| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
it exists
This message often contains suggestions how to fix issues.
|
| |
|
|
|
|
|
| |
It is a problem if a samba header is called ldap.h if we also want
to use OpenLDAP's ldap.h
Andrew Bartlett
|
| |
|
|
|
|
| |
Check on modify if we are RODC and return referral.
On the ldap backend side now we pass context and ldb_modify_default_callback
to propagate the referral error to the client.
|
| |
|
|
|
|
|
|
| |
This should always return a simple structure with no need to consult a
DB, so remove the event context, and simplfy to call helper functions
that don't look at privilages.
Andrew Bartlett
|
| |
|
|
| |
we won't be using the mk -> wscript generator again
|
| |
|
|
| |
them
|
| | |
|
| |
|
|
| |
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
| |
|
|
|
|
|
| |
This is needed for my work regarding the referrals when the domain scope control
isn't specified.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
| | |
|
| | |
|
| |
|
|
|
| |
ldap_backend used to filter out ldap controls on modify. Also, modified
python binding for ldap_modify to allow writing tests for such controls.
|
| |
|
|
|
| |
Using common parameters means that the ldb_wrap code can return a
reference rather than a new database
|
| |
|
|
|
|
|
|
|
| |
This allows us to reuse a ldb context if it is open twice, instead
of going through the expensive process of a full ldb open. We can
reuse it if all of the parameters are the same.
The change relies on callers using talloc_unlink() or free of a parent
to close a ldb context.
|
| |
|
|
|
| |
Similarly to system_session(), this creates a static
samdb_credentials()
|
| |
|
|
|
|
| |
This patch adds a system_session cache, preventing us from having to
recreate it on every ldb open, and allowing us to detect when the same
session is being used in ldb_wrap
|
| |
|
|
|
| |
Those error cases should be handled by LDB itself to be available on all
connection methods and not only over LDAP.
|
| |
|
|
|
|
| |
The main problem is that the "rdn_name" module launches on a rename request also
a modification one with the "special attributes" which can't be changed directly.
An introduced flag helps to bypass the restriction.
|
| |
|
|
|
|
|
| |
The Microsoft testsuite tried to rename
cn=administrator,cn=users,... into "",cn=users... which didn't go so well.
Andrew Bartlett
|
| | |
|
| | |
|
| |
|
|
|
|
| |
When one of our core tasks fails to initialise it can now ask for the
server as a whole to die, rather than limping along in a degraded
state.
|
| |
|
|
|
|
|
|
| |
This corrects commit 7a82aed71b74af8bc2a8a4381541adbb22452d20. The
steal did not set ent->attributes, so it was incorrect to assign to
ent->attributes.
Andrew Bartlett
|
| |
|
|
|
|
|
|
| |
This talloc_steal also conflicts with the ldb_map code, and like the
previous commit, is rudundent given the talloc_steal of the whole msg
above.
Andrew Bartlett
|
| |
|
|
|
|
|
|
| |
There may or may not be a need to take a reference to the 'name' in
the ldb_map code, but given we seal the whole msg just above here, it
makes no senst to steal the name, but not the values.
Andrew Bartlett
|
| |
|
|
|
|
|
|
| |
stream_terminate_connection() removes the fd event
This fixes a crash bug where tls_destructor() relies on the fd event still being there.
metze
|
| |
|
|
| |
Guenther
|
| |
|
|
|
|
|
| |
Those error messages also include the WERROR code of the failed operation(s) in this
manner: <error code eight chars in HEX>: <further error message>
This also addresses bug #4949
|
| |
|
|
| |
metze
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
It seems that the samba4 part of the merged build does not pick up the
DEVELOPER flag from the s3 configure.
Jelmer, can you fix that properly?
Thanks,
Volker
|
| |
|
|
| |
This allows us some time to get the EXTERNAL bind working
|
| |
|
|
|
|
|
|
| |
This makes it clear to our users that this particular implementation
isn't final (all parties are agreed that an EXTERNAL bind is the right
way to do this, but it has not been implemented yet).
Andrew Bartlett
|
| |
|
|
|
|
|
| |
This patch creates ldap_priv/ as a subdirectory under the private dir with the
appropriate permissions to only allow the same access as the privileged winbind
socket allows. Connecting to ldap_priv/ldapi gives SYSTEM access to the ldap
database.
|
| | |
|
| |
|
|
|
|
|
| |
As they can we static there, we pass the specific handlers as parameter
where we need to support controls.
metze
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Our packet layer relies on the event system reliably telling us when a
packet is available. When we are using a socket layer like TLS then
things get a bit trickier, as there may be bytes in the encryption
buffer which could be read even if there are no bytes at the socket
level. The GNUTLS library is supposed to prevent this happening by
always leaving some data at the socket level when there is data to be
processed in its buffers, but it seems that this is not always
reliable.
To work around this I have added a new packet option
packet_set_unreliable_select() which tells the packet layer to not
assume that the socket layer has a reliable select, and to instead
keep trying to read from the socket until it gets back no data. This
option is set for the ldap client and server when TLS is negotiated.
This seems to fix the problems with the ldaps tests.
|
| |
|
|
|
|
|
|
|
|
|
| |
When starting GENSEC on the server, the auth subsystem context must be
passed in, which now includes function pointers to the key elements.
This should (when the other dependencies are fixed up) allow GENSEC to
exist as a client or server library without bundling in too much of
our server code.
Andrew Bartlett
|
| |
|
|
| |
metze
|
| |
|
|
| |
metze
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
list=""
list="$list event_context:tevent_context"
list="$list fd_event:tevent_fd"
list="$list timed_event:tevent_timer"
for s in $list; do
o=`echo $s | cut -d ':' -f1`
n=`echo $s | cut -d ':' -f2`
r=`git grep "struct $o" |cut -d ':' -f1 |sort -u`
files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4`
for f in $files; do
cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp
mv $f.tmp $f
done
done
metze
|
| | |
|
| |
|
|
|
|
|
| |
This uses an early peek at the extended_dn_control (in the request) to see what output
format to use.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
| |
|
|
|
|
|
|
| |
There is no reason for these restrictions to be in the LDAP server -
they belong in the LDB layer. When accepting 'extended' or
'alternate' DNs we can't tell anyway.
Andrew Bartlett
|
| | |
|
| |
|
|
| |
should in the future only contain some settings required for gensec.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
ldap server suddenly dies.
We were creating a wrong talloc hierarchy, so the event.fde was not
freed automatically as expected. This in turn made the event system call
the ldap io handlers with a null packet structure, causing a segfault.
Fix also the ordering in ldap_connection_dead()
Thanks to Metze for the huge help in tracking down this one.
|
| |
|
|
|
|
|
|
| |
This reverts commit 05ea5e23cf4e70de0bd658b1c5c0ead133967091.
Conflicts:
source4/smbd/server.c
|
