summaryrefslogtreecommitdiffstats
path: root/source4/ldap_server/ldap_backend.c
Commit message (Collapse)AuthorAgeFilesLines
* s4-ldap: Pass on-wire transmitted control down the chainKamen Mazdrashki2014-12-081-1/+1
| | | | | | Change-Id: Ic3a117f74e8a67c45584fdb520d92e4f0cb01c5e Signed-off-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* ldapsrv: Pass struct ldb_result * rather than void *Andrew Bartlett2014-03-141-8/+8
| | | | | | | Change-Id: Ic521cbfcf922cfe9e14c89116c097b777a86af40 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-on: https://gerrit.samba.org/35 Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4:dsdb/rootdse: Support netlogon requestBenjamin Franzke2013-11-111-0/+3
| | | | | | | | | | | | | | | | | | | | | | This patch adds support for a netlogon ldap style request over the tcp socket. This is available since win2k3+ [1]. The automatic client join & configuration daemon "realmd" makes use of this ability. Realmd can now be used to join a computer to a samba 4 domain. (See also: https://lists.samba.org/archive/samba-technical/2013-October/095606.html) Tested with: ldapsearch -h samba-srv -x -b '' -s base "(&(NtVer=\06\00\00\00)(AAC=\00\00\00\00))" NetLogon And compared the result in wireshark with cldap request issued by examples/misc/cldap.pl. [1]: http://wiki.wireshark.org/MS-CLDAP?action=recall&rev=8 Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
* auth/gensec: treat struct gensec_security_ops as const if possible.Stefan Metzmacher2013-08-101-2/+2
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/gensec: introduce gensec_internal.hStefan Metzmacher2013-08-101-0/+1
| | | | | | | | | | We should treat most gensec related structures private. It's a long way, but this is a start. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* Fix debug print warning message.Jeremy Allison2012-07-241-1/+3
|
* dsdb-schema: do not reload more often than schema_reload_intervalMatthieu Patou2012-06-221-2/+23
| | | | | | | | | | | | | Samba 4 use to try to reload the schema every time dsdb_get_schema was called (which could be 20+ time per ldb request). Now we only reload at most every xx seconds (xx being the value of dsdb:"schema_reload_interval" or 120). The timestamp of the last reloaded schema is kept in the dsdb_schema object. There is also a timestamp in the ldb_context, that is used by the LDAP server to know if it has to reload the schema after handling the request. This is used to allow that the schema will be immediately reload after a schemaUpdateNow request has been issued, the reload can't occur in the handling of the LDAP request itself because we have a transaction autostarted.
* s4:ldap_backend.c/"map_ldb_error" - handle errors similar to "PyErr_SetLdbError"Matthias Dieter Wallnöfer2011-10-111-6/+2
| | | | | | | | | | If the call was done using an error string ("add_err_string"), then use that one without an additional "ldb_strerror()" for the definitive LDAP output. Otherwise generate one using "ldb_strerror()". This omits redundancies in the error string generation (twice the same information by "ldb_strerror()"). Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s4-ldap-server: disallow all modifies on global catalog portAndrew Tridgell2011-10-041-0/+20
|
* s4-ldap-server: set the NO_GLOBAL_CATALOG control on non-GC operationsAndrew Tridgell2011-09-221-0/+2
| | | | this makes us honor GC semantics on the two ldap ports
* s4:LDAP server - remove validation checks of input DNsMatthias Dieter Wallnöfer2011-03-041-23/+8
| | | | | | | We should rather try to let the LDB modules perform these checks otherwise different backends behaviour differently. Reviewed by: Tridge
* ldb: use #include <ldb.h> for ldbAndrew Tridgell2011-02-101-2/+2
| | | | | | | | thi ensures we are using the header corresponding to the version of ldb we're linking against. Otherwise we could use the system ldb for link and the in-tree one for include Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4:ldap_server: don't call ldb_req_mark_untrusted() on the privileged ldapi ↵Stefan Metzmacher2010-12-131-5/+15
| | | | | | socket metze
