andrew Bartlett
90550077b9 r11225: Remove pointless goto.
Andrew Bartlett
(This used to be commit 30f4ece4d2)
2007-10-10 13:45:05 -05:00
Jelmer Vernooij
f4d590662e r11214: Remove scons files (see http://lists.samba.org/archive/samba-technical/2005-October/043443.html)
(This used to be commit 7fffc5c917)
2007-10-10 13:45:03 -05:00
Andrew Bartlett
372ca26b20 r11200: Reposition the creation of the kerberos keytab for GSSAPI and Krb5
authentication.  This pulls the creating of the keytab back to the
credentials code, and removes the special case of 'use keberos keytab
= yes' for now.

This allows (and requires) the callers to specify the credentials for
the server credentails to GENSEC.  This allows kpasswdd (soon to be
added) to use a different set of kerberos credentials.

The 'use kerberos keytab' code will be moved into the credentials
layer, as the layers below now expect a keytab.

We also now allow for the old secret to be stored into the
credentials, allowing service password changes.

Andrew Bartlett
(This used to be commit 205f77c579)
2007-10-10 13:45:00 -05:00
Andrew Tridgell
374ced5ab0 r11112: listen on the global catalog ldap server port as well if we are a
PDC. I suspect we should behave slightly differently on the two ports,
but this is a lot closer than not listening at all. When creating a
user with mmc the global catalog port is used to check for an existing
user
(This used to be commit f8430c3f41)
2007-10-10 13:44:51 -05:00
Andrew Tridgell
33da2fabe6 r10914: moved the ldap time string functions into ldb so they can be used by
the time attribute handling functions
(This used to be commit 93c296d527)
2007-10-10 13:39:42 -05:00
Stefan Metzmacher
1e14572a26 r10832: free the old session info
metze
(This used to be commit 16b2569788)
2007-10-10 13:39:33 -05:00
Andrew Bartlett
b992481d7e r10820: Use talloc_get_type as suggested by tridge.
Andrew Bartlett
(This used to be commit 9c511a16f8)
2007-10-10 13:39:32 -05:00
Andrew Bartlett
1377cca5f4 r10810: This adds the hooks required to communicate the current user from the
authenticated session down into LDB.  This associates a session info
structure with the open LDB, allowing a future ldb_ntacl module to
allow/deny operations on that basis.

Along the way, I cleaned up a few things, and added new helper functions
to assist.  In particular the LSA pipe uses simpler queries for some of
the setup.

In ldap_server, I have removed the 'ldasrv:hacked' module, which hasn't
been worked on (other than making it continue to compile) since January,
and I think the features of this module are being put into ldb anyway.

I have also changed the partitions in ldap_server to be initialised
after the connection, with the private pointer used to associate the ldb
with the incoming session.

Andrew Bartlett
(This used to be commit fd7203789a)
2007-10-10 13:39:32 -05:00
Andrew Tridgell
a04f65b1c7 r10709: fixed a crash bug rather similar to the one volker found in the dcerpc
code, where a stream_terminate_connection() while processing a request
can cause a later defererence of the connection structure to die.
(This used to be commit efbcb0f741)
2007-10-10 13:39:23 -05:00
Jelmer Vernooij
5058f4b9e8 r10586: Add MergedObject() builder. Default to Library() rather
then StaticLibrary()
(This used to be commit b53313dc51)
2007-10-10 13:39:08 -05:00
Volker Lendecke
5c40f9cd9b r10353: Fix typo
(This used to be commit b871ecbc2c)
2007-10-10 13:38:31 -05:00
Jelmer Vernooij
6812c73534 r10348: Add scons scripts for remaining subsystems. Most subsystems build now,
but final linking still fails (as does generating files asn1, et, idl and proto
files)
(This used to be commit 4f0d7f75b9)
2007-10-10 13:38:30 -05:00
Jelmer Vernooij
5b02ee9b9d r10336: Add sconscript for a couple more subsystems.
(This used to be commit 59d4450453)
2007-10-10 13:38:29 -05:00
Jelmer Vernooij
349294d358 r10315: Remove use of fstring and pstring in dynconfig.c
Remove unused includes of dynconfig.h
(This used to be commit 59083b7ba6)
2007-10-10 13:38:17 -05:00
Andrew Tridgell
95040e9341 r10252: a recent checkin from simo changed the handling of BASE and SUBTREE
searches in ldb to be more ldap compliant, but broke the wins server
and the ejs ldb code. This fixes those up so 'make test' passes again.
(This used to be commit dff660c23c)
2007-10-10 13:38:11 -05:00
Stefan Metzmacher
84951a4cee r10237: fix parameter, how have I missed this...?
metze
(This used to be commit d02e1aa049)
2007-10-10 13:38:10 -05:00
Andrew Tridgell
a129ad36eb r10213: fixed a memory leak in the ldap client and server code spotted by Karl
Melcher. ldap_encode() now takes a memory context to use for the data
blob
(This used to be commit 09948a5933)
2007-10-10 13:38:09 -05:00
Stefan Metzmacher
a8ec371a61 r10078: - add a 'struct data_blob_list_item'
- use this for the send_queue's of the different stream_servers
  to not redefine the same struct so often, and it maybe will be used
  in other places too

