1
0
mirror of https://github.com/samba-team/samba.git synced 2025-07-27 07:42:04 +03:00
Commit Graph

16 Commits

Author SHA1 Message Date
c8a23147fe s4:libcli/ldap Rename ldap.h to libcli_ldap.h
It is a problem if a samba header is called ldap.h if we also want
to use OpenLDAP's ldap.h

Andrew Bartlett
2010-05-21 17:39:15 +10:00
8078614814 s4/ldap: Refactor the fix for ldap nested searches
Current implementation synchronizes processing for
all types of LDAP request, not only LDAP_Search ones.

Synchronization for ldap replies processing is done
locally in ldb_ildap module as this concerns only
ildb_callback() function.

Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
2010-02-17 18:03:31 +02:00
a4d0ed5a10 s4/ldap: Fix nested searches SEGFAULT bug
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-01-29 14:09:53 +01:00
183c379fe5 s4:lib/tevent: rename structs
list=""
list="$list event_context:tevent_context"
list="$list fd_event:tevent_fd"
list="$list timed_event:tevent_timer"

for s in $list; do
	o=`echo $s | cut -d ':' -f1`
	n=`echo $s | cut -d ':' -f2`
	r=`git grep "struct $o" |cut -d ':' -f1 |sort -u`
	files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4`
	for f in $files; do
		cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp
		mv $f.tmp $f
	done
done

metze
2008-12-29 20:46:40 +01:00
afe3e8172d Install public header files again and include required prototypes.
(This used to be commit 47ffbbf674)
2008-04-02 04:53:27 +02:00
b65dba2245 r26355: Eliminate global_loadparm in more places.
(This used to be commit 5d589a0d94)
2007-12-21 05:49:01 +01:00
61ffa08f4c r24712: No longer expose the 'BOOL' data type in any interfaces.
(This used to be commit 1ce32673d9)
2007-10-10 15:02:54 -05:00
0479a2f1cb r23792: convert Samba4 to GPLv3
There are still a few tidyups of old FSF addresses to come (in both s3
and s4). More commits soon.
(This used to be commit fcf38a38ac)
2007-10-10 14:59:12 -05:00
ba07fa43d0 r17197: This patch moves the encryption of bulk data on SASL negotiated security
contexts from the application layer into the socket layer.

This improves a number of correctness aspects, as we now allow LDAP
packets to cross multiple SASL packets.  It should also make it much
easier to write async LDAP tests from windows clients, as they use SASL
by default.  It is also vital to allowing OpenLDAP clients to use GSSAPI
against Samba4, as it negotiates a rather small SASL buffer size.

This patch mirrors the earlier work done to move TLS into the socket
layer.

Unusual in this pstch is the extra read callback argument I take.  As
SASL is a layer on top of a socket, it is entirely possible for the
SASL layer to drain a socket dry, but for the caller not to have read
all the decrypted data.  This would leave the system without an event
to restart the read (as the socket is dry).

As such, I re-invoke the read handler from a timed callback, which
should trigger on the next running of the event loop.  I believe that
the TLS code does require a similar callback.

In trying to understand why this is required, imagine a SASL-encrypted
LDAP packet in the following formation:

+-----------------+---------------------+
| SASL  Packet #1 | SASL Packet #2      |
----------------------------------------+
| LDAP Packet #1       | LDAP Packet #2 |
----------------------------------------+

In the old code, this was illegal, but it is perfectly standard
SASL-encrypted LDAP.  Without the callback, we would read and process
the first LDAP packet, and the SASL code would have read the second SASL
packet (to decrypt enough data for the LDAP packet), and no data would
remain on the socket.

Without data on the socket, read events stop.  That is why I add timed
events, until the SASL buffer is drained.

Another approach would be to add a hack to the event system, to have it
pretend there remained data to read off the network (but that is ugly).

In improving the code, to handle more real-world cases, I've been able
to remove almost all the special-cases in the testnonblock code.  The
only special case is that we must use a deterministic partial packet
when calling send, rather than a random length.  (1 + n/2).  This is
needed because of the way the SASL and TLS code works, and the 'resend
on failure' requirements.

Andrew Bartlett
(This used to be commit 5d7c9c12cb)
2007-10-10 14:10:18 -05:00
742c110cd6 r15400: Move the TLS code behind the socket interface.
This reduces caller complexity, because the TLS code is now called
just like any other socket.  (A new socket context is returned by the
tls_init_server and tls_init_client routines).

When TLS is not available, the original socket is returned.

Andrew Bartlett
(This used to be commit 09b2f30dfa)
2007-10-10 14:05:32 -05:00
8f16429947 r15238: Add some code to automatically reconnect if we want to.
(This used to be commit e2102999e2)
2007-10-10 14:04:23 -05:00
00fe70e5b9 r13609: Get in the initial work on making ldb async
Currently only ldb_ildap is async, the plan
is to first make all backend support the async calls,
and then remove the sync functions from backends and
keep the only in the API.

Modules will need to be transformed along the way.

Simo
(This used to be commit 1e2c13b2d5)
2007-10-10 13:51:59 -05:00
65baaafc34 r11620: switch the ldap client code over to using the generic packet code
(This used to be commit 1d29ad2a27)
2007-10-10 13:45:59 -05:00
69307693dc r11528: Separate finding dcs from initializing a domain. Makes it easier to possibly
support cldap and other stuff in the future.

This temporarily disables wbinfo -t, but that will come back soon.

Try an ldap bind using gss-spnego. This got me krb5 binds against "our" w2k3
and a trusted w2k, although with some memleaks from krb5 and a BAD_OPTION
tgs-rep error.

Volker
(This used to be commit d14948fdf6)
2007-10-10 13:45:49 -05:00
5eccf719fb r7770: added ldaps support to our ldap client library
(This used to be commit 8f5c2e8682)
2007-10-10 13:18:34 -05:00
bab977dad7 r7626: a new ldap client library. Main features are:
- hooked into events system, so requests can be truly async and won't
   interfere with other processing happening at the same time

 - uses NTSTATUS codes for errors (previously errors were mostly
   ignored). In a similar fashion to the DOS error handling, I have
   reserved a range of the NTSTATUS code 32 bit space for LDAP error
   codes, so a function can return a LDAP error code in a NTSTATUS

 - much cleaner packet handling
(This used to be commit 2e3c660b2f)
2007-10-10 13:18:14 -05:00