1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

71 Commits

Author SHA1 Message Date
Jelmer Vernooij
6a79ad7664 gensec: Avoid exposing lp_ctx on the API level. 2009-09-26 20:55:18 +02:00
Andrew Bartlett
093148c1f0 s4:ldap_server Correct removal of talloc_steal()
This corrects commit 7a82aed71b.  The
steal did not set ent->attributes, so it was incorrect to assign to
ent->attributes.

Andrew Bartlett
2009-08-14 13:12:35 +10:00
Andrew Bartlett
7a82aed71b s4:ldap_server Remove another talloc_steal (with references)
This talloc_steal also conflicts with the ldb_map code, and like the
previous commit, is rudundent given the talloc_steal of the whole msg
above.

Andrew Bartlett
2009-08-14 12:57:46 +10:00
Andrew Bartlett
5c3cf58a84 s4:ldap_server Don't talloc_steal (with references) in ldap_backend
There may or may not be a need to take a reference to the 'name' in
the ldb_map code, but given we seal the whole msg just above here, it
makes no senst to steal the name, but not the values.

Andrew Bartlett
2009-08-14 12:48:10 +10:00
Günther Deschner
7048165e7a s4-ldap_server: fix generated error string in map_ldb_error().
Guenther
2009-08-04 00:16:37 +02:00
Matthias Dieter Wallnöfer
04ea52f867 s4: Enhances the LDAP server to display error messages like Windows Server
Those error messages also include the WERROR code of the failed operation(s) in this
manner: <error code eight chars in HEX>: <further error message>

This also addresses bug #4949
2009-07-31 17:41:04 +02:00
Andrew Tridgell
2d981919b8 use a talloc_unlink() as ops may have a reference 2009-07-01 15:15:37 +10:00
Andrew Bartlett
e4ccd69d49 s4:ldap_server: return the extended dn to the LDAP client if available
This uses an early peek at the extended_dn_control (in the request) to see what output
format to use.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-17 12:29:26 +11:00
Andrew Bartlett
109719de03 Remove restrictions on number of DN components in LDAP server
There is no reason for these restrictions to be in the LDAP server -
they belong in the LDB layer.  When accepting 'extended' or
'alternate' DNs we can't tell anyway.

Andrew Bartlett
2008-11-17 10:06:18 +11:00
Jelmer Vernooij
1e053df95c Remove use of global_loadparm for disabled gensec backends. 2008-11-02 19:28:17 +01:00
Jelmer Vernooij
9565999755 Fix include paths to new location of libutil. 2008-10-11 21:31:42 +02:00
Simo Sorce
b2901da479 LDB ASYNC: misc changes 2008-09-29 04:22:20 +02:00
Simo Sorce
508527890a Merge ldb_search() and ldb_search_exp_fmt() into a simgle function.
The previous ldb_search() interface made it way too easy to leak results,
and being able to use a printf-like expression turns to be really useful.
2008-09-23 18:17:46 -04:00
Andrew Bartlett
532899386b Use secrets.ldb to store credentials to contact LDAP backend.
This makes Samba4 behave much like Samba3 did, and use a single set of
administrative credentials for it's connection to LDAP.

Andrew Bartlett
(This used to be commit e396a59788)
2008-07-15 15:07:13 +10:00
Stefan Metzmacher
0a391223ac ldap_server: allow modifies to the root dse record and pass them to the ldb layer
metze
(This used to be commit 3da6f7f95d)
2008-07-02 10:32:02 +02:00
Jelmer Vernooij
21fc767378 Specify event_context to ldb_wrap_connect explicitly.
(This used to be commit b4e1ae07a2)
2008-04-17 12:23:44 +02:00
Andrew Bartlett
1c1c6fca66 Fix more valgrind issues.
This passes down the timeout more consistantly, and ensures that no
matter how the modules screw up, we don't free() the memory we are
going to write into the ASN1 packet until we actually write it out.

Andrew Bartlett
(This used to be commit eefd46289b)
2008-03-29 13:32:15 +11:00
Andrew Bartlett
e0c90d6131 Fix some valgrind issues.
These small changes seem to fix some of the early issues in 'make
valgrindtest'

Previously, the subtree_delete code didn't pass on the timeout,
leaving it uninitialised.

The ldap_server/ldap_backend.c change tidies up the talloc hierarchy a
bit.

Andrew Bartlett
(This used to be commit 95314f29a9)
2008-03-29 11:18:00 +11:00
Jelmer Vernooij
2f8dc4f48f r26266: Remove more global_loadparm uses.
(This used to be commit 99113075c4)
2007-12-21 05:47:42 +01:00
Andrew Bartlett
1da2cfe03d r26193: In the LDAP server, use the new 'controls_decoded' element to
determine if this (possibly critical) control has been decoded.  This
allows us to return an error, rather than just dropping the socket.