metze
(This used to be commit b6694f067a)
2007-10-10 13:37:51 -05:00
Andrew Bartlett
897e9f2b4d r9417: Ask for the ASYNC_REPLIES feature, as will want that.
Andrew Bartlett
(This used to be commit 8cb8f99ae6)
2007-10-10 13:33:36 -05:00
Simo Sorce
3e4c4cff21 r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names
Provide more functions to handle DNs in this form
(This used to be commit 692e35b779)
2007-10-10 13:33:32 -05:00
Simo Sorce
e66f76c864 r8926: RFC 2891 - LDAP Control Extension for Server Side Sorting of Search Results
(This used to be commit 5dd4844cc5)
2007-10-10 13:30:58 -05:00
Jelmer Vernooij
6553dd0c60 r8811: Fix the build..
(This used to be commit fac77f5fa2)
2007-10-10 13:30:07 -05:00
Andrew Tridgell
e835621799 r8520: fixed a pile of warnings from the build farm gcc -Wall output on
S390. This is an attempt to avoid the panic we're seeing in the
automatic builds.

The main fixes are:

 - assumptions that sizeof(size_t) == sizeof(int), mostly in printf formats

 - use of NULL format statements to perform dn searches.

 - assumption that sizeof() returns an int
(This used to be commit a58ea6b385)
2007-10-10 13:29:34 -05:00
Simo Sorce
b86111fe83 r8514: add docs
(This used to be commit 876f0a095b)
2007-10-10 13:29:33 -05:00
Andrew Tridgell
c6881d1e65 r8272: added the hooks for adding a name to a messaging context, so we will
be able to send a message to the "ldap_server" task without having to
know its task ID.
(This used to be commit 8f69867867)
2007-10-10 13:19:29 -05:00
Stefan Metzmacher
a1a3b96731 r8222: 0 entries are no error, unless it's a base search
metze
(This used to be commit 0297943ff2)
2007-10-10 13:19:21 -05:00
Andrew Tridgell
3214f2e212 r7918: fixed a crash bug in the ldap server
(This used to be commit 44ded17bc2)
2007-10-10 13:18:50 -05:00
Andrew Tridgell
b3e493470f r7911: task_terminate() is defined in the macosx headers, so change the name
to task_server_terminate()
(This used to be commit a7447e25ac)
2007-10-10 13:18:48 -05:00
Andrew Tridgell
63811f0cb8 r7854: only enable wrapping in the ldap server if it was negotiated by gensec
(This used to be commit 355983493b)
2007-10-10 13:18:43 -05:00
Andrew Tridgell
a7bbc024ed r7801: the ldap server needs this logic too
(This used to be commit 1dbb5bf2c1)
2007-10-10 13:18:37 -05:00
Andrew Tridgell
db6933323c r7777: allow for overriding the location of the sam databasein the ldap server, using
ldapsrv:samdb option. This allows the following:

          sam database=ldap://localhost
          ldapsrv:samdb=tdb:///home/tridge/samba/samba4/prefix/private/sam.ldb

which allows us to test putting the sam on an ldap server using our
own ldap server. This is a great stress test for the ldap code.
(This used to be commit 40948ba384)
2007-10-10 13:18:35 -05:00
Andrew Tridgell
b3e862b2d5 r7753: removed debugging code :-)
(This used to be commit 51ea22db2d)
2007-10-10 13:18:31 -05:00
Andrew Tridgell
7a17da2186 r7751: only enable tls on the ldaps port in ldap server, and reject non-tls
connections on that port
(This used to be commit 30da6a1cc4)
2007-10-10 13:18:31 -05:00
Andrew Tridgell
7267cb3312 r7749: some bug fixes from testing with socket:testnonblock
- fixed some infinite loops in asn1.c

- ensure asn1 callers know if an error is end of buffer or bad data

- handle npending 0 in ldap server
(This used to be commit f22c3b84c8)
2007-10-10 13:18:30 -05:00
Andrew Tridgell
c7496c6cdb r7747: - simplified the ldap server buffer handling
- got rid of the special cases for sasl buffers

- added a tls_socket_pending() call to determine how much data is waiting on a tls connection

- removed the attempt at async handling of ldap calls. The buffers/sockets are all async, but the calls themselves
  are sync.
(This used to be commit 73cb4aad22)
2007-10-10 13:18:30 -05:00
Andrew Tridgell
68853a1c7b r7746: - added TLS support to our ldap server
- this involved changing the buffer handling in the ldap server quite a
  lot, as it didn't handle partial packets at all

- removed completely bogus asn1_object_length() function. You can't
  do that with BER/DER
(This used to be commit fed6f4cc6c)
2007-10-10 13:18:30 -05:00
Andrew Tridgell
bf75ae4155 r7726: - removed some unused variables
- handle ldb_errstring() calls on failed connect
(This used to be commit 8698a20fcc)
2007-10-10 13:18:27 -05:00
Andrew Tridgell
b4eee348c4 r7720: - simplify the asn1 decode of ldap_search() a lot, taking advantage of
the fact that the ldap data structures now use ldb_message_element.

