summaryrefslogtreecommitdiffstats
path: root/source4/ldap_server/ldap_server.c
Commit message (Collapse)AuthorAgeFilesLines
* lib: directory_create_or_exist() does not use "uid" parameterVolker Lendecke2014-07-281-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3/s4: smbd, rpc, ldap, cldap, kdc services.Jeremy Allison2014-06-071-1/+7
| | | | | | | | | | | | | | Allow us to start if we bind to *either* :: or 0.0.0.0. Allows us to cope with systems configured as only IPv4 or only IPv6. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-By: Amitay Isaacs <amitay@gmail.com> Reviewed-By: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Jun 7 01:01:44 CEST 2014 on sn-devel-104
* s4:lib/socket: simplify iface_list_wildcard() and its callersStefan Metzmacher2014-03-071-2/+2
| | | | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10464 Signed-off-by: Stefan Metzmacher <metze@samba.org> Change-Id: Ib317d71dea01fc8ef6b6a26455f15a8a175d59f6 Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Mar 7 02:18:17 CET 2014 on sn-devel-104
* s4:ldap_server: call irpc_add_name() at startup (bug #9905)Stefan Metzmacher2013-06-131-0/+3
| | | | | | | We should call irpc_add_name() when we start the ldap_server task. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* ldap-server: sscanf result was never used to mistyped varMatthieu Patou2012-10-071-2/+1
|
* ldap-server: remove warning for the ret not being usedMatthieu Patou2012-10-071-2/+1
|
* lib/param: Create a seperate server role for "active directory domain ↵Andrew Bartlett2012-06-151-1/+1
| | | | | | | | | | | | | | | controller" This will allow us to detect from the smb.conf if this is a Samba4 AD DC which will allow smarter handling of (for example) accidentially starting smbd rather than samba. To cope with upgrades from existing Samba4 installs, 'domain controller' is a synonym of 'active directory domain controller' and new parameters 'classic primary domain controller' and 'classic backup domain controller' are added. Andrew Bartlett
* s4:ldap_server: fix typo in DEBUG() messageStefan Metzmacher2012-04-031-1/+1
| | | | metze
* s4-ldap_server: Fix segfault on startup failure of ldap serverAndrew Bartlett2011-09-271-2/+2
|
* Use tevent_req_oomVolker Lendecke2011-06-201-1/+1
| | | | This fixes a few Coverity errors
* s4-ipv6: update callers to load_interface_list()Andrew Tridgell2011-06-061-1/+1
|
* s4-ipv6: use "ip" instead of "ipv4" for serversAndrew Tridgell2011-06-061-4/+4
| | | | | this allows stream_setup_socket() to work with both v4 and v6 addresses
* s4-ipv6: use iface_list_wildcard() to listen on IPv6Andrew Tridgell2011-06-061-3/+12
| | | | | when we need to listen on a wildcard address, we now listen on a list of sockets, usually 0.0.0.0 and ::
* s4-interfaces Rename interfaces code so not to conflict with source3/Andrew Bartlett2011-05-081-3/+3
| | | | | | | | | The iface_count, iface_n_bcast, and load_interfaces functions conflicted with functions of the same name in source3, so the source4 functions were renamed. Hopefully we can actually wrap one around the other in future. Andrew Bartlett
* s4-param Rename private_path() -> lpcfg_private_path()Andrew Bartlett2011-04-291-2/+2
| | | | | | This is consistent with lock_path() Andrew Bartlett
* s4/ldb - remove now superflous "ldb_dn_validate" checksMatthias Dieter Wallnöfer2011-03-041-1/+1
| | | | | | | If we immediately afterwards perform an LDB base operation then we don't need an explicit "ldb_dn_validate" check anymore (only OOM makes sense). Reviewed by: Tridge
* ldb: use #include <ldb.h> for ldbAndrew Tridgell2011-02-101-2/+2
| | | | | | | | thi ensures we are using the header corresponding to the version of ldb we're linking against. Otherwise we could use the system ldb for link and the in-tree one for include Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* Added SSL global catalogWilliam Brown2011-02-011-3/+18
| | | | | | | | Reviewed-by: Andrew Bartlett Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Tue Feb 1 20:05:39 CET 2011 on sn-devel-104
* s4:ldap_server: don't call ldb_req_mark_untrusted() on the privileged ldapi ↵Stefan Metzmacher2010-12-131-3/+5
| | | | | | socket metze
* s4-ldap: removed an incorrect talloc_move()Andrew Tridgell2010-12-011-1/+1