Andrew Bartlett
(This used to be commit 230a60c191)
2007-12-21 05:46:44 +01:00
Jelmer Vernooij
ca0b72a1fd r26003: Split up DB_WRAP, as first step in an attempt to sanitize dependencies.
(This used to be commit 56dfcb4f2f)
2007-12-21 05:45:40 +01:00
Andrew Bartlett
bd6a651b38 r25960: Enable checks on the validity of the search base on sam.ldb in Samba4.
Remove bogus check to return NO_SUCH_ENTRY in ldap_backend.c, as this
error is now correctly emited from ldb.

Andrew Bartlett
(This used to be commit ed57862b90)
2007-12-21 05:45:19 +01:00
Jelmer Vernooij
2f3551ca7c r25446: Merge some changes I made on the way home from SFO:
2007-09-29 More higher-level passing around of lp_ctx.
2007-09-29 Fix warning.
2007-09-29 Pass loadparm contexts on a higher level.
2007-09-29 Avoid using global loadparm context.
(This used to be commit 3468952e77)
2007-10-10 15:07:34 -05:00
Stefan Metzmacher
98038f71a7 r25428: forward declarations of enums are not portable,
so pass struct cli_credentials *cred instead of
enum credentials_use_kerberos use_kerberos.

metze
(This used to be commit b945aaa9da)
2007-10-10 15:07:31 -05:00
Jelmer Vernooij
37d53832a4 r25398: Parse loadparm context to all lp_*() functions.
(This used to be commit 3fcc960839)
2007-10-10 15:07:25 -05:00
Jelmer Vernooij
ffeee68e4b r25026: Move param/param.h out of includes.h
(This used to be commit abe8349f9b)
2007-10-10 15:05:38 -05:00
Andrew Bartlett
4955b21f68 r23849: ldap_server: Provide more info in debug traces
blackbox tests:  increase test coverage by running more options.

Andrew Bartlett
(This used to be commit 46abf82675)
2007-10-10 14:59:24 -05:00
Andrew Bartlett
a0fa5051bd r23816: A little more static, but leave the dead code testjoin.c as documentation.
Andrew Bartlett
(This used to be commit 6679003c05)
2007-10-10 14:59:23 -05:00
Andrew Tridgell
0479a2f1cb r23792: convert Samba4 to GPLv3
There are still a few tidyups of old FSF addresses to come (in both s3
and s4). More commits soon.
(This used to be commit fcf38a38ac)
2007-10-10 14:59:12 -05:00
Andrew Bartlett
2d2cde7d95 r23762: Fix DN renames over LDAP, and instrument the partition module. Add a
test to prove the behaviour of LDAP renames etc.

Fix LDB to return correct error code when failing to rename one DN
onto another.

Andrew Bartlett
(This used to be commit 3f3da9c471)
2007-10-10 14:59:11 -05:00
Andrew Bartlett
7dc7156bd7 r21496: A number of ldb control and LDAP changes, surrounding the
'phantom_root' flag in the search_options control

- Add in support for LDB controls to the js layer
- Test the behaviour
- Implement support for the 'phantom_root' flag in the partitions module
- Make the LDAP server set the 'phantom_root' flag in the search_options control
  - This replaces the global_catalog flag passed down as an opaque pointer
- Rework the string-format control parsing function into
  ldb_parse_control_strings(), returning errors by ldb_errorstring()
  method, rather than with printf to stderr
- Rework some of the ldb_control handling logic

Andrew Bartlett
(This used to be commit 2b3df7f38d)
2007-10-10 14:48:44 -05:00
Stefan Metzmacher
a3c0f3035d r20189: remove unused struct element
metze
(This used to be commit d20d1872d5)
2007-10-10 14:29:20 -05:00
Simo Sorce
a9e31b33b5 r19832: better prototypes for the linearization functions:
- ldb_dn_get_linearized
  returns a const string

- ldb_dn_alloc_linearized
  allocs astring with the linearized dn
(This used to be commit 3929c086d5)
2007-10-10 14:28:22 -05:00
Simo Sorce
4889eb9f7a r19831: Big ldb_dn optimization and interfaces enhancement patch
This patch changes a lot of the code in ldb_dn.c, and also
removes and add a number of manipulation functions around.

The aim is to avoid validating a dn if not necessary as the
validation code is necessarily slow. This is mainly to speed up
internal operations where input is not user generated and so we
can assume the DNs need no validation. The code is designed to
keep the data as a string if possible.

The code is not yet 100% perfect, but pass all the tests so far.
A memleak is certainly present, I'll work on that next.