- fixed null termination of elements in ildap
(This used to be commit 09060994c1)
2007-10-10 13:18:26 -05:00
Andrew Tridgell
74037cbe92 r7711: update callers of ldb_connect() for new syntax
(This used to be commit f852661463)
2007-10-10 13:18:24 -05:00
Andrew Tridgell
fa165a688c r7677: fixed ldap server to honor 'private path'
(This used to be commit f6abed5660)
2007-10-10 13:18:21 -05:00
Andrew Tridgell
cf4552761e r7670: fixed rootDSE search in ldap server
(This used to be commit 0981a375cf)
2007-10-10 13:18:20 -05:00
Andrew Tridgell
af237084ec r7633: this patch started as an attempt to make the dcerpc code use a given
event_context for the socket_connect() call, so that when things that
use dcerpc are running alongside anything else it doesn't block the
whole process during a connect.

Then of course I needed to change any code that created a dcerpc
connection (such as the auth code) to also take an event context, and
anything that called that and so on .... thus the size of the patch.

There were 3 places where I punted:

  - abartlet wanted me to add a gensec_set_event_context() call
    instead of adding it to the gensec init calls. Andrew, my
    apologies for not doing this. I didn't do it as adding a new
    parameter allowed me to catch all the callers with the
    compiler. Now that its done, we could go back and use
    gensec_set_event_context()

  - the ejs code calls auth initialisation, which means it should pass
    in the event context from the web server. I punted on that. Needs fixing.

  - I used a NULL event context in dcom_get_pipe(). This is equivalent
    to what we did already, but should be fixed to use a callers event
    context. Jelmer, can you think of a clean way to do that?

I also cleaned up a couple of things:

 - libnet_context_destroy() makes no sense. I removed it.

 - removed some unused vars in various places
(This used to be commit 3a3025485b)
2007-10-10 13:18:15 -05:00
Andrew Tridgell
3e92471d4c r7596: next step in ldap cleanup. I'm aiming to get rid of the cut&pasted
ldif parsing code in libcli/ldap/ldap_ldif.c, and instead use the ldb
ldif code. To do that I have changed the ldap code to use 'struct
ldb_message_element' instead of 'struct ldap_attribute'. They are
essentially the same structure anyway, so by making them really the
same it will be much easier to use the ldb code in libcli/ldap/

I have also made 'struct ldb_val' the same as a DATA_BLOB, which will
simplify data handling in quite a few places (I haven't yet removed
all the code that maps between these two, that will come later)
(This used to be commit 87fc307339)
2007-10-10 13:18:12 -05:00
Andrew Tridgell
a7d6185f41 r7594: abartlet is right that this hack is not actually necessary, it just
prevents a bogus:
  GSS Update failed: Miscellaneous failure (see text): ASN.1 identifier doesn't match expected value
error on every ldap connection. I'll remove it and let the error remain until Andrew
works out a better fix.
(This used to be commit 6123eb2eca)
2007-10-10 13:18:12 -05:00
Andrew Tridgell
c0947b0d7f r7593: simplified the memory management in the ldap code. Having a mem_ctx
element in a structure is not necessary any more.
(This used to be commit 912d0427f5)
2007-10-10 13:18:12 -05:00
Andrew Tridgell
db2e86f75c r7568: enable the NTLMSSP bulk data sign/seal code for out ldap server. This
now works with windows clients, as I fixed the zero length bind ack packet.

Andrew, note that this has the strncmp("NTLMSSP", data, 7) hack. Please
replace with a more correct fix as we discussed.
(This used to be commit 69b02e8adb)
2007-10-10 13:18:10 -05:00
Andrew Tridgell
2e89687144 r7565: fixed handling of sasl data in ldap server
(This used to be commit 9b7a89735f)
2007-10-10 13:18:09 -05:00
Andrew Tridgell
4b0e5bd753 r7527: - added a ldb_search_bytree() interface, which takes a ldb_parse_tree
instead of a search expression. This allows our ldap server to pass
  its ASN.1 parsed search expressions straight to ldb, instead of going
  via strings.

- updated all the ldb modules code to handle the new interface

- got rid of the separate ldb_parse.h now that the ldb_parse
  structures are exposed externally

- moved to C99 structure initialisation in ldb

- switched ldap server to using ldb_search_bytree()
(This used to be commit 96620ab2ee)
2007-10-10 13:18:06 -05:00
Simo Sorce
b1b14817ea r5585: LDB interfaces change:
changes:
- ldb_wrap disappears from code and become a private structure of db_wrap.c
  thanks to our move to talloc in ldb code, we do not need to expose it anymore

- removal of ldb_close() function form the code
  thanks to our move to talloc in ldb code, we do not need it anymore
  use talloc_free() to close and free an ldb database

- some minor updates to ldb modules code to cope with the change and fix some
  bugs I found out during the process
(This used to be commit d58be9e74b)
2007-10-10 13:10:55 -05:00
Simo Sorce
e8eee542d3 r5583: some more docs
(This used to be commit d7751e3181)
2007-10-10 13:10:54 -05:00
Andrew Tridgell
a5bd1ccada r5307: removed db_wrap.h from includes.h
(This used to be commit 826baec7b3)
2007-10-10 13:09:40 -05:00
Andrew Tridgell
501379431c r5305: removed libcli/ldap/ldap.h from includes.h
(This used to be commit 0df3fdd817)
2007-10-10 13:09:39 -05:00
Andrew Tridgell
bed7c9ec32 r5304: removed lib/socket/socket.h from includes.h
(This used to be commit b902ea546d)
2007-10-10 13:09:39 -05:00
Andrew Tridgell
b9bb7f596d r5294: - added a separate NBT-WINS test for WINS operations (register, refresh, release and query)
- change the iface_n_*() functions to return a "const char *" instead of a "struct ipv4_addr"
  I think that in general we should move towards "const char *" for
  all IP addresses, as this makes IPv6 much easier, and is also easier
  to debug. Andrew, when you get a chance, could you fix some of the
  auth code to use strings for IPs ?