* s4:ldap_server: rename helper functions to ldapsrv_ prefix and pass ldapsrv_callStefan Metzmacher2010-12-131-15/+19
| | | | metze
* s4-ldb: Changes the aclread module to use LDB_HANDLE_FLAG_UNTRUSTED to ↵Nadezhda Ivanova2010-10-271-1/+0
| | | | | | | | | | | determine the source of the request The aclread module used to use a control to make sure the request comes from the ldap server, but now the rootdse filters out any unregistered controls comming from ldap, so the control is lost. Using the LDB_HANDLE_FLAG_UNTRUSTED is a much more elegant solution. Autobuild-User: Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date: Wed Oct 27 11:55:11 UTC 2010 on sn-devel-104
* s4-ldap: mark all ldap:// requests as untrustedAndrew Tridgell2010-10-191-0/+21
| | | | | | this allows the rootdse module to filter unregistered controls Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4:ldap_server - use error code constantMatthias Dieter Wallnöfer2010-10-181-1/+1
| | | | | Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Mon Oct 18 20:32:40 UTC 2010 on sn-devel-104
* samdb: Add flags argument to samdb_connect().Jelmer Vernooij2010-10-101-3/+1
|
* s4-ldap: Added a control to apply the access checks on read via LDAPNadezhda Ivanova2010-09-261-0/+1
|
* s4-ldapserver: support controls on ldap add and renameAndrew Tridgell2010-08-171-10/+12
| | | | | | we need to pass the controls down to the add and rename ldb operations Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4:ldap_backend.c - Windows returns WERROR codes in majuscule HEX formatMatthias Dieter Wallnöfer2010-08-151-1/+1
|
* s4:ldap_backend.c - map error codes - add a change which allows custom ↵Matthias Dieter Wallnöfer2010-08-151-0/+13
| | | | | | | | | | WERROR codes This is strictly needed by my recent passwords work, since I want to remove most of the password change stuff in "samr_password.c". Since AD gives us CONSTRAINT_VIOLATION on all change problems I cannot distinguish on the SAMR level which the real cause was about. Therefore I need the extended WERROR codes here.
* s4:ldap_backend.c - fix a DS error code after WERROR changeMatthias Dieter Wallnöfer2010-08-141-1/+1
|
* s4-loadparm: 2nd half of lp_ to lpcfg_ conversionAndrew Tridgell2010-07-161-3/+3
| | | | | | | this converts all callers that use the Samba4 loadparm lp_ calling convention to use the lpcfg_ prefix. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s4-dsdb: fixed use after free of sasl mechanisms opaqueAndrew Tridgell2010-07-021-0/+6
| | | | | | | the supportedSASLMechanisms opaque must live for at least as long as the ldb, or we can crash when the first connection is torn down Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-dsdb: fixed spelling of supportedSASLMechanismsAndrew Tridgell2010-07-021-1/+1
| | | | Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4:ldap_backend.c - now also the LDAP server supports controls on delete ↵Matthias Dieter Wallnöfer2010-06-201-5/+7
| | | | operations
* s4:ldap_backend.c - move function "ldb_mod_req_with_controls" to a better ↵Matthias Dieter Wallnöfer2010-06-201-51/+52
| | | | | | place in the code Under the "add" and over the "delete" function.
* s4:ldap_backend.c - add some newlines to make logs easier to readMatthias Dieter Wallnöfer2010-06-201-5/+5
|
* s4:ldap_backend.c - more customisations to match Windows Server error ↵Matthias Dieter Wallnöfer2010-06-191-13/+16
| | | | behaviour on renames
* s4:ldap_backend.c - fix crash bugs when we got in error situations with ↵Matthias Dieter Wallnöfer2010-06-181-5/+4
| | | | "res" still set to "NULL"
* s4:ldap_backend.c - fix a small error (use "ModifyResponse" rather than ↵Matthias Dieter Wallnöfer2010-06-181-1/+1
| | | | "AddResponse")
* s4:lib: merge LDB_WRAP and LDBSAMBA and make LDBSAMBA a library.Stefan Metzmacher2010-06-161-1/+1
| | | | | | | | | This is needed to remove samba specifc symbols from the bundled ldb, in order to get the ABI right. metze Signed-off-by: Andreas Schneider <asn@samba.org>
* s4:ldap_server/ldap_backend.c - send back also the extended error message if ↵Matthias Dieter Wallnöfer2010-06-061-18/+39
| | | | | | it exists This message often contains suggestions how to fix issues.