Simo.
(This used to be commit a580c871d3)
2007-10-10 14:28:22 -05:00
Stefan Metzmacher
3c6b9db18f r19722: fix memory leaks and hierachie bugs
metze
(This used to be commit fddcbf5d4c)
2007-10-10 14:28:14 -05:00
Stefan Metzmacher
132b046ec8 r19721: ldapsrv_SearchCallback isn't needed any more
ldb_search_default_callback does the same...

metze
(This used to be commit 0edac60ec6)
2007-10-10 14:28:13 -05:00
Simo Sorce
b7774527fa r19531: Make struct ldb_dn opaque and local to ldb_dn.c
(This used to be commit 889fb983ba)
2007-10-10 14:24:44 -05:00
Andrew Bartlett
899ae849e8 r19522: Remove gensec and credentials dependency from the rootdse module (less
dependency loops).

This moves the evaluation of the SASL mechansim list to display in the
rootDSE to the ldap server.

Andrew Bartlett
(This used to be commit 379da475e2)
2007-10-10 14:24:44 -05:00
Andrew Bartlett
31454d2e8b r18989: Fixes found by these two LDAP testsuites:
- http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/
- http://gleg.net/protover_ldap_sample.shtml

Also fixes found by a subsequent audit of the code for similar issues.
(This used to be commit 441a4f6262)
2007-10-10 14:20:26 -05:00
Andrew Tridgell
30ee8beb93 r18301: I discovered how to load the warnings from a build farm build into
emacs compile mode (hint, paste to a file, and compile as "cat
filename").

This allowed me to fix nearly all the warnings for a IA_64 SuSE build
very quickly.
(This used to be commit eba6c84eff)
2007-10-10 14:18:04 -05:00
Jelmer Vernooij
0329d755a7 r17930: Merge noinclude branch:
* Move dlinklist.h, smb.h to subsystem-specific directories
 * Clean up ads.h and move what is left of it to dsdb/
   (only place where it's used)
(This used to be commit f7afa1cb77)
2007-10-10 14:16:54 -05:00
Stefan Metzmacher
aeb8077b96 r17240: move extended operations to a new file
metze
(This used to be commit 0b16350fa2)
2007-10-10 14:10:23 -05:00
Stefan Metzmacher
4cdcc17893 r17237: - keep pointer to the different sockets
- we need this to later:
  - to disallow a StartTLS when TLS is already in use
  - to place the TLS socket between the raw and sasl socket
    when we had a sasl bind before the StartTLS
  - and rfc4513 says that the server may allow to remove the TLS from
    the tcp connection again and reuse raw tcp
  - and also a 2nd sasl bind should replace the old sasl socket

metze
(This used to be commit 10cb9c07ac)
2007-10-10 14:10:22 -05:00
Andrew Bartlett
a6629e037a r17224: Accept the start-tls extended request. Getting OpenLDAP to recognise
our certificate, and proceed with the connection is left as an
exercise for the reader...

Andrew Bartlett
(This used to be commit 9bd66d4c95)
2007-10-10 14:10:21 -05:00
Simo Sorce
49f68caed2 r17186: "async" word abuse clean-up part 2
(This used to be commit c6aa60c7e6)
2007-10-10 14:10:17 -05:00
Simo Sorce
c93817b36d r17185: Oh, I wanted to do this for sooo long time.
Finally acknowledge that ldb is inherently async and does not have a dual personality anymore
Rename all ldb_async_XXX functions to ldb_XXX except for ldb_async_result, it is now ldb_reply
to reflect the real function of this structure.

Simo.
(This used to be commit 25fc735404)
2007-10-10 14:10:16 -05:00
Andrew Bartlett
32ab518767 r16972: Replace the sequence_number function pointer in ldb with the ldb flags.
The function pointer was meant to be unused, this patch fixes
partition.c to use ldb_sequence_number().  (No backend provided the
pointer any more).

Set the flags onto the ldb structure, so that all backends opened by
the partitions module inherit the flags.

Set the read-ony flag when accessed as the global catalog

Modify the LDAP server to track that this query is for the global
catalog (by incoming port), and set a opqaue pointer.

Next step is to read that opaque pointer in the partitions module.

Andrew Bartlett
(This used to be commit a1161cb30e)
2007-10-10 14:10:04 -05:00
Andrew Bartlett
d4c5627073 r16234: Set the request timeout from the LDAP search. Without this, the
initial request time is uninitialised, and this causes havoc later.
This also allows us to honour the client's wishes.

We should be doing this for all the operations...

Andrew Bartlett
(This used to be commit c8f5b1c928)
2007-10-10 14:09:07 -05:00
Simo Sorce
2d19dca9c8 r15944: rename LDB_ASYNC_ADD -> LDB_ADD, LDB_ASYNC_MODIFY -> LDB_MODIFY, etc...
(This used to be commit 55d97ef88f)
2007-10-10 14:08:43 -05:00
Simo Sorce
2613d19937 r15933: remove the last sync call to ldb_request
(This used to be commit 10d66aa61d)
2007-10-10 14:08:41 -05:00