- return a NTSTATUS error on bad name queries and node status instead
  of using rcode. This makes the calling code simpler.

- added low level name release code in libcli/nbt/

- use a real IP in the register and wins nbt torture tests, as w2k3
  WINS server silently rejects some operations that don't come from the
  IP being used (eg. it says "yes" to a release, but does not in fact
  release the name)
(This used to be commit bb1ab11d8e)
2007-10-10 13:09:37 -05:00
Günther Deschner
c4eeb0459c r5266: This is a nice typo ;-)
Guenther
(This used to be commit 77b99c03b8)
2007-10-10 13:09:35 -05:00
Andrew Tridgell
131dc76d56 r5197: moved events code to lib/events/ (suggestion from metze)
(This used to be commit 7f54c8a339)
2007-10-10 13:09:30 -05:00
Andrew Tridgell
0798d54b4f r5195: most events don't need the time of the event, so save a gettimeofday() call
and just use timeval_current() when its actually needed
(This used to be commit 236403cc4d)
2007-10-10 13:09:30 -05:00
Andrew Tridgell
66170ef8b3 r5185: make all the events data structures private to events.c. This will
make it possible to add optimisations to the events code such as
keeping the next timed event in a sorted list, and using epoll for
file descriptor events.

I also removed the loop events code, as it wasn't being used anywhere,
and changed timed events to always be one-shot (as adding a new timed
event in the event handler is so easy to do if needed)
(This used to be commit d7b4b6de51)
2007-10-10 13:09:29 -05:00
Andrew Tridgell
55d4d36993 r5102: This is a major simplification of the logic for controlling top level
servers in smbd. The old code still contained a fairly bit of legacy
from the time when smbd was only handling SMB connection. The new code
gets rid of all of the smb_server specific code in smbd/, and creates
a much simpler infrastructures for new server code.

Major changes include:

 - simplified the process model code a lot.

 - got rid of the top level server and service structures
   completely. The top level context is now the event_context. This
   got rid of service.h and server.h completely (they were the most
   confusing parts of the old code)

 - added service_stream.[ch] for the helper functions that are
   specific to stream type services (services that handle streams, and
   use a logically separate process per connection)

 - got rid of the builtin idle_handler code in the service logic, as
   none of the servers were using it, and it can easily be handled by
   a server in future by adding its own timed_event to the event
   context.

 - fixed some major memory leaks in the rpc server code.

 - added registration of servers, rather than hard coding our list of
   possible servers. This allows for servers as modules in the future.

 - temporarily disabled the winbind code until I add the helper
   functions for that type of server

 - added error checking on service startup. If a configured server
   fails to startup then smbd doesn't startup.

 - cleaned up the command line handling in smbd, removing unused options
(This used to be commit cf6a46c3cb)
2007-10-10 13:09:22 -05:00
Andrew Tridgell
759da3b915 r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the
large commit. I thought this was worthwhile to get done for
consistency.
(This used to be commit ec32b22ed5)
2007-10-10 13:09:15 -05:00
Stefan Metzmacher
0475cfe570 r4941: - all needed data is now in sam.ldb and hacked.ldb is not needed anymore by the hacked ldap backend
- readd the schema naming context container object as it's needed for a w2k3 dc join

metze
(This used to be commit c583f80623)
2007-10-10 13:09:08 -05:00
Andrew Bartlett
757a063a13 r4897: Unbreak the LDAP server. Somehow the generic service structures
(which seem just a little too complex) changed, but this code was not
updated or tested.

Also clarify the existing code, by not reusing variables.

Andrew Bartlett
(This used to be commit eb46adade4)
2007-10-10 13:09:04 -05:00
Stefan Metzmacher
9327ec51d1 r4728: split up server_services into:
- stream_socket services
  the smb, ldap and rpc service which sets up a srtam socket end then
  waits for connections
and
- task services
  which this you can create a seperate task that do something
  (this is also going through the process_model subsystem
  so with -M standard a new process for this created
  with -M thread a new thread ...

I'll add datagram services later when we whave support for datagram sockets in lib/socket/

see the next commit as an example for service_task's

metze
(This used to be commit d5fa02746c)
2007-10-10 13:08:49 -05:00
Stefan Metzmacher
ef4e85614e r4716: add a real ugly hack to get all ldap queries of an
w2k3 dc join working

I just commit that to not lose it if my home box would crash...

you need a hacked.ldb with some stuff in it, I'll explain later

and you need --option="ldapsrv:hacked=yes"

so what is left now is KRB5 support for DCERPC in the server
as the EVENT LOG of w2k3 says...