* s4:libcli/ldap Rename ldap.h to libcli_ldap.hAndrew Bartlett2010-05-211-1/+0
| | | | | | | It is a problem if a samba header is called ldap.h if we also want to use OpenLDAP's ldap.h Andrew Bartlett
* s4/rodc: Support read-only databaseAnatoliy Atanasov2010-05-041-20/+174
| | | | | | Check on modify if we are RODC and return referral. On the ldap backend side now we pass context and ldb_modify_default_callback to propagate the referral error to the client.
* s4:ldap_server - make it "signed-safe"Matthias Dieter Wallnöfer2010-02-251-5/+5
| | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s4:LDAP server - Enable support for returning referrals through itMatthias Dieter Wallnöfer2010-02-251-0/+22
| | | | | | | This is needed for my work regarding the referrals when the domain scope control isn't specified. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* Added freeing a successful req so it doesnt croud the ldb contextNadezhda Ivanova2009-12-181-2/+4
|
* Removed ldb_modify_ctrl from ldb, implemented as a static in ldap_backend.Nadezhda Ivanova2009-12-151-1/+43
|
* Some changes to allow processing of ldap controls on modify requests.Nadezhda Ivanova2009-11-201-1/+1
| | | | | ldap_backend used to filter out ldap controls on modify. Also, modified python binding for ldap_modify to allow writing tests for such controls.
* s4-dsdb: add a static samdb_credentialsAndrew Tridgell2009-10-231-2/+2
| | | | | Similarly to system_session(), this creates a static samdb_credentials()
* s4:ldap server - remove unused error handlingsMatthias Dieter Wallnöfer2009-10-081-35/+0
| | | | | Those error cases should be handled by LDB itself to be available on all connection methods and not only over LDAP.
* s4:LDB/LDAP - Re-allow renamesMatthias Dieter Wallnöfer2009-10-021-1/+1
| | | | | | The main problem is that the "rdn_name" module launches on a rename request also a modification one with the "special attributes" which can't be changed directly. An introduced flag helps to bypass the restriction.
* s4:ldap_server Ensure we don't segfault when sent a NULL new RDNAndrew Bartlett2009-10-021-4/+7
| | | | | | | The Microsoft testsuite tried to rename cn=administrator,cn=users,... into "",cn=users... which didn't go so well. Andrew Bartlett
* s4-ldap: fixed spellingAndrew Tridgell2009-09-281-1/+1
|
* gensec: Avoid exposing lp_ctx on the API level.Jelmer Vernooij2009-09-261-1/+1
|
* s4:ldap_server Correct removal of talloc_steal()Andrew Bartlett2009-08-141-1/+0
| | | | | | | | This corrects commit 7a82aed71b74af8bc2a8a4381541adbb22452d20. The steal did not set ent->attributes, so it was incorrect to assign to ent->attributes. Andrew Bartlett
* s4:ldap_server Remove another talloc_steal (with references)Andrew Bartlett2009-08-141-1/+1
| | | | | | | | This talloc_steal also conflicts with the ldb_map code, and like the previous commit, is rudundent given the talloc_steal of the whole msg above. Andrew Bartlett
* s4:ldap_server Don't talloc_steal (with references) in ldap_backendAndrew Bartlett2009-08-141-1/+1
| | | | | | | | There may or may not be a need to take a reference to the 'name' in the ldb_map code, but given we seal the whole msg just above here, it makes no senst to steal the name, but not the values. Andrew Bartlett
generated by cgit (git 2.34.1) at 2025-06-14 11:14:43 +0000