| | | | | | | | | | | | | | the parent of this session_info is either the stream_connection, or its a system_session(). In either case reparenting it on the ldapsrv_connection doesn't achieve anything that I can see. The move was causing a steal on reference error because the session_info often has multiple references. Thanks to Metze for spotting this. Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Wed Dec 1 22:10:42 CET 2010 on sn-devel-104
* s4-server: make server sockets a child of the task contextAndrew Tridgell2010-11-151-8/+10
| | | | | | | | | | | | We previously allocated sockets as direct children of the event context. That led to crashes if a service called task_server_terminate(), as it left the socket open and handling events for a dead protocol. Making them a child of the task allows the task to terminate and take all its sockets with it. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-ldap_server Don't DEBUG() at level 2 every time a caller disconnectsAndrew Bartlett2010-11-051-3/+0
| | | | | Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Fri Nov 5 00:12:37 UTC 2010 on sn-devel-104
* s4-smbd: don't initialise process models more than onceAndrew Tridgell2010-10-301-1/+1
| | | | | | | | | this also removes the event_context parameter from process model initialisation. It isn't needed, and is confusing when a process model init can be called from more than one place, possibly with different event contexts. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* samdb: Add flags argument to samdb_connect().Jelmer Vernooij2010-10-101-1/+1
|
* s4:ldap_server: rewrite to socket layer to use tstreamStefan Metzmacher2010-10-081-240/+522
| | | | | | | | | | This should make our sasl and tls handling much more robust against partial sent pdus. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Fri Oct 8 11:55:26 UTC 2010 on sn-devel-104
* Revert "s4:ldap_server: rewrite to socket layer to use tstream"Stefan Metzmacher2010-10-071-526/+240
| | | | | | | | | | | | | | This reverts commit b53fbc75acc525f2e2450370e704a62791271788. There are problems with problems with broken gnutls versions. We can readd this once we have the needed configure checks to detect the bug in gnutls. See https://bugzilla.samba.org/show_bug.cgi?id=7218. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Oct 7 10:31:18 UTC 2010 on sn-devel-104
* s4:ldap_server: rewrite to socket layer to use tstreamStefan Metzmacher2010-10-041-240/+526
| | | | | | | This should make our sasl and tls handling much more robust against partial sent pdus. metze
* s4-ldapserver: serialise ldap server operationsAndrew Tridgell2010-09-071-0/+53
| | | | | | | | | This ensures that two ldap server operations cannot happen in parallel by using packet_recv_disable() and packet_recv_enable() to disable other interfaces during ldap calls. This prevents problems caused by parallel ldap operations where transactions could overlap.
* s4-loadparm: 2nd half of lp_ to lpcfg_ conversionAndrew Tridgell2010-07-161-12/+12
| | | | | | | this converts all callers that use the Samba4 loadparm lp_ calling convention to use the lpcfg_ prefix. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s4:ldap_server: don't start if we can't bind to port 389Stefan Metzmacher2010-06-281-1/+4
| | | | metze
* s4:libcli/ldap Rename ldap.h to libcli_ldap.hAndrew Bartlett2010-05-211-1/+0
| | | | | | | It is a problem if a samba header is called ldap.h if we also want to use OpenLDAP's ldap.h Andrew Bartlett
* s4:auth Remove event context from anonymous_session()Andrew Bartlett2010-04-111-1/+1
| | | | | | | | This should always return a simple structure with no need to consult a DB, so remove the event context, and simplfy to call helper functions that don't look at privilages. Andrew Bartlett
* s4:ldap_server - make it "signed-safe"Matthias Dieter Wallnöfer2010-02-251-1/+2
| | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s4-samdb: reduce the number of samdb opens at startupAndrew Tridgell2009-10-251-4/+2
| | | | | Using common parameters means that the ldb_wrap code can return a reference rather than a new database
* s4-ldbwrap: added re-use of ldb contexts in ldb_wrap_connect()Andrew Tridgell2009-10-231-1/+1
| | | | | | | | | This allows us to reuse a ldb context if it is open twice, instead of going through the expensive process of a full ldb open. We can reuse it if all of the parameters are the same. The change relies on callers using talloc_unlink() or free of a parent to close a ldb context.