metze
(This used to be commit d72760d26f)
2007-10-10 13:08:47 -05:00
Stefan Metzmacher
09c34de35a r4709: fix compiler warnings
metze
(This used to be commit 7aa86445e3)
2007-10-10 13:08:46 -05:00
Stefan Metzmacher
047d41cc49 r4634: disable sign and seal in ldap_server for now.
metze
(This used to be commit 872c687184)
2007-10-10 13:08:37 -05:00
Stefan Metzmacher
b343cc97de r4629: we now have a global macro NT_STATUS_HAVE_NO_MEMORY()
so don't use a local one

metze
(This used to be commit dd217f7916)
2007-10-10 13:08:36 -05:00
Stefan Metzmacher
e1426c51ab r4628: this function should be static
metze
(This used to be commit 590afa88f1)
2007-10-10 13:08:35 -05:00
Andrew Tridgell
ddc10d4d37 r4549: got rid of a lot more uses of plain talloc(), instead using
talloc_size() or talloc_array_p() where appropriate.

also fixed a memory leak in pvfs_copy_file() (failed to free a memory
context)
(This used to be commit 89b74b5354)
2007-10-10 13:08:25 -05:00
Andrew Tridgell
cc55aef7c1 r4547: - added talloc_new(ctx) macro that is a neater form of the common talloc(ctx, 0) call.
- cleaned up some talloc usage in various files

I'd like to get to the point that we have no calls to talloc(), at
which point we will rename talloc_p() to talloc(), to encourage
everyone to use the typesafe functions.
(This used to be commit e6c81d7c9f)
2007-10-10 13:08:20 -05:00
Andrew Tridgell
500d5523d2 r4475: fixed smbd to work with the small changes in the ldb API (the most important
change was in the ldb_msg_add_*() routines, which now use the msg as a context,
and thus it needs to be a talloc ptr)
(This used to be commit 1a4713bfd0)
2007-10-10 13:07:55 -05:00
Andrew Bartlett
9a6671cf95 r4459: GENSEC refinements:
In developing a GSSAPI plugin for GENSEC, it became clear that the API
needed to change:
 - GSSAPI exposes only a wrap() and unwrap() interface, and determines
   the location of the signature itself.
 - The 'have feature' API did not correctly function in the recursive
   SPNEGO environment.

As such, NTLMSSP has been updated to support these methods.

The LDAP client and server have been updated to use the new wrap() and
unwrap() methods, and now pass the LDAP-* tests in our smbtorture.
(Unfortunely I still get valgrind warnings, in the code that was
previously unreachable).

Andrew Bartlett
(This used to be commit 9923c3bc1b)
2007-10-10 13:07:53 -05:00
Andrew Bartlett
44113c4de1 r4355: More work from the elves on Christmas eve:
- Update Samba4's kerberos code to match the 'salting' changes in
   Samba3 (and many other cleanups by jra).

 - Move GENSEC into the modern era of talloc destructors.  This avoids
   many of the memory leaks in this code, as we now can't somehow
   'forget' to call the end routine.
  - This required fixing some of the talloc hierarchies.

 - The new krb5 seems more sensitive to getting the service name
   right, so start actually setting the service name on the krb5 context.

Andrew Bartlett
(This used to be commit 278bf1a61a)
2007-10-10 13:07:37 -05:00
Stefan Metzmacher
0ad10aec63 r4079: implement the gensec_have_feature() correctly by asking
the backend what is actually in use

metze
(This used to be commit 6f3eb7bc03)
2007-10-10 13:06:23 -05:00
Andrew Tridgell
4183b2ac38 r4037: fixed a bunch of "might be uninitialised" warnings after enabling -O1 in my compile
(This used to be commit 0928b1f5b6)
2007-10-10 13:06:16 -05:00
Stefan Metzmacher
15543f18ac r4000: DATA_BLOB.data is uint8_t * not void * :-)
(thanks abartlet for telling me)

metze
(This used to be commit 2783bf393f)
2007-10-10 13:06:13 -05:00
Stefan Metzmacher
1814aad561 r3962: fix compiler warnings
metze
(This used to be commit 3bfb732187)
2007-10-10 13:06:08 -05:00
Stefan Metzmacher
8a18778286 r3783: - don't use make proto for ldb anymore
- split ldh.h out of samba's includes.h

- make ldb_context and ldb_module private to the subsystem

- use ltdb_ prefix for all ldb_tdb functions

metze
(This used to be commit f5ee40d6ce)
2007-10-10 13:05:52 -05:00
Stefan Metzmacher
0a5ea499ec r3762: - only load the readed bytes into the input buffer
- fix compiler warnings with gcc-4.0

metze
(This used to be commit 7a931ea0f4)
2007-10-10 13:05:52 -05:00
Simo Sorce
679e95db03 r3754: merge in ldb modules support from the tmp branch ldbPlugins
(This used to be commit 71323f424b)
2007-10-10 13:05:51 -05:00
Jelmer Vernooij
8e16d8a76f r3733: More build system fixes/features:
- Use .mk files directly (no need for a SMB_*_MK() macro when adding a new SUBSYSTEM, MODULE or BINARY). This allows addition of new modules and subsystems without running configure
 - Add support for generating .dot files with the Samba4 dependency tree (as used by the graphviz and springgraph utilities)
(This used to be commit 64826da834)
2007-10-10 13:05:47 -05:00
Andrew Tridgell
dde0705807 r3507: - added deferred replies on sharing violation in pvfs open. The
deferred reply is short-circuited immediately when the file is
  closed by another user, allowing it to be opened by the waiting user.

- added a sane set of timeval manipulation routines

- converted all the events code and code that uses it to use struct
  timeval instead of time_t, which allows for microsecond resolution
  instead of 1 second resolution. This was needed for doing the pvfs
  deferred open code, and is why the patch is so big.
(This used to be commit 0d51511d40)
2007-10-10 13:05:23 -05:00
Andrew Tridgell
6f214cc510 r3494: got rid of include/rewrite.h, and split out the dynconfig.h header
(This used to be commit 558de54ec6)
2007-10-10 13:05:22 -05:00
Andrew Tridgell
a99b6219a8 r3481: split out client.h and events.h
(This used to be commit c6f4865744)
2007-10-10 13:05:20 -05:00
Andrew Tridgell
a42142439a r3464: split out registry.h, rap.h and ldap_server.h
(This used to be commit 70d2090f6b)
2007-10-10 13:05:17 -05:00
Andrew Tridgell
3643fb1109 r3463: separated out some more headers (asn_1.h, messages.h, dlinklist.h and ioctl.h)
(This used to be commit b97e395c81)
2007-10-10 13:05:17 -05:00
Andrew Tridgell
edbfc0f6e7 r3453: - split out the auth and popt includes
- tidied up some of the system includes

- moved a few more structures back from misc.idl to netlogon.idl and samr.idl now that pidl
  knows about inter-IDL dependencies
(This used to be commit 7b7477ac42)
2007-10-10 13:05:13 -05:00
Andrew Tridgell
ead3508ac8 r3447: more include/system/XXX.h include files
(This used to be commit 264ce91810)
2007-10-10 13:05:12 -05:00
Andrew Tridgell
284349482f r3443: the next stage in the include files re-organisation.
I have created the include/system/ directory, which will contain the
wrappers for the system includes for logical subsystems. So far I have
created include/system/kerberos.h and include/system/network.h, which
contain all the system includes for kerberos code and networking code.
These are the included in subsystems that need kerberos or networking
respectively.

Note that this method avoids the mess of #ifdef HAVE_XXX_H in every C
file, instead each C module includes the include/system/XXX.h file for
the logical system support it needs, and the details are kept isolated
in include/system/

This patch also creates a "struct ipv4_addr" which replaces "struct
in_addr" in our code. That avoids every C file needing to import all
the system networking headers.
(This used to be commit 2e25c71853)
2007-10-10 13:05:11 -05:00
Andrew Tridgell
c4cff94beb r3316: give the LDAP server a chance of operating correctly non-blocking (it
didn't handle EINTR or EAGAIN)
(This used to be commit c35a8f92c2)
2007-10-10 13:04:53 -05:00
Andrew Tridgell
c6888da148 r3304: changed the API to lib/socket/ a little.
The main change is to make socket_recv() take a pre-allocated buffer,
rather than allocating one itself. This allows non-blocking users of
this API to avoid a memcpy(). As a result our messaging code is now
about 10% faster, and the ncacn_ip_tcp and ncalrpc code is also
faster.

The second change was to remove the unused mem_ctx argument from
socket_send(). Having it there implied that memory could be allocated,
which meant the caller had to worry about freeing that memory (if for
example it is sending in a tight loop using the same memory
context). Removing that unused argument keeps life simpler for users.
(This used to be commit a16e4756cd)
2007-10-10 13:04:52 -05:00
Andrew Tridgell
9d055846f2 r3278: - rewrote the client side rpc connection code to use lib/socket/
rather than doing everything itself. This greatly simplifies the
  code, although I really don't like the socket_recv() interface (it
  always allocates memory for you, which means an extra memcpy in this
  code)

- fixed several bugs in the socket_ipv4.c code, in particular client
  side code used a non-blocking connect but didn't handle EINPROGRESS,
  so it had no chance of working. Also fixed the error codes, using
  map_nt_error_from_unix()

- cleaned up and expanded map_nt_error_from_unix()

- changed interpret_addr2() to not take a mem_ctx. It makes absolutely
  no sense to allocate a fixed size 4 byte structure like this. Dozens
  of places in the code were also using interpret_addr2() incorrectly
  (precisely because the allocation made no sense)
(This used to be commit 7f2c771b0e)
2007-10-10 13:04:49 -05:00
Jelmer Vernooij
8debe5a6b8 r3136: - Allow specifying socket type when adding smbd service
- Make sure a epm_tower struct is completely initialized
- Some more minor fixes
(This used to be commit d560dcbdb8)
2007-10-10 13:02:25 -05:00
Stefan Metzmacher
98c8cb195a r3099: implment sldb_ModifyDN()
metze
(This used to be commit a25d1c4419)
2007-10-10 13:02:21 -05:00
Stefan Metzmacher
d970cafc4b r3098: - fix segfault in sldb_Compare()
- be more verbose on the INVALID_DN errstr

metze
(This used to be commit 4b8d90866e)
2007-10-10 13:02:20 -05:00
Stefan Metzmacher
fd07fc88e7 r3097: - an empty string is a valid DN
- detect in valid DN's