* s4-dsdb: create a static system_session contextAndrew Tridgell2009-10-231-1/+1
| | | | | | This patch adds a system_session cache, preventing us from having to recreate it on every ldb open, and allowing us to detect when the same session is being used in ldb_wrap
* s4-server: kill main daemon if a task fails to initialiseAndrew Tridgell2009-09-181-4/+6
| | | | | | When one of our core tasks fails to initialise it can now ask for the server as a whole to die, rather than limping along in a degraded state.
* s4:ldap_server: make sure we shutdown the tls socket before ↵Stefan Metzmacher2009-08-051-0/+1
| | | | | | | | stream_terminate_connection() removes the fd event This fixes a crash bug where tls_destructor() relies on the fd event still being there. metze
* s4:ldap_server: the tls code steals the original socket on its own nowStefan Metzmacher2009-07-311-1/+2
| | | | metze
* Reenable the LDAPI socket for the merged buildVolker Lendecke2009-06-241-2/+0
| | | | | | | | | | | It seems that the samba4 part of the merged build does not pick up the DEVELOPER flag from the s3 configure. Jelmer, can you fix that properly? Thanks, Volker
* Allow developers access the the privilaged ldapi socket for the momentAndrew Bartlett2009-06-191-0/+4
| | | | This allows us some time to get the EXTERNAL bind working
* s4:ldapsrv Place the 'privilaged' ldapi socket under an #ifdefAndrew Bartlett2009-06-191-1/+11
| | | | | | | | This makes it clear to our users that this particular implementation isn't final (all parties are agreed that an EXTERNAL bind is the right way to do this, but it has not been implemented yet). Andrew Bartlett
* Allow access as SYSTEM on a privileged ldapi connectionVolker Lendecke2009-06-061-13/+83
| | | | | | | This patch creates ldap_priv/ as a subdirectory under the private dir with the appropriate permissions to only allow the same access as the privileged winbind socket allows. Connecting to ldap_priv/ldapi gives SYSTEM access to the ldap database.
* Fix some nonempty blank linesVolker Lendecke2009-05-291-11/+11
|
* libcli/ldap: move generic ldap control encoding code to ldap_message.cStefan Metzmacher2009-02-241-2/+2
| | | | | | | As they can we static there, we pass the specific handlers as parameter where we need to support controls. metze
* Worked around a problem with select/poll/epoll and gnutls Andrew Tridgell2009-02-181-0/+4
| | | | | | | | | | | | | | | | | | | Our packet layer relies on the event system reliably telling us when a packet is available. When we are using a socket layer like TLS then things get a bit trickier, as there may be bytes in the encryption buffer which could be read even if there are no bytes at the socket level. The GNUTLS library is supposed to prevent this happening by always leaving some data at the socket level when there is data to be processed in its buffers, but it seems that this is not always reliable. To work around this I have added a new packet option packet_set_unreliable_select() which tells the packet layer to not assume that the socket layer has a reliable select, and to instead keep trying to read from the socket until it gets back no data. This option is set for the ldap client and server when TLS is negotiated. This seems to fix the problems with the ldaps tests.
* s4:service_stream: s/private/private_dataStefan Metzmacher2009-02-021-4/+4
| | | | metze
* s4:ldap_server: s/private/private_dataStefan Metzmacher2009-02-021-8/+8
| | | | metze
* s4:lib/tevent: rename structsStefan Metzmacher2008-12-291-5/+5
| | | | | | | | | | | | | | | | | | | | list="" list="$list event_context:tevent_context" list="$list fd_event:tevent_fd" list="$list timed_event:tevent_timer" for s in $list; do o=`echo $s | cut -d ':' -f1` n=`echo $s | cut -d ':' -f2` r=`git grep "struct $o" |cut -d ':' -f1 |sort -u` files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4` for f in $files; do cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp mv $f.tmp $f done done metze
* Fix include paths to new location of libutil.Jelmer Vernooij2008-10-111-2/+2
|
generated by cgit (git 2.34.1) at 2025-06-14 11:25:25 +0000