- some error handling fixes

metze
(This used to be commit d92eff2328)
2007-10-10 13:02:20 -05:00
Simo Sorce
2d2f43c939 r2908: fix typo
(This used to be commit f544f83063)
2007-10-10 12:59:47 -05:00
Stefan Metzmacher
585571a824 r2892: fix compiler warning
metze
(This used to be commit 1a3b546fce)
2007-10-10 12:59:44 -05:00
Stefan Metzmacher
22f0d7012c r2891: call rootDSE only with LDAP_SEARCH_SCOPE_BASE
this is needed because of the global catalog

metze
(This used to be commit 071c19c25d)
2007-10-10 12:59:43 -05:00
Stefan Metzmacher
437a037b7b r2890: fix segfault when call is destroyed and we dereference it
metze
(This used to be commit 82e792a0ce)
2007-10-10 12:59:43 -05:00
Stefan Metzmacher
e465b65274 r2886: missing stuff from last commit
metze
(This used to be commit f3f2d1c676)
2007-10-10 12:59:42 -05:00
Stefan Metzmacher
48d87ea356 r2885: windows doesn't try to do sign or seal by default
metze
(This used to be commit 0f5267c29c)
2007-10-10 12:59:42 -05:00
Stefan Metzmacher
c4005997b9 r2881: also bind the ldap service on the global catalog service port
(port 3268)

metze
(This used to be commit 7d17122c71)
2007-10-10 12:59:42 -05:00
Stefan Metzmacher
bd7cd1953a r2880: move the rootdse.ldif template to the source/ dir
so that that it will be easier found by running
./script/rootdse.pl

metze
(This used to be commit 650713f7fe)
2007-10-10 12:59:41 -05:00
Stefan Metzmacher
73e9f435f5 r2878: add server sasl support
(there are a lot of clean ups following later, but the LDAP-BASIC test
 works :-)

metze
(This used to be commit 34fe29c04a)
2007-10-10 12:59:41 -05:00
Stefan Metzmacher
85e18e252d r2877: the Bind and Unbind function are already moved...
metze
(This used to be commit 5c3f3b4072)
2007-10-10 12:59:41 -05:00
Stefan Metzmacher
4c2bbb1edb r2876: - more than one rootDSE entry in the database is an error!
- don't say that we provide the same functionality as w2k3

- netbiosname is always upper case hostname

- minor fixes rootdse.pl

metze
(This used to be commit 0b30ec593f)
2007-10-10 12:59:41 -05:00
Simo Sorce
d669d6a892 r2875: some fixes + (C) note
(This used to be commit d878c3c365)
2007-10-10 12:59:41 -05:00
Simo Sorce
7251e37bb6 r2874: Italian CodeJam commit :-)
implemented rootDSE on ldb with rootdse.ldif and related script to populate a basic rootDSE tree
(This used to be commit 923c936088)
2007-10-10 12:59:41 -05:00
Stefan Metzmacher
4503ddc155 r2864: - Bind and Unbind are no directory partition operations
- move Bind Unbind code to a seperate file

metze
(This used to be commit 3aa1a29897)
2007-10-10 12:59:40 -05:00
Stefan Metzmacher
7a4478845f r2863: move the logical ldapsrv functions to a seperate file
metze
(This used to be commit 5173c4d4fe)
2007-10-10 12:59:40 -05:00
Stefan Metzmacher
2a1ee36e7f r2862: prepare LDAP SASL support for the server
metze
(This used to be commit 9a7505bd74)
2007-10-10 12:59:40 -05:00
Stefan Metzmacher
9abbd9e860 r2855: fix error codes for Compare
metze
(This used to be commit d23335bc14)
2007-10-10 12:59:39 -05:00
Andrew Tridgell
1aabcd7312 r2836: removed a couple of unused variables
(This used to be commit 391b09dad1)
2007-10-10 12:59:38 -05:00
Stefan Metzmacher
85428819e3 r2825: fix the build
this function names are unsed elsewhere in the code too

metze
(This used to be commit a8f2fe0ff0)
2007-10-10 12:59:37 -05:00
Simo Sorce
cf42c06c86 r2820: complete the parsing routing with correct support for escaped chars
clean up simple_ldb functions
(This used to be commit 3af61cb6cd)
2007-10-10 12:59:37 -05:00
Stefan Metzmacher
85b78669b4 r2816: fix 'Default-First-Site-Name' dn
metze
(This used to be commit ae4b99d15c)
2007-10-10 12:59:36 -05:00
Simo Sorce
44a556fd5a r2815: add some more docs
add a nearly complete rfc conformat dn parsing function
(This used to be commit 1bc5a94488)
2007-10-10 12:59:36 -05:00
Andrew Tridgell
1429ed54f1 r2792: got rid of talloc_ldb_alloc() and instead created talloc_realloc_fn(),
so talloc now doesn't contain any ldb specific functions.

allow NULL to be passed to a couple more talloc() functions
(This used to be commit 1246f80d80)
2007-10-10 12:59:34 -05:00
Simo Sorce
338c90404f r2758: keep docos handy while developing it
(This used to be commit 5f9b58c785)
2007-10-10 12:59:31 -05:00
Stefan Metzmacher
a4a360b7fe r2757: some minor fixes
metze
(This used to be commit 991b4777c8)
2007-10-10 12:59:30 -05:00
Simo Sorce
53e5e96830 r2754: Change sldb_trim_dn() to be sldb_fix_dn() as we are not really trimming.
Make it handle all cases:
- remove spaces before and after ','
- remove spaces after '='

TODO: check if there are escape chars in the RFC, they are not handled here yet.

Simo.
(This used to be commit ba2970c3a4)
2007-10-10 12:59:30 -05:00
Stefan Metzmacher
525dc6f089 r2748: implement sldb_Compare()
Simo: this commit should not conflict much with your changes:-)

metze
(This used to be commit 6825e78e01)
2007-10-10 12:59:30 -05:00
Stefan Metzmacher
ab5a0d31a3 r2731: use debug level 10 everywhere
metze
(This used to be commit a0e4dca3da)
2007-10-10 12:59:27 -05:00
Stefan Metzmacher
6baf350771 r2724: - use ldapsrv_service and set it up with the rootDSE and default partition
(this is not complete yet)

- call asn1_free() after each call

metze
(This used to be commit 0aa622bdc4)
2007-10-10 12:59:26 -05:00
Stefan Metzmacher
aee52f2b57 r2722: remove tmp debug messages
metze
(This used to be commit 60dcba3e91)
2007-10-10 12:59:26 -05:00
Stefan Metzmacher
4d541b26ea r2720: -implement sldb_Modify() call
metze
(This used to be commit e74d3895f0)
2007-10-10 12:59:26 -05:00
Stefan Metzmacher
7c0efa5cf1 r2714: - add sldb_Add() implementation
- fix some errstr settings

metze
(This used to be commit 7419c6dabb)
2007-10-10 12:59:25 -05:00
Simo Sorce
eac532ee3a r2695: revert "Del" renaming
(This used to be commit ddd74dae8e)
2007-10-10 12:59:24 -05:00
Stefan Metzmacher
43d45f80ad r2693: - send a reply when no attributes there
- add some debug messages

metze
(This used to be commit 1de1beca66)
2007-10-10 12:59:23 -05:00
Simo Sorce
456e2f82e8 r2689: Use consistent naming Del -> Delete
Add delete functionality to ldb simple lda server backend
add some const in ldap.h
(This used to be commit 5ed9a6eb18)
2007-10-10 12:59:22 -05:00
Stefan Metzmacher
718bb5e8ff r2688: - fix case where listed attributes are asked
- use the return code of the functions
  and only call ldapsrv_terminate_connection from ldapsrv_recv() or ldapsrv_send()
- the rootdse is now a normal partition

metze
(This used to be commit af1501a28d)
2007-10-10 12:59:22 -05:00
Stefan Metzmacher
c8a7c5b95e r2685: ALLOC_CHECK() after talloc_steal() isn't needed
(thanks simo:-)

metze
(This used to be commit e62cd75d37)
2007-10-10 12:59:22 -05:00
Stefan Metzmacher
ccdb6138ab r2682: as sambdb holds all search data, don't double free the data
metze
(This used to be commit 740347255b)
2007-10-10 12:59:21 -05:00
Stefan Metzmacher
965feb2cff r2681: commit the first semi working search implementation
which exports data from a ldb.

I commit this code, so that someone can help me to find a strange
bug

metze
(This used to be commit 67bb491725)
2007-10-10 12:59:21 -05:00
Andrew Tridgell
764eddb696 r2646: - use a talloc destructor to ensure that sockets from the new socket
library are closed on abnormal termination

- convert the service.h structures to the new talloc methods
(This used to be commit 2dc334a328)
2007-10-10 12:59:16 -05:00
Andrew Tridgell
223e78990a r2628: got rid of some warnings and converted a few more places to use hierarchical memory allocation
(This used to be commit 26da45a801)
2007-10-10 12:59:14 -05:00
Stefan Metzmacher
9a7c87bb64 r2527: - add a dummy for a simple ldb backend
- handle the complete rootDSE search (maybe this will be also a partition module)

metze
(This used to be commit 6fc904a71c)
2007-10-10 12:59:02 -05:00
Stefan Metzmacher
0c7a18525c r2526: use LDAP error 53 (unwillingToPerform)
when the backend didn't implement the call

metze
(This used to be commit e2fe685849)
2007-10-10 12:59:02 -05:00
Stefan Metzmacher
1efef4a19f r2525: fix a search response when the backend didn't support Search
we return LDAP error 32 (noSuchObject) now instead of a protocol error

metze
(This used to be commit f9dc34cd0b)
2007-10-10 12:59:02 -05:00
Stefan Metzmacher
6ad5996ef5 r2523: - readd rootDSE reply
- add infrastructure start for having multiple directory partitions (backends)

metze
(This used to be commit 5103e7fe78)
2007-10-10 12:59:02 -05:00
Stefan Metzmacher
b6d3ba9672 r2509: add a struct ldapsrv_call which is simular to the dcesrv_call_state struct
and related stuff...

metze
(This used to be commit dc1f8212ff)
2007-10-10 12:59:00 -05:00
Stefan Metzmacher
7d06a06584 r2447: let the server code use the new lib/socket/ stuff
metze
(This used to be commit 2fd577d241)
2007-10-10 12:58:54 -05:00
Stefan Metzmacher
9041c3560f r2401: make our LDAP server useable:
- we need to mark the fd event as writable otherwise we'll never senda packet to the client
- a search response have to ended by a LDAP result message
- return currentTime, supportedLDAPVersion and dnsHostName for testing

ldap -x -s base -h ldap://localhost/ is now works against our LDAP server

metze
(This used to be commit 3a9ca35116)
2007-10-10 12:58:48 -05:00
Stefan Metzmacher
a560d554bd r2321: add complately untested LDAP server start
based on volker's patch

this is compiled by default but not started by default

metze
(This used to be commit 5387bc423d)
2007-10-10 12:58:43 -